Add SBOM generation as part of the build process (#716)

Francisco-Gamino · Francisco-Gamino · commit 33d2224d307c · 2021-12-17T13:40:12.000-08:00
* Add SBOM task to generate manifest

* Update pipeline to generate manifest
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -20,8 +20,10 @@ steps:
 
 - pwsh: |
       $ErrorActionPreference = "Stop"
-      ./build.ps1 -Clean -Configuration Release -BuildNumber "$(buildNumber)"
+      ./build.ps1 -Clean -Configuration Release -BuildNumber "$(buildNumber)" -AddSBOM -SBOMUtilSASUrl $env:SBOMUtilSASUrl
   displayName: 'Build worker code'
+  env:
+    SBOMUtilSASUrl: $(SBOMUtilSASUrl)
 
 - pwsh: ./build.ps1 -NoBuild -Test
   displayName: 'Running UnitTest'
diff --git a/build.ps1 b/build.ps1
@@ -22,11 +22,46 @@ param(
     $Configuration = "Debug",
 
     [string]
-    $BuildNumber = '0'
+    $BuildNumber = '0',
+
+    [switch]
+    $AddSBOM,
+
+    [string]
+    $SBOMUtilSASUrl
 )
 
 #Requires -Version 6.0
 
+function Install-SBOMUtil
+{
+    if ([string]::IsNullOrEmpty($SBOMUtilSASUrl))
+    {
+        throw "The `$SBOMUtilSASUrl parameter cannot be null or empty when specifying the `$AddSBOM switch"
+    }
+
+    $MANIFESTOOLNAME = "ManifestTool"
+    Write-Host "Installing $MANIFESTOOLNAME..."
+
+    $MANIFESTOOL_DIRECTORY = Join-Path $PSScriptRoot $MANIFESTOOLNAME
+    Remove-Item -Recurse -Force $MANIFESTOOL_DIRECTORY -ErrorAction Ignore
+
+    Invoke-RestMethod -Uri $SBOMUtilSASUrl -OutFile "$MANIFESTOOL_DIRECTORY.zip"
+    Expand-Archive "$MANIFESTOOL_DIRECTORY.zip" -DestinationPath $MANIFESTOOL_DIRECTORY
+
+    $dllName = "Microsoft.ManifestTool.dll"
+    $manifestToolPath = "$MANIFESTOOL_DIRECTORY/$dllName"
+
+    if (-not (Test-Path $manifestToolPath))
+    {
+        throw "$MANIFESTOOL_DIRECTORY does not contain '$dllName'"
+    }
+
+    Write-Host 'Done.'
+
+    return $manifestToolPath
+}
+
 Import-Module "$PSScriptRoot/tools/helper.psm1" -Force
 
 # Bootstrap step
@@ -87,6 +122,29 @@ if(!$NoBuild.IsPresent) {
         -OutFile "$PSScriptRoot/src/Modules/Microsoft.PowerShell.Management/Microsoft.PowerShell.Management.psd1" 
 
     dotnet publish -c $Configuration "/p:BuildNumber=$BuildNumber" $PSScriptRoot
+
+    if ($AddSBOM)
+    {
+        # Install manifest tool
+        $manifestTool = Install-SBOMUtil
+        Write-Log "manifestTool: $manifestTool "
+
+        # Generate manifest
+        $buildPath = "$PSScriptRoot/src/bin/$Configuration/$TargetFramework/publish"
+        $telemetryFilePath = Join-Path $PSScriptRoot ((New-Guid).Guid + ".json")
+        $packageName = "Microsoft.Azure.Functions.PowerShellWorker.nuspec"
+
+        # Delete the manifest folder if it exists
+        $manifestFolderPath = Join-Path $buildPath "_manifest"
+        if (Test-Path $manifestFolderPath)
+        {
+            Remove-Item $manifestFolderPath -Recurse -Force -ErrorAction Ignore
+        }
+
+        Write-Log "Running: dotnet $manifestTool generate -BuildDropPath $buildPath -BuildComponentPath $buildPath -Verbosity Information -t $telemetryFilePath"
+        & { dotnet $manifestTool generate -BuildDropPath $buildPath -BuildComponentPath $buildPath -Verbosity Information -t $telemetryFilePath -PackageName $packageName }
+    }
+
     dotnet pack -c $Configuration "/p:BuildNumber=$BuildNumber" "$PSScriptRoot/package"
 }
 
