sprints enhancements
This commit is contained in:
StellaOps Bot
@@ -25,7 +25,7 @@ paths=(
|
||||
"ops/devops/sealed-mode-ci/artifacts"
|
||||
"TestResults"
|
||||
"tests/TestResults"
|
||||
"local-nugets/packages"
|
||||
".nuget/packages"
|
||||
".nuget/packages"
|
||||
)
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ export MSBUILDDISABLENODEREUSE=1
|
||||
export DOTNET_HOST_DISABLE_RESOLVER_FALLBACK=1
|
||||
export DOTNET_RESTORE_DISABLE_PARALLEL=true
|
||||
PROJECT="${ROOT_DIR}/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.SmokeTests/StellaOps.Scanner.Analyzers.Lang.Node.SmokeTests.csproj"
|
||||
RESTORE_SRC="${ROOT_DIR}/local-nugets"
|
||||
RESTORE_SRC="${ROOT_DIR}/.nuget/packages"
|
||||
mkdir -p "$DOTNET_CLI_HOME"
|
||||
DOTNET_RESTORE_ARGS=("restore" "$PROJECT" "--no-cache" "--disable-parallel" "/p:RestoreSources=${RESTORE_SRC}" "/p:DisableSdkResolverCache=true" "/p:DisableImplicitNuGetFallbackFolder=true" "/p:RestoreNoCache=true")
|
||||
DOTNET_BUILD_ARGS=("build" "$PROJECT" "-c" "Release" "--no-restore" "-m:1" "/p:UseSharedCompilation=false" "/p:RestoreSources=${RESTORE_SRC}" "/p:DisableSdkResolverCache=true" "/p:DisableImplicitNuGetFallbackFolder=true")
|
||||
|
||||
@@ -3,7 +3,7 @@ set -euo pipefail
|
||||
# Publishes signed NuGet packages to a configured feed (file or HTTP).
|
||||
|
||||
PACKAGES_GLOB=${PACKAGES_GLOB:-"out/sdk/*.nupkg"}
|
||||
SOURCE=${SDK_NUGET_SOURCE:-"local-nugets/packages"}
|
||||
SOURCE=${SDK_NUGET_SOURCE:-".nuget/packages/packages"}
|
||||
API_KEY=${SDK_NUGET_API_KEY:-""}
|
||||
|
||||
mapfile -t packages < <(ls $PACKAGES_GLOB 2>/dev/null || true)
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env python3
|
||||
"""Generate manifests for curated binaries.
|
||||
|
||||
- local-nugets/manifest.json : NuGet packages (id, version, sha256)
|
||||
- .nuget/manifest.json : NuGet packages (id, version, sha256)
|
||||
- vendor/manifest.json : Plugin/tool/deploy/ops binaries with sha256
|
||||
- offline/feeds/manifest.json : Offline bundles (tar/tgz/zip) with sha256
|
||||
|
||||
@@ -47,7 +47,7 @@ def write_json(path: Path, payload: dict) -> None:
|
||||
|
||||
|
||||
def generate_local_nugets_manifest() -> None:
|
||||
nuget_dir = ROOT / "local-nugets"
|
||||
nuget_dir = ROOT / ".nuget"
|
||||
nuget_dir.mkdir(exist_ok=True)
|
||||
packages = []
|
||||
for pkg in sorted(nuget_dir.glob("*.nupkg"), key=lambda p: p.name.lower()):
|
||||
@@ -64,7 +64,7 @@ def generate_local_nugets_manifest() -> None:
|
||||
manifest = {
|
||||
"generated_utc": iso_timestamp(),
|
||||
"source": "StellaOps binary prereq consolidation",
|
||||
"base_dir": "local-nugets",
|
||||
"base_dir": ".nuget",
|
||||
"count": len(packages),
|
||||
"packages": packages,
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
set -euo pipefail
|
||||
|
||||
# Verifies binary artefacts live only in approved locations.
|
||||
# Allowed roots: local-nugets (curated feed + cache), vendor (pinned binaries),
|
||||
# Allowed roots: .nuget/packages (curated feed + cache), vendor (pinned binaries),
|
||||
# offline (air-gap bundles/templates), plugins/tools/deploy/ops (module-owned binaries).
|
||||
|
||||
repo_root="$(git rev-parse --show-toplevel)"
|
||||
@@ -11,7 +11,7 @@ cd "$repo_root"
|
||||
# Extensions considered binary artefacts.
|
||||
binary_ext="(nupkg|dll|exe|so|dylib|a|lib|tar|tar.gz|tgz|zip|jar|deb|rpm|bin)"
|
||||
# Locations allowed to contain binaries.
|
||||
allowed_prefix="^(local-nugets|local-nugets/packages|vendor|offline|plugins|tools|deploy|ops|third_party|docs/artifacts|samples|src/.*/Fixtures|src/.*/fixtures)/"
|
||||
allowed_prefix="^(.nuget/packages|.nuget/packages/packages|vendor|offline|plugins|tools|deploy|ops|third_party|docs/artifacts|samples|src/.*/Fixtures|src/.*/fixtures)/"
|
||||
|
||||
# Only consider files that currently exist in the working tree (skip deleted placeholders).
|
||||
violations=$(git ls-files | while read -r f; do [[ -f "$f" ]] && echo "$f"; done | grep -E "\\.${binary_ext}$" | grep -Ev "$allowed_prefix" || true)
|
||||
|
||||
Reference in New Issue
Block a user