restructuring CI to reduce time-to-failure for scanning

mattchenderson · mattchenderson · commit 91bb5619b42b · 2024-07-11T17:58:12.000-07:00
diff --git a/check-vulnerabilities.ps1 b/check-vulnerabilities.ps1
@@ -7,6 +7,11 @@ if (-not (Test-Path $projectPath))
 }
 
 cd $projectPath
+
+$cmd = "restore"
+Write-Host "dotnet $cmd"
+dotnet $cmd | Tee-Object $logFilePath
+
 $cmd = "list", "package", "--include-transitive", "--vulnerable"
 Write-Host "dotnet $cmd"
 dotnet $cmd | Tee-Object $logFilePath
diff --git a/eng/ci/templates/public/jobs/build-test-public.yml b/eng/ci/templates/public/jobs/build-test-public.yml
@@ -38,6 +38,9 @@ jobs:
       .\validateWorkerVersions.ps1
     displayName: 'Validate worker versions'
     condition: ne(variables['skipWorkerVersionValidation'], 'true')
+  - pwsh: |
+      .\check-vulnerabilities.ps1
+    displayName: "Check for security vulnerabilities"
   - pwsh: |
       .\build.ps1
     env:
@@ -46,9 +49,6 @@ jobs:
       IsPublicBuild: true
       IsCodeqlBuild: false
     displayName: 'Executing build script'
-  - pwsh: |
-      .\check-vulnerabilities.ps1
-    displayName: "Check for security vulnerabilities"
   - task: PublishTestResults@2
     inputs:
       testResultsFormat: 'VSTest'
diff --git a/pipelineUtilities.psm1 b/pipelineUtilities.psm1
@@ -81,22 +81,46 @@ function AddLocalDotnetDirPath {
     }
 }
 
-function Find-Dotnet
+function Find-DotnetVersionsToInstall
 {
     AddLocalDotnetDirPath
     $listSdksOutput = dotnet --list-sdks
     $installedDotnetSdks = $listSdksOutput | ForEach-Object { $_.Split(" ")[0] }
     Write-Host "Detected dotnet SDKs: $($installedDotnetSdks -join ', ')"
+    $missingVersions = [System.Collections.Generic.List[string]]::new()
     foreach ($majorMinorVersion in $DotnetSDKVersionRequirements.Keys) {
         $minimalVersion = "$majorMinorVersion.$($DotnetSDKVersionRequirements[$majorMinorVersion].MinimalPatch)"
         $firstAcceptable = $installedDotnetSdks |
                                 Where-Object { $_.StartsWith("$majorMinorVersion.") } |
                                 Where-Object { [System.Management.Automation.SemanticVersion]::new($_) -ge [System.Management.Automation.SemanticVersion]::new($minimalVersion) } |
                                 Select-Object -First 1
-        if (-not $firstAcceptable) {
-            throw "Cannot find the dotnet SDK for .NET Core $majorMinorVersion. Version $minimalVersion or higher is required. Please specify '-Bootstrap' to install build dependencies."
+        if ($firstAcceptable) {
+            Write-Host "Found dotnet SDK $firstAcceptable for .NET Core $majorMinorVersion"
+        }                               
+        else {
+            Write-Host "Cannot find the dotnet SDK for .NET Core $majorMinorVersion. Version $minimalVersion or higher is required."
+            $missingVersions.Add("$majorMinorVersion.$($DotnetSDKVersionRequirements[$majorMinorVersion].DefaultPatch)")
         }
     }
+    return $missingVersions
+}
+
+
+$installScript = if ($IsWindows) { "dotnet-install.ps1" } else { "dotnet-install.sh" }
+$obtainUrl = "https://raw.githubusercontent.com/dotnet/cli/master/scripts/obtain"
+
+function Install-DotnetVersion($Version,$Channel) {
+    if ((Test-Path  $installScript) -ne $True) {
+        Write-Host "Downloading dotnet-install script"
+        Invoke-WebRequest -Uri $obtainUrl/$installScript -OutFile $installScript
+    }
+
+    Write-Host "Installing dotnet SDK version $Version"
+    if ($IsWindows) {
+        & .\$installScript -InstallDir "$env:ProgramFiles/dotnet" -Channel $Channel -Version $Version
+    } else {
+        bash ./$installScript --install-dir /usr/share/dotnet -c $Channel -v $Version
+    }
 }
 
 function Install-Dotnet {
@@ -105,25 +129,18 @@ function Install-Dotnet {
         [string]$Channel = 'release'
     )
     try {
-        Find-Dotnet
-        return  # Simply return if we find dotnet SDk with the correct version
-    } catch { }
-    $obtainUrl = "https://raw.githubusercontent.com/dotnet/cli/master/scripts/obtain"
-    try {
-        $installScript = if ($IsWindows) { "dotnet-install.ps1" } else { "dotnet-install.sh" }
-        Invoke-WebRequest -Uri $obtainUrl/$installScript -OutFile $installScript
-        foreach ($majorMinorVersion in $DotnetSDKVersionRequirements.Keys) {
-            $version = "$majorMinorVersion.$($DotnetSDKVersionRequirements[$majorMinorVersion].DefaultPatch)"
-            Write-Host "Installing dotnet SDK version $version"
-            if ($IsWindows) {
-                & .\$installScript -InstallDir "$env:ProgramFiles/dotnet" -Channel $Channel -Version $Version
-            } else {
-                bash ./$installScript --install-dir /usr/share/dotnet -c $Channel -v $Version
-            }
+        $missingVersions = Find-DotnetVersionsToInstall
+        if ($missingVersions.Count -eq 0) {
+            return
+        }
+        foreach ($missingMajorMinorVersion in $missingVersions) {
+            Install-DotnetVersion -Version $missingMajorMinorVersion -Channel $Channel
         }
         AddLocalDotnetDirPath
-    }
+    } 
     finally {
-        Remove-Item $installScript -Force -ErrorAction SilentlyContinue
+        if (Test-Path  $installScript) {
+            Remove-Item $installScript -Force -ErrorAction SilentlyContinue
+        }
     }
 }
