Skip to content

Przepeck/windows ci sdl #3680

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 66 commits into
base: main
Choose a base branch
from
Open

Przepeck/windows ci sdl #3680

wants to merge 66 commits into from
+244 −3

Conversation

przepeck
Copy link
Collaborator

@przepeck przepeck commented Oct 2, 2025

🛠 Summary

CVS-173873 and CVS-173257
Automation of windows files signing and BDBA scans.

🧪 Checklist

  • Unit tests added.
  • The documentation updated.
  • Change follows security best practices.
    ``

przepeck added 30 commits October 2, 2025 08:47
@przepeck
added sign and bdba drafts to the windows ci pipeline
dbcff80
@przepeck
updating signing files
16451bc
@przepeck
excluded from sdl check new .bat files
806d161
@przepeck
refactoring to create separate pipe for SDL
ce76f48
@przepeck
fixed stage structure
e55f2ef
@przepeck
moved git pulls to use user credentials
3d49841
@przepeck
changed links to testing fork and valid raw content
7d671bd
@przepeck
fit to new credentials
619bb22
@przepeck
changed curl to cloning repo to use credentials
876c2d1
@przepeck
added cleanup, using local signfile
d2f39a2
@przepeck
minor fixes, adding python option to siginig script
ba7123e
@przepeck
corrected paths
a2c3ab0
@przepeck
added debug steps
6d4b189
@przepeck
corrected parameters
1f1b5c9
@przepeck
commented build stage to speed up testing and debugging
7d954d7
@przepeck
testing correct credentials
d298fd2
@przepeck
corrected path to bdba scans
7349653
@przepeck
corrected path to bdba scans
62e754f
@przepeck
corrected path to bdba scans v2
af61db8
@przepeck
corrected path to bdba scans v3
8385fc4
@przepeck
changes in filenames and cleaning temporal files
7079755
@przepeck
changes in filenames and cleaning temporal files v2
fe55f01
@przepeck
changes in filenames and cleaning temporal files v3
19ceae2
@przepeck
minor changes in errors and added signtool to PATH
0a91e06
@przepeck
corrected path for signing script
7e5e2ba
@przepeck
corrected path for signing script v2
df30d1f
@przepeck
fixed error raising after sdl actions
8af3f83
@przepeck
changed incorrect file in macro
740f060
@przepeck
removed redundant exit condition
5b5e779
@przepeck
removed redundant exit conditions v2
543a682
przepeck added 22 commits October 2, 2025 08:47
@przepeck
enable using special chars in password v8
f164b87
@przepeck
enable using special chars in password v9
cc13d86
@przepeck
enable using special chars in password v10
c9174cb
@przepeck
enable using special chars in password v11
3ddef00
@przepeck
enable using special chars in password v12
fc84ec7
@przepeck
enable using special chars in password v13 - debug
a9af04c
@przepeck
enable using special chars in password v14 - debug
fb42447
@przepeck
enable using special chars in password v15 - revert changes
7801c08
@przepeck
enabling special characters in the password for siging
e05565f
@przepeck
enabling special characters in the password for siging v2
56b0d4f
@przepeck
reverting previous changes
c47049b
@przepeck
next debug try to get valid password
344948f
@przepeck
next debug try to get valid password v2
f6e801b
@przepeck
debugging BDBA
0a5cfb1
@przepeck
using withCredentials to get user's password
53fd7d9
@przepeck
using withCredentials to get user's password v2
882f70b
@przepeck
using withCredentials to get user's password v3
1998f6d
@przepeck
uncommenting bdba for debug reasons
5723ead
@przepeck
changing path for artifacts
7d5f034
@przepeck
changing tar command to work
cff96af
@przepeck
changing tar command to work v2
01335e0
@przepeck
uncommenting build and cleanup stages
97fe9af
Copilot
Copilot AI reviewed Oct 2, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements automation for Windows file signing and BDBA (BlackDuck Binary Analysis) scans for the CI pipeline. The changes support SDL (Security Development Lifecycle) requirements by adding automated security scanning and code signing capabilities to the Windows build process.

  • Adds Windows-specific batch scripts for code signing and BDBA scanning
  • Integrates signing and BDBA scan stages into the Jenkins pipeline
  • Creates a new dedicated pipeline for build, test, and SDL operations

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
ci/windows_sign.bat Batch script to automate Windows code signing process
ci/windows_bdba.bat Batch script to run BDBA security scans on Windows artifacts
ci/loadWin.groovy Extended with signing, BDBA scan, and cleanup functions
ci/lib_search.py Updated exclusion lists to include new batch scripts
ci/build_test_release.groovy New Jenkins pipeline integrating build, test, signing, and BDBA stages

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

rasapala
rasapala reviewed Oct 2, 2025
View reviewed changes
ci/loadWin.groovy
return
}
println "Starting BDBA scan"
def statusPull = bat(returnStatus: true, script: 'git clone https://github.com/przepeck/frameworks.ai.openvino.ci.infrastructure repo_ci_infra')
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cannot be przepeck repository

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that's right, maybe lets wait for this changes to be merged

rasapala
rasapala requested changes Oct 2, 2025
View reviewed changes
Copy link
Collaborator

@rasapala rasapala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add err check and fix spell errors as copilot suggested.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@rasapala rasapala rasapala requested changes

@dtrawins dtrawins Awaiting requested review from dtrawins

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@przepeck @rasapala