-
Notifications
You must be signed in to change notification settings - Fork 443
/
DirectXTex-SDL.yml
148 lines (138 loc) · 4.31 KB
/
DirectXTex-SDL.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#
# http://go.microsoft.com/fwlink/?LinkId=248926
# Runs various SDL recommended tools on the code.
schedules:
- cron: "0 3 * * 0,3,5"
displayName: 'Three times a week'
branches:
include:
- main
# GitHub Actions handles CodeQL and PREFAST for CI/PR
trigger: none
pr:
branches:
include:
- main
paths:
include:
- build/DirectXTex-SDL.yml
resources:
repositories:
- repository: self
type: git
ref: refs/heads/main
name: $(Year:yyyy).$(Month).$(DayOfMonth)$(Rev:.r)
variables:
Codeql.Enabled: true
Codeql.Language: cpp
VC_PATH: 'C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC'
VS_GENERATOR: 'Visual Studio 17 2022'
pool:
vmImage: windows-2022
jobs:
- job: SDL_BUILD
displayName: 'Build using required SDL tools'
workspace:
clean: all
steps:
- checkout: self
clean: true
fetchTags: false
- task: NodeTool@0
displayName: 'NPM install'
inputs:
versionSpec: 14.x
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
displayName: 'Run Credential Scanner'
inputs:
debugMode: false
folderSuppression: false
- task: PoliCheck@2
displayName: 'Run PoliCheck'
inputs:
result: PoliCheck.xml
- task: Armory@2
displayName: Run ARMory
- task: CMake@1
displayName: 'CMake (MSVC): Config x64'
inputs:
cwd: '$(Build.SourcesDirectory)'
cmakeArgs: '-G "$(VS_GENERATOR)" -A x64 -B out -DENABLE_SPECTRE_MITIGATION=ON'
- task: CodeQL3000Init@0
inputs:
Enabled: true
- task: VSBuild@1
displayName: 'Build C++ with CodeQL'
inputs:
solution: '$(Build.SourcesDirectory)/out/DirectXTex.sln'
vsVersion: 17.0
platform: x64
configuration: Release
msbuildArchitecture: x64
- task: CodeQL3000Finalize@0
condition: always()
- task: CMake@1
displayName: 'CMake (MSVC): Build x64 Release'
inputs:
cwd: '$(Build.SourcesDirectory)'
cmakeArgs: --build out -v --config RelWithDebInfo
- task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@4
displayName: 'Run AntiMalware'
inputs:
InputType: 'Basic'
ScanType: 'CustomScan'
FileDirPath: $(Agent.BuildDirectory)
EnableSERVICEs: true
SupportLogOnError: false
TreatSignatureUpdateFailureAs: 'Warning'
SignatureFreshness: 'OneDay'
TreatStaleSignatureAs: 'Error'
condition: always()
- task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@4
displayName: 'Run BinSkim'
inputs:
AnalyzeTargetBinskim: ''
AnalyzeTargetGlob: +:file|out\bin\**\RelWithDebInfo\*.exe
AnalyzeVerbose: true
- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
displayName: 'Post Analysis'
inputs:
GdnBreakAllTools: true
GdnBreakPolicy: 'Microsoft'
GdnBreakPolicyMinSev: 'Error'
- task: ComponentGovernanceComponentDetection@0
displayName: Component Detection
- job: VC_PREFAST
displayName: 'Build using /analyze (PREFAST)'
workspace:
clean: all
steps:
- checkout: self
clean: true
fetchTags: false
- task: CmdLine@2
displayName: Setup environment for CMake to use VS
inputs:
script: |
call "$(VC_PATH)\Auxiliary\Build\vcvars64.bat"
echo ##vso[task.setvariable variable=WindowsSdkVerBinPath;]%WindowsSdkVerBinPath%
echo ##vso[task.prependpath]%VSINSTALLDIR%Common7\IDE\CommonExtensions\Microsoft\CMake\Ninja
echo ##vso[task.prependpath]%VCINSTALLDIR%Tools\Llvm\x64\bin
echo ##vso[task.prependpath]%WindowsSdkBinPath%x64
echo ##vso[task.prependpath]%WindowsSdkVerBinPath%x64
echo ##vso[task.prependpath]%VCToolsInstallDir%bin\Hostx64\x64
echo ##vso[task.setvariable variable=EXTERNAL_INCLUDE;]%EXTERNAL_INCLUDE%
echo ##vso[task.setvariable variable=INCLUDE;]%INCLUDE%
echo ##vso[task.setvariable variable=LIB;]%LIB%
- task: CMake@1
displayName: CMake Config
inputs:
cwd: '$(Build.SourcesDirectory)'
cmakeArgs: --preset=x64-Debug -DENABLE_CODE_ANALYSIS=ON
- task: CMake@1
displayName: CMake Build
inputs:
cwd: '$(Build.SourcesDirectory)'
cmakeArgs: --build out/build/x64-Debug