trigger: none
pr: none

resources:
  repositories:
  - repository: 1esPipelines
    type: git
    name: 1ESPipelineTemplates/1ESPipelineTemplates
    ref: refs/tags/release

extends:
  template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
  parameters:
    pool:
      name: DevDivPlaywrightAzurePipelinesUbuntu2204
      os: linux
    sdl:
      sourceAnalysisPool:
        name: DevDivPlaywrightAzurePipelinesWindows2022
        # The image must be windows-based due to restrictions of the SDL tools. See: https://aka.ms/AAo6v8e
        # In the case of a windows build, this can be the same as the above pool image.
        os: windows
      suppression:
        suppressionFile: $(Build.SourcesDirectory)\.azure-pipelines\guardian\SDL\.gdnsuppress
    stages:
    - stage: Stage
      jobs:
      - job: HostJob
        steps:
        - bash: |
            if [[ ! "$CURRENT_BRANCH" =~ ^release-.* ]]; then
              echo "Can only publish from a release branch."
              echo "Unexpected branch name: $CURRENT_BRANCH"
              exit 1
            fi
          env:
            CURRENT_BRANCH: ${{ variables['Build.SourceBranchName'] }}
          displayName: "Check the branch is a release branch"
        
        - bash: |
            echo "importing GPG key:"
            # Pipeline variables do not preserve line ends so we use base64 instead of --armored as a workaround.
            echo $GPG_PRIVATE_KEY_BASE64 | base64 -d | gpg --batch --import
            echo "list keys after import:"
            gpg --list-keys
          env:
           GPG_PRIVATE_KEY_BASE64: $(GPG_PRIVATE_KEY_BASE64) # secret variable has to be mapped to an env variable
          displayName: "Import gpg key"
        
        - bash: ./scripts/download_driver_for_all_platforms.sh
          displayName: 'Download driver'
        
        - bash: mvn -B deploy -D skipTests --no-transfer-progress --activate-profiles release -D gpg.passphrase=$GPG_PASSPHRASE -DaltDeploymentRepository=snapshot-repo::default::file:$(pwd)/local-build
          displayName: 'Build and deploy to a local directory'
          env:
            GPG_PASSPHRASE: $(GPG_PASSPHRASE) # secret variable has to be mapped to an env variable
        
        - bash: |
            for file in $(find snapshots -type f); do
              echo "processing: $file"
              if [[ $file =~ \.(md5|sha1|sha256)$ ]]; then
                continue
              fi
              sha256sum "$file" | cut -f1 -d \ > "$file.sha256"
            done
          displayName: 'Create .sha256 files'
        
        - task: EsrpRelease@4
          inputs:
            ConnectedServiceName: 'Playwright-ESRP'
            Intent: 'PackageDistribution'
            ContentType: 'Maven'
            ContentSource: 'Folder'
            FolderLocation: './local-build'
            WaitForReleaseCompletion: true
            Owners: 'yurys@microsoft.com'
            Approvers: 'maxschmitt@microsoft.com'
            ServiceEndpointUrl: 'https://api.esrp.microsoft.com'
            MainPublisher: 'Playwright'
            DomainTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
          displayName: 'ESRP Release to Maven'