# This template contains a job to build the app for a single architecture and run static analysis
# tools on the binaries.
# The app is built in a production configuration to be released to the Store and the Windows image.
# This job relies on Microsoft-internal resources to run.

parameters:
  platform: ''
  condition: ''
  isPublicRelease: false

jobs:
- job: Build${{ parameters.platform }}
  displayName: Build ${{ parameters.platform }}
  condition: ${{ parameters.condition }}
  pool:
    vmImage: windows-2019
  variables:
    BuildConfiguration: Release
    BuildPlatform: ${{ parameters.platform }}
  steps:
  - checkout: self
    fetchDepth: 1

  - task: UniversalPackages@0
    displayName: Download internals package
    inputs:
      command: download
      downloadDirectory: $(Build.SourcesDirectory)
      vstsFeed: WindowsInboxApps
      vstsFeedPackage: calculator-internals
      ${{ if eq(parameters.isPublicRelease, true) }}:
        vstsPackageVersion: 0.0.66
      ${{ if eq(parameters.isPublicRelease, false) }}:
        vstsPackageVersion: 0.0.65

  - template: ./build-single-architecture.yaml
    parameters:
      extraMsBuildArgs: '/p:IsStoreBuild=true'

  - task: PublishSymbols@2
    displayName: Publish symbols
    inputs:
      symbolsFolder: $(Build.BinariesDirectory)\$(BuildConfiguration)\$(BuildPlatform)
      searchPattern: '**/*.pdb'
      symbolServerType: teamServices
      treatNotIndexedAsWarning: true
      symbolsArtifactName: $(System.teamProject)/$(Build.BuildNumber)_$(BuildPlatform)$(BuildConfiguration)

  - task: CopyFiles@2
    displayName: Copy Files for BinSkim analysis
    inputs:
      SourceFolder: '$(Build.BinariesDirectory)\$(BuildConfiguration)\$(BuildPlatform)\Calculator\'
      # Setting up a folder to store all the binary files that we need BinSkim to scan.
      # If we put more things than we produce pdbs for and can index (such as nuget packages that ship without pdbs), binskim will fail.
      # Below are ignored files
      #   - clrcompression.dll
      Contents: |
        **\*
        !**\clrcompression.dll
      TargetFolder: '$(Agent.BuildDirectory)\binskim'
      CleanTargetFolder: true
      OverWrite: true
      flattenFolders: false
      analyzeTarget: '$(Agent.BuildDirectory)\binskim\*'

  - task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@3
    displayName: Run BinSkim
    inputs:
      inputType: Basic
      analyzeTarget: '$(Agent.BuildDirectory)\binskim\*'
      analyzeVerbose: true
      analyzeHashes: true
    continueOnError: true

  - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
    displayName: Run PoliCheck
    inputs:
      targetType: F

  - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
    displayName: Publish security analysis logs

  - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
    displayName: Detect open source components
    inputs:
      sourceScanPath: $(Agent.BuildDirectory)