From 5538b0bbacd2b89dd56b0279818206ddf1cd28f8 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 14 May 2026 13:28:36 -0700 Subject: [PATCH 1/3] chore: add DevOps build pipeline for S360 security vulnerability scanning Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .azurepipelines/build.yml | 48 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 .azurepipelines/build.yml diff --git a/.azurepipelines/build.yml b/.azurepipelines/build.yml new file mode 100644 index 00000000000..68a9e5ff55a --- /dev/null +++ b/.azurepipelines/build.yml @@ -0,0 +1,48 @@ +trigger: none +pr: none + +schedules: + - cron: '0 0 * * 1,3' + displayName: Monday and Wednesday builds + branches: + include: + - main + always: true + +resources: + repositories: + - repository: 1ESPipelineTemplates + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release + +extends: + template: v1/1ES.Unofficial.PipelineTemplate.yml@1ESPipelineTemplates + parameters: + pool: + name: Azure-Pipelines-1ESPT-ExDShared + os: linux + stages: + - stage: Build + jobs: + - job: Build + displayName: Build PHP Beta SDK + steps: + - checkout: self + submodules: recursive + + - script: sudo apt-get update && sudo apt-get install -y php php-xml php-mbstring php-curl unzip + displayName: Install PHP + + - script: | + php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" + php composer-setup.php --install-dir=/usr/local/bin --filename=composer + displayName: Install Composer + + - script: composer install --no-interaction --prefer-dist + displayName: Install dependencies + workingDirectory: $(Build.SourcesDirectory) + + - script: vendor/bin/phpunit + displayName: Run unit tests + workingDirectory: $(Build.SourcesDirectory) From 652d576d660161a828317e43450b8bdf4d2d5bdc Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 14 May 2026 14:47:57 -0700 Subject: [PATCH 2/3] chore: update build pipeline schedule to daily Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .azurepipelines/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.azurepipelines/build.yml b/.azurepipelines/build.yml index 68a9e5ff55a..ba927f44f3f 100644 --- a/.azurepipelines/build.yml +++ b/.azurepipelines/build.yml @@ -2,8 +2,8 @@ trigger: none pr: none schedules: - - cron: '0 0 * * 1,3' - displayName: Monday and Wednesday builds + - cron: '0 0 * * *' + displayName: Daily builds branches: include: - main From d61f7dd1697ad5a3e8eea596cd47823a8d0b3e2b Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 14 May 2026 15:22:44 -0700 Subject: [PATCH 3/3] chore: enable SDL security scanning in build pipeline Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .azurepipelines/build.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.azurepipelines/build.yml b/.azurepipelines/build.yml index ba927f44f3f..7b8df1fef9b 100644 --- a/.azurepipelines/build.yml +++ b/.azurepipelines/build.yml @@ -22,6 +22,17 @@ extends: pool: name: Azure-Pipelines-1ESPT-ExDShared os: linux + sdl: + sourceAnalysisPool: + name: Azure-Pipelines-1ESPT-ExDShared + image: windows-2022 + os: windows + credscan: + enabled: true + policheck: + enabled: true + binskim: + enabled: true stages: - stage: Build jobs: