nix-dotfiles/pkgs/edit/.pipelines/release.yml

# Documentation:  https://aka.ms/obpipelines

trigger: none

parameters:
  - name: debug
    displayName: Enable debug output
    type: boolean
    default: false
  - name: official
    displayName: Whether to build Official or NonOfficial
    type: string
    default: NonOfficial
    values:
      - NonOfficial
      - Official
  - name: createvpack
    displayName: Enable vpack creation
    type: boolean
    default: false
  - name: buildPlatforms
    type: object
    default:
      - x86_64-pc-windows-msvc
      - aarch64-pc-windows-msvc

variables:
  system.debug: ${{parameters.debug}}
  WindowsContainerImage: onebranch.azurecr.io/windows/ltsc2022/vse2022:latest
  # CDP_DEFINITION_BUILD_COUNT is needed for onebranch.pipeline.version task.
  # See: https://aka.ms/obpipelines/versioning
  CDP_DEFINITION_BUILD_COUNT: $[counter('', 0)]
  # LOAD BEARING - the vpack task fails without these
  ROOT: $(Build.SourcesDirectory)
  REPOROOT: $(Build.SourcesDirectory)
  OUTPUTROOT: $(REPOROOT)\out
  NUGET_XMLDOC_MODE: none

resources:
  repositories:
    - repository: GovernedTemplates
      type: git
      name: OneBranch.Pipelines/GovernedTemplates
      ref: refs/heads/main

extends:
  template: v2/Microsoft.${{parameters.official}}.yml@GovernedTemplates
  parameters:
    featureFlags:
      WindowsHostVersion:
        Version: 2022
        Network: R1
    platform:
      name: windows_undocked
      product: edit
    # https://aka.ms/obpipelines/cloudvault
    cloudvault:
      enabled: false
    # https://aka.ms/obpipelines/sdl
    globalSdl:
      binskim:
        # > Due to some legacy reasons, 1ES PT is scanning full sources directory
        # > for BinSkim tool instead of just scanning the output directory [...]
        scanOutputDirectoryOnly: true
      isNativeCode: true
      tsa:
        enabled: ${{eq(parameters.official, 'Official')}}
        configFile: "$(Build.SourcesDirectory)/.pipelines/tsa.json"
    stages:
      # Our Build stage will build all three targets in one job, so we don't need
      # to repeat most of the boilerplate work in three separate jobs.
      - stage: Build
        jobs:
          - job: Windows
            pool:
              type: windows
            variables:
              # Binaries will go here.
              # More settings at https://aka.ms/obpipelines/yaml/jobs
              ob_outputDirectory: "$(Build.SourcesDirectory)/out"
              # The vPack gets created from stuff in here.
              # It will have a structure like:
              # .../vpack/
              #      - amd64/
              #         - edit.exe
              #      - i386/
              #         - edit.exe
              #      - arm64/
              #         - edit.exe
              ob_createvpack_enabled: ${{parameters.createvpack}}
              ob_createvpack_vpackdirectory: "$(ob_outputDirectory)/vpack"
              ob_createvpack_packagename: "windows_edit.$(Build.SourceBranchName)"
              ob_createvpack_owneralias: lhecker@microsoft.com
              ob_createvpack_description: Microsoft Edit
              ob_createvpack_targetDestinationDirectory: "$(Destination)"
              ob_createvpack_propsFile: false
              ob_createvpack_provData: true
              ob_createvpack_versionAs: string
              ob_createvpack_version: "$(EditVersion)-$(CDP_DEFINITION_BUILD_COUNT)"
              ob_createvpack_metadata: "$(Build.SourceVersion)"
              ob_createvpack_topLevelRetries: 0
              ob_createvpack_failOnStdErr: true
              ob_createvpack_verbose: ${{ parameters.debug }}
              # For details on this cargo_target_dir setting, see:
              # https://eng.ms/docs/more/rust/topics/onebranch-workaround
              CARGO_TARGET_DIR: C:\cargo_target_dir
              # msrustup only supports stable toolchains, but this project requires nightly.
              # We were told RUSTC_BOOTSTRAP=1 is a supported workaround.
              RUSTC_BOOTSTRAP: 1
            steps:
              # NOTE: Step objects have ordered keys and you MUST have "task" as the first key.
              # Objects with ordered keys... lol
              - task: RustInstaller@1
                displayName: Install Rust toolchain
                inputs:
                  rustVersion: ms-stable
                  additionalTargets: x86_64-pc-windows-msvc aarch64-pc-windows-msvc
                  # URL of an Azure Artifacts feed configured with a crates.io upstream. Must be within the current ADO collection.
                  # NOTE: Azure Artifacts support for Rust is not yet public, but it is enabled for internal ADO organizations.
                  # https://learn.microsoft.com/en-us/azure/devops/artifacts/how-to/set-up-upstream-sources?view=azure-devops
                  cratesIoFeedOverride: sparse+https://pkgs.dev.azure.com/microsoft/Dart/_packaging/Edit_PublicPackages/Cargo/index/
                  # URL of an Azure Artifacts NuGet feed configured with the mscodehub Rust feed as an upstream.
                  # * The feed must be within the current ADO collection.
                  # * The CI account, usually "Project Collection Build Service (org-name)", must have at least "Collaborator" permission.
                  # When setting up the upstream NuGet feed, use following Azure Artifacts feed locator:
                  #   azure-feed://mscodehub/Rust/Rust@Release
                  toolchainFeed: https://pkgs.dev.azure.com/microsoft/_packaging/RustTools/nuget/v3/index.json
              - task: CargoAuthenticate@0
                displayName: Authenticate with Azure Artifacts
                inputs:
                  configFile: ".cargo/release-windows-ms.toml"
              # We recommend making a separate `cargo fetch` step, as some build systems perform
              # fetching entirely prior to the build, and perform the build with the network disabled.
              - script: cargo fetch --config .cargo/release-windows-ms.toml
                displayName: Fetch crates
              - ${{ each platform in parameters.buildPlatforms }}:
                  - script: cargo build --config .cargo/release-windows-ms.toml --frozen --release --target ${{platform}}
                    displayName: Build ${{platform}} Release
                  - task: CopyFiles@2
                    displayName: Copy files to vpack (${{platform}})
                    inputs:
                      sourceFolder: "$(CARGO_TARGET_DIR)/${{platform}}/release"
                      ${{ if eq(platform, 'i686-pc-windows-msvc') }}:
                        targetFolder: "$(ob_createvpack_vpackdirectory)/i386"
                      ${{ elseif eq(platform, 'x86_64-pc-windows-msvc') }}:
                        targetFolder: "$(ob_createvpack_vpackdirectory)/amd64"
                      ${{ else }}: # aarch64-pc-windows-msvc
                        targetFolder: "$(ob_createvpack_vpackdirectory)/arm64"
                      contents: |
                        *.exe
                        *.pdb                        
              # Extract the version for `ob_createvpack_version`.
              - script: |-
                  @echo off
                  for /f "tokens=3 delims=- " %%x in ('findstr /c:"version = " Cargo.toml') do (
                      echo ##vso[task.setvariable variable=EditVersion]%%~x
                      goto :EOF
                  )                  
                displayName: "Set EditVersion"
              - task: onebranch.pipeline.signing@1
                displayName: "Sign files"
                inputs:
                  command: "sign"
                  signing_profile: "external_distribution"
                  files_to_sign: "**/edit.exe"
                  search_root: "$(ob_createvpack_vpackdirectory)"
                  use_testsign: false
                  in_container: true