version: 0.2

env:
  variables:
    AWS_ENCRYPTION_SDK_EXAMPLE_KMS_KEY_ID: >-
      arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f
    AWS_ENCRYPTION_SDK_EXAMPLE_KMS_KEY_ID_2: >-
      arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2
    AWS_ENCRYPTION_SDK_EXAMPLE_KMS_MRK_KEY_ID: >-
      arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7
    AWS_ENCRYPTION_SDK_EXAMPLE_KMS_MRK_KEY_ID_2: >-
      arn:aws:kms:eu-west-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7
    AWS_ENCRYPTION_SDK_EXAMPLE_LIMITED_ROLE_ARN_US_EAST_1: >-
      arn:aws:iam::587316601012:role/GitHub-DotNet-KMS-US-East-1-Only
    AWS_ENCRYPTION_SDK_EXAMPLE_LIMITED_ROLE_ARN_EU_WEST_1: >-
      arn:aws:iam::587316601012:role/GitHub-DotNet-KMS-EU-West-1-Only

phases:
  install:
    runtime-versions:
      dotnet: 6.0
      python: 3.x
    commands:
      - cd ..
      # Get Dafny
      - curl https://github.com/dafny-lang/dafny/releases/download/v3.5.0/dafny-3.5.0-x64-ubuntu-16.04.zip -L -o dafny.zip
      - unzip -qq dafny.zip && rm dafny.zip
      - export PATH="$PWD/dafny:$PATH"
      # Switch back to the main directory
      - cd aws-encryption-sdk-dafny/aws-encryption-sdk-net
  pre_build:
    commands:
      # UNIQUE_ID should be passed in as an environment variable. It is used to tie
      # the different parts of the asynchronous signing process together
      - echo "Using unique id for flow $UNIQUE_ID"
      # Build unsigned source
      - dotnet build Source /p:Configuration=Release -nowarn:CS0162,CS0168
      # This step assumes signing has already happened and we just need to retrieve 
      # the signed artifacts
      - export BASE=codebuild/release
      - python $BASE/retrieve_signed_assembly.py --target netstandard2.1 --unique-id $UNIQUE_ID
      - python $BASE/retrieve_signed_assembly.py --target net452 --unique-id $UNIQUE_ID
  build:
    commands:
      - mkdir build
      - >-
        aws codeartifact login \
            --region us-east-1 \
            --tool dotnet \
            --domain crypto-tools-internal \
            --repository net-esdk-staging \
            --domain-owner 587316601012
      # Set a unique version for releasing to staging, because this may fail and we don't
      # want to collide with previous runs
      - export VERSION=`grep '<Version>' Source/AWSEncryptionSDK.csproj | sed 's/.*<Version>\(.*\)<\/Version>/\1/'`
      - export UNIQUE_VERSION=$VERSION-`git rev-parse --short HEAD`
      - dotnet pack Source/AWSEncryptionSDK.csproj --no-build /p:Configuration=Release,Version=$UNIQUE_VERSION --output build
      - dotnet nuget push build/AWS.EncryptionSDK.$UNIQUE_VERSION.nupkg --source crypto-tools-internal/net-esdk-staging
      # Now validate we can run examples
      - sed -i.backup '/Source\/AWSEncryptionSDK.csproj/d' Examples/AWSEncryptionSDKExamples.csproj
      - dotnet add Examples/AWSEncryptionSDKExamples.csproj package AWS.EncryptionSDK --version $UNIQUE_VERSION
      # Run examples for just one supported version.
      # Since all frameworks and OS's are tested on commit, we mainly want to
      # run this as a smoke test and the confirm we can find the dependency,
      # rather than a comprehensive test suite.
      - dotnet test Examples -f net6.0
  post_build:
    commands:
      - >-
        aws codeartifact delete-package-versions \
            --region us-east-1 \
            --domain crypto-tools-internal \
            --repository net-esdk-staging \
            --format nuget \
            --package aws.encryptionsdk \
            --versions $UNIQUE_VERSION