azure-pipelines.yaml

name: android-tools $(Rev:r)

trigger:
- main
- release/*

pr:
- main
- release/*

parameters:
- name: ApiScanSourceBranch
  default: refs/heads/main

# Global variables
variables:
  - name: DotNetCoreVersion
    value: 6.0.x

jobs:
- job: build
  displayName: Build and Test
  timeoutInMinutes: 60
  strategy:
    matrix:
      macOS:
        vmImage: macOS-13
      windows:
        vmImage: windows-2022
        Codeql.Enabled: true
  pool:
    vmImage: $(vmImage)
  workspace:
    clean: all
  steps:
  - checkout: self
    clean: true

  - task: UseDotNet@2
    displayName: Use .NET Core $(DotNetCoreVersion)
    inputs:
      version: $(DotNetCoreVersion)

  - task: UseDotNet@2
    displayName: Use .NET Core 8.0.x
    inputs:
      version: 8.0.x

  - task: DotNetCoreCLI@2
    displayName: Build solution Xamarin.Android.Tools.sln
    inputs:
      projects: Xamarin.Android.Tools.sln
      arguments: -bl:$(Build.ArtifactStagingDirectory)/build.binlog

  - task: DotNetCoreCLI@2
    displayName: Run Tests
    inputs:
      command: test
      projects: bin/TestDebug-net*/**/*-Tests.dll

  - powershell: |
      $hashOfLastVersionChange = & "git" "log" "--follow" "-1" "--pretty=%H" "nuget.version"
      $commitsSinceVersionChange = & "git" "rev-list" "--count" "$hashOfLastVersionChange..HEAD"
      $majorMinor = Get-Content "nuget.version"
      $version = "$majorMinor.$commitsSinceVersionChange"
      Write-Host "##vso[task.setvariable variable=xat.nuget.version]$version"
    condition: and(succeeded(), eq(variables['agent.os'], 'Windows_NT'))

  - task: DotNetCoreCLI@2
    displayName: Build NuGet
    inputs:
      command: custom
      projects: src/Xamarin.Android.Tools.AndroidSdk/Xamarin.Android.Tools.AndroidSdk.csproj
      custom: pack
      arguments: -p:Version=$(xat.nuget.version) -p:PackageOutputPath=$(Build.ArtifactStagingDirectory) -bl:$(Build.ArtifactStagingDirectory)/pack.binlog
    condition: and(succeeded(), eq(variables['agent.os'], 'Windows_NT'))

  - task: PublishPipelineArtifact@1
    displayName: Upload Build Output
    inputs:
      path: bin/Debug
      artifactName: Output - $(System.JobName)

  - task: PublishPipelineArtifact@1
    displayName: Upload Artifacts
    inputs:
      path: $(Build.ArtifactStagingDirectory)
      artifactName: Artifacts - $(System.JobName)
    condition: always()

- job: api_scan
  displayName: API Scan
  dependsOn: build
  condition: false
  #condition: and(eq(dependencies.build.result, 'Succeeded'), eq(variables['Build.SourceBranch'], '${{ parameters.ApiScanSourceBranch }}'))
  pool:
    name: Azure Pipelines
    vmImage: windows-2022
  timeoutInMinutes: 480
  workspace:
    clean: all
  steps:
  - task: DownloadPipelineArtifact@2
    displayName: Download build artifacts
    inputs:
      artifactName: Output - windows
      downloadPath: $(Build.SourcesDirectory)

  - task: CopyFiles@2
    displayName: Collect Files for APIScan
    inputs:
      Contents: |
        $(Build.SourcesDirectory)\**\?(*.dll|*.exe|*.pdb)
        !$(Build.SourcesDirectory)\**\ls-jdks.*
      TargetFolder: $(Build.StagingDirectory)\apiscan
      OverWrite: true
      flattenFolders: true

  - powershell: Get-ChildItem -Path "$(Build.StagingDirectory)\apiscan" -Recurse
    displayName: List Files for APIScan

  - task: APIScan@2
    displayName: Run APIScan
    inputs:
      softwareFolder: $(Build.StagingDirectory)\apiscan
      symbolsFolder: 'SRV*http://symweb;$(Build.StagingDirectory)\apiscan'
      softwareName: $(ApiScanName)
      softwareVersionNum: $(Build.SourceBranchName)-$(Build.SourceVersion)$(System.JobAttempt)
      isLargeApp: true
      toolVersion: Latest
    env:
      AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)

  - task: SdtReport@2
    displayName: Guardian Export - Security Report
    inputs:
      GdnExportAllTools: false
      GdnExportGdnToolApiScan: true
      GdnExportOutputSuppressionFile: source.gdnsuppress

  - task: PublishSecurityAnalysisLogs@3
    displayName: Publish Guardian Artifacts
    inputs:
      ArtifactName: APIScan Logs
      ArtifactType: Container
      AllTools: false
      APIScan: true
      ToolLogsNotFoundAction: Warning

  - task: PostAnalysis@2
    displayName: Fail Build on Guardian Issues
    inputs:
      GdnBreakAllTools: false
      GdnBreakGdnToolApiScan: true