Cherrypick 1ES pipelines to 7.0 (#1076)

* Add code-mirror.yml
* Convert build pipeline to 1ES (#1061)
- Remove old pipeline
- Changes to build.ps1 for new pipeline
* Remove NuGet Config (#1074)
* Updating build to check for vulnerabilities (#1026)
* Add Check-CsprojVulnerabilities.ps1 script
* Update test projects dependencies

Author: andystaples

Check-CsprojVulnerabilities.ps1

@@ -0,0 +1,62 @@
+param
+(
+    [String[]]
+    $CsprojFilePath,
+
+    [switch]
+    $PrintReport
+)
+
+if (-not $CsprojFilePath)
+{
+    $CsprojFilePath = @(
+        "$PSScriptRoot/src/Microsoft.Azure.Functions.PowerShellWorker.csproj"
+        "$PSScriptRoot/test/Unit/Microsoft.Azure.Functions.PowerShellWorker.Test.csproj"
+        "$PSScriptRoot/test/E2E/Azure.Functions.PowerShellWorker.E2E/Azure.Functions.PowerShellWorker.E2E/Azure.Functions.PowerShellWorker.E2E.csproj"
+    )
+}
+
+$logFilePath = "$PSScriptRoot/build.log"
+
+try
+{
+    foreach ($projectFilePath in $CsprojFilePath)
+    {
+        Write-Host "Analyzing '$projectFilePath' for vulnerabilities..."
+        
+        $projectFolder = Split-Path $projectFilePath
+        
+        Push-Location $projectFolder
+        & { dotnet restore $projectFilePath }
+        & { dotnet list $projectFilePath package --include-transitive --vulnerable } 3>&1 2>&1 > $logFilePath
+        Pop-Location
+
+        # Check and report if vulnerabilities are found
+        $report = Get-Content $logFilePath -Raw
+        $result = $report | Select-String "has no vulnerable packages given the current sources"
+
+        if ($result)
+        {
+            Write-Host "No vulnerabilities found"
+        }
+        else
+        {
+            $output = [System.Environment]::NewLine + "Vulnerabilities found!"            
+            if ($PrintReport.IsPresent)
+            {
+                $output += $report
+            }
+            
+            Write-Host $output -ForegroundColor Red
+            Exit 1
+        }
+        Write-Host ""
+    }
+}
+finally
+{
+    if (Test-Path $logFilePath)
+    {
+        Remove-Item $logFilePath -Force
+    }
+}

NuGet.config

@@ -28,13 +28,7 @@ param(
     $Configuration = "Debug",
 
     [string]
-    $BuildNumber = '0',
-
-    [switch]
-    $AddSBOM,
-
-    [string]
-    $SBOMUtilSASUrl
+    $BuildNumber = '0'
 )
 
 #Requires -Version 6.0
@@ -68,35 +62,6 @@ function Get-FunctionsCoreToolsDir {
     }
 }
 
-function Install-SBOMUtil
-{
-    if ([string]::IsNullOrEmpty($SBOMUtilSASUrl))
-    {
-        throw "The `$SBOMUtilSASUrl parameter cannot be null or empty when specifying the `$AddSBOM switch"
-    }
-
-    $MANIFESTOOLNAME = "ManifestTool"
-    Write-Host "Installing $MANIFESTOOLNAME..."
-
-    $MANIFESTOOL_DIRECTORY = Join-Path $PSScriptRoot $MANIFESTOOLNAME
-    Remove-Item -Recurse -Force $MANIFESTOOL_DIRECTORY -ErrorAction Ignore
-
-    Invoke-RestMethod -Uri $SBOMUtilSASUrl -OutFile "$MANIFESTOOL_DIRECTORY.zip"
-    Expand-Archive "$MANIFESTOOL_DIRECTORY.zip" -DestinationPath $MANIFESTOOL_DIRECTORY
-
-    $dllName = "Microsoft.ManifestTool.dll"
-    $manifestToolPath = "$MANIFESTOOL_DIRECTORY/$dllName"
-
-    if (-not (Test-Path $manifestToolPath))
-    {
-        throw "$MANIFESTOOL_DIRECTORY does not contain '$dllName'"
-    }
-
-    Write-Host 'Done.'
-
-    return $manifestToolPath
-}
-
 function Deploy-PowerShellWorker {
     $ErrorActionPreference = 'Stop'
 
@@ -170,28 +135,6 @@ if (!$NoBuild.IsPresent) {
 
     dotnet publish -c $Configuration "/p:BuildNumber=$BuildNumber" $PSScriptRoot
 
-    if ($AddSBOM)
-    {
-        # Install manifest tool
-        $manifestTool = Install-SBOMUtil
-        Write-Log "manifestTool: $manifestTool "
-
-        # Generate manifest
-        $buildPath = "$PSScriptRoot/src/bin/$Configuration/$TargetFramework/publish"
-        $telemetryFilePath = Join-Path $PSScriptRoot ((New-Guid).Guid + ".json")
-        $packageName = "Microsoft.Azure.Functions.PowerShellWorker.nuspec"
-
-        # Delete the manifest folder if it exists
-        $manifestFolderPath = Join-Path $buildPath "_manifest"
-        if (Test-Path $manifestFolderPath)
-        {
-            Remove-Item $manifestFolderPath -Recurse -Force -ErrorAction Ignore
-        }
-
-        Write-Log "Running: dotnet $manifestTool generate -BuildDropPath $buildPath -BuildComponentPath $buildPath -Verbosity Information -t $telemetryFilePath"
-        & { dotnet $manifestTool generate -BuildDropPath $buildPath -BuildComponentPath $buildPath -Verbosity Information -t $telemetryFilePath -PackageName $packageName }
-    }
-
     dotnet pack -c $Configuration "/p:BuildNumber=$BuildNumber" "$PSScriptRoot/package"
 }
 

azure-pipelines.yml

@@ -0,0 +1,21 @@
+trigger:
+  branches:
+    include:
+    # Below branches are examples for Azure/azure-functions-host. Replace with appropriate branches for your repository.
+    # Keep this set limited as appropriate (don't mirror individual user branches).
+    - dev
+    - v4.x/*
+    - v3.x/*
+
+resources:
+  repositories:
+  - repository: eng
+    type: git
+    name: engineering
+    ref: refs/tags/release
+
+variables:
+  - template: ci/variables/cfs.yml@eng
+
+extends:
+  template: ci/code-mirror.yml@eng

build.ps1

@@ -0,0 +1,48 @@
+trigger:
+  batch: true
+  branches:
+    include:
+      - v4.x/*
+      - v3.x/*
+
+# CI only, does not trigger on PRs.
+pr: none
+
+resources:
+  repositories:
+    - repository: 1es
+      type: git
+      name: 1ESPipelineTemplates/1ESPipelineTemplates
+      ref: refs/tags/release
+
+variables:
+  Configuration: Release
+  buildNumber: $[ counter('build', 4000) ] # Start higher than the versions from the previous pipeline. Every build (pr or branch) will increment.
+
+extends:
+  template: v1/1ES.Official.PipelineTemplate.yml@1es
+  parameters:
+    pool:
+      name: 1es-pool-azfunc
+      image: 1es-windows-2022
+      os: windows
+
+    stages:
+      - stage: WindowsUnitTests
+        dependsOn: []
+        jobs:
+          - template: /eng/ci/templates/test.yml@self
+
+      - stage: LinuxUnitTests
+        dependsOn: []
+        jobs:
+          - template: /eng/ci/templates/test.yml@self
+        pool:
+          name: 1es-pool-azfunc
+          image: 1es-ubuntu-22.04
+          os: linux
+
+      - stage: Build
+        dependsOn: [WindowsUnitTests, LinuxUnitTests]
+        jobs:
+          - template: /eng/ci/templates/build.yml@self

eng/ci/code-mirror.yml

@@ -0,0 +1,37 @@
+trigger:
+  batch: true
+  branches:
+    include:
+    - dev
+
+resources:
+  repositories:
+    - repository: 1es
+      type: git
+      name: 1ESPipelineTemplates/1ESPipelineTemplates
+      ref: refs/tags/release
+
+extends:
+  template: v1/1ES.Unofficial.PipelineTemplate.yml@1es
+  parameters:
+    pool:
+      name: 1es-pool-azfunc-public
+      image: 1es-windows-2022
+      os: windows
+
+    stages:
+      - stage: WindowsUnitTests
+        dependsOn: []
+        jobs:
+          - template: /eng/ci/templates/test.yml@self
+        pool:
+          name: 1es-pool-azfunc-public
+
+      - stage: LinuxUnitTests
+        dependsOn: []
+        jobs:
+          - template: /eng/ci/templates/test.yml@self
+        pool:
+          name: 1es-pool-azfunc-public
+          image: 1es-ubuntu-22.04
+          os: linux