@@ -26,6 +26,10 @@ parameters:
2626 displayName : Enable MSBuild Binary Logs
2727 type : boolean
2828 default : false
29+ - name : OfficialBuild
30+ type : boolean
31+ default : false
32+
2933
3034resources :
3135 repositories :
@@ -74,15 +78,24 @@ variables:
7478 - group : mscodehub-feed-read-akv
7579 - name : ENABLE_MSBUILD_BINLOGS
7680 value : ${{ parameters.ENABLE_MSBUILD_BINLOGS }}
81+ - name : templateFile
82+ value : ${{ iif ( parameters.OfficialBuild, 'v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates', 'v2/OneBranch.NonOfficial.CrossPlat.yml@onebranchTemplates' ) }}
83+ # Fix for BinSkim ICU package error in Linux containers
84+ - name : DOTNET_SYSTEM_GLOBALIZATION_INVARIANT
85+ value : true
86+ # Disable BinSkim at job level to override NonOfficial template defaults
87+ - name : ob_sdl_binskim_enabled
88+ value : false
7789
7890extends :
79- template : v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates
91+ template : ${{ variables.templateFile }}
8092 parameters :
8193 featureFlags :
8294 LinuxHostVersion :
8395 Network : KS3
8496 WindowsHostVersion :
8597 Network : KS3
98+ incrementalSDLBinaryAnalysis : true
8699 globalSdl :
87100 disableLegacyManifest : true
88101 # disabled Armorty as we dont have any ARM templates to scan. It fails on some sample ARM templates.
@@ -102,19 +115,13 @@ extends:
102115 cg :
103116 enabled : true
104117 ignoreDirectories : ' .devcontainer,demos,docker,docs,src,test,tools/packaging'
105- asyncSdl :
106- enabled : true
107- forStages : [prep, macos, linux, windows, SignFiles, test_and_release_artifacts]
108- credscan :
109- enabled : true
110- scanFolder : $(Build.SourcesDirectory)
111- suppressionsFile : $(Build.SourcesDirectory)\PowerShell\.config\suppress.json
112- binskim :
113- enabled : false
114- # APIScan requires a non-Ready-To-Run build
115- apiscan :
116- enabled : false
117- tsaOptionsFile : .config\tsaoptions.json
118+ binskim :
119+ enabled : false
120+ exactToolVersion : 4.4.2
121+ # APIScan requires a non-Ready-To-Run build
122+ apiscan :
123+ enabled : false
124+ tsaOptionsFile : .config\tsaoptions.json
118125
119126 stages :
120127 - stage : prep
0 commit comments