ci: Add signing support
This commit is contained in:
Jérôme Laban
GitHub
Родитель
4f81a96b29
Коммит
f2c97eda5f
|
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
"SignClient": {
|
||||
"AzureAd": {
|
||||
"AADInstance": "https://login.microsoftonline.com/",
|
||||
"ClientId": "80441c68-7fd8-4866-8dd1-8c78ff585a8a",
|
||||
"TenantId": "a297d6c0-b635-41a3-b1e3-558efe71e413"
|
||||
},
|
||||
"Service": {
|
||||
"Url": "https://uno-signservice.azurewebsites.net",
|
||||
"ResourceId": "https://SignService.platformuno.onmicrosoft.com/6dd8824b-6147-4b02-a1af-ea83b0ffebdb"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
$currentDirectory = split-path $MyInvocation.MyCommand.Definition
|
||||
|
||||
# See if we have the ClientSecret available
|
||||
if ([string]::IsNullOrEmpty($env:SignClientSecret)) {
|
||||
Write-Host "Client Secret not found, not signing packages"
|
||||
return;
|
||||
}
|
||||
|
||||
dotnet tool install --tool-path . SignClient
|
||||
|
||||
# Setup Variables we need to pass into the sign client tool
|
||||
$appSettings = "$currentDirectory\SignClient.json"
|
||||
|
||||
$filesToSign = Get-ChildItem -Recurse $Env:ArtifactDirectory\* -Include *.nupkg,*.vsix | Select-Object -ExpandProperty FullName
|
||||
|
||||
foreach ($fileToSign in $filesToSign) {
|
||||
Write-Host "Submitting $fileToSign for signing"
|
||||
.\SignClient 'sign' -c $appSettings -i $fileToSign -r $env:SignClientUser -s $env:SignClientSecret -n "$env:SignPackageName" -d "$env:SignPackageDescription" -u "$env:build_repository_uri"
|
||||
Write-Host "Finished signing $fileToSign"
|
||||
}
|
||||
|
||||
Write-Host "Sign-package complete"
|
||||
11
pipeline.yml
11
pipeline.yml
|
|
@ -54,6 +54,17 @@ steps:
|
|||
dotnet msbuild UniversalImageLoader.sln /r /p:Configuration=$(BuildConfiguration) /p:GeneratePackageOnBuild=true /p:PackageOutputPath=$(Build.ArtifactStagingDirectory) /detailedsummary /bl:$(Build.ArtifactStagingDirectory)/msbuild.binlog
|
||||
displayName: Build
|
||||
|
||||
- task: PowerShell@2
|
||||
displayName: Authenticode Sign Packages
|
||||
inputs:
|
||||
filePath: build/Sign-Package.ps1
|
||||
env:
|
||||
SignClientUser: $(SignClientUser)
|
||||
SignClientSecret: $(SignClientSecret)
|
||||
SignPackageName: "Uno.PackageDiff"
|
||||
SignPackageDescription: "Uno.PackageDiff"
|
||||
ArtifactDirectory: $(build.artifactstagingdirectory)
|
||||
condition: and(succeeded(), not(eq(variables['build.reason'], 'PullRequest')), not(eq(variables['SignClientSecret'], '')), not(eq(variables['SignClientUser'], '')))
|
||||
|
||||
- task: PublishBuildArtifacts@1
|
||||
displayName: 'Publish Artifact: Binding.UniversalImageLoader'
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче