[ci] Enable api scan on dnceng #30984
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull Request Overview
This pull request adds API scanning capability to the build pipeline by introducing a new APIScan stage and integrating it into the existing CI/CD workflow. The change addresses the gap left when transitioning to new dnceng builds, which stopped running API scans because 1ES templates don't support this functionality yet.
- Adds a new APIScan stage with configurable parameters for scanning MAUI assemblies
- Integrates the APIScan stage into the internal pipeline to run after the Pack stage
- Prepares and publishes APIScanFiles artifacts containing assemblies (.dll and .pdb files) needed for scanning
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
eng/pipelines/azure-pipelines-internal.yml |
Integrates the new APIScan stage into the internal pipeline |
eng/pipelines/arcade/stage-pack.yml |
Adds artifact preparation for APIScan and removes commented code |
eng/pipelines/arcade/stage-api-scan.yml |
Defines the new APIScan stage template with job configuration |
| - task: CopyFiles@2 | ||
| displayName: Copy assemblies for APIScan | ||
| inputs: | ||
| SourceFolder: '$(Build.SourcesDirectory)\artifacts\bin\Controls.Core' |
There was a problem hiding this comment.
The hardcoded path 'Controls.Core' makes this specific to one component. Consider using a parameter or variable to make this more flexible for scanning other components.
Suggested change
| SourceFolder: '$(Build.SourcesDirectory)\artifacts\bin\Controls.Core' | |
| SourceFolder: '$(Build.SourcesDirectory)\artifacts\bin\${{ parameters.componentName }}' |
SuthiYuvaraj
pushed a commit
to SuthiYuvaraj/maui
that referenced
this pull request
Aug 12, 2025
* [ci] List dlls * Fix steps * Again * Again * yml * Execute post steps * Try run apiscan * Try add ids * TRY AGAIN * Try 1ES tasks * Fxi ident * Remove publish * Try template context * isProduction * try outputs * not release job * Fix artifact name * Try again fix variables * Try push metadat files * Try hardcode * Try again * Update variables
rmarinho
added a commit
that referenced
this pull request
Aug 13, 2025
* [ci] List dlls * Fix steps * Again * Again * yml * Execute post steps * Try run apiscan * Try add ids * TRY AGAIN * Try 1ES tasks * Fxi ident * Remove publish * Try template context * isProduction * try outputs * not release job * Fix artifact name * Try again fix variables * Try push metadat files * Try hardcode * Try again * Update variables
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of Change
When moving to the new dnceng builds we stopped to run the api scan , this adds it back since the 1ES templates don t support it yet. Other sdl tools work fine .
This pull request introduces a new pipeline stage for API scanning and integrates it into the existing build pipeline. The changes primarily focus on adding the
APIScanstage, configuring its parameters, and ensuring the necessary artifacts are prepared and consumed. Below are the most significant changes grouped by theme:Addition of the
APIScanStage:stage-api-scan.ymltemplate to define theAPIScanstage. This includes parameters for configuration (e.g.,AppId,TenantId,ServiceConnectionId) and steps to run theAPIScantask, publish analysis logs, and allow pre/post custom steps. (eng/pipelines/arcade/stage-api-scan.yml)Integration with Existing Pipelines:
APIScanstage into the internal pipeline by extending theazure-pipelines-internal.ymlfile. TheAPIScanstage is configured to depend on thePackstage and uses the appropriate VM pool. (eng/pipelines/azure-pipelines-internal.yml)Artifact Preparation for
APIScan:stage-pack.ymlfile to prepare and output theAPIScanFilesartifact, which includes assemblies required for the API scan. This involves copying.dlland.pdbfiles to a temporary directory for use in theAPIScanstage. (eng/pipelines/arcade/stage-pack.yml) [1] [2]Cleanup of Deprecated Code:
stage-pack.ymlfile to improve readability and maintainability. (eng/pipelines/arcade/stage-pack.yml)