steps:
  - task: NodeTool@0
    inputs:
      versionSpec: "16.x"

  - template: ../distro/download-distro.yml

  - task: AzureKeyVault@1
    displayName: "Azure Key Vault: Get Secrets"
    inputs:
      azureSubscription: "vscode-builds-subscription"
      KeyVaultName: vscode-build-secrets
      SecretsFilter: "github-distro-mixin-password"

  - task: DownloadPipelineArtifact@2
    inputs:
      artifact: Compilation
      path: $(Build.ArtifactStagingDirectory)
    displayName: Download compilation output

  - script: tar -xzf $(Build.ArtifactStagingDirectory)/compilation.tar.gz
    displayName: Extract compilation output

  - script: node build/setup-npm-registry.js $NPM_REGISTRY
    condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'))
    displayName: Setup NPM Registry

  - script: mkdir -p .build && node build/azure-pipelines/common/computeNodeModulesCacheKey.js web > .build/yarnlockhash
    displayName: Prepare node_modules cache key

  - task: Cache@2
    inputs:
      key: '"node_modules" | .build/yarnlockhash'
      path: .build/node_modules_cache
      cacheHitVar: NODE_MODULES_RESTORED
    displayName: Restore node_modules cache

  - script: tar -xzf .build/node_modules_cache/cache.tgz
    condition: and(succeeded(), eq(variables.NODE_MODULES_RESTORED, 'true'))
    displayName: Extract node_modules cache

  - script: |
      set -e
      npm config set registry "$NPM_REGISTRY" --location=project
      npm config set always-auth=true --location=project
      yarn config set registry "$NPM_REGISTRY"
    condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'), ne(variables['NPM_REGISTRY'], 'none'))
    displayName: Setup NPM & Yarn

  - task: npmAuthenticate@0
    inputs:
      workingFile: .npmrc
    condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'), ne(variables['NPM_REGISTRY'], 'none'))
    displayName: Setup NPM Authentication

  - script: |
      set -e
      for i in {1..5}; do # try 5 times
        yarn --frozen-lockfile --check-files && break
        if [ $i -eq 3 ]; then
          echo "Yarn failed too many times" >&2
          exit 1
        fi
        echo "Yarn failed $i, trying again..."
      done
    env:
      ELECTRON_SKIP_BINARY_DOWNLOAD: 1
      PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
      GITHUB_TOKEN: "$(github-distro-mixin-password)"
    displayName: Install dependencies
    condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'))

  - script: node build/azure-pipelines/distro/mixin-npm
    condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'))
    displayName: Mixin distro node modules

  - script: |
      set -e
      node build/azure-pipelines/common/listNodeModules.js .build/node_modules_list.txt
      mkdir -p .build/node_modules_cache
      tar -czf .build/node_modules_cache/cache.tgz --files-from .build/node_modules_list.txt
    condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'))
    displayName: Create node_modules archive

  - script: node build/azure-pipelines/distro/mixin-quality
    displayName: Mixin distro quality

  - template: ../common/install-builtin-extensions.yml

  - script: yarn gulp vscode-web-min-ci
    env:
      GITHUB_TOKEN: "$(github-distro-mixin-password)"
    displayName: Build

  - task: AzureCLI@2
    inputs:
      azureSubscription: "vscode-builds-subscription"
      scriptType: pscore
      scriptLocation: inlineScript
      addSpnToEnvironment: true
      inlineScript: |
        Write-Host "##vso[task.setvariable variable=AZURE_TENANT_ID]$env:tenantId"
        Write-Host "##vso[task.setvariable variable=AZURE_CLIENT_ID]$env:servicePrincipalId"
        Write-Host "##vso[task.setvariable variable=AZURE_CLIENT_SECRET;issecret=true]$env:servicePrincipalKey"

  - script: |
      set -e
      AZURE_STORAGE_ACCOUNT="vscodeweb" \
      AZURE_TENANT_ID="$(AZURE_TENANT_ID)" \
      AZURE_CLIENT_ID="$(AZURE_CLIENT_ID)" \
      AZURE_CLIENT_SECRET="$(AZURE_CLIENT_SECRET)" \
        node build/azure-pipelines/upload-cdn
    displayName: Upload to CDN

    # upload only the workbench.web.main.js source maps because
    # we just compiled these bits in the previous step and the
    # general task to upload source maps has already been run
  - script: |
      set -e
      AZURE_STORAGE_ACCOUNT="ticino" \
      AZURE_TENANT_ID="$(AZURE_TENANT_ID)" \
      AZURE_CLIENT_ID="$(AZURE_CLIENT_ID)" \
      AZURE_CLIENT_SECRET="$(AZURE_CLIENT_SECRET)" \
        node build/azure-pipelines/upload-sourcemaps out-vscode-web-min out-vscode-web-min/vs/workbench/workbench.web.main.js.map
    displayName: Upload sourcemaps (Web)

  - script: |
      set -e
      AZURE_STORAGE_ACCOUNT="ticino" \
      AZURE_TENANT_ID="$(AZURE_TENANT_ID)" \
      AZURE_CLIENT_ID="$(AZURE_CLIENT_ID)" \
      AZURE_CLIENT_SECRET="$(AZURE_CLIENT_SECRET)" \
        node build/azure-pipelines/upload-nlsmetadata
    displayName: Upload NLS Metadata

  - script: |
      set -e
      REPO="$(pwd)"
      ROOT="$REPO/.."

      WEB_BUILD_NAME="vscode-web"
      WEB_TARBALL_FILENAME="vscode-web.tar.gz"
      WEB_TARBALL_PATH="$ROOT/$WEB_TARBALL_FILENAME"

      rm -rf $ROOT/vscode-web.tar.*

      cd $ROOT && tar --owner=0 --group=0 -czf $WEB_TARBALL_PATH $WEB_BUILD_NAME
    displayName: Prepare for publish

  - publish: $(Agent.BuildDirectory)/vscode-web.tar.gz
    artifact: vscode_web_linux_standalone_archive-unsigned
    displayName: Publish web archive