Files
microsoft--promptflow/.github/pipelines/compliance_check.yml
T
wehub-resource-sync e768098d0e
Flake8 Lint / flake8 (push) Waiting to run
Publish Promptflow Doc / Build (push) Waiting to run
Publish Promptflow Doc / Deploy (push) Blocked by required conditions
Spell check CI / Spell_Check (push) Waiting to run
tools_continuous_delivery / Private PyPI non-main branch release (push) Has been skipped
tools_continuous_delivery / Private PyPI main branch release (push) Failing after 2m42s
chore: import upstream snapshot with attribution
2026-07-13 13:39:52 +08:00

75 lines
2.6 KiB
YAML

# Pipeline link: https://dev.azure.com/msdata/Vienna/_build?definitionId=26179&_a=summary
parameters:
- name: policyCulture
displayName: "Policy Culture"
type: string
# The culture used to run policy check scan, can be region codes separated by comma, e.g. 'en-US,de-DE'
default: 'en-US'
name: $(BuildDefinitionName)_$(Date:yyyyMMdd)$(Rev:.r) # Configure run or build numbers
variables:
- name: sourceLocation
value: $(System.DefaultWorkingDirectory)
trigger:
- main
- releases/*
pool:
name: promptflow-1ES-win
steps:
- checkout: self
- task: PowerShell@2
inputs:
targetType: inline
script: |
Remove-Item -Recurse -Force $(sourceLocation)/benchmark/promptflow-serve/result-archive
Remove-Item -Path $(sourceLocation)/src/promptflow-azure/promptflow/azure/_restclient/flow_service_caller.py -Force
displayName: 'Delete benchmark HTML files, and files to avoid PoliCheck scan'
# https://eng.ms/docs/microsoft-security/cloud-ecosystem-security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/sdl-azdo-extension/PoliCheck-build-task
- task: PoliCheck@2
inputs:
targetType: 'F'
targetArgument: '$(sourceLocation)'
optionsPE: '1'
optionsUEPATH: '$(sourceLocation)\scripts\compliance-check\user_exclusion.xml'
result: '$(sourceLocation)\scripts\compliance-check\result.tsv'
optionsXCLASS: 'Geopolitical'
- task: PowerShell@2
inputs:
targetType: inline
script: |
if (-Not (Test-Path "$(sourceLocation)/scripts/compliance-check/result.tsv")) {
Write-Host "PoliCheck@2 (previous step) is not supported for forked GitHub repository, which will break the following step."
Write-Host "So as a workaround, this step will create an empty result.tsv file."
New-Item -ItemType Directory -Force -Path "$(sourceLocation)/scripts/compliance-check"
Set-Location "$(sourceLocation)/scripts/compliance-check"
New-Item -ItemType File -Name "result.tsv"
}
displayName: 'Workaround for fork repository'
- task: PowerShell@2
inputs:
targetType: 'filePath'
filePath: '$(sourceLocation)\scripts\compliance-check\Check-PolicheckScan.ps1'
arguments: >
-policheckResult $(sourceLocation)\scripts\compliance-check\result.tsv
displayName: 'Check result'
- task: PublishPipelineArtifact@1
condition: failed()
inputs:
targetPath: '$(sourceLocation)\scripts\compliance-check\result.tsv'
artifactName: 'compliance-check-result'
publishLocation: 'pipeline'
- task: CredScan@3
displayName: 'CredScan'
inputs:
scanFolder: '$(sourceLocation)'