diff --git a/build/azure-pipelines.yml b/build/azure-pipelines.yml index c00faf0..5c5ebd1 100644 --- a/build/azure-pipelines.yml +++ b/build/azure-pipelines.yml @@ -20,7 +20,7 @@ parameters: - release variables: - MSIXVersion: '0.1400' + MSIXVersion: '0.1500' solution: '**/GitHubExtension.sln' appxPackageDir: 'AppxPackages' testOutputArtifactDir: 'TestResults' @@ -148,46 +148,45 @@ extends: filePath: 'build/scripts/Build.ps1' arguments: -Platform "${{ platform }}" -Configuration "${{ configuration }}" -Version $(MSIXVersion) -BuildStep "msix" -AzureBuildingBranch "$(BuildingBranch)" -IsAzurePipelineBuild -ClientId $(GitHubClientId) -ClientSecret $(GitHubClientSecret) - - task: EsrpCodeSigning@2 - inputs: - ConnectedServiceName: 'Xlang Code Signing' - FolderPath: '$(appxPackageDir)\${{ configuration }}' - Pattern: '*.msix' - signConfigType: 'inlineSignParams' - inlineOperation: | - [ - { - "keycode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd sha256" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - } - ], - "toolName": "signtool.exe", - "toolVersion": "6.2.9304.0" - } - ] - SessionTimeout: '60' - MaxConcurrency: '50' - MaxRetryAttempts: '5' + - template: ./build/templates/EsrpSigning-Steps.yml@self + parameters: + displayName: Submit *.msix to ESRP for code signing + inputs: + FolderPath: '$(appxPackageDir)\${{ configuration }}' + Pattern: '*.msix' + UseMinimatch: true + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "keycode": "CP-230012", + "operationSetCode": "SigntoolSign", + "parameters": [ + { + "parameterName": "OpusName", + "parameterValue": "Microsoft" + }, + { + "parameterName": "OpusInfo", + "parameterValue": "http://www.microsoft.com" + }, + { + "parameterName": "PageHash", + "parameterValue": "/NPH" + }, + { + "parameterName": "FileDigest", + "parameterValue": "/fd sha256" + }, + { + "parameterName": "TimeStamp", + "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + } + ], + "toolName": "signtool.exe", + "toolVersion": "6.2.9304.0" + } + ] # Commented out until our implementation is fixed # - task: AzureKeyVault@1 @@ -292,46 +291,45 @@ extends: filePath: 'build/scripts/Build.ps1' arguments: -Configuration "${{ configuration }}" -Version $(MSIXVersion) -BuildStep "msixbundle" -IsAzurePipelineBuild - - task: EsrpCodeSigning@2 - inputs: - ConnectedServiceName: 'Xlang Code Signing' - FolderPath: 'AppxBundles\${{ configuration }}' - Pattern: '*.msixbundle' - signConfigType: 'inlineSignParams' - inlineOperation: | - [ - { - "keycode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd sha256" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - } - ], - "toolName": "signtool.exe", - "toolVersion": "6.2.9304.0" - } - ] - SessionTimeout: '60' - MaxConcurrency: '50' - MaxRetryAttempts: '5' + - template: ./build/templates/EsrpSigning-Steps.yml@self + parameters: + displayName: Submit *.msixbundle to ESRP for code signing + inputs: + FolderPath: 'AppxBundles\${{ configuration }}' + Pattern: '*.msixbundle' + UseMinimatch: true + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "keycode": "CP-230012", + "operationSetCode": "SigntoolSign", + "parameters": [ + { + "parameterName": "OpusName", + "parameterValue": "Microsoft" + }, + { + "parameterName": "OpusInfo", + "parameterValue": "http://www.microsoft.com" + }, + { + "parameterName": "PageHash", + "parameterValue": "/NPH" + }, + { + "parameterName": "FileDigest", + "parameterValue": "/fd sha256" + }, + { + "parameterName": "TimeStamp", + "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + } + ], + "toolName": "signtool.exe", + "toolVersion": "6.2.9304.0" + } + ] templateContext: outputs: diff --git a/build/scripts/CreateBuildInfo.ps1 b/build/scripts/CreateBuildInfo.ps1 index de6a73b..07ac422 100644 --- a/build/scripts/CreateBuildInfo.ps1 +++ b/build/scripts/CreateBuildInfo.ps1 @@ -5,7 +5,7 @@ Param( ) $Major = "0" -$Minor = "14" +$Minor = "15" $Patch = "99" # default to 99 for local builds $versionSplit = $Version.Split("."); diff --git a/build/templates/EsrpSigning-Steps.yml b/build/templates/EsrpSigning-Steps.yml new file mode 100644 index 0000000..63eb25b --- /dev/null +++ b/build/templates/EsrpSigning-Steps.yml @@ -0,0 +1,22 @@ +parameters: + - name: displayName + type: string + default: ESRP Code Signing + - name: inputs + type: object + default: {} + +steps: + - task: EsrpCodeSigning@5 + displayName: ${{ parameters.displayName }} + inputs: + ConnectedServiceName: $(EsrpConnectedServiceName) + AppRegistrationClientId: $(EsrpAppRegistrationClientId) + AppRegistrationTenantId: $(EsrpAppRegistrationTenantId) + AuthAKVName: $(EsrpAuthAKVName) + AuthCertName: $(EsrpAuthCertName) + AuthSignCertName: $(EsrpAuthSignCertName) + SessionTimeout: '60' + MaxConcurrency: '50' + MaxRetryAttempts: '5' + ${{ insert }}: ${{ parameters.inputs }}