Use 1ES task to generate SBOM (#7291)

zivkan · web-flow · commit ffd4cc18f9b8 · 2026-04-18T08:26:15.000+09:30
diff --git a/eng/pipelines/templates/Build.yml b/eng/pipelines/templates/Build.yml
@@ -152,12 +152,22 @@ steps:
       configuration: "$(BuildConfiguration)"
       msbuildArguments: "/restore:false /target:BuildVSIX /property:BuildRTM=$(BuildRTM) /property:ExcludeTestProjects=$(BuildRTM) /property:IsCIBuild=true /binarylogger:$(Build.StagingDirectory)\\binlog\\13.PackVSIX.binlog"
     condition: "and(succeeded(),eq(variables['BuildRTM'], 'false'))"
+
   - ${{ if not(parameters.BuildRTM)}}:
-      - template: /eng/common/templates-official/steps/generate-sbom.yml@self
-        parameters:
+      - task: PowerShell@1
+        displayName: "Prepare for SBOM generation"
+        inputs:
+          scriptType: "inlineScript"
+          inlineScript: |
+            mkdir $(Build.ArtifactStagingDirectory)/sbom
+
+      - task: ManifestGeneratorTask@0
+        displayName: 'Generate SBOM'
+        inputs:
+          BuildDropPath: '$(System.DefaultWorkingDirectory)/artifacts'
+          ManifestDirPath: '$(Build.ArtifactStagingDirectory)/sbom'
           PackageName: "NuGet.Client"
           PackageVersion: "$(SemanticVersion)"
-          publishArtifacts: false
 
   - task: MSBuild@1
     displayName: "Generate Build Tools package"
diff --git a/eng/pipelines/vs-test/build.yml b/eng/pipelines/vs-test/build.yml
@@ -113,8 +113,18 @@ steps:
       configuration: "$(BuildConfiguration)"
       msbuildArguments: "/restore:false /target:BuildVSIX /property:ExcludeTestProjects=false /property:IsCIBuild=true /binarylogger:$(Build.StagingDirectory)\\binlog\\07.PackVSIX.binlog"
 
-  - template: /eng/common/templates/steps/generate-sbom.yml@self
-    parameters:
+  - task: PowerShell@1
+    displayName: "Prepare for SBOM generation"
+    inputs:
+      scriptType: "inlineScript"
+      inlineScript: |
+        mkdir $(Build.ArtifactStagingDirectory)/sbom
+
+  - task: ManifestGeneratorTask@0
+    displayName: 'Generate SBOM'
+    inputs:
+      BuildDropPath: '$(System.DefaultWorkingDirectory)/artifacts'
+      ManifestDirPath: '$(Build.ArtifactStagingDirectory)/sbom'
       PackageName: "NuGet.Client"
       PackageVersion: "$(NuGetVersion)"
 
diff --git a/setup/Microsoft.VisualStudio.NuGet.BuildTools/Microsoft.VisualStudio.NuGet.BuildTools.vsmanproj b/setup/Microsoft.VisualStudio.NuGet.BuildTools/Microsoft.VisualStudio.NuGet.BuildTools.vsmanproj
@@ -9,7 +9,7 @@
     <TargetName>$(MSBuildProjectName)</TargetName>
     <OutputPath>$(VsixPublishDestination)</OutputPath>
     <TargetFrameworkVersion>v4.7.2</TargetFrameworkVersion>
-    <SBOMFileLocation>$(ManifestDirPath)\$(ARTIFACT_NAME)\_manifest\spdx_2.2\manifest.spdx.json</SBOMFileLocation>
+    <SBOMFileLocation>$(ManifestDirPath)\_manifest\spdx_2.2\manifest.spdx.json</SBOMFileLocation>
   </PropertyGroup>
 
   <PropertyGroup Condition=" '$(IsVsixBuild)' == 'true' ">
diff --git a/setup/Microsoft.VisualStudio.NuGet.Core/Microsoft.VisualStudio.NuGet.Core.vsmanproj b/setup/Microsoft.VisualStudio.NuGet.Core/Microsoft.VisualStudio.NuGet.Core.vsmanproj
@@ -9,7 +9,7 @@
     <TargetName>$(MSBuildProjectName)</TargetName>
     <OutputPath>$(VsixPublishDestination)</OutputPath>
     <TargetFrameworkVersion>v4.7.2</TargetFrameworkVersion>
-    <SBOMFileLocation>$(ManifestDirPath)\$(ARTIFACT_NAME)\_manifest\spdx_2.2\manifest.spdx.json</SBOMFileLocation>
+    <SBOMFileLocation>$(ManifestDirPath)\_manifest\spdx_2.2\manifest.spdx.json</SBOMFileLocation>
   </PropertyGroup>
 
   <ItemGroup>
