From c4b3bfc7da80ea41c2e91d623962d3d5cf9f01ca Mon Sep 17 00:00:00 2001
From: Francisco Gamino <Francisco-Gamino@users.noreply.github.com>
Date: Wed, 8 Dec 2021 13:00:09 -0800
Subject: [PATCH 1/4] Add SBOM generation as part of the build process (#716)

* Add SBOM task to generate manifest

* Update pipeline to generate manifest
---
 azure-pipelines.yml |  4 ++-
 build.ps1           | 60 ++++++++++++++++++++++++++++++++++++++++++++-
 tools/helper.psm1   |  4 +--
 3 files changed, 64 insertions(+), 4 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index e5f85674..6225f10f 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -27,8 +27,10 @@ steps:
 
 - pwsh: |
       $ErrorActionPreference = "Stop"
-      ./build.ps1 -Clean -Configuration Release -BuildNumber "$(buildNumber)"
+      ./build.ps1 -Clean -Configuration Release -BuildNumber "$(buildNumber)" -AddSBOM -SBOMUtilSASUrl $env:SBOMUtilSASUrl
   displayName: 'Build worker code'
+  env:
+    SBOMUtilSASUrl: $(SBOMUtilSASUrl)
 
 - pwsh: ./build.ps1 -NoBuild -Test
   displayName: 'Running UnitTest'
diff --git a/build.ps1 b/build.ps1
index 0caf251e..f00c69bc 100644
--- a/build.ps1
+++ b/build.ps1
@@ -28,7 +28,13 @@ param(
     $Configuration = "Debug",
 
     [string]
-    $BuildNumber = '0'
+    $BuildNumber = '0',
+
+    [switch]
+    $AddSBOM,
+
+    [string]
+    $SBOMUtilSASUrl
 )
 
 #Requires -Version 6.0
@@ -62,6 +68,35 @@ function Get-FunctionsCoreToolsDir {
     }
 }
 
+function Install-SBOMUtil
+{
+    if ([string]::IsNullOrEmpty($SBOMUtilSASUrl))
+    {
+        throw "The `$SBOMUtilSASUrl parameter cannot be null or empty when specifying the `$AddSBOM switch"
+    }
+
+    $MANIFESTOOLNAME = "ManifestTool"
+    Write-Host "Installing $MANIFESTOOLNAME..."
+
+    $MANIFESTOOL_DIRECTORY = Join-Path $PSScriptRoot $MANIFESTOOLNAME
+    Remove-Item -Recurse -Force $MANIFESTOOL_DIRECTORY -ErrorAction Ignore
+
+    Invoke-RestMethod -Uri $SBOMUtilSASUrl -OutFile "$MANIFESTOOL_DIRECTORY.zip"
+    Expand-Archive "$MANIFESTOOL_DIRECTORY.zip" -DestinationPath $MANIFESTOOL_DIRECTORY
+
+    $dllName = "Microsoft.ManifestTool.dll"
+    $manifestToolPath = "$MANIFESTOOL_DIRECTORY/$dllName"
+
+    if (-not (Test-Path $manifestToolPath))
+    {
+        throw "$MANIFESTOOL_DIRECTORY does not contain '$dllName'"
+    }
+
+    Write-Host 'Done.'
+
+    return $manifestToolPath
+}
+
 function Deploy-PowerShellWorker {
     $ErrorActionPreference = 'Stop'
 
@@ -140,6 +175,29 @@ if (!$NoBuild.IsPresent) {
         -OutFile "$PSScriptRoot/src/Modules/Microsoft.PowerShell.Management/Microsoft.PowerShell.Management.psd1" 
 
     dotnet publish -c $Configuration "/p:BuildNumber=$BuildNumber" $PSScriptRoot
+
+    if ($AddSBOM)
+    {
+        # Install manifest tool
+        $manifestTool = Install-SBOMUtil
+        Write-Log "manifestTool: $manifestTool "
+
+        # Generate manifest
+        $buildPath = "$PSScriptRoot/src/bin/$Configuration/$TargetFramework/publish"
+        $telemetryFilePath = Join-Path $PSScriptRoot ((New-Guid).Guid + ".json")
+        $packageName = "Microsoft.Azure.Functions.PowerShellWorker.nuspec"
+
+        # Delete the manifest folder if it exists
+        $manifestFolderPath = Join-Path $buildPath "_manifest"
+        if (Test-Path $manifestFolderPath)
+        {
+            Remove-Item $manifestFolderPath -Recurse -Force -ErrorAction Ignore
+        }
+
+        Write-Log "Running: dotnet $manifestTool generate -BuildDropPath $buildPath -BuildComponentPath $buildPath -Verbosity Information -t $telemetryFilePath"
+        & { dotnet $manifestTool generate -BuildDropPath $buildPath -BuildComponentPath $buildPath -Verbosity Information -t $telemetryFilePath -PackageName $packageName }
+    }
+
     dotnet pack -c $Configuration "/p:BuildNumber=$BuildNumber" "$PSScriptRoot/package"
 }
 
diff --git a/tools/helper.psm1 b/tools/helper.psm1
index 715c3f77..5b780640 100644
--- a/tools/helper.psm1
+++ b/tools/helper.psm1
@@ -11,8 +11,8 @@ $RepoRoot = (Resolve-Path "$PSScriptRoot/..").Path
 $DotnetSDKVersionRequirements = @{
     # We need .NET SDK 3.1 for running the tests, as we still build against the 3.1 framework
     '3.1' = @{
-        MinimalPatch = '412'
-        DefaultPatch = '412'
+        MinimalPatch = '415'
+        DefaultPatch = '415'
     }
     # We need .NET SDK 5.0 for the updated C# compiler
     '5.0' = @{

From d7faf2aa33621212071da7d8d8a2ce9810c0397e Mon Sep 17 00:00:00 2001
From: Francisco Gamino <Francisco-Gamino@users.noreply.github.com>
Date: Tue, 14 Dec 2021 17:47:23 -0800
Subject: [PATCH 2/4] Update VM pool and images name (#718)

---
 azure-pipelines.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 6225f10f..b76dd7d1 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -10,11 +10,12 @@
 strategy:
   matrix:
     linux:
-      imageName: 'ubuntu-latest'
+      imageName: 'MMSUbuntu20.04TLS'
     windows:
-      imageName: 'vs2017-win2016'
+      imageName: 'MMS2019TLS'
 
 pool:
+    name: '1ES-Hosted-AzFunc'
     vmImage: $(imageName)
 
 variables:

From 59f95735bad3ae51164888521363e1e2a254cc2f Mon Sep 17 00:00:00 2001
From: Francisco Gamino <Francisco-Gamino@users.noreply.github.com>
Date: Fri, 17 Dec 2021 10:15:10 -0800
Subject: [PATCH 3/4] Generate SBOM only for release builds (#720)

* Generate SBOM only for release builds
---
 azure-pipelines.yml | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index b76dd7d1..dae20028 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -23,12 +23,28 @@ variables:
   buildNumber: $[ counter('build', 400) ] # Start higher than our AppVeyor versions. Every build (pr or branch) will increment.
 
 steps:
+- pwsh: |
+    $releaseBranches = @('v4.x/ps7.2', 'v4.x/ps7.0', 'v3.x/ps7', 'v3.x/ps6', 'v2.x')
+    $isReleaseBuild = ($releaseBranches -contains $env:BuildSourceBranchName)
+    Write-Host "##vso[task.setvariable variable=IsReleaseBuild]$isReleaseBuild"
+    Write-Host "IsReleaseBuild: $isReleaseBuild"
+  displayName: 'Set IsReleaseBuild variable'
+  env:
+    BuildSourceBranchName: $(Build.SourceBranchName)
+
 - pwsh: ./build.ps1 -NoBuild -Bootstrap
   displayName: 'Running ./build.ps1 -NoBuild -Bootstrap'
 
 - pwsh: |
       $ErrorActionPreference = "Stop"
-      ./build.ps1 -Clean -Configuration Release -BuildNumber "$(buildNumber)" -AddSBOM -SBOMUtilSASUrl $env:SBOMUtilSASUrl
+      if ($isReleaseBuild)
+      {
+        ./build.ps1 -Clean -Configuration Release -BuildNumber "$(buildNumber)" -AddSBOM -SBOMUtilSASUrl $env:SBOMUtilSASUrl
+      }
+      else
+      {
+        ./build.ps1 -Clean -Configuration Release -BuildNumber "$(buildNumber)"
+      }
   displayName: 'Build worker code'
   env:
     SBOMUtilSASUrl: $(SBOMUtilSASUrl)
@@ -71,7 +87,7 @@ steps:
   displayName: 'Set UploadPackage variable'
 
 - task: NuGetCommand@2
-  condition: and(ne(variables['Build.Reason'], 'PullRequest'), in(variables['Build.SourceBranch'], 'refs/heads/v4.x/ps7.2', 'refs/heads/v4.x/ps7.0' , 'refs/heads/v3.x/ps7', 'refs/heads/v3.x/ps6', 'refs/heads/v2.x'), eq(variables.UploadPackage, false))
+  condition: and(ne(variables['Build.Reason'], 'PullRequest'), eq(variables['IsReleaseBuild'], true), eq(variables['UPLOADPACKAGETOPRERELEASEFEED'], false))
   inputs:
     command: 'push'
     packagesToPush: '$(Build.ArtifactStagingDirectory)/**/*.nupkg;!$(Build.ArtifactStagingDirectory)/**/*.symbols.nupkg'

From 44cdcea850dc8077f03e767dfc76f4d5d036c0aa Mon Sep 17 00:00:00 2001
From: Francisco-Gamino <frangom@microsoft.com>
Date: Fri, 17 Dec 2021 12:00:14 -0800
Subject: [PATCH 4/4] Simplify logic to upload the nuget package for
 integration testing

---
 azure-pipelines.yml | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index dae20028..fbb6f9cc 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -76,16 +76,6 @@ steps:
     TargetFolder: '$(Build.ArtifactStagingDirectory)'
   displayName: 'Copy package to artifacts directory'
 
-- pwsh: |
-    $uploadPackage = $null
-    if (-not ([bool]::TryParse($env:UPLOADPACKAGETOPRERELEASEFEED, [ref] $uploadPackage)))
-    {
-      throw "UploadPackageToPreReleaseFeed can only be set to True or False. Current value is set to $env:UPLOADPACKAGETOPRERELEASEFEED"
-    }
-    Write-Host "##vso[task.setvariable variable=UploadPackage]$uploadPackage"
-    Write-Host "UploadPackage: $uploadPackage"
-  displayName: 'Set UploadPackage variable'
-
 - task: NuGetCommand@2
   condition: and(ne(variables['Build.Reason'], 'PullRequest'), eq(variables['IsReleaseBuild'], true), eq(variables['UPLOADPACKAGETOPRERELEASEFEED'], false))
   inputs:
@@ -97,7 +87,7 @@ steps:
   displayName: 'Push NuGet package'
 
 - task: NuGetCommand@2
-  condition: eq(variables.UploadPackage, true)
+  condition: eq(variables['UPLOADPACKAGETOPRERELEASEFEED'], true)
   inputs:
     command: 'push'
     packagesToPush: '$(Build.ArtifactStagingDirectory)/**/*.nupkg;!$(Build.ArtifactStagingDirectory)/**/*.symbols.nupkg'