azure-pipelines.yml

# ASP.NET Core (.NET Framework)
# Build and test ASP.NET Core projects targeting the full .NET Framework.
# Add steps that publish symbols, save build artifacts, and more:
# https://learn.microsoft.com/azure/devops/pipelines/languages/dotnet-core

trigger:
- '*'

name: $(SourceBranchName)-$(Date:yyyyMMdd)$(Rev:.r)

variables:
  solution: 'apidoctools.sln'
  buildConfiguration: 'Release'
  mdocPath: 'bin/$(buildConfiguration)'

stages:
- stage: SDLCheck
  jobs:
  - job: SDLCheck
    pool:
      vmImage: 'windows-latest'

    steps:
    - task: CredScan@2
      displayName: Security - CredScan
      inputs:
        toolMajorVersion: 'V2'

    - task: CmdLine@2
      displayName: make prepare
      inputs:
        script: 'make prepare'

    - task: MSBuild@1
      displayName: MSBuild
      inputs:
        solution: '$(solution)'
        configuration: '$(buildConfiguration)'

    - task: BinSkim@3
      displayName: Security - BinSkim
      inputs:
        InputType: 'Basic'
        Function: 'analyze'
        AnalyzeTarget: '$(mdocPath)\*.dll;$(mdocPath)\*.exe;'

    - task: SdtReport@1
      displayName: Security - SdtReport
      inputs:
        AllTools: false
        CredScan: true
        BinSkim: true
        ToolLogsNotFoundAction: 'Standard'

    - task: PublishSecurityAnalysisLogs@2
      displayName: Security - Publish Scan Results
      inputs:
        ArtifactName: 'CodeAnalysisLogs'
        ArtifactType: 'Container'
        AllTools: true
        ToolLogsNotFoundAction: 'Standard'

    - task: TSAUpload@1
      inputs:
        tsaVersion: 'TsaV2'
        codebase: 'Existing'
        tsaEnvironment: 'PROD'
        codeBaseName: 'Docs_Mdoc'
        uploadBinSkim: true
        uploadCredScan: true
        uploadAsync: true

    - task: PostAnalysis@1
      displayName: Security - PostAnalysis
      inputs:
        AllTools: false
        CredScan: true
        BinSkim: true
        ToolLogsNotFoundAction: 'Standard'  

    - task: ComponentGovernanceComponentDetection@0
      inputs:
        scanType: 'Register'
        verbosity: 'Verbose'
        alertWarningLevel: 'High'

- stage: Build
  dependsOn: SDLCheck
  jobs:
  - job: Build
    pool:
      vmImage: 'macos-latest'

    steps:
    - task: NuGetToolInstaller@1
      displayName: Install NuGet Tool

    - task: UseDotNet@2
      displayName: 'Use .NET Core sdk'
      inputs:
        packageType: sdk
        version: 2.1.x
        installationPath: $(Agent.ToolsDirectory)/dotnet

    - task: UseDotNet@2
      displayName: 'Use .NET 6.0.x'
      inputs:
        packageType: sdk
        version: 6.0.x
        installationPath: $(Agent.ToolsDirectory)/dotnet

    - task: Bash@3
      displayName: Run Unit and Integration Tests
      inputs:
        targetType: 'inline'
        script: 'make prepare clean all check CONFIGURATION=$(buildConfiguration)'

    - task: EsrpCodeSigning@1
      displayName: Sign executable and dll files
      condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest'))
      inputs:
        ConnectedServiceName: 'CodeSigning-APEX'
        FolderPath: '$(mdocPath)'
        UseMinimatch: true
        signConfigType: inlineSignParams
        SessionTimeout: '60'
        MaxConcurrency: '100'
        MaxRetryAttempts: '5'
        Pattern: |
            *.dll
            *.exe
        inlineOperation: |
          [
            {
              "KeyCode": "CP-230012",
              "OperationSetCode": "SigntoolSign",
              "parameters": [
                {
                  "parameterName": "OpusName",
                  "parameterValue": "Microsoft"
                },
                {
                  "parameterName": "OpusInfo",
                  "parameterValue": "http://www.microsoft.com"
                },
                {
                  "parameterName": "PageHash",
                  "parameterValue": "/NPH"
                },
                {
                  "parameterName": "TimeStamp",
                  "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
                },
                {
                  "parameterName": "FileDigest",
                  "parameterValue": "/fd \"SHA256\""
                }
              ],
              "ToolName": "sign",
              "ToolVersion": "1.0"
            },
            {
              "KeyCode": "CP-230012",
              "OperationSetCode": "SigntoolVerify",
              "Parameters": [
                {
                  "parameterName": "VerifyAll",
                  "parameterValue": "/all"
                }
              ],
              "ToolName": "sign",
              "ToolVersion": "1.0"
            }
          ]

    - task: ArchiveFiles@2
      displayName: Archive mdoc Files
      inputs:
        rootFolderOrFile: '$(mdocPath)'
        includeRootFolder: false
        archiveType: 'zip'
        archiveFile: '$(Build.ArtifactStagingDirectory)/zips/mdoc-$(Build.BuildNumber).zip'
        replaceExistingArchive: true

    - task: PublishBuildArtifacts@1
      displayName: 'Publish mdoc Artifact'
      inputs:
        PathtoPublish: '$(Build.ArtifactStagingDirectory)/zips'
        ArtifactName: 'mdoc.Artifact'

    - task: PowerShell@2
      name: 'mdocVersion'
      displayName: 'Checking remote and local version of mdoc'
      condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
      inputs:
        filePath: 'mdoc/CheckNugetPublish.ps1'

    - task: NuGetCommand@2
      displayName: 'Create a NuGet package for mdoc'
      condition: eq(variables['mdocVersion.NeedUpdate'], true)
      inputs:
        command: 'pack'
        packagesToPack: 'mdoc/mdoc.nuspec'

    - task: EsrpCodeSigning@1
      displayName: 'Sign NuGet packages'
      condition: eq(variables['mdocVersion.NeedUpdate'], true)
      inputs:
        ConnectedServiceName: 'CodeSigning-APEX'
        FolderPath: '$(Build.ArtifactStagingDirectory)'
        Pattern: '*.nupkg'
        signConfigType: inlineSignParams
        inlineOperation: |
          [
                {
                    "KeyCode" : "CP-401405",
                    "OperationSetCode" : "NuGetSign",
                    "Parameters" : [
                        {
                          "parameterName": "TimeStamp",
                          "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
                        },
                        {
                          "parameterName": "FileDigest",
                          "parameterValue": "/fd \"SHA256\""
                        }
                    ],
                    "ToolName" : "sign",
                    "ToolVersion" : "1.0"
                },
                {
                    "KeyCode" : "CP-401405",
                    "OperationSetCode" : "NuGetVerify",
                    "Parameters" : [],
                    "ToolName" : "sign",
                    "ToolVersion" : "1.0"
                }
          ]
        SessionTimeout: 20

    # - task: NuGetCommand@2
    #   displayName: 'Publishing mdoc package to nuget.org'
    #   condition: eq(variables['mdocVersion.NeedUpdate'], true)
    #   inputs:
    #     command: 'push'
    #     packagesToPush: '$(Build.ArtifactStagingDirectory)/**/*.nupkg;!$(Build.ArtifactStagingDirectory)/**/*.symbols.nupkg'
    #     nuGetFeedType: 'external'
    #     publishFeedCredentials: 'mdoc_nuget_org'