microsoftgraph · peombwa · Sep 8, 2021 · Jun 25, 2021 · Jun 25, 2021 · Jun 29, 2021
diff --git a/.azure-pipelines/common-templates/checkout.yml b/.azure-pipelines/common-templates/checkout.yml
@@ -1,6 +1,11 @@
 # Copyright (c) Microsoft Corporation. All rights reserved.
 # Licensed under the MIT License.
 
+parameters:
+  - name: TargetBranch
+    type: string
+    default: ''
+
 steps:
   - checkout: self
     clean: true
@@ -15,6 +20,18 @@ steps:
         git config --global user.email "[email protected]"
         git config --global user.name "Microsoft Graph DevX Tooling"
 
+  - task: Bash@3
+    displayName: "Switch branch to target branch: $(TargetBranch)"
+    condition: and(succeeded(), eq('${{ parameters.TargetBranch }}', ''))
+    inputs:
+      targetType: inline
+      script: |
+        git status
+        git fetch --all
+        git checkout $(TargetBranch)
+        git pull
+        git status
+
   - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
     displayName: "Run CredScan"
     inputs:

diff --git a/.azure-pipelines/common-templates/download-openapi-docs.yml b/.azure-pipelines/common-templates/download-openapi-docs.yml
@@ -18,8 +18,10 @@ jobs:
     pool: $(BuildAgent)
     steps:
       - template: ./checkout.yml
+        parameters:
+          TargetBranch: $(BaseBranch)
 
-      - template: ./install-tools.yml
+      - template: ./install-tools-template.yml
 
       - task: PowerShell@2
         name: "ComputeBranch"
@@ -36,8 +38,6 @@ jobs:
           targetType: inline
           script: |
             git status
-            git fetch --all
-            git checkout $(BaseBranch)
             git branch $(ComputeBranch.WeeklyBranch)
             git checkout $(ComputeBranch.WeeklyBranch)
             git status
@@ -110,7 +110,7 @@ jobs:
                 . "$(System.DefaultWorkingDirectory)\tools\SetServiceModuleVersion.ps1" -VersionNumber $NewModuleVersion -Modules $_
               } catch {
                 if ($_.Exception.Message -like "No match*") {
-                  Write-Warning "$_. Version will be set to $NewMetaModuleVersion."      
+                  Write-Warning "$_. Version will be set to $NewMetaModuleVersion."
                 }
               }
             }

diff --git a/.azure-pipelines/install-tools-template.yml → ...mmon-templates/install-tools-template.yml b/.azure-pipelines/install-tools-template.yml → ...mmon-templates/install-tools-template.yml
@@ -3,19 +3,19 @@
 
 steps:
     - task: UseDotNet@2
-      displayName: 'Use .NET Core SDK 2.x'
+      displayName: 'Use .NET Core SDK 2 LTS'
       inputs:
         debugMode: false
         version: 2.x
 
     - task: UseDotNet@2
-      displayName: 'Use .NET Core SDK 3.x'
+      displayName: 'Use .NET Core SDK 3 LTS'
       inputs:
         debugMode: false
         version: 3.x
 
     - task: UseDotNet@2
-      displayName: 'Use .NET Core SDK 5.x'
+      displayName: 'Use .NET Core SDK 5 Current'
       inputs:
         debugMode: false
         version: 5.x
@@ -28,12 +28,6 @@ steps:
 
     - task: NuGetAuthenticate@0
 
-    - task: PowerShell@2
-      displayName: 'Install Powershell Core'
-      inputs:
-        targetType: inline
-        script: |
-          dotnet tool update --global PowerShell
 
     - task: PowerShell@2
       displayName: 'Version Check'
@@ -76,4 +70,4 @@ steps:
           Register-PSRepository -Name 'LocalNugetFeed' -SourceLocation $nugetFeed -PublishLocation $nugetFeed -InstallationPolicy Trusted -Credential $credsAzureDevopsServices -PackageManagementProvider 'Nuget' -ErrorAction Continue
           Get-PSRepository
           Find-Module -Name Microsoft.Graph.Authentication -AllowPrerelease -Credential $credsAzureDevopsServices -AllVersions -Repository 'LocalNugetFeed'
-          Find-Module -Name Microsoft.Graph.Authentication -AllowPrerelease -Repository 'LocalNugetFeed'
+          Find-Module -Name Microsoft.Graph.Authentication -AllowPrerelease -Repository 'LocalNugetFeed'
diff --git a/.azure-pipelines/common-templates/install-tools.yml b/.azure-pipelines/common-templates/install-tools.yml
diff --git a/.azure-pipelines/common-templates/security-postchecks-template.yml b/.azure-pipelines/common-templates/security-postchecks-template.yml
@@ -0,0 +1,55 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+steps:
+- task: CodesignValidation@0
+
+- task: CodeIntegrity@0
+
+- task: SdtReport@1
+  displayName: "Security Analysis Report"
+  continueOnError: true
+  condition: succeededOrFailed()
+  inputs:
+    AllTools: false
+    APIScan: false
+    BinSkim: false
+    BinSkimBreakOn: 'WarningAbove'
+    CodesignValidation: true
+    CodesignValidationBreakOn: 'WarningAbove'
+    CredScan: true
+    FortifySCA: false
+    FxCop: false
+    ModernCop: false
+    MSRD: false
+    PoliCheck: true
+    PoliCheckBreakOn: 'Severity1'
+    RoslynAnalyzers: true
+    RoslynAnalyzersBreakOn: 'WarningAbove'
+    SDLNativeRules: false
+    Semmle: false
+    TSLint: false
+    TSLintBreakOn: 'WarningAbove'
+    ToolLogsNotFoundAction: 'Standard'
+
+- task: PublishSecurityAnalysisLogs@3
+  displayName: 'Publish Security Analysis Logs'
+  inputs:
+    ArtifactName: 'CodeAnalysisLogs'
+    ArtifactType: 'Container'
+    AllTools: false
+    AntiMalware: false
+    APIScan: false
+    BinSkim: false
+    CodesignValidation: true
+    CredScan: true
+    FortifySCA: false
+    FxCop: false
+    ModernCop: true
+    MSRD: false
+    PoliCheck: true
+    RoslynAnalyzers: true
+    SDLNativeRules: false
+    Semmle: false
+    TSLint: false
+    WebScout: false
+    ToolLogsNotFoundAction: 'Standard'
diff --git a/.azure-pipelines/common-templates/security-prechecks-template.yml b/.azure-pipelines/common-templates/security-prechecks-template.yml
@@ -0,0 +1,21 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+steps:
+- task: CredScan@2
+  displayName: 'Run CredScan'
+  inputs:
+    debugMode: false
+    batchSize: 20
+    toolMajorVersion: 'V2'
+    searchersFileType: 'Skype'
+
+- task: PoliCheck@1
+  displayName: 'Run PoliCheck'
+  condition: and(succeeded(), eq(eq(variables['Build.SourceBranch'], 'refs/heads/master'), false))
+  inputs:
+    targetType: F
+    SOMEnabled: true
+    optionsFC: 0
+    optionsXS: 0
+    optionsHMENABLE: 0
+    continueOnError: true
diff --git a/.azure-pipelines/generate-auth-module-template.yml b/.azure-pipelines/generate-auth-module-template.yml
@@ -35,15 +35,15 @@ jobs:
   displayName: Microsoft Graph PowerShell SDK Auth Module Generation
 
   steps:
-  - template: ./install-tools-template.yml
+  - template: ./common-templates/install-tools-template.yml
 
   - task: AzureKeyVault@1
     inputs:
      azureSubscription: $(AZURESUBSCRIPTION)
      KeyVaultName: $(KEYVAULT)
      SecretsFilter: '*'
      RunAsPreJob: true
-    
+
   - task: PowerShell@2
     displayName: 'Install Test Certificate'
     inputs:
@@ -64,7 +64,7 @@ jobs:
       pwsh: true
       script: |
         Write-Host $(BUILDNUMBER)
-        pwsh $(System.DefaultWorkingDirectory)/tools/GenerateAuthenticationModule.ps1 -ArtifactsLocation $(Build.ArtifactStagingDirectory) -Build -ModulePreviewNumber $(BUILDNUMBER) -Test
+        . $(System.DefaultWorkingDirectory)/tools/GenerateAuthenticationModule.ps1 -ArtifactsLocation $(Build.ArtifactStagingDirectory) -Build -ModulePreviewNumber $(BUILDNUMBER) -Test
 
   - task: DotNetCoreCLI@2
     displayName: 'Run: Enabled Tests'
@@ -94,7 +94,7 @@ jobs:
       pwsh: true
       script: |
         Write-Host $(BUILDNUMBER)
-        pwsh $(System.DefaultWorkingDirectory)/tools/GenerateAuthenticationModule.ps1 -ArtifactsLocation $(Build.ArtifactStagingDirectory) -Build -EnableSigning -ModulePreviewNumber $(BUILDNUMBER) -RepositoryName "LocalNugetFeed"
+        . $(System.DefaultWorkingDirectory)/tools/GenerateAuthenticationModule.ps1 -ArtifactsLocation $(Build.ArtifactStagingDirectory) -Build -EnableSigning -ModulePreviewNumber $(BUILDNUMBER) -RepositoryName "LocalNugetFeed"
 
   - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
     displayName: 'ESRP DLL Strong Name (Graph Auth Module)'
@@ -123,7 +123,7 @@ jobs:
            }
        ]
       SessionTimeout: 20
-  
+
   - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
     displayName: 'ESRP DLL CodeSigning (Graph Auth Module)'
     enabled: true
@@ -172,15 +172,15 @@ jobs:
            }
        ]
       SessionTimeout: 20
-  
+
   - task: PowerShell@2
     displayName: 'Pack Auth Module'
     inputs:
       targetType: 'inline'
       pwsh: true
       script: |
-        pwsh $(System.DefaultWorkingDirectory)/tools/PackModule.ps1 -Module $(AUTH_MODULE_NAME) -ArtifactsLocation $(Build.ArtifactStagingDirectory)
-  
+        . $(System.DefaultWorkingDirectory)/tools/PackModule.ps1 -Module $(AUTH_MODULE_NAME) -ArtifactsLocation $(Build.ArtifactStagingDirectory)
+
   - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
     displayName: 'ESRP NuGet CodeSigning'
     enabled: true
@@ -215,7 +215,7 @@ jobs:
       packagesToPush: '$(Build.ArtifactStagingDirectory)\$(AUTH_MODULE_NAME)\Microsoft.Graph.$(AUTH_MODULE_NAME)*.nupkg'
       publishVstsFeed: '0985d294-5762-4bc2-a565-161ef349ca3e/edc337b9-e5ea-49dd-a2cb-e8d66668ca57'
       allowPackageConflicts: true
-    
+
   - task: PublishTestResults@2
     inputs:
       testResultsFormat: 'NUnit'