FluidFramework icon indicating copy to clipboard operation
FluidFramework copied to clipboard
verified publisher icon microsoft

Converts server-routerlicious.yml pipeline to 1ES template

Open seanimam opened this issue 2 years ago • 5 comments

Description

This PR converts server-routerlicious.yml to the new 1ES template required by Microsoft with the minimal required set of template changes required. This new template enables security and auditing checks by Microsoft. Read more on how the logic for converting to a 1ES pipeline works on the official 1ES wiki

A temporary 1ES folder was created for converted pipeline templates. This enables other pipelines to remain unchanged and use the original templates while new PR's are opened for individually converted other pipelines to 1ES as required by Microsoft. You can easily view what the template changes are by looking at the diff in the following PR which is a fork of this branch and simply moves the template changes from the 1ES folder to the original so there is a clear diff present on github

  • Once all pipelines are moved over, we can start moving the files out of the 1ES folder and eventually remove the folder since it will no longer have any files (This is after we convert the rest of the required pipelines).

  • This PR also adds a new file CredScanSuppressions.json which disables automated credential scanning security checks on certain files that produce a false positive because they have mock credentials.

Breaking Changes

Reviewer Guidance

  • Confirm the newly converted pipelines run successfully. Look at the completed steps and compare with a recent successful run on main to ensure the expected steps run (plus the new SDL and 1ES security checks)
  • Make sure all the relevant templates and pipelines for server-routerlicious.yml have been converted
  • Make sure there are no unnecessary changes or 1ES template and/or pipeline conversions
  • Make sure the yml is valid -- a successful pipeline run should suffice for confirming this

seanimam avatar Jan 30 '24 16:01 seanimam

Found one more thing we need to bring with this (could have done it with any of them really, because the relevant file is already getting analyzed as part of the repo): the CredScanSuppressions.json file. Due to the missing suppression file, the pipelines are reporting warnings like this one.

alexvy86 avatar Jan 31 '24 18:01 alexvy86

/azp run server - routerlicious

alexvy86 avatar Feb 05 '24 23:02 alexvy86

No pipelines are associated with this pull request.

azure-pipelines[bot] avatar Feb 05 '24 23:02 azure-pipelines[bot]

/azp run server-routerlicious

alexvy86 avatar Feb 05 '24 23:02 alexvy86

Azure Pipelines successfully started running 1 pipeline(s).

azure-pipelines[bot] avatar Feb 05 '24 23:02 azure-pipelines[bot]