Build pipeline (#1026)

* Set up CI with Azure Pipelines

[skip ci]

* remove trigger

* adding common security template

* using windows image when testing

* junit runner; publish result

* contents to ignore

* script for each line

* displayName for each script

Author: nikithauc

.azure-pipelines/ci-build-production.yml

@@ -0,0 +1,92 @@
+# Node.js
+# Build a general Node.js project with npm.
+# Add steps that analyze code, save build artifacts, deploy, and more:
+# https://docs.microsoft.com/azure/devops/pipelines/languages/javascript
+
+name: $(BuildDefinitionName)_$(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r)
+
+trigger:
+  branches:
+    include:
+      - main
+
+pr: none
+
+
+stages:
+- stage: "Test"
+  jobs:
+  - job:
+    pool:
+      vmImage: windows-latest
+    strategy:
+      matrix:
+        Node 12:
+          NODE_VERSION: '12.x'
+        Node 14:
+          NODE_VERSION: '14.x'
+        Node 16:
+          NODE_VERSION: '16.x'
+      maxParallel: 2 
+    steps:
+    - template: ./common-templates/security-pre-checks.yml
+    - task: NodeTool@0
+      inputs:
+        versionSpec: $(NODE_VERSION)
+      displayName: 'Install Node.js'
+
+    - script: npm ci
+      displayName: 'npm install for tests'
+    - script: npm run build
+      displayName: 'npm build for tests'
+    - script: npm run test
+      displayName: 'Run the node tests'
+    - script: npm run karma
+      displayName: 'Run karma tests'
+
+    - task: PublishTestResults@2
+      displayName: 'Publish Unit Test Results'
+      inputs:
+          testResultsFormat: 'JUnit'
+          testResultsFiles: '**/testResult.xml'
+          failTaskOnFailedTests: true
+
+    - template: ./common-templates/security-post-checks.yml
+
+- stage: "Build"
+  jobs:
+  - job:
+  
+    pool:
+      vmImage: ubuntu-latest
+    steps:
+    - task: NodeTool@0
+      inputs:
+        versionSpec: '16.x'
+      displayName: 'Install Node.js'
+
+    - script: |
+        npm ci
+        npm run build
+      displayName: 'Build for production artifact'
+    - task: CopyFiles@2
+      inputs:
+        sourceFolder: '$(Build.SourcesDirectory)'
+        targetFolder: $(Build.ArtifactStagingDirectory)
+        Contents: |
+          **/*
+          !test/**
+          !.azure-pipelines/**
+          !.github/**
+          !.git/**
+          !.vscode/**
+          !node_modules/**
+      displayName: 'Copy npm package'
+
+    - task: PublishBuildArtifacts@1
+      inputs:
+        pathtoPublish: $(Build.ArtifactStagingDirectory)
+        artifactName: "release-drop"
+      displayName: 'Publish artifacts'
+
+    

.azure-pipelines/common-templates/security-post-checks.yml

@@ -0,0 +1,53 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+steps:
+  - task: CodesignValidation@0
+
+  - task: SdtReport@1
+    displayName: "Security Analysis Report"
+    continueOnError: true
+    condition: succeededOrFailed()
+    inputs:
+      AllTools: false
+      APIScan: false
+      BinSkim: false
+      BinSkimBreakOn: "WarningAbove"
+      CodesignValidation: true
+      CodesignValidationBreakOn: "WarningAbove"
+      CredScan: true
+      FortifySCA: false
+      FxCop: false
+      ModernCop: false
+      MSRD: false
+      PoliCheck: true
+      PoliCheckBreakOn: "Severity1"
+      RoslynAnalyzers: true
+      RoslynAnalyzersBreakOn: "WarningAbove"
+      SDLNativeRules: false
+      Semmle: false
+      TSLint: false
+      TSLintBreakOn: "WarningAbove"
+      ToolLogsNotFoundAction: "Standard"
+
+  - task: PublishSecurityAnalysisLogs@3
+    displayName: "Publish Security Analysis Logs"
+    inputs:
+      ArtifactName: "CodeAnalysisLogs"
+      ArtifactType: "Container"
+      AllTools: false
+      AntiMalware: false
+      APIScan: false
+      BinSkim: false
+      CodesignValidation: true
+      CredScan: true
+      FortifySCA: false
+      FxCop: false
+      ModernCop: true
+      MSRD: false
+      PoliCheck: true
+      RoslynAnalyzers: true
+      SDLNativeRules: false
+      Semmle: false
+      TSLint: false
+      WebScout: false
+      ToolLogsNotFoundAction: "Standard"

.azure-pipelines/common-templates/security-pre-checks.yml

@@ -0,0 +1,21 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+steps:
+  - task: CredScan@2
+    displayName: "Run CredScan"
+    inputs:
+      debugMode: false
+      batchSize: 20
+      toolMajorVersion: "V2"
+      searchersFileType: "Skype"
+
+  - task: PoliCheck@1
+    displayName: "Run PoliCheck"
+    condition: and(succeeded(), eq(eq(variables['Build.SourceBranch'], 'refs/heads/main'), false))
+    inputs:
+      targetType: F
+      SOMEnabled: true
+      optionsFC: 0
+      optionsXS: 0
+      optionsHMENABLE: 0
+      continueOnError: true

.gitignore

@@ -28,4 +28,6 @@ test/development/secrets.ts
 
 .nyc_output/*
 
-.idea/*
+.idea/*
+
+testResult.xml

.npmignore

@@ -1,4 +1,5 @@
 src/
 scripts/
 design/
-changelogs/
+changelogs/
+testResult.xml