Xamarin.Forms/azure-pipelines.yml

variables:
- name : Codeql.Enabled
  value: true
- name: DefaultBuildPlatform
  value: 'any cpu'
- name: ApkName
  value: AndroidControlGallery.AndroidControlGallery.apk
- name: BuildVersion
  value: $[counter('nuget-counter', 126)]
- name: NUGET_VERSION
  value: 5.8.1
- name: DOTNET_SKIP_FIRST_TIME_EXPERIENCE
  value: true
- name: DOTNET_VERSION
  value: 5.0.102
- name: signingCondition
  value: and(succeeded(), ne(variables['signVmImage'], ''), or(eq(variables['Sign'], 'true'), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), startsWith(variables['Build.SourceBranch'],'refs/tags/'))))
- group: Xamarin-Secrets

resources:
  repositories:
    - repository: xamarin-templates
      type: github
      name: xamarin/yaml-templates
      endpoint: xamarin
      ref: refs/heads/main

trigger:
  branches:
    include:
    - main
    - 3.*
    - 4.*
    - 5.*
  tags:
    include:
    - '*'
  paths:
    exclude:
    - README.md

pr:
  autoCancel: false
  branches:
    include:
    - main
    - 3.*
    - 4.*
    - 5.*

schedules:
- cron: "0 0 * * *"
  displayName: Daily midnight build
  branches:
    include:
    - 5.0.0

stages:
  - stage: windows
    displayName: Build Windows
    jobs:
      - job: win_hosted
        condition: eq(variables['vs2019VmPool'], 'Azure Pipelines')
        workspace:
          clean: all
        displayName: Build Windows Phase
        timeoutInMinutes: 90
        pool:
          name: $(vs2019VmPool)
          vmImage: $(vs2019VmImage)
          demands:
            msbuild
        strategy:
          matrix:
            debug:
              BuildConfiguration:  'Debug'
            release:
              BuildConfiguration:  'Release'
        steps:
          - template: build/steps/build-windows.yml
            parameters:
              provisionatorPath : 'build/provisioning/provisioning.csx'
              provisionatorVSPath : 'build/provisioning/vs.csx'
      - job: nuget_pack_hosted
        workspace:
          clean: all
        displayName: Nuget Phase
        dependsOn:
        - win_hosted
        condition: succeeded()
        pool:
          name: $(vs2019VmPool)
          vmImage: $(vs2019VmImage)
          demands:
            msbuild
        variables:
          FormsIdAppend: ''
          buildConfiguration: $(DefaultBuildConfiguration)
          nugetPackageVersion : $[ dependencies.win_hosted.outputs['debug.winbuild.xamarinformspackageversion'] ]
        steps:
          - template: build/steps/build-nuget.yml
      - job: win_bots
        condition: ne(variables['vs2019VmPool'], 'Azure Pipelines')
        workspace:
          clean: all
        displayName: Build Windows Phase Bots
        timeoutInMinutes: 90
        pool:
          name: $(vs2019VmPool)
          vmImage: $(vs2019VmImage)
          demands:
            - Agent.OS -equals Windows_NT
            - msbuild
        strategy:
          matrix:
            debug:
              BuildConfiguration:  'Debug'
            release:
              BuildConfiguration:  'Release'
        steps:
          - template: build/steps/build-windows.yml
            parameters:
              provisionatorPath : 'build/provisioning/provisioning.csx'
      - job: nuget_pack_bots
        workspace:
          clean: all
        displayName: Nuget Phase
        dependsOn:
        - win_bots
        condition: succeeded()
        pool:
          name: $(vs2019VmPool)
          vmImage: $(vs2019VmImage)
          demands:
            - Agent.OS -equals Windows_NT
            - msbuild
        variables:
          FormsIdAppend: ''
          buildConfiguration: $(DefaultBuildConfiguration)
          nugetPackageVersion : $[ dependencies.win_bots.outputs['debug.winbuild.xamarinformspackageversion'] ]
        steps:
          - template: build/steps/build-nuget.yml

  - stage: android
    displayName: Build Android
    ${{ if eq(variables['System.TeamProject'], 'devdiv') }}:
      dependsOn: windows
    ${{ if eq(variables['System.TeamProject'], 'public') }}:
      dependsOn: []
    jobs:
      - template: build/steps/build-android.yml
        parameters:
          vmPool: $[coalesce(variables.macAndroid2019VmPool, 'Azure Pipelines')]
          vmImage: $[coalesce(variables.macAndroid2019VmImage, 'macOS-latest')]
          provisionatorPath : 'build/provisioning/provisioning.csx'
          buildConfiguration: $(DefaultBuildConfiguration)
          ${{ if ne(variables['MSBuildArguments_cg_android'], '') }}:
            MSBuildArguments_cg_android: $(MSBuildArguments_cg_android)

  - stage: build_osx
    displayName: Build OSX
    ${{ if eq(variables['System.TeamProject'], 'devdiv') }}:
      dependsOn: windows
    ${{ if eq(variables['System.TeamProject'], 'public') }}:
      dependsOn: []
    jobs:
      - job: osx
        workspace:
          clean: all
        displayName: OSX Phase
        timeoutInMinutes: 120
        pool:
          name:  $(osx2019VmPool)
          vmImage: $(macOSXVmImage)
          demands:
            - sh
        variables:
          provisionator.osxPath : 'build/provisioning/provisioning.csx'
          buildConfiguration: $(DefaultBuildConfiguration)
          iOSCertSecureFileName: 'Xamarin Forms iOS Certificate.p12'
          iOSProvisioningSecureFileName: 'Xamarin Forms iOS Provisioning.mobileprovision'
        steps:
          - template: build/steps/build-osx.yml

  # only sign using the private server and not sigining Maui for now
  - ${{ if eq(variables['System.TeamProject'], 'devdiv') }}:
    - stage: nuget_signing
      dependsOn: windows
      displayName: Sign Nuget
      jobs:
        - template: sign-artifacts/jobs/v2.yml@xamarin-templates
          parameters:
            targetFolder: $(Build.ArtifactStagingDirectory)/nuget/signed
            artifactPath: release
            signedArtifactName: nuget
            signedArtifactPath: signed
            displayName: Sign Phase
            condition: ${{ variables.signingCondition }}
            preSignSteps:
              - task: NuGetToolInstaller@1
                inputs:
                  versionSpec: $(NUGET_VERSION)

    - stage: PoliCheck
      displayName: 'Code Analysis'
      dependsOn: windows
      jobs:
        - job: run_poli_check
          displayName: 'Policheck And Credentials Compliance'
          pool:
            name: $(vs2019VmPool)
            vmImage: $(vs2019VmImage)
          timeoutInMinutes: 60
          cancelTimeoutInMinutes: 5
          steps:
            - checkout: self

            - template: security/policheck/v2.yml@xamarin-templates

            - template: security/credscan/v3.yml@xamarin-templates
              parameters:
                suppressionsFile: $(System.DefaultWorkingDirectory)\build\automation\CredScanSuppressions.json

            - task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@4
              displayName: Run AntiMalware (Defender) Scan
              inputs:
                FileDirPath: $(System.DefaultWorkingDirectory)
                EnableServices: true
              condition: succeededOrFailed()

            - task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@2
              displayName: Create Security Analysis Report
              inputs:
                CredScan: true
                PoliCheck: true
              condition: succeededOrFailed()

            - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
              displayName: Publish Security Analysis Logs
              inputs:
                ArtifactName: CodeAnalysisLogs
              condition: succeededOrFailed()

            - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
              displayName: Fail Job if Security Issues are Detected
              inputs:
                CredScan: true
                PoliCheck: true
                GdnBreakGdnToolPoliCheckSeverity: 'Error'
              condition: succeededOrFailed()

    - stage: sbom
      dependsOn: nuget_signing
      displayName: 'Software Bill of Materials'
      jobs:
      - template: compliance/sbom/job.v1.yml@xamarin-templates        # Software Bill of Materials (SBOM): https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/secure-supply-chain/ado-sbom-generator
        parameters:
          artifactNames: ['nuget']
          artifactMap: ['nuget/signed']
          packageName: 'Xamarin Forms'
          packageFilter: '*.nupkg'
          condition: ${{ variables.signingCondition }}