-
Notifications
You must be signed in to change notification settings - Fork 13
/
azure-pipelines.yml
229 lines (228 loc) · 7.53 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
#Multi-configuration and multi-agent job options are not exported to YAML. Configure these options using documentation guidance: https://docs.microsoft.com/vsts/pipelines/process/phases
trigger:
- main
pr:
- main
stages:
- stage: PythonTests
displayName: Python tests and linting tools
variables:
# This is run explicity so does not need to be auto-injected
skipComponentGovernanceDetection: true
jobs:
- job: InstallAndTestPackage
strategy:
matrix:
linux:
imageName: "ubuntu-latest"
mac:
imageName: "macos-latest"
windows:
imageName: "windows-latest"
maxParallel: 3
pool:
vmImage: $(imageName)
variables:
python.version: '3.8'
steps:
# Add an alias for Windows python=>python3
- script: alias python='python3' pip='pip3'
condition: in(variables['imageName'], 'ubuntu-latest', 'macos-latest')
- task: UsePythonVersion@0
displayName: 'Use Python $(python.version)'
inputs:
versionSpec: '$(python.version)'
- script: |
pip install --upgrade pip wheel
pip install -e .
displayName: 'Install package and dependencies'
- script: |
echo Using $MSTICPYCONFIG or %MSTICPYCONFIG%
pip install --upgrade pytest pytest-azurepipelines
pip install --upgrade pytest-cov pytest-check respx
# need these two packages for tests
pip install matplotlib scikit-learn
pytest tests --junitxml=junit/test-results.xml --cov=msticnb --cov-report=xml
continueOnError: true
condition: succeededOrFailed()
displayName: pytest
env:
MSTICPYCONFIG: $(Build.SourcesDirectory)/tests/msticpyconfig-test.yaml
MAXMIND_AUTH: $(maxmind_auth)
IPSTACK_AUTH: $(ipstack_auth)
MSTICPY_TEST_NOSKIP: 1
- script: |
pip install --upgrade black
black -t py36 --check --exclude venv .
displayName: Black
continueOnError: true
condition: succeededOrFailed()
- script: |
pip install --upgrade pylint==2.16.1 pylint_junit
pylint msticnb --disable=bad-continuation --disable=duplicate-code --disable=E1135,E1101,E1133 --output-format=pylint_junit.JUnitReporter
displayName: Pylint
continueOnError: true
condition: succeededOrFailed()
- script: |
pip install --upgrade bandit
bandit -x tests -r -s B303,B404,B603,B607 msticnb
displayName: bandit
continueOnError: true
condition: succeededOrFailed()
- script: |
pip install --upgrade flake8
flake8 --max-line-length=90 --exclude=tests* . --ignore=E501,W503
displayName: flake8
continueOnError: true
condition: succeededOrFailed()
- script: |
pip install mypy lxml
mypy --junit-xml junit/mypy-test-results.xml msticnb
displayName: mypy
continueOnError: true
condition: succeededOrFailed()
env:
tools_dir: ${AGENT_TOOLSDIRECTORY}
- script: |
#export MYPYPATH=$tools_dir/Python/3.6.10/x64/Lib/site-packages
pip install prospector[with_everything]
prospector --ignore-paths tests
displayName: prospector
continueOnError: true
condition: succeededOrFailed()
env:
tools_dir: ${AGENT_TOOLSDIRECTORY}
- task: PublishTestResults@2
displayName: 'Publish Test Results'
inputs:
testResultsFiles: '**/*-results.xml'
testRunTitle: 'Python $(python.version)'
- task: PublishCodeCoverageResults@1
displayName: 'Publish code coverage'
inputs:
codeCoverageTool: Cobertura
summaryFileLocation: '$(System.DefaultWorkingDirectory)/coverage.xml'
reportDirectory: '$(System.DefaultWorkingDirectory)/htmlcov'
- stage: PipelineTests
# Pipeline
displayName: Azure pipeline, security and component governance tools
dependsOn:
- PythonTests
condition: succeeded('PythonTests')
variables:
# This is run explicitly, so does not need to be auto-injected
skipComponentGovernanceDetection: true
jobs:
- job: SecurityTests1
# Credscan must be run on Windows
pool:
vmImage: windows-latest
variables:
python.version: '3.10'
steps:
- task: CredScan@2
displayName: 'Run CredScan'
inputs:
toolMajorVersion: V2
debugMode: false
continueOnError: true
condition: succeededOrFailed()
- task: AutoApplicability@1
inputs:
ExternalRelease: true
displayName: 'Run AutoApplicability'
- task: PoliCheck@1
displayName: 'Run PoliCheck'
inputs:
targetType: F
- task: VulnerabilityAssessment@0
displayName: 'Run Vulnerability Assessment'
- task: ComponentGovernanceComponentDetection@0
inputs:
scanType: 'Register'
verbosity: 'Verbose'
alertWarningLevel: 'High'
displayName: 'Component Detection'
- task: AntiMalware@3
inputs:
InputType: 'Basic'
ScanType: 'CustomScan'
FileDirPath: '$(Build.StagingDirectory)'
EnableServices: true
SupportLogOnError: false
TreatSignatureUpdateFailureAs: 'Warning'
SignatureFreshness: 'UpToDate'
TreatStaleSignatureAs: 'Error'
continueOnError: true
condition: succeededOrFailed()
- task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@1
displayName: 'Create Security Analysis Report'
inputs:
CredScan: true
PoliCheck: true
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
displayName: 'Publish Security Analysis Logs'
inputs:
AllTools: false
AntiMalware: true
APIScan: false
BinSkim: false
CodesignValidation: false
FortifySCA: false
FxCop: false
ModernCop: false
MSRD: false
RoslynAnalyzers: false
SDLNativeRules: false
Semmle: false
TSLint: false
WebScout: false
- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
displayName: 'Post Analysis'
inputs:
CredScan: true
- job: SecurityTests2
# OWASP tool must be run on Windows
pool:
vmImage: windows-latest
variables:
python.version: '3.6'
steps:
- task: dependency-check-build-task@5
displayName: 'OWASP Dependency Check'
inputs:
projectName: msticpy
scanPath: '$(Build.SourcesDirectory)'
format: 'JUNIT'
suppressionPath: '$(Build.SourcesDirectory)'
continueOnError: true
condition: succeededOrFailed()
- task: PublishTestResults@2
displayName: 'Publish Test Results'
inputs:
testResultsFiles: '**/*-results.xml'
testRunTitle: 'Python $(python.version)'
- stage: CreatePythonPackage
displayName: Create msticpnb distribution package and publish msticnb artifact
variables:
# This is run explicity so does not need to be auto-injected
skipComponentGovernanceDetection: true
dependsOn:
- PipelineTests
condition: succeeded('PipelineTests')
jobs:
- job: CreateDistPackage
pool:
vmImage: windows-latest
variables:
python.version: '3.8'
steps:
- script: 'pip install --upgrade setuptools wheel'
displayName: 'Install setuptools'
- script: 'python setup.py sdist bdist_wheel'
displayName: 'Build sdist and wheel'
- task: PublishBuildArtifacts@1
displayName: 'Publish Artifact: msticnb'
inputs:
PathtoPublish: dist
ArtifactName: msticnb