@@ -26,6 +26,10 @@ parameters:
2626 displayName : Enable MSBuild Binary Logs
2727 type : boolean
2828 default : false
29+ - name : OfficialBuild
30+ type : boolean
31+ default : false
32+
2933
3034resources :
3135 repositories :
@@ -74,16 +78,25 @@ variables:
7478 - group : mscodehub-feed-read-akv
7579 - name : ENABLE_MSBUILD_BINLOGS
7680 value : ${{ parameters.ENABLE_MSBUILD_BINLOGS }}
81+ - name : templateFile
82+ value : ${{ iif ( parameters.OfficialBuild, 'v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates', 'v2/OneBranch.NonOfficial.CrossPlat.yml@onebranchTemplates' ) }}
83+ # Fix for BinSkim ICU package error in Linux containers
84+ - name : DOTNET_SYSTEM_GLOBALIZATION_INVARIANT
85+ value : true
86+ # Disable BinSkim at job level to override NonOfficial template defaults
87+ - name : ob_sdl_binskim_enabled
88+ value : false
7789
7890extends :
79- template : v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates
91+ template : ${{ variables.templateFile }}
8092 parameters :
8193 customTags : ' ES365AIMigrationTooling'
8294 featureFlags :
8395 LinuxHostVersion :
8496 Network : KS3
8597 WindowsHostVersion :
8698 Network : KS3
99+ incrementalSDLBinaryAnalysis : true
87100 globalSdl :
88101 disableLegacyManifest : true
89102 # disabled Armorty as we dont have any ARM templates to scan. It fails on some sample ARM templates.
@@ -103,19 +116,13 @@ extends:
103116 cg :
104117 enabled : true
105118 ignoreDirectories : ' .devcontainer,demos,docker,docs,src,test,tools/packaging'
106- asyncSdl :
107- enabled : true
108- forStages : [prep, macos, linux, windows, SignFiles, test_and_release_artifacts]
109- credscan :
110- enabled : true
111- scanFolder : $(Build.SourcesDirectory)
112- suppressionsFile : $(Build.SourcesDirectory)\PowerShell\.config\suppress.json
113- binskim :
114- enabled : false
115- # APIScan requires a non-Ready-To-Run build
116- apiscan :
117- enabled : false
118- tsaOptionsFile : .config\tsaoptions.json
119+ binskim :
120+ enabled : false
121+ exactToolVersion : 4.4.2
122+ # APIScan requires a non-Ready-To-Run build
123+ apiscan :
124+ enabled : false
125+ tsaOptionsFile : .config\tsaoptions.json
119126
120127 stages :
121128 - stage : prep
0 commit comments