Skip to content

Instantly share code, notes, and snippets.

@felickz

felickz/ghazdo-conditional-task.md

Last active April 17, 2024 08:37
Show Gist options
  • Save felickz/830d1aa9ba02eef8809789e4b1d05581 to your computer and use it in GitHub Desktop.
Save felickz/830d1aa9ba02eef8809789e4b1d05581 to your computer and use it in GitHub Desktop.
Download ZIP
GHAzDO conditionally run tasks based on enablement
Raw
ghazdo-conditional-task.md

To conditionally run the GHAzDO tasks in a pipeline:

image

Use the following steps:

steps:
- bash: az devops configure --defaults organization='$(System.TeamFoundationCollectionUri)' project='$(System.TeamProject)' --use-git-aliases true
  displayName: 'Set default Azure DevOps organization and project'

- bash: echo "##vso[task.setvariable variable=advSecEnabled]$(az devops invoke --area Management --resource RepoEnablement --route-parameters repository='$(Build.Repository.Name)'  project='$(System.TeamProject)' --api-version '7.2-preview' --query advSecEnabled)"
  env:
    AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
  displayName: 'Set var for GHAzDO Enablement'

- task: AdvancedSecurity-Codeql-Init@1
  condition: eq(variables['advSecEnabled'], 'true')
  inputs:
    languages: 'javascript'

- task: AdvancedSecurity-Codeql-Autobuild@1
  condition: eq(variables['advSecEnabled'], 'true')

- task: AdvancedSecurity-Dependency-Scanning@1
  condition: eq(variables['advSecEnabled'], 'true')

- task: AdvancedSecurity-Codeql-Analyze@1
  condition: eq(variables['advSecEnabled'], 'true')
@0GiS0
Copy link

0GiS0 commented Apr 14, 2024

Thank you so much @felickz for your effort! I tested it but It didn't work because you need to put the values of the variables in quotes, because if you have names with spaces it won't work:

- bash: az devops configure --defaults organization='$(System.TeamFoundationCollectionUri)' project='$(System.TeamProject)' --use-git-aliases true
  displayName: 'Set default Azure DevOps organization and project (Autoinjected)'
- bash: az devops invoke --area="Management" --resource="RepoEnablement" --route-parameters repository="$(Build.Repository.Name)"  project="$(System.TeamProject)" --api-version "7.2-preview" --query advSecEnabled
  env:
    AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
  displayName: Check if GHAzDO is enabled or not
- bash: echo "##vso[task.setvariable variable=advSecEnabled]$(az devops invoke --area='Management' --resource='RepoEnablement' --route-parameters repository='$(Build.Repository.Name)'  project='$(System.TeamProject)' --api-version '7.2-preview' --query advSecEnabled)"
  env:
    AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
  displayName: 'Set var for GHAzDO Enablement (Autoinjected)'

On the other hand , did you try it using a regular pipeline or decorator? If I put those lines in a decorator is not working for me but It works perfectly in a regular pipeline.

I've created also a custom task with the same approach and It works in a decorator:

import tl = require("azure-pipelines-task-lib");
import axios from "axios";

async function run() {
  const area = "Management";
  const apiVersion = "7.2-preview";

  let organization = tl
    .getVariable("System.CollectionUri")
    ?.replace("https://dev.azure.com/", "")
    .replace("/", "");
  let repository = tl.getVariable("Build.Repository.Name");
  let project = tl.getVariable("System.TeamProject");

  // Print values
  console.log(`Repository: ${repository}`);
  console.log(`Project: ${project}`);
  console.log(`Organization: ${organization}`);

  // Get token
  let token = tl.getVariable("System.AccessToken");

  // Make a request
  // GET https://advsec.dev.azure.com/{organization}/{project}/_apis/management/repositories/{repository}/enablement?api-version=7.2-preview.1
  let url = `https://advsec.dev.azure.com/${organization}/${project}/_apis/${area}/repositories/${repository}/enablement?api-version=${apiVersion}`;

  console.log(`URL: ${url}`);

  axios
    .get(url, {
      headers: {
        Authorization: `Bearer ${token}`,
      },
    })
    .then((response) => {
      console.log(response.data);
      let advSecEnabled = response.data.advSecEnabled;
      tl.setVariable("advSecEnabled", advSecEnabled);

    })
    .catch((error) => {
      console.error(error);
    });
}

run();

Cheers!

@felickz
Copy link
Author

felickz commented Apr 15, 2024
edited
Loading

Thank you so much @felickz for your effort! I tested it but It didn't work because you need to put the values of the variables in quotes, because if you have names with spaces it won't work:

Thanks! Applied the change. I'll have to make a space in name a standard test case :) I have not tried within a decorator.

@0GiS0
Copy link

0GiS0 commented Apr 17, 2024

Thanks @felickz! If you think it makes sense, I can create a PR with this task in order to integrate it in our GHAzDO-Resources repo 🥲

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment