Split TPN manifest and Component Governance manifest#26891
Merged
TravisEz13 merged 3 commits intoPowerShell:masterfrom Feb 25, 2026
Merged
Split TPN manifest and Component Governance manifest#26891TravisEz13 merged 3 commits intoPowerShell:masterfrom
TravisEz13 merged 3 commits intoPowerShell:masterfrom
Conversation
Add Find-LastHarvestedVersion function and cache management for ClearlyDefined data - Introduced Find-LastHarvestedVersion.ps1 to find the last harvested version of a NuGet package. - Enhanced ClearlyDefined.psm1 with cache persistence functions: Save-ClearlyDefinedCache and Import-ClearlyDefinedCache. - Updated Get-ClearlyDefinedData to utilize cache for improved performance and added cache expiration logic based on harvest status. - Modified findMissingNotices.ps1 to include a new -ForceHarvestedOnly switch for filtering harvested packages. - Adjusted packaging.psm1 to correct paths for cgmanifest.json and ensure compatibility with new directory structure.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR splits the repository’s Component Governance manifest into separate “main” and “TPN” manifests and updates compliance tooling to use the new locations, alongside enhancements to the ClearlyDefined helper module for cache persistence and package-version discovery.
Changes:
- Introduces
tools/cgmanifest/main/cgmanifest.jsonandtools/cgmanifest/tpn/cgmanifest.json, updating scripts/pipelines to reference these new paths. - Extends the ClearlyDefined PowerShell module with cache import/export and version search helpers, and updates caching behavior in
Get-ClearlyDefinedData. - Adds
Find-LastHarvestedVersion.ps1and extendsfindMissingNotices.ps1with a-ForceHarvestedOnlymode to produce a harvested-only TPN manifest.
Reviewed changes
Copilot reviewed 11 out of 12 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/packaging/packaging.psm1 | Updates CG manifest path used during global tool packaging to point at tools/cgmanifest/main/cgmanifest.json. |
| tools/findMissingNotices.ps1 | Updates manifest path, adds -ForceHarvestedOnly, and adds logic to write/update the TPN manifest. |
| tools/clearlyDefined/src/ClearlyDefined/ClearlyDefined.psm1 | Adds cache persistence helpers, search/version helpers, and revises cache TTL behavior in Get-ClearlyDefinedData. |
| tools/clearlyDefined/Find-LastHarvestedVersion.ps1 | New helper to locate most recent harvested NuGet package version (ClearlyDefined-first, NuGet fallback). |
| tools/clearlyDefined/ClearlyDefined.ps1 | Updates manifest path consumed by the ClearlyDefined harvesting/verification script. |
| tools/cgmanifest/main/cgmanifest.json | New “main” manifest file location. |
| tools/cgmanifest/tpn/cgmanifest.json | New “TPN” manifest file location (intended for notice/component detection workflows). |
| .vsts-ci/windows-arm64.yml | Updates PR path filters to watch tools/cgmanifest/* instead of a single file. |
| .vsts-ci/psresourceget-acr.yml | Updates PR path filters to watch tools/cgmanifest/*. |
| .vsts-ci/mac.yml | Updates PR path filters to watch tools/cgmanifest/*. |
| .vsts-ci/linux-internal.yml | Updates PR path filters to watch tools/cgmanifest/*. |
| .pipelines/templates/compliance/generateNotice.yml | Points component detection scanning to tools/cgmanifest/tpn for notice generation. |
adityapatwardhan
approved these changes
Feb 25, 2026
Co-authored-by: Copilot <[email protected]>
adityapatwardhan
approved these changes
Feb 25, 2026
TravisEz13
added
the
CL-BuildPackaging
jshigetomi
pushed a commit
to jshigetomi/PowerShell
that referenced
this pull request
Mar 9, 2026
Co-authored-by: Copilot <[email protected]>
9 tasks
jshigetomi
added a commit
that referenced
this pull request
Mar 9, 2026
…26891) (#26955) Co-authored-by: Travis Plunk <[email protected]> Co-authored-by: Copilot <[email protected]>
jshigetomi
added a commit
to jshigetomi/PowerShell
that referenced
this pull request
Mar 9, 2026
…owerShell#26891) (PowerShell#26955) Co-authored-by: Travis Plunk <[email protected]> Co-authored-by: Copilot <[email protected]>
jshigetomi
added a commit
that referenced
this pull request
Mar 9, 2026
…26891) (#26961) Co-authored-by: Travis Plunk <[email protected]> Co-authored-by: Copilot <[email protected]>
adityapatwardhan
pushed a commit
to adityapatwardhan/PowerShell
that referenced
this pull request
Mar 9, 2026
Co-authored-by: Copilot <[email protected]>
9 tasks
9 tasks
daxian-dbw
pushed a commit
to daxian-dbw/PowerShell
that referenced
this pull request
Mar 10, 2026
Co-authored-by: Copilot <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Summary
This pull request introduces several improvements to the ClearlyDefined compliance tooling, focusing on enhanced cache management, improved package version handling, and updates to manifest file paths. The most significant changes include new cache persistence functions, a new script for finding the last harvested NuGet package version, and updates to how cgmanifest files are referenced across build and CI scripts.
ClearlyDefined cache and package version improvements:
Save-ClearlyDefinedCache,Import-ClearlyDefinedCache,Test-ClearlyDefinedCachePersistenceAllowed,Get-ClearlyDefinedCachePath) toClearlyDefined.psm1, allowing cache import/export except in CI environments. [1] [2]Get-ClearlyDefinedDatato use different expiration times for harvested and non-harvested results, improving efficiency and accuracy. [1] [2]Search-ClearlyDefinedandGet-ClearlyDefinedPackageVersionsfunctions to enable querying ClearlyDefined for available package versions and their harvest status. [1] [2]New script and manifest path updates:
Find-LastHarvestedVersion.ps1to locate the most recent harvested NuGet package version, supporting fallback to NuGet search if ClearlyDefined API is unavailable.cgmanifest.jsonthroughout scripts and pipelines to use the new pathtools/cgmanifest/main/cgmanifest.jsonortools/cgmanifest/*, improving organization and consistency. [1] [2] [3] [4] [5] [6] [7]These changes collectively enhance the reliability and maintainability of the compliance tooling, especially in CI environments and when handling package version harvesting.
PR Context
PR Checklist
.h,.cpp,.cs,.ps1and.psm1files have the correct copyright header