Copy only changed file to tmp folder for security check. (Azure#15326)

Co-authored-by: wyunchi-ms <[email protected]>

Author: wyunchi-ms

.gitignore

@@ -5,6 +5,10 @@ src/Stack/
 src/local-artifacts/*
 /tools/AzureRM/AzureRM.psm1
 !.placeholder
+SecurityTmp/
+tmp/
+FilesChanged.txt
+CsprojMappings.json
 
 obj
 bin

build.proj

@@ -33,6 +33,7 @@
     <Scope Condition="$(Scope) == ''">All</Scope>
     <TestFramework Condition="'$(TestFramework)' == ''">netcoreapp2.2</TestFramework>
     <IsGenerateBased Condition="'$(IsGenerateBased)' != 'true'">false</IsGenerateBased>
+    <IsSecurityCheck Condition="'$(IsSecurityCheck)' != 'true'">false</IsSecurityCheck>
 
     <!-- Flags -->
     <CodeSign Condition ="'$(CodeSign)' == ''">false</CodeSign>
@@ -119,8 +120,9 @@
       <Output TaskParameter="FilesChanged" ItemName="FilesChanged" />
     </FilesChangedTask>
 
-    <Exec Command="$(PowerShellCoreCommandPrefix) &quot;$(RepoTools)PrepareAutorestModule.ps1&quot;"  Condition="'$(IsGenerateBased)' == 'true'"/>
-    <Exec Command="$(PowerShellCoreCommandPrefix) &quot;. $(RepoTools)/CreateFilterMappings.ps1&quot;" />
+    <Exec Command="$(PowerShellCoreCommandPrefix) &quot;$(RepoTools)PrepareAutorestModule.ps1&quot;" Condition="'$(IsGenerateBased)' == 'true'"/>
+    <Exec Command="$(PowerShellCoreCommandPrefix) &quot;$(RepoTools)/CreateFilterMappings.ps1&quot;" />
+    <Exec Command="$(PowerShellCoreCommandPrefix) &quot;$(RepoTools)/PrepareForSecurityCheck.ps1&quot;" Condition="'$(IsSecurityCheck)' == 'true'"/>
 
     <CIFilterTask FilesChanged="@(FilesChanged)" TargetModule="$(TargetModule)" Mode="$(Configuration)" CsprojMapFilePath="./CsprojMappings.json">
       <Output TaskParameter="FilterTaskResult" ItemName="FilterTaskResult" />

tools/PrepareForSecurityCheck.ps1

@@ -0,0 +1,34 @@
+# ----------------------------------------------------------------------------------
+#
+# Copyright Microsoft Corporation
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------------
+
+#This script will pack build artifacts under temporary folder "artifacts/tmp" and output Az.*.nupkg to "artifacts"
+
+
+param(
+)
+$ChangedFiles = Get-Content -Path "$PSScriptRoot\..\FilesChanged.txt"
+
+$SecurityTmpFolder = "$PSScriptRoot\..\SecurityTmp"
+New-Item -ItemType Directory -Force -Path $SecurityTmpFolder
+Remove-Item -Path "$SecurityTmpFolder\*" -Recurse -Force
+
+foreach ($FilePath in $ChangedFiles)
+{
+    $ParentFolder = Split-Path -Path $FilePath -Parent
+    if (-not (Test-Path -Path "$SecurityTmpFolder\$ParentFolder"))
+    {
+        New-Item -Path "$SecurityTmpFolder\$ParentFolder" -ItemType Directory -Force
+    }
+    Copy-Item $FilePath "$SecurityTmpFolder\$FilePath"
+}