steps: - task: NuGetToolInstaller@1 displayName: 'Use NuGet' inputs: versionSpec: ${{ parameters.nuget_version }} - task: NuGetCommand@2 displayName: 'NuGet restore Configuration Packages' inputs: restoreSolution: tools/config/packages.config restoreDirectory: ConfigPackages - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2 displayName: 'Run CredScan' inputs: toolMajorVersion: 'V2' outputFormat: sarif debugMode: false - task: UseDotNet@2 displayName: 'Get .NET Core 6.0 SDK' inputs: packageType: 'sdk' version: '6.0.x' - task: CMake@1 displayName: 'Configure SEAL' inputs: cmakeArgs: .. -DCMAKE_BUILD_TYPE='${{ parameters.configuration }}' -DSEAL_BUILD_DEPS=ON -DSEAL_BUILD_TESTS=ON -DSEAL_BUILD_EXAMPLES=ON -DSEAL_BUILD_SEAL_C=ON -DSEAL_SECURE_COMPILE_OPTIONS=ON workingDirectory: '$(Build.SourcesDirectory)/build' - task: MSBuild@1 displayName: 'Build SEAL' inputs: solution: '$(Build.SourcesDirectory)/build/seal.sln' msbuildArchitecture: 'x64' platform: 'x64' configuration: '${{ parameters.configuration }}' msbuildVersion: 'latest' - task: securedevelopmentteam.vss-secure-development-tools.build-task-roslynanalyzers.RoslynAnalyzers@2 displayName: 'Run Roslyn Analyzers' - task: VSTest@2 displayName: 'VsTest - native tests' inputs: testAssemblyVer2: | **\${{ parameters.configuration }}\*test*.dll **\${{ parameters.configuration }}\*test*.exe !**\obj\** platform: 'x64' configuration: ${{ parameters.configuration }} diagnosticsEnabled: True - ${{ if eq(parameters.configuration, 'Release') }}: - task: PowerShell@2 displayName: 'Download Strong Name certificate' inputs: targetType: 'inline' script: | # Get signing certificate $CertOutFile = Join-Path -Path $env:BUILD_SOURCESDIRECTORY -ChildPath build\dotnet\src\SEALNetCert.snk if (Test-Path env:SEALNetSigningCertificate) { Invoke-WebRequest -Uri "$env:SEALNetSigningCertificate" -OutFile $CertOutFile } - task: NuGetCommand@2 displayName: 'NuGet restore from Solution' inputs: command: 'restore' restoreSolution: '$(Build.SourcesDirectory)/build/dotnet/SEALNet.sln' feedsToUse: 'select' - task: MSBuild@1 displayName: 'Build SEALNet' inputs: solution: '$(Build.SourcesDirectory)/build/dotnet/SEALNet.sln' msbuildArchitecture: 'x64' platform: 'x64' configuration: '${{ parameters.configuration }}' msbuildVersion: 'latest' - task: VSTest@2 displayName: 'VsTest - dotnet tests' inputs: testAssemblyVer2: | **\${{ parameters.configuration }}\**\sealnettest.dll !**\obj\** !**\ref\** configuration: ${{ parameters.configuration }} diagnosticsEnabled: True - ${{ if eq(parameters.configuration, 'Release') }}: - task: Semmle@1 displayName: 'Semmle SEAL' env: SYSTEM_ACCESSTOKEN: $(System.AccessToken) inputs: sourceCodeDirectory: '$(Build.SourcesDirectory)' language: 'cpp' querySuite: 'Recommended' timeout: '1800' ram: '16384' addProjectDirToScanningExclusionList: true buildCommands: '"%ProgramFiles(x86)%\Microsoft Visual Studio\2022\Enterprise\Common7\Tools\VsMSBuildCmd.bat" && msbuild $(Build.SourcesDirectory)/build/seal.sln' cleanupBuildCommands: '"%ProgramFiles(x86)%\Microsoft Visual Studio\2022\Enterprise\Common7\Tools\VsMSBuildCmd.bat" && msbuild $(Build.SourcesDirectory)/build/seal.sln /t:Clean' - task: Semmle@1 displayName: 'Semmle SEALNet' env: SYSTEM_ACCESSTOKEN: $(System.AccessToken) inputs: sourceCodeDirectory: '$(Build.SourcesDirectory)' language: 'csharp' querySuite: 'Recommended' timeout: '1800' ram: '16384' addProjectDirToScanningExclusionList: true buildCommands: '"%ProgramFiles(x86)%\Microsoft Visual Studio\2022\Enterprise\Common7\Tools\VsMSBuildCmd.bat" && msbuild $(Build.SourcesDirectory)/build/dotnet/SEALNet.sln' cleanupBuildCommands: '"%ProgramFiles(x86)%\Microsoft Visual Studio\2022\Enterprise\Common7\Tools\VsMSBuildCmd.bat" && msbuild $(Build.SourcesDirectory)/build/dotnet/SEALNet.sln /t:Clean' - task: MSBuild@1 displayName: 'Build SEALNet for iOS' inputs: solution: '$(Build.SourcesDirectory)/build/dotnet/src/SEALNet.csproj' msbuildArchitecture: 'x64' platform: 'x64' msbuildArguments: '/p:BuildIOS=1' configuration: '${{ parameters.configuration }}' msbuildVersion: 'latest' - task: PublishSymbols@2 displayName: 'Publish symbols path' inputs: searchPattern: '**\bin\**\*.pdb' PublishSymbols: false continueOnError: true - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 displayName: 'ESRP Add Strong Name' inputs: ConnectedServiceName: 'ESRP CodeSigning' FolderPath: build/bin/dotnet/${{ parameters.configuration }}/netstandard2.0 Pattern: '*.dll' signConfigType: inlineSignParams inlineOperation: | [ { "KeyCode" : "CP-235845-SN", "OperationCode" : "StrongNameSign", "Parameters" : {}, "ToolName" : "sign", "ToolVersion" : "1.0" }, { "KeyCode" : "CP-235845-SN", "OperationCode" : "StrongNameVerify", "Parameters" : {}, "ToolName" : "sign", "ToolVersion" : "1.0" } ] - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 displayName: 'ESRP Add Strong Name to iOS assembly' inputs: ConnectedServiceName: 'ESRP CodeSigning' FolderPath: build/bin/dotnet/ios/${{ parameters.configuration }}/netstandard2.0 Pattern: '*.dll' signConfigType: inlineSignParams inlineOperation: | [ { "KeyCode" : "CP-235845-SN", "OperationCode" : "StrongNameSign", "Parameters" : {}, "ToolName" : "sign", "ToolVersion" : "1.0" }, { "KeyCode" : "CP-235845-SN", "OperationCode" : "StrongNameVerify", "Parameters" : {}, "ToolName" : "sign", "ToolVersion" : "1.0" } ] - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 displayName: 'ESRP CodeSigning .NET Standard 2.0' inputs: ConnectedServiceName: 'ESRP CodeSigning' FolderPath: build/bin/dotnet/${{ parameters.configuration }}/netstandard2.0 Pattern: '*.dll' signConfigType: inlineSignParams inlineOperation: | [ { "KeyCode": "CP-230012", "OperationCode": "SigntoolSign", "Parameters": { "OpusName": "Microsoft.Research.SEAL", "OpusInfo": "https://github.com/microsoft/SEAL", "FileDigest": "/fd \"SHA256\"", "PageHash": "/PH", "TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" }, "ToolName": "sign", "ToolVersion": "1.0" }, { "KeyCode": "CP-230012", "OperationCode": "SigntoolVerify", "Parameters": {}, "ToolName": "sign", "ToolVersion": "1.0" } ] - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 displayName: 'ESRP CodeSigning .NET Standard 2.0 for iOS assembly' inputs: ConnectedServiceName: 'ESRP CodeSigning' FolderPath: build/bin/dotnet/ios/${{ parameters.configuration }}/netstandard2.0 Pattern: '*.dll' signConfigType: inlineSignParams inlineOperation: | [ { "KeyCode": "CP-230012", "OperationCode": "SigntoolSign", "Parameters": { "OpusName": "Microsoft.Research.SEAL", "OpusInfo": "https://github.com/microsoft/SEAL", "FileDigest": "/fd \"SHA256\"", "PageHash": "/PH", "TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" }, "ToolName": "sign", "ToolVersion": "1.0" }, { "KeyCode": "CP-230012", "OperationCode": "SigntoolVerify", "Parameters": {}, "ToolName": "sign", "ToolVersion": "1.0" } ] - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 displayName: 'ESRP CodeSigning native' inputs: ConnectedServiceName: 'ESRP CodeSigning' FolderPath: build/bin/${{ parameters.configuration }} Pattern: '*.dll' signConfigType: inlineSignParams inlineOperation: | [ { "KeyCode": "CP-230012", "OperationCode": "SigntoolSign", "Parameters": { "OpusName": "Microsoft.Research.SEAL", "OpusInfo": "https://github.com/microsoft/SEAL", "FileDigest": "/fd \"SHA256\"", "PageHash": "/PH", "TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" }, "ToolName": "sign", "ToolVersion": "1.0" }, { "KeyCode": "CP-230012", "OperationCode": "SigntoolVerify", "Parameters": {}, "ToolName": "sign", "ToolVersion": "1.0" } ] - task: CopyFiles@2 displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)' inputs: SourceFolder: '$(Build.SourcesDirectory)' Contents: '**\${{ parameters.configuration }}\**\?(*.exe|*.dll|*.lib|*.xml)' TargetFolder: '$(Build.ArtifactStagingDirectory)' - task: CopyFiles@2 displayName: 'Copy NuSpec File to: $(Build.ArtifactStagingDirectory)' inputs: SourceFolder: '$(Build.SourcesDirectory)\build\dotnet\nuget\' Contents: 'SEALNet-multi.nuspec' TargetFolder: '$(Build.ArtifactStagingDirectory)\dotnet\nuget\' - task: CopyFiles@2 displayName: 'Copy Targets File to: $(Build.ArtifactStagingDirectory)' inputs: SourceFolder: '$(Build.SourcesDirectory)\dotnet\nuget\' Contents: 'SEALNet.targets' TargetFolder: '$(Build.ArtifactStagingDirectory)\dotnet\nuget\' - task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@3 displayName: 'Run BinSkim' inputs: InputType: Basic AnalyzeTarget: '$(Build.ArtifactStagingDirectory)\**\${{ parameters.configuration }}\**\sealc.dll' AnalyzeSymPath: '**\bin\**\*.pdb' enabled: true - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' - task: corygehr.air-autoassess.uploadScanResults.uploadScanResults@1 displayName: 'Upload Scan Results for Analysis' inputs: uploadUrl: 'https://airbuildscan.azurewebsites.net/api/Upload' areaPathParent: 'SEAL' enabled: false - ${{ if eq(parameters.configuration, 'Release') }}: - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2 displayName: 'Publish Security Analysis Logs' - task: PublishBuildArtifacts@1 displayName: 'Publish Artifact: drop' inputs: PathtoPublish: '$(Build.ArtifactStagingDirectory)' artifactName: windows-drop