-
Notifications
You must be signed in to change notification settings - Fork 2
/
azure-pipelines.yml
63 lines (53 loc) · 2.1 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# Starter pipeline
variables:
COVERITY_TOOL_HOME: $(Agent.BuildDirectory)/cov-analysis
MAVEN_CACHE_FOLDER: $(Pipeline.Workspace)/.m2/repository
MAVEN_OPTS: '-Dmaven.repo.local=$(MAVEN_CACHE_FOLDER)'
trigger:
- none
pr:
- master
pool:
vmImage: 'ubuntu-latest'
steps:
# Copy and install Coverity analysis package
- script: |
cd $(Agent.BuildDirectory)
curl -s -L --user $(COVERITY_USER):$(COVERITY_AUTHKEY) -o license.dat $(COVERITY_URL)/downloadFile.htm?fn=license.dat
curl -s -L --user $(COVERITY_USER):$(COVERITY_AUTHKEY) $(COVERITY_URL)/downloadFile.htm?fn=cov-analysis-linux64-2021.06.tar.gz | tar -xvzf -
mv cov-analysis-linux64-2021.06 cov-analysis
cp license.dat ./cov-analysis/bin
displayName: 'Install Coverity'
# Configure Coverity
- script: $(COVERITY_TOOL_HOME)/bin/cov-configure --java
displayName: 'Configure Coverity'
# Cache Maven local repo to speed things up
- task: Cache@2
inputs:
key: 'maven | "$(Agent.OS)" | **/pom.xml'
restoreKeys: |
maven | "$(Agent.OS)"
maven
path: $(MAVEN_CACHE_FOLDER)
displayName: Cache Maven local repo
# Coverity scan
- task: synopsys-coverity@1
inputs:
coverityService: 'coverity-vm'
projectName: 'Azure Commons Fileupload'
streamName: 'az-commons-fileupload'
checkIssues: true
issueView: 'Outstanding High Security Risks'
issueStatus: 'unstable'
coverityBuildDirectory: '$(Build.Repository.LocalPath)'
coverityAnalysisType: 'incremental'
buildCommand: 'mvn -Drat.skip=true -DskipTests=true package'
customCommandArgs: true
covAnalyzeArgs: '--all --webapp-security --webapp-security-aggressiveness-level high --enable-audit-mode'
allowUntrusted: true
# Black Duck scan
#- script: bash <(curl -s -L https://detect.synopsys.com/detect.sh) --blackduck.url=$(BLACKDUCK_URL) --blackduck.api.token=$(BLACKDUCK_AUTHKEY) --detect.tools=DETECTOR --detect.policy.check.fail.on.severities=CRITICAL
# displayName: 'Black Duck Detect'
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml