From 98d5b1bbfda4381d49f8104a910deaed15a41541 Mon Sep 17 00:00:00 2001
From: William Godbe <wigodbe@microsoft.com>
Date: Thu, 7 May 2020 12:09:17 -0700
Subject: [PATCH] Move SDL validation to ringed release (#21545)

* Move SDL validation to ringed release

* Remove unneeded stuff

* Add back variables

* fixup

* Add missing param
---
 .azure/pipelines/ci.yml | 17 -----------------
 eng/sdl-tsa-vars.config | 12 ++++++++++++
 2 files changed, 12 insertions(+), 17 deletions(-)
 create mode 100644 eng/sdl-tsa-vars.config

diff --git a/.azure/pipelines/ci.yml b/.azure/pipelines/ci.yml
index 44de26de0f..c6532669a7 100644
--- a/.azure/pipelines/ci.yml
+++ b/.azure/pipelines/ci.yml
@@ -78,8 +78,6 @@ variables:
              /p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines)
              /p:DotNetArtifactsCategory=$(_DotNetArtifactsCategory)
 
-    # used for post-build phases, internal builds only
-    - group: DotNet-AspNet-SDLValidation-Params
   - ${{ if in(variables['Build.Reason'], 'PullRequest') }}:
     - name: _BuildArgs
       value: ''
@@ -781,18 +779,3 @@ stages:
       # See https://github.com/dotnet/arcade/issues/2871
       enableSymbolValidation: false
       publishInstallersAndChecksums: true
-      # This is to enable SDL runs part of Post-Build Validation Stage
-      SDLValidationParameters:
-        enable: false
-        continueOnError: false
-        params: ' -SourceToolsList @("policheck","credscan")
-        -TsaInstanceURL $(_TsaInstanceURL)
-        -TsaProjectName $(_TsaProjectName)
-        -TsaNotificationEmail $(_TsaNotificationEmail)
-        -TsaCodebaseAdmin $(_TsaCodebaseAdmin)
-        -TsaBugAreaPath $(_TsaBugAreaPath)
-        -TsaIterationPath $(_TsaIterationPath)
-        -TsaRepositoryName "AspNetCore"
-        -TsaCodebaseName "AspNetCore"
-        -TsaPublish $True
-        -PoliCheckAdditionalRunConfigParams @("UserExclusionPath < $(Build.SourcesDirectory)/eng/PoliCheckExclusions.xml")'
diff --git a/eng/sdl-tsa-vars.config b/eng/sdl-tsa-vars.config
new file mode 100644
index 0000000000..18d6a50c51
--- /dev/null
+++ b/eng/sdl-tsa-vars.config
@@ -0,0 +1,12 @@
+-SourceToolsList @("policheck","credscan")
+-TsaInstanceURL https://devdiv.visualstudio.com/
+-TsaProjectName DEVDIV
+-TsaNotificationEmail aspnetcore-build@microsoft.com
+-TsaCodebaseAdmin REDMOND\kevinpi
+-TsaBugAreaPath "DevDiv\ASP.NET Core"
+-TsaIterationPath DevDiv
+-TsaRepositoryName AspNetCore
+-TsaCodebaseName AspNetCore
+-TsaOnboard $True
+-TsaPublish $True
+-PoliCheckAdditionalRunConfigParams @("UserExclusionPath < $(Build.SourcesDirectory)/eng/PoliCheckExclusions.xml")