[Code Quality] .github/azure-pipelines.yml — Orphaned legacy CI alongside GitHub Actions, no tests/coverage/sign

[Christophe-Rogiers]

Severity: Info
File: .github/azure-pipelines.yml

Description:
The repo ships a minimal Azure DevOps Pipelines definition alongside a comprehensive GitHub Actions stack (publish.yml, test.yml, build.yml, security.yml, sbom.yml, …):

trigger:
- main

pool:
  vmImage: 'windows-latest'

variables:
  solution: 'Servy.sln'
  buildPlatform: 'Any CPU'
  buildConfiguration: 'Release'

steps:
- task: NuGetToolInstaller@1
- task: NuGetCommand@2
  inputs:
    restoreSolution: '$(solution)'
- task: VSBuild@1
  inputs:
    solution: '$(solution)'
    platform: '$(buildPlatform)'
    configuration: '$(buildConfiguration)'

Concerns:

• It is not a mirror of the GitHub Actions workflows: no tests, no code coverage, no SBOM, no signing, no security scan, no artifact upload.
• No comment documents when / whether / by whom it is run. New contributors cannot tell whether this is load-bearing infrastructure for an internal mirror or dead weight.
• It uses legacy AzDO tasks (NuGetToolInstaller@1, VSBuild@1). VSBuild@1 is especially limiting for a modern .NET SDK solution — it shells out to MSBuild.exe and does not take advantage of the composite setup-dotnet action the GH Actions use.
• The first line of the file contains a broken encoding character (�) — suggesting the file was copied once and never touched.

Suggested fix:
Pick one of:

1. Delete the file if no Azure DevOps mirror is active — the absence of tests here makes it a false-safety signal anyway.
2. Align it with the GH Actions stack (tests + coverage + SBOM + sign) if Azure DevOps is genuinely used as a mirror CI.
3. Add a short header comment explaining its current role (e.g., "Azure DevOps smoke build used by the mirror repo at https://dev.azure.com/...") so readers don't have to guess.

Companion to #720 (tmp.yml unclear purpose) — same class of "leftover CI file that nobody has time to triage".

[aelassas]

All fixed.