From 4171f72607c1c6a82b37025e89a2966d9479058d Mon Sep 17 00:00:00 2001
From: Jonathan Pobst <jonathan.pobst@microsoft.com>
Date: Fri, 15 Dec 2023 11:23:49 -1000
Subject: [PATCH] [ci] Add ApiScan. (#829)

---
 build/ci/api-scan.yml | 37 +++++++++++++++++++++++++++++++++++++
 build/ci/build.yml    |  5 +++++
 2 files changed, 42 insertions(+)
 create mode 100644 build/ci/api-scan.yml

diff --git a/build/ci/api-scan.yml b/build/ci/api-scan.yml
new file mode 100644
index 000000000..57c5458cf
--- /dev/null
+++ b/build/ci/api-scan.yml
@@ -0,0 +1,37 @@
+parameters:
+  apiScanDirectory: $(Agent.TempDirectory)\APIScanFiles         # The directory to copy and scan assemblies
+  mainBranchName:                                               # The "main" branch that should be used - can be something other than "main"
+
+steps:
+
+ ### Copy .dll and .pdb files for APIScan
+- task: CopyFiles@2
+  displayName: 'Collect Files for APIScan'
+  inputs:
+    Contents: |
+      generated\**\bin\Release\**\?(*.dll|*.pdb)
+      util\**\bin\Release\**\?(*.dll|*.pdb)
+    TargetFolder: ${{ parameters.apiScanDirectory }}
+    OverWrite: true
+    flattenFolders: true
+  condition: and(succeeded(), eq(variables['runAPIScan'], 'true'), eq('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
+
+- task: CmdLine@2
+  displayName: 'List Files for APIScan'
+  inputs:
+    script: |
+      tree ${{ parameters.apiScanDirectory }} /f        
+  condition: and(succeeded(), eq(variables['runAPIScan'], 'true'), eq('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
+        
+ ### Run latest version of APIScan listed at https://www.1eswiki.com/wiki/APIScan_Build_Task
+- task: APIScan@2
+  displayName: Run APIScan
+  inputs:
+    softwareFolder: ${{ parameters.apiScanDirectory }}
+    softwareName: $(ApiScanName)
+    softwareVersionNum: '$(Build.BuildId)'
+    isLargeApp: true
+    toolVersion: Latest
+  condition: and(succeeded(), eq(variables['runAPIScan'], 'true'), eq('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
+  env:
+    AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
diff --git a/build/ci/build.yml b/build/ci/build.yml
index 1bf49102e..7aa19ab5d 100644
--- a/build/ci/build.yml
+++ b/build/ci/build.yml
@@ -48,6 +48,7 @@ jobs:
           imageName: ${{ parameters.windowsImage }}
           classicInstallerUrl: ${{ parameters.classicXAVsix }}
           runCodeQL: true
+          runAPIScan: true
     displayName: Build
     timeoutInMinutes: ${{ parameters.timeoutInMinutes }}
     variables:
@@ -73,6 +74,10 @@ jobs:
           configuration: ${{ parameters.configuration }}
           skipUnitTests: ${{ parameters.skipUnitTests }}
 
+      - template: api-scan.yml
+        parameters:
+          mainBranchName: ${{ parameters.mainBranchName }}
+
       # after the build is complete
       - pwsh: |
           $srcExists = (Test-Path "${{ parameters.signListPath }}")