Create yaml pipeline

Stages:
- Build
- Tests
- Compliance
- Package

Author: mauroa

NuGet.Config

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+	<config>
+		<add key="repositoryPath" value=".nuget\packages" />
+	</config>
+	<packageSources>
+		<clear />
+		<add key="xvs" value="https://devdiv.pkgs.visualstudio.com/_packaging/xamarin-xvs/nuget/v3/index.json" />
+	</packageSources>
+</configuration>

build.proj

@@ -0,0 +1,9 @@
+{
+    "tool": "Credential Scanner",
+    "suppressions": [ 
+        {
+            "file": "src\\IntegrationTests\\AuthenticationSpec.cs",
+            "_justification": "Dummy credentials for testing purposes"
+        }
+    ]
+}

build/CredScanSuppressions.json

@@ -0,0 +1,3 @@
+<!-- Upper case must be used. All values will be compared only to the upper case strings -->
+<PoliCheckExclusions>
+</PoliCheckExclusions>

build/PoliCheckExclusions.xml

@@ -0,0 +1,124 @@
+# Build Stage
+
+stages:
+- stage: Build
+  jobs:
+  - job: Windows
+    timeoutInMinutes: 10
+    pool:
+      name: $(WindowsPoolName)
+
+    steps:
+    - checkout: self
+      clean: true
+
+    - task: UseDotNet@2
+      displayName: 'Use .Net Core SDK $(DotNetCoreVersion)'
+      inputs:
+        version: '$(DotNetCoreVersion)'    
+      condition: always()
+
+    - script: 'mkdir "$(Build.ArtifactStagingDirectory)\binlogs"'
+      displayName: 'Create Logs Dir'
+      condition: always()
+
+    # Ensure we clear bot-provided feeds, for reliability
+    - powershell: |
+        $configPath = "$(Build.SourcesDirectory)\NuGet.Config"
+        [xml]$config = get-content $configPath
+        $config.configuration.packageSources.PrependChild($config.CreateElement("clear"))
+        $config.Save($configPath)
+      displayName: 'Ensure Clean NuGet Sources'
+      condition: always()
+
+    - task: NuGetCommand@2
+      displayName: 'Restore Packages'
+      inputs:
+        restoreSolution: '$(Build.SourcesDirectory)/src/Hermes.sln'
+        feedsToUse: config
+        nugetConfigPath: '$(Build.SourcesDirectory)/NuGet.Config'
+      condition: always()
+
+    - task: MSBuild@1
+      displayName: 'Build Solution'
+      inputs:
+        solution: '$(Build.SourcesDirectory)/src/Hermes.sln'
+        msbuildArguments: /t:Build /noautoresponse /bl:"$(Build.ArtifactStagingDirectory)\binlogs\build.binlog" 
+      condition: always()
+
+    - task: PublishBuildArtifacts@1
+      displayName: 'Publish Artifact: packages'
+      inputs:
+        PathtoPublish: '$(Build.SourcesDirectory)\pack'
+        ArtifactName: packages
+      continueOnError: true
+      condition: always()
+
+    - task: PublishBuildArtifacts@1
+      displayName: 'Publish Artifact: unit-tests'
+      inputs:
+        PathtoPublish: '$(Build.SourcesDirectory)\src\Tests\bin\$(Configuration)'
+        ArtifactName: unit-tests
+      continueOnError: true
+      condition: always()
+
+    - task: PublishBuildArtifacts@1
+      displayName: 'Publish Artifact: integration-tests'
+      inputs:
+        PathtoPublish: '$(Build.SourcesDirectory)\src\IntegrationTests\bin\$(Configuration)'
+        ArtifactName: integration-tests
+      continueOnError: true
+      condition: always()
+
+    - task: PublishBuildArtifacts@1
+      displayName: 'Publish Artifact: logs'
+      inputs:
+        PathtoPublish: '$(Build.ArtifactStagingDirectory)\binlogs'
+        ArtifactName: logs
+      continueOnError: true
+      condition: always()
+
+    - task: CopyFiles@2
+      displayName: 'Copy Symbols'
+      inputs:
+        SourceFolder: '$(Build.SourcesDirectory)/src/Server/bin/$(Configuration)'
+        Contents: |
+          **/System.Net.Mqtt.?(dll|pdb)
+          **/System.Net.Mqtt.Server.?(dll|pdb)
+        TargetFolder: '$(Build.ArtifactStagingDirectory)/Symbols'
+        CleanTargetFolder: true
+        FlattenFolders: true
+        OverWrite: true # Check if we should copy to $(TargetFramework) subfolders instead
+      condition: always()
+
+    - task: PublishBuildArtifacts@1
+      displayName: 'Publish Artifact: symbols'
+      inputs:
+        PathtoPublish: '$(Build.ArtifactStagingDirectory)/Symbols'
+        ArtifactName: symbols
+      condition: always()
+
+    - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
+      displayName: 'Component Governance'
+      condition: and(succeeded(), eq(variables['Build.SourceBranch'], variables['MainBranch']))
+
+    - powershell: |
+        $complianceEnabled = if ($env:COMPLIANCEENABLED) { $env:COMPLIANCEENABLED } else { '' }
+
+        if ($complianceEnabled -eq '') { 
+          $branch = '$(Build.SourceBranch)'
+          $reason = '$(Build.Reason)'
+
+          if($branch -eq '$(MainBranch)' -or $reason -eq 'PullRequest') {
+            $complianceEnabled = 'true'
+          } else {
+            $complianceEnabled = 'false'
+          }
+        }
+
+        Write-Host "Source Branch: $branch, Build Reason: $reason"
+        Write-Host "Requires Compliance Stage: $complianceEnabled"
+        Write-Host "##vso[task.setvariable variable=Xamarin.ComplianceEnabled;isOutput=true]$complianceEnabled"
+      name: 'SetComplianceNeed'
+      displayName: 'Evaluate Compliance Need'
+      condition: always()

build/stages/build.yml

@@ -0,0 +1,101 @@
+# Compliance Stage
+
+stages:
+- stage : Compliance
+  dependsOn: Build
+  condition: eq(stageDependencies.Build.outputs['Windows.SetComplianceNeed.Xamarin.ComplianceEnabled'], 'true')
+  jobs:
+   - job: CodeAnalysis
+     displayName: Security & Analysis
+     pool: $(WindowsPoolName)
+     timeoutInMinutes: 60
+     cancelTimeoutInMinutes: 5 
+     steps:
+     - checkout: self
+       clean: true
+       submodules: recursive
+     - task: DownloadBuildArtifacts@0
+       displayName: Download Symbols
+       inputs:
+        artifactName: symbols
+        downloadPath: '$(Build.ArtifactStagingDirectory)'
+     - task: AntiMalware@3
+       displayName: Run AntiMalware Scan
+       inputs:
+        FileDirPath: $(System.DefaultWorkingDirectory)
+        EnableServices: true
+       continueOnError: true
+       condition: succeededOrFailed()
+     - task: BinSkim@3
+       displayName: Run BinSkim Analysis
+       inputs:
+        InputType: Basic
+        AnalyzeTarget: '$(Build.ArtifactStagingDirectory)\Symbols\*.dll'
+        AnalyzeVerbose: true
+       continueOnError: true
+       condition: succeededOrFailed()
+     - template: security\credscan\v2.yml@templates # from xamarin/yaml-templates repository
+       parameters:
+        suppressionsFile: $(System.DefaultWorkingDirectory)\build\CredScanSuppressions.json
+     - template: security\policheck\v1.yml@templates # from xamarin/yaml-templates repository
+       parameters:
+        exclusionFile: $(System.DefaultWorkingDirectory)\build\PoliCheckExclusions.xml
+     - task: CodeInspector@2
+       displayName: Run Code Inspector Analysis
+       inputs:
+        ProductId: '$(System.TeamProjectId)'
+       continueOnError: true
+       condition: succeededOrFailed()
+     - task: SdtReport@1
+       displayName: Create Security Analysis Report
+       inputs:
+        AntiMalware: true
+        BinSkim: true
+        CredScan: true
+        RoslynAnalyzers: true
+        PoliCheck: true
+        CodeInspector: true
+       continueOnError: true
+       condition: succeededOrFailed()
+     - task: PublishSecurityAnalysisLogs@2
+       displayName: Publish Security Analysis Logs
+       inputs:
+        ArtifactName: ComplianceLogs
+       continueOnError: true
+       condition: succeededOrFailed()
+     - task: PostAnalysis@1
+       displayName: Run Security Post Analysis
+       inputs:
+          AntiMalware: true
+          BinSkim: true
+          CredScan: true
+          RoslynAnalyzers: true
+          PoliCheck: true
+          CodeInspector: true
+       continueOnError: true
+       condition: succeededOrFailed()
+     - task: TSAUpload@1
+       inputs:
+          tsaVersion: 'TsaV2'
+          codebase: 'NewOrUpdate'
+          tsaEnvironment: 'PROD'
+          codeBaseName: 'mqtt_main'
+          notificationAlias: '[email protected],[email protected]'
+          notifyAlwaysV2: false
+          codeBaseAdmins: 'REDMOND\maagno;REDMOND\vsengxamarin'
+          instanceUrlForTsaV2: 'DEVDIV'
+          projectNameDEVDIV: 'DevDiv'
+          areaPath: 'DevDiv\Xamarin Tools\XamarinVS\XMA'
+          iterationPath: 'DevDiv\OneVS'
+          uploadAPIScan: true
+          uploadBinSkim: true
+          uploadCredScan: true
+          uploadFortifySCA: true
+          uploadFxCop: true
+          uploadModernCop: true
+          uploadPoliCheck: true
+          uploadPREfast: true
+          uploadRoslyn: true
+          uploadTSLint: true
+          uploadAsync: true
+       condition: succeededOrFailed()

build/stages/compliance.yml

@@ -0,0 +1,37 @@
+# Upload Stage
+
+stages:
+- stage : Package
+  dependsOn:         
+  - Test
+  - Compliance
+  condition: and(succeeded(), eq(variables['Build.SourceBranch'], variables['MainBranch']))
+  jobs:
+  - job: Push
+    displayName: Pack & Push
+    timeoutInMinutes: 10
+    pool:
+      name: $(WindowsPoolName)
+    steps:
+    - checkout: self
+
+    - task: DownloadBuildArtifacts@0
+      displayName: Download Packages
+      inputs:
+        artifactName: packages
+        downloadPath: '$(Build.ArtifactStagingDirectory)'
+
+    - task: NuGetCommand@2
+      displayName: 'NuGet Update'
+      inputs:
+        command: custom
+        arguments: 'update -self'
+
+    - task: NuGetCommand@2
+      displayName: Push Packages
+      continueOnError: true
+      inputs:
+        command: push
+        packagesToPush: '$(Build.ArtifactStagingDirectory)/packages/*.nupkg'
+        nuGetFeedType: external
+        publishFeedCredentials: '$(PackagesFeedCredentials)'