daml/ci/build-windows.yml

# Copyright (c) 2021 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
# SPDX-License-Identifier: Apache-2.0

parameters:
  release_tag: ''
  is_release: ''

steps:
  - bash: ci/configure-bazel.sh
    displayName: 'Configure Bazel'
    env:
      IS_FORK: $(System.PullRequest.IsFork)
      # to upload to the bazel cache
      GOOGLE_APPLICATION_CREDENTIALS_CONTENT: $(GOOGLE_APPLICATION_CREDENTIALS_CONTENT)

  - powershell: '.\ci\windows-diagnostics.ps1'
    displayName: 'Agent diagnostics'

  - powershell: '.\build.ps1'
    displayName: 'Build'
    env:
      DAML_SDK_RELEASE_VERSION: ${{parameters.release_tag}}

  - task: PublishBuildArtifacts@1
    condition: failed()
    displayName: 'Publish the bazel test logs'
    inputs:
      pathtoPublish: 'bazel-testlogs/'
      artifactName: 'Test logs'

  - template: bash-lib.yml
    parameters:
      var_name: bash-lib

  - bash: |
      set -euo pipefail
      source $(bash-lib)
      INSTALLER=daml-sdk-${{parameters.release_tag}}-windows.exe
      mv "bazel-bin/release/windows-installer/daml-sdk-installer.exe" "$(Build.StagingDirectory)/$INSTALLER"
      chmod +wx "$(Build.StagingDirectory)/$INSTALLER"
      cleanup () {
          rm -f signing_key.pfx
      }
      trap cleanup EXIT
      echo "$SIGNING_KEY" | base64 -d > signing_key.pfx
      MSYS_NO_PATHCONV=1 signtool.exe sign '/f' signing_key.pfx '/fd' sha256 '/tr' "http://timestamp.digicert.com" '/v' "$(Build.StagingDirectory)/$INSTALLER"
      rm signing_key.pfx
      trap - EXIT
      setvar installer "$INSTALLER"
      TARBALL=daml-sdk-${{parameters.release_tag}}-windows.tar.gz
      cp bazel-bin/release/sdk-release-tarball.tar.gz '$(Build.StagingDirectory)'/$TARBALL
      setvar tarball "$TARBALL"      
    name: publish
    env:
      SIGNING_KEY: $(microsoft-code-signing)
      DAML_SDK_RELEASE_VERSION: ${{parameters.release_tag}}
    condition: and(succeeded(),
                   eq(${{parameters.is_release}}, 'true'),
                   eq(variables['Build.SourceBranchName'], 'main'))
  - task: PublishPipelineArtifact@0
    condition: and(succeeded(),
                   eq(${{parameters.is_release}}, 'true'),
                   eq(variables['Build.SourceBranchName'], 'main'))
    inputs:
      targetPath: $(Build.StagingDirectory)/$(publish.installer)
      artifactName: $(publish.installer)
  - task: PublishPipelineArtifact@0
    condition: and(succeeded(),
                   eq(${{parameters.is_release}}, 'true'),
                   eq(variables['Build.SourceBranchName'], 'main'))
    inputs:
      targetPath: $(Build.StagingDirectory)/$(publish.tarball)
      artifactName: $(publish.tarball)