Skip to content

Przepeck/windows ci sdl #3680

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 89 commits into
base: main
Choose a base branch
from
Open

Przepeck/windows ci sdl #3680

wants to merge 89 commits into from
+369 −3

Conversation

przepeck
Copy link
Collaborator

@przepeck przepeck commented Oct 2, 2025
edited
Loading

🛠 Summary

CVS-173873 and CVS-173257
Automation of windows files signing and BDBA scans.

Pipeline link: https://ci.iotg.sclab.intel.com/job/ovmsc/job/windows/job/Windows_SDL/

🧪 Checklist

  • Unit tests added.
  • The documentation updated.
  • Change follows security best practices.
    ``

przepeck added 30 commits October 2, 2025 08:47
@przepeck
added sign and bdba drafts to the windows ci pipeline
dbcff80
@przepeck
updating signing files
16451bc
@przepeck
excluded from sdl check new .bat files
806d161
@przepeck
refactoring to create separate pipe for SDL
ce76f48
@przepeck
fixed stage structure
e55f2ef
@przepeck
moved git pulls to use user credentials
3d49841
@przepeck
changed links to testing fork and valid raw content
7d671bd
@przepeck
fit to new credentials
619bb22
@przepeck
changed curl to cloning repo to use credentials
876c2d1
@przepeck
added cleanup, using local signfile
d2f39a2
@przepeck
minor fixes, adding python option to siginig script
ba7123e
@przepeck
corrected paths
a2c3ab0
@przepeck
added debug steps
6d4b189
@przepeck
corrected parameters
1f1b5c9
@przepeck
commented build stage to speed up testing and debugging
7d954d7
@przepeck
testing correct credentials
d298fd2
@przepeck
corrected path to bdba scans
7349653
@przepeck
corrected path to bdba scans
62e754f
@przepeck
corrected path to bdba scans v2
af61db8
@przepeck
corrected path to bdba scans v3
8385fc4
@przepeck
changes in filenames and cleaning temporal files
7079755
@przepeck
changes in filenames and cleaning temporal files v2
fe55f01
@przepeck
changes in filenames and cleaning temporal files v3
19ceae2
@przepeck
minor changes in errors and added signtool to PATH
0a91e06
@przepeck
corrected path for signing script
7e5e2ba
@przepeck
corrected path for signing script v2
df30d1f
@przepeck
fixed error raising after sdl actions
8af3f83
@przepeck
changed incorrect file in macro
740f060
@przepeck
removed redundant exit condition
5b5e779
@przepeck
removed redundant exit conditions v2
543a682
@przepeck przepeck requested a review from dtrawins October 2, 2025 11:25
Copilot
Copilot AI reviewed Oct 2, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements automation for Windows file signing and BDBA (BlackDuck Binary Analysis) scans for the CI pipeline. The changes support SDL (Security Development Lifecycle) requirements by adding automated security scanning and code signing capabilities to the Windows build process.

  • Adds Windows-specific batch scripts for code signing and BDBA scanning
  • Integrates signing and BDBA scan stages into the Jenkins pipeline
  • Creates a new dedicated pipeline for build, test, and SDL operations

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
ci/windows_sign.bat Batch script to automate Windows code signing process
ci/windows_bdba.bat Batch script to run BDBA security scans on Windows artifacts
ci/loadWin.groovy Extended with signing, BDBA scan, and cleanup functions
ci/lib_search.py Updated exclusion lists to include new batch scripts
ci/build_test_release.groovy New Jenkins pipeline integrating build, test, signing, and BDBA stages

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

rasapala
rasapala reviewed Oct 2, 2025
View reviewed changes
rasapala
rasapala requested changes Oct 2, 2025
View reviewed changes
Copy link
Collaborator

@rasapala rasapala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add err check and fix spell errors as copilot suggested.

@przepeck przepeck requested a review from rasapala October 6, 2025 06:33
przepeck and others added 19 commits October 7, 2025 08:42
@przepeck
setting unstable message after finding vulnerabilities
c5251c6
@przepeck
removed comment
297857d
@przepeck
change bdba repo to use external config
20a0507
@przepeck
changed repo cloning to be independent from windows_signing
e231fa5
@przepeck
commenting build stage for debug reasons
5e037b9
@przepeck
changed repo's name
d1fa07d
@przepeck
uncommenting build and test stage
f9e312d
@dtrawins
Merge branch 'main' into przepeck/windows_ci_sdl
1852f27
@przepeck
changed cleaning script
afc88f4
@przepeck
adding pulling for repos instead of cloning, adding RELEASE TYPE
78dd649
@przepeck
archiving signed ovms package
78408c7
@przepeck
adding downloading files from package
6af3e55
@przepeck
fixed condition location
cdbad9d
@przepeck
fixed pull files stage
c03e1cc
@przepeck
fixed curl
07f8a03
@przepeck
coping signed files to archive it
e7783f7
@przepeck
fixed zipping
b605471
@przepeck
removing ovms directory if exists to enable bdba scans version overri…
c2bfe55 
…ding
@przepeck
changed order of the stages to enable bdba scans version override
66ac7ad
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dtrawins dtrawins Awaiting requested review from dtrawins

@rasapala rasapala Awaiting requested review from rasapala

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@przepeck @rasapala @dtrawins