azure-pipeline.yml

variables:
  - name: _TeamName
    value: DotNetCore
  - name: _BuildConfig 
    value: Release
  - name: _PublishUsingPipelines
    value: true
  - name: _DotNetArtifactsCategory
    value: .NETCore
  - name: MSBuildEnableWorkloadResolver # TODO: Remove when fixed -- https://github.com/dotnet/sdk/issues/17461
    value: false
  - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
    - group: AzureDevOps-Artifact-Feeds-Pats
    - group: UpgradeAssistant_SDL_Settings
  - name: DownloadLooseAssemblyIndex
    value: true
  - name: net5ver
    value: 5.0.x
  - name: net6ver
    value: 6.0.x

trigger:
  batch: true
  branches:
    include:
      - main
pr:
  branches:
    include:
    - '*'

stages:
- stage: build
  displayName: Build
  jobs:
  - template: /eng/common/templates/jobs/jobs.yml
    parameters:
      enableMicrobuild: true
      enablePublishBuildArtifacts: true
      enablePublishBuildAssets: true
      enablePublishTestResults: true
      enablePublishUsingPipelines: ${{ variables._PublishUsingPipelines }}
      enableTelemetry: true
      jobs:
      - job: Windows_NT
        pool:
          ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}:
            name: NetCore1ESPool-Public
            demands: ImageOverride -equals build.windows.amd64.vs2022.pre.open
          ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
            name: NetCore1ESPool-Internal
            demands: ImageOverride -equals build.windows.amd64.vs2022.pre
        variables:
        # Enable signing for internal, non-PR builds
        - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
          - group: DotNet-Blob-Feed
          - group: DotNet-Symbol-Server-Pats
          - name: _SignType
            value: Real
          - name: _DotNetPublishToBlobFeed
            value: true
          - name: _BuildArgs
            value: /p:SignType=$(_SignType)
              /p:DotNetSignType=$(_SignType)
              /p:TeamName=$(_TeamName)
              /p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines)
              /p:OfficialBuildId=$(BUILD.BUILDNUMBER)
          - name: _OfficialBuildIdArgs
        # else
        - ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}:
          - name: _SignType
            value: Test
          - name: _BuildArgs
            value: /p:SignType=$(_SignType)
              /p:DotNetSignType=$(_SignType)
        strategy:
          matrix:
            Debug:
              _BuildConfig: Debug
            Release:
              _BuildConfig: Release
        steps:
        - checkout: self
          clean: true
          submodules: true
        - task: UseDotNet@2
          displayName: Use .NET Core $(net5ver)
          inputs:
            packageType: sdk
            version: $(net5ver)
            installationPath: $(Build.SourcesDirectory)/.dotnet
        - task: UseDotNet@2
          displayName: Use .NET Core $(net6ver)
          inputs:
            packageType: sdk
            version: $(net6ver)
            installationPath: $(Build.SourcesDirectory)/.dotnet
        - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
          - task: PowerShell@2
            displayName: Setup Private Feeds Credentials
            condition: eq(variables['Agent.OS'], 'Windows_NT')
            inputs:
              filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.ps1
              arguments: -ConfigFile $(Build.SourcesDirectory)/NuGet.config -Password $Env:Token
            env:
              Token: $(dn-bot-dnceng-artifact-feeds-rw)
        - script: eng\common\cibuild.cmd
            /p:MSBuildEnableWorkloadResolver=$(MSBuildEnableWorkloadResolver)
            -configuration $(_BuildConfig) 
            -prepareMachine
            $(_BuildArgs)
          displayName: Windows Build / Publish

- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
  - template: eng\common\templates\post-build\post-build.yml
    parameters:
      publishingInfraVersion: 3
      enableSymbolValidation: false
      enableSourceLinkValidation: false
      # This is to enable SDL runs part of Post-Build Validation Stage
      SDLValidationParameters:
        enable: true
        params: ' -SourceToolsList @("policheck","credscan")
        -TsaInstanceURL $(_TsaInstanceURL)
        -TsaProjectName $(_TsaProjectName)
        -TsaNotificationEmail $(_TsaNotificationEmail)
        -TsaCodebaseAdmin $(_TsaCodebaseAdmin)
        -TsaBugAreaPath $(_TsaBugAreaPath)
        -TsaIterationPath $(_TsaIterationPath)
        -TsaRepositoryName "Dotnet-Upgrade-Assistant"
        -TsaCodebaseName "Dotnet-Upgrade-Assistant"
        -TsaPublish $True'