(#624) Added required scc checks for compliance

Author: adrianhall

.azure-pipelines/main.yml

@@ -12,6 +12,10 @@ pool:
 variables:
   basePath: 'src/APIM_ARMTemplate'
   configuration: 'Release'
+  BASE_VERSION: '0.0.1'
+  PREVIEW_LABEL: 'preview'
+  BUILD_NUMBER: $[counter(format('{0}_{1}_{2}', variables['BASE_VERSION'], variables['PREVIEW_LABEL'], variables['Build.SourceBranch']), 1)]
+  APP_VERSION: $[format('{0}-{1}.{2}', variables['BASE_VERSION'], variables['PREVIEW_LABEL'], variables['BUILD_NUMBER'])]
 
 stages:
   - stage: build
@@ -25,6 +29,27 @@ stages:
               version: '3.1.x'
               performMultiLevelLookup: true
 
+          - pwsh: |
+              $pr = "pr." + $env:SYSTEM_PULLREQUEST_PULLREQUESTNUMBER
+              $version = $env:BASE_VERSION + "-" + $pr + "." + $env:BUILD_NUMBER
+              Write-Host "Preview label: $pr"
+              Write-Host "NuGet version: $nuget"
+              Write-Host "##vso[task.setvariable variable=PREVIEW_LABEL]$pr"
+              Write-Host "##vso[task.setvariable variable=APP_VERSION]$version"
+            displayName: Override version for PRs
+            condition: eq(variables['Build.Reason'], 'PullRequest')
+
+          - pwsh: |
+              $tagVersion = $env:BUILD_SOURCEBRANCHNAME
+              Write-Host "Tag version: $tagVersion"
+              Write-Host "##vso[task.setvariable variable=APP_VERSION]$tagVersion"
+            displayName: Override version for tags
+            condition: startsWith(variables['Build.SourceBranch'], 'refs/tags/')  
+
+          - pwsh: |
+              Write-Host "##vso[build.updatebuildnumber]$env:APP_VERSION"
+            displayName: Update the build number with a more readable one
+
           - task: DotNetCoreCLI@2
             displayName: 'Build Toolkit'
             inputs:
@@ -49,3 +74,50 @@ stages:
             inputs:
               pathToPublish: '$(basePath)/apimtemplate/bin/$(configuration)'
               artifactName: build
+
+  - stage: postbuild
+    displayName: 'Post Build Checks'
+    condition: eq('ref/heads/main', variables['Build.SourceBranch'])
+    dependsOn: ['build']
+    jobs:
+      - job: required_checks
+        displayName: 'Run required code checks'
+        steps:
+          - pwsh: |
+              $repo = "$(Build.Repository.Id)"
+              $repo = $repo.Substring($repo.IndexOf("/") + 1)
+              $branch = "main"
+              $CODEBASE_NAME = $repo + "_" + $branch
+              echo "Using codebase: $CODEBASE_NAME"
+              Write-Host "##vso[task.setvariable variable=CODEBASE_NAME]$CODEBASENAME"
+              
+          - task: CredScan@2
+            inputs:
+              toolMajorVersion: 'V2'
+
+          - task: PoliCheck@1
+            inputs:
+              inputType: 'Basic'
+              targetType: 'F'
+
+          - task: SdtReport@1
+            displayName: 'Create security analysis report'
+            inputs:
+              AllTools: false
+              APIScan: false
+              BinSkim: false
+              CodesignValidation: false
+              CredScan: true
+              FortifySCA: false
+              FxCop: false
+              ModernCop: false
+              MSRD: false
+              PoliCheck: true
+              RoslynAnalyzers: false
+              SDLNativeRules: false
+              Semmle: false
+              TSLint: false
+              ToolLogsNotFoundAction: 'Standard'
+
+          - task: PublishSecurityAnalysisLogs@3
+            displayName: 'Publish security analysis logs'