ADO pipeline changes for OpenSSF Best Practices (#140)

2024-05-17 16:57:51 -07:00 · 2024-05-17 16:57:51 -07:00 · 6dd6a98137
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -250,7 +250,7 @@ elseif(CMAKE_CXX_COMPILER_ID MATCHES "Intel")
 elseif(CMAKE_CXX_COMPILER_ID MATCHES "MSVC")
    if(ENABLE_CODE_ANALYSIS)
      foreach(t IN LISTS TOOL_EXES ITEMS ${PROJECT_NAME})
-        target_compile_options(${t} PRIVATE /analyze)
+        target_compile_options(${t} PRIVATE /analyze /WX)
      endforeach()
    endif()

--- a/DirectXMesh/DirectXMesh_Windows10_2022.vcxproj
+++ b/DirectXMesh/DirectXMesh_Windows10_2022.vcxproj
@ -69,7 +69,7 @@
    <AppContainerApplication>true</AppContainerApplication>
    <ApplicationType>Windows Store</ApplicationType>
    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
-    <WindowsTargetPlatformMinVersion>10.0.17763.0</WindowsTargetPlatformMinVersion>
+    <WindowsTargetPlatformMinVersion>10.0.18362.0</WindowsTargetPlatformMinVersion>
    <ApplicationTypeRevision>10.0</ApplicationTypeRevision>
    <PreferredToolArchitecture>x64</PreferredToolArchitecture>
  </PropertyGroup>
--- a/README.md
+++ b/README.md
@ -49,6 +49,10 @@ For the latest version of DirectXMesh, bug reports, etc. please visit the projec

 ## Release Notes

+FOR SECURITY ADVISORIES, see [GitHub](https://github.com/microsoft/DirectXMesh/security/advisories).
+
+For a full change history, see [CHANGELOG.md](https://github.com/microsoft/DirectXMesh/blob/main/CHANGELOG.md).
+
 * Starting with the June 2020 release, this library makes use of typed enum bitmask flags per the recommendation of the _C++ Standard_ section *17.5.2.1.3 Bitmask types*. This is consistent with Direct3D 12's use of the ``DEFINE_ENUM_FLAG_OPERATORS`` macro. This may have *breaking change* impacts to client code:

  * You cannot pass the ``0`` literal as your flags value. Instead you must make use of the appropriate default enum value: ``CNORM_DEFAULT``, ``VALIDATE_DEFAULT``, or ``MESHLET_DEFAULT``.
@ -71,6 +75,8 @@ This project welcomes contributions and suggestions. Most contributions require

 When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

+Tests for new features should also be submitted as a PR to the [Test Suite](https://github.com/walbourn/directxmeshtest/wiki) repository.
+
 ## Code of Conduct

 This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
--- a/build/DirectXMesh-GitHub-Dev17.yml
+++ b/build/DirectXMesh-GitHub-Dev17.yml
@ -12,22 +12,46 @@ schedules:
    include:
    - main

-trigger: none
+trigger:
+  branches:
+    include:
+    - main
+  paths:
+    exclude:
+    - '*.md'
+    - LICENSE
+    - CMake*
+    - '.nuget/*'
+    - build/*.cmake
+    - build/*.cmd
+    - build/*.in
+    - build/*.props
+    - build/*.ps1
+    - build/*.targets

 pr:
  branches:
    include:
    - main
  paths:
-    include:
-    - build/DirectXMesh-GitHub-Dev17.yml
+    exclude:
+    - '*.md'
+    - LICENSE
+    - CMake*
+    - '.nuget/*'
+    - build/*.cmake
+    - build/*.cmd
+    - build/*.in
+    - build/*.props
+    - build/*.ps1
+    - build/*.targets
+  drafts: false

 resources:
  repositories:
  - repository: self
    type: git
    ref: refs/heads/main
-    trigger: none

 name: $(Year:yyyy).$(Month).$(DayOfMonth)$(Rev:.r)

--- a/build/DirectXMesh-GitHub-Test-Dev17.yml
+++ b/build/DirectXMesh-GitHub-Test-Dev17.yml
@ -36,6 +36,7 @@ pool:

 variables:
  Codeql.Enabled: false
+  VC_PATH: 'C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC'
  GITHUB_PAT: $(GITHUBPUBLICTOKEN)

 jobs:
@ -171,20 +172,13 @@ jobs:
      script: git clone --quiet --no-tags https://%GITHUB_PAT%@github.com/walbourn/directxmeshtest.git Tests
      workingDirectory: $(Build.SourcesDirectory)
      failOnStderr: true
-  - task: ChocolateyCommand@0
-    displayName: Install Ninja
-    inputs:
-      command: 'install'
-      installPackageId: 'ninja'
  - task: CmdLine@2
    displayName: Setup environment for CMake to use VS
    inputs:
      script: |
-        @echo off
-        pushd "C:\Program Files (x86)\Microsoft Visual Studio\Installer\"
-        for /f "delims=" %%x in ('.\vswhere.exe -latest -property InstallationPath') do set VSPATH=%%x
-        popd
-        call "%VSPATH%\VC\Auxiliary\Build\vcvarsall.bat" x64
+        call "$(VC_PATH)\Auxiliary\Build\vcvars64.bat"
+        echo ##vso[task.setvariable variable=WindowsSdkVerBinPath;]%WindowsSdkVerBinPath%
+        echo ##vso[task.prependpath]%VSINSTALLDIR%Common7\IDE\CommonExtensions\Microsoft\CMake\Ninja
        echo ##vso[task.prependpath]%VCINSTALLDIR%Tools\Llvm\x64\bin
        echo ##vso[task.prependpath]%WindowsSdkBinPath%x64
        echo ##vso[task.prependpath]%WindowsSdkVerBinPath%x64
@ -246,14 +240,10 @@ jobs:
    inputs:
      Contents: 'out'
  - task: CmdLine@2
-    displayName: Set LIB for ARM64
+    displayName: Switch compiler to ARM64
    inputs:
      script: |
-        @echo off
-        pushd "C:\Program Files (x86)\Microsoft Visual Studio\Installer\"
-        for /f "delims=" %%x in ('.\vswhere.exe -latest -property InstallationPath') do set VSPATH=%%x
-        popd
-        call "%VSPATH%\VC\Auxiliary\Build\vcvarsall.bat" arm64
+        call "$(VC_PATH)\Auxiliary\Build\vcvarsamd64_arm64.bat"
        echo ##vso[task.setvariable variable=LIB;]%LIB%

  - task: CMake@1
--- a/build/DirectXMesh-GitHub.yml
+++ b/build/DirectXMesh-GitHub.yml
@ -59,7 +59,7 @@ variables:
  Codeql.Enabled: false

 pool:
-  vmImage: windows-2022
+  vmImage: windows-2019

 jobs:
 - job: DESKTOP_BUILD
@ -219,54 +219,3 @@ jobs:
      msbuildArgs: /p:PreferredToolArchitecture=x64 /p:SpectreMitigation=Spectre
      platform: ARM64
      configuration: Release
-
- job: UWP_BUILD
-  displayName: 'Universal Windows Platform (UWP)'
-  timeoutInMinutes: 120
-  cancelTimeoutInMinutes: 1
-  steps:
-  - checkout: self
-    clean: true
-    fetchTags: false
-  - task: VSBuild@1
-    displayName: Build solution DirectXMesh_Windows10_2022.sln 32dbg
-    inputs:
-      solution: DirectXMesh_Windows10_2022.sln
-      msbuildArgs: /p:PreferredToolArchitecture=x64
-      platform: x86
-      configuration: Debug
-  - task: VSBuild@1
-    displayName: Build solution DirectXMesh_Windows10_2022.sln 32rel
-    inputs:
-      solution: DirectXMesh_Windows10_2022.sln
-      msbuildArgs: /p:PreferredToolArchitecture=x64
-      platform: x86
-      configuration: Release
-  - task: VSBuild@1
-    displayName: Build solution DirectXMesh_Windows10_2022.sln 64dbg
-    inputs:
-      solution: DirectXMesh_Windows10_2022.sln
-      msbuildArgs: /p:PreferredToolArchitecture=x64
-      platform: x64
-      configuration: Debug
-  - task: VSBuild@1
-    displayName: Build solution DirectXMesh_Windows10_2022.sln 64rel
-    inputs:
-      solution: DirectXMesh_Windows10_2022.sln
-      msbuildArgs: /p:PreferredToolArchitecture=x64
-      platform: x64
-      configuration: Release
-  - task: VSBuild@1
-    displayName: Build solution DirectXMesh_Windows10_2022.sln arm64dbg
-    inputs:
-      solution: DirectXMesh_Windows10_2022.sln
-      msbuildArgs: /p:PreferredToolArchitecture=x64
-      platform: ARM64
-      configuration: Debug
-  - task: VSBuild@1
-    displayName: Build solution DirectXMesh_Windows10_2022.sln arm64rel
-    inputs:
-      solution: DirectXMesh_Windows10_2022.sln
-      msbuildArgs: /p:PreferredToolArchitecture=x64
-      platform: ARM64
-      configuration: Release
--- a/build/DirectXMesh-SDL.yml
+++ b/build/DirectXMesh-SDL.yml
@ -13,7 +13,14 @@ schedules:
    - main

 trigger: none
-pr: none
+
+pr:
+  branches:
+    include:
+    - main
+  paths:
+    include:
+    - build/DirectXMesh-SDL.yml

 resources:
  repositories:
@ -26,6 +33,7 @@ name: $(Year:yyyy).$(Month).$(DayOfMonth)$(Rev:.r)
 variables:
  Codeql.Enabled: true
  Codeql.Language: cpp
+  VC_PATH: 'C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC'
  VS_GENERATOR: 'Visual Studio 17 2022'

 pool:
@ -104,3 +112,37 @@ jobs:
      GdnBreakPolicyMinSev: 'Error'
  - task: ComponentGovernanceComponentDetection@0
    displayName: Component Detection
+
+- job: VC_PREFAST
+  displayName: 'Build using /analyze (PREFAST)'
+  workspace:
+    clean: all
+  steps:
+  - checkout: self
+    clean: true
+    fetchTags: false
+  - task: CmdLine@2
+    displayName: Setup environment for CMake to use VS
+    inputs:
+      script: |
+        call "$(VC_PATH)\Auxiliary\Build\vcvars64.bat"
+        echo ##vso[task.setvariable variable=WindowsSdkVerBinPath;]%WindowsSdkVerBinPath%
+        echo ##vso[task.prependpath]%VSINSTALLDIR%Common7\IDE\CommonExtensions\Microsoft\CMake\Ninja
+        echo ##vso[task.prependpath]%VCINSTALLDIR%Tools\Llvm\x64\bin
+        echo ##vso[task.prependpath]%WindowsSdkBinPath%x64
+        echo ##vso[task.prependpath]%WindowsSdkVerBinPath%x64
+        echo ##vso[task.prependpath]%VCToolsInstallDir%bin\Hostx64\x64
+        echo ##vso[task.setvariable variable=EXTERNAL_INCLUDE;]%EXTERNAL_INCLUDE%
+        echo ##vso[task.setvariable variable=INCLUDE;]%INCLUDE%
+        echo ##vso[task.setvariable variable=LIB;]%LIB%
+
+  - task: CMake@1
+    displayName: CMake Config
+    inputs:
+      cwd: '$(Build.SourcesDirectory)'
+      cmakeArgs: --preset=x64-Debug -DENABLE_CODE_ANALYSIS=ON
+  - task: CMake@1
+    displayName: CMake Build
+    inputs:
+      cwd: '$(Build.SourcesDirectory)'
+      cmakeArgs: --build out/build/x64-Debug