Endjin.RecommendedPractices.Build

0.2.12

tasks/analysis.tasks.ps1

                                $hadesVersion = "0.9.2"

# Defaults for publishing-related variables

$AnalysisOutputStorageAccountName = ""

$AnalysisOutputContainerName = ""

$AnalysisOutputBlobPath = ""

$AnalysisOutputSasToken = ""

task InstallHadesTool {

    Install-DotNetTool -Name hades -Version $hadesVersion

}

task RunHades -If { $SolutionToBuild } Version,InstallHadesTool, {

    $baseOutputName = [IO.Path]::GetFileNameWithoutExtension($SolutionToBuild)

    # Ensure we have a fully-qualified path, as this will be needed when uploading on build server

    $script:hadesXmlOutputFile = Join-Path $here ("/{0}.sbom.xml" -f $baseOutputName)

    $hadesHtmlReportFile = $hadesXmlOutputFile.Replace(".sbom.xml",".sbom.html")

    Write-Verbose "hadesHtmlReportFile: $hadesHtmlReportFile"

    Write-Verbose "hadesXmlOutputFile: $hadesXmlOutputFile"

    exec {

        & dotnet-hades $SolutionToBuild `

                    -v $script:GitVersion.SemVer `

                    --output $hadesXmlOutputFile `

                    --report $hadesHtmlReportFile

    }

    if ($IsAzureDevops) {

        Write-Host "##vso[task.setvariable variable=SbomHtmlReportPath;isoutput=true]$hadesHtmlReportFile"

        Write-Host "##vso[artifact.upload artifactname=SBOM]$hadesHtmlReportFile"

        Write-Host "##vso[artifact.upload artifactname=SBOM]$hadesXmlOutputFile"

    }

}

task PublishHadesOutputToStorage -If { $SolutionToBuild } RunHades, {

    if ( (Test-Path $hadesXmlOutputFile) -and `

            $AnalysisOutputStorageAccountName -and `

            $AnalysisOutputSasToken -and `

            $AnalysisOutputContainerName -and `

            $AnalysisOutputBlobPath) {

        $hadesXmlOutputFilename = (Split-Path -Leaf $hadesXmlOutputFile)

        $filename = "{0}-{1}.xml" -f [IO.Path]::GetFileNameWithoutExtension($hadesXmlOutputFilename),

                                     ([DateTime]::Now).ToString('yyyyMMddHHmmssfff')

        Write-Information @"

Publishing storage account:

    Source File: $hadesXmlOutputFile

    Account: $AnalysisOutputStorageAccountName

    Blob Path: "$AnalysisOutputContainerName/$AnalysisOutputBlobPath/$filename"

"@

        $uri = "https://{0}.blob.core.windows.net/{1}/{2}/{3}?{4}" -f $AnalysisOutputStorageAccountName,

                                                                    $AnalysisOutputContainerName,

                                                                    $AnalysisOutputBlobPath,

                                                                    $filename,

                                                                    $AnalysisOutputSasToken.TrimStart("?")

        $headers = @{

            "x-ms-date" = [System.DateTime]::UtcNow.ToString("R")

            "x-ms-blob-type" = "BlockBlob"

        }

        Invoke-RestMethod -Headers $headers `

                          -Uri $uri `

                          -Method PUT `

                          -Body (Get-Content -Raw $hadesXmlOutputFile) `

                          -Verbose:$false | Out-Null

        Write-Information "Hades XML output published to storage account"

    }

    else {

        Write-Information "Publishing of Hades output skipped, due to absent configuration"

    }

}