Revert "Update Guardian to latest (dotnet#10065)" (dotnet#10115)

garath · web-flow · commit 3535001b78ef · 2022-07-21T18:07:18.000Z
This broke in main. This reverts commit 3439b16.
diff --git a/eng/common/sdl/sdl.ps1 b/eng/common/sdl/sdl.ps1
diff --git a/eng/common/templates/job/execute-sdl.yml b/eng/common/templates/job/execute-sdl.yml
@@ -37,6 +37,12 @@ jobs:
   condition: eq( ${{ parameters.enable }}, 'true')
   variables:
     - group: DotNet-VSTS-Bot
+    - name: AzDOProjectName
+      value: ${{ parameters.AzDOProjectName }}
+    - name: AzDOPipelineId
+      value: ${{ parameters.AzDOPipelineId }}
+    - name: AzDOBuildId
+      value: ${{ parameters.AzDOBuildId }}
     - template: /eng/common/templates/variables/sdl-variables.yml
     - name: GuardianVersion
       value: ${{ coalesce(parameters.overrideGuardianVersion, '$(DefaultGuardianVersion)') }}
diff --git a/eng/common/templates/post-build/post-build.yml b/eng/common/templates/post-build/post-build.yml
@@ -236,9 +236,9 @@ stages:
       parameters:
         enable: ${{ parameters.SDLValidationParameters.enable }}
         additionalParameters: ${{ parameters.SDLValidationParameters.params }}
-        sdlContinueOnError: ${{ parameters.SDLValidationParameters.continueOnError }}
+        continueOnError: ${{ parameters.SDLValidationParameters.continueOnError }}
         artifactNames: ${{ parameters.SDLValidationParameters.artifactNames }}
-        downloadArtifacts: ${{ coalesce(parameters.SDLValidationParameters.downloadArtifacts, 'false') }}
+        downloadArtifacts: ${{ parameters.SDLValidationParameters.downloadArtifacts }}
 
 - ${{ if ne(parameters.publishAssetsImmediately, 'true') }}:
   - stage: publish_using_darc
diff --git a/eng/common/templates/steps/execute-codeql.yml b/eng/common/templates/steps/execute-codeql.yml
@@ -1,50 +1,24 @@
 parameters:
   # Language that should be analyzed. Defaults to csharp
-  - name: language
-    displayName: Analysis language
-    type: string
-    default: csharp
-  
+  language: csharp
   # Build Commands
-  - name: buildCommands
-    type: string
-    default: ''
-
-  # Optional: to override values for parameters.
-  - name: overrideParameters
-    type: string
-    default: ''
-
-  # Optional: parameters that need user specific values eg: '-SourceToolsList @("abc","def") -ArtifactToolsList @("ghi","jkl")'
-  - name: additionalParameters
-    type: string
-    default: ''
-
+  buildCommands: ''
+  overrideParameters: ''                                       # Optional: to override values for parameters.
+  additionalParameters: ''                                     # Optional: parameters that need user specific values eg: '-SourceToolsList @("abc","def") -ArtifactToolsList @("ghi","jkl")'
   # Optional: if specified, restore and use this version of Guardian instead of the default.
-  - name: overrideGuardianVersion
-    type: string
-    default: ''
-
+  overrideGuardianVersion: ''
   # Optional: if true, publish the '.gdn' folder as a pipeline artifact. This can help with in-depth
   # diagnosis of problems with specific tool configurations.
-  - name: publishGuardianDirectoryToPipeline
-    type: boolean
-    default: false
-
+  publishGuardianDirectoryToPipeline: false
   # The script to run to execute all SDL tools. Use this if you want to use a script to define SDL
   # parameters rather than relying on YAML. It may be better to use a local script, because you can
   # reproduce results locally without piecing together a command based on the YAML.
-  - name: executeAllSdlToolsScript
-    type: string
-    default: 'eng/common/sdl/execute-all-sdl-tools.ps1'
-  
+  executeAllSdlToolsScript: 'eng/common/sdl/execute-all-sdl-tools.ps1'
   # There is some sort of bug (has been reported) in Azure DevOps where if this parameter is named
   # 'continueOnError', the parameter value is not correctly picked up.
   # This can also be remedied by the caller (post-build.yml) if it does not use a nested parameter
   # optional: determines whether to continue the build if the step errors;
-  - name: sdlContinueOnError
-    type: boolean
-    default: false
+  sdlContinueOnError: false
 
 steps:
 - template: /eng/common/templates/steps/execute-sdl.yml
diff --git a/eng/common/templates/steps/execute-sdl.yml b/eng/common/templates/steps/execute-sdl.yml
@@ -8,27 +8,29 @@ parameters:
   condition: ''
 
 steps:
+- ${{ if ne(parameters.overrideGuardianVersion, '') }}:
+  - powershell: |
+      $content = Get-Content $(GuardianPackagesConfigFile)
 
-- task: NuGetAuthenticate@1
-  inputs:
-    nuGetServiceConnections: GuardianConnect
+      Write-Host "packages.config content was:`n$content"
 
-- task: NuGetToolInstaller@1
-  displayName: Install NuGet.exe
+      $content = $content.Replace('$(DefaultGuardianVersion)', '$(GuardianVersion)')
+      $content | Set-Content $(GuardianPackagesConfigFile)
 
-- ${{ if ne(parameters.overrideGuardianVersion, '') }}:
-  - pwsh: |
-      . $(Build.SourcesDirectory)\eng\common\sdl\sdl.ps1
-      $guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts -Version ${{ parameters.overrideGuardianVersion }}
-      Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
-    displayName: Install Guardian (Overridden)
+      Write-Host "packages.config content updated to:`n$content"
+    displayName: Use overridden Guardian version ${{ parameters.overrideGuardianVersion }}
 
-- ${{ if eq(parameters.overrideGuardianVersion, '') }}:
-  - pwsh: |
-      . $(Build.SourcesDirectory)\eng\common\sdl\sdl.ps1
-      $guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts
-      Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
-    displayName: Install Guardian
+- task: NuGetToolInstaller@1
+  displayName: 'Install NuGet.exe'
+  
+- task: NuGetCommand@2
+  displayName: 'Install Guardian'
+  inputs:
+    restoreSolution: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
+    feedsToUse: config
+    nugetConfigPath: $(Build.SourcesDirectory)\eng\common\sdl\NuGet.config
+    externalFeedCredentials: GuardianConnect
+    restoreDirectory: $(Build.SourcesDirectory)\.packages
 
 - ${{ if ne(parameters.overrideParameters, '') }}:
   - powershell: ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }}
@@ -38,7 +40,7 @@ steps:
 
 - ${{ if eq(parameters.overrideParameters, '') }}:
   - powershell: ${{ parameters.executeAllSdlToolsScript }}
-      -GuardianCliLocation $(GuardianCliLocation)
+      -GuardianPackageName Microsoft.Guardian.Cli.$(GuardianVersion)
       -NugetPackageDirectory $(Build.SourcesDirectory)\.packages
       -AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
       ${{ parameters.additionalParameters }}
