[ci] Migrate to the 1ES template

.gdn/.gdnsettings

@@ -0,0 +1,7 @@
+{
+  "files": { },
+  "folders": { },
+  "overwriteLogs": true,
+  "telemetryFlushTimeout": 10,
+  "variables": { }
+}

.gdn/.gdnsuppress

@@ -0,0 +1,160 @@
+{
+  "hydrated": false,
+  "properties": {
+    "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/suppressions",
+    "hydrationStatus": "This file does not contain identifying data. It is safe to check into your repo. To hydrate this file with identifying data, run `guardian hydrate --help` and follow the guidance."
+  },
+  "version": "1.0.0",
+  "suppressionSets": {
+    "default": {
+      "name": "default",
+      "createdDate": "2024-02-13 23:43:02Z",
+      "lastUpdatedDate": "2024-02-15 20:19:17Z"
+    }
+  },
+  "results": {
+    "106ebf57147abe7cd400e99216306929d7fa316d10e3d30dc218c74b9bd7795e": {
+      "signature": "106ebf57147abe7cd400e99216306929d7fa316d10e3d30dc218c74b9bd7795e",
+      "alternativeSignatures": [
+        "f7e9384d5be4600dadfdbeceff23d1468f682e9d6998ce6d54f9379bbe1e535a"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Reference to an external vcpkg .ps1 file.",
+      "createdDate": "2024-02-13 23:43:02Z"
+    },
+    "cb309d5a322c6d545bc8304bc6bc21953f5d953dcc2ef54f9f66e9d2a41cd5af": {
+      "signature": "cb309d5a322c6d545bc8304bc6bc21953f5d953dcc2ef54f9f66e9d2a41cd5af",
+      "alternativeSignatures": [
+        "ff4304de20e5d510170ae65c7fe48212f33fcfa5c0a3d8a45eee175c04101153"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Suppressing BA2007 triggered by the addition of -wd4996 required to build external bzip2 dependency with /sdl flag.",
+      "createdDate": "2024-02-15 19:39:18Z"
+    },
+    "47d725f1446c35b0410c9774133d814fd3200f89bc0857bd81df4ac73ffcb90e": {
+      "signature": "47d725f1446c35b0410c9774133d814fd3200f89bc0857bd81df4ac73ffcb90e",
+      "alternativeSignatures": [
+        "4394b51c48c696764500c59f00680af353a9a744a82906347a413359f9cfd452"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Suppressing BA2007 triggered by the addition of -wd4996 required to build external bzip2 dependency with /sdl flag.",
+      "createdDate": "2024-02-15 19:39:18Z"
+    },
+    "5f3b04604481e5a1f6a33d01a244db1fc6b2fd02b3b078cf7dfe6cc04e076276": {
+      "signature": "5f3b04604481e5a1f6a33d01a244db1fc6b2fd02b3b078cf7dfe6cc04e076276",
+      "alternativeSignatures": [
+        "ba25311c4c43e2873bee240e8c4c68682272eb5bc58c97339791be287e8c96a2"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Suppressing BA2007 triggered by the addition of -wd4996 required to build external bzip2 dependency with /sdl flag.",
+      "createdDate": "2024-02-15 19:39:18Z"
+    },
+    "39b5eea31b6779ed59ae6854d2c15e17ceb93e3067a87138748fc8f02d734625": {
+      "signature": "39b5eea31b6779ed59ae6854d2c15e17ceb93e3067a87138748fc8f02d734625",
+      "alternativeSignatures": [
+        "59a87f4e078c6ab72fe39adc6139c86d18cddbcd40221114c4a683666bcaadf4"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/win32 file 'example.exe'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    },
+    "4b61adeeb4b0237fbe2352c290a84dc686067351e66810c27192c6a00d9ecbc7": {
+      "signature": "4b61adeeb4b0237fbe2352c290a84dc686067351e66810c27192c6a00d9ecbc7",
+      "alternativeSignatures": [
+        "cf7a67d41e8f7415d089d7007de01417f73c41b842480682686b6b326042ef12"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/win32 file 'minigzip.exe'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    },
+    "14d9bf44b59382ea3316fb01edba5c49251fac10cfa0b0e1c5e4053ea2daf7a7": {
+      "signature": "14d9bf44b59382ea3316fb01edba5c49251fac10cfa0b0e1c5e4053ea2daf7a7",
+      "alternativeSignatures": [
+        "34132c90cef21d1559d791ca3374054b3498293e9af99ebaf0a97ebdf2117359"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/win32 file 'zlib.dll'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    },
+    "32c95027d0378e43655c6ae1d1d94d175b5ae0a80f7a09ab5ef877c82c8613cf": {
+      "signature": "32c95027d0378e43655c6ae1d1d94d175b5ae0a80f7a09ab5ef877c82c8613cf",
+      "alternativeSignatures": [
+        "3b8cc35f6043d60895fc2b58aa0e340f26168e7276e77d32a2290ce8f52e87a7"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/win64 file 'example.exe'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    },
+    "714c09b687b522c384ad4f562ad7fc22b4a3cc486f4e111da2ef9f9f7049bbd9": {
+      "signature": "714c09b687b522c384ad4f562ad7fc22b4a3cc486f4e111da2ef9f9f7049bbd9",
+      "alternativeSignatures": [
+        "c319ab28b12c0772a32e11a1b8adfbf5d31d940c26f65d547508fbbe067479c7"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/win64 file 'minigzip.exe'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    },
+    "7d646d44fc117d94d024aeb65acccd6a6c78ea2f7a67a9925ec0720ca14fc16d": {
+      "signature": "7d646d44fc117d94d024aeb65acccd6a6c78ea2f7a67a9925ec0720ca14fc16d",
+      "alternativeSignatures": [
+        "b6cd355613757ef82eba700719a1957211688374b0841271340c10a65ca913ba"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/win64 file 'zlib.dll'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    },
+    "075eeab70a88345e6e142f97544de5be84cb85c87ba36ec229a2a4df5d482337": {
+      "signature": "075eeab70a88345e6e142f97544de5be84cb85c87ba36ec229a2a4df5d482337",
+      "alternativeSignatures": [
+        "4cc6ffe05f61e35bd7fa57a5a4b4f82d050e684f11e15ce6eade601aa86d2b11"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/winarm64 file 'example.exe'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    },
+    "f9e7e5e304a91532f7615d252ba18ea11e52ba6eb28cd78f872a480423351256": {
+      "signature": "f9e7e5e304a91532f7615d252ba18ea11e52ba6eb28cd78f872a480423351256",
+      "alternativeSignatures": [
+        "13987557036db098921cee21a62d8dc557c4e4136a10220442388eb2f9f18607"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/winarm64 file 'minigzip.exe'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    },
+    "0ed7f92df9b8d3bf93cf6898af876e9e159b351ce0b2afeb6f153b453be5cdf9": {
+      "signature": "0ed7f92df9b8d3bf93cf6898af876e9e159b351ce0b2afeb6f153b453be5cdf9",
+      "alternativeSignatures": [
+        "d2dc95e0c5edbdb8ddf1de2e9585c7d55cc1a529edc5c3319da8ed818dc72abf"
+      ],
+      "memberOf": [
+        "default"
+      ],
+      "justification": "Unable to resolve BA2007 for external lzsbuild/deps/winarm64 file 'zlib.dll'.",
+      "createdDate": "2024-02-15 20:19:17Z"
+    }
+  }
+}

.gdn/.gitignore

@@ -0,0 +1,11 @@
+## Ignore Guardian internal files
+.r/
+rc/
+rs/
+i/
+p/
+c/
+o/
+
+## Ignore Guardian Local settings
+LocalSettings.gdn.json

.gitmodules

@@ -14,15 +14,11 @@
 	branch = master
 [submodule "external/xz"]
 	path = external/xz
-	url = https://git.tukaani.org/xz.git
-	branch = master
-
+	url = https://github.com/tukaani-project/xz
 [submodule "zlib"]
 	path = external/zlib
 	url = https://github.com/madler/zlib.git
 	branch = master
 [submodule "external/zstd"]
 	path = external/zstd
 	url = https://github.com/facebook/zstd.git
-[submodule "https://git.tukaani.org/xz.git"]
-	url = external/xz

CMakeLists.txt

@@ -228,7 +228,21 @@ if(UNIX)
     LINKER:-z,relro
     LINKER:-z,noexecstack
     LINKER:--no-undefined
-    )
+  )
+else()
+  set(COMMON_COMPILE_OPTIONS
+    /Qspectre
+    /guard:cf
+    /sdl
+    /wd4996
+  )
+
+  set(LINKER_OPTIONS
+    LINKER:/PROFILE
+    LINKER:/DYNAMICBASE
+    LINKER:/CETCOMPAT
+    LINKER:/guard:cf
+  )
 endif()
 
 if(APPLE AND BUILD_LIBZIP)
@@ -576,7 +590,6 @@ else()
     target_link_options(
       ${PROJECT_NAME}
       PRIVATE
-      /PROFILE
       /wholearchive:$<TARGET_FILE:zip>
       )
   endif()