129 lines
3.4 KiB
YAML
129 lines
3.4 KiB
YAML
parameters:
|
|
parentJobs: []
|
|
|
|
jobs:
|
|
- job: WinPackageSigningJob
|
|
displayName: Windows Package signing and upload
|
|
dependsOn:
|
|
${{ parameters.parentJobs }}
|
|
condition: succeeded()
|
|
pool:
|
|
name: PowerShell1ES
|
|
demands:
|
|
- ImageOverride -equals MMS2019
|
|
variables:
|
|
- name: DOTNET_SKIP_FIRST_TIME_EXPERIENCE
|
|
value: 1
|
|
- group: ESRP
|
|
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
|
|
- checkout: ComplianceRepo
|
|
clean: true
|
|
|
|
- template: SetVersionVariables.yml
|
|
parameters:
|
|
ReleaseTagVar: $(ReleaseTagVar)
|
|
|
|
- template: shouldSign.yml
|
|
|
|
- task: DownloadBuildArtifacts@0
|
|
displayName: 'Download artifacts'
|
|
inputs:
|
|
buildType: current
|
|
downloadType: single
|
|
artifactName: signed
|
|
downloadPath: '$(System.ArtifactsDirectory)'
|
|
|
|
- powershell: |
|
|
dir "$(System.ArtifactsDirectory)\*" -Recurse
|
|
displayName: 'Capture Downloaded Artifacts'
|
|
# Diagnostics is not critical it passes every time it runs
|
|
continueOnError: true
|
|
|
|
- template: EsrpSign.yml@ComplianceRepo
|
|
parameters:
|
|
buildOutputPath: $(System.ArtifactsDirectory)\signed
|
|
signOutputPath: $(Build.StagingDirectory)\signedPackages
|
|
certificateId: $(MSIX_CERT)
|
|
pattern: |
|
|
**\*.msix
|
|
useMinimatch: true
|
|
shouldSign: $(SHOULD_SIGN)
|
|
displayName: Sign msix
|
|
|
|
- template: EsrpSign.yml@ComplianceRepo
|
|
parameters:
|
|
buildOutputPath: $(System.ArtifactsDirectory)\signed
|
|
signOutputPath: $(Build.StagingDirectory)\signedPackages
|
|
certificateId: $(AUTHENTICODE_CERT)
|
|
pattern: |
|
|
**\*.exe
|
|
useMinimatch: true
|
|
shouldSign: $(SHOULD_SIGN)
|
|
displayName: Sign exe
|
|
|
|
- powershell: |
|
|
new-item -itemtype Directory -path '$(Build.StagingDirectory)\signedPackages'
|
|
Get-ChildItem "$(System.ArtifactsDirectory)\signed\PowerShell-$(Version)-win-*.msi*" | copy-item -Destination '$(Build.StagingDirectory)\signedPackages'
|
|
displayName: 'Fake msi* Signing'
|
|
condition: and(succeeded(), ne(variables['SHOULD_SIGN'], 'true'))
|
|
|
|
- pwsh: |
|
|
Get-ChildItem "$(System.ArtifactsDirectory)\signed\PowerShell-$(Version)-win-*.exe" | copy-item -Destination '$(Build.StagingDirectory)\signedPackages'
|
|
displayName: 'Fake exe Signing'
|
|
condition: and(succeeded(), ne(variables['SHOULD_SIGN'], 'true'))
|
|
|
|
- template: upload.yml
|
|
parameters:
|
|
architecture: x86
|
|
version: $(version)
|
|
|
|
- template: upload.yml
|
|
parameters:
|
|
architecture: x64
|
|
version: $(version)
|
|
pdb: yes
|
|
|
|
- template: upload.yml
|
|
parameters:
|
|
architecture: arm32
|
|
version: $(version)
|
|
msi: no
|
|
|
|
- template: upload.yml
|
|
parameters:
|
|
architecture: arm64
|
|
version: $(version)
|
|
msi: no
|
|
|
|
- template: upload.yml
|
|
parameters:
|
|
architecture: fxdependent
|
|
version: $(version)
|
|
msi: no
|
|
msix: no
|
|
|
|
- template: upload.yml
|
|
parameters:
|
|
architecture: fxdependentWinDesktop
|
|
version: $(version)
|
|
msi: no
|
|
msix: no
|
|
|
|
- template: EsrpScan.yml@ComplianceRepo
|
|
parameters:
|
|
scanPath: $(Build.StagingDirectory)
|
|
pattern: |
|
|
**\*.msix
|
|
**\*.msi
|
|
**\*.zip
|
|
|
|
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
|
|
displayName: 'Component Detection'
|
|
inputs:
|
|
sourceScanPath: '$(Build.SourcesDirectory)'
|
|
snapshotForceEnabled: true
|