UVAtlas/build/UVAtlas-SDL.yml

# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#
# http://go.microsoft.com/fwlink/?LinkID=512686

# Runs various SDL recommended tools on the code.

schedules:
- cron: "0 3 * * 0,3,5"
  displayName: 'Three times a week'
  branches:
    include:
    - main

trigger: none
pr: none

resources:
  repositories:
  - repository: self
    type: git
    ref: refs/heads/main

name: $(Year:yyyy).$(Month).$(DayOfMonth)$(Rev:.r)

variables:
  VS_GENERATOR: 'Visual Studio 17 2022'
  VCPKG_CMAKE_DIR: '$(VCPKG_ROOT)/scripts/buildsystems/vcpkg.cmake'
  GITHUB_PAT: $(GITHUBPUBLICTOKEN)
  URL_FEED: $(ADOFeedURL)
  Codeql.Language: cpp
  Codeql.ExcludePathPatterns: vcpkg
  skipNugetSecurityAnalysis: true # We explicitly call this task so we don't need it to be auto-injected

pool:
  vmImage: windows-2022

jobs:
- job: SDL_BUILD
  displayName: 'Build using required SDL tools'
  workspace:
    clean: all
  steps:
  - checkout: self
    clean: true
    fetchTags: false
  - task: NuGetCommand@2
    displayName: 'NuGet set package source to ADO feed'
    inputs:
      command: custom
      arguments: sources add -Name xboxgdk -Source $(URL_FEED) -ConfigFile $(Build.SourcesDirectory)\NuGet.config
  - task: NuGetCommand@2
    displayName: 'Set nuget.config to single source'
    inputs:
      command: custom
      arguments: sources remove -Name nuget.org -ConfigFile $(Build.SourcesDirectory)\NuGet.config
  - task: nuget-security-analysis@0
    displayName: 'Secure Supply Chain Analysis'
  - task: NodeTool@0
    displayName: 'NPM install'
    inputs:
      versionSpec: 14.x
  - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
    displayName: 'Run Credential Scanner'
    inputs:
      debugMode: false
      folderSuppression: false
  - task: PoliCheck@2
    displayName: 'Run PoliCheck'
    inputs:
      result: PoliCheck.xml
      optionsPE: 1
      optionsRulesDBPath: $(Build.SourcesDirectory)/build/rule.mdb
  - task: Armory@2
    displayName: Run ARMory
  - task: CmdLine@2
    # We can use the preinstalled vcpkg instead of the latest when MS Hosted updates their vcpkg to the newer DirectX-Headers
    displayName: Fetch VCPKG
    inputs:
      script: git clone --quiet --no-tags https://%GITHUB_PAT%@github.com/microsoft/vcpkg.git
      workingDirectory: $(Build.SourcesDirectory)
  - task: CmdLine@2
    displayName: VCPKG Bootstrap
    inputs:
      script: |
        call bootstrap-vcpkg.bat

      workingDirectory: $(Build.SourcesDirectory)\vcpkg
  - task: CmdLine@2
    displayName: VCPKG install headers
    inputs:
      script: |
        call vcpkg install directxmath
        @if ERRORLEVEL 1 goto error
        call vcpkg install directx-headers
        @if ERRORLEVEL 1 goto error
        call vcpkg install directxmesh[spectre]
        @if ERRORLEVEL 1 goto error
        call vcpkg install directxtex[spectre]
        @if ERRORLEVEL 1 goto error
        :finish
        @echo --- VCPKG COMPLETE ---
        exit /b 0
        :error
        @echo --- ERROR: VCPKG FAILED ---
        exit /b 1

      workingDirectory: $(Build.SourcesDirectory)\vcpkg
  - task: CMake@1
    displayName: 'CMake (MSVC): Config x64'
    inputs:
      cwd: '$(Build.SourcesDirectory)'
      cmakeArgs: '-G "$(VS_GENERATOR)" -A x64 -B out -DENABLE_SPECTRE_MITIGATION=ON -DBUILD_TOOLS=ON -DCMAKE_TOOLCHAIN_FILE="$(VCPKG_CMAKE_DIR)"'
  - task: CodeQL3000Init@0
    inputs:
      Enabled: true
  - task: VSBuild@1
    displayName: 'Build C++ with CodeQL'
    inputs:
      solution: '$(Build.SourcesDirectory)/out/UVAtlas.sln'
      vsVersion: 17.0
      platform: x64
      configuration: Release
      msbuildArchitecture: x64
  - task: CodeQL3000Finalize@0
    condition: always()
  - task: CMake@1
    displayName: 'CMake (MSVC): Build x64 Release'
    inputs:
      cwd: '$(Build.SourcesDirectory)'
      cmakeArgs: --build out -v --config RelWithDebInfo
  - task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@4
    displayName: 'Run AntiMalware'
    inputs:
      InputType: 'Basic'
      ScanType: 'CustomScan'
      FileDirPath: $(Agent.BuildDirectory)
      EnableSERVICEs: true
      SupportLogOnError: false
      TreatSignatureUpdateFailureAs: 'Warning'
      SignatureFreshness: 'OneDay'
      TreatStaleSignatureAs: 'Error'
    condition: always()
  - task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@4
    displayName: 'Run BinSkim'
    inputs:
      AnalyzeTargetBinskim: ''
      AnalyzeTargetGlob: +:file|out\bin\**\RelWithDebInfo\*.exe
      AnalyzeVerbose: true
  - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
    displayName: 'Post Analysis'
    inputs:
      GdnBreakAllTools: true
      GdnBreakPolicy: 'Microsoft'
      GdnBreakPolicyMinSev: 'Error'
  - task: ComponentGovernanceComponentDetection@0
    displayName: Component Detection
Add SDL pipeline (#128) 2023-11-09 22:36:41 +00:00			`# Copyright (c) Microsoft Corporation.`
			`# Licensed under the MIT License.`
			`#`
			`# http://go.microsoft.com/fwlink/?LinkID=512686`

			`# Runs various SDL recommended tools on the code.`

			`schedules:`
			`- cron: "0 3 * * 0,3,5"`
			`displayName: 'Three times a week'`
			`branches:`
			`include:`
			`- main`

			`trigger: none`
			`pr: none`

			`resources:`
			`repositories:`
			`- repository: self`
			`type: git`
			`ref: refs/heads/main`

			`name: $(Year:yyyy).$(Month).$(DayOfMonth)$(Rev:.r)`

			`variables:`
			`VS_GENERATOR: 'Visual Studio 17 2022'`
			`VCPKG_CMAKE_DIR: '$(VCPKG_ROOT)/scripts/buildsystems/vcpkg.cmake'`
			`GITHUB_PAT: $(GITHUBPUBLICTOKEN)`
Fix pipeline warnings (#153) 2024-03-30 01:36:35 +00:00			`URL_FEED: $(ADOFeedURL)`
Update ADO build pipelines (#130) Includes code review feedback. 2023-11-26 20:59:08 +00:00			`Codeql.Language: cpp`
			`Codeql.ExcludePathPatterns: vcpkg`
Fix pipeline warnings (#153) 2024-03-30 01:36:35 +00:00			`skipNugetSecurityAnalysis: true # We explicitly call this task so we don't need it to be auto-injected`
Add SDL pipeline (#128) 2023-11-09 22:36:41 +00:00
			`pool:`
			`vmImage: windows-2022`

			`jobs:`
			`- job: SDL_BUILD`
			`displayName: 'Build using required SDL tools'`
Minor YAML update (#129) 2023-11-13 23:58:38 +00:00			`workspace:`
			`clean: all`
Add SDL pipeline (#128) 2023-11-09 22:36:41 +00:00			`steps:`
			`- checkout: self`
			`clean: true`
			`fetchTags: false`
Fix pipeline warnings (#153) 2024-03-30 01:36:35 +00:00			`- task: NuGetCommand@2`
			`displayName: 'NuGet set package source to ADO feed'`
			`inputs:`
			`command: custom`
			`arguments: sources add -Name xboxgdk -Source $(URL_FEED) -ConfigFile $(Build.SourcesDirectory)\NuGet.config`
Force single feed in main branch (#156) 2024-05-01 06:33:27 +00:00			`- task: NuGetCommand@2`
Fix pipeline warnings (#153) 2024-03-30 01:36:35 +00:00			`displayName: 'Set nuget.config to single source'`
			`inputs:`
Force single feed in main branch (#156) 2024-05-01 06:33:27 +00:00			`command: custom`
			`arguments: sources remove -Name nuget.org -ConfigFile $(Build.SourcesDirectory)\NuGet.config`
Fix pipeline warnings (#153) 2024-03-30 01:36:35 +00:00			`- task: nuget-security-analysis@0`
			`displayName: 'Secure Supply Chain Analysis'`
Add SDL pipeline (#128) 2023-11-09 22:36:41 +00:00			`- task: NodeTool@0`
			`displayName: 'NPM install'`
			`inputs:`
			`versionSpec: 14.x`
			`- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3`
			`displayName: 'Run Credential Scanner'`
			`inputs:`
			`debugMode: false`
			`folderSuppression: false`
			`- task: PoliCheck@2`
			`displayName: 'Run PoliCheck'`
			`inputs:`
			`result: PoliCheck.xml`
Update ADO build pipelines (#130) Includes code review feedback. 2023-11-26 20:59:08 +00:00			`optionsPE: 1`
			`optionsRulesDBPath: $(Build.SourcesDirectory)/build/rule.mdb`
Add SDL pipeline (#128) 2023-11-09 22:36:41 +00:00			`- task: Armory@2`
			`displayName: Run ARMory`
			`- task: CmdLine@2`
			`# We can use the preinstalled vcpkg instead of the latest when MS Hosted updates their vcpkg to the newer DirectX-Headers`
			`displayName: Fetch VCPKG`
			`inputs:`
Update ADO build pipelines (#130) Includes code review feedback. 2023-11-26 20:59:08 +00:00			`script: git clone --quiet --no-tags https://%GITHUB_PAT%@github.com/microsoft/vcpkg.git`
Add SDL pipeline (#128) 2023-11-09 22:36:41 +00:00			`workingDirectory: $(Build.SourcesDirectory)`
			`- task: CmdLine@2`
			`displayName: VCPKG Bootstrap`
			`inputs:`
			`script: \|`
			`call bootstrap-vcpkg.bat`

			`workingDirectory: $(Build.SourcesDirectory)\vcpkg`
			`- task: CmdLine@2`
			`displayName: VCPKG install headers`
			`inputs:`
			`script: \|`
			`call vcpkg install directxmath`
			`@if ERRORLEVEL 1 goto error`
			`call vcpkg install directx-headers`
			`@if ERRORLEVEL 1 goto error`
Fix pipeline warnings (#153) 2024-03-30 01:36:35 +00:00			`call vcpkg install directxmesh[spectre]`
Add SDL pipeline (#128) 2023-11-09 22:36:41 +00:00			`@if ERRORLEVEL 1 goto error`
Fix pipeline warnings (#153) 2024-03-30 01:36:35 +00:00			`call vcpkg install directxtex[spectre]`
Add SDL pipeline (#128) 2023-11-09 22:36:41 +00:00			`@if ERRORLEVEL 1 goto error`
			`:finish`
			`@echo --- VCPKG COMPLETE ---`
			`exit /b 0`
			`:error`
			`@echo --- ERROR: VCPKG FAILED ---`
			`exit /b 1`

			`workingDirectory: $(Build.SourcesDirectory)\vcpkg`
			`- task: CMake@1`
			`displayName: 'CMake (MSVC): Config x64'`
			`inputs:`
			`cwd: '$(Build.SourcesDirectory)'`
			`cmakeArgs: '-G "$(VS_GENERATOR)" -A x64 -B out -DENABLE_SPECTRE_MITIGATION=ON -DBUILD_TOOLS=ON -DCMAKE_TOOLCHAIN_FILE="$(VCPKG_CMAKE_DIR)"'`
Update ADO build pipelines (#130) Includes code review feedback. 2023-11-26 20:59:08 +00:00			`- task: CodeQL3000Init@0`
Add SDL pipeline (#128) 2023-11-09 22:36:41 +00:00			`inputs:`
Update ADO build pipelines (#130) Includes code review feedback. 2023-11-26 20:59:08 +00:00			`Enabled: true`
			`- task: VSBuild@1`
			`displayName: 'Build C++ with CodeQL'`
			`inputs:`
			`solution: '$(Build.SourcesDirectory)/out/UVAtlas.sln'`
			`vsVersion: 17.0`
			`platform: x64`
			`configuration: Release`
			`msbuildArchitecture: x64`
			`- task: CodeQL3000Finalize@0`
			`condition: always()`
Add SDL pipeline (#128) 2023-11-09 22:36:41 +00:00			`- task: CMake@1`
			`displayName: 'CMake (MSVC): Build x64 Release'`
			`inputs:`
			`cwd: '$(Build.SourcesDirectory)'`
			`cmakeArgs: --build out -v --config RelWithDebInfo`
			`- task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@4`
			`displayName: 'Run AntiMalware'`
			`inputs:`
			`InputType: 'Basic'`
			`ScanType: 'CustomScan'`
			`FileDirPath: $(Agent.BuildDirectory)`
			`EnableSERVICEs: true`
			`SupportLogOnError: false`
			`TreatSignatureUpdateFailureAs: 'Warning'`
			`SignatureFreshness: 'OneDay'`
			`TreatStaleSignatureAs: 'Error'`
			`condition: always()`
			`- task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@4`
			`displayName: 'Run BinSkim'`
			`inputs:`
			`AnalyzeTargetBinskim: ''`
			`AnalyzeTargetGlob: +:file\|out\bin\*\RelWithDebInfo\.exe`
			`AnalyzeVerbose: true`
			`- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2`
			`displayName: 'Post Analysis'`
			`inputs:`
			`GdnBreakAllTools: true`
			`GdnBreakPolicy: 'Microsoft'`
			`GdnBreakPolicyMinSev: 'Error'`
			`- task: ComponentGovernanceComponentDetection@0`
			`displayName: Component Detection`