Run PREFast (#2338)

* prefast

* fix comment

build/pipelines/azure-pipelines.release.yaml

@@ -89,6 +89,8 @@ extends:
           useReleaseAppxmanifest: true
           condition: not(eq(variables['Build.Reason'], 'PullRequest'))
 
+      - template: /build/pipelines/templates/run-compliance-checks.yaml@self
+
       - template: /build/pipelines/templates/run-ui-tests.yaml@self
         parameters:
           platform: x64

build/pipelines/templates/build-single-architecture.yaml

@@ -45,14 +45,6 @@ jobs:
   - checkout: self
     fetchDepth: 1
 
-  - task: WinUndockNativeCompiler@1
-    displayName: Use LKG native compiler
-    inputs:
-      compilerPackageName: 'DevDiv.rel.LKG18.VCTools'
-      compilerPackageVersion: '19.42.3443710001+DevDivGIT.CI20250110.04-466784EE54DF2F302AD0CD6790031C954EF41DA23DA4415D73A76ADF260F2D21'
-      slnDirectory: $(Build.SourcesDirectory)\src
-      runPrefastDuring: Build
-
   - ${{ if eq(parameters.isOSSBuild, true) }}:
     - task: nuget-security-analysis@0
       displayName: Secure Supply Chain Analysis

build/pipelines/templates/run-compliance-checks.yaml

@@ -0,0 +1,47 @@
+jobs:
+- job: ComplianceChecks
+  displayName: Run compliance checks
+  timeoutInMinutes: 60
+  pool:
+    name: EssentialExperiences-windows-2022
+  steps:
+  - checkout: self
+
+  - task: UniversalPackages@0
+    displayName: Download internals package
+    inputs:
+      command: download
+      downloadDirectory: $(Build.SourcesDirectory)
+      vstsFeed: WindowsInboxApps
+      vstsFeedPackage: calculator-internals
+      vstsPackageVersion: 0.0.117
+
+  - task: NuGetToolInstaller@0
+    displayName: Use NuGet 6.x
+    inputs:
+      versionSpec: 6.x
+
+  - task: NuGetCommand@2
+    displayName: NuGet restore src/Calculator.sln
+    inputs:
+      command: custom
+      arguments: restore src/Calculator.sln -Verbosity Detailed -NonInteractive
+
+  - task: PowerShell@2
+    displayName: Set version number in AppxManifest
+    inputs:
+      filePath: $(Build.SourcesDirectory)\build\scripts\UpdateAppxManifestVersion.ps1
+      arguments: '-AppxManifest $(Build.SourcesDirectory)\src\Calculator\Package.appxmanifest -Version $(Build.BuildNumber)'
+
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-prefast.SDLNativeRules@3
+    displayName: 'Run the PREfast SDL Native Rules'
+    inputs:
+      userProvideBuildInfo: msBuildInfo
+      setupCommandlines: '"%ProgramFiles%\Microsoft Visual Studio\2022\Enterprise\Common7\Tools\VsMSBuildCmd.bat"'
+      msBuildArchitecture: 'amd64'
+      msBuildCommandline: 'msbuild.exe $(Build.SourcesDirectory)\src\Calculator.sln /p:AppVersion=$(Build.BuildNumber) /p:OutDir=$(Build.BinariesDirectory)\ /p:Configuration=Release /p:Platform=x64 /m /p:IsStoreBuild=true'
+      rulesetName: Custom
+      customRuleset: $(Build.SourcesDirectory)\.config\tvs.ruleset
+
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
+    displayName: 'Publish Guardian Artifacts'