From e7c2c268886eca65d72463f84c8e7d8cac86f601 Mon Sep 17 00:00:00 2001
From: Lewis Sanchez <87730006+lewis-sanchez@users.noreply.github.com>
Date: Mon, 12 Dec 2022 13:05:16 -0800
Subject: [PATCH] Adjusts pipeline to include extension code signing (#17492)

* Adds extension signing

* Update build/build.yml

Co-authored-by: Charles Gagnon <chgagnon@microsoft.com>

* Corrects path and comments out .net core install

* Install .net core SDK for signing

* Add comment

* Remove comment

* Fix formatting issue in yaml file

* Adjust .net core version

* Add out code signing

* Consolidates code signing into single step

* Corrects sign tool codes and formatting

* Cleans up inline operation

* Signs vsix file

Co-authored-by: Charles Gagnon <chgagnon@microsoft.com>
---
 build/build.yml | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/build/build.yml b/build/build.yml
index c29e04db..b54fb92c 100644
--- a/build/build.yml
+++ b/build/build.yml
@@ -66,6 +66,45 @@ steps:
     inputs:
       targets: "package:online"
 
+  - task: UseDotNet@2
+    displayName: 'Install .NET Core sdk for signing'
+    inputs:
+      packageType: sdk
+      version: 2.1.x
+      installationPath: $(Agent.ToolsDirectory)/dotnet
+
+  - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
+    inputs:
+      ConnectedServiceName: 'Code Signing'
+      FolderPath: '$(Build.SourcesDirectory)'
+      Pattern: '*.vsix'
+      signConfigType: inlineSignParams
+      inlineOperation: |
+        [
+          {
+            "keyCode": "CP-233016",
+            "operationSetCode": "OpcSign",
+            "parameters": [
+              {
+                "parameterName": "FileDigest",
+                "parameterValue": "/fd \"SHA256\""
+              }
+            ],
+            "toolName": "sign",
+            "toolVersion": "1.0"
+          },
+          {
+            "keyCode": "CP-233016",
+            "operationSetCode": "OpcVerify",
+            "parameters": [],
+            "toolName": "sign",
+            "toolVersion": "1.0"
+          }
+        ]
+      SessionTimeout: 120
+    displayName: 'Signing VSIX'
+    condition: and(succeeded(), eq(variables['signed'], true))
+
   - task: CopyFiles@2
     displayName: "Copy VSIXs to artifacts directory"
     inputs: