add back the nuget security analysis for OSSBuild

2025-08-21 05:43:10 -07:00 · 2023-10-27 14:04:04 +08:00 · 2023-10-27 14:04:04 +08:00 · 74480216b0
commit 74480216b0
parent 5922880e1b
2 changed files with 9 additions and 0 deletions
--- a/build/pipelines/azure-pipelines.ci.yaml
+++ b/build/pipelines/azure-pipelines.ci.yaml
@ -40,21 +40,25 @@ extends:
      - template: /build/pipelines/templates/build-single-architecture.yaml@self
        parameters:
          platform: x64
+          isOSSBuild: true

      - template: /build/pipelines/templates/build-single-architecture.yaml@self
        parameters:
          platform: x86
          condition: not(eq(variables['Build.Reason'], 'PullRequest'))
+          isOSSBuild: true

      - template: /build/pipelines/templates/build-single-architecture.yaml@self
        parameters:
          platform: ARM
          condition: not(eq(variables['Build.Reason'], 'PullRequest'))
+          isOSSBuild: true

      - template: /build/pipelines/templates/build-single-architecture.yaml@self
        parameters:
          platform: ARM64
          condition: not(eq(variables['Build.Reason'], 'PullRequest'))
+          isOSSBuild: true

      - template: /build/pipelines/templates/run-ui-tests.yaml@self
        parameters:
--- a/build/pipelines/templates/build-single-architecture.yaml
+++ b/build/pipelines/templates/build-single-architecture.yaml
@ -2,6 +2,7 @@

 parameters:
  isReleaseBuild: false
+  isOSSBuild: false
  useReleaseAppxManifest: false
  platform: ''
  condition: ''
@ -42,6 +43,10 @@ jobs:
  - checkout: self
    fetchDepth: 1

+  - ${{ if eq(parameters.isOSSBuild, true) }}:
+    - task: nuget-security-analysis@0
+      displayName: Secure Supply Chain Analysis
+
  - ${{ if eq(parameters.isReleaseBuild, true) }}:
    - task: UniversalPackages@0
      displayName: Download internals package