# This template contains a job to build the app for a single architecture and run static analysis
# tools on the binaries.
# The app is built in a production configuration to be released to the Store and the Windows image.
# This job relies on Microsoft-internal resources to run.

parameters:
  platform: ''
  condition: ''

jobs:
- job: Build${{ parameters.platform }}
  displayName: Build ${{ parameters.platform }}
  condition: ${{ parameters.condition }}
  pool:
    vmImage: windows-2019
  variables:
    BuildConfiguration: Release
    BuildPlatform: ${{ parameters.platform }}
  steps:
  - checkout: self
    fetchDepth: 1

  - task: UniversalPackages@0
    displayName: Download internals package
    inputs:
      command: download
      downloadDirectory: $(Build.SourcesDirectory)
      vstsFeed: WindowsInboxApps
      vstsFeedPackage: calculator-internals
      vstsPackageVersion: 0.0.54

  - template: ./build-single-architecture.yaml
    parameters:
      extraMsBuildArgs: '/p:IsStoreBuild=true'

  - task: PublishSymbols@2
    displayName: Publish symbols
    inputs:
      symbolsFolder: $(Build.BinariesDirectory)\$(BuildConfiguration)\$(BuildPlatform)
      searchPattern: '**/*.pdb'
      symbolServerType: teamServices
      treatNotIndexedAsWarning: true
      symbolsArtifactName: $(System.teamProject)/$(Build.BuildNumber)_$(BuildPlatform)$(BuildConfiguration)

  - task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@3
    displayName: Run BinSkim
    inputs:
      inputType: Basic
      analyzeTarget: $(Build.BinariesDirectory)\$(BuildConfiguration)\$(BuildPlatform)\Calculator\*
      analyzeVerbose: true
      analyzeHashes: true
    continueOnError: true

  - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
    displayName: Run PoliCheck
    inputs:
      targetType: F

  - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
    displayName: Publish security analysis logs

  - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
    displayName: Detect open source components
    inputs:
      sourceScanPath: $(Agent.BuildDirectory)