terminal/build/pipelines/templates-v2/job-build-package-wpf.yml

parameters:
  - name: buildConfigurations
    type: object
  - name: buildPlatforms
    type: object
  - name: generateSbom
    type: boolean
    default: false
  - name: codeSign
    type: boolean
    default: false
  - name: pool
    type: object
    default: []
  - name: dependsOn
    type: object
    default: null
  - name: artifactStem
    type: string
    default: ''
  - name: jobName
    type: string
    default: PackWPF
  - name: variables
    type: object
    default: {}
  - name: publishArtifacts
    type: boolean
    default: true
  - name: signingIdentity
    type: object
    default: {}

jobs:
- job: ${{ parameters.jobName }}
  ${{ if ne(length(parameters.pool), 0) }}:
    pool: ${{ parameters.pool }}
  ${{ if eq(parameters.codeSign, true) }}:
    displayName: Pack and Sign Microsoft.Terminal.Wpf
  ${{ else }}:
    displayName: Pack Microsoft.Terminal.Wpf
  strategy:
    matrix:
      ${{ each config in parameters.buildConfigurations }}:
        ${{ config }}:
          BuildConfiguration: ${{ config }}
  dependsOn: ${{ parameters.dependsOn }}
  variables:
    OutputBuildPlatform: AnyCPU
    Terminal.BinDir: $(Build.SourcesDirectory)/bin/$(OutputBuildPlatform)/$(BuildConfiguration)
    JobOutputDirectory: $(Build.ArtifactStagingDirectory)\nupkg
    JobOutputArtifactName: wpf-nupkg-$(BuildConfiguration)${{ parameters.artifactStem }}
    ${{ insert }}: ${{ parameters.variables }}
  steps:
  - checkout: self
    clean: true
    fetchDepth: 1
    fetchTags: false # Tags still result in depth > 1 fetch; we don't need them here
    submodules: true
    persistCredentials: True

  - task: PkgESSetupBuild@12
    displayName: Package ES - Setup Build
    inputs:
      disableOutputRedirect: true

  - template: steps-download-bin-dir-artifact.yml
    parameters:
      buildPlatforms:
        - ${{ parameters.buildPlatforms }}
        - Any CPU # Make sure we grab the precompiled WPF bits
      # This build is already matrix'd on configuration, so
      # just pass a single config into the download template.
      buildConfigurations:
        - $(BuildConfiguration)
      artifactStem: ${{ parameters.artifactStem }}

  - template: .\steps-restore-nuget.yml

  - task: VSBuild@1
    displayName: Build solution OpenConsole.sln for WPF Control (Pack)
    inputs:
      solution: 'OpenConsole.sln'
      msbuildArgs: >-
        /p:WindowsTerminalReleaseBuild=true;Version=$(XES_PACKAGEVERSIONNUMBER)
        /p:NoBuild=true
        /p:IncludeSymbols=true
        /t:Terminal\wpf\WpfTerminalControl:Pack
      platform: Any CPU
      configuration: $(BuildConfiguration)
      maximumCpuCount: true
      clean: false

  - task: CopyFiles@2
    displayName: Copy *.nupkg to Artifacts
    inputs:
      Contents: 'bin/**/*Wpf*.nupkg'
      TargetFolder: $(Build.ArtifactStagingDirectory)/nupkg
      OverWrite: true
      flattenFolders: true

  - ${{ if eq(parameters.codeSign, true) }}:
    - task: EsrpCodeSigning@5
      displayName: Submit *.nupkg to ESRP for code signing
      inputs:
        ConnectedServiceName: ${{ parameters.signingIdentity.serviceName }}
        AppRegistrationClientId: ${{ parameters.signingIdentity.appId }}
        AppRegistrationTenantId: ${{ parameters.signingIdentity.tenantId }}
        AuthAKVName: ${{ parameters.signingIdentity.akvName }}
        AuthCertName: ${{ parameters.signingIdentity.authCertName }}
        AuthSignCertName: ${{ parameters.signingIdentity.signCertName }}
        FolderPath: $(Build.ArtifactStagingDirectory)/nupkg
        Pattern: '*.nupkg'
        UseMinimatch: true
        signConfigType: inlineSignParams
        inlineOperation: >-
          [
              {
                  "KeyCode": "CP-401405",
                  "OperationCode": "NuGetSign",
                  "Parameters": {},
                  "ToolName": "sign",
                  "ToolVersion": "1.0"
              },
              {
                  "KeyCode": "CP-401405",
                  "OperationCode": "NuGetVerify",
                  "Parameters": {},
                  "ToolName": "sign",
                  "ToolVersion": "1.0"
              }
          ]

  - ${{ if eq(parameters.generateSbom, true) }}:
    - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
      displayName: 'Generate SBOM manifest (wpf)'
      inputs:
       BuildDropPath: '$(System.ArtifactsDirectory)/nupkg'
       BuildComponentPath: '$(Build.SourcesDirectory)/bin'

    - task: DropValidatorTask@0
      displayName: 'Validate wpf SBOM manifest'
      inputs:
        BuildDropPath: '$(System.ArtifactsDirectory)/nupkg'
        OutputPath: 'output.json'
        ValidateSignature: true
        Verbosity: 'Verbose'

  - ${{ if eq(parameters.publishArtifacts, true) }}:
    - publish: $(JobOutputDirectory)
      artifact: $(JobOutputArtifactName)
      displayName: Publish nupkg