-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathazure-pipelines.yml
More file actions
54 lines (44 loc) · 1.48 KB
/
azure-pipelines.yml
File metadata and controls
54 lines (44 loc) · 1.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# Azure Pipeline for Component Governance
# This pipeline is required for Microsoft open source projects to ensure component compliance
# See: https://docs.opensource.microsoft.com/using/#requirements-for-using-open-source
trigger:
- main
- develop
pool:
vmImage: 'ubuntu-22.04'
variables:
# Disable telemetry for privacy compliance
DOTNET_CLI_TELEMETRY_OPTOUT: 'true'
POWERSHELL_TELEMETRY_OPTOUT: 'true'
steps:
- task: NodeTool@0
displayName: 'Install Node.js'
inputs:
versionSpec: '20.x'
# Component Detection is automatically injected by Microsoft's Azure DevOps organization
# This step ensures Component Governance registration for all dependencies
- task: ComponentGovernanceComponentDetection@0
displayName: 'Component Detection'
inputs:
scanType: 'Register'
verbosity: 'Verbose'
alertWarningLevel: 'High'
failOnAlert: false # Set to true after resolving initial alerts
# Optional: Run additional security checks
- script: npm ci
displayName: 'Install dependencies'
- script: npm run security:audit
displayName: 'Security audit'
continueOnError: true
- script: npm run license:check
displayName: 'License compliance check'
# Build and test to ensure package is functional
- script: npm run compile
displayName: 'Compile TypeScript'
# Archive Component Governance results
- task: PublishBuildArtifacts@1
displayName: 'Publish CG results'
inputs:
PathtoPublish: '$(Agent.BuildDirectory)'
ArtifactName: 'ComponentGovernance'
condition: always()