From 9ca4c6697087903e57ff8c1eed7a14793c73f495 Mon Sep 17 00:00:00 2001 From: Kyaw Thant <48363984+kythant@users.noreply.github.com> Date: Wed, 19 Jun 2024 17:12:41 -0700 Subject: [PATCH] Update ESRPCodeSigningTask to Version 5; Use WindowsAppSDK-EsrpCodeSigning-Steps.yml From WindowsAppSDKConfig Repository (#4499) --- ...ndowsAppSDK-BuildBinaries-AnyCPU-Steps.yml | 46 +++---------------- .../WindowsAppSDK-BuildBinaries-Steps.yml | 44 ++---------------- .../WindowsAppSDK-BuildMRT-Steps.yml | 46 +++---------------- ...ndowsAppSDK-PackTransportPackage-Stage.yml | 27 ++--------- 4 files changed, 20 insertions(+), 143 deletions(-) diff --git a/build/AzurePipelinesTemplates/WindowsAppSDK-BuildBinaries-AnyCPU-Steps.yml b/build/AzurePipelinesTemplates/WindowsAppSDK-BuildBinaries-AnyCPU-Steps.yml index d13748a76..25886ec5b 100644 --- a/build/AzurePipelinesTemplates/WindowsAppSDK-BuildBinaries-AnyCPU-Steps.yml +++ b/build/AzurePipelinesTemplates/WindowsAppSDK-BuildBinaries-AnyCPU-Steps.yml @@ -34,7 +34,7 @@ steps: - ${{ if eq(parameters.runStaticAnalysis, 'True') }}: - task: SDLNativeRules@3 - displayName: Run PREfast SDL Native Rules + displayName: Run PREfast SDL Native Rules inputs: setupCommandlines: '"C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\Tools\VsMSBuildCmd.bat"' msBuildCommandline: 'msbuild.exe /restore /nologo /nr:false $(Build.SourcesDirectory)\dev\Bootstrap\CS\Microsoft.WindowsAppRuntime.Bootstrap.Net\Microsoft.WindowsAppRuntime.Bootstrap.Net.csproj' @@ -56,50 +56,16 @@ steps: failOnAlert: true - ${{ if eq(parameters.SignOutput, 'true') }}: - - task: EsrpCodeSigning@2 - inputs: - ConnectedServiceName: 'Project Reunion ESRP Code Signing Connection' + - template: AzurePipelinesTemplates/WindowsAppSDK-EsrpCodeSigning-Steps.yml@WindowsAppSDKConfig + parameters: FolderPath: '$(build.SourcesDirectory)\BuildOutput' + UseMinimatch: true Pattern: | **/*.winmd **/*.dll **/*.exe - UseMinimatch: true - signConfigType: 'inlineSignParams' - inlineOperation: | - [ - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd sha256" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - } - ], - "toolName": "signtool.exe", - "toolVersion": "6.2.9304.0" - } - ] - SessionTimeout: '60' - MaxConcurrency: '50' - MaxRetryAttempts: '5' + KeyCode: 'CP-230012' + displayName: 'Authenticode CodeSign Binaries' # Artifacts are uploaded via ob_outputDirectory where the each vPack Push jobs downloads from # so the CopyFiles below are to move all the vPack files to the right locations diff --git a/build/AzurePipelinesTemplates/WindowsAppSDK-BuildBinaries-Steps.yml b/build/AzurePipelinesTemplates/WindowsAppSDK-BuildBinaries-Steps.yml index 2b99acb51..50e25de92 100644 --- a/build/AzurePipelinesTemplates/WindowsAppSDK-BuildBinaries-Steps.yml +++ b/build/AzurePipelinesTemplates/WindowsAppSDK-BuildBinaries-Steps.yml @@ -115,50 +115,16 @@ steps: # continueOnError: true - ${{ if eq(parameters.SignOutput, 'true') }}: - - task: EsrpCodeSigning@2 - inputs: - ConnectedServiceName: 'Project Reunion ESRP Code Signing Connection' + - template: AzurePipelinesTemplates/WindowsAppSDK-EsrpCodeSigning-Steps.yml@WindowsAppSDKConfig + parameters: FolderPath: '$(build.SourcesDirectory)\BuildOutput' + UseMinimatch: true Pattern: | **/*.winmd **/*.dll **/*.exe - UseMinimatch: true - signConfigType: 'inlineSignParams' - inlineOperation: | - [ - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd sha256" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - } - ], - "toolName": "signtool.exe", - "toolVersion": "6.2.9304.0" - } - ] - SessionTimeout: '60' - MaxConcurrency: '50' - MaxRetryAttempts: '5' + KeyCode: 'CP-230012' + displayName: 'Authenticode CodeSign Binaries' # Artifacts are uploaded via ob_outputDirectory where the each vPack Push jobs downloads from # so the CopyFiles below are to move all the vPack files to the right locations diff --git a/build/AzurePipelinesTemplates/WindowsAppSDK-BuildMRT-Steps.yml b/build/AzurePipelinesTemplates/WindowsAppSDK-BuildMRT-Steps.yml index 158b451d0..3af5de752 100644 --- a/build/AzurePipelinesTemplates/WindowsAppSDK-BuildMRT-Steps.yml +++ b/build/AzurePipelinesTemplates/WindowsAppSDK-BuildMRT-Steps.yml @@ -31,7 +31,7 @@ steps: - ${{ if eq(parameters.runStaticAnalysis, 'True') }}: - task: SDLNativeRules@3 - displayName: Run PREfast SDL Native Rules + displayName: Run PREfast SDL Native Rules condition: and(succeeded(), eq(variables['buildPlatform'], 'x64'), eq(variables['buildConfiguration'], 'Release')) inputs: setupCommandlines: '"C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\Tools\VsMSBuildCmd.bat"' @@ -68,50 +68,16 @@ steps: - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 - ${{ if eq(parameters.SignOutput, 'true') }}: - - task: EsrpCodeSigning@2 - inputs: - ConnectedServiceName: 'Project Reunion ESRP Code Signing Connection' + - template: AzurePipelinesTemplates/WindowsAppSDK-EsrpCodeSigning-Steps.yml@WindowsAppSDKConfig + parameters: FolderPath: '$(build.SourcesDirectory)\BuildOutput' + UseMinimatch: true Pattern: | **/*.winmd **/*.dll **/*.exe - UseMinimatch: true - signConfigType: 'inlineSignParams' - inlineOperation: | - [ - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd sha256" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - } - ], - "toolName": "signtool.exe", - "toolVersion": "6.2.9304.0" - } - ] - SessionTimeout: '60' - MaxConcurrency: '50' - MaxRetryAttempts: '5' + KeyCode: 'CP-230012' + displayName: 'Authenticode CodeSign Binaries' - task: CopyFiles@2 displayName: MoveToOutputDirectory diff --git a/build/AzurePipelinesTemplates/WindowsAppSDK-PackTransportPackage-Stage.yml b/build/AzurePipelinesTemplates/WindowsAppSDK-PackTransportPackage-Stage.yml index 6adc30c72..19846b7ad 100644 --- a/build/AzurePipelinesTemplates/WindowsAppSDK-PackTransportPackage-Stage.yml +++ b/build/AzurePipelinesTemplates/WindowsAppSDK-PackTransportPackage-Stage.yml @@ -193,33 +193,12 @@ stages: # arguments: -Platform "x64" -Configuration "release" -AzureBuildStep "BuildMock" -OutputDirectory "$(build.artifactStagingDirectory)\FullNuget" -PackageVersion "$(packageVersion)" - ${{ if eq(parameters.SignOutput, 'true') }}: - - task: EsrpCodeSigning@2 - inputs: - ConnectedServiceName: 'Project Reunion ESRP Code Signing Connection' + - template: AzurePipelinesTemplates/WindowsAppSDK-EsrpCodeSigning-Steps.yml@WindowsAppSDKConfig + parameters: FolderPath: $(build.artifactStagingDirectory)\FullNuget Pattern: 'Microsoft.WindowsAppSDK.Foundation*.nupkg' + KeyCode: 'CP-401405' UseMinimatch: true - signConfigType: 'inlineSignParams' - inlineOperation: | - [ - { - "KeyCode" : "CP-401405", - "OperationCode" : "NuGetSign", - "Parameters" : {}, - "ToolName" : "sign", - "ToolVersion" : "1.0" - }, - { - "KeyCode" : "CP-401405", - "OperationCode" : "NuGetVerify", - "Parameters" : {}, - "ToolName" : "sign", - "ToolVersion" : "1.0" - } - ] - SessionTimeout: '60' - MaxConcurrency: '50' - MaxRetryAttempts: '5' - task: CopyFiles@2 displayName: MoveToOutputDirectory