npm - azure-pipelines-task-lib - Versions diffs - 3.3.1 → 3.4.0 - Mend

azure-pipelines-task-lib 3.3.1 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/LICENSE +22 -22
package/README.md +74 -74
package/Strings/resources.resjson/de-DE/resources.resjson +34 -34
package/Strings/resources.resjson/es-ES/resources.resjson +34 -34
package/Strings/resources.resjson/fr-FR/resources.resjson +34 -34
package/Strings/resources.resjson/ja-JP/resources.resjson +34 -34
package/ThirdPartyNotice.txt +1114 -1114
package/internal.d.ts +130 -130
package/internal.js +885 -885
package/lib.json +37 -37
package/mock-answer.d.ts +58 -55
package/mock-answer.js +41 -41
package/mock-run.d.ts +44 -44
package/mock-run.js +92 -92
package/mock-task.d.ts +112 -111
package/mock-task.js +451 -447
package/mock-test.d.ts +28 -28
package/mock-test.js +298 -298
package/mock-toolrunner.d.ts +41 -41
package/mock-toolrunner.js +268 -268
package/package.json +49 -49
package/task.d.ts +728 -718
package/task.js +2023 -2003
package/taskcommand.d.ts +10 -10
package/taskcommand.js +103 -103
package/toolrunner.d.ts +159 -159
package/toolrunner.js +967 -967
package/vault.d.ts +10 -10
package/vault.js +71 -71

package/internal.js CHANGED Viewed

@@ -1,885 +1,885 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports._exposeCertSettings = exports._exposeProxySettings = exports._normalizeSeparators = exports._isRooted = exports._getDirectoryName = exports._ensureRooted = exports._isUncPath = exports._loadData = exports._ensurePatternRooted = exports._getFindInfoFromPattern = exports._cloneMatchOptions = exports._legacyFindFiles_convertPatternToRegExp = exports._which = exports._checkPath = exports._exist = exports._debug = exports._error = exports._warning = exports._command = exports._getVariableKey = exports._getVariable = exports._loc = exports._setResourcePath = exports._setErrStream = exports._setStdStream = exports._writeLine = exports._endsWith = exports._startsWith = exports._vault = exports._knownVariableMap = void 0;
-var fs = require("fs");
-var path = require("path");
-var os = require("os");
-var minimatch = require("minimatch");
-var util = require("util");
-var tcm = require("./taskcommand");
-var vm = require("./vault");
-var semver = require("semver");
-var crypto = require("crypto");
-/**
- * Hash table of known variable info. The formatted env var name is the lookup key.
- *
- * The purpose of this hash table is to keep track of known variables. The hash table
- * needs to be maintained for multiple reasons:
- *  1) to distinguish between env vars and job vars
- *  2) to distinguish between secret vars and public
- *  3) to know the real variable name and not just the formatted env var name.
- */
-exports._knownVariableMap = {};
-//-----------------------------------------------------
-// Validation Checks
-//-----------------------------------------------------
-// async await needs generators in node 4.x+
-if (semver.lt(process.versions.node, '4.2.0')) {
-    _warning('Tasks require a new agent.  Upgrade your agent or node to 4.2.0 or later');
-}
-//-----------------------------------------------------
-// String convenience
-//-----------------------------------------------------
-function _startsWith(str, start) {
-    return str.slice(0, start.length) == start;
-}
-exports._startsWith = _startsWith;
-function _endsWith(str, end) {
-    return str.slice(-end.length) == end;
-}
-exports._endsWith = _endsWith;
-//-----------------------------------------------------
-// General Helpers
-//-----------------------------------------------------
-var _outStream = process.stdout;
-var _errStream = process.stderr;
-function _writeLine(str) {
-    _outStream.write(str + os.EOL);
-}
-exports._writeLine = _writeLine;
-function _setStdStream(stdStream) {
-    _outStream = stdStream;
-}
-exports._setStdStream = _setStdStream;
-function _setErrStream(errStream) {
-    _errStream = errStream;
-}
-exports._setErrStream = _setErrStream;
-//-----------------------------------------------------
-// Loc Helpers
-//-----------------------------------------------------
-var _locStringCache = {};
-var _resourceFiles = {};
-var _libResourceFileLoaded = false;
-var _resourceCulture = 'en-US';
-function _loadResJson(resjsonFile) {
-    var resJson;
-    if (_exist(resjsonFile)) {
-        var resjsonContent = fs.readFileSync(resjsonFile, 'utf8').toString();
-        // remove BOM
-        if (resjsonContent.indexOf('\uFEFF') == 0) {
-            resjsonContent = resjsonContent.slice(1);
-        }
-        try {
-            resJson = JSON.parse(resjsonContent);
-        }
-        catch (err) {
-            _debug('unable to parse resjson with err: ' + err.message);
-        }
-    }
-    else {
-        _debug('.resjson file not found: ' + resjsonFile);
-    }
-    return resJson;
-}
-function _loadLocStrings(resourceFile, culture) {
-    var locStrings = {};
-    if (_exist(resourceFile)) {
-        var resourceJson = require(resourceFile);
-        if (resourceJson && resourceJson.hasOwnProperty('messages')) {
-            var locResourceJson;
-            // load up resource resjson for different culture
-            var localizedResourceFile = path.join(path.dirname(resourceFile), 'Strings', 'resources.resjson');
-            var upperCulture = culture.toUpperCase();
-            var cultures = [];
-            try {
-                cultures = fs.readdirSync(localizedResourceFile);
-            }
-            catch (ex) { }
-            for (var i = 0; i < cultures.length; i++) {
-                if (cultures[i].toUpperCase() == upperCulture) {
-                    localizedResourceFile = path.join(localizedResourceFile, cultures[i], 'resources.resjson');
-                    if (_exist(localizedResourceFile)) {
-                        locResourceJson = _loadResJson(localizedResourceFile);
-                    }
-                    break;
-                }
-            }
-            for (var key in resourceJson.messages) {
-                if (locResourceJson && locResourceJson.hasOwnProperty('loc.messages.' + key)) {
-                    locStrings[key] = locResourceJson['loc.messages.' + key];
-                }
-                else {
-                    locStrings[key] = resourceJson.messages[key];
-                }
-            }
-        }
-    }
-    else {
-        _warning('LIB_ResourceFile does not exist');
-    }
-    return locStrings;
-}
-/**
- * Sets the location of the resources json.  This is typically the task.json file.
- * Call once at the beginning of the script before any calls to loc.
- * @param     path      Full path to the json.
- * @param     ignoreWarnings  Won't throw warnings if path already set.
- * @returns   void
- */
-function _setResourcePath(path, ignoreWarnings) {
-    if (ignoreWarnings === void 0) { ignoreWarnings = false; }
-    if (process.env['TASKLIB_INPROC_UNITS']) {
-        _resourceFiles = {};
-        _libResourceFileLoaded = false;
-        _locStringCache = {};
-        _resourceCulture = 'en-US';
-    }
-    if (!_resourceFiles[path]) {
-        _checkPath(path, 'resource file path');
-        _resourceFiles[path] = path;
-        _debug('adding resource file: ' + path);
-        _resourceCulture = _getVariable('system.culture') || _resourceCulture;
-        var locStrs = _loadLocStrings(path, _resourceCulture);
-        for (var key in locStrs) {
-            //cache loc string
-            _locStringCache[key] = locStrs[key];
-        }
-    }
-    else {
-        if (ignoreWarnings) {
-            _debug(_loc('LIB_ResourceFileAlreadySet', path));
-        }
-        else {
-            _warning(_loc('LIB_ResourceFileAlreadySet', path));
-        }
-    }
-}
-exports._setResourcePath = _setResourcePath;
-/**
- * Gets the localized string from the json resource file.  Optionally formats with additional params.
- *
- * @param     key      key of the resources string in the resource file
- * @param     param    additional params for formatting the string
- * @returns   string
- */
-function _loc(key) {
-    var param = [];
-    for (var _i = 1; _i < arguments.length; _i++) {
-        param[_i - 1] = arguments[_i];
-    }
-    if (!_libResourceFileLoaded) {
-        // merge loc strings from azure-pipelines-task-lib.
-        var libResourceFile = path.join(__dirname, 'lib.json');
-        var libLocStrs = _loadLocStrings(libResourceFile, _resourceCulture);
-        for (var libKey in libLocStrs) {
-            //cache azure-pipelines-task-lib loc string
-            _locStringCache[libKey] = libLocStrs[libKey];
-        }
-        _libResourceFileLoaded = true;
-    }
-    var locString;
-    ;
-    if (_locStringCache.hasOwnProperty(key)) {
-        locString = _locStringCache[key];
-    }
-    else {
-        if (Object.keys(_resourceFiles).length <= 0) {
-            _warning("Resource file haven't been set, can't find loc string for key: " + key);
-        }
-        else {
-            _warning("Can't find loc string for key: " + key);
-        }
-        locString = key;
-    }
-    if (param.length > 0) {
-        return util.format.apply(this, [locString].concat(param));
-    }
-    else {
-        return locString;
-    }
-}
-exports._loc = _loc;
-//-----------------------------------------------------
-// Input Helpers
-//-----------------------------------------------------
-/**
- * Gets a variable value that is defined on the build/release definition or set at runtime.
- *
- * @param     name     name of the variable to get
- * @returns   string
- */
-function _getVariable(name) {
-    var varval;
-    // get the metadata
-    var info;
-    var key = _getVariableKey(name);
-    if (exports._knownVariableMap.hasOwnProperty(key)) {
-        info = exports._knownVariableMap[key];
-    }
-    if (info && info.secret) {
-        // get the secret value
-        varval = exports._vault.retrieveSecret('SECRET_' + key);
-    }
-    else {
-        // get the public value
-        varval = process.env[key];
-        // fallback for pre 2.104.1 agent
-        if (!varval && name.toUpperCase() == 'AGENT.JOBSTATUS') {
-            varval = process.env['agent.jobstatus'];
-        }
-    }
-    _debug(name + '=' + varval);
-    return varval;
-}
-exports._getVariable = _getVariable;
-function _getVariableKey(name) {
-    if (!name) {
-        throw new Error(_loc('LIB_ParameterIsRequired', 'name'));
-    }
-    return name.replace(/\./g, '_').replace(/ /g, '_').toUpperCase();
-}
-exports._getVariableKey = _getVariableKey;
-//-----------------------------------------------------
-// Cmd Helpers
-//-----------------------------------------------------
-function _command(command, properties, message) {
-    var taskCmd = new tcm.TaskCommand(command, properties, message);
-    _writeLine(taskCmd.toString());
-}
-exports._command = _command;
-function _warning(message) {
-    _command('task.issue', { 'type': 'warning' }, message);
-}
-exports._warning = _warning;
-function _error(message) {
-    _command('task.issue', { 'type': 'error' }, message);
-}
-exports._error = _error;
-function _debug(message) {
-    _command('task.debug', null, message);
-}
-exports._debug = _debug;
-// //-----------------------------------------------------
-// // Disk Functions
-// //-----------------------------------------------------
-/**
- * Returns whether a path exists.
- *
- * @param     path      path to check
- * @returns   boolean
- */
-function _exist(path) {
-    var exist = false;
-    try {
-        exist = !!(path && fs.statSync(path) != null);
-    }
-    catch (err) {
-        if (err && err.code === 'ENOENT') {
-            exist = false;
-        }
-        else {
-            throw err;
-        }
-    }
-    return exist;
-}
-exports._exist = _exist;
-/**
- * Checks whether a path exists.
- * If the path does not exist, it will throw.
- *
- * @param     p         path to check
- * @param     name      name only used in error message to identify the path
- * @returns   void
- */
-function _checkPath(p, name) {
-    _debug('check path : ' + p);
-    if (!_exist(p)) {
-        throw new Error(_loc('LIB_PathNotFound', name, p));
-    }
-}
-exports._checkPath = _checkPath;
-/**
- * Returns path of a tool had the tool actually been invoked.  Resolves via paths.
- * If you check and the tool does not exist, it will throw.
- *
- * @param     tool       name of the tool
- * @param     check      whether to check if tool exists
- * @returns   string
- */
-function _which(tool, check) {
-    if (!tool) {
-        throw new Error('parameter \'tool\' is required');
-    }
-    // recursive when check=true
-    if (check) {
-        var result = _which(tool, false);
-        if (result) {
-            return result;
-        }
-        else {
-            if (process.platform == 'win32') {
-                throw new Error(_loc('LIB_WhichNotFound_Win', tool));
-            }
-            else {
-                throw new Error(_loc('LIB_WhichNotFound_Linux', tool));
-            }
-        }
-    }
-    _debug("which '" + tool + "'");
-    try {
-        // build the list of extensions to try
-        var extensions = [];
-        if (process.platform == 'win32' && process.env['PATHEXT']) {
-            for (var _i = 0, _a = process.env['PATHEXT'].split(path.delimiter); _i < _a.length; _i++) {
-                var extension = _a[_i];
-                if (extension) {
-                    extensions.push(extension);
-                }
-            }
-        }
-        // if it's rooted, return it if exists. otherwise return empty.
-        if (_isRooted(tool)) {
-            var filePath = _tryGetExecutablePath(tool, extensions);
-            if (filePath) {
-                _debug("found: '" + filePath + "'");
-                return filePath;
-            }
-            _debug('not found');
-            return '';
-        }
-        // if any path separators, return empty
-        if (tool.indexOf('/') >= 0 || (process.platform == 'win32' && tool.indexOf('\\') >= 0)) {
-            _debug('not found');
-            return '';
-        }
-        // build the list of directories
-        //
-        // Note, technically "where" checks the current directory on Windows. From a task lib perspective,
-        // it feels like we should not do this. Checking the current directory seems like more of a use
-        // case of a shell, and the which() function exposed by the task lib should strive for consistency
-        // across platforms.
-        var directories = [];
-        if (process.env['PATH']) {
-            for (var _b = 0, _c = process.env['PATH'].split(path.delimiter); _b < _c.length; _b++) {
-                var p = _c[_b];
-                if (p) {
-                    directories.push(p);
-                }
-            }
-        }
-        // return the first match
-        for (var _d = 0, directories_1 = directories; _d < directories_1.length; _d++) {
-            var directory = directories_1[_d];
-            var filePath = _tryGetExecutablePath(directory + path.sep + tool, extensions);
-            if (filePath) {
-                _debug("found: '" + filePath + "'");
-                return filePath;
-            }
-        }
-        _debug('not found');
-        return '';
-    }
-    catch (err) {
-        throw new Error(_loc('LIB_OperationFailed', 'which', err.message));
-    }
-}
-exports._which = _which;
-/**
- * Best effort attempt to determine whether a file exists and is executable.
- * @param filePath    file path to check
- * @param extensions  additional file extensions to try
- * @return if file exists and is executable, returns the file path. otherwise empty string.
- */
-function _tryGetExecutablePath(filePath, extensions) {
-    try {
-        // test file exists
-        var stats = fs.statSync(filePath);
-        if (stats.isFile()) {
-            if (process.platform == 'win32') {
-                // on Windows, test for valid extension
-                var isExecutable = false;
-                var fileName = path.basename(filePath);
-                var dotIndex = fileName.lastIndexOf('.');
-                if (dotIndex >= 0) {
-                    var upperExt_1 = fileName.substr(dotIndex).toUpperCase();
-                    if (extensions.some(function (validExt) { return validExt.toUpperCase() == upperExt_1; })) {
-                        return filePath;
-                    }
-                }
-            }
-            else {
-                if (isUnixExecutable(stats)) {
-                    return filePath;
-                }
-            }
-        }
-    }
-    catch (err) {
-        if (err.code != 'ENOENT') {
-            _debug("Unexpected error attempting to determine if executable file exists '" + filePath + "': " + err);
-        }
-    }
-    // try each extension
-    var originalFilePath = filePath;
-    for (var _i = 0, extensions_1 = extensions; _i < extensions_1.length; _i++) {
-        var extension = extensions_1[_i];
-        var found = false;
-        var filePath_1 = originalFilePath + extension;
-        try {
-            var stats = fs.statSync(filePath_1);
-            if (stats.isFile()) {
-                if (process.platform == 'win32') {
-                    // preserve the case of the actual file (since an extension was appended)
-                    try {
-                        var directory = path.dirname(filePath_1);
-                        var upperName = path.basename(filePath_1).toUpperCase();
-                        for (var _a = 0, _b = fs.readdirSync(directory); _a < _b.length; _a++) {
-                            var actualName = _b[_a];
-                            if (upperName == actualName.toUpperCase()) {
-                                filePath_1 = path.join(directory, actualName);
-                                break;
-                            }
-                        }
-                    }
-                    catch (err) {
-                        _debug("Unexpected error attempting to determine the actual case of the file '" + filePath_1 + "': " + err);
-                    }
-                    return filePath_1;
-                }
-                else {
-                    if (isUnixExecutable(stats)) {
-                        return filePath_1;
-                    }
-                }
-            }
-        }
-        catch (err) {
-            if (err.code != 'ENOENT') {
-                _debug("Unexpected error attempting to determine if executable file exists '" + filePath_1 + "': " + err);
-            }
-        }
-    }
-    return '';
-}
-// on Mac/Linux, test the execute bit
-//     R   W  X  R  W X R W X
-//   256 128 64 32 16 8 4 2 1
-function isUnixExecutable(stats) {
-    return (stats.mode & 1) > 0 || ((stats.mode & 8) > 0 && stats.gid === process.getgid()) || ((stats.mode & 64) > 0 && stats.uid === process.getuid());
-}
-function _legacyFindFiles_convertPatternToRegExp(pattern) {
-    pattern = (process.platform == 'win32' ? pattern.replace(/\\/g, '/') : pattern) // normalize separator on Windows
-        .replace(/[-\/\\^$*+?.()|[\]{}]/g, '\\$&') // regex escape - from http://stackoverflow.com/questions/3561493/is-there-a-regexp-escape-function-in-javascript
-        .replace(/\\\/\\\*\\\*\\\//g, '((\/.+/)|(\/))') // replace directory globstar, e.g. /hello/**/world
-        .replace(/\\\*\\\*/g, '.*') // replace remaining globstars with a wildcard that can span directory separators, e.g. /hello/**dll
-        .replace(/\\\*/g, '[^\/]*') // replace asterisks with a wildcard that cannot span directory separators, e.g. /hello/*.dll
-        .replace(/\\\?/g, '[^\/]'); // replace single character wildcards, e.g. /hello/log?.dll
-    pattern = "^" + pattern + "$";
-    var flags = process.platform == 'win32' ? 'i' : '';
-    return new RegExp(pattern, flags);
-}
-exports._legacyFindFiles_convertPatternToRegExp = _legacyFindFiles_convertPatternToRegExp;
-function _cloneMatchOptions(matchOptions) {
-    return {
-        debug: matchOptions.debug,
-        nobrace: matchOptions.nobrace,
-        noglobstar: matchOptions.noglobstar,
-        dot: matchOptions.dot,
-        noext: matchOptions.noext,
-        nocase: matchOptions.nocase,
-        nonull: matchOptions.nonull,
-        matchBase: matchOptions.matchBase,
-        nocomment: matchOptions.nocomment,
-        nonegate: matchOptions.nonegate,
-        flipNegate: matchOptions.flipNegate
-    };
-}
-exports._cloneMatchOptions = _cloneMatchOptions;
-function _getFindInfoFromPattern(defaultRoot, pattern, matchOptions) {
-    // parameter validation
-    if (!defaultRoot) {
-        throw new Error('getFindRootFromPattern() parameter defaultRoot cannot be empty');
-    }
-    if (!pattern) {
-        throw new Error('getFindRootFromPattern() parameter pattern cannot be empty');
-    }
-    if (!matchOptions.nobrace) {
-        throw new Error('getFindRootFromPattern() expected matchOptions.nobrace to be true');
-    }
-    // for the sake of determining the findPath, pretend nocase=false
-    matchOptions = _cloneMatchOptions(matchOptions);
-    matchOptions.nocase = false;
-    // check if basename only and matchBase=true
-    if (matchOptions.matchBase &&
-        !_isRooted(pattern) &&
-        (process.platform == 'win32' ? pattern.replace(/\\/g, '/') : pattern).indexOf('/') < 0) {
-        return {
-            adjustedPattern: pattern,
-            findPath: defaultRoot,
-            statOnly: false,
-        };
-    }
-    // the technique applied by this function is to use the information on the Minimatch object determine
-    // the findPath. Minimatch breaks the pattern into path segments, and exposes information about which
-    // segments are literal vs patterns.
-    //
-    // note, the technique currently imposes a limitation for drive-relative paths with a glob in the
-    // first segment, e.g. C:hello*/world. it's feasible to overcome this limitation, but is left unsolved
-    // for now.
-    var minimatchObj = new minimatch.Minimatch(pattern, matchOptions);
-    // the "set" property is an array of arrays of parsed path segment info. the outer array should only
-    // contain one item, otherwise something went wrong. brace expansion can result in multiple arrays,
-    // but that should be turned off by the time this function is reached.
-    if (minimatchObj.set.length != 1) {
-        throw new Error('getFindRootFromPattern() expected Minimatch(...).set.length to be 1. Actual: ' + minimatchObj.set.length);
-    }
-    var literalSegments = [];
-    for (var _i = 0, _a = minimatchObj.set[0]; _i < _a.length; _i++) {
-        var parsedSegment = _a[_i];
-        if (typeof parsedSegment == 'string') {
-            // the item is a string when the original input for the path segment does not contain any
-            // unescaped glob characters.
-            //
-            // note, the string here is already unescaped (i.e. glob escaping removed), so it is ready
-            // to pass to find() as-is. for example, an input string 'hello\\*world' => 'hello*world'.
-            literalSegments.push(parsedSegment);
-            continue;
-        }
-        break;
-    }
-    // join the literal segments back together. Minimatch converts '\' to '/' on Windows, then squashes
-    // consequetive slashes, and finally splits on slash. this means that UNC format is lost, but can
-    // be detected from the original pattern.
-    var joinedSegments = literalSegments.join('/');
-    if (joinedSegments && process.platform == 'win32' && _startsWith(pattern.replace(/\\/g, '/'), '//')) {
-        joinedSegments = '/' + joinedSegments; // restore UNC format
-    }
-    // determine the find path
-    var findPath;
-    if (_isRooted(pattern)) { // the pattern was rooted
-        findPath = joinedSegments;
-    }
-    else if (joinedSegments) { // the pattern was not rooted, and literal segments were found
-        findPath = _ensureRooted(defaultRoot, joinedSegments);
-    }
-    else { // the pattern was not rooted, and no literal segments were found
-        findPath = defaultRoot;
-    }
-    // clean up the path
-    if (findPath) {
-        findPath = _getDirectoryName(_ensureRooted(findPath, '_')); // hack to remove unnecessary trailing slash
-        findPath = _normalizeSeparators(findPath); // normalize slashes
-    }
-    return {
-        adjustedPattern: _ensurePatternRooted(defaultRoot, pattern),
-        findPath: findPath,
-        statOnly: literalSegments.length == minimatchObj.set[0].length,
-    };
-}
-exports._getFindInfoFromPattern = _getFindInfoFromPattern;
-function _ensurePatternRooted(root, p) {
-    if (!root) {
-        throw new Error('ensurePatternRooted() parameter "root" cannot be empty');
-    }
-    if (!p) {
-        throw new Error('ensurePatternRooted() parameter "p" cannot be empty');
-    }
-    if (_isRooted(p)) {
-        return p;
-    }
-    // normalize root
-    root = _normalizeSeparators(root);
-    // escape special glob characters
-    root = (process.platform == 'win32' ? root : root.replace(/\\/g, '\\\\')) // escape '\' on OSX/Linux
-        .replace(/(\[)(?=[^\/]+\])/g, '[[]') // escape '[' when ']' follows within the path segment
-        .replace(/\?/g, '[?]') // escape '?'
-        .replace(/\*/g, '[*]') // escape '*'
-        .replace(/\+\(/g, '[+](') // escape '+('
-        .replace(/@\(/g, '[@](') // escape '@('
-        .replace(/!\(/g, '[!]('); // escape '!('
-    return _ensureRooted(root, p);
-}
-exports._ensurePatternRooted = _ensurePatternRooted;
-//-------------------------------------------------------------------
-// Populate the vault with sensitive data.  Inputs and Endpoints
-//-------------------------------------------------------------------
-function _loadData() {
-    // in agent, prefer TempDirectory then workFolder.
-    // In interactive dev mode, it won't be
-    var keyPath = _getVariable("agent.TempDirectory") || _getVariable("agent.workFolder") || process.cwd();
-    exports._vault = new vm.Vault(keyPath);
-    exports._knownVariableMap = {};
-    _debug('loading inputs and endpoints');
-    var loaded = 0;
-    for (var envvar in process.env) {
-        if (_startsWith(envvar, 'INPUT_') ||
-            _startsWith(envvar, 'ENDPOINT_AUTH_') ||
-            _startsWith(envvar, 'SECUREFILE_TICKET_') ||
-            _startsWith(envvar, 'SECRET_') ||
-            _startsWith(envvar, 'VSTS_TASKVARIABLE_')) {
-            // Record the secret variable metadata. This is required by getVariable to know whether
-            // to retrieve the value from the vault. In a 2.104.1 agent or higher, this metadata will
-            // be overwritten when the VSTS_SECRET_VARIABLES env var is processed below.
-            if (_startsWith(envvar, 'SECRET_')) {
-                var variableName = envvar.substring('SECRET_'.length);
-                if (variableName) {
-                    // This is technically not the variable name (has underscores instead of dots),
-                    // but it's good enough to make getVariable work in a pre-2.104.1 agent where
-                    // the VSTS_SECRET_VARIABLES env var is not defined.
-                    exports._knownVariableMap[_getVariableKey(variableName)] = { name: variableName, secret: true };
-                }
-            }
-            // store the secret
-            var value = process.env[envvar];
-            if (value) {
-                ++loaded;
-                _debug('loading ' + envvar);
-                exports._vault.storeSecret(envvar, value);
-                delete process.env[envvar];
-            }
-        }
-    }
-    _debug('loaded ' + loaded);
-    // store public variable metadata
-    var names;
-    try {
-        names = JSON.parse(process.env['VSTS_PUBLIC_VARIABLES'] || '[]');
-    }
-    catch (err) {
-        throw new Error('Failed to parse VSTS_PUBLIC_VARIABLES as JSON. ' + err); // may occur during interactive testing
-    }
-    names.forEach(function (name) {
-        exports._knownVariableMap[_getVariableKey(name)] = { name: name, secret: false };
-    });
-    delete process.env['VSTS_PUBLIC_VARIABLES'];
-    // store secret variable metadata
-    try {
-        names = JSON.parse(process.env['VSTS_SECRET_VARIABLES'] || '[]');
-    }
-    catch (err) {
-        throw new Error('Failed to parse VSTS_SECRET_VARIABLES as JSON. ' + err); // may occur during interactive testing
-    }
-    names.forEach(function (name) {
-        exports._knownVariableMap[_getVariableKey(name)] = { name: name, secret: true };
-    });
-    delete process.env['VSTS_SECRET_VARIABLES'];
-    // avoid loading twice (overwrites .taskkey)
-    global['_vsts_task_lib_loaded'] = true;
-}
-exports._loadData = _loadData;
-//--------------------------------------------------------------------------------
-// Internal path helpers.
-//--------------------------------------------------------------------------------
-/**
- * Defines if path is unc-path.
- *
- * @param path  a path to a file.
- * @returns     true if path starts with double backslash, otherwise returns false.
- */
-function _isUncPath(path) {
-    return /^\\\\[^\\]/.test(path);
-}
-exports._isUncPath = _isUncPath;
-function _ensureRooted(root, p) {
-    if (!root) {
-        throw new Error('ensureRooted() parameter "root" cannot be empty');
-    }
-    if (!p) {
-        throw new Error('ensureRooted() parameter "p" cannot be empty');
-    }
-    if (_isRooted(p)) {
-        return p;
-    }
-    if (process.platform == 'win32' && root.match(/^[A-Z]:$/i)) { // e.g. C:
-        return root + p;
-    }
-    // ensure root ends with a separator
-    if (_endsWith(root, '/') || (process.platform == 'win32' && _endsWith(root, '\\'))) {
-        // root already ends with a separator
-    }
-    else {
-        root += path.sep; // append separator
-    }
-    return root + p;
-}
-exports._ensureRooted = _ensureRooted;
-/**
- * Determines the parent path and trims trailing slashes (when safe). Path separators are normalized
- * in the result. This function works similar to the .NET System.IO.Path.GetDirectoryName() method.
- * For example, C:\hello\world\ returns C:\hello\world (trailing slash removed). Returns empty when
- * no higher directory can be determined.
- */
-function _getDirectoryName(p) {
-    // short-circuit if empty
-    if (!p) {
-        return '';
-    }
-    // normalize separators
-    p = _normalizeSeparators(p);
-    // on Windows, the goal of this function is to match the behavior of
-    // [System.IO.Path]::GetDirectoryName(), e.g.
-    //      C:/             =>
-    //      C:/hello        => C:\
-    //      C:/hello/       => C:\hello
-    //      C:/hello/world  => C:\hello
-    //      C:/hello/world/ => C:\hello\world
-    //      C:              =>
-    //      C:hello         => C:
-    //      C:hello/        => C:hello
-    //      /               =>
-    //      /hello          => \
-    //      /hello/         => \hello
-    //      //hello         =>
-    //      //hello/        =>
-    //      //hello/world   =>
-    //      //hello/world/  => \\hello\world
-    //
-    // unfortunately, path.dirname() can't simply be used. for example, on Windows
-    // it yields different results from Path.GetDirectoryName:
-    //      C:/             => C:/
-    //      C:/hello        => C:/
-    //      C:/hello/       => C:/
-    //      C:/hello/world  => C:/hello
-    //      C:/hello/world/ => C:/hello
-    //      C:              => C:
-    //      C:hello         => C:
-    //      C:hello/        => C:
-    //      /               => /
-    //      /hello          => /
-    //      /hello/         => /
-    //      //hello         => /
-    //      //hello/        => /
-    //      //hello/world   => //hello/world
-    //      //hello/world/  => //hello/world/
-    //      //hello/world/again => //hello/world/
-    //      //hello/world/again/ => //hello/world/
-    //      //hello/world/again/again => //hello/world/again
-    //      //hello/world/again/again/ => //hello/world/again
-    if (process.platform == 'win32') {
-        if (/^[A-Z]:\\?[^\\]+$/i.test(p)) { // e.g. C:\hello or C:hello
-            return p.charAt(2) == '\\' ? p.substring(0, 3) : p.substring(0, 2);
-        }
-        else if (/^[A-Z]:\\?$/i.test(p)) { // e.g. C:\ or C:
-            return '';
-        }
-        var lastSlashIndex = p.lastIndexOf('\\');
-        if (lastSlashIndex < 0) { // file name only
-            return '';
-        }
-        else if (p == '\\') { // relative root
-            return '';
-        }
-        else if (lastSlashIndex == 0) { // e.g. \\hello
-            return '\\';
-        }
-        else if (/^\\\\[^\\]+(\\[^\\]*)?$/.test(p)) { // UNC root, e.g. \\hello or \\hello\ or \\hello\world
-            return '';
-        }
-        return p.substring(0, lastSlashIndex); // e.g. hello\world => hello or hello\world\ => hello\world
-        // note, this means trailing slashes for non-root directories
-        // (i.e. not C:\, \, or \\unc\) will simply be removed.
-    }
-    // OSX/Linux
-    if (p.indexOf('/') < 0) { // file name only
-        return '';
-    }
-    else if (p == '/') {
-        return '';
-    }
-    else if (_endsWith(p, '/')) {
-        return p.substring(0, p.length - 1);
-    }
-    return path.dirname(p);
-}
-exports._getDirectoryName = _getDirectoryName;
-/**
- * On OSX/Linux, true if path starts with '/'. On Windows, true for paths like:
- * \, \hello, \\hello\share, C:, and C:\hello (and corresponding alternate separator cases).
- */
-function _isRooted(p) {
-    p = _normalizeSeparators(p);
-    if (!p) {
-        throw new Error('isRooted() parameter "p" cannot be empty');
-    }
-    if (process.platform == 'win32') {
-        return _startsWith(p, '\\') || // e.g. \ or \hello or \\hello
-            /^[A-Z]:/i.test(p); // e.g. C: or C:\hello
-    }
-    return _startsWith(p, '/'); // e.g. /hello
-}
-exports._isRooted = _isRooted;
-function _normalizeSeparators(p) {
-    p = p || '';
-    if (process.platform == 'win32') {
-        // convert slashes on Windows
-        p = p.replace(/\//g, '\\');
-        // remove redundant slashes
-        var isUnc = /^\\\\+[^\\]/.test(p); // e.g. \\hello
-        return (isUnc ? '\\' : '') + p.replace(/\\\\+/g, '\\'); // preserve leading // for UNC
-    }
-    // remove redundant slashes
-    return p.replace(/\/\/+/g, '/');
-}
-exports._normalizeSeparators = _normalizeSeparators;
-//-----------------------------------------------------
-// Expose proxy information to vsts-node-api
-//-----------------------------------------------------
-function _exposeProxySettings() {
-    var proxyUrl = _getVariable('Agent.ProxyUrl');
-    if (proxyUrl && proxyUrl.length > 0) {
-        var proxyUsername = _getVariable('Agent.ProxyUsername');
-        var proxyPassword = _getVariable('Agent.ProxyPassword');
-        var proxyBypassHostsJson = _getVariable('Agent.ProxyBypassList');
-        global['_vsts_task_lib_proxy_url'] = proxyUrl;
-        global['_vsts_task_lib_proxy_username'] = proxyUsername;
-        global['_vsts_task_lib_proxy_bypass'] = proxyBypassHostsJson;
-        global['_vsts_task_lib_proxy_password'] = _exposeTaskLibSecret('proxy', proxyPassword || '');
-        _debug('expose agent proxy configuration.');
-        global['_vsts_task_lib_proxy'] = true;
-    }
-}
-exports._exposeProxySettings = _exposeProxySettings;
-//-----------------------------------------------------
-// Expose certificate information to vsts-node-api
-//-----------------------------------------------------
-function _exposeCertSettings() {
-    var ca = _getVariable('Agent.CAInfo');
-    if (ca) {
-        global['_vsts_task_lib_cert_ca'] = ca;
-    }
-    var clientCert = _getVariable('Agent.ClientCert');
-    if (clientCert) {
-        var clientCertKey = _getVariable('Agent.ClientCertKey');
-        var clientCertArchive = _getVariable('Agent.ClientCertArchive');
-        var clientCertPassword = _getVariable('Agent.ClientCertPassword');
-        global['_vsts_task_lib_cert_clientcert'] = clientCert;
-        global['_vsts_task_lib_cert_key'] = clientCertKey;
-        global['_vsts_task_lib_cert_archive'] = clientCertArchive;
-        global['_vsts_task_lib_cert_passphrase'] = _exposeTaskLibSecret('cert', clientCertPassword || '');
-    }
-    if (ca || clientCert) {
-        _debug('expose agent certificate configuration.');
-        global['_vsts_task_lib_cert'] = true;
-    }
-    var skipCertValidation = _getVariable('Agent.SkipCertValidation') || 'false';
-    if (skipCertValidation) {
-        global['_vsts_task_lib_skip_cert_validation'] = skipCertValidation.toUpperCase() === 'TRUE';
-    }
-}
-exports._exposeCertSettings = _exposeCertSettings;
-// We store the encryption key on disk and hold the encrypted content and key file in memory
-// return base64encoded<keyFilePath>:base64encoded<encryptedContent>
-// downstream vsts-node-api will retrieve the secret later
-function _exposeTaskLibSecret(keyFile, secret) {
-    if (secret) {
-        var encryptKey = crypto.randomBytes(256);
-        var cipher = crypto.createCipher("aes-256-ctr", encryptKey);
-        var encryptedContent = cipher.update(secret, "utf8", "hex");
-        encryptedContent += cipher.final("hex");
-        var storageFile = path.join(_getVariable('Agent.TempDirectory') || _getVariable("agent.workFolder") || process.cwd(), keyFile);
-        fs.writeFileSync(storageFile, encryptKey.toString('base64'), { encoding: 'utf8' });
-        return new Buffer(storageFile).toString('base64') + ':' + new Buffer(encryptedContent).toString('base64');
-    }
-}
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._exposeCertSettings = exports._exposeProxySettings = exports._normalizeSeparators = exports._isRooted = exports._getDirectoryName = exports._ensureRooted = exports._isUncPath = exports._loadData = exports._ensurePatternRooted = exports._getFindInfoFromPattern = exports._cloneMatchOptions = exports._legacyFindFiles_convertPatternToRegExp = exports._which = exports._checkPath = exports._exist = exports._debug = exports._error = exports._warning = exports._command = exports._getVariableKey = exports._getVariable = exports._loc = exports._setResourcePath = exports._setErrStream = exports._setStdStream = exports._writeLine = exports._endsWith = exports._startsWith = exports._vault = exports._knownVariableMap = void 0;
+var fs = require("fs");
+var path = require("path");
+var os = require("os");
+var minimatch = require("minimatch");
+var util = require("util");
+var tcm = require("./taskcommand");
+var vm = require("./vault");
+var semver = require("semver");
+var crypto = require("crypto");
+/**
+ * Hash table of known variable info. The formatted env var name is the lookup key.
+ *
+ * The purpose of this hash table is to keep track of known variables. The hash table
+ * needs to be maintained for multiple reasons:
+ *  1) to distinguish between env vars and job vars
+ *  2) to distinguish between secret vars and public
+ *  3) to know the real variable name and not just the formatted env var name.
+ */
+exports._knownVariableMap = {};
+//-----------------------------------------------------
+// Validation Checks
+//-----------------------------------------------------
+// async await needs generators in node 4.x+
+if (semver.lt(process.versions.node, '4.2.0')) {
+    _warning('Tasks require a new agent.  Upgrade your agent or node to 4.2.0 or later');
+}
+//-----------------------------------------------------
+// String convenience
+//-----------------------------------------------------
+function _startsWith(str, start) {
+    return str.slice(0, start.length) == start;
+}
+exports._startsWith = _startsWith;
+function _endsWith(str, end) {
+    return str.slice(-end.length) == end;
+}
+exports._endsWith = _endsWith;
+//-----------------------------------------------------
+// General Helpers
+//-----------------------------------------------------
+var _outStream = process.stdout;
+var _errStream = process.stderr;
+function _writeLine(str) {
+    _outStream.write(str + os.EOL);
+}
+exports._writeLine = _writeLine;
+function _setStdStream(stdStream) {
+    _outStream = stdStream;
+}
+exports._setStdStream = _setStdStream;
+function _setErrStream(errStream) {
+    _errStream = errStream;
+}
+exports._setErrStream = _setErrStream;
+//-----------------------------------------------------
+// Loc Helpers
+//-----------------------------------------------------
+var _locStringCache = {};
+var _resourceFiles = {};
+var _libResourceFileLoaded = false;
+var _resourceCulture = 'en-US';
+function _loadResJson(resjsonFile) {
+    var resJson;
+    if (_exist(resjsonFile)) {
+        var resjsonContent = fs.readFileSync(resjsonFile, 'utf8').toString();
+        // remove BOM
+        if (resjsonContent.indexOf('\uFEFF') == 0) {
+            resjsonContent = resjsonContent.slice(1);
+        }
+        try {
+            resJson = JSON.parse(resjsonContent);
+        }
+        catch (err) {
+            _debug('unable to parse resjson with err: ' + err.message);
+        }
+    }
+    else {
+        _debug('.resjson file not found: ' + resjsonFile);
+    }
+    return resJson;
+}
+function _loadLocStrings(resourceFile, culture) {
+    var locStrings = {};
+    if (_exist(resourceFile)) {
+        var resourceJson = require(resourceFile);
+        if (resourceJson && resourceJson.hasOwnProperty('messages')) {
+            var locResourceJson;
+            // load up resource resjson for different culture
+            var localizedResourceFile = path.join(path.dirname(resourceFile), 'Strings', 'resources.resjson');
+            var upperCulture = culture.toUpperCase();
+            var cultures = [];
+            try {
+                cultures = fs.readdirSync(localizedResourceFile);
+            }
+            catch (ex) { }
+            for (var i = 0; i < cultures.length; i++) {
+                if (cultures[i].toUpperCase() == upperCulture) {
+                    localizedResourceFile = path.join(localizedResourceFile, cultures[i], 'resources.resjson');
+                    if (_exist(localizedResourceFile)) {
+                        locResourceJson = _loadResJson(localizedResourceFile);
+                    }
+                    break;
+                }
+            }
+            for (var key in resourceJson.messages) {
+                if (locResourceJson && locResourceJson.hasOwnProperty('loc.messages.' + key)) {
+                    locStrings[key] = locResourceJson['loc.messages.' + key];
+                }
+                else {
+                    locStrings[key] = resourceJson.messages[key];
+                }
+            }
+        }
+    }
+    else {
+        _warning('LIB_ResourceFile does not exist');
+    }
+    return locStrings;
+}
+/**
+ * Sets the location of the resources json.  This is typically the task.json file.
+ * Call once at the beginning of the script before any calls to loc.
+ * @param     path      Full path to the json.
+ * @param     ignoreWarnings  Won't throw warnings if path already set.
+ * @returns   void
+ */
+function _setResourcePath(path, ignoreWarnings) {
+    if (ignoreWarnings === void 0) { ignoreWarnings = false; }
+    if (process.env['TASKLIB_INPROC_UNITS']) {
+        _resourceFiles = {};
+        _libResourceFileLoaded = false;
+        _locStringCache = {};
+        _resourceCulture = 'en-US';
+    }
+    if (!_resourceFiles[path]) {
+        _checkPath(path, 'resource file path');
+        _resourceFiles[path] = path;
+        _debug('adding resource file: ' + path);
+        _resourceCulture = _getVariable('system.culture') || _resourceCulture;
+        var locStrs = _loadLocStrings(path, _resourceCulture);
+        for (var key in locStrs) {
+            //cache loc string
+            _locStringCache[key] = locStrs[key];
+        }
+    }
+    else {
+        if (ignoreWarnings) {
+            _debug(_loc('LIB_ResourceFileAlreadySet', path));
+        }
+        else {
+            _warning(_loc('LIB_ResourceFileAlreadySet', path));
+        }
+    }
+}
+exports._setResourcePath = _setResourcePath;
+/**
+ * Gets the localized string from the json resource file.  Optionally formats with additional params.
+ *
+ * @param     key      key of the resources string in the resource file
+ * @param     param    additional params for formatting the string
+ * @returns   string
+ */
+function _loc(key) {
+    var param = [];
+    for (var _i = 1; _i < arguments.length; _i++) {
+        param[_i - 1] = arguments[_i];
+    }
+    if (!_libResourceFileLoaded) {
+        // merge loc strings from azure-pipelines-task-lib.
+        var libResourceFile = path.join(__dirname, 'lib.json');
+        var libLocStrs = _loadLocStrings(libResourceFile, _resourceCulture);
+        for (var libKey in libLocStrs) {
+            //cache azure-pipelines-task-lib loc string
+            _locStringCache[libKey] = libLocStrs[libKey];
+        }
+        _libResourceFileLoaded = true;
+    }
+    var locString;
+    ;
+    if (_locStringCache.hasOwnProperty(key)) {
+        locString = _locStringCache[key];
+    }
+    else {
+        if (Object.keys(_resourceFiles).length <= 0) {
+            _warning("Resource file haven't been set, can't find loc string for key: " + key);
+        }
+        else {
+            _warning("Can't find loc string for key: " + key);
+        }
+        locString = key;
+    }
+    if (param.length > 0) {
+        return util.format.apply(this, [locString].concat(param));
+    }
+    else {
+        return locString;
+    }
+}
+exports._loc = _loc;
+//-----------------------------------------------------
+// Input Helpers
+//-----------------------------------------------------
+/**
+ * Gets a variable value that is defined on the build/release definition or set at runtime.
+ *
+ * @param     name     name of the variable to get
+ * @returns   string
+ */
+function _getVariable(name) {
+    var varval;
+    // get the metadata
+    var info;
+    var key = _getVariableKey(name);
+    if (exports._knownVariableMap.hasOwnProperty(key)) {
+        info = exports._knownVariableMap[key];
+    }
+    if (info && info.secret) {
+        // get the secret value
+        varval = exports._vault.retrieveSecret('SECRET_' + key);
+    }
+    else {
+        // get the public value
+        varval = process.env[key];
+        // fallback for pre 2.104.1 agent
+        if (!varval && name.toUpperCase() == 'AGENT.JOBSTATUS') {
+            varval = process.env['agent.jobstatus'];
+        }
+    }
+    _debug(name + '=' + varval);
+    return varval;
+}
+exports._getVariable = _getVariable;
+function _getVariableKey(name) {
+    if (!name) {
+        throw new Error(_loc('LIB_ParameterIsRequired', 'name'));
+    }
+    return name.replace(/\./g, '_').replace(/ /g, '_').toUpperCase();
+}
+exports._getVariableKey = _getVariableKey;
+//-----------------------------------------------------
+// Cmd Helpers
+//-----------------------------------------------------
+function _command(command, properties, message) {
+    var taskCmd = new tcm.TaskCommand(command, properties, message);
+    _writeLine(taskCmd.toString());
+}
+exports._command = _command;
+function _warning(message) {
+    _command('task.issue', { 'type': 'warning' }, message);
+}
+exports._warning = _warning;
+function _error(message) {
+    _command('task.issue', { 'type': 'error' }, message);
+}
+exports._error = _error;
+function _debug(message) {
+    _command('task.debug', null, message);
+}
+exports._debug = _debug;
+// //-----------------------------------------------------
+// // Disk Functions
+// //-----------------------------------------------------
+/**
+ * Returns whether a path exists.
+ *
+ * @param     path      path to check
+ * @returns   boolean
+ */
+function _exist(path) {
+    var exist = false;
+    try {
+        exist = !!(path && fs.statSync(path) != null);
+    }
+    catch (err) {
+        if (err && err.code === 'ENOENT') {
+            exist = false;
+        }
+        else {
+            throw err;
+        }
+    }
+    return exist;
+}
+exports._exist = _exist;
+/**
+ * Checks whether a path exists.
+ * If the path does not exist, it will throw.
+ *
+ * @param     p         path to check
+ * @param     name      name only used in error message to identify the path
+ * @returns   void
+ */
+function _checkPath(p, name) {
+    _debug('check path : ' + p);
+    if (!_exist(p)) {
+        throw new Error(_loc('LIB_PathNotFound', name, p));
+    }
+}
+exports._checkPath = _checkPath;
+/**
+ * Returns path of a tool had the tool actually been invoked.  Resolves via paths.
+ * If you check and the tool does not exist, it will throw.
+ *
+ * @param     tool       name of the tool
+ * @param     check      whether to check if tool exists
+ * @returns   string
+ */
+function _which(tool, check) {
+    if (!tool) {
+        throw new Error('parameter \'tool\' is required');
+    }
+    // recursive when check=true
+    if (check) {
+        var result = _which(tool, false);
+        if (result) {
+            return result;
+        }
+        else {
+            if (process.platform == 'win32') {
+                throw new Error(_loc('LIB_WhichNotFound_Win', tool));
+            }
+            else {
+                throw new Error(_loc('LIB_WhichNotFound_Linux', tool));
+            }
+        }
+    }
+    _debug("which '" + tool + "'");
+    try {
+        // build the list of extensions to try
+        var extensions = [];
+        if (process.platform == 'win32' && process.env['PATHEXT']) {
+            for (var _i = 0, _a = process.env['PATHEXT'].split(path.delimiter); _i < _a.length; _i++) {
+                var extension = _a[_i];
+                if (extension) {
+                    extensions.push(extension);
+                }
+            }
+        }
+        // if it's rooted, return it if exists. otherwise return empty.
+        if (_isRooted(tool)) {
+            var filePath = _tryGetExecutablePath(tool, extensions);
+            if (filePath) {
+                _debug("found: '" + filePath + "'");
+                return filePath;
+            }
+            _debug('not found');
+            return '';
+        }
+        // if any path separators, return empty
+        if (tool.indexOf('/') >= 0 || (process.platform == 'win32' && tool.indexOf('\\') >= 0)) {
+            _debug('not found');
+            return '';
+        }
+        // build the list of directories
+        //
+        // Note, technically "where" checks the current directory on Windows. From a task lib perspective,
+        // it feels like we should not do this. Checking the current directory seems like more of a use
+        // case of a shell, and the which() function exposed by the task lib should strive for consistency
+        // across platforms.
+        var directories = [];
+        if (process.env['PATH']) {
+            for (var _b = 0, _c = process.env['PATH'].split(path.delimiter); _b < _c.length; _b++) {
+                var p = _c[_b];
+                if (p) {
+                    directories.push(p);
+                }
+            }
+        }
+        // return the first match
+        for (var _d = 0, directories_1 = directories; _d < directories_1.length; _d++) {
+            var directory = directories_1[_d];
+            var filePath = _tryGetExecutablePath(directory + path.sep + tool, extensions);
+            if (filePath) {
+                _debug("found: '" + filePath + "'");
+                return filePath;
+            }
+        }
+        _debug('not found');
+        return '';
+    }
+    catch (err) {
+        throw new Error(_loc('LIB_OperationFailed', 'which', err.message));
+    }
+}
+exports._which = _which;
+/**
+ * Best effort attempt to determine whether a file exists and is executable.
+ * @param filePath    file path to check
+ * @param extensions  additional file extensions to try
+ * @return if file exists and is executable, returns the file path. otherwise empty string.
+ */
+function _tryGetExecutablePath(filePath, extensions) {
+    try {
+        // test file exists
+        var stats = fs.statSync(filePath);
+        if (stats.isFile()) {
+            if (process.platform == 'win32') {
+                // on Windows, test for valid extension
+                var isExecutable = false;
+                var fileName = path.basename(filePath);
+                var dotIndex = fileName.lastIndexOf('.');
+                if (dotIndex >= 0) {
+                    var upperExt_1 = fileName.substr(dotIndex).toUpperCase();
+                    if (extensions.some(function (validExt) { return validExt.toUpperCase() == upperExt_1; })) {
+                        return filePath;
+                    }
+                }
+            }
+            else {
+                if (isUnixExecutable(stats)) {
+                    return filePath;
+                }
+            }
+        }
+    }
+    catch (err) {
+        if (err.code != 'ENOENT') {
+            _debug("Unexpected error attempting to determine if executable file exists '" + filePath + "': " + err);
+        }
+    }
+    // try each extension
+    var originalFilePath = filePath;
+    for (var _i = 0, extensions_1 = extensions; _i < extensions_1.length; _i++) {
+        var extension = extensions_1[_i];
+        var found = false;
+        var filePath_1 = originalFilePath + extension;
+        try {
+            var stats = fs.statSync(filePath_1);
+            if (stats.isFile()) {
+                if (process.platform == 'win32') {
+                    // preserve the case of the actual file (since an extension was appended)
+                    try {
+                        var directory = path.dirname(filePath_1);
+                        var upperName = path.basename(filePath_1).toUpperCase();
+                        for (var _a = 0, _b = fs.readdirSync(directory); _a < _b.length; _a++) {
+                            var actualName = _b[_a];
+                            if (upperName == actualName.toUpperCase()) {
+                                filePath_1 = path.join(directory, actualName);
+                                break;
+                            }
+                        }
+                    }
+                    catch (err) {
+                        _debug("Unexpected error attempting to determine the actual case of the file '" + filePath_1 + "': " + err);
+                    }
+                    return filePath_1;
+                }
+                else {
+                    if (isUnixExecutable(stats)) {
+                        return filePath_1;
+                    }
+                }
+            }
+        }
+        catch (err) {
+            if (err.code != 'ENOENT') {
+                _debug("Unexpected error attempting to determine if executable file exists '" + filePath_1 + "': " + err);
+            }
+        }
+    }
+    return '';
+}
+// on Mac/Linux, test the execute bit
+//     R   W  X  R  W X R W X
+//   256 128 64 32 16 8 4 2 1
+function isUnixExecutable(stats) {
+    return (stats.mode & 1) > 0 || ((stats.mode & 8) > 0 && stats.gid === process.getgid()) || ((stats.mode & 64) > 0 && stats.uid === process.getuid());
+}
+function _legacyFindFiles_convertPatternToRegExp(pattern) {
+    pattern = (process.platform == 'win32' ? pattern.replace(/\\/g, '/') : pattern) // normalize separator on Windows
+        .replace(/[-\/\\^$*+?.()|[\]{}]/g, '\\$&') // regex escape - from http://stackoverflow.com/questions/3561493/is-there-a-regexp-escape-function-in-javascript
+        .replace(/\\\/\\\*\\\*\\\//g, '((\/.+/)|(\/))') // replace directory globstar, e.g. /hello/**/world
+        .replace(/\\\*\\\*/g, '.*') // replace remaining globstars with a wildcard that can span directory separators, e.g. /hello/**dll
+        .replace(/\\\*/g, '[^\/]*') // replace asterisks with a wildcard that cannot span directory separators, e.g. /hello/*.dll
+        .replace(/\\\?/g, '[^\/]'); // replace single character wildcards, e.g. /hello/log?.dll
+    pattern = "^" + pattern + "$";
+    var flags = process.platform == 'win32' ? 'i' : '';
+    return new RegExp(pattern, flags);
+}
+exports._legacyFindFiles_convertPatternToRegExp = _legacyFindFiles_convertPatternToRegExp;
+function _cloneMatchOptions(matchOptions) {
+    return {
+        debug: matchOptions.debug,
+        nobrace: matchOptions.nobrace,
+        noglobstar: matchOptions.noglobstar,
+        dot: matchOptions.dot,
+        noext: matchOptions.noext,
+        nocase: matchOptions.nocase,
+        nonull: matchOptions.nonull,
+        matchBase: matchOptions.matchBase,
+        nocomment: matchOptions.nocomment,
+        nonegate: matchOptions.nonegate,
+        flipNegate: matchOptions.flipNegate
+    };
+}
+exports._cloneMatchOptions = _cloneMatchOptions;
+function _getFindInfoFromPattern(defaultRoot, pattern, matchOptions) {
+    // parameter validation
+    if (!defaultRoot) {
+        throw new Error('getFindRootFromPattern() parameter defaultRoot cannot be empty');
+    }
+    if (!pattern) {
+        throw new Error('getFindRootFromPattern() parameter pattern cannot be empty');
+    }
+    if (!matchOptions.nobrace) {
+        throw new Error('getFindRootFromPattern() expected matchOptions.nobrace to be true');
+    }
+    // for the sake of determining the findPath, pretend nocase=false
+    matchOptions = _cloneMatchOptions(matchOptions);
+    matchOptions.nocase = false;
+    // check if basename only and matchBase=true
+    if (matchOptions.matchBase &&
+        !_isRooted(pattern) &&
+        (process.platform == 'win32' ? pattern.replace(/\\/g, '/') : pattern).indexOf('/') < 0) {
+        return {
+            adjustedPattern: pattern,
+            findPath: defaultRoot,
+            statOnly: false,
+        };
+    }
+    // the technique applied by this function is to use the information on the Minimatch object determine
+    // the findPath. Minimatch breaks the pattern into path segments, and exposes information about which
+    // segments are literal vs patterns.
+    //
+    // note, the technique currently imposes a limitation for drive-relative paths with a glob in the
+    // first segment, e.g. C:hello*/world. it's feasible to overcome this limitation, but is left unsolved
+    // for now.
+    var minimatchObj = new minimatch.Minimatch(pattern, matchOptions);
+    // the "set" property is an array of arrays of parsed path segment info. the outer array should only
+    // contain one item, otherwise something went wrong. brace expansion can result in multiple arrays,
+    // but that should be turned off by the time this function is reached.
+    if (minimatchObj.set.length != 1) {
+        throw new Error('getFindRootFromPattern() expected Minimatch(...).set.length to be 1. Actual: ' + minimatchObj.set.length);
+    }
+    var literalSegments = [];
+    for (var _i = 0, _a = minimatchObj.set[0]; _i < _a.length; _i++) {
+        var parsedSegment = _a[_i];
+        if (typeof parsedSegment == 'string') {
+            // the item is a string when the original input for the path segment does not contain any
+            // unescaped glob characters.
+            //
+            // note, the string here is already unescaped (i.e. glob escaping removed), so it is ready
+            // to pass to find() as-is. for example, an input string 'hello\\*world' => 'hello*world'.
+            literalSegments.push(parsedSegment);
+            continue;
+        }
+        break;
+    }
+    // join the literal segments back together. Minimatch converts '\' to '/' on Windows, then squashes
+    // consequetive slashes, and finally splits on slash. this means that UNC format is lost, but can
+    // be detected from the original pattern.
+    var joinedSegments = literalSegments.join('/');
+    if (joinedSegments && process.platform == 'win32' && _startsWith(pattern.replace(/\\/g, '/'), '//')) {
+        joinedSegments = '/' + joinedSegments; // restore UNC format
+    }
+    // determine the find path
+    var findPath;
+    if (_isRooted(pattern)) { // the pattern was rooted
+        findPath = joinedSegments;
+    }
+    else if (joinedSegments) { // the pattern was not rooted, and literal segments were found
+        findPath = _ensureRooted(defaultRoot, joinedSegments);
+    }
+    else { // the pattern was not rooted, and no literal segments were found
+        findPath = defaultRoot;
+    }
+    // clean up the path
+    if (findPath) {
+        findPath = _getDirectoryName(_ensureRooted(findPath, '_')); // hack to remove unnecessary trailing slash
+        findPath = _normalizeSeparators(findPath); // normalize slashes
+    }
+    return {
+        adjustedPattern: _ensurePatternRooted(defaultRoot, pattern),
+        findPath: findPath,
+        statOnly: literalSegments.length == minimatchObj.set[0].length,
+    };
+}
+exports._getFindInfoFromPattern = _getFindInfoFromPattern;
+function _ensurePatternRooted(root, p) {
+    if (!root) {
+        throw new Error('ensurePatternRooted() parameter "root" cannot be empty');
+    }
+    if (!p) {
+        throw new Error('ensurePatternRooted() parameter "p" cannot be empty');
+    }
+    if (_isRooted(p)) {
+        return p;
+    }
+    // normalize root
+    root = _normalizeSeparators(root);
+    // escape special glob characters
+    root = (process.platform == 'win32' ? root : root.replace(/\\/g, '\\\\')) // escape '\' on OSX/Linux
+        .replace(/(\[)(?=[^\/]+\])/g, '[[]') // escape '[' when ']' follows within the path segment
+        .replace(/\?/g, '[?]') // escape '?'
+        .replace(/\*/g, '[*]') // escape '*'
+        .replace(/\+\(/g, '[+](') // escape '+('
+        .replace(/@\(/g, '[@](') // escape '@('
+        .replace(/!\(/g, '[!]('); // escape '!('
+    return _ensureRooted(root, p);
+}
+exports._ensurePatternRooted = _ensurePatternRooted;
+//-------------------------------------------------------------------
+// Populate the vault with sensitive data.  Inputs and Endpoints
+//-------------------------------------------------------------------
+function _loadData() {
+    // in agent, prefer TempDirectory then workFolder.
+    // In interactive dev mode, it won't be
+    var keyPath = _getVariable("agent.TempDirectory") || _getVariable("agent.workFolder") || process.cwd();
+    exports._vault = new vm.Vault(keyPath);
+    exports._knownVariableMap = {};
+    _debug('loading inputs and endpoints');
+    var loaded = 0;
+    for (var envvar in process.env) {
+        if (_startsWith(envvar, 'INPUT_') ||
+            _startsWith(envvar, 'ENDPOINT_AUTH_') ||
+            _startsWith(envvar, 'SECUREFILE_TICKET_') ||
+            _startsWith(envvar, 'SECRET_') ||
+            _startsWith(envvar, 'VSTS_TASKVARIABLE_')) {
+            // Record the secret variable metadata. This is required by getVariable to know whether
+            // to retrieve the value from the vault. In a 2.104.1 agent or higher, this metadata will
+            // be overwritten when the VSTS_SECRET_VARIABLES env var is processed below.
+            if (_startsWith(envvar, 'SECRET_')) {
+                var variableName = envvar.substring('SECRET_'.length);
+                if (variableName) {
+                    // This is technically not the variable name (has underscores instead of dots),
+                    // but it's good enough to make getVariable work in a pre-2.104.1 agent where
+                    // the VSTS_SECRET_VARIABLES env var is not defined.
+                    exports._knownVariableMap[_getVariableKey(variableName)] = { name: variableName, secret: true };
+                }
+            }
+            // store the secret
+            var value = process.env[envvar];
+            if (value) {
+                ++loaded;
+                _debug('loading ' + envvar);
+                exports._vault.storeSecret(envvar, value);
+                delete process.env[envvar];
+            }
+        }
+    }
+    _debug('loaded ' + loaded);
+    // store public variable metadata
+    var names;
+    try {
+        names = JSON.parse(process.env['VSTS_PUBLIC_VARIABLES'] || '[]');
+    }
+    catch (err) {
+        throw new Error('Failed to parse VSTS_PUBLIC_VARIABLES as JSON. ' + err); // may occur during interactive testing
+    }
+    names.forEach(function (name) {
+        exports._knownVariableMap[_getVariableKey(name)] = { name: name, secret: false };
+    });
+    delete process.env['VSTS_PUBLIC_VARIABLES'];
+    // store secret variable metadata
+    try {
+        names = JSON.parse(process.env['VSTS_SECRET_VARIABLES'] || '[]');
+    }
+    catch (err) {
+        throw new Error('Failed to parse VSTS_SECRET_VARIABLES as JSON. ' + err); // may occur during interactive testing
+    }
+    names.forEach(function (name) {
+        exports._knownVariableMap[_getVariableKey(name)] = { name: name, secret: true };
+    });
+    delete process.env['VSTS_SECRET_VARIABLES'];
+    // avoid loading twice (overwrites .taskkey)
+    global['_vsts_task_lib_loaded'] = true;
+}
+exports._loadData = _loadData;
+//--------------------------------------------------------------------------------
+// Internal path helpers.
+//--------------------------------------------------------------------------------
+/**
+ * Defines if path is unc-path.
+ *
+ * @param path  a path to a file.
+ * @returns     true if path starts with double backslash, otherwise returns false.
+ */
+function _isUncPath(path) {
+    return /^\\\\[^\\]/.test(path);
+}
+exports._isUncPath = _isUncPath;
+function _ensureRooted(root, p) {
+    if (!root) {
+        throw new Error('ensureRooted() parameter "root" cannot be empty');
+    }
+    if (!p) {
+        throw new Error('ensureRooted() parameter "p" cannot be empty');
+    }
+    if (_isRooted(p)) {
+        return p;
+    }
+    if (process.platform == 'win32' && root.match(/^[A-Z]:$/i)) { // e.g. C:
+        return root + p;
+    }
+    // ensure root ends with a separator
+    if (_endsWith(root, '/') || (process.platform == 'win32' && _endsWith(root, '\\'))) {
+        // root already ends with a separator
+    }
+    else {
+        root += path.sep; // append separator
+    }
+    return root + p;
+}
+exports._ensureRooted = _ensureRooted;
+/**
+ * Determines the parent path and trims trailing slashes (when safe). Path separators are normalized
+ * in the result. This function works similar to the .NET System.IO.Path.GetDirectoryName() method.
+ * For example, C:\hello\world\ returns C:\hello\world (trailing slash removed). Returns empty when
+ * no higher directory can be determined.
+ */
+function _getDirectoryName(p) {
+    // short-circuit if empty
+    if (!p) {
+        return '';
+    }
+    // normalize separators
+    p = _normalizeSeparators(p);
+    // on Windows, the goal of this function is to match the behavior of
+    // [System.IO.Path]::GetDirectoryName(), e.g.
+    //      C:/             =>
+    //      C:/hello        => C:\
+    //      C:/hello/       => C:\hello
+    //      C:/hello/world  => C:\hello
+    //      C:/hello/world/ => C:\hello\world
+    //      C:              =>
+    //      C:hello         => C:
+    //      C:hello/        => C:hello
+    //      /               =>
+    //      /hello          => \
+    //      /hello/         => \hello
+    //      //hello         =>
+    //      //hello/        =>
+    //      //hello/world   =>
+    //      //hello/world/  => \\hello\world
+    //
+    // unfortunately, path.dirname() can't simply be used. for example, on Windows
+    // it yields different results from Path.GetDirectoryName:
+    //      C:/             => C:/
+    //      C:/hello        => C:/
+    //      C:/hello/       => C:/
+    //      C:/hello/world  => C:/hello
+    //      C:/hello/world/ => C:/hello
+    //      C:              => C:
+    //      C:hello         => C:
+    //      C:hello/        => C:
+    //      /               => /
+    //      /hello          => /
+    //      /hello/         => /
+    //      //hello         => /
+    //      //hello/        => /
+    //      //hello/world   => //hello/world
+    //      //hello/world/  => //hello/world/
+    //      //hello/world/again => //hello/world/
+    //      //hello/world/again/ => //hello/world/
+    //      //hello/world/again/again => //hello/world/again
+    //      //hello/world/again/again/ => //hello/world/again
+    if (process.platform == 'win32') {
+        if (/^[A-Z]:\\?[^\\]+$/i.test(p)) { // e.g. C:\hello or C:hello
+            return p.charAt(2) == '\\' ? p.substring(0, 3) : p.substring(0, 2);
+        }
+        else if (/^[A-Z]:\\?$/i.test(p)) { // e.g. C:\ or C:
+            return '';
+        }
+        var lastSlashIndex = p.lastIndexOf('\\');
+        if (lastSlashIndex < 0) { // file name only
+            return '';
+        }
+        else if (p == '\\') { // relative root
+            return '';
+        }
+        else if (lastSlashIndex == 0) { // e.g. \\hello
+            return '\\';
+        }
+        else if (/^\\\\[^\\]+(\\[^\\]*)?$/.test(p)) { // UNC root, e.g. \\hello or \\hello\ or \\hello\world
+            return '';
+        }
+        return p.substring(0, lastSlashIndex); // e.g. hello\world => hello or hello\world\ => hello\world
+        // note, this means trailing slashes for non-root directories
+        // (i.e. not C:\, \, or \\unc\) will simply be removed.
+    }
+    // OSX/Linux
+    if (p.indexOf('/') < 0) { // file name only
+        return '';
+    }
+    else if (p == '/') {
+        return '';
+    }
+    else if (_endsWith(p, '/')) {
+        return p.substring(0, p.length - 1);
+    }
+    return path.dirname(p);
+}
+exports._getDirectoryName = _getDirectoryName;
+/**
+ * On OSX/Linux, true if path starts with '/'. On Windows, true for paths like:
+ * \, \hello, \\hello\share, C:, and C:\hello (and corresponding alternate separator cases).
+ */
+function _isRooted(p) {
+    p = _normalizeSeparators(p);
+    if (!p) {
+        throw new Error('isRooted() parameter "p" cannot be empty');
+    }
+    if (process.platform == 'win32') {
+        return _startsWith(p, '\\') || // e.g. \ or \hello or \\hello
+            /^[A-Z]:/i.test(p); // e.g. C: or C:\hello
+    }
+    return _startsWith(p, '/'); // e.g. /hello
+}
+exports._isRooted = _isRooted;
+function _normalizeSeparators(p) {
+    p = p || '';
+    if (process.platform == 'win32') {
+        // convert slashes on Windows
+        p = p.replace(/\//g, '\\');
+        // remove redundant slashes
+        var isUnc = /^\\\\+[^\\]/.test(p); // e.g. \\hello
+        return (isUnc ? '\\' : '') + p.replace(/\\\\+/g, '\\'); // preserve leading // for UNC
+    }
+    // remove redundant slashes
+    return p.replace(/\/\/+/g, '/');
+}
+exports._normalizeSeparators = _normalizeSeparators;
+//-----------------------------------------------------
+// Expose proxy information to vsts-node-api
+//-----------------------------------------------------
+function _exposeProxySettings() {
+    var proxyUrl = _getVariable('Agent.ProxyUrl');
+    if (proxyUrl && proxyUrl.length > 0) {
+        var proxyUsername = _getVariable('Agent.ProxyUsername');
+        var proxyPassword = _getVariable('Agent.ProxyPassword');
+        var proxyBypassHostsJson = _getVariable('Agent.ProxyBypassList');
+        global['_vsts_task_lib_proxy_url'] = proxyUrl;
+        global['_vsts_task_lib_proxy_username'] = proxyUsername;
+        global['_vsts_task_lib_proxy_bypass'] = proxyBypassHostsJson;
+        global['_vsts_task_lib_proxy_password'] = _exposeTaskLibSecret('proxy', proxyPassword || '');
+        _debug('expose agent proxy configuration.');
+        global['_vsts_task_lib_proxy'] = true;
+    }
+}
+exports._exposeProxySettings = _exposeProxySettings;
+//-----------------------------------------------------
+// Expose certificate information to vsts-node-api
+//-----------------------------------------------------
+function _exposeCertSettings() {
+    var ca = _getVariable('Agent.CAInfo');
+    if (ca) {
+        global['_vsts_task_lib_cert_ca'] = ca;
+    }
+    var clientCert = _getVariable('Agent.ClientCert');
+    if (clientCert) {
+        var clientCertKey = _getVariable('Agent.ClientCertKey');
+        var clientCertArchive = _getVariable('Agent.ClientCertArchive');
+        var clientCertPassword = _getVariable('Agent.ClientCertPassword');
+        global['_vsts_task_lib_cert_clientcert'] = clientCert;
+        global['_vsts_task_lib_cert_key'] = clientCertKey;
+        global['_vsts_task_lib_cert_archive'] = clientCertArchive;
+        global['_vsts_task_lib_cert_passphrase'] = _exposeTaskLibSecret('cert', clientCertPassword || '');
+    }
+    if (ca || clientCert) {
+        _debug('expose agent certificate configuration.');
+        global['_vsts_task_lib_cert'] = true;
+    }
+    var skipCertValidation = _getVariable('Agent.SkipCertValidation') || 'false';
+    if (skipCertValidation) {
+        global['_vsts_task_lib_skip_cert_validation'] = skipCertValidation.toUpperCase() === 'TRUE';
+    }
+}
+exports._exposeCertSettings = _exposeCertSettings;
+// We store the encryption key on disk and hold the encrypted content and key file in memory
+// return base64encoded<keyFilePath>:base64encoded<encryptedContent>
+// downstream vsts-node-api will retrieve the secret later
+function _exposeTaskLibSecret(keyFile, secret) {
+    if (secret) {
+        var encryptKey = crypto.randomBytes(256);
+        var cipher = crypto.createCipher("aes-256-ctr", encryptKey);
+        var encryptedContent = cipher.update(secret, "utf8", "hex");
+        encryptedContent += cipher.final("hex");
+        var storageFile = path.join(_getVariable('Agent.TempDirectory') || _getVariable("agent.workFolder") || process.cwd(), keyFile);
+        fs.writeFileSync(storageFile, encryptKey.toString('base64'), { encoding: 'utf8' });
+        return new Buffer(storageFile).toString('base64') + ':' + new Buffer(encryptedContent).toString('base64');
+    }
+}