Update agent pool and add tasks to security check (Azure#20064)

* Update security-tools.yml for Azure Pipelines

* Update agent pool

* update code

* update

* update

* update

* update

* Update release-test.yml

remove useless char

* update

* Update security-tools.yml for Azure Pipelines

* Update security-tools.yml for Azure Pipelines

* Update security-tools.yml for Azure Pipelines

* Update security-tools.yml for Azure Pipelines

* Update security-tools.yml for Azure Pipelines

* update

* update

* update

* Update

* update

* Update windows-powershell.yml

Co-authored-by: Yan Xu <[email protected]>
Co-authored-by: Yunchi Wang <[email protected]>

Author: 3 people

.azure-pipelines/code-gen.yml

@@ -19,8 +19,7 @@ jobs:
 - job: Job_1
   displayName: "Service: ${{ parameters.ServiceName }}"
   timeoutInMinutes: 90
-  pool:
-    name: pool-windows-2019
+  pool: pool-windows-2019
   steps:
   - checkout: self
   - task: NodeTool@0

.azure-pipelines/daily-build.yml

@@ -15,8 +15,7 @@ pr: none
 jobs:
 - job: DailyBuild
   timeoutInMinutes: 180
-  pool:
-    vmImage: 'windows-2019'
+  pool: pool-windows-2019
   steps:
   - task: PowerShell@2
     displayName: 'Initialization'

.azure-pipelines/powershell-core.yml

@@ -1,10 +1,13 @@
 variables:
-  WindowsName: windows
-  WindowsImage: windows-2019
+  WindowsName: windows 
+  WindowsAgentPoolName: pool-windows-2019
+  WindowsAgentPoolVMImage: ''
   LinuxName: linux
-  LinuxImage: ubuntu-20.04
+  LinuxAgentPoolName: pool-ubuntu-2004
+  LinuxAgentPoolVMImage: ''
   MacOSName: macOS
-  MacOSImage: macOS-11
+  MacOSAgentPoolName: 'Azure Pipelines'
+  MacOSAgentPoolVMImage: macOS-11
   TestFramework: netcoreapp3.1
   TestTarget: Test
   Configuration: Debug
@@ -30,18 +33,11 @@ jobs:
   displayName: Build
   condition: succeeded()
   timeoutInMinutes: ${{ variables.BuildTimeoutInMinutes }}
-  strategy:
-    matrix:
-      windows:
-        OSName: ${{ variables.WindowsName }}
-        ImageName: ${{ variables.WindowsImage }}
-  pool:
-    vmImage: $(ImageName)
+  pool: pool-windows-2019
 
   steps:
   - template: util/build-steps.yml
     parameters:
-      osName: $(OSName)
       configuration: ${{ variables.Configuration }}
       testFramework: ${{ variables.TestFramework }}
       powerShellPlatform: ${{ variables.PowerShellPlatform }}
@@ -51,18 +47,11 @@ jobs:
   dependsOn: Build
   condition: succeeded()
   timeoutInMinutes: ${{ variables.AnalysisTimeoutInMinutes }}
-  strategy:
-    matrix:
-      windows:
-        OSName: ${{ variables.WindowsName }}
-        ImageName: ${{ variables.WindowsImage }}
-  pool:
-    vmImage: $(ImageName)
+  pool: pool-windows-2019
 
   steps:
   - template: util/analyze-steps.yml
     parameters:
-      osName: $(OSName)
       configuration: ${{ variables.Configuration }}
       testFramework: ${{ variables.TestFramework }}
       powerShellPlatform: ${{ variables.PowerShellPlatform }}
@@ -76,15 +65,19 @@ jobs:
     matrix:
       windows:
         OSName: ${{ variables.WindowsName }}
-        ImageName: ${{ variables.WindowsImage }}
+        agentPoolName: ${{ variables.WindowsAgentPoolName }}
+        agentPoolVMImage: ${{ variables.WindowsAgentPoolVMImage }}
       linux:
         OSName: ${{ variables.LinuxName }}
-        ImageName: ${{ variables.LinuxImage }}
+        agentPoolName: ${{ variables.LinuxAgentPoolName }}
+        agentPoolVMImage: ${{ variables.LinuxAgentPoolVMImage }}
       macOS:
         OSName: ${{ variables.MacOSName }}
-        ImageName: ${{ variables.MacOSImage }}
+        agentPoolName: ${{ variables.MacOSAgentPoolName }}
+        agentPoolVMImage: ${{ variables.MacOSAgentPoolVMImage }}
   pool:
-    vmImage: $(ImageName)
+    name: $(agentPoolName)
+    vmImage: $(agentPoolVMImage)
 
   steps:
   - template: util/test-steps.yml

.azure-pipelines/release-test.yml

@@ -1,36 +1,36 @@
 parameters:
-- name: win_image
-  displayName: Windows Image Version
-  type: string
-  default: windows-2019
-- name: linux_image
-  displayName: Linux Image Version
-  type: string
-  default: ubuntu-20.04
-- name: macOS_image
-  displayName: MacOS Image Version
-  type: string
-  default: macOS-11
 - name: win_ps
   displayName: Windows PowerShell Version
   type: string
   default: 5.1.14
 - name: ps7
   displayName: PowerShell 7.0.x Version
   type: string
-  default: 7.0.8
+  default: 7.0.13
 - name: ps7_1
   displayName: PowerShell 7.1.x Version
   type: string
-  default: 7.1.5
+  default: 7.1.7
 - name: ps7_2
   displayName: PowerShell 7.2.x Version
   type: string
-  default: 7.2.0
+  default: 7.2.7
 - name: latest_ps
   displayName: PowerShell Latest Version
   type: string
-  default: latest
+  default: 7.2.7
+- name: netCoreVersion
+  displayName: .NET Version
+  type: string
+  default: 6.0.x
+
+variables:
+  winAgentPoolName: pool-windows-2019
+  winAgentPoolVMImage: ''
+  linuxAgentPoolName: pool-ubuntu-2004
+  linuxAgentPoolVMImage: ''
+  macOsAgentPoolName: Azure Pipelines
+  macOsAgentPoolVMImage: macOS-11
 
 pr: none
 trigger: none
@@ -39,65 +39,87 @@ jobs:
 - template: util/smoke-test-steps.yml
   parameters:
     name: 'Win_PS5_1_14_SmokeTest'
-    vmImage: ${{ parameters.win_image }}
+    agentPoolName: ${{ variables.winAgentPoolName }}
+    agentPoolVMImage: ${{ variables.winAgentPoolVMImage }}
     psVersion: ${{ parameters.win_ps }}
+    netCoreVersion: ${{ parameters.netCoreVersion }}
 
 - template: util/smoke-test-steps.yml
   parameters:
     name: 'Win_PS7_0_X_SmokeTest'
-    vmImage: ${{ parameters.win_image }}
+    agentPoolName: ${{ variables.winAgentPoolName }}
+    agentPoolVMImage: ${{ variables.winAgentPoolVMImage }}
     psVersion: ${{ parameters.ps7 }}
+    netCoreVersion: ${{ parameters.netCoreVersion }}
 
 - template: util/smoke-test-steps.yml
   parameters:
     name: 'Win_PS7_1_X_SmokeTest'
-    vmImage: ${{ parameters.win_image }}
+    agentPoolName: ${{ variables.winAgentPoolName }}
+    agentPoolVMImage: ${{ variables.winAgentPoolVMImage }}
     psVersion: ${{ parameters.ps7_1 }}
+    netCoreVersion: ${{ parameters.netCoreVersion }}
 
 - template: util/smoke-test-steps.yml
   parameters:
     name: 'Win_PS7_2_X_SmokeTest'
-    vmImage: ${{ parameters.win_image }}
+    agentPoolName: ${{ variables.winAgentPoolName }}
+    agentPoolVMImage: ${{ variables.winAgentPoolVMImage }}
     psVersion: ${{ parameters.ps7_2 }}
+    netCoreVersion: ${{ parameters.netCoreVersion }}
 
 - template: util/smoke-test-steps.yml
   parameters:
     name: 'Win_Latest_PS_SmokeTest'
-    vmImage: ${{ parameters.win_image }}
+    agentPoolName: ${{ variables.winAgentPoolName }}
+    agentPoolVMImage: ${{ variables.winAgentPoolVMImage }}
     psVersion: ${{ parameters.latest_ps }}
+    netCoreVersion: ${{ parameters.netCoreVersion }}
 
 - template: util/smoke-test-steps.yml
   parameters:
     name: 'Linux_PS7_0_X_SmokeTest'
-    vmImage: ${{ parameters.linux_image }}
+    agentPoolName: ${{ variables.linuxAgentPoolName }}
+    agentPoolVMImage: ${{ variables.linuxAgentPoolVMImage }}
     psVersion: ${{ parameters.ps7 }}
+    netCoreVersion: ${{ parameters.netCoreVersion }}
 
 - template: util/smoke-test-steps.yml
   parameters:
     name: 'Linux_PS7_1_X_SmokeTest'
-    vmImage: ${{ parameters.linux_image }}
+    agentPoolName: ${{ variables.linuxAgentPoolName }}
+    agentPoolVMImage: ${{ variables.linuxAgentPoolVMImage }}
     psVersion: ${{ parameters.ps7_1 }}
+    netCoreVersion: ${{ parameters.netCoreVersion }}
 
 - template: util/smoke-test-steps.yml
   parameters:
     name: 'Linux_PS7_2_X_SmokeTest'
-    vmImage: ${{ parameters.linux_image }}
+    agentPoolName: ${{ variables.linuxAgentPoolName }}
+    agentPoolVMImage: ${{ variables.linuxAgentPoolVMImage }}
     psVersion: ${{ parameters.ps7_2 }}
+    netCoreVersion: ${{ parameters.netCoreVersion }}
 
 - template: util/smoke-test-steps.yml
   parameters:
     name: 'Linux_Latest_PS_SmokeTest'
-    vmImage: ${{ parameters.linux_image }}
+    agentPoolName: ${{ variables.linuxAgentPoolName }}
+    agentPoolVMImage: ${{ variables.linuxAgentPoolVMImage }}
     psVersion: ${{ parameters.latest_ps }}
+    netCoreVersion: ${{ parameters.netCoreVersion }}
 
 - template: util/smoke-test-steps.yml
   parameters:
     name: 'MacOS_PS7_2_X_SmokeTest'
-    vmImage: ${{ parameters.macOS_image }}
+    agentPoolName: ${{ variables.macOsAgentPoolName }}
+    agentPoolVMImage: ${{ variables.macOsAgentPoolVMImage }}
     psVersion: ${{ parameters.ps7_2 }}
+    netCoreVersion: ${{ parameters.netCoreVersion }}
 
 - template: util/smoke-test-steps.yml
   parameters:
     name: 'MacOS_Latest_PS_SmokeTest'
-    vmImage: ${{ parameters.macOS_image }}
+    agentPoolName: ${{ variables.macOsAgentPoolName }}
+    agentPoolVMImage: ${{ variables.macOsAgentPoolVMImage }}
     psVersion: ${{ parameters.latest_ps }}
+    netCoreVersion: ${{ parameters.netCoreVersion }}

.azure-pipelines/security-tools.yml

@@ -16,8 +16,7 @@ jobs:
 - job: Job_1
   displayName: Main
   timeoutInMinutes: 120
-  pool:
-    name: pool-windows-2019
+  pool: pool-windows-2019
   steps:
   - checkout: self
     fetchTags: false
@@ -32,6 +31,7 @@ jobs:
     condition: eq(variables.IsGenerateBased, true)
     inputs:
       versionSpec: 14.17.1
+  
   - task: PowerShell@2
     displayName: Install autorest
     condition: eq(variables.IsGenerateBased, true)
@@ -53,14 +53,22 @@ jobs:
       outputFormat: sarif
       scanFolder: SecurityTmp
       suppressionsFile: tools/SecurityTools/CredScanSuppressions.json
-      debugMode: false
-      folderSuppression: false
+
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@3
+    displayName: Run BinSkim
+    inputs:
+      InputType: 'Basic'
+      Function: 'analyze'
+      AnalyzeTarget: '$(Build.SourcesDirectory)/artifacts/Debug/*.dll;$(Build.SourcesDirectory)/artifacts/*.exe'
+      AnalyzeStatistics: true
+
   - task: PowerShell@2
     displayName: Cleanup Build
     inputs:
       targetType: inline
       script: ./tools/CleanupBuild.ps1
       pwsh: true
+
   - task: PoliCheck@1
     displayName: Run PoliCheck
     inputs:

.azure-pipelines/sign-tool-predictor.yml

@@ -1,7 +1,6 @@
 pr: none
 trigger: none
-pool:
-  vmImage: 'windows-2019'
+pool: pool-windows-2019
 
 steps:
 - task: PowerShell@2

.azure-pipelines/sign-tools.yml

@@ -1,8 +1,7 @@
 trigger: none
 pr: none
 
-pool:
-  vmImage: 'windows-2019'
+pool: pool-windows-2019
 
 steps:
 - task: PowerShell@2

.azure-pipelines/util/analyze-steps.yml

@@ -1,5 +1,4 @@
 parameters:
-  osName: ''
   configuration: ''
   testFramework: ''
   powerShellPlatform: ''

.azure-pipelines/util/build-steps.yml

@@ -1,5 +1,4 @@
 parameters:
-  osName: ''
   testFramework: ''
   configuration: ''
   powerShellPlatform: ''

.azure-pipelines/util/smoke-test-steps.yml

@@ -1,25 +1,24 @@
-
 parameters:
-- name: name
-  default: ''
-- name: vmImage
-  default: ''
-- name: psVersion
-  default: ''
+  name: ''
+  psVersion: ''
+  agentPoolName: ''
+  agentPoolVMImage: ''
+  netCoreVersion: ''
 
 jobs:
 - job: ${{ parameters.name }}
   timeoutInMinutes: 180
   pool:
-    vmImage: ${{ parameters.vmImage }}
+    name: ${{ parameters.agentPoolName }}
+    vmImage: ${{ parameters.agentPoolVMImage }}
 
   steps:
   - task: UseDotNet@2
-    condition: ne(variables['NetCoreVersion'], '')
-    displayName: 'Prepare .NET Core $(NetCoreVersion)'
+    condition: ne(variables['netCoreVersion'], '')
+    displayName: 'Prepare .NET Core ${{ parameters.netCoreVersion }}'
     inputs:
       packageType: sdk
-      version: $(NetCoreVersion)
+      version: ${{ parameters.netCoreVersion }}
 
   - task: PowerShell@2
     displayName: Prepare Powershell ${{ parameters.psVersion }}