From ae2cb946f8215ff49fa20773ec824b317e6ca603 Mon Sep 17 00:00:00 2001
From: Gerald Versluis <gerald.versluis@microsoft.com>
Date: Mon, 8 Jan 2024 19:46:37 +0100
Subject: [PATCH] Switch to Security v1 template for compliance (#2114)

---
 Xamarin.Essentials/Xamarin.Essentials.csproj |  1 +
 azure-pipelines.yml                          | 27 +++++++++++++++++---
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/Xamarin.Essentials/Xamarin.Essentials.csproj b/Xamarin.Essentials/Xamarin.Essentials.csproj
index 7c2c83ca1..cdbce21f0 100644
--- a/Xamarin.Essentials/Xamarin.Essentials.csproj
+++ b/Xamarin.Essentials/Xamarin.Essentials.csproj
@@ -79,6 +79,7 @@
     <Reference Include="System.Numerics" />
     <AndroidResource Include="Resources\xml\*.xml" />
     <PackageReference Include="Xamarin.AndroidX.Browser" Version="[1.3.0.5,1.6]" />
+    <PackageReference Include="Xamarin.Google.Guava.ListenableFuture" Version="[1.0.0.15,)" />
   </ItemGroup>
   <ItemGroup Condition=" $(TargetFramework.StartsWith('Xamarin.iOS')) ">
     <Compile Include="**\*.ios.cs" />
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 4e3dc40df..b6ce33a51 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -75,6 +75,20 @@ stages:
           - pwsh: |
               Write-Host "##vso[build.updatebuildnumber]$env:NUGET_VERSION"
             displayName: Update the build number with a more readable one
+        postBuildSteps:
+          - task: CopyFiles@2
+            displayName: 'Copy Files (DLLs, PDBs, MDBs & binlogs)'
+            inputs:
+              Contents: |
+                Xamarin.Essentials/bin/**/*.dll
+                Xamarin.Essentials/bin/**/*.pdb
+              TargetFolder: $(build.artifactstagingdirectory)
+
+          - task: PublishBuildArtifacts@1
+            displayName: 'Publish Artifact Binaries'
+            condition: always()
+            inputs:
+              ArtifactName: 'binaries'
 
   - ${{ if eq(variables['System.TeamProject'], 'devdiv') }}:
     - stage: signing
@@ -100,14 +114,21 @@ stages:
           packageVersionRegex: '(?i)^Xamarin.Essentials\.(?<version>\d+\.\d+\.\d+)(.*).nupkg$'
 
   - ${{ if eq(variables['System.TeamProject'], 'devdiv') }}:
-    - template: security/full/v0.yml@internal-templates
+    - template: security/full/v1.yml@internal-templates
       parameters:
-        dependsOn: [ ]
+        scanArtifacts: [ 'nuget', 'binaries' ]
+        antiMalwareEnabled: true
+        binSkimEnabled: true
+        enableCodeInspector: true
+        credScanEnabled: true
         credScanSuppressionFile: $(Build.SourcesDirectory)\build-tools\automation\guardian\CredScanSuppressions.json
         sourceGdnSuppressionFile: $(Build.SourcesDirectory)\build-tools\automation\guardian\source.gdnsuppress
         tsaConfigFile: $(Build.SourcesDirectory)\build-tools\automation\guardian\tsaoptions-v2.json
         policheckExclusionFilesFolder: $(Build.SourcesDirectory)\build-tools\automation\guardian
         policheckGdnSuppressionFilesFolder: $(Build.SourcesDirectory)\build-tools\automation\guardian
+        apiScanEnabled: true
+        apiScanSoftwareName: 'Xamarin.Essentials'
+        apiScanSoftwareVersionNum: $(BUILD_NUMBER)
 
   - ${{ if not(startsWith(variables['Build.SourceBranch'], 'refs/tags/')) }}:
     - stage: devicetests
@@ -322,4 +343,4 @@ stages:
         #           echo "##vso[task.setvariable variable=JAVA_HOME]$(JAVA_HOME_11_X64)"
         #         displayName: 'Setup JDK Paths'
         #       - bash: sh -c "echo \"y\" | $ANDROID_SDK_ROOT/cmdline-tools/latest/bin/sdkmanager \"system-images;android-33;google_apis_playstore;x86_64\""
-        #         displayName: Install the Android emulators
\ No newline at end of file
+        #         displayName: Install the Android emulators