[release/3.x] Fix SDL error reporting

Documentation/Policy/PowershellBestPractices.md

@@ -101,7 +101,7 @@ if ($LASTEXITCODE -ne 0) {
 }
 ```
 
-*There is a known issue when using `$LASTEXITCODE` in release builds where PowerShell will report that the variable has not been set. As a workaround, simply set `$LASTEXITCODE = 0` at the top of your script.*
+*There is a known issue when using `$LASTEXITCODE` in release builds where PowerShell will report that the variable has not been set. As a workaround, simply set `$global:LASTEXITCODE = 0` at the top of your script.*
 
 ## Set StrictMode and ErrorActionPreference at the top of every file
 

eng/common/sdl/execute-all-sdl-tools.ps1

@@ -29,7 +29,7 @@ Param(
 
 $ErrorActionPreference = "Stop"
 Set-StrictMode -Version 2.0
-$LASTEXITCODE = 0
+$global:LASTEXITCODE = 0
 
 #Replace repo names to the format of org/repo
 if (!($Repository.contains('/'))) {

eng/common/sdl/init-sdl.ps1

@@ -9,7 +9,7 @@ Param(
 
 $ErrorActionPreference = "Stop"
 Set-StrictMode -Version 2.0
-$LASTEXITCODE = 0
+$global:LASTEXITCODE = 0
 
 # `tools.ps1` checks $ci to perform some actions. Since the SDL
 # scripts don't necessarily execute in the same agent that run the

eng/common/sdl/push-gdn.ps1

@@ -8,7 +8,7 @@ Param(
 
 $ErrorActionPreference = "Stop"
 Set-StrictMode -Version 2.0
-$LASTEXITCODE = 0
+$global:LASTEXITCODE = 0
 
 # We create the temp directory where we'll store the sdl-config repository
 $sdlDir = Join-Path $env:TEMP "sdl"
@@ -36,16 +36,26 @@ git add .
 if ($LASTEXITCODE -ne 0) {
   Write-Error "Git add failed with exit code $LASTEXITCODE."
 }
-Write-Host "git -c user.email=`"[email protected]`" -c user.name=`"Dotnet Bot`" commit -m `"$PushReason for $Repository/$BranchName`""
-git -c user.email="[email protected]" -c user.name="Dotnet Bot" commit -m "$PushReason for $Repository/$BranchName"
+# check if there are any staged changes (0 = no changes, 1 = changes)
+# if we don't do this and there's nothing to commit `git commit` will return
+# exit code 1 and we will fail
+Write-Host "git diff --cached --exit-code"
+git diff --cached --exit-code
+Write-Host "git diff exit code: $LASTEXITCODE"
 if ($LASTEXITCODE -ne 0) {
-  Write-Error "Git commit failed with exit code $LASTEXITCODE."
+  Write-Host "git -c user.email=`"[email protected]`" -c user.name=`"Dotnet Bot`" commit -m `"$PushReason for $Repository/$BranchName`""
+  git -c user.email="[email protected]" -c user.name="Dotnet Bot" commit -m "$PushReason for $Repository/$BranchName"
+  if ($LASTEXITCODE -ne 0) {
+    Write-Error "Git commit failed with exit code $LASTEXITCODE."
+  }
+  Write-Host "git push"
+  git push
+  if ($LASTEXITCODE -ne 0) {
+    Write-Error "Git push failed with exit code $LASTEXITCODE."
+  }
 }
-Write-Host "git push"
-git push
-if ($LASTEXITCODE -ne 0) {
-  Write-Error "Git push failed with exit code $LASTEXITCODE."
+else {
+  Write-Host "Skipping commit and push because there is nothing to commit"
 }
-
 # Return to the original directory
 Pop-Location

eng/common/sdl/run-sdl.ps1

@@ -12,7 +12,7 @@ Param(
 
 $ErrorActionPreference = "Stop"
 Set-StrictMode -Version 2.0
-$LASTEXITCODE = 0
+$global:LASTEXITCODE = 0
 
 # We store config files in the r directory of .gdn
 Write-Host $ToolsList
@@ -21,7 +21,7 @@ $ValidPath = Test-Path $GuardianCliLocation
 
 if ($ValidPath -eq $False)
 {
-  Write-Host "Invalid Guardian CLI Location."
+  Write-Error "Invalid Guardian CLI Location."
   exit 1
 }
 
@@ -35,15 +35,15 @@ foreach ($tool in $ToolsList) {
     Write-Host "$GuardianCliLocation configure --working-directory $WorkingDirectory --tool $tool --output-path $gdnConfigFile --logger-level $GuardianLoggerLevel --noninteractive --force --args `" TargetDirectory < $TargetDirectory `" `" OutputType < pre `" $(If ($CrScanAdditionalRunConfigParams) {$CrScanAdditionalRunConfigParams})"
     & $GuardianCliLocation configure --working-directory $WorkingDirectory --tool $tool --output-path $gdnConfigFile --logger-level $GuardianLoggerLevel --noninteractive --force --args " TargetDirectory < $TargetDirectory " "OutputType < pre" $(If ($CrScanAdditionalRunConfigParams) {$CrScanAdditionalRunConfigParams})
     if ($LASTEXITCODE -ne 0) {
-      Write-Host "Guardian configure for $tool failed with exit code $LASTEXITCODE."
+      Write-Error "Guardian configure for $tool failed with exit code $LASTEXITCODE."
       exit $LASTEXITCODE
     }
   }
   if ($tool -eq "policheck") {
     Write-Host "$GuardianCliLocation configure --working-directory $WorkingDirectory --tool $tool --output-path $gdnConfigFile --logger-level $GuardianLoggerLevel --noninteractive --force --args `" Target < $TargetDirectory `" $(If ($PoliCheckAdditionalRunConfigParams) {$PoliCheckAdditionalRunConfigParams})"
     & $GuardianCliLocation configure --working-directory $WorkingDirectory --tool $tool --output-path $gdnConfigFile --logger-level $GuardianLoggerLevel --noninteractive --force --args " Target < $TargetDirectory " $(If ($PoliCheckAdditionalRunConfigParams) {$PoliCheckAdditionalRunConfigParams})
     if ($LASTEXITCODE -ne 0) {
-      Write-Host "Guardian configure for $tool failed with exit code $LASTEXITCODE."
+      Write-Error "Guardian configure for $tool failed with exit code $LASTEXITCODE."
       exit $LASTEXITCODE
     }
   }
@@ -54,6 +54,6 @@ foreach ($tool in $ToolsList) {
 Write-Host "$GuardianCliLocation run --working-directory $WorkingDirectory --baseline mainbaseline --update-baseline $UpdateBaseline --logger-level $GuardianLoggerLevel $configParam"
 & $GuardianCliLocation run --working-directory $WorkingDirectory --tool $tool --baseline mainbaseline --update-baseline $UpdateBaseline --logger-level $GuardianLoggerLevel $configParam
 if ($LASTEXITCODE -ne 0) {
-  Write-Host "Guardian run for $ToolsList using $configParam failed with exit code $LASTEXITCODE."
+  Write-Error "Guardian run for $ToolsList using $configParam failed with exit code $LASTEXITCODE."
   exit $LASTEXITCODE
 }