parameters:
  - name: BuildConfiguration
    default: release
  - name: BuildPlatform
    default: any cpu
  - name: Architecture
    default: x64
  - name: parentJob
    default: ''

jobs:
- job: sign_windows_${{ parameters.Architecture }}
  displayName: Package Windows - ${{ parameters.Architecture }}
  condition: succeeded()
  dependsOn: ${{ parameters.parentJob }}
  pool:
    vmImage: windows-latest
  variables:
    - name: BuildConfiguration
      value: ${{ parameters.BuildConfiguration }}
    - name: BuildPlatform
      value: ${{ parameters.BuildPlatform }}
    - name: Architecture
      value: ${{ parameters.Architecture }}
    - name: DOTNET_SKIP_FIRST_TIME_EXPERIENCE
      value: 1
    - group: ESRP

  steps:

  - checkout: self
    clean: true

  - checkout: ComplianceRepo
    clean: true

  - template: shouldSign.yml
  - template: SetVersionVariables.yml
    parameters:
      ReleaseTagVar: $(ReleaseTagVar)

  - powershell: |
      $pkgFilter = if ( '$(Architecture)' -eq 'arm' ) {
        "arm32"
      }
      else {
        '$(Architecture)'
      }

      $vstsCommandString = "vso[task.setvariable variable=PkgFilter]$pkgFilter"
      Write-Host ("sending " + $vstsCommandString)
      Write-Host "##$vstsCommandString"
    displayName: Set packageName variable

  - task: DownloadBuildArtifacts@0
    inputs:
      artifactName: 'results'
      itemPattern: '**/*$(PkgFilter).zip'
      downloadPath: '$(System.ArtifactsDirectory)\Symbols'

  - template: cloneToOfficialPath.yml

  - powershell: |
      # cleanup previous install
      if((Test-Path "${env:ProgramFiles(x86)}\WiX Toolset xcopy")) {
        Remove-Item "${env:ProgramFiles(x86)}\WiX Toolset xcopy" -Recurse -Force
      }

      $toolsDir = New-Item -ItemType Directory -Path '$(Build.ArtifactStagingDirectory)\tools'
      $wixUri = 'https://github.com/wixtoolset/wix3/releases/download/wix311rtm/wix311-binaries.zip'
      Invoke-RestMethod -Uri $wixUri -OutFile '$(Build.ArtifactStagingDirectory)\tools\wix.zip'

      Import-Module '$(PowerShellRoot)/tools/releaseBuild/Images/microsoft_powershell_windowsservercore/wix.psm1'
      Install-WixZip -zipPath '$(Build.ArtifactStagingDirectory)\tools\wix.zip'

      $msixUrl = '$(makeappUrl)'
      Invoke-RestMethod -Uri $msixUrl -OutFile '\makeappx.zip'
      Expand-Archive '\makeappx.zip' -destination '\' -Force

    displayName: Install packaging tools

  - powershell: |
      $zipPath = Get-Item '$(System.ArtifactsDirectory)\Symbols\results\*$(PkgFilter).zip'
      Write-Verbose -Verbose "Zip Path: $zipPath"

      $expandedFolder = $zipPath.BaseName
      Write-Host "sending.. vso[task.setvariable variable=SymbolsFolder]$expandedFolder"
      Write-Host "##vso[task.setvariable variable=SymbolsFolder]$expandedFolder"

      Expand-Archive -Path $zipPath -Destination "$(System.ArtifactsDirectory)\$expandedFolder" -Force
    displayName: Expand symbols zip

  - pwsh: |
      $fullSymbolsFolder = "$(System.ArtifactsDirectory)\$($env:SYMBOLSFOLDER)"

      $filesToSignDirectory = "$(System.ArtifactsDirectory)\toBeSigned"
      $null = New-Item -ItemType Directory -Path $filesToSignDirectory -Force

      $signedFilesDirectory = "$(System.ArtifactsDirectory)\signed"
      $null = New-Item -ItemType Directory -Path $signedFilesDirectory -Force

      $itemsToCopyWithRecurse = @(
        "$($fullSymbolsFolder)\*.ps1"
        "$($fullSymbolsFolder)\Microsoft.PowerShell*.dll"
      )

      $itemsToCopy = @{
        "$($fullSymbolsFolder)\*.ps1" = ""
        "$($fullSymbolsFolder)\Microsoft.Management.Infrastructure.CimCmdlets.dll" = ""
        "$($fullSymbolsFolder)\Microsoft.WSMan.*.dll" = ""
        "$($fullSymbolsFolder)\Modules\CimCmdlets\CimCmdlets.psd1" = "Modules\CimCmdlets"
        "$($fullSymbolsFolder)\Modules\Microsoft.PowerShell.Diagnostics\Diagnostics.format.ps1xml" = "Modules\Microsoft.PowerShell.Diagnostics"
        "$($fullSymbolsFolder)\Modules\Microsoft.PowerShell.Diagnostics\Event.format.ps1xml" = "Modules\Microsoft.PowerShell.Diagnostics"
        "$($fullSymbolsFolder)\Modules\Microsoft.PowerShell.Diagnostics\GetEvent.types.ps1xml" = "Modules\Microsoft.PowerShell.Diagnostics"
        "$($fullSymbolsFolder)\Modules\Microsoft.PowerShell.Diagnostics\Microsoft.PowerShell.Diagnostics.psd1" = "Modules\Microsoft.PowerShell.Diagnostics"
        "$($fullSymbolsFolder)\Modules\Microsoft.PowerShell.Host\Microsoft.PowerShell.Host.psd1" = "Modules\Microsoft.PowerShell.Host"
        "$($fullSymbolsFolder)\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1" = "Modules\Microsoft.PowerShell.Management"
        "$($fullSymbolsFolder)\Modules\Microsoft.PowerShell.Security\Microsoft.PowerShell.Security.psd1" = "Modules\Microsoft.PowerShell.Security"
        "$($fullSymbolsFolder)\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1" = "Modules\Microsoft.PowerShell.Utility"
        "$($fullSymbolsFolder)\Modules\Microsoft.WSMan.Management\Microsoft.WSMan.Management.psd1" = "Modules\Microsoft.WSMan.Management"
        "$($fullSymbolsFolder)\Modules\Microsoft.WSMan.Management\WSMan.format.ps1xml" = "Modules\Microsoft.WSMan.Management"
        "$($fullSymbolsFolder)\Modules\PSDiagnostics\PSDiagnostics.ps?1" = "Modules\PSDiagnostics"
        "$($fullSymbolsFolder)\pwsh.dll" = ""
        "$($fullSymbolsFolder)\System.Management.Automation.dll" = ""
      }

      $itemsToExclude = @{
        # This package is retrieved from https://www.github.com/powershell/MarkdownRender
        "$($fullSymbolsFolder)\Microsoft.PowerShell.MarkdownRender.dll"
      }

      if ("$env:Architecture" -notlike 'fxdependent*')
      {
          $itemsToCopy +=  @{"$($fullSymbolsFolder)\pwsh.exe" = ""}
      }

      Write-Verbose -verbose "recusively copying $($itemsToCopyWithRecurse | out-string) to $filesToSignDirectory"
      Copy-Item -Path $itemsToCopyWithRecurse -Destination $filesToSignDirectory -Recurse -verbose -exclude $itemsToExclude

      foreach($pattern in $itemsToCopy.Keys) {
        $destinationFolder = Join-Path $filesToSignDirectory -ChildPath $itemsToCopy.$pattern
        $null = New-Item -ItemType Directory -Path $destinationFolder -Force
        Write-Verbose -verbose "copying $pattern to $destinationFolder"
        Copy-Item -Path $pattern -Destination $destinationFolder -Recurse -verbose
      }
    displayName: 'Prepare files to be signed'

  - template: EsrpSign.yml@ComplianceRepo
    parameters:
        buildOutputPath: $(System.ArtifactsDirectory)\toBeSigned
        signOutputPath: $(System.ArtifactsDirectory)\signed
        certificateId: "CP-230012"
        pattern: |
          **\*.dll
          **\*.psd1
          **\*.psm1
          **\*.ps1xml
          **\*.ps1
          **\*.exe
        useMinimatch: true

  - pwsh: |
      Import-Module $(PowerShellRoot)/build.psm1 -Force
      Import-Module $(PowerShellRoot)/tools/packaging -Force
      $signedFilesPath = '$(System.ArtifactsDirectory)\signed\'
      $BuildPath = '$(System.ArtifactsDirectory)\$(SymbolsFolder)'

      Update-PSSignedBuildFolder -BuildPath $BuildPath -SignedFilesPath $SignedFilesPath
      $dlls = Get-ChildItem $BuildPath\*.dll -Recurse
      $signatures = $dlls | Get-AuthenticodeSignature
      $missingSignatures = $signatures | Where-Object { $_.status -eq 'notsigned'}| select-object -ExpandProperty Path

      Write-Verbose -verbose "to be signed:`r`n $($missingSignatures | Out-String)"

      $filesToSignDirectory = "$(System.ArtifactsDirectory)\thirdPartyToBeSigned"
      $null = New-Item -ItemType Directory -Path $filesToSignDirectory -Force

      $signedFilesDirectory = "$(System.ArtifactsDirectory)\thirdPartySigned"
      $null = New-Item -ItemType Directory -Path $signedFilesDirectory -Force

      $missingSignatures | ForEach-Object {
        Copy-Item -Path $_ -Destination $filesToSignDirectory
      }

    displayName: Create ThirdParty Signing Folder
    condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))

  - template: EsrpSign.yml@ComplianceRepo
    parameters:
        buildOutputPath: $(System.ArtifactsDirectory)\thirdPartyToBeSigned
        signOutputPath: $(System.ArtifactsDirectory)\thirdPartySigned
        certificateId: "CP-231522"
        pattern: |
          **\*.dll
        useMinimatch: true

  - powershell: |
      Get-ChildItem '$(System.ArtifactsDirectory)\thirdPartySigned\*'
    displayName: Captrue ThirdParty Signed files
    condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))

  - powershell: |
      Import-Module $(PowerShellRoot)/build.psm1 -Force
      Import-Module $(PowerShellRoot)/tools/packaging -Force
      $signedFilesPath = '$(System.ArtifactsDirectory)\thirdPartySigned'
      $BuildPath = '$(System.ArtifactsDirectory)\$(SymbolsFolder)'

      Update-PSSignedBuildFolder -BuildPath $BuildPath -SignedFilesPath $SignedFilesPath
    displayName: Merge ThirdParty signed files with Build
    condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))

  - powershell: |
      Import-Module $(PowerShellRoot)/build.psm1 -Force
      Import-Module $(PowerShellRoot)/tools/packaging -Force

      $destFolder = '$(System.ArtifactsDirectory)\signedZip'
      $BuildPath = '$(System.ArtifactsDirectory)\$(SymbolsFolder)'

      New-Item -ItemType Directory -Path $destFolder -Force

      $BuildPackagePath = New-PSBuildZip -BuildPath $BuildPath -DestinationFolder $destFolder

      Write-Verbose -Verbose "New-PSSignedBuildZip returned `$BuildPackagePath as: $BuildPackagePath"
      Write-Host "##vso[artifact.upload containerfolder=results;artifactname=results]$BuildPackagePath"

      $vstsCommandString = "vso[task.setvariable variable=BuildPackagePath]$BuildPackagePath"
      Write-Host ("sending " + $vstsCommandString)
      Write-Host "##$vstsCommandString"
    displayName: Compress signed files

  - powershell: |
      $runtime = switch ($env:Architecture)
        {
          "x64" { "win7-x64" }
          "x86" { "win7-x86" }
          "arm" { "win-arm"}
          "arm64" { "win-arm64" }
          "fxdependent" { "fxdependent" }
          "fxdependentWinDesktop" { "fxdependent-win-desktop" }
        }

      $signedPkg = "$(BuildPackagePath)"

      Write-Verbose -Verbose -Message "signedPkg = $signedPkg"

      $(PowerShellRoot)/tools/releaseBuild/Images/microsoft_powershell_windowsservercore/PowerShellPackage.ps1 -BuildZip $signedPkg -location '$(PowerShellRoot)' -destination '$(System.ArtifactsDirectory)\pkgSigned' -Runtime $runtime -ReleaseTag '$(ReleaseTagVar)'
    displayName: 'Build Windows Universal - $(Architecture) Package'

  - powershell: |
      Get-ChildItem '$(System.ArtifactsDirectory)\pkgSigned' | ForEach-Object {
        $packagePath = $_.FullName
        Write-Host "Uploading $packagePath"
        Write-Host "##vso[artifact.upload containerfolder=signed;artifactname=signed]$packagePath"
      }
    displayName: Upload packages

  - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
    displayName: 'Component Detection'
    inputs:
      sourceScanPath: '$(Build.SourcesDirectory)'
      snapshotForceEnabled: true

  - powershell: |
      if ((Test-Path "\PowerShell")) {
        Remove-Item -Path "\PowerShell" -Force -Recurse -Verbose
      }
      else {
        Write-Verbose -Verbose -Message "No cleanup required."
      }

      if((Test-Path "${env:ProgramFiles(x86)}\WiX Toolset xcopy")) {
        Write-Verbose -Verbose "Cleaning up Wix tools"
        Remove-Item "${env:ProgramFiles(x86)}\WiX Toolset xcopy" -Recurse -Force
      }
    displayName: Clean up local Clone
    condition: always()