name: 0.0.$(Date:yyMM.d)$(Rev:rrr)

parameters:
- name: AgentPool
  type: object
  default:
    Medium:
      name: rnw-pool-4-microsoft
      demands: ImageOverride -equals rnw-img-vs2022-node18
    Large:
      name: rnw-pool-8-microsoft
      demands: ImageOverride -equals rnw-img-vs2022-node18
- name: forceCodeQL
  displayName: Force CodeQL to rebuild databases
  type: boolean
  default: false
- name: complianceWarnOnly
  displayName: Convert compliance errors to warnings
  type: boolean
  default: true # Let's get all results in this pipeline

variables:
  - template: variables/windows.yml
  - group: RNW Secrets
  - name: Codeql.Enabled
    value: true
  - ${{ if eq(parameters.forceCodeQL, true) }}:
    - name: Codeql.Cadence
      value: 0
  - ${{ if eq(parameters.forceCodeQL, false) }}:
    - name: Codeql.Cadence
      value: 120 # In hours, default to only run every 5 days

trigger: none
pr: none

jobs:
  - job: RnwUniversalCompliance
    displayName: RNW Universal Compliance
    pool: ${{ parameters.AgentPool.Large }}
    timeoutInMinutes: 360 # Compliance tasks recommend to 3x usual build timeout

    steps:
      - template: templates/checkout-shallow.yml
      
      - template: templates/prepare-js-env.yml

      - template: templates/set-version-vars.yml
        parameters:
          buildEnvironment: Continuous

      - template: templates/publish-version-vars.yml

      - template: templates/prepare-build-env.yml
        parameters:
          platform: x64
          configuration: Release
          buildEnvironment: Continuous

      - template: templates/apply-published-version-vars.yml

      # Pre-build compliance tasks

      - template: templates/run-compliance-prebuild.yml
        parameters:
          complianceWarnOnly: ${{ parameters.complianceWarnOnly }}

      - task: NuGetAuthenticate@1
    
      # AgentES Task (https://aka.ms/UES)
      # Installs and runs the "Agent ES" tool, which scans the source code for banned file types.
      - powershell: |
          & nuget.exe install AgentES -FallbackSource https://microsoft.pkgs.visualstudio.com/_packaging/Undocked.Shell.Services/nuget/v3/index.json
          $AgentESPath = (Get-ChildItem -Path AgentES* -Filter AgentES.exe -Recurse | %{$_.FullName})
          & $AgentESPath $env:BUILD_SOURCESDIRECTORY -e:$env:BUILD_SOURCESDIRECTORY\.ado\config\AgentES.Exemptions.json -b
        displayName: "⚖️ AgentES - Scan of Repository for UES Policy Violations"
        workingDirectory: $(Agent.BuildDirectory)
        continueOnError: ${{ parameters.complianceWarnOnly }}

      # Initialize CodeQL 3000 Task (https://aka.ms/codeql3000)
      # Performs static code analysis.
      - task: CodeQL3000Init@0
        displayName: "🛡️ Initialize CodeQL"
        continueOnError: ${{ parameters.complianceWarnOnly }}

      # Build RNW

      - template: templates/msbuild-sln.yml
        parameters:
          solutionDir: vnext
          solutionName: Microsoft.ReactNative.sln
          buildPlatform: x64
          buildConfiguration: Release

      # Post-build compliance tasks

      - template: templates/run-compliance-postbuild.yml
        parameters:
          complianceWarnOnly: ${{ parameters.complianceWarnOnly }}

      # Finalize CodeQL 3000 Task (https://aka.ms/codeql3000)
      # Performs static code analysis.
      - task: CodeQL3000Finalize@0
        displayName: "🛡️ Finalize CodeQL"
        continueOnError: ${{ parameters.complianceWarnOnly }}