# Every night, at midnight, we want to run a SNAPSHOT publish of HAPI
schedules:
   - cron: "0 0 * * *" #midnight
     displayName: Nightly SNAPSHOT Publish
     branches:
        include:
           - master
     always: false #set this to true if you want this job to run even when no changes where made to the code

# This is manually run to deploy SNAPSHOT versions of HAPI to oss.sonaypte.org
# We don't need to trigger on any pull request or branch change, so we disable such behavior
pr: none
trigger: none

# We'll run the process on the latest version of ubuntu because they tend to be the fastest
pool:
  vmImage: 'ubuntu-latest'

# We cannot store things like gpg passwords and sonatype credentials as plain text within the 
# pipeline's yaml file, so we've created variable groups in our library to store sensitive variables.
# Pipelines do not load these groups by default, and we need to define which groups to load before
# running any steps.
variables:
- group: GPG_VARIABLE_GROUP
- group: SONATYPE_VARIABLE_GROUP

container:
    image: smilecdr/hapi-build:latest

steps:

  # We need a valid signing key to sign our builds for deployment to sonatype. We have uploaded
  # both our private and public keys to Azure as 'secure files' that we load into individual pipelines.

  # 1. Load the public key file
  - task: DownloadSecureFile@1
    displayName: 'Load public key from secure files.'
    inputs:
      secureFile: public.key

  # 2. Load the private key file
  - task: DownloadSecureFile@1
    displayName: 'Load private key from secure files.'
    inputs:
      secureFile: private.key

  # Although we have imported the key files into our workspace, GPG has no knowledge that these keys exist.
  # We use a bash script to import both the private and puablic keys into gpg for future signing.
  # 3. Import keys into gpg
  - bash: |
      gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/public.key
      gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/private.key
      gpg --list-keys --keyid-format LONG
      gpg --list-secret-keys --keyid-format LONG
    displayName: 'Import signing keys into gpg.'
  
  # For creating a snapshot release with maven, we need to build a fake settings.xml file locally where
  # we can set our credentials for both sonatype and gpg. Then maven can read
  # for it to read from. This is done for the master branch merges only.

  # 4. Create local settings.xml file
  - bash: |
      cat >$(System.DefaultWorkingDirectory)/settings.xml <<EOL
      <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                                    https://maven.apache.org/xsd/settings-1.0.0.xsd">
        <servers>
          <server>
            <id>ossrh</id>
            <username>$(SONATYPE_USERNAME)</username>
            <password>$(SONATYPE_PASSWORD)</password>
          </server>
        </servers>
        <profiles>
          <profile>
            <id>SIGN_ARTIFACTS</id>
            <activation>
              <activeByDefault>true</activeByDefault>
            </activation>
            <properties>
              <gpg.passphrase>$(GPG_PASSPHRASE)</gpg.passphrase>
            </properties>
          </profile>
        </profiles>
      </settings>
      EOL
    displayName: 'Create .mvn/settings.xml'
  
  # With our settings.xml created locally, we can now run maven (pointing to our created settings.xml file) to deploy
  # the HAPI SNAPSHOT build.

  # 5. Deploy SNAPSHOT build to sonatype
  - task: Maven@3
    env:
      JAVA_HOME_11_X64: /opt/java/openjdk
    displayName: 'Deploy to Sonatype staging'
    inputs:
      mavenPomFile: '$(System.DefaultWorkingDirectory)/pom.xml'
      goals: deploy
      options: '--settings $(System.DefaultWorkingDirectory)/settings.xml -P DIST -DskipTests'
      publishJUnitResults: false