azure-pipelines-v2-lgtm.yml

# This YAML is used for the docfx v2 LGTM CI (https://dev.azure.com/ceapex/Engineering/_build?definitionId=3920)

trigger:
  batch: true
  branches:
    include:
    - dev
    - main
pr: none

variables:
  LGTM.SnapshotIdentifiers: Build=Full
  LGTM.SnapshotMetadata: Owner=OPSBuild
  LGTM.UploadSnapshot: true
  Semmle.SkipAnalysis: true

pool:
  vmImage: 'windows-latest'

steps:

- task: CredScan@2
  displayName: Security - CredScan
  inputs:
    toolMajorVersion: 'V2'

- task: BinSkim@3
  displayName: Security - BinSkim
  inputs:
    InputType: 'Basic'
    Function: 'analyze'
    AnalyzeTarget: >
      **/*.exe;
      **/*.dll;

- task: Semmle@0
  env: 
      SYSTEM_ACCESSTOKEN: $(System.AccessToken)
  displayName: Security - LGTM
  inputs:
    toolVersion: 'LatestPreRelease'
    sourceCodeDirectory: '$(Build.SourcesDirectory)'
    language: 'csharp'
    cleanupBuildCommands: 'dotnet clean'
    buildCommands: 'dotnet build docfx.sln'
    querySuite: 'Required'
    timeout: '7200'
    ram: '16384'
    addProjectDirToScanningExclusionList: true

- task: SdtReport@1
  displayName: Security - SdtReport
  inputs:
    Semmle: true
    CredScan: true
    BinSkim: true
    ToolLogsNotFoundAction: 'Standard'

- task: PublishSecurityAnalysisLogs@2
  displayName: Security - Publish Scan Results
  inputs:
    ArtifactName: 'CodeAnalysisLogs'
    ArtifactType: 'Container'
    AllTools: true
    ToolLogsNotFoundAction: 'Standard'

- task: TSAUpload@1
  inputs:
    tsaVersion: 'TsaV2'
    tsaEnvironment: 'PROD'
    codeBaseName: 'Docs_default_v2'
    uploadCredScan: true
    uploadBinSkim: true
    uploadSemmle: true
    uploadAsync: true

- task: PostAnalysis@1
  displayName: Security - PostAnalysis
  inputs:
    Semmle: true
    CredScan: true
    BinSkim: true
    ToolLogsNotFoundAction: 'Standard'