PowerShell/tools/releaseBuild/azureDevOps/templates/linux.yml

parameters:
  buildName: ''
  uploadDisplayName: 'Upload'
  parentJob: ''

jobs:
- job: build_${{ parameters.buildName }}
  displayName: Build ${{ parameters.buildName }}
  condition: succeeded()
  pool:
    vmImage: ubuntu-16.04
  dependsOn: ${{ parameters.parentJob }}
  variables:
    - name: runCodesignValidationInjection
      value: false
    - name: build
      value: ${{ parameters.buildName }}
    - group: ESRP

  steps:
  - checkout: self
    clean: true

  - checkout: ComplianceRepo
    clean: true

  - template: SetVersionVariables.yml
    parameters:
      ReleaseTagVar: $(ReleaseTagVar)

  - powershell: |
      Write-Verbose -Verbose "$(build)"

      if ('$(build)' -in 'alpine', 'fxdependent' -and '$(ReleaseTagVar)' -match '6.0.*')
      {
          $vstsCommandString = "vso[task.setvariable variable=SkipBuild]true"
      }
      else
      {
          $vstsCommandString = "vso[task.setvariable variable=SkipBuild]false"
      }
    displayName: 'Skip Alpine or fxdependent for PS v6.0.*'

  - template: insert-nuget-config-azfeed.yml


  - powershell: |
      import-module "$env:REPOROOT/build.psm1"
      Sync-PSTags -AddRemoteIfMissing
    displayName: SyncTags
    condition: and(succeeded(), ne(variables['SkipBuild'], 'true'))

  - powershell: |
      & "$env:REPOROOT/tools/releaseBuild/vstsbuild.ps1" -ReleaseTag $(ReleaseTagVar) -Name '$(build)'

    displayName: 'Build and package'
    condition: and(succeeded(), ne(variables['SkipBuild'], 'true'))

- job: upload_${{ parameters.buildName }}
  displayName: ${{ parameters.uploadDisplayName }} ${{ parameters.buildName }}
  dependsOn: build_${{ parameters.buildName }}
  condition: succeeded()
  pool:
    vmImage: windows-latest
  variables:
    - name: buildName
      value: ${{ parameters.buildName }}
    - group: ESRP

  steps:
  - checkout: self
    clean: true

  - checkout: ComplianceRepo
    clean: true

  - template: shouldSign.yml

  - template: SetVersionVariables.yml
    parameters:
      ReleaseTagVar: $(ReleaseTagVar)

  - task: DownloadBuildArtifacts@0
    displayName: 'Download Deb Artifacts'
    inputs:
      downloadType: specific
      itemPattern: '**/*.deb'
      downloadPath: '$(System.ArtifactsDirectory)\finished'
    condition: and(eq(variables['buildName'], 'DEB'),succeeded())

  - task: DownloadBuildArtifacts@0
    displayName: 'Download tar.gz Artifacts copy'
    inputs:
      downloadType: specific
      itemPattern: '**/*.tar.gz'
      downloadPath: '$(System.ArtifactsDirectory)\finished'

  - task: DownloadBuildArtifacts@0
    displayName: 'Download rpm Artifacts copy'
    inputs:
      downloadType: specific
      itemPattern: '**/*.rpm'
      downloadPath: '$(System.ArtifactsDirectory)\rpm'
    condition: and(eq(variables['buildName'], 'RPM'),succeeded())

  - template: EsrpScan.yml@ComplianceRepo
    parameters:
        scanPath: $(System.ArtifactsDirectory)
        pattern: |
          **\*.rpm
          **\*.deb
          **\*.tar.gz

  - ${{ if eq(variables['buildName'], 'RPM') }}:
    - template: EsrpSign.yml@ComplianceRepo
      parameters:
          buildOutputPath: $(System.ArtifactsDirectory)\rpm
          signOutputPath: $(Build.StagingDirectory)\signedPackages
          certificateId: "CP-450779-Pgp"
          pattern: |
            **\*.rpm
          useMinimatch: true
          shouldSign: $(SHOULD_SIGN)

  # requires windows
  - task: AzureFileCopy@4
    displayName: 'Upload to Azure - DEB and tar.gz'
    inputs:
      SourcePath: '$(System.ArtifactsDirectory)\finished\release\*'
      azureSubscription: '$(AzureFileCopySubscription)'
      Destination: AzureBlob
      storage: '$(StorageAccount)'
      ContainerName: '$(AzureVersion)'

  - template: upload-final-results.yml
    parameters:
      artifactPath: $(System.ArtifactsDirectory)\finished\release

  # requires windows
  - task: AzureFileCopy@4
    displayName: 'Upload to Azure - RPM - Unsigned'
    inputs:
      SourcePath: '$(System.ArtifactsDirectory)\rpm\release\*'
      azureSubscription: '$(AzureFileCopySubscription)'
      Destination: AzureBlob
      storage: '$(StorageAccount)'
      ContainerName: '$(AzureVersion)'
    condition: and(and(succeeded(), ne(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM'))

  # requires windows
  - task: AzureFileCopy@4
    displayName: 'Upload to Azure - RPM - Signed'
    inputs:
      SourcePath: '$(Build.StagingDirectory)\signedPackages\*'
      azureSubscription: '$(AzureFileCopySubscription)'
      Destination: AzureBlob
      storage: '$(StorageAccount)'
      ContainerName: '$(AzureVersion)'
    condition: and(and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM'))

  - template: upload-final-results.yml
    parameters:
      artifactPath: $(System.ArtifactsDirectory)\rpm\release
      condition: and(and(succeeded(), ne(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM'))

  - template: upload-final-results.yml
    parameters:
      artifactPath: '$(Build.StagingDirectory)\signedPackages'
      condition: and(and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM'))

  - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
    displayName: 'Component Detection'
    inputs:
      sourceScanPath: '$(Build.SourcesDirectory)'
      snapshotForceEnabled: true