From a33b5d32b0e93c97adba1befad277f91716770a9 Mon Sep 17 00:00:00 2001
From: Travis Plunk <travis.plunk@microsoft.com>
Date: Fri, 6 May 2022 11:54:04 -0700
Subject: [PATCH] Put Secure supply chain analysis at correct place (#17273)

* Update releaseBuild.yml

* Add nuget security analysis to where it should be

* Add a display name

* Update tools/releaseBuild/azureDevOps/releaseBuild.yml

Co-authored-by: Aditya Patwardhan <adityap@microsoft.com>

Co-authored-by: Aditya Patwardhan <adityap@microsoft.com>
---
 tools/releaseBuild/azureDevOps/releaseBuild.yml               | 3 +++
 .../azureDevOps/templates/insert-nuget-config-azfeed.yml      | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/tools/releaseBuild/azureDevOps/releaseBuild.yml b/tools/releaseBuild/azureDevOps/releaseBuild.yml
index 59fb0498a57a..916f90c7a5b2 100644
--- a/tools/releaseBuild/azureDevOps/releaseBuild.yml
+++ b/tools/releaseBuild/azureDevOps/releaseBuild.yml
@@ -34,6 +34,9 @@ variables:
     value: 1
   - name: NugetSecurityAnalysisWarningLevel
     value: none
+  # Prevents auto-injection of nuget-security-analysis@0
+  - name: skipNugetSecurityAnalysis
+    value: true
   - name: branchCounterKey
     value: $[format('{0:yyyyMMdd}-{1}', pipeline.startTime,variables['Build.SourceBranch'])]
   - name: branchCounter
diff --git a/tools/releaseBuild/azureDevOps/templates/insert-nuget-config-azfeed.yml b/tools/releaseBuild/azureDevOps/templates/insert-nuget-config-azfeed.yml
index 9cf3d8dbc8d1..affecad20dde 100644
--- a/tools/releaseBuild/azureDevOps/templates/insert-nuget-config-azfeed.yml
+++ b/tools/releaseBuild/azureDevOps/templates/insert-nuget-config-azfeed.yml
@@ -23,3 +23,7 @@ steps:
       }
   displayName: 'Add nuget.config for Azure DevOps feed for packages'
   condition: and(succeededOrFailed(), ne(variables['PSInternalNugetFeed'], ''))
+
+- task: nuget-security-analysis@0
+  displayName: 'Run Secure Supply Chain analysis'
+