Enable signing daily release build with lifetime certificate (#15642)
This commit is contained in:
parent
d5aa9015bd
commit
86978aaf61
|
@ -83,11 +83,10 @@ jobs:
|
|||
- checkout: ComplianceRepo
|
||||
clean: true
|
||||
|
||||
- template: shouldSign.yml
|
||||
|
||||
- template: SetVersionVariables.yml
|
||||
parameters:
|
||||
ReleaseTagVar: $(ReleaseTagVar)
|
||||
- template: shouldSign.yml
|
||||
|
||||
- task: DownloadBuildArtifacts@0
|
||||
displayName: 'Download Deb Artifacts'
|
||||
|
|
|
@ -22,12 +22,12 @@ jobs:
|
|||
- checkout: ComplianceRepo
|
||||
clean: true
|
||||
|
||||
- template: shouldSign.yml
|
||||
|
||||
- template: SetVersionVariables.yml
|
||||
parameters:
|
||||
ReleaseTagVar: $(ReleaseTagVar)
|
||||
|
||||
- template: shouldSign.yml
|
||||
|
||||
- task: DownloadBuildArtifacts@0
|
||||
inputs:
|
||||
artifactName: 'macosBinResults'
|
||||
|
|
|
@ -28,16 +28,12 @@ jobs:
|
|||
sudo chown $env:USER /PowerShell
|
||||
displayName: 'Create /PowerShell'
|
||||
|
||||
- template: shouldSign.yml
|
||||
|
||||
#- task: <task type name>@<version>
|
||||
# inputs:
|
||||
# <task specific inputs>
|
||||
# displayName: '<display name of task>'
|
||||
- template: SetVersionVariables.yml
|
||||
parameters:
|
||||
ReleaseTagVar: $(ReleaseTagVar)
|
||||
|
||||
- template: shouldSign.yml
|
||||
|
||||
- template: cloneToOfficialPath.yml
|
||||
|
||||
- task: DownloadBuildArtifacts@0
|
||||
|
|
|
@ -98,12 +98,12 @@ jobs:
|
|||
packageSources: 'https://nuget.org/api/v2'
|
||||
installRoot: '$(GenAPIToolPath)'
|
||||
|
||||
- template: shouldSign.yml
|
||||
|
||||
- template: SetVersionVariables.yml
|
||||
parameters:
|
||||
ReleaseTagVar: $(ReleaseTagVar)
|
||||
|
||||
- template: shouldSign.yml
|
||||
|
||||
- task: NuGetToolInstaller@1
|
||||
displayName: 'Install NuGet.exe'
|
||||
|
||||
|
|
|
@ -1,9 +1,12 @@
|
|||
steps:
|
||||
- powershell: |
|
||||
$shouldSign = $true
|
||||
if($env:BUILD_REASON -ne 'Manual')
|
||||
$authenticodeCert = 'CP-230012'
|
||||
$msixCert = 'CP-230012'
|
||||
|
||||
if($env:IS_DAILY -eq 'true')
|
||||
{
|
||||
$shouldSign = $false
|
||||
$authenticodeCert = 'CP-460906'
|
||||
}
|
||||
|
||||
if($env:SKIP_SIGNING -eq 'Yes')
|
||||
|
@ -14,4 +17,13 @@ steps:
|
|||
$vstsCommandString = "vso[task.setvariable variable=SHOULD_SIGN]$($shouldSign.ToString().ToLowerInvariant())"
|
||||
Write-Host "sending " + $vstsCommandString
|
||||
Write-Host "##$vstsCommandString"
|
||||
|
||||
$vstsCommandString = "vso[task.setvariable variable=MSIX_CERT]$($msixCert)"
|
||||
Write-Host "sending " + $vstsCommandString
|
||||
Write-Host "##$vstsCommandString"
|
||||
|
||||
$vstsCommandString = "vso[task.setvariable variable=AUTHENTICODE_CERT]$($authenticodeCert)"
|
||||
Write-Host "sending " + $vstsCommandString
|
||||
Write-Host "##$vstsCommandString"
|
||||
|
||||
displayName: 'Set SHOULD_SIGN Variable'
|
||||
|
|
|
@ -21,11 +21,12 @@ jobs:
|
|||
- checkout: ComplianceRepo
|
||||
clean: true
|
||||
|
||||
- template: shouldSign.yml
|
||||
- template: SetVersionVariables.yml
|
||||
parameters:
|
||||
ReleaseTagVar: $(ReleaseTagVar)
|
||||
|
||||
- template: shouldSign.yml
|
||||
|
||||
- task: DownloadBuildArtifacts@0
|
||||
displayName: 'Download artifacts'
|
||||
inputs:
|
||||
|
@ -44,13 +45,23 @@ jobs:
|
|||
parameters:
|
||||
buildOutputPath: $(System.ArtifactsDirectory)\signed
|
||||
signOutputPath: $(Build.StagingDirectory)\signedPackages
|
||||
certificateId: "CP-230012"
|
||||
certificateId: $(MSIX_CERT)
|
||||
pattern: |
|
||||
**\*.msix
|
||||
useMinimatch: true
|
||||
shouldSign: $(SHOULD_SIGN)
|
||||
displayName: Sign msix
|
||||
|
||||
- template: EsrpSign.yml@ComplianceRepo
|
||||
parameters:
|
||||
buildOutputPath: $(System.ArtifactsDirectory)\signed
|
||||
signOutputPath: $(Build.StagingDirectory)\signedPackages
|
||||
certificateId: $(AUTHENTICODE_CERT)
|
||||
pattern: |
|
||||
**\*.exe
|
||||
useMinimatch: true
|
||||
shouldSign: $(SHOULD_SIGN)
|
||||
displayName: Sign exe and msix
|
||||
displayName: Sign exe
|
||||
|
||||
- powershell: |
|
||||
new-item -itemtype Directory -path '$(Build.StagingDirectory)\signedPackages'
|
||||
|
|
|
@ -34,11 +34,12 @@ jobs:
|
|||
- checkout: ComplianceRepo
|
||||
clean: true
|
||||
|
||||
- template: shouldSign.yml
|
||||
- template: SetVersionVariables.yml
|
||||
parameters:
|
||||
ReleaseTagVar: $(ReleaseTagVar)
|
||||
|
||||
- template: shouldSign.yml
|
||||
|
||||
- powershell: |
|
||||
$pkgFilter = if ( '$(Architecture)' -eq 'arm' ) { "arm32" } else { '$(Architecture)' }
|
||||
if ($env:BuildConfiguration -eq 'minSize') { $pkgFilter += '-gc' }
|
||||
|
@ -153,7 +154,7 @@ jobs:
|
|||
parameters:
|
||||
buildOutputPath: $(System.ArtifactsDirectory)\toBeSigned
|
||||
signOutputPath: $(System.ArtifactsDirectory)\signed
|
||||
certificateId: "CP-230012"
|
||||
certificateId: "$(AUTHENTICODE_CERT)"
|
||||
pattern: |
|
||||
**\*.dll
|
||||
**\*.psd1
|
||||
|
@ -278,7 +279,7 @@ jobs:
|
|||
parameters:
|
||||
buildOutputPath: $(System.ArtifactsDirectory)\pkgSigned
|
||||
signOutputPath: $(Build.StagingDirectory)\signedPackages
|
||||
certificateId: "CP-230012"
|
||||
certificateId: "$(AUTHENTICODE_CERT)"
|
||||
pattern: |
|
||||
**\*.msi
|
||||
useMinimatch: true
|
||||
|
@ -322,7 +323,7 @@ jobs:
|
|||
parameters:
|
||||
buildOutputPath: $(System.ArtifactsDirectory)\unsignedEngine
|
||||
signOutputPath: $(System.ArtifactsDirectory)\signedEngine
|
||||
certificateId: "CP-230012"
|
||||
certificateId: "$(AUTHENTICODE_CERT)"
|
||||
pattern: |
|
||||
**\*.exe
|
||||
useMinimatch: true
|
||||
|
|
Loading…
Reference in a new issue