From 00b5032d64e038c52f604f593b606bfe4edf3d6c Mon Sep 17 00:00:00 2001
From: Matthew John Cheetham <mjcheetham@outlook.com>
Date: Fri, 29 May 2026 13:50:49 +0100
Subject: [PATCH] fixup! release: suppress unfixable binskim findings

The SDL suppression file configured for the Windows release jobs was
never being loaded. Guardian logged that the file was "expected at
.../gdnsuppress.gdnsuppress but not found": the suppressionFile
setting pointed at `.../gdnsuppress`, but Guardian appends the
`.gdnsuppress` extension on top of whatever path is supplied, so it
was looking for the doubled-up name on disk.

Rename the per-platform suppression files to Guardian's default
`.gdnsuppress` name and update release.yml to match, so the Windows
x64 and ARM64 BinSkim suppressions are actually applied on the next
release run.

Assisted-by: Claude Opus 4.7
Signed-off-by: Matthew John Cheetham <mjcheetham@outlook.com>
---
 .azure-pipelines/release.yml                                    | 2 +-
 .../sdl/windows_arm64/{gdnsuppress => .gdnsuppress}             | 0
 .azure-pipelines/sdl/windows_x64/{gdnsuppress => .gdnsuppress}  | 0
 3 files changed, 1 insertion(+), 1 deletion(-)
 rename .azure-pipelines/sdl/windows_arm64/{gdnsuppress => .gdnsuppress} (100%)
 rename .azure-pipelines/sdl/windows_x64/{gdnsuppress => .gdnsuppress} (100%)

diff --git a/.azure-pipelines/release.yml b/.azure-pipelines/release.yml
index bc314e11beb20d..9140b452e30619 100644
--- a/.azure-pipelines/release.yml
+++ b/.azure-pipelines/release.yml
@@ -181,7 +181,7 @@ extends:
               templateContext:
                 sdl:
                   suppression:
-                    suppressionFile: $(Build.SourcesDirectory)/.azure-pipelines/sdl/${{ dim.id }}/gdnsuppress
+                    suppressionFile: $(Build.SourcesDirectory)/.azure-pipelines/sdl/${{ dim.id }}/.gdnsuppress
                   binskim:
                     # Direct binskim to analyze the built product binaries rather
                     # than the installer/7z outputs. Binskim cannot crack open the
diff --git a/.azure-pipelines/sdl/windows_arm64/gdnsuppress b/.azure-pipelines/sdl/windows_arm64/.gdnsuppress
similarity index 100%
rename from .azure-pipelines/sdl/windows_arm64/gdnsuppress
rename to .azure-pipelines/sdl/windows_arm64/.gdnsuppress
diff --git a/.azure-pipelines/sdl/windows_x64/gdnsuppress b/.azure-pipelines/sdl/windows_x64/.gdnsuppress
similarity index 100%
rename from .azure-pipelines/sdl/windows_x64/gdnsuppress
rename to .azure-pipelines/sdl/windows_x64/.gdnsuppress