build.yaml

trigger:
- develop
- rel/*
- feature/*
- bugfix/*

pr:
- develop
- rel/*

stages:
- stage: Build
  jobs:
  - job: Build
    pool:
      vmImage: windows-latest

    variables:
      BuildConfiguration: Release
      DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true

    steps:
    - task: UseDotNet@2
      displayName: 'Use .NET Core SDK 8.x'
      inputs:
        version: 8.x
        performMultiLevelLookup: true

    - task: DotNetCoreCLI@2
      inputs:
        command: custom
        custom: tool
        arguments: install --tool-path . nbgv
      displayName: Install NBGV tool

    - script: nbgv cloud
      displayName: Set Version

    - task: MSBuild@1
      displayName: 'Build solution Kerberos.NET.sln'
      inputs:
        solution: Kerberos.NET.sln
        configuration: $(BuildConfiguration)
        msbuildArguments: /restore /p:CreatePackage=true
        maximumCpuCount: true

    - task: DotNetCoreCLI@2
      inputs:
        command: test
        projects: Tests/**/*.csproj
        arguments: -c $(BuildConfiguration) --no-build --no-restore --settings CodeCoverage.runsettings --collect:"XPlat Code Coverage" 
      displayName: Run Unit Tests

    - task: DotNetCoreCLI@2
      inputs:
        command: 'pack'
        packagesToPack: './Bruce/Bruce.csproj'
        nobuild: true
        outputDir: $(Build.ArtifactStagingDirectory)
      displayName: Pack Bruce tool
  
    - task: PublishBuildArtifacts@1
      inputs:
        PathtoPublish: '$(Build.ArtifactStagingDirectory)'
        publishLocation: 'Container'

#    - task: DotNetCoreCLI@2
#      inputs:
#        command: custom
#        custom: tool
#        arguments: install --tool-path . dotnet-reportgenerator-globaltool
#      displayName: Install ReportGenerator tool

#    - script: reportgenerator -reports:$(Agent.TempDirectory)/**/coverage.cobertura.xml -targetdir:$(Build.SourcesDirectory)/coverlet/reports -reporttypes:"Cobertura"
#      displayName: Create reports

#    - task: PublishCodeCoverageResults@1
#      displayName: 'Publish code coverage'
#      inputs:
#        codeCoverageTool: Cobertura
#        summaryFileLocation: $(Build.SourcesDirectory)/coverlet/reports/Cobertura.xml

    - task: NuGetAuthenticate@0
      displayName: 'NuGet Authenticate'
    - task: NuGetCommand@2
      displayName: 'NuGet push'
      inputs:
        command: push
        publishVstsFeed: 'Kerberos.NET/kerberos.net'
        allowPackageConflicts: true

    - publish: artifacts
      displayName: Publish build packages
      artifact: BuildPackages

    - publish: config
      displayName: Publish Signing Scripts
      artifact: config

- stage: CodeSign
  dependsOn: Build
  condition: and(succeeded('Build'), not(eq(variables['build.reason'], 'PullRequest'))) # Only run this stage on pushes to the main branch
  jobs:
  - job: CodeSign
    displayName: Code Signing
    pool:
      vmImage: windows-latest # Code signing must run on a Windows agent for Authenticode signing (dll/exe)
    variables:
    - group: Sign Client Secrets # This is a variable group with secrets in it 

    steps:

    # Retreive unsigned artifacts and file list
    - download: current
      artifact: config
      displayName: Download signing file list

    - download: current
      artifact: BuildPackages
      displayName: Download build artifacts

    - download: current
      artifact: drop
      displayName: Download drop build artifacts

    - task: UseDotNet@2
      displayName: 'Use .NET SDK 8.x'
      inputs:
        version: 8.x

    # Install the code signing tool
    - task: DotNetCoreCLI@2
      inputs:
        command: custom
        custom: tool
        arguments: install --tool-path . sign --version 0.9.0-beta.23127.3
      displayName: Install SignTool tool

    # Run the signing command
    - pwsh: |
        .\sign code azure-key-vault `
        "**/*.nupkg" `
        --base-directory "$(Pipeline.Workspace)\BuildPackages" `
        --file-list "$(Pipeline.Workspace)\config\filelist.txt" `
        --publisher-name "Kerberos.NET" `
        --description "Kerberos.NET" `
        --description-url "https://github.com/dotnet/Kerberos.NET" `
        --azure-key-vault-tenant-id "$(SignTenantId)" `
        --azure-key-vault-client-id "$(SignClientId)" `
        --azure-key-vault-client-secret "$(SignClientSecret)" `
        --azure-key-vault-certificate "$(SignKeyVaultCertificate)" `
        --azure-key-vault-url "$(SignKeyVaultUrl)"
      displayName: Sign Kerberos.NET

    - pwsh: |
        .\sign code azure-key-vault `
        "**/*.nupkg" `
        --base-directory "$(Pipeline.Workspace)\drop" `
        --file-list "$(Pipeline.Workspace)\config\filelist.txt" `
        --publisher-name "Bruce" `
        --description "Command line client for Kerberos.NET" `
        --description-url "https://github.com/dotnet/Kerberos.NET" `
        --azure-key-vault-tenant-id "$(SignTenantId)" `
        --azure-key-vault-client-id "$(SignClientId)" `
        --azure-key-vault-client-secret '$(SignClientSecret)' `
        --azure-key-vault-certificate "$(SignKeyVaultCertificate)" `
        --azure-key-vault-url "$(SignKeyVaultUrl)"
      displayName: Sign Bruce
          
    - publish: $(Pipeline.Workspace)/BuildPackages
      displayName: Publish Signed Packages
      artifact: SignedPackages
        
    - publish: $(Pipeline.Workspace)/Drop
      displayName: Publish Signed Drop
      artifact: SignedDrop