Work CI-CD

- Update task installing sign tool with new .NET Foundation tool.
- Migrate sign task to use new tool.
- Update file list for sign tool.

***NO_CI***

azure-pipelines.yml

@@ -207,25 +207,36 @@ jobs:
 
   - task: DotNetCoreCLI@2
     displayName: Install SignTool tool
-    condition: and( succeeded(), eq(variables['System.PullRequest.PullRequestId'], '') )
+    condition: >-
+      and(
+        succeeded(),
+        eq(variables['System.PullRequest.PullRequestId'], '')
+      )
     inputs:
       command: custom
       custom: tool
-      arguments: install --tool-path . SignClient
+      arguments: install --tool-path . sign --version 0.9.1-beta.23530.1
   
   - pwsh: |
-      .\SignClient "Sign" `
+      .\sign code azure-key-vault `
+      "**\*.vsix" `
       --baseDirectory "$(Build.ArtifactStagingDirectory)\vs2019" `
-      --input "**\*.vsix" `
-      --config "$(Build.Repository.LocalPath)\config\SignClient.json" `
-      --filelist "$(Build.Repository.LocalPath)\config\filelist.txt" `
-      --user "$(SignClientUser)" `
-      --secret '$(SignClientSecret)' `
-      --name ".NET nanoFramework VS2019 Extension" `
+      --file-list "$(Build.Repository.LocalPath)\config\filelist.txt" `
       --description ".NET nanoFramework VS2019 Extension" `
-      --descriptionUrl "https://github.com/$env:Build_Repository_Name"
+      --description-url "https://github.com/$env:Build_Repository_Name" `
+      --azure-key-vault-tenant-id "$(SignTenantId)" `
+      --azure-key-vault-client-id "$(SignClientId)" `
+      --azure-key-vault-client-secret "$(SignClientSecret)" `
+      --azure-key-vault-certificate "$(SignKeyVaultCertificate)" `
+      --azure-key-vault-url "$(SignKeyVaultUrl)" `
+      --timestamp-url http://timestamp.digicert.com
     displayName: Sign VS2019 packages
-    condition: and( succeeded(), eq(variables['System.PullRequest.PullRequestId'], '') )
+    continueOnError: true
+    condition: >-
+      and(
+        succeeded(),
+        eq(variables['System.PullRequest.PullRequestId'], '')
+      )
 
   # publish artifacts (only possible if this is not a PR originated on a fork)
   - task: PublishBuildArtifacts@1
@@ -399,24 +410,36 @@ jobs:
 
   - task: DotNetCoreCLI@2
     displayName: Install SignTool tool
-    condition: and( succeeded(), eq(variables['System.PullRequest.PullRequestId'], '') )
+    condition: >-
+      and(
+        succeeded(),
+        eq(variables['System.PullRequest.PullRequestId'], '')
+      )
     inputs:
       command: custom
       custom: tool
-      arguments: install --tool-path . SignClient
+      arguments: install --tool-path . sign --version 0.9.1-beta.23530.1
+
   - pwsh: |
-      .\SignClient "Sign" `
+      .\sign code azure-key-vault `
+      "**\*.vsix" `
       --baseDirectory "$(Build.ArtifactStagingDirectory)\vs2022" `
-      --input "**\*.vsix" `
-      --config "$(Build.Repository.LocalPath)\config\SignClient.json" `
-      --filelist "$(Build.Repository.LocalPath)\config\filelist.txt" `
-      --user "$(SignClientUser)" `
-      --secret '$(SignClientSecret)' `
-      --name ".NET nanoFramework VS2022 Extension" `
-      --description ".NET nanoFramework VS2022 Extension" `
-      --descriptionUrl "https://github.com/$env:Build_Repository_Name"
+      --file-list "$(Build.Repository.LocalPath)\config\filelist.txt" `
+      --description ".NET nanoFramework VS2019 Extension" `
+      --description-url "https://github.com/$env:Build_Repository_Name" `
+      --azure-key-vault-tenant-id "$(SignTenantId)" `
+      --azure-key-vault-client-id "$(SignClientId)" `
+      --azure-key-vault-client-secret "$(SignClientSecret)" `
+      --azure-key-vault-certificate "$(SignKeyVaultCertificate)" `
+      --azure-key-vault-url "$(SignKeyVaultUrl)" `
+      --timestamp-url http://timestamp.digicert.com
     displayName: Sign VS2022 packages
-    condition: and( succeeded(), eq(variables['System.PullRequest.PullRequestId'], '') )
+    continueOnError: true
+    condition: >-
+      and(
+        succeeded(),
+        eq(variables['System.PullRequest.PullRequestId'], '')
+      )
 
   # publish artifacts (only possible if this is not a PR originated on a fork)
   - task: PublishBuildArtifacts@1

config/filelist.txt

@@ -1,2 +1,2 @@
-**/Visual-Studio-extension*
-**/Visual-Studio-extension-2019*
+**/Visual-Studio-extension-2019*
+**/Visual-Studio-extension-2022*

config/signClient.json

@@ -1,14 +0,0 @@
-{
-    "SignClient": {
-      "AzureAd": {
-        "AADInstance": "https://login.microsoftonline.com/",
-        "ClientId": "c248d68a-ba6f-4aa9-8a68-71fe872063f8",
-        "TenantId": "16076fdc-fcc1-4a15-b1ca-32c9a255900e"
-      },
-      "Service": {
-        "Url": "https://codesign.dotnetfoundation.org/",
-        "ResourceId": "https://SignService/3c30251f-36f3-490b-a955-520addb85001"
-      }
-    }
-  }
-