CCF/.azure-pipelines.yml

trigger:
  batch: true
  branches:
    include:
      - main

pr:
  autoCancel: true
  branches:
    include:
      - main
      - "release/*"
    exclude:
      - "release/[0-3].x"
  paths:
    include:
      - "*"

schedules:
  - cron: "0 3 * * Mon-Fri"
    displayName: Daily morning build
    branches:
      include:
        - main
        - "release/*"
      exclude:
        - "release/[0-3].x"
    always: true

resources:
  containers:
    - container: virtual
      image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-virtual-clang15
      options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro

    - container: snp
      image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-snp-clang15
      options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro

    - container: sgx
      image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-sgx
      options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /lib/modules:/lib/modules:ro

variables:
  perf_or_release: perf
  perf_tests: run

jobs:
  - template: .azure-pipelines-templates/configure.yml

  - template: .azure-pipelines-templates/matrix.yml
    parameters:
      perf_or_release: perf
      perf_tests: run

  - job: CredScan
    variables:
      Codeql.SkipTaskAutoInjection: true
      skipComponentGovernanceDetection: true
    pool:
      vmImage: "ubuntu-20.04"
    steps:
      # Scan for credentials in the repo
      - task: CredScan@3
        inputs:
          suppressionsFile: .gdn/CredScanSuppressions.json
          # To suppress folders, rather than individual files, we require both of the following options
          debugMode: true
          folderSuppression: true

      # Break the build if any credentials (or other Guardian scans) find issues
      - task: PostAnalysis@2
        inputs:
          GdnBreakAllTools: true