From d7e0f95bd45d98d7fd279b1c38e08454e01be9e6 Mon Sep 17 00:00:00 2001 From: Vincent Biret Date: Mon, 23 Jun 2025 08:51:54 -0400 Subject: [PATCH 1/6] chore: removes external detect secret in favor of ADO --- .github/workflows/gradle-build.yml | 4 - .secrets.baseline | 115 ----------------------------- 2 files changed, 119 deletions(-) delete mode 100644 .secrets.baseline diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 5ef87a9292f..012b889102b 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -21,10 +21,6 @@ jobs: java-version: 21 distribution: 'temurin' cache: gradle - - name: Detect secrets - run: | - pip install detect-secrets - git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline - name: Move generated sources to correct package run: .\scripts\copyFilesOnBuild.ps1 -inputPath '.\src\main\java\com\microsoft\graph\beta\generated' shell: pwsh diff --git a/.secrets.baseline b/.secrets.baseline deleted file mode 100644 index 7de1b645559..00000000000 --- a/.secrets.baseline +++ /dev/null @@ -1,115 +0,0 @@ -{ - "version": "1.5.0", - "plugins_used": [ - { - "name": "ArtifactoryDetector" - }, - { - "name": "AWSKeyDetector" - }, - { - "name": "AzureStorageKeyDetector" - }, - { - "name": "Base64HighEntropyString", - "limit": 4.5 - }, - { - "name": "BasicAuthDetector" - }, - { - "name": "CloudantDetector" - }, - { - "name": "HexHighEntropyString", - "limit": 3.0 - }, - { - "name": "IbmCloudIamDetector" - }, - { - "name": "IbmCosHmacDetector" - }, - { - "name": "JwtTokenDetector" - }, - { - "name": "KeywordDetector", - "keyword_exclude": "" - }, - { - "name": "MailchimpDetector" - }, - { - "name": "NpmDetector" - }, - { - "name": "PrivateKeyDetector" - }, - { - "name": "SlackDetector" - }, - { - "name": "SoftlayerDetector" - }, - { - "name": "SquareOAuthDetector" - }, - { - "name": "StripeDetector" - }, - { - "name": "TwilioKeyDetector" - } - ], - "filters_used": [ - { - "path": "detect_secrets.filters.allowlist.is_line_allowlisted" - }, - { - "path": "detect_secrets.filters.common.is_baseline_file", - "filename": ".secrets.baseline" - }, - { - "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", - "min_level": 2 - }, - { - "path": "detect_secrets.filters.heuristic.is_indirect_reference" - }, - { - "path": "detect_secrets.filters.heuristic.is_likely_id_string" - }, - { - "path": "detect_secrets.filters.heuristic.is_lock_file" - }, - { - "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string" - }, - { - "path": "detect_secrets.filters.heuristic.is_potential_uuid" - }, - { - "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign" - }, - { - "path": "detect_secrets.filters.heuristic.is_sequential_string" - }, - { - "path": "detect_secrets.filters.heuristic.is_swagger_file" - }, - { - "path": "detect_secrets.filters.heuristic.is_templated_secret" - }, - { - "path": "detect_secrets.filters.regex.should_exclude_file", - "pattern": [ - "src/main/java/com/microsoft/graph/beta/generated/.*", - "release-please-config.json", - "kiota-lock.json" - ] - } - ], - "results": {}, - "generated_at": "2024-08-13T13:13:56Z" -} From 64c64dab790245453ece73c98c1a08cdefaa4df1 Mon Sep 17 00:00:00 2001 From: Vincent Biret Date: Mon, 23 Jun 2025 10:40:37 -0400 Subject: [PATCH 2/6] fix: enables daemon for build steps --- .azure-pipelines/ci-build.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.azure-pipelines/ci-build.yml b/.azure-pipelines/ci-build.yml index 5be85b784b8..d1c5aee2b8c 100644 --- a/.azure-pipelines/ci-build.yml +++ b/.azure-pipelines/ci-build.yml @@ -65,19 +65,19 @@ extends: Copy-Item $(downloadLocalProperties.secureFilePath) local.properties -Verbose displayName: Copy secring and 'local.properties' - - script: ./gradlew --no-daemon publishToMavenLocal -PmavenCentralPublishingEnabled=true -PmavenCentralSnapshotArtifactSuffix="" + - script: ./gradlew publishToMavenLocal -PmavenCentralPublishingEnabled=true -PmavenCentralSnapshotArtifactSuffix="" displayName: Publish to local Maven for verification condition: contains(variables['build.sourceBranch'], 'refs/tags/v') - - script: ./gradlew --no-daemon publishToMavenLocal -PmavenCentralPublishingEnabled=true + - script: ./gradlew publishToMavenLocal -PmavenCentralPublishingEnabled=true displayName: Publish to local Maven for verification condition: not(contains(variables['build.sourceBranch'], 'refs/tags/v')) - - script: ./gradlew --no-daemon publishMavenPublicationToADORepository -PmavenCentralPublishingEnabled=true -PmavenCentralSnapshotArtifactSuffix="" + - script: ./gradlew publishMavenPublicationToADORepository -PmavenCentralPublishingEnabled=true -PmavenCentralSnapshotArtifactSuffix="" displayName: Publish to local Maven ADO for ESRP condition: contains(variables['build.sourceBranch'], 'refs/tags/v') - - script: ./gradlew --no-daemon publishMavenPublicationToADORepository -PmavenCentralPublishingEnabled=true + - script: ./gradlew publishMavenPublicationToADORepository -PmavenCentralPublishingEnabled=true displayName: Publish to local Maven ADO for ESRP condition: not(contains(variables['build.sourceBranch'], 'refs/tags/v')) From 3472753dde6001f7dcf1518018efc892e0cc63d9 Mon Sep 17 00:00:00 2001 From: Vincent Biret Date: Mon, 23 Jun 2025 12:54:44 -0400 Subject: [PATCH 3/6] ci: switches to more powerfull agents --- .azure-pipelines/ci-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure-pipelines/ci-build.yml b/.azure-pipelines/ci-build.yml index d1c5aee2b8c..058418168c1 100644 --- a/.azure-pipelines/ci-build.yml +++ b/.azure-pipelines/ci-build.yml @@ -37,7 +37,7 @@ extends: jobs: - job: build pool: - name: Azure-Pipelines-1ESPT-ExDShared + name: 1es-ubuntu-latest-m os: linux image: ubuntu-latest #TODO maybe missing template context with sdl baselines? From f9ffff3e5007b1c6d85dc800b486b0b01d249216 Mon Sep 17 00:00:00 2001 From: Vincent Biret Date: Mon, 23 Jun 2025 14:39:50 -0400 Subject: [PATCH 4/6] ci: removes image name --- .azure-pipelines/ci-build.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.azure-pipelines/ci-build.yml b/.azure-pipelines/ci-build.yml index 058418168c1..1e3ac038c98 100644 --- a/.azure-pipelines/ci-build.yml +++ b/.azure-pipelines/ci-build.yml @@ -39,7 +39,6 @@ extends: pool: name: 1es-ubuntu-latest-m os: linux - image: ubuntu-latest #TODO maybe missing template context with sdl baselines? steps: - checkout: self From f1da4189e6e9d15349101fd90cf1624748a9c3f2 Mon Sep 17 00:00:00 2001 From: Michael Mainer <8527305+MIchaelMainer@users.noreply.github.com> Date: Tue, 24 Jun 2025 10:17:55 -0700 Subject: [PATCH 5/6] Added updated image name --- .azure-pipelines/ci-build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.azure-pipelines/ci-build.yml b/.azure-pipelines/ci-build.yml index 1e3ac038c98..f6bd3cd0557 100644 --- a/.azure-pipelines/ci-build.yml +++ b/.azure-pipelines/ci-build.yml @@ -39,6 +39,7 @@ extends: pool: name: 1es-ubuntu-latest-m os: linux + image: ubuntu-24.04-latest #TODO maybe missing template context with sdl baselines? steps: - checkout: self @@ -226,4 +227,4 @@ extends: approvers: mmainer@microsoft.com serviceendpointurl: "https://api.esrp.microsoft.com" mainpublisher: "ESRPRELPACMAN" - domaintenantid: "cdc5aeea-15c5-4db6-b079-fcadd2505dc2" \ No newline at end of file + domaintenantid: "cdc5aeea-15c5-4db6-b079-fcadd2505dc2" From e7a52a373b68cd5dcb9b92f2a26abe9cb6b4d4c7 Mon Sep 17 00:00:00 2001 From: Michael Mainer <8527305+MIchaelMainer@users.noreply.github.com> Date: Tue, 24 Jun 2025 10:53:00 -0700 Subject: [PATCH 6/6] Remove image name --- .azure-pipelines/ci-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure-pipelines/ci-build.yml b/.azure-pipelines/ci-build.yml index f6bd3cd0557..334c9e32e82 100644 --- a/.azure-pipelines/ci-build.yml +++ b/.azure-pipelines/ci-build.yml @@ -39,7 +39,7 @@ extends: pool: name: 1es-ubuntu-latest-m os: linux - image: ubuntu-24.04-latest + #TODO maybe missing template context with sdl baselines? steps: - checkout: self