-
-
Notifications
You must be signed in to change notification settings - Fork 106
/
azure-pipelines.yml
97 lines (84 loc) · 3.12 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
name: $(Build.DefinitionName) $(date:yyyyMMdd)$(rev:.r)
stages:
- stage: Build
jobs:
- job: Build
pool:
vmImage: windows-latest
variables:
BuildPlatform: 'Any CPU'
BuildConfiguration: 'Release'
steps:
- task: MSBuild@1
displayName: 'Build solution'
inputs:
solution: '**\DataGridExtensions.sln'
platform: '$(BuildPlatform)'
configuration: '$(BuildConfiguration)'
msbuildArguments: '-restore'
clean: true
- task: CopyFiles@2
displayName: 'Copy Files to: $(build.artifactstagingdirectory)'
inputs:
SourceFolder: 'src\DataGridExtensions\bin\$(BuildConfiguration)'
Contents: '*.nupkg'
TargetFolder: '$(build.artifactstagingdirectory)'
CleanTargetFolder: true
- task: PublishBuildArtifacts@1
displayName: 'Publish Artifact: BuildPackages'
inputs:
PathtoPublish: '$(build.artifactstagingdirectory)'
ArtifactName: BuildPackages
- task: PublishBuildArtifacts@1
displayName: 'Publish Artifact: signing scripts'
inputs:
PathtoPublish: 'signing'
ArtifactName: signing
- stage: CodeSign
dependsOn: Build
condition: and(succeeded('Build'), ne(variables['build.reason'], 'PullRequest'))
jobs:
- job: CodeSign
displayName: Code Signing
pool:
vmImage: windows-latest # Code signing must run on a Windows agent for Authenticode signing (dll/exe)
steps:
# Retreive unsigned artifacts and file list
- download: current
artifact: signing
displayName: Download signing file list
- download: current
artifact: BuildPackages
displayName: Download build artifacts
- task: CmdLine@2
displayName: "AntiMalware Scan"
inputs:
script: |
Dir "$(Pipeline.Workspace)\BuildPackages"
"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(Pipeline.Workspace)\BuildPackages"
failOnStderr: true
# Install the code signing tool
- task: DotNetCoreCLI@2
inputs:
command: custom
custom: tool
arguments: install --tool-path . sign --version 0.9.1-beta.23530.1
displayName: Install SignTool tool
- pwsh: |
.\sign code azure-key-vault `
"**/*.*" `
--base-directory "$(Pipeline.Workspace)\BuildPackages" `
--file-list "$(Pipeline.Workspace)\signing\filelist.txt" `
--publisher-name "tom-englert" `
--description "DataGrid Extensions" `
--description-url "https://github.com/dotnet/DataGridExtensions" `
--azure-key-vault-tenant-id "$(SignTenantId)" `
--azure-key-vault-client-id "$(SignClientId)" `
--azure-key-vault-client-secret "$(SignClientSecret2)" `
--azure-key-vault-certificate "$(SignKeyVaultCertificate)" `
--azure-key-vault-url "$(SignKeyVaultUrl)"
displayName: Sign packages
# Publish the signed packages
- publish: $(Pipeline.Workspace)/BuildPackages
displayName: Publish Signed Packages
artifact: SignedPackages