mongodb
diff --git a/‎evergreen/evergreen.yml
Lines changed: 8 additions & 1 deletion b/‎evergreen/evergreen.yml
Lines changed: 8 additions & 1 deletion
diff --git a/‎evergreen/run-pack.sh
Lines changed: 24 additions & 1 deletion b/‎evergreen/run-pack.sh
Lines changed: 24 additions & 1 deletion
diff --git a/‎evergreen/run-push.sh
Lines changed: 10 additions & 1 deletion b/‎evergreen/run-push.sh
Lines changed: 10 additions & 1 deletion
@@ -145,9 +145,15 @@ functions:
     - command: shell.exec
       params:
         working_dir: mongo-csharp-analyzer
+        env:
+          ARTIFACTORY_PASSWORD: ${ARTIFACTORY_PASSWORD}
+          ARTIFACTORY_USERNAME: ${ARTIFACTORY_USERNAME}
+          AZURE_NUGET_SIGN_TENANT_ID: ${AZURE_NUGET_SIGN_TENANT_ID}
+          AZURE_NUGET_SIGN_CLIENT_ID: ${AZURE_NUGET_SIGN_CLIENT_ID}
+          AZURE_NUGET_SIGN_CLIENT_SECRET: ${AZURE_NUGET_SIGN_CLIENT_SECRET}
+          PACKAGE_VERSION: ${PACKAGE_VERSION}
         script: |
           ${PREPARE_SHELL}
-          OS=${OS} \
           PACKAGE_VERSION=${PACKAGE_VERSION} \
             evergreen/run-pack.sh
 
@@ -157,6 +163,7 @@ functions:
         shell: bash
         working_dir: mongo-csharp-analyzer
         env:
+          NUGET_SIGN_CERTIFICATE_FINGERPRINT: ${NUGET_SIGN_CERTIFICATE_FINGERPRINT}
           PACKAGES_SOURCE: ${PACKAGES_SOURCE}
           PACKAGES_SOURCE_KEY: ${PACKAGES_SOURCE_KEY}
           PACKAGE_VERSION: ${PACKAGE_VERSION}
 
@@ -2,6 +2,14 @@
 set -o errexit # Exit the script with error if any of the commands fail
 set +o xtrace  # Disable tracing.
 
+# Environment variables used as input:
+# ARTIFACTORY_PASSWORD
+# ARTIFACTORY_USERNAME
+# AZURE_NUGET_SIGN_TENANT_ID
+# AZURE_NUGET_SIGN_CLIENT_ID
+# AZURE_NUGET_SIGN_CLIENT_SECRET
+# PACKAGE_VERSION
+
 if [ -z "$PACKAGE_VERSION" ]; then
   echo "PACKAGE_VERSION variable should be set"
   exit 1
@@ -11,4 +19,19 @@ echo Creating nuget package...
 
 dotnet clean "./MongoDB.Analyzer.sln"
 dotnet build "./MongoDB.Analyzer.sln" -c Release
-dotnet pack ./src/MongoDB.Analyzer.Package/MongoDB.Analyzer.Package.csproj -o ./artifacts/nuget -c Release -p:Version="$PACKAGE_VERSION" -p:ContinuousIntegrationBuild=true
+dotnet pack ./src/MongoDB.Analyzer.Package/MongoDB.Analyzer.Package.csproj -o ./artifacts/nuget -c Release -p:Version="$PACKAGE_VERSION" -p:ContinuousIntegrationBuild=true
+
+echo "${ARTIFACTORY_PASSWORD}" | docker login --password-stdin --username "${ARTIFACTORY_USERNAME}" artifactory.corp.mongodb.com
+
+docker run --platform="linux/amd64" --rm -v $(pwd):/workdir -w /workdir \
+  artifactory.corp.mongodb.com/release-tools-container-registry-local/azure-keyvault-nuget \
+  NuGetKeyVaultSignTool sign "artifacts/nuget/*"."$PACKAGE_VERSION".nupkg \
+    --force \
+    --file-digest=sha256 \
+    --timestamp-rfc3161=http://timestamp.digicert.com \
+    --timestamp-digest=sha256 \
+    --azure-key-vault-url=https://mdb-authenticode.vault.azure.net \
+    --azure-key-vault-tenant-id="$AZURE_NUGET_SIGN_TENANT_ID" \
+    --azure-key-vault-client-secret="$AZURE_NUGET_SIGN_CLIENT_SECRET" \
+    --azure-key-vault-client-id="$AZURE_NUGET_SIGN_CLIENT_ID" \
+    --azure-key-vault-certificate=authenticode-2021
@@ -2,6 +2,12 @@
 set -o errexit # Exit the script with error if any of the commands fail
 set +o xtrace  # Disable tracing.
 
+# Environment variables used as input:
+# NUGET_SIGN_CERTIFICATE_FINGERPRINT
+# PACKAGES_SOURCE
+# PACKAGES_SOURCE_KEY
+# PACKAGE_VERSION
+
 if [ -z "$PACKAGES_SOURCE" ]; then
   echo "PACKAGES_SOURCE variable should be set"
   exit 1
@@ -23,5 +29,8 @@ if [ "$PACKAGES_SOURCE" = "https://api.nuget.org/v3/index.json" ] && [[ ! "$PACK
   exit 1
 fi
 
+echo Verifying signature
+dotnet nuget verify ./artifacts/nuget/MongoDB.Analyzer."$PACKAGE_VERSION".nupkg --certificate-fingerprint "$NUGET_SIGN_CERTIFICATE_FINGERPRINT"
+
 echo Pushing nuget package...
-dotnet nuget push --source "$PACKAGES_SOURCE" --api-key "$PACKAGES_SOURCE_KEY" ./artifacts/nuget/MongoDB.Analyzer."$PACKAGE_VERSION".nupkg
+dotnet nuget push --source "$PACKAGES_SOURCE" --api-key "$PACKAGES_SOURCE_KEY" ./artifacts/nuget/MongoDB.Analyzer."$PACKAGE_VERSION".nupkg