Add a queue-time parameter for skipping compliance tasks

azure-pipelines/build.yml

@@ -7,9 +7,12 @@ parameters:
 - name: RunTests
   type: boolean
   default: true
+- name: EnableCompliance
+  type: boolean
+  default: true
 - name: EnableAPIScan
   type: boolean
-  default: false
+  default: true
 
 jobs:
 - job: Windows
@@ -41,6 +44,7 @@ jobs:
   - ${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}:
     - template: microbuild.after.yml
       parameters:
+        EnableCompliance: ${{ parameters.EnableCompliance }}
         EnableAPIScan: ${{ parameters.EnableAPIScan }}
 
   - template: expand-template.yml

azure-pipelines/microbuild.after.yml

@@ -1,6 +1,6 @@
 parameters:
-- name: EnableAPIScan
-  type: boolean
+  EnableCompliance:
+  EnableAPIScan:
 
 steps:
 - task: MicroBuildCodesignVerify@3
@@ -26,6 +26,7 @@ steps:
   condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'), ne(variables['Build.Reason'], 'PullRequest'))
   continueOnError: true
 
-- template: secure-development-tools.yml
-  parameters:
-    EnableAPIScan: ${{ parameters.EnableAPIScan }}
+- ${{ if eq(parameters.EnableCompliance, 'true') }}:
+  - template: secure-development-tools.yml
+    parameters:
+      EnableAPIScan: ${{ parameters.EnableAPIScan }}

azure-pipelines/official.yml

@@ -33,8 +33,12 @@ parameters:
   displayName: Run tests
   type: boolean
   default: true
+- name: EnableCompliance
+  displayName: Run Compliance Tools
+  type: boolean
+  default: true
 - name: EnableAPIScan
-  displayName: Run APIScan
+  displayName: Include APIScan with Compliance tools
   type: boolean
   default: true
 
@@ -55,6 +59,7 @@ stages:
   jobs:
   - template: build.yml
     parameters:
+      EnableCompliance: ${{ parameters.EnableCompliance }}
       EnableAPIScan: ${{ parameters.EnableAPIScan }}
       windowsPool: VSEngSS-MicroBuild2022-1ES
       includeMacOS: ${{ parameters.includeMacOS }}

azure-pipelines/secure-development-tools.yml

@@ -1,9 +1,11 @@
 parameters:
-- name: EnableAPIScan
-  type: boolean
+  EnableAPIScan:
 
 steps:
 
+- powershell: echo "##vso[build.addbuildtag]compliance"
+  displayName: 🏷️ Tag run with 'compliance'
+
 - task: CredScan@3
   displayName: 🔍 Run CredScan