parameters:
  parentJobs: []

jobs:
- job: build_nuget
  dependsOn:
    ${{ parameters.parentJobs }}
  displayName: Build NuGet packages
  condition: succeeded()
  pool: Package ES Standard Build

  timeoutInMinutes: 90

  variables:
    - name: runCodesignValidationInjection
      value: false
    - name: build
      value: ${{ parameters.buildName }}
    - group: ESRP
    - name: GenAPIToolPath
      value: '$(System.ArtifactsDirectory)/GenAPI'
    - name: PackagePath
      value: '$(System.ArtifactsDirectory)/UnifiedPackagePath'
    - name: winFxdPath
      value: '$(System.ArtifactsDirectory)/winFxd'
    - name: winFxdWinDesktopPath
      value: '$(System.ArtifactsDirectory)/winFxdWinDesktop'
    - name: linuxFxdPath
      value: '$(System.ArtifactsDirectory)/linuxFxd'

  steps:
  - checkout: self
    clean: true

  - checkout: ComplianceRepo
    clean: true

  - template: SetVersionVariables.yml
    parameters:
      ReleaseTagVar: $(ReleaseTagVar)

  - powershell: |
      $content = Get-Content "$env:REPOROOT/global.json" -Raw | ConvertFrom-Json
      $vstsCommandString = "vso[task.setvariable variable=SDKVersion]$($content.sdk.version)"
      Write-Host "sending " + $vstsCommandString
      Write-Host "##$vstsCommandString"
    displayName: 'Find SDK version from global.json'

  - task: DotNetCoreInstaller@0
    displayName: 'Use .NET Core SDK from global.json'
    inputs:
      version: '$(SDKVersion)'

  - task: DownloadBuildArtifacts@0
    displayName: 'Download PowerShell build artifacts'
    inputs:
      buildType: current
      downloadType: single
      artifactName: finalResults
      downloadPath: '$(System.ArtifactsDirectory)'

  - powershell: 'Get-ChildItem $(System.ArtifactsDirectory) -recurse'
    displayName: 'Capture downloaded artifacts'

  - powershell: |
      $packagePath = (Join-Path $(System.ArtifactsDirectory)  packages)
      New-Item $packagePath -ItemType Directory -Force > $null
      $packages  = Get-ChildItem $(System.ArtifactsDirectory) -Include *.zip, *.tar.gz -Recurse
      $packages | ForEach-Object { Copy-Item $_.FullName -Destination $packagePath -Verbose }
      Get-ChildItem $packagePath -Recurse
    displayName: 'Conflate packages to same folder'

  - task: ExtractFiles@1
    displayName: 'Extract files win-fxdependent'
    inputs:
      archiveFilePatterns: '$(System.ArtifactsDirectory)/packages/PowerShell-*-win-fxdependent.zip'
      destinationFolder: '$(winFxdPath)'

  - task: ExtractFiles@1
    displayName: 'Extract files win-fxdependentWinDesktop'
    inputs:
      archiveFilePatterns: '$(System.ArtifactsDirectory)/packages/PowerShell-*-win-fxdependentWinDesktop.zip'
      destinationFolder: '$(winFxdWinDesktopPath)'

  - task: ExtractFiles@1
    displayName: 'Extract files linux-fxdependent'
    inputs:
      archiveFilePatterns: '$(System.ArtifactsDirectory)/packages/powershell-*-linux-x64-fxdependent.tar.gz'
      destinationFolder: '$(linuxFxdPath)'

  - task: PkgESInstallNuGetToolsPackage@10
    displayName: 'Install package Microsoft.DotNet.BuildTools.GenAPI'
    inputs:
      packageName: Microsoft.DotNet.BuildTools.GenAPI
      packageVersion: '1.0.0-beta-00081'
      packageSources: 'https://nuget.org/api/v2'
      installRoot: '$(GenAPIToolPath)'

  - template: shouldSign.yml

  - template: SetVersionVariables.yml
    parameters:
      ReleaseTagVar: $(ReleaseTagVar)

  - task: NuGetToolInstaller@1
    displayName: 'Install NuGet.exe'

  - powershell: |
      Import-Module $env:REPOROOT\build.psm1
      Import-Module $env:REPOROOT\tools\packaging
      Find-Dotnet
      New-ILNugetPackage -PackagePath "$(PackagePath)" -PackageVersion "$(Version)" -WinFxdBinPath '$(winFxdPath)' -LinuxFxdBinPath '$(linuxFxdPath)' -GenAPIToolPath "$(GenAPIToolPath)"
    displayName: 'Create Nuget Package Folders'

  - powershell: |
      Get-ChildItem $(linuxFxdPath)
      Get-ChildItem $(winFxdPath)
      Get-ChildItem $(winFxdWinDesktopPath)
    displayName: Capture fxd folders

  - powershell: |
      Import-Module $env:REPOROOT\build.psm1
      Import-Module $env:REPOROOT\tools\packaging
      Find-Dotnet
      # Create unified package first
      New-GlobalToolNupkg -UnifiedPackage -LinuxBinPath "$(linuxFxdPath)" -WindowsBinPath "$(winFxdPath)" -WindowsDesktopBinPath "$(winFxdWinDesktopPath)" -PackageVersion "$(Version)" -DestinationPath "$(PackagePath)\globaltool"

      # Create packages for dotnet sdk
      New-GlobalToolNupkg -LinuxBinPath "$(linuxFxdPath)" -WindowsBinPath "$(winFxdPath)" -WindowsDesktopBinPath "$(winFxdWinDesktopPath)" -PackageVersion "$(Version)" -DestinationPath "$(PackagePath)\globaltool"
    displayName: 'Create Global tool packages'

  - powershell: |
      Get-ChildItem "$(PackagePath)" -Recurse
    displayName: Capture generated packages

  - template: EsrpSign.yml@ComplianceRepo
    parameters:
        buildOutputPath: $(PackagePath)
        signOutputPath: $(System.ArtifactsDirectory)\signed
        certificateId: "CP-401405"
        pattern: |
          **\*.nupkg
        useMinimatch: true
        shouldSign: $(SHOULD_SIGN)

  - pwsh: |
      if (-not (Test-Path '$(System.ArtifactsDirectory)\signed\')) { $null = New-Item -ItemType Directory -Path '$(System.ArtifactsDirectory)\signed\' }
      Copy-Item -Path '$(PackagePath)\*.nupkg' -Destination '$(System.ArtifactsDirectory)\signed\' -Verbose -Force
      Copy-Item -Path '$(PackagePath)\globaltool\*.nupkg' -Destination '$(System.ArtifactsDirectory)\signed\' -Verbose -Force
    displayName: Fake copy when not signing
    condition: eq(variables['SHOULD_SIGN'], 'false')

  - powershell: |
      Import-Module "${env:REPOROOT}\build.psm1" -Force
      Get-ChildItem -Recurse "$(System.ArtifactsDirectory)\signed\*.nupkg" -Verbose | ForEach-Object {  Start-NativeExecution -sb { nuget.exe verify -All $_.FullName } }
    displayName: Verify all packages are signed
    condition: eq(variables['SHOULD_SIGN'], 'true')

  - task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
    displayName: 'Run MpCmdRun.exe'
    inputs:
      FileDirPath: '$(PackagePath)'
      TreatStaleSignatureAs: Warning

  - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
    displayName: 'Publish Security Analysis Logs'

  - template: upload-final-results.yml
    parameters:
      artifactPath: '$(System.ArtifactsDirectory)\signed'

  - powershell: |
      if (-not (Test-Path "$(System.ArtifactsDirectory)\signed\globaltool"))
      {
        $null = New-Item -Path "$(System.ArtifactsDirectory)\signed\globaltool" -ItemType Directory -Force
      }

      Move-Item -Path "$(System.ArtifactsDirectory)\signed\PowerShell.*" -Destination "$(System.ArtifactsDirectory)\signed\globaltool" -Force
      Get-ChildItem "$(System.ArtifactsDirectory)\signed\globaltool" -Recurse
    displayName: Move global tool packages to subfolder and capture

  - task: AzureFileCopy@4
    displayName: 'Upload NuGet packages to Azure'
    inputs:
      SourcePath: '$(System.ArtifactsDirectory)\signed\*'
      azureSubscription: '$(AzureFileCopySubscription)'
      Destination: AzureBlob
      storage: '$(StorageAccount)'
      ContainerName: '$(AzureVersion)-nuget'
    condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))

  - task: AzureFileCopy@4
    displayName: 'Upload global tool packages to Azure'
    inputs:
      sourcePath: '$(System.ArtifactsDirectory)\signed\globaltool\*'
      azureSubscription: '$(GlobalToolSubscription)'
      Destination: AzureBlob
      storage: '$(GlobalToolStorageAccount)'
      ContainerName: 'tool'
      blobPrefix: '$(Version)'
    condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))

  - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
    displayName: 'Component Detection'
    inputs:
      sourceScanPath: '$(PackagePath)'