Updates to 1ES pipelines (#653)

FunctionsSdkE2ETests/nuget.config

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="localSource" value="..\artifacts" />
+    <clear />
     <add key="nuget.org" value="https://www.nuget.org/api/v2/" />    
-    <add key="azure_app_service_staging" value="https://www.myget.org/F/azure-appservice-staging/api/v2" />
+    <add key="AzureFunctionsTempStaging" value="https://azfunc.pkgs.visualstudio.com/e6a70c92-4128-439f-8012-382fe78d6396/_packaging/AzureFunctionsTempStaging/nuget/v3/index.json" />
   </packageSources>
 </configuration>

SECURITY.md

@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.9 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet) and [Xamarin](https://github.com/xamarin).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/security.md/definition), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/security.md/msrc/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/security.md/msrc/pgp).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/security.md/msrc/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/security.md/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->

eng/ci/code-mirror.yml

@@ -0,0 +1,20 @@
+trigger:
+  branches:
+    include:
+    # Keep this set limited as appropriate (don't mirror individual user branches).
+    - main
+    - release/*
+    - v3.x
+
+resources:
+  repositories:
+  - repository: eng
+    type: git
+    name: engineering
+    ref: refs/tags/release
+
+variables:
+  - template: ci/variables/cfs.yml@eng
+
+extends:
+  template: ci/code-mirror.yml@eng

eng/ci/official-build.yml

@@ -0,0 +1,54 @@
+name: $(Build.SourceBranchName)_$(Build.Reason)_$(BuildNumber)
+
+trigger:
+  batch: true
+  branches:
+    include:
+    - main
+    - release/*
+    - v3.x
+
+schedules:
+# Ensure we build nightly to catch any new CVEs and report SDL often.
+- cron: "0 0 * * *"
+  displayName: Nightly Build
+  branches:
+    include:
+    - main
+    - release/*
+    - v3.x
+  always: true
+
+# CI only, does not trigger on PRs.
+pr: none
+
+resources:
+  repositories:
+  - repository: 1es
+    type: git
+    name: 1ESPipelineTemplates/1ESPipelineTemplates
+    ref: refs/tags/release
+  - repository: eng
+    type: git
+    name: engineering
+    ref: refs/tags/release
+
+variables:
+  - template: ci/variables/build.yml@eng
+  - template: ci/variables/cfs.yml@eng
+  - template: /eng/ci/templates/variables/build.yml@self
+
+extends:
+  template: v1/1ES.Official.PipelineTemplate.yml@1es
+  parameters:
+    pool:
+      name: 1es-pool-azfunc
+      image: 1es-windows-2022
+      os: windows
+
+    stages:
+    - stage: Build
+      jobs:
+      - template: /eng/ci/templates/jobs/build-and-test.yml@self
+        parameters:
+          SkipBuildArtifacts: false

eng/ci/public-build.yml

@@ -0,0 +1,54 @@
+# This build is used for public PR and CI builds.
+
+name: $(Build.SourceBranchName)_$(Build.Reason)_$(BuildNumber)
+
+trigger:
+  batch: true
+  branches:
+    include:
+    - main
+    - release/*
+    - v3.x
+
+schedules:
+  # Ensure we build nightly to catch any new CVEs and report SDL often.
+  - cron: "0 0 * * *"
+    displayName: Nightly Build
+    branches:
+      include:
+      - main
+      - release/*
+      - v3.x
+    always: true
+
+pr:
+  branches:
+    include:
+    - main
+    - release/*
+    - v3.x
+
+resources:
+  repositories:
+  - repository: 1es
+    type: git
+    name: 1ESPipelineTemplates/1ESPipelineTemplates
+    ref: refs/tags/release
+
+variables:
+  - template: /eng/ci/templates/variables/build.yml@self
+
+extends:
+  template: v1/1ES.Unofficial.PipelineTemplate.yml@1es
+  parameters:
+    pool:
+      name: 1es-pool-azfunc-public
+      image: 1es-windows-2022
+      os: windows
+
+    stages:
+    - stage: Build
+      jobs:
+      - template: /eng/ci/templates/jobs/build-and-test.yml@self
+        parameters:
+          SkipBuildArtifacts: true

eng/ci/templates/jobs/build-and-test.yml

@@ -0,0 +1,95 @@
+parameters:
+  - name: SkipBuildArtifacts
+    type: boolean
+    default: false
+
+jobs:
+- job: BuildAndTest
+  displayName: Build and Test
+
+  templateContext:
+    outputParentDirectory: $(Build.ArtifactStagingDirectory)
+    outputs:
+    - ${{ if eq(parameters.SkipBuildArtifacts, false) }}:
+      - output: pipelineArtifact
+        displayName: Publish artifacts
+        path: $(Build.ArtifactStagingDirectory)/pkg
+        artifact: drop
+
+  steps:
+  - task: UseDotNet@2
+    displayName: Install .NET 6
+    inputs:
+      version: 6.x
+
+  - task: DotNetCoreCLI@2
+    displayName: 'Build'
+    inputs:
+      command: 'build'
+      arguments: -c Release
+      projects: |
+        src\**\Microsoft.NET.Sdk.Functions.MSBuild.csproj
+        src\**\Microsoft.NET.Sdk.Functions.Generator.csproj
+        src\**\Microsoft.NET.Sdk.Functions.csproj
+
+  - task: DotNetCoreCLI@2
+    displayName: Unit Tests
+    inputs:
+      command: test
+      projects: |
+        **\Microsoft.NET.Sdk.Functions.Generator.Tests.csproj
+        **\Microsoft.NET.Sdk.Functions.MSBuild.Tests.csproj
+        **\Microsoft.NET.Sdk.Functions.EndToEnd.Tests.csproj
+
+  - task: DotNetCoreCLI@2
+    displayName: End to End tests
+    inputs:
+      command: test
+      projects: |
+        **\FunctionsSdkE2ETests\FunctionsSdkE2ETests.sln
+      arguments: -v n
+
+  - ${{ if eq(parameters.SkipBuildArtifacts, false) }}:
+    - template: ci/sign-files.yml@eng
+      parameters:
+        displayName: Sign Functions assemblies
+        folderPath: src/Microsoft.NET.Sdk.Functions.MSBuild/bin/Release/
+        pattern: Microsoft.NET.Sdk.Functions.MSBuild.dll
+        signType: dll-strong-name      
+
+    - template: ci/sign-files.yml@eng
+      parameters:
+        displayName: Sign Functions assemblies
+        folderPath: src/Microsoft.NET.Sdk.Functions.Generator/bin/Release/
+        pattern: Microsoft.NET.Sdk.Functions.Generator.dll
+        signType: dll-strong-name      
+
+    - template: ci/sign-files.yml@eng
+      parameters:
+        displayName: Sign third party assemblies
+        folderPath: src/Microsoft.NET.Sdk.Functions.Generator/bin/Release/
+        pattern: Newtonsoft.Json.dll
+        signType: dll
+
+    - template: ci/sign-files.yml@eng
+      parameters:
+        displayName: Sign third party assemblies
+        folderPath: src/Microsoft.NET.Sdk.Functions.Generator/bin/Release
+        pattern: Mono.Cecil.dll
+        signType: dll
+
+    - task: DotNetCoreCLI@2
+      displayName: 'Pack Microsoft.Net.Sdk.Functions package'
+      inputs:
+        command: 'custom'
+        custom: 'pack'
+        arguments: '--no-build -c Release -o $(Build.ArtifactStagingDirectory)/pkg'
+        projects: |
+          **\Microsoft.Net.Sdk.Functions.csproj
+
+    - template: ci/sign-files.yml@eng
+      parameters:
+        displayName: Sign NugetPackages
+        folderPath: $(Build.ArtifactStagingDirectory)/pkg
+        pattern: Microsoft.Net.Sdk.Functions*.nupkg
+        signType: nuget

eng/ci/templates/variables/build.yml

@@ -0,0 +1,4 @@
+variables:
+  BuildNumber: $[counter(format(''), 289)]
+  ${{ if startswith( variables['Build.SourceBranch'], 'refs/heads/release/4' ) }}:
+    UseSuffix: false

nuget.config

@@ -1,7 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
+    <clear />
     <add key="nuget.org" value="https://www.nuget.org/api/v2/" />    
-    <add key="azure_app_service_staging" value="https://www.myget.org/F/azure-appservice-staging/api/v2" />
+    <add key="azure-appservice-test" value="https://azfunc.pkgs.visualstudio.com/e6a70c92-4128-439f-8012-382fe78d6396/_packaging/azure-appservice-test%40Local/nuget/v3/index.json" />
+    <add key="AzureFunctionsTempStaging" value="https://azfunc.pkgs.visualstudio.com/e6a70c92-4128-439f-8012-382fe78d6396/_packaging/AzureFunctionsTempStaging/nuget/v3/index.json" />
   </packageSources>
 </configuration>

paket.dependencies

@@ -1,7 +1,6 @@
 source https://nuget.org/api/v2
-source https://www.myget.org/F/azure-appservice-staging/api/v2
-source https://www.myget.org/F/azure-appservice/api/v2
-
+source https://azfunc.pkgs.visualstudio.com/e6a70c92-4128-439f-8012-382fe78d6396/_packaging/azure-appservice-test%40Local/nuget/v3/index.json
+source https://azfunc.pkgs.visualstudio.com/e6a70c92-4128-439f-8012-382fe78d6396/_packaging/AzureFunctionsTempStaging/nuget/v3/index.json
 
 nuget FAKE
 nuget WindowsAzure.Storage = 9.3.1