CCF/.azure-pipelines-release.yml

trigger:
  tags:
    include:
      - ccf-5.*

pr: none

resources:
  containers:
    - container: virtual
      image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-virtual-clang15
      options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro

    - container: snp
      image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-snp-clang15
      options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro

    - container: sgx
      image: ccfmsrc.azurecr.io/ccf/ci:2024-05-29-sgx
      options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /lib/modules:/lib/modules:ro

variables:
  ${{ if startsWith(variables['Build.SourceBranch'], 'refs/tags/ccf-') }}:
    perf_or_release: release
    perf_tests: no_run
  ${{ if not(startsWith(variables['Build.SourceBranch'], 'refs/tags/ccf-')) }}:
    perf_or_release: perf
    perf_tests: run

jobs:
  - template: .azure-pipelines-templates/configure.yml

  - template: .azure-pipelines-templates/release-matrix.yml
    parameters:
      perf_or_release: ${{ variables['perf_or_release'] }}
      perf_tests: ${{ variables['perf_tests'] }}

  - job: CredScan
    variables:
      Codeql.SkipTaskAutoInjection: true
      skipComponentGovernanceDetection: true
    pool:
      vmImage: "ubuntu-20.04"
    steps:
      # Scan for credentials in the repo
      - task: CredScan@3
        inputs:
          suppressionsFile: .gdn/CredScanSuppressions.json
          # To suppress folders, rather than individual files, we require both of the following options
          debugMode: true
          folderSuppression: true

      # Break the build if any credentials (or other Guardian scans) find issues
      - task: PostAnalysis@2
        inputs:
          GdnBreakAllTools: true