Add ability to sign
This commit is contained in:
Steve Otteson
Родитель
8df6bbecb5
Коммит
b9cac0ed7b
|
|
@ -28,17 +28,18 @@ variables:
|
|||
buildPlatform: 'x64'
|
||||
buildConfiguration: 'Release'
|
||||
System.Debug: true
|
||||
IncludeCsProjection: false
|
||||
UsePreGeneratedSource: false
|
||||
SignFiles: false
|
||||
WinMetadataSourceDir: $(Build.SourcesDirectory)\sources\Win32MetadataSource
|
||||
OutputPackagesDir: $(Build.ArtifactStagingDirectory)\CreatedNugetPackages
|
||||
PipelineRunName: $(resources.pipeline.winsdk.runName)
|
||||
UseNugetOrgWinSdk: 0
|
||||
Patch: $[counter(variables['resources.pipeline.winsdk.runName'], 1)]
|
||||
|
||||
steps:
|
||||
- download: winsdk
|
||||
displayName: Download pipeline NuGet packages
|
||||
artifact: NuGetPackages
|
||||
condition: eq(variables.UsePreGeneratedSource, false)
|
||||
condition: eq(variables.UseNugetOrgWinSdk, false)
|
||||
|
||||
- task: UseDotNet@2
|
||||
displayName: Use DotNet 3.x
|
||||
|
|
@ -50,34 +51,35 @@ steps:
|
|||
displayName: Echo the pipeline variables
|
||||
inputs:
|
||||
script: |
|
||||
echo resources.pipeline.winsdk.pipelineID = $(resources.pipeline.winsdk.pipelineID)
|
||||
echo resources.pipeline.winsdk.runName = $(resources.pipeline.winsdk.runName)
|
||||
echo resources.pipeline.winsdk.runID = $(resources.pipeline.winsdk.runID)
|
||||
echo resources.pipeline.winsdk.runURI = $(resources.pipeline.winsdk.runURI)
|
||||
echo resources.pipeline.winsdk.sourceBranch = $(resources.pipeline.winsdk.sourceBranch)
|
||||
echo resources.pipeline.winsdk.sourceCommit = $(resources.pipeline.winsdk.sourceCommit)
|
||||
echo resources.pipeline.winsdk.sourceProvider = $(resources.pipeline.winsdk.sourceProvider)
|
||||
echo resources.pipeline.winsdk.requestedFor = $(resources.pipeline.winsdk.requestedFor)
|
||||
echo resources.pipeline.winsdk.requestedForID = $(resources.pipeline.winsdk.requestedForID)
|
||||
dir /s $(Agent.BuildDirectory)\winsdk\NuGetPackages
|
||||
condition: eq(variables.UsePreGeneratedSource, false)
|
||||
condition: eq(variables.UseNugetOrgWinSdk, false)
|
||||
|
||||
- task: CmdLine@2
|
||||
displayName: Update job variables from incoming variables
|
||||
inputs:
|
||||
script: |
|
||||
echo ##vso[task.setvariable variable=WinMetadataSourceDir]$(Build.SourcesDirectory)\tests\TestScraperSource
|
||||
echo ##vso[task.setvariable variable=PrepOutput.NugetVersion]10.0.2000.0
|
||||
condition: eq(variables.UsePreGeneratedSource, true)
|
||||
echo ##vso[task.setvariable variable=PrepOutput.NugetVersion]$(variables.OutputNugetVersion)
|
||||
condition: eq(variables.UseNugetOrgWinSdk, true)
|
||||
|
||||
- task: PowerShell@2
|
||||
displayName: Generate Win32 metadata C# source
|
||||
displayName: Generate Win32 metadata C# source using pipeline asssets
|
||||
inputs:
|
||||
filePath: 'scripts\GenerateMetadataSource.ps1'
|
||||
arguments: '-artifactsDir $(Agent.BuildDirectory)\winsdk -downloadDefaultCppNugets 0 -pipelineRunName $(resources.pipeline.winsdk.runName) -patch "$(Patch)"'
|
||||
errorActionPreference: 'continue'
|
||||
pwsh: true
|
||||
condition: and(succeeded(), eq(variables.UsePreGeneratedSource, false))
|
||||
condition: and(succeeded(), eq(variables.UseNugetOrgWinSdk, false))
|
||||
|
||||
- task: PowerShell@2
|
||||
displayName: Generate Win32 metadata C# source using NuGet packages
|
||||
inputs:
|
||||
filePath: 'scripts\GenerateMetadataSource.ps1'
|
||||
arguments: '-artifactsDir $(Agent.BuildDirectory)\winsdk -downloadDefaultCppNugets 0 -downloadNugetVersion $(downloadNugetVersion) -publishNugetVersion $(publishNugetVersion)'
|
||||
errorActionPreference: 'continue'
|
||||
pwsh: true
|
||||
condition: and(succeeded(), eq(variables.UseNugetOrgWinSdk, true))
|
||||
|
||||
- task: PublishBuildArtifacts@1
|
||||
displayName: Publish generator build artifacts
|
||||
|
|
@ -85,7 +87,6 @@ steps:
|
|||
PathtoPublish: '$(Agent.BuildDirectory)\winsdk\output'
|
||||
ArtifactName: 'GeneratorOutput'
|
||||
publishLocation: 'Container'
|
||||
condition: and(succeeded(), eq(variables.UsePreGeneratedSource, false))
|
||||
|
||||
- task: PublishBuildArtifacts@1
|
||||
displayName: Publish generated .cs files
|
||||
|
|
@ -93,7 +94,6 @@ steps:
|
|||
PathtoPublish: 'sources\Win32MetadataSource\generated'
|
||||
ArtifactName: GeneratedMetadataSource
|
||||
publishLocation: 'Container'
|
||||
condition: and(succeeded(), eq(variables.UsePreGeneratedSource, false))
|
||||
|
||||
- task: PowerShell@2
|
||||
displayName: Build metadata binary
|
||||
|
|
@ -109,6 +109,50 @@ steps:
|
|||
arguments: '-assemblyVersion $(PrepOutput.NugetVersion)'
|
||||
pwsh: true
|
||||
|
||||
# ESRP Authenticode sign package DLLs
|
||||
- task: EsrpCodeSigning@1
|
||||
displayName: 'Authenticode Sign Packaged Dlls'
|
||||
inputs:
|
||||
ConnectedServiceName: 'Undocked RegFree Signing Connection'
|
||||
FolderPath: '$(Build.SourcesDirectory)\bin'
|
||||
Pattern: '*.dll,*.winmd'
|
||||
signConfigType: 'inlineSignParams'
|
||||
inlineOperation: |
|
||||
[
|
||||
{
|
||||
"keyCode": "CP-230012",
|
||||
"operationSetCode": "SigntoolSign",
|
||||
"parameters": [
|
||||
{
|
||||
"parameterName": "OpusName",
|
||||
"parameterValue": "Microsoft"
|
||||
},
|
||||
{
|
||||
"parameterName": "OpusInfo",
|
||||
"parameterValue": "http://www.microsoft.com"
|
||||
},
|
||||
{
|
||||
"parameterName": "PageHash",
|
||||
"parameterValue": "/NPH"
|
||||
},
|
||||
{
|
||||
"parameterName": "FileDigest",
|
||||
"parameterValue": "/fd sha256"
|
||||
},
|
||||
{
|
||||
"parameterName": "TimeStamp",
|
||||
"parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
|
||||
}
|
||||
],
|
||||
"toolName": "signtool.exe",
|
||||
"toolVersion": "6.2.9304.0"
|
||||
}
|
||||
]
|
||||
SessionTimeout: '60'
|
||||
MaxConcurrency: '50'
|
||||
MaxRetryAttempts: '2'
|
||||
condition: eq(variables['SignFiles'], 'true')
|
||||
|
||||
# There's a problem on microsoft.visualstudio.com that requires the guid instead of NuGetCommand@2
|
||||
- task: 333b11bd-d341-40d9-afcf-b32d5ce6f23b@2
|
||||
displayName: Pack metadata nuget package
|
||||
|
|
@ -120,6 +164,35 @@ steps:
|
|||
versionEnvVar: 'PrepOutput.NugetVersion'
|
||||
basePath: '$(Build.SourcesDirectory)'
|
||||
|
||||
- task: EsrpCodeSigning@1
|
||||
displayName: 'Sign NuGet Package'
|
||||
inputs:
|
||||
ConnectedServiceName: 'Undocked RegFree Signing Connection'
|
||||
FolderPath: '$(OutputPackagesDir)'
|
||||
Pattern: '*.nupkg'
|
||||
signConfigType: 'inlineSignParams'
|
||||
inlineOperation: |
|
||||
[
|
||||
{
|
||||
"KeyCode" : "CP-401405",
|
||||
"OperationCode" : "NuGetSign",
|
||||
"Parameters" : {},
|
||||
"ToolName" : "sign",
|
||||
"ToolVersion" : "1.0"
|
||||
},
|
||||
{
|
||||
"KeyCode" : "CP-401405",
|
||||
"OperationCode" : "NuGetVerify",
|
||||
"Parameters" : {},
|
||||
"ToolName" : "sign",
|
||||
"ToolVersion" : "1.0"
|
||||
}
|
||||
]
|
||||
SessionTimeout: '60'
|
||||
MaxConcurrency: '50'
|
||||
MaxRetryAttempts: '2'
|
||||
condition: eq(variables['SignFiles'], 'true')
|
||||
|
||||
- task: PublishPipelineArtifact@1
|
||||
displayName: 'Publish NuGet packages to pipeline artifacts'
|
||||
inputs:
|
||||
|
|
|
|||
|
|
@ -10,6 +10,15 @@ param
|
|||
[bool]
|
||||
$downloadDefaultCppNugets = $true,
|
||||
|
||||
[string]
|
||||
$downloadNugetVersion,
|
||||
|
||||
[string]
|
||||
$publishNugetVersion,
|
||||
|
||||
[bool]
|
||||
$exitAfterFindVersion = $false,
|
||||
|
||||
[string]
|
||||
$patch = ""
|
||||
)
|
||||
|
|
@ -63,6 +72,11 @@ $branch = $parts[2].Replace("_", "-")
|
|||
$potentialVersions = "10.0.$build.$qfe-preview.$branch", "10.0.$build.$qfe-preview", "10.0.$build.*"
|
||||
$version = $null
|
||||
|
||||
if ($null -ne $downloadNugetVersion)
|
||||
{
|
||||
$potentialVersions = $downloadNugetVersion
|
||||
}
|
||||
|
||||
foreach ($ver in $potentialVersions)
|
||||
{
|
||||
Write-Output "Looking for: $nugetSrcPackagesDir\Microsoft.Windows.SDK.CPP.$ver.nupkg..."
|
||||
|
|
@ -77,58 +91,71 @@ foreach ($ver in $potentialVersions)
|
|||
|
||||
if (!$version)
|
||||
{
|
||||
if (!$downloadDefaultCppNugets)
|
||||
if ($downloadNugetVersion)
|
||||
{
|
||||
Write-Output "Error: Couldn't find cpp package in $nugetSrcPackagesDir. Call script with downloadDefaultCppNugets = 1 to download default packages."
|
||||
exit -1
|
||||
$version = $downloadNugetVersion
|
||||
}
|
||||
else
|
||||
else
|
||||
{
|
||||
$version = $defaultWinSDKNugetVersion
|
||||
Write-Output "No cpp nuget packages found at $nugetSrcPackagesDir. Downloading $version from nuget.org..."
|
||||
if (!$downloadDefaultCppNugets)
|
||||
{
|
||||
Write-Output "Error: Couldn't find cpp package in $nugetSrcPackagesDir. Call script with downloadDefaultCppNugets = 1 to download default packages."
|
||||
exit -1
|
||||
}
|
||||
|
||||
Download-Nupkg "Microsoft.Windows.SDK.CPP" $version $nugetSrcPackagesDir
|
||||
Download-Nupkg "Microsoft.Windows.SDK.CPP.x64" $version $nugetSrcPackagesDir
|
||||
$cppPkg = Get-ChildItem -path $nugetSrcPackagesDir -Include Microsoft.Windows.SDK.CPP.10.*.nupkg -recurse
|
||||
$version = $defaultWinSDKNugetVersion
|
||||
}
|
||||
|
||||
Write-Output "No cpp nuget packages found at $nugetSrcPackagesDir. Downloading $version from nuget.org..."
|
||||
|
||||
Download-Nupkg "Microsoft.Windows.SDK.CPP" $version $nugetSrcPackagesDir
|
||||
Download-Nupkg "Microsoft.Windows.SDK.CPP.x64" $version $nugetSrcPackagesDir
|
||||
}
|
||||
|
||||
$nugetSrcPackagesDir = Join-Path -Path $artifactsDir "NuGetPackages"
|
||||
Create-Directory $nugetSrcPackagesDir
|
||||
|
||||
$publishNugetVersion = $version
|
||||
|
||||
# patch is an auto-increment counter specific to the pipeline name.
|
||||
# If it's set...
|
||||
if ($patch -ne "")
|
||||
if (!$publishNugetVersion)
|
||||
{
|
||||
# If this is a preview build, just append the patch to the end of the version
|
||||
if ($version.Contains("-preview"))
|
||||
{
|
||||
$publishNugetVersion = "$version.$patch"
|
||||
}
|
||||
# If this isn't a preview build, we want to replace the build QFE with the patch
|
||||
else
|
||||
{
|
||||
$buildParts = $version.Split("{.}")
|
||||
$qfePart = $buildParts[3]
|
||||
$qfeParts = $qfePart.Split("{-}")
|
||||
$qfe = $qfeOverride
|
||||
if ($qfeParts.Length -eq 2)
|
||||
{
|
||||
$qfeExtra = $qfeParts[1]
|
||||
$qfe = "$qfe-$qfeExtra"
|
||||
}
|
||||
|
||||
$buildParts[3] = $patch
|
||||
$publishNugetVersion = $version
|
||||
|
||||
$publishNugetVersion = [string]::Join(".", $buildParts)
|
||||
# patch is an auto-increment counter specific to the pipeline name.
|
||||
# If it's set...
|
||||
if ($patch -ne "")
|
||||
{
|
||||
# If this is a preview build, just append the patch to the end of the version
|
||||
if ($version.Contains("-preview"))
|
||||
{
|
||||
$publishNugetVersion = "$version.$patch"
|
||||
}
|
||||
# If this isn't a preview build, we want to replace the build QFE with the patch
|
||||
else
|
||||
{
|
||||
$buildParts = $version.Split("{.}")
|
||||
$qfePart = $buildParts[3]
|
||||
$qfeParts = $qfePart.Split("{-}")
|
||||
$qfe = $qfeOverride
|
||||
if ($qfeParts.Length -eq 2)
|
||||
{
|
||||
$qfeExtra = $qfeParts[1]
|
||||
$qfe = "$qfe-$qfeExtra"
|
||||
}
|
||||
|
||||
$buildParts[3] = $patch
|
||||
|
||||
$publishNugetVersion = [string]::Join(".", $buildParts)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Write variable in the Azure DevOps pipeline for use in subsequent tasks
|
||||
Write-Output "##vso[task.setvariable variable=PrepOutput.NugetVersion;]$publishNugetVersion"
|
||||
|
||||
if ($exitAfterFindVersion)
|
||||
{
|
||||
exit 0
|
||||
}
|
||||
|
||||
$x64Pkg = Get-ChildItem -path "$nugetSrcPackagesDir\Microsoft.Windows.SDK.CPP.x64.$version.nupkg"
|
||||
if (!$x64Pkg)
|
||||
{
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче