.azure-pipelines/signjars-nightly.yml

name: $(Date:yyyyMMdd).$(Rev:r)
variables:
  - name: Codeql.Enabled
    value: true
schedules:
  - cron: 0 5 * * 1,2,3,4,5
    branches:
      include:
        - refs/heads/main
resources:
  repositories:
    - repository: self
      type: git
      ref: refs/heads/main
    - repository: 1esPipelines
      type: git
      name: 1ESPipelineTemplates/1ESPipelineTemplates
      ref: refs/tags/release
trigger: none
extends:
  template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
  parameters:
    pool:
      os: linux
      name: 1ES_JavaTooling_Pool
      image: 1ES_JavaTooling_Ubuntu-2004
    sdl:
      sourceAnalysisPool:
        name: 1ES_JavaTooling_Pool
        image: 1ES_JavaTooling_Windows_2022
        os: windows
    customBuildTags:
      - MigrationTooling-mseng-VSJava-13474-Tool
    stages:
      - stage: Build
        jobs:
          - job: Job_1
            displayName: Sign-Jars-Nightly
            templateContext:
              outputs:
                - output: pipelineArtifact
                  artifactName: plugin
                  targetPath: $(Build.ArtifactStagingDirectory)
                  displayName: "Publish Artifact: plugin"
            steps:
              - checkout: self
                fetchTags: true
              - task: JavaToolInstaller@0
                displayName: Use Java 17
                inputs:
                  versionSpec: "17"
                  jdkArchitectureOption: x64
                  jdkSourceOption: PreInstalled
              - task: CmdLine@2
                displayName: Parse the release version from pom.xml
                inputs:
                  script: |-
                    #!/bin/bash

                    sudo apt-get install xmlstarlet
                    xmlstarlet --version
                    RELEASE_VERSION=$(xmlstarlet sel -t -v "/_:project/_:version" pom.xml)
                    echo $RELEASE_VERSION
                    echo "##vso[task.setvariable variable=RELEASE_VERSION]$RELEASE_VERSION"
              - task: CmdLine@2
                displayName: Build core.jar
                inputs:
                  script: |
                    ./mvnw clean install -f com.microsoft.java.debug.core/pom.xml -Dmaven.repo.local=./.repository

                    mkdir -p jars
                    mv .repository/com/microsoft/java/com.microsoft.java.debug.core/$RELEASE_VERSION/com.microsoft.java.debug.core*.jar jars/
              - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@2
                displayName: Sign core.jar
                inputs:
                  ConnectedServiceName: vscjavaci_codesign
                  FolderPath: jars
                  Pattern: com.microsoft.java.debug.core*.jar
                  signConfigType: inlineSignParams
                  inlineOperation: |-
                    [
                      {
                        "KeyCode" : "CP-447347-Java",
                        "OperationCode" : "JavaSign",
                        "Parameters" : {
                            "SigAlg" : "SHA256withRSA",
                            "Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
                        },
                        "ToolName" : "sign",
                        "ToolVersion" : "1.0"
                      },
                      {
                        "KeyCode" : "CP-447347-Java",
                        "OperationCode" : "JavaVerify",
                        "Parameters" : {},
                        "ToolName" : "sign",
                        "ToolVersion" : "1.0"
                      }
                    ]
              - task: CmdLine@2
                displayName: install signed core.jar
                inputs:
                  script: cp jars/com.microsoft.java.debug.core*.jar .repository/com/microsoft/java/com.microsoft.java.debug.core/$RELEASE_VERSION/
              - task: CmdLine@2
                displayName: Build plugin.jar
                inputs:
                  script: |-
                    ./mvnw clean install -f com.microsoft.java.debug.target/pom.xml -Dmaven.repo.local=./.repository
                    ./mvnw clean install -f com.microsoft.java.debug.plugin/pom.xml -Dmaven.repo.local=./.repository

                    mkdir -p jars
                    mv .repository/com/microsoft/java/com.microsoft.java.debug.plugin/$RELEASE_VERSION/com.microsoft.java.debug.plugin*.jar jars/
              - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@2
                displayName: Sign plugin.jar
                inputs:
                  ConnectedServiceName: vscjavaci_codesign
                  FolderPath: jars
                  Pattern: com.microsoft.java.debug.plugin*.jar
                  signConfigType: inlineSignParams
                  inlineOperation: |-
                    [
                      {
                        "KeyCode" : "CP-447347-Java",
                        "OperationCode" : "JavaSign",
                        "Parameters" : {
                            "SigAlg" : "SHA256withRSA",
                            "Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
                        },
                        "ToolName" : "sign",
                        "ToolVersion" : "1.0"
                      },
                      {
                        "KeyCode" : "CP-447347-Java",
                        "OperationCode" : "JavaVerify",
                        "Parameters" : {},
                        "ToolName" : "sign",
                        "ToolVersion" : "1.0"
                      }
                    ]
              - task: CopyFiles@2
                displayName: "Copy plugin.jar to: $(Build.ArtifactStagingDirectory)"
                inputs:
                  Contents: |+
                    jars/com.microsoft.java.debug.plugin*.jar

                  TargetFolder: $(Build.ArtifactStagingDirectory)