parameters:
- name: msbuildPlatform
  displayName: msbuildPlatform
  type: string
  default: x64
  
steps:
- task: CredScan@2
  displayName: 'Run CredScan'
  inputs:
    toolMajorVersion: V2
    debugMode: false
  continueOnError: true

- task: BinSkim@3
  displayName: 'Run BinSkim'
  inputs:
    arguments: 'analyze $(Build.BinariesDirectory)\RelWithDebInfo\RelWithDebInfo\*.dll  --recurse --verbose'
  continueOnError: true

- task: DeleteFiles@1
  displayName: 'Delete files from $(Build.BinariesDirectory)\RelWithDebInfo'
  inputs:
    SourceFolder: '$(Build.BinariesDirectory)\RelWithDebInfo'
    Contents: |
     **/*.obj
     **/*.pdb
     **/*.dll
      
#Manually set msBuildCommandline so that we can also set CAExcludePath
- task: securedevelopmentteam.vss-secure-development-tools.build-task-prefast.SDLNativeRules@2
  displayName: 'Run the PREfast SDL Native Rules for MSBuild'
  inputs:
    userProvideBuildInfo: msBuildInfo
    msBuildVersion: 16.0
    msBuildArchitecture: x64
    msBuildCommandline: '"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Current\Bin\amd64\msbuild.exe" "$(Build.BinariesDirectory)\RelWithDebInfo\onnxruntime.sln" /p:platform="${{parameters.msbuildPlatform}}" /p:configuration="RelWithDebInfo" /p:CAExcludePath="$(Build.BinariesDirectory);$(Build.SourcesDirectory)\cmake;C:\program files (x86)" /p:VisualStudioVersion="16.0" /m /p:PreferredToolArchitecture=x64'
  continueOnError: true

- task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@1
  displayName: 'Create Security Analysis Report'
  inputs:
    BinSkim: true
    BinSkimBreakOn: WarningAbove
    CredScan: true
    SDLNativeRules: true

- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
  displayName: 'Publish Security Analysis Logs'
  continueOnError: true

- task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@1
  condition: and (succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
  displayName: 'TSA Upload'
  inputs:
    tsaVersion: TsaV2
    codeBaseName: 'onnxruntime_master'
  continueOnError: true