azureionic-frameworkazure-devopscapacitorveracode

Azure Pipeline task for Veracode scan for Ionic Capacitor project. Build artifact file path is not valid

I am trying veracode for first time. I wanted to scan my ionic project through azure pipeline.

Below is my project structure:

Project structure

so I have added a task in azure-pipeline.yml file.

# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml

trigger:
- develop

pool:
  vmImage: macOS-latest

steps:

- script: npm install
  displayName: 'Install dependencies'
  workingDirectory: $(pluginDir)
  
- script: |
    # Add any necessary setup steps for running iOS tests (e.g., installing dependencies, setting up simulators)
    brew install cocoapods
    cd $(pluginDir)/ios
    pod install
  displayName: 'Setup for iOS tests'
  
- task: JavaToolInstaller@0
  inputs:
    versionSpec: '17'
    jdkArchitectureOption: 'x64'
    jdkSourceOption: 'PreInstalled'
  
- task: Gradle@3
  inputs:
    gradleWrapperFile: '$(pluginDir)/android/gradlew'
    workingDirectory: '$(pluginDir)/android'
    tasks: 'test'
    publishJUnitResults: false
    javaHomeOption: 'JDKVersion'
    sonarQubeRunAnalysis: false
    spotBugsAnalysis: false

- task: Xcode@5
  inputs:
    actions: 'test'
    configuration: 'Debug'
    sdk: 'iphonesimulator'
    xcWorkspacePath: '$(pluginDir)/ios/Plugin.xcworkspace'
    scheme: 'PluginTests'
    packageApp: false
    destinationPlatformOption: 'iOS'
    destinationSimulators: 'iPhone 14'

- task: Veracode@3
  displayName: 'Upload dist to Veracode'
  inputs:
    ConnectionDetailsSelection: 'Service Connection'
    AnalysisService: 'Vera***'
    veracodeAppProfile: 'K2 Mobile Component Media'
    version: '$(Build.BuildNumber)'
    filepath: '$(Build.SourcesDirectory)/$(pluginDir)/dist'
    maximumWaitTime: '360'
  condition: ne(variables['Build.Reason'], 'PullRequest')


- task: Npm@1
  inputs:
    command: 'publish'
    workingDir: '$(pluginDir)'
    publishRegistry: 'useFeed'
    publishFeed: '694ea4fc-*************'

- task: UniversalPackages@0
  inputs:
    command: 'publish'
    publishDirectory: '$(Build.SourcesDirectory)/$(docsDir)'
    feedsToUsePublish: 'internal'
    vstsFeedPublish: '694ea4fc-*************'
    vstsFeedPackagePublish: '$(docsDir)'
    versionOption: 'patch'

I am getting below response

Accessing Service Connection
Getting Service Connection URL
Getting Auth Service Connection
Auth Scheme :Token
filepath: /Users/runner/work/1/s/k2-mobile-component-media-plugin/dist
veracodeAppProfile: K2 Mobile Component Media
createProfile: false
failBuildIfUploadAndScanBuildStepFails: false
failBuildOnPolicyFail: false
importResults: false
version: 20240806.4
sandboxName: undefined
createSandBox: false
MaximumWaitTime: 360
Autoscan: true
isDebugEnabled: false
Autoscan: true
/Users/runner/hostedtoolcache/Java_Temurin-Hotspot_jdk/17.0.12-7/x64/Contents/Home/bin/java -version
openjdk version "17.0.12" 2024-07-16
OpenJDK Runtime Environment Temurin-17.0.12+7 (build 17.0.12+7)
OpenJDK 64-Bit Server VM Temurin-17.0.12+7 (build 17.0.12+7, mixed mode)
Veracode upload & scan task started
Build artifact file path is not valid
Ensure the path to the application artifact or to the folder that contains artifacts for upload is valid.
Finishing: Upload dist to Veracode

Is there a specific folder to add it in filepath to scan? Or shall I zip everything and send it to scan whole project. How to fix this?

Solution

  • According to packaging requirements, for the Ionic project, you should

    Zip the application source files and upload the ZIP file.

    You can add a ArchiveFiles@2 task to zip your source files before Veracode@3 task.

    - task: ArchiveFiles@2
  inputs:
    rootFolderOrFile: '{The folder of your source files}'
    includeRootFolder: false
    archiveType: 'zip'
    archiveFile: '$(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip'
    replaceExistingArchive: true
- task: Veracode@3
  displayName: 'Upload dist to Veracode'
  inputs:
    ConnectionDetailsSelection: 'Service Connection'
    AnalysisService: 'Vera***'
    veracodeAppProfile: 'K2 Mobile Component Media'
    version: '$(Build.BuildNumber)'
    filepath: '$(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip'
    maximumWaitTime: '360'
  condition: ne(variables['Build.Reason'], 'PullRequest')

    See more info from Package your code.