cli-lab/.vsts-ci.yml

variables:
  - name: _TeamName
    value: DotNetCore

# CI and PR triggers
trigger:
  batch: true
  branches:
    include:
    - main

pr:
  autoCancel: false
  branches:
    include:
    - '*'

stages:
- stage: build
  displayName: Build
  jobs:
  - template: /eng/common/templates/jobs/jobs.yml
    parameters:
      enableMicrobuild: true
      enablePublishUsingPipelines: true
      enablePublishBuildArtifacts: true
      enablePublishTestResults: true
      enableTelemetry: true
      helixRepo: dotnet/cli-lab
      timeoutInMinutes: 180 # increase timeout since BAR publishing might wait a long time
      jobs:
      - job: Windows
        pool:
          # For public or PR jobs, use the hosted pool.  For internal jobs use the internal pool.
          # Will eventually change this to two BYOC pools.
          ${{ if ne(variables['System.TeamProject'], 'internal') }}:
            name: NetCore-Public
            demands: ImageOverride -equals windows.vs2019.amd64.open
          ${{ if eq(variables['System.TeamProject'], 'internal') }}:
            name: NetCore1ESPool-Internal
            demands: ImageOverride -equals windows.vs2019.amd64
        variables:
        - name: _RID
          value: win-x86
        # Only enable publishing in official builds.
        - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
          # Publish-Build-Assets provides: MaestroAccessToken, BotAccount-dotnet-maestro-bot-PAT
          - group: Publish-Build-Assets
          - name: _OfficialBuildArgs
            value: /p:DotNetSignType=$(_SignType)
                   /p:SignCoreDotnetCoreUninstall=true
                   /p:TeamName=$(_TeamName)
                   /p:OfficialBuildId=$(BUILD.BUILDNUMBER)
                   /p:DotNetPublishUsingPipelines=true
        # else
        - ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}:
          - name: _OfficialBuildArgs
            value: ''
        strategy:
          matrix:
            ${{ if in(variables['Build.Reason'], 'PullRequest') }}:
              Debug:
                _BuildConfig: Debug
                _SignType: test
                _DotNetPublishToBlobFeed: false
                _BuildArgs:
  
            Release:
              _BuildConfig: Release
              # PRs or external builds are not signed.
              ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}:
                _SignType: test
                _DotNetPublishToBlobFeed: false
                _BuildArgs:
              ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
                _SignType: real
                _DotNetPublishToBlobFeed: false
                _BuildArgs: $(_OfficialBuildArgs)
        steps:
        - checkout: self
          clean: true
        - script: eng\common\cibuild.cmd
            -configuration $(_BuildConfig)
            -prepareMachine
            $(_BuildArgs)
            /p:RID=$(_RID)
          displayName: Build and Publish
        - task: CopyFiles@2
          condition: and(eq(variables['system.pullrequest.isfork'], false), eq(variables['_BuildConfig'], 'Release'))
          inputs:
            sourceFolder: 'artifacts/packages/$(_BuildConfig)/Shipping/'
            contents: '*.msi'
            targetFolder: '$(Build.ArtifactStagingDirectory)'
        - task: PublishBuildArtifacts@1
          condition: and(eq(variables['system.pullrequest.isfork'], false), eq(variables['_BuildConfig'], 'Release'))
          inputs:
            pathtoPublish: '$(Build.ArtifactStagingDirectory)'
            artifactName: 'drop-windows'
            publishLocation: 'Container'
            parallel: true
  
      - job: OSX_latest
        displayName: 'Mac OS'
        pool:
          vmImage: 'macOS-latest'
        strategy:
          matrix:
            ${{ if in(variables['Build.Reason'], 'PullRequest') }}:
              Debug:
                _BuildConfig: Debug
                _SignType: none
                _DotNetPublishToBlobFeed : false
            Release:
              _BuildConfig: Release
              _SignType: none
              _DotNetPublishToBlobFeed : false
        variables:
        - name: _RID
          value: osx-x64
        steps:
        - checkout: self
          clean: true
        - script: eng/common/cibuild.sh
            --configuration $(_BuildConfig)
            --prepareMachine
            /p:RID=$(_RID)
          displayName: Build
        - task: ArchiveFiles@2
          condition: and(eq(variables['system.pullrequest.isfork'], false), eq(variables['_BuildConfig'], 'Release'))
          inputs:
            rootFolderOrFile: 'artifacts/layout/dotnet-core-uninstall/'
            includeRootFolder: false
            archiveType: 'tar'
            tarCompression: 'gz'
            archiveFile: '$(Build.ArtifactStagingDirectory)/dotnet-core-uninstall.tar.gz'
            replaceExistingArchive: true
        - task: PublishBuildArtifacts@1
          condition: and(eq(variables['system.pullrequest.isfork'], false), eq(variables['_BuildConfig'], 'Release'))
          inputs:
            pathtoPublish: '$(Build.ArtifactStagingDirectory)'
            artifactName: 'drop-osx'
            publishLocation: 'Container'
            parallel: true

- ${{ if eq(variables._RunAsInternal, True) }}:
  - template: eng\common\templates\post-build\post-build.yml
    parameters:
      publishingInfraVersion: 3
      # signing validation will not run, even if the below value is 'true', if the 'PostBuildSign' variable is set to 'true'
      enableSigningValidation: false      
      enableSourceLinkValidation: false
      publishDependsOn:
      - build
      # This is to enable SDL runs part of Post-Build Validation Stage
      SDLValidationParameters:
        enable: true
        continueOnError: false
        params: ' -SourceToolsList @("policheck","credscan")
        -TsaInstanceURL $(_TsaInstanceURL)
        -TsaProjectName $(_TsaProjectName)
        -TsaNotificationEmail $(_TsaNotificationEmail)
        -TsaCodebaseAdmin $(_TsaCodebaseAdmin)
        -TsaBugAreaPath $(_TsaBugAreaPath)
        -TsaIterationPath $(_TsaIterationPath)
        -TsaRepositoryName "cli-lab"
        -TsaCodebaseName "cli-lab"
        -TsaPublish $True
        -PoliCheckAdditionalRunConfigParams @("UserExclusionPath < $(Build.SourcesDirectory)/eng/PoliCheckExclusions.xml")'