Azure · gingi · Feb 8, 2022 · Jan 28, 2022 · Jan 11, 2022 · Jan 11, 2022
@@ -0,0 +1,6 @@
+steps:
+  - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
+    displayName: "SBOM Generation"
+    inputs:
+      BuildDropPath: ./release
+
@@ -5,6 +5,7 @@ steps:
       . "$(Agent.WorkFolder)/.venv/batchexplorer/bin/activate"
       npm run build-and-pack
     displayName: Build and pack
+  - template: ../common/generate-sbom.yml
   - template: ../common/publish-artifacts.yml
     parameters:
       folder: darwin
@@ -2,19 +2,26 @@
 jobs:
   - job: Linux
     pool:
-      vmImage: ubuntu-18.04
+      name: Azure-Pipelines-EO-Batch-Explorer
+      demands:
+      - ImageOverride -equals BatchExplorerBuildImage-Linux
     steps:
        - template: ./linux/distribution.yml
 
   - job: MacOS
     pool:
       vmImage: macOS-10.15
       demands: xcode
+    variables:
+      - name: EOCompliance-Mac
+        value: true
     steps:
        - template: ./darwin/distribution.yml
 
   - job: Windows
     pool:
-      vmImage: vs2017-win2016
+      name: Azure-Pipelines-EO-Batch-Explorer
+      demands:
+      - ImageOverride -equals BatchExplorerBuildImage-Windows
     steps:
       - template: ./win/distribution.yml
@@ -31,6 +31,8 @@ steps:
   - script: npm run lint
     displayName: Lint
 
+  - template: ../common/generate-sbom.yml
+
   - template: ../common/publish-artifacts.yml
     parameters:
       folder: linux
@@ -2,32 +2,43 @@ name: $(SourceBranch)$(Rev:.r)
 jobs:
   - job: Linux
     pool:
-      vmImage: ubuntu-18.04
+      name: Azure-Pipelines-EO-Batch-Explorer
+      demands:
+        - ImageOverride -equals BatchExplorerBuildImage-Linux
     steps:
-       - template: ./linux/ci.yml
+      - template: ./linux/ci.yml
 
   - job: MacOS
     pool:
       vmImage: macOS-10.15
       demands: xcode
+    variables:
+      - name: EOCompliance-Mac
+        value: true
     steps:
-       - template: ./darwin/ci.yml
+      - template: ./darwin/ci.yml
 
   - job: Windows
     pool:
-      vmImage: windows-2019
+      name: Azure-Pipelines-EO-Batch-Explorer
+      demands:
+        - ImageOverride -equals BatchExplorerBuildImage-Windows
+    variables:
+      Packaging.EnableSBOMSigning: true
     steps:
       - template: ./win/ci.yml
 
   - job: RegisterDependencies
     displayName: Register dependencies
     pool:
-      vmImage: vs2017-win2016
+      name: Azure-Pipelines-EO-Batch-Explorer
+      demands:
+        - ImageOverride -equals BatchExplorerBuildImage-Windows
     condition: ne(variables['Build.Reason'], 'PullRequest')
     variables:
       EnableDetectorPip: true
     continueOnError: true
     steps:
       - template: ./win/win-dependencies.yml
       - task: ComponentGovernanceComponentDetection@0
-        displayName: 'Component Detection'
+        displayName: "Component Detection"
@@ -2,7 +2,9 @@ variables:
   locdir: $(Build.ArtifactStagingDirectory)/BatchExplorer
 
 pool:
-  vmImage: ubuntu-20.04
+  name: Azure-Pipelines-EO-Batch-Explorer
+  demands:
+  - ImageOverride -equals BatchExplorerBuildImage-Linux
 steps:
   - task: NodeTool@0
     inputs:

@@ -1,7 +1,7 @@
 steps:
   # Static analysis before build
   - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
-    displayName: 'Run CredScan'
+    displayName: "Run CredScan"
     inputs:
       suppressionsFile: test/cred-scan-exclude.json
       toolMajorVersion: V2
@@ -21,18 +21,19 @@ steps:
     displayName: Running spectron
 
   - task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
-    displayName: 'AntiMalware Scanner'
+    displayName: "AntiMalware Scanner"
     inputs:
       EnableServices: true
 
   - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
-    displayName: 'Publish Security Analysis Logs'
+    displayName: "Publish Security Analysis Logs"
 
   - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
-    displayName: 'Post Analysis'
+    displayName: "Post Analysis"
     inputs:
       CredScan: true
 
+  - template: ../common/generate-sbom.yml
 
   - template: ../common/publish-artifacts.yml
     parameters:

@@ -195,7 +195,7 @@
     "inflection": "^1.12.0",
     "js-yaml": "^3.14.0",
     "jschardet": "^2.2.1",
-    "keytar": "^5.6.0",
+    "keytar": "^7.7.0",
     "load-json-file": "^5.3.0",
     "luxon": "^1.24.1",
     "make-dir": "^2.1.0",