Fix multi-project support for Security Code Scan
What does this MR do?
Upon studying the dotnet
docs some more I realized we were doing some things wrong. Namely not specifying paths in the dotnet
, nuget
, and msbuild
commands. This led to some incorrect behavior as those commands would try to figure out what solution OR project to build/restore/clean/add to.
I've included this diagram to help illustrate what we are changing (it's not a complete flow diagram but demonstrates some of the decisions being made):
We add analyzeSolution
, analyzeProjectDotNet
, and analyzeProjectMSBuild
functions which do the following:
-
analyzeSolution
: determines what projects are associated with the solution usingdotnet sln <solution> list
. Those projects then callanalyzeProjectsDotNet
and if that fails,analyzeProjectMSBuild
-
analyzeProjectDotNet
: this function analyzes the project usingdotnet
commands only (add
,clean
,build
) -
analyzeProjectMSBuild
: this function adds the required Security-Code-Scan dependency to the.csproj
project file. Next we download requiredNuget
dependencies usingnuget restore <solution>
. Notice this requires the solution file for downloading the dependencies. Then we can runmsbuild <project> -t:Clean;Build
on the project.
This MR should address the issues in this conversation thread. gitlab-org/gitlab#233033 (comment 484917072)
What are the relevant issue numbers?
gitlab-org/gitlab#233033 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Zach Rice