From 024ce01961b32c00dd0bfa355a6de8b6c4030bef Mon Sep 17 00:00:00 2001
From: Zhaodong Tian <v-zhtian@microsoft.com>
Date: Tue, 2 Apr 2024 05:28:20 +0000
Subject: [PATCH 1/2] Add APIScan Task

---
 azure-pipeline/azure-pipeline.yml | 35 ++++++++++---------------------
 1 file changed, 11 insertions(+), 24 deletions(-)

diff --git a/azure-pipeline/azure-pipeline.yml b/azure-pipeline/azure-pipeline.yml
index 8d26476..000f2e8 100644
--- a/azure-pipeline/azure-pipeline.yml
+++ b/azure-pipeline/azure-pipeline.yml
@@ -79,8 +79,6 @@ extends:
             clean: true
             createLogFile: true
             logFileVerbosity: detailed
-         # to delete
-          continueOnError: true
         - task: CopyFiles@2
           displayName: Stage dll's for verification
           inputs:
@@ -97,33 +95,22 @@ extends:
               Microsoft.AspNet.OutputCache..*.nupkg
               !*.symbols.nupkg
             TargetFolder: $(Build.SourcesDirectory)\verify\packages
-         # to delete
-          continueOnError: true
         - task: ms-vseng.MicroBuildShipTasks.7c429315-71ba-4cb3-94bb-f829c95f7915.MicroBuildCodesignVerify@1
           displayName: Verify Signed Binaries
           inputs:
             TargetFolder: $(Build.SourcesDirectory)\verify\dlls
-         # to delete
-          continueOnError: true
         - task: ms-vseng.MicroBuildShipTasks.7c429315-71ba-4cb3-94bb-f829c95f7915.MicroBuildCodesignVerify@1
           displayName: Verify Signed Packages
-         # to delete
-          continueOnError: true
-        - task: CmdLine@2
-          displayName: Map ConnectionString for ApiScan
+        # Following article on https://dev.azure.com/devdiv/DevDiv/_wiki/wikis/DevDiv.wiki/25351/APIScan-step-by-step-guide-to-setting-up-a-Pipeline
+        # No longer need the old format, and following guideline to use (ApiScanClientId)
+        - task: APIScan@2
+          displayName: Run APIScan
           inputs:
-            script: |
-              @echo off
-              REM Per the documentation here - https://docs.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=classic%2Cbatch#set-variables-in-scripts
-              REM
-              REM We can set/update pipeline variables using the syntax used below. That way we can use a script task to
-              REM pull secrets into the environment for APIScan to use, since the ApiScan task does not have an 'Environment'
-              REM section for mapping secrets in classic pipelines.
-              REM
-              REM Make sure the pipeline secret variable 'AzureServicesAuthConnectionString' is set. It's format is like
-              REM   "runAs=App;AppId={AppId};TenantId={TenantId};AppKey={ClientSecret}"
-              REM The values for that connStr can be found in the Tellurium Key Vault.
-              @echo ##vso[task.setvariable variable=AzureServicesAuthConnectionString]%MappedConnectionString%
-          continueOnError: true
+            softwareFolder: '$(Build.SourcesDirectory)\verify\dlls'
+            softwareName: 'Microsoft.AspNet.OutputCache.*'
+            softwareVersionNum: '*'
+            softwareBuildNum: '$(Build.BuildId)'
+            symbolsFolder: '$(Build.SourcesDirectory)\bin\Release;SRV*http://symweb'
+            verbosityLevel: 'none'
           env:
-            MappedConnectionString: $(AzureServicesAuthConnectionStringSecret)
\ No newline at end of file
+            AzureServicesAuthConnectionString: RunAs=App;AppId=$(ApiScanClientId)
\ No newline at end of file

From e68fd9a3e9510f56a5319698771fefa17637ae45 Mon Sep 17 00:00:00 2001
From: Zhaodong Tian <v-zhtian@microsoft.com>
Date: Tue, 2 Apr 2024 05:28:20 +0000
Subject: [PATCH 2/2] Add APIScan Task

---
 azure-pipeline/azure-pipeline.yml | 45 +++++++++++++------------------
 1 file changed, 19 insertions(+), 26 deletions(-)

diff --git a/azure-pipeline/azure-pipeline.yml b/azure-pipeline/azure-pipeline.yml
index 8d26476..8897df2 100644
--- a/azure-pipeline/azure-pipeline.yml
+++ b/azure-pipeline/azure-pipeline.yml
@@ -5,6 +5,12 @@
 # This pipeline will be extended to the MicroBuild template
 # The Task 'PublishBuildArtifacts@1' has been converted to an output named 'Publish Artifact: Nuget packages' in the templateContext section.
 trigger: none
+schedules:
+- cron: "0 0 14 * *"
+  branches:
+    include:
+    - main
+  always: true
 resources:
   repositories:
   - repository: self
@@ -16,8 +22,6 @@ resources:
     ref: refs/tags/release
 name: $(Date:yyyyMMdd).$(Rev:r)
 variables:
-#- name: AzureServicesAuthConnectionStringSecret
-#  value: ''
 - name: EnableNuGetPackageRestore
   value: true
 - name: Packaging.EnableSBOMSigning
@@ -28,6 +32,8 @@ extends:
   template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
   parameters:
     sdl:
+      policheck:
+        enable: true
       sourceAnalysisPool:
         name: AzurePipelines-EO
         image: 1ESPT-Windows2022
@@ -79,8 +85,6 @@ extends:
             clean: true
             createLogFile: true
             logFileVerbosity: detailed
-         # to delete
-          continueOnError: true
         - task: CopyFiles@2
           displayName: Stage dll's for verification
           inputs:
@@ -97,33 +101,22 @@ extends:
               Microsoft.AspNet.OutputCache..*.nupkg
               !*.symbols.nupkg
             TargetFolder: $(Build.SourcesDirectory)\verify\packages
-         # to delete
-          continueOnError: true
         - task: ms-vseng.MicroBuildShipTasks.7c429315-71ba-4cb3-94bb-f829c95f7915.MicroBuildCodesignVerify@1
           displayName: Verify Signed Binaries
           inputs:
             TargetFolder: $(Build.SourcesDirectory)\verify\dlls
-         # to delete
-          continueOnError: true
         - task: ms-vseng.MicroBuildShipTasks.7c429315-71ba-4cb3-94bb-f829c95f7915.MicroBuildCodesignVerify@1
           displayName: Verify Signed Packages
-         # to delete
-          continueOnError: true
-        - task: CmdLine@2
-          displayName: Map ConnectionString for ApiScan
+        # Following article on https://dev.azure.com/devdiv/DevDiv/_wiki/wikis/DevDiv.wiki/25351/APIScan-step-by-step-guide-to-setting-up-a-Pipeline
+        # No longer need the old format, and following guideline to use (ApiScanClientId)
+        - task: APIScan@2
+          displayName: Run APIScan
           inputs:
-            script: |
-              @echo off
-              REM Per the documentation here - https://docs.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=classic%2Cbatch#set-variables-in-scripts
-              REM
-              REM We can set/update pipeline variables using the syntax used below. That way we can use a script task to
-              REM pull secrets into the environment for APIScan to use, since the ApiScan task does not have an 'Environment'
-              REM section for mapping secrets in classic pipelines.
-              REM
-              REM Make sure the pipeline secret variable 'AzureServicesAuthConnectionString' is set. It's format is like
-              REM   "runAs=App;AppId={AppId};TenantId={TenantId};AppKey={ClientSecret}"
-              REM The values for that connStr can be found in the Tellurium Key Vault.
-              @echo ##vso[task.setvariable variable=AzureServicesAuthConnectionString]%MappedConnectionString%
-          continueOnError: true
+            softwareFolder: '$(Build.SourcesDirectory)\verify\dlls'
+            softwareName: 'Microsoft.AspNet.OutputCache.*'
+            softwareVersionNum: '*'
+            softwareBuildNum: '$(Build.BuildId)'
+            symbolsFolder: '$(Build.SourcesDirectory)\bin\Release;SRV*http://symweb'
+            verbosityLevel: 'none'
           env:
-            MappedConnectionString: $(AzureServicesAuthConnectionStringSecret)
\ No newline at end of file
+            AzureServicesAuthConnectionString: RunAs=App;AppId=$(ApiScanClientId)
\ No newline at end of file