New Maintainer(s) Needed

[ejohn20]

Please let us know if you'd like to take over the primary maintenance of this extension. We can work with you to migrate the deployment pipelines over to your AZDO org and get you access to publish new extensions.

[pippolino]

Please let us know if you'd like to take over the primary maintenance of this extension. We can work with you to migrate the deployment pipelines over to your AZDO org and get you access to publish new extensions.

Ciao, we are available for main maintenance of the extension.

[ejohn20]

@jeremylong are you good with me adding @pippolino as a maintainer on the repo?

[tlogik]

@ejohn20 I would like to co-maintain this repo. Optimally i will do this as part of an organisation i work for since we are using this extension very much.

[jeremylong]

@ejohn20 sorry - missed this. I'm fine with anyone that wants to help out on this. I do not use nor have time to assist with this integration.

[ejohn20]

@pippolino @tlogik - I've added you both to the repo as maintainers. One (or both) of you will need to create your own Azure DevOps project for building and deploying the extension. Then, I think we just need to...

• [x] Transition the Azure DevOps extension deployment pipeline over to an organization that you control. This PR had a lot of great work in it, including the transition over to pipeline YAML that you can pull from: https://github.com/dependency-check/azuredevops/pull/93
• [x] Provide me with you microsoft account for logging into the marketplace so you can actually publish new versions of the extension. You can add that here, or email me at ejohnson [at] pumasecurity [dot] io

[Saturate]

@ejohn20 I wouldn't mind joining along side @tlogik - representing the same org, and my own :)

[tlogik]

hi @ejohn20 Thanks for allowing me&us to become maintainers.

Adressing the Microsoft account: brunsviger [at] hotmail [dot] com

In relation to the transfer of org. We are currently using this extension for all our pipelines so i think I will try and see if we can (in my org) create a devops org aimed at open source work. Ill get back asap on that.

For the current setup i would ofc. very much like to approve PR 145 so we can support local cache analysis withut OOM exceptions.

And one final thing. @Saturate (colleaque of mine) is already heavily invested in OWASP community and would very much like to become a maintainer as well. He has requested this - i hope you will allow him to join as well - he would be a big asset.

[ejohn20]

@Saturate - added you as a maintainer.

@tlogik - can you confirm that you can sign into this URL: https://marketplace.visualstudio.com/manage with the email address you provided above? The marketplace is giving me an invalid domain error. Can you sign in and grab the user id from the top nav bar (https://learn.microsoft.com/en-us/visualstudio/extensibility/walkthrough-publishing-a-visual-studio-extension?view=vs-2022#troubleshoot-adding-a-user-to-the-publisher-account). I think I can add you by user id as well.

@tlogik - Merged and deployed https://github.com/dependency-check/azuredevops/pull/145. I'll plan on letting you all take it from here for further updates and releases 🙏

[pippolino]

Thank you @ejohn20 for this opportunity.

For my part, I have no problem putting the pipeline on my organization. So I'm available. @tlogik don't worry about this.

I'll send you an email for the Microsoft account.

Also on my side, my colleague @alxmancini could lend a hand. Can you be a maintainer with us?

For the rest we coordinate together with @tlogik.

Regards

[ejohn20]

@alxmancini - has also been invited to join the repo. I think that covers everyone. Please let me know if I missed anyone.

[tlogik]

@ejohn20 :-)

@tlogik - can you confirm that you can sign into this URL: https://marketplace.visualstudio.com/manage with the email address you provided above? The marketplace is giving me an invalid domain error. Can you sign in and grab the user id from the top nav bar (https://learn.microsoft.com/en-us/visualstudio/extensibility/walkthrough-publishing-a-visual-studio-extension?view=vs-2022#troubleshoot-adding-a-user-to-the-publisher-account). I think I can add you by user id as well.

I am not able to login with the provided email. It redirects straight to a createpublisher page. https://marketplace.visualstudio.com/manage/createpublisher?managePageRedirect=true

I will do a bit of digging here to determine what might be the cause of that.

@tlogik - Merged and deployed #145. I'll plan on letting you all take it from here for further updates and releases 🙏

That sounds great. Just for brevity - what will be your role going forward - after we are all successfully onboarded? :-)

[pippolino]

Ciao @ejohn20 and @tlogik

I'm working on the yaml pipeline for automatic builds.

I'd like to use Milestones to prevent each new commit on the main branch from starting the pipeline and creating a new release.

Do you agree too?

If you send me privately the references of your organization to set the shareWith parameter of the PublishAzureDevOpsExtension@4 task, I will add it in a variableGroup used by the pipeline so as not to have declared them in the yaml file. (this is for dev builds only)

I'm taking inspiration not only from the #93 suggested by @ejohn20, but also from the azure-devops-extension-tasks repository.

P.S. I still can't access the marketplace.

[pippolino]

Ciao @ejohn20 and @tlogik,

regarding what was said previously, if we agree, I propose to proceed using GitHub flow, in order to have the branch features aligned with the milestone and once completed, we can proceed with the merge into main which will trigger the automatic build. We must therefore be careful during PR time to perform merges only on feature branches.

I await your feedback.

[ejohn20]

P.S. I still can't access the marketplace.

@pippolino has been added as a contributor to the Dependency Check Azure DevOps marketplace publisher. Should be all set there.

Just for brevity - what will be your role going forward - after we are all successfully onboarded? :-)

I'm around if needed, but I'm planning on taking a step back and letting you all manage the extension going forward. Branch protections are on main, so you'll have to coordinate PR reviews and merges. But, you should have all the access you need to proceed without my involvement. 🙏

[Saturate]

@pippolino Sounds like a plan with milestones, and tagging of the main branch to avoid making too many releases :) I agree here. Let me know if you need help with the azure pipeline.

I've got some initial plans, that I want to hear from all of you about as well. My first one is taking some steps in making it easier to contribute, I'm thinking setting up some linting and adding a prettier config.

I don't know how good the integration is between GitHub and azure pipelines, but if it's not working correctly or as I am thinking - I can setup some GitHub actions to make sure all PR's are building with TypeScript ect. Would be cool if the release could be done with this as well, but I'm thinking this is not for now.

But maybe let's talk about that in the PR's that I will make :)

[Saturate]

With the new release on 1/12 we are behind on the release here on GitHub. I've created a draft release, please take a look at that new co-maintainers :)

[pippolino]

Ciao,

I'm setting up the build pipeline. I think of using the following triggers, so it would be necessary for the branch names to be in the format [0-9]+.[0-9]+.[0-9]+ (for /feature/ and /hotfix/) . Is this okay for you?

trigger:
  batch: true
  branches:
    include:
      - refs/heads/feature/*
      - refs/heads/hotfix/*
      - refs/tags/*

When a release is created (and relative tag), starts the compilation for Production, generate a new version on Marketplace and upload the extension asset to release on GitHub.

[Saturate]

@pippolino Sounds perfect!

[ejohn20]

Updated CodeOwners file with new approvers. I think this is good to go. Feel free to ping me if you need anything else.

[pablosguajardo]

If you need help with the compilation and publishing of the extension, I can help you. I made and use this extension to publish in MS marketplace: https://marketplace.visualstudio.com/items?itemName=solucionespsg.GenerateAndPublishVsixToMarketplace And this extension to version automatically: https://marketplace.visualstudio.com/items?itemName=solucionespsg.UpdateVersionVariablesAndPackage I made both of them.

I also made this extension that complements the use of Owasp ZAP on Windows: https://marketplace.visualstudio.com/items?itemName=solucionespsg.OwaspZapOnPremiseStartStop

[pippolino]

Thanks for the message. We have the pipeline ready but we just need to fix the version number issue for prerelease environments.

[Saturate]

Thanks for the message. We have the pipeline ready but we just need to fix the version number issue for prerelease environments.

Let me know if you need help with anything :)

[pablosguajardo]

Thanks for the message. We have the pipeline ready but we just need to fix the version number issue for prerelease environments.

With this extension you can do it: https://marketplace.visualstudio.com/items?itemName=solucionespsg.UpdateVersionVariablesAndPackage

An example of how to automate the upload of an app automatically to the marketplace after a commit:

If you have to do an npm install and a run buid:

in yaml:

'# 'Allow scripts to access the OAuth token' was selected in pipeline. Add the following YAML to any steps requiring access: '# env: '# MY_ACCESS_TOKEN: $(System.AccessToken) '# Variable 'Major' was defined in the Variables tab '# Variable 'Minor' was defined in the Variables tab '# Variable 'Patch' was defined in the Variables tab '# Variable 'VersionTag' was defined in the Variables tab '# Variable Group 'Seguridad' was defined in the Variables tab trigger: branches: include: '- refs/heads/main resources: repositories: '- repository: self type: git ref: refs/heads/main jobs: '- job: Job_1 displayName: Agent job 1 pool: vmImage: windows-2019 steps: '- checkout: self fetchDepth: 1 persistCredentials: True '- task: solucionespsg.UpdateVersionVariablesAndPackage.psg.UpdateVersionVariablesAndPackage.UpdateVersionVariablesAndPackage@0 displayName: Update Version Variables And Package '- task: qetza.replacetokens.replacetokens-task.replacetokens@5 displayName: Replace tokens in */.json inputs: targetFiles: '*/.json' tokenPattern: octopus tokenPrefix: '"' tokenSuffix: '": "0.0.1"' '- task: Npm@1 displayName: npm install inputs: verbose: false '- task: Npm@1 displayName: npm run build inputs: command: custom verbose: false customCommand: run build '- task: solucionespsg.GenerateAndPublishVsixToMarketplace.psg.GenerateAndPublishVsixToMarketplace.GenerateAndPublishVsixToMarketplace@0 displayName: Generate and publish vsix to Marketplace inputs: TypeScriptCompile: No '- task: PublishBuildArtifacts@1 displayName: 'Publish Artifact: vsxi' inputs: ArtifactName: vsxi ...

Here are the published extensions: