eng/publishing/v3/publish.yml

parameters:
  artifactsPublishingAdditionalParameters: ''
  PromoteToChannelIds: ''
  BARBuildId: ''
  symbolPublishingAdditionalParameters: ''
  buildQuality: 'daily'
stages:
- stage: publish
  displayName: Publishing
  jobs:
  - job: publish_assets
    displayName: Publish Assets and Symbols
    timeoutInMinutes: 120
    variables:
    - group: DotNet-Symbol-Server-Pats
    - group: AzureDevOps-Artifact-Feeds-Pats
    - group: Publish-Build-Assets

    - template: /eng/common/templates-official/post-build/common-variables.yml@self

    steps:
    - task: AzureCLI@2
      displayName: Validate and Locate Build
      inputs:
        azureSubscription: "Darc: Maestro Production"
        scriptType: ps
        scriptLocation: scriptPath
        scriptPath: $(Build.SourcesDirectory)/eng/publishing/v3/validate-and-locate-build.ps1
        arguments: >
          -BuildId ${{ parameters.BARBuildId }}
          -PromoteToChannelIds ${{ parameters.PromoteToChannelIds }}
          -DarcVersion $(DarcVersion)

    - task: DownloadBuildArtifacts@0
      displayName: Download Build Assets
      continueOnError: true
      enabled: true
      inputs:
        buildType: specific
        buildVersionToDownload: specific
        project: $(AzDOProject)
        pipeline: $(AzDOPipelineId)
        buildId: $(AzDOBuildId)
        downloadType: 'specific'
        itemPattern: |
          AssetManifests/**
          BlobArtifacts/MergedManifest.xml
          PdbArtifacts/**
          ReleaseConfigs/SymbolPublishingExclusionsFile.txt
        downloadPath: '$(Build.ArtifactStagingDirectory)'

    - task: NuGetToolInstaller@1
      displayName: 'Install NuGet.exe'

    - task: NuGetAuthenticate@1
      displayName: 'Authenticate to AzDO Feeds'

    - task: PowerShell@2
      displayName: Enable cross-org publishing
      inputs:
        filePath: $(Build.SourcesDirectory)/eng/common/enable-cross-org-publishing.ps1
        arguments: -token $(dn-bot-all-orgs-artifact-feeds-rw)

    - task: AzureCLI@2
      displayName: Get aka.ms client certificate
      inputs:
        azureSubscription: 'DotNet-Engineering-Services_KeyVault'
        scriptType: pscore
        scriptLocation: inlineScript
        inlineScript: |
          az keyvault secret show --vault-name EngKeyVault --name Redirection-UST-Client-NetCoreDeployment | ConvertFrom-Json | Select-Object -Expand  value > $(Agent.TempDirectory)/akamsclientcert.pfx

    - task: AzureCLI@2
      displayName: Authenticate Maestro API
      name: AuthenticateMaestro
      inputs:
        azureSubscription: 'Darc: Maestro Production'
        addSpnToEnvironment: true
        scriptType: ps
        scriptLocation: inlineScript
        inlineScript: |
          # MaestroAppClientId provided by Publish-Build-Assets
          $token = (az account get-access-token --resource "$(MaestroAppClientId)" | ConvertFrom-Json).accessToken
          
          echo "##vso[task.setvariable variable=MaestroToken;isOutput=true;isSecret=true]$token"

    - task: AzureCLI@2
      displayName: Publish packages, blobs and symbols
      inputs:
        azureSubscription: maestro-build-promotion
        addSpnToEnvironment: true
        scriptType: ps
        scriptLocation: scriptPath
        scriptPath: $(Build.SourcesDirectory)/eng/common/sdk-task.ps1
        arguments: >
          -task PublishArtifactsInManifest -restore -msbuildEngine dotnet
          /p:PublishingInfraVersion=3
          /p:BARBuildId=${{ parameters.BARBuildId }}
          /p:TargetChannels='${{ parameters.PromoteToChannelIds }}'
          /p:IsInternalBuild=${{ contains(variables['AzDOBranch'], 'internal/') }}
          /p:NugetPath=$(NuGetExeToolPath)
          /p:MaestroApiEndpoint='$(MaestroApiEndPoint)'
          /p:BuildAssetRegistryToken='$(AuthenticateMaestro.MaestroToken)'
          /p:ManifestsBasePath='$(Build.ArtifactStagingDirectory)/AssetManifests/'
          /p:BlobBasePath='$(Build.ArtifactStagingDirectory)/BlobArtifacts/'
          /p:PackageBasePath='$(Build.ArtifactStagingDirectory)/PackageArtifacts/'
          /p:PublishInstallersAndChecksums=true
          /p:AzureDevOpsFeedsKey='$(dn-bot-all-orgs-artifact-feeds-rw)'
          /p:AkaMSClientId=$(akams-app-id)
          /p:AkaMSClientCertificate=$(Agent.TempDirectory)/akamsclientcert.pfx
          /p:ManagedIdentityClientId=$env:servicePrincipalId
          ${{ parameters.artifactsPublishingAdditionalParameters }} 
          /p:PDBArtifactsBasePath='$(Build.ArtifactStagingDirectory)/PDBArtifacts/'
          /p:SymbolPublishingExclusionsFile='$(Build.ArtifactStagingDirectory)/ReleaseConfigs/SymbolPublishingExclusionsFile.txt'
          /p:TempSymbolsAzureDevOpsOrg='dnceng'
          /p:TempSymbolsAzureDevOpsOrgToken='$(dnceng-symbol-server-pat)'
          /p:SymbolRequestProject='dotnet'
          ${{ parameters.symbolPublishingAdditionalParameters}}
          /p:BuildQuality='${{ parameters.buildQuality }}'
          /p:AzdoApiToken='$(dn-bot-all-orgs-build-rw-code-rw)'
          /p:ArtifactsBasePath='$(Build.ArtifactStagingDirectory)/'
          /p:BuildId='$(AzDOBuildId)'
          /p:AzureDevOpsOrg='$(AzDOAccount)'
          /p:AzureProject='$(AzDOProject)'
          /p:UseStreamingPublishing='true'
          /p:StreamingPublishingMaxClients=16
          /p:NonStreamingPublishingMaxClients=12

    - template: /eng/common/templates-official/steps/publish-logs.yml@self
      parameters:
        StageLabel: '${{ parameters.stageName }}'
        JobLabel: 'AssetsPublishing'
        BinlogToolVersion: $(BinlogToolVersion)
        CustomSensitiveDataList: '$(AuthenticateMaestro.MaestroToken)'