From 6e1aec73f9c99fccd6ecb1c5ecfcfe526ca476de Mon Sep 17 00:00:00 2001
From: Chuck Walbourn <walbourn@users.noreply.github.com>
Date: Thu, 9 Nov 2023 14:36:41 -0800
Subject: [PATCH] Add SDL pipeline (#128)

---
 build/UVAtlas-SDL.yml | 136 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 136 insertions(+)
 create mode 100644 build/UVAtlas-SDL.yml

diff --git a/build/UVAtlas-SDL.yml b/build/UVAtlas-SDL.yml
new file mode 100644
index 0000000..c9e92de
--- /dev/null
+++ b/build/UVAtlas-SDL.yml
@@ -0,0 +1,136 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+#
+# http://go.microsoft.com/fwlink/?LinkID=512686
+
+# Runs various SDL recommended tools on the code.
+
+schedules:
+- cron: "0 3 * * 0,3,5"
+  displayName: 'Three times a week'
+  branches:
+    include:
+    - main
+
+trigger: none
+pr: none
+
+resources:
+  repositories:
+  - repository: self
+    type: git
+    ref: refs/heads/main
+
+name: $(Year:yyyy).$(Month).$(DayOfMonth)$(Rev:.r)
+
+variables:
+  VS_GENERATOR: 'Visual Studio 17 2022'
+  VCPKG_CMAKE_DIR: '$(VCPKG_ROOT)/scripts/buildsystems/vcpkg.cmake'
+  GITHUB_PAT: $(GITHUBPUBLICTOKEN)
+
+pool:
+  vmImage: windows-2022
+
+jobs:
+- job: SDL_BUILD
+  displayName: 'Build using required SDL tools'
+  steps:
+  - checkout: self
+    clean: true
+    fetchTags: false
+  - task: NodeTool@0
+    displayName: 'NPM install'
+    inputs:
+      versionSpec: 14.x
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
+    displayName: 'Run Credential Scanner'
+    inputs:
+      debugMode: false
+      folderSuppression: false
+  - task: PoliCheck@2
+    displayName: 'Run PoliCheck'
+    inputs:
+      result: PoliCheck.xml
+  - task: Armory@2
+    displayName: Run ARMory
+  - task: CmdLine@2
+    # We can use the preinstalled vcpkg instead of the latest when MS Hosted updates their vcpkg to the newer DirectX-Headers
+    displayName: Fetch VCPKG
+    inputs:
+      script: git clone --quiet https://%GITHUB_PAT%@github.com/microsoft/vcpkg.git
+      workingDirectory: $(Build.SourcesDirectory)
+  - task: CmdLine@2
+    displayName: VCPKG Bootstrap
+    inputs:
+      script: |
+        call bootstrap-vcpkg.bat
+
+      workingDirectory: $(Build.SourcesDirectory)\vcpkg
+  - task: CmdLine@2
+    displayName: VCPKG install headers
+    inputs:
+      script: |
+        call vcpkg install directxmath
+        @if ERRORLEVEL 1 goto error
+        call vcpkg install directx-headers
+        @if ERRORLEVEL 1 goto error
+        call vcpkg install directxmesh
+        @if ERRORLEVEL 1 goto error
+        call vcpkg install directxtex
+        @if ERRORLEVEL 1 goto error
+        :finish
+        @echo --- VCPKG COMPLETE ---
+        exit /b 0
+        :error
+        @echo --- ERROR: VCPKG FAILED ---
+        exit /b 1
+
+      workingDirectory: $(Build.SourcesDirectory)\vcpkg
+  - task: CMake@1
+    displayName: 'CMake (MSVC): Config x64'
+    inputs:
+      cwd: '$(Build.SourcesDirectory)'
+      cmakeArgs: '-G "$(VS_GENERATOR)" -A x64 -B out -DENABLE_SPECTRE_MITIGATION=ON -DBUILD_TOOLS=ON -DCMAKE_TOOLCHAIN_FILE="$(VCPKG_CMAKE_DIR)"'
+  - task: Semmle@1
+    displayName: 'Run CodeQL (Semmle) (C++)'
+    env:
+      SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+    inputs:
+      sourceCodeDirectory: '$(Build.SourcesDirectory)'
+      language: 'cpp'
+      querySuite: 'Recommended'
+      timeout: '1800'
+      ram: '16384'
+      addProjectDirToScanningExclusionList: true
+      buildCommandsString: '"%ProgramFiles%\Microsoft Visual Studio\2022\Enterprise\Common7\Tools\VsMSBuildCmd.bat" && msbuild $(Build.SourcesDirectory)/out/UVAtlas.sln /p:Configuration=Release'
+  - task: CMake@1
+    displayName: 'CMake (MSVC): Build x64 Release'
+    inputs:
+      cwd: '$(Build.SourcesDirectory)'
+      cmakeArgs: --build out -v --config RelWithDebInfo
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@4
+    displayName: 'Run AntiMalware'
+    inputs:
+      InputType: 'Basic'
+      ScanType: 'CustomScan'
+      FileDirPath: $(Agent.BuildDirectory)
+      EnableSERVICEs: true
+      SupportLogOnError: false
+      TreatSignatureUpdateFailureAs: 'Warning'
+      SignatureFreshness: 'OneDay'
+      TreatStaleSignatureAs: 'Error'
+    condition: always()
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@4
+    displayName: 'Run BinSkim'
+    inputs:
+      AnalyzeTargetBinskim: ''
+      AnalyzeTargetGlob: +:file|out\bin\**\RelWithDebInfo\*.exe
+      AnalyzeVerbose: true
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
+    displayName: 'Post Analysis'
+    inputs:
+      GdnBreakAllTools: true
+      GdnBreakPolicy: 'Microsoft'
+      GdnBreakPolicyMinSev: 'Error'
+  - task: ComponentGovernanceComponentDetection@0
+    displayName: Component Detection