Skip to content

Commit

Permalink
Update ESRP yaml task (#394)
Browse files Browse the repository at this point in the history
  • Loading branch information
@EricJohnson327
EricJohnson327 authored Jun 5, 2024
1 parent 7821908 commit 67cc48b
Show file tree
Hide file tree
Showing 2 changed files with 100 additions and 80 deletions.
158 changes: 78 additions & 80 deletions build/azure-pipelines.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,46 +148,45 @@ extends:
filePath: 'build/scripts/Build.ps1'
arguments: -Platform "${{ platform }}" -Configuration "${{ configuration }}" -Version $(MSIXVersion) -BuildStep "msix" -AzureBuildingBranch "$(BuildingBranch)" -IsAzurePipelineBuild -ClientId $(GitHubClientId) -ClientSecret $(GitHubClientSecret)

- task: EsrpCodeSigning@2
inputs:
ConnectedServiceName: 'Xlang Code Signing'
FolderPath: '$(appxPackageDir)\${{ configuration }}'
Pattern: '*.msix'
signConfigType: 'inlineSignParams'
inlineOperation: |
[
{
"keycode": "CP-230012",
"operationSetCode": "SigntoolSign",
"parameters": [
{
"parameterName": "OpusName",
"parameterValue": "Microsoft"
},
{
"parameterName": "OpusInfo",
"parameterValue": "http://www.microsoft.com"
},
{
"parameterName": "PageHash",
"parameterValue": "/NPH"
},
{
"parameterName": "FileDigest",
"parameterValue": "/fd sha256"
},
{
"parameterName": "TimeStamp",
"parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
}
],
"toolName": "signtool.exe",
"toolVersion": "6.2.9304.0"
}
]
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
- template: ./build/templates/EsrpSigning-Steps.yml@self
parameters:
displayName: Submit *.msix to ESRP for code signing
inputs:
FolderPath: '$(appxPackageDir)\${{ configuration }}'
Pattern: '*.msix'
UseMinimatch: true
signConfigType: inlineSignParams
inlineOperation: |
[
{
"keycode": "CP-230012",
"operationSetCode": "SigntoolSign",
"parameters": [
{
"parameterName": "OpusName",
"parameterValue": "Microsoft"
},
{
"parameterName": "OpusInfo",
"parameterValue": "http://www.microsoft.com"
},
{
"parameterName": "PageHash",
"parameterValue": "/NPH"
},
{
"parameterName": "FileDigest",
"parameterValue": "/fd sha256"
},
{
"parameterName": "TimeStamp",
"parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
}
],
"toolName": "signtool.exe",
"toolVersion": "6.2.9304.0"
}
]
# Commented out until our implementation is fixed
# - task: AzureKeyVault@1
Expand Down Expand Up @@ -292,46 +291,45 @@ extends:
filePath: 'build/scripts/Build.ps1'
arguments: -Configuration "${{ configuration }}" -Version $(MSIXVersion) -BuildStep "msixbundle" -IsAzurePipelineBuild

- task: EsrpCodeSigning@2
inputs:
ConnectedServiceName: 'Xlang Code Signing'
FolderPath: 'AppxBundles\${{ configuration }}'
Pattern: '*.msixbundle'
signConfigType: 'inlineSignParams'
inlineOperation: |
[
{
"keycode": "CP-230012",
"operationSetCode": "SigntoolSign",
"parameters": [
{
"parameterName": "OpusName",
"parameterValue": "Microsoft"
},
{
"parameterName": "OpusInfo",
"parameterValue": "http://www.microsoft.com"
},
{
"parameterName": "PageHash",
"parameterValue": "/NPH"
},
{
"parameterName": "FileDigest",
"parameterValue": "/fd sha256"
},
{
"parameterName": "TimeStamp",
"parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
}
],
"toolName": "signtool.exe",
"toolVersion": "6.2.9304.0"
}
]
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
- template: ./build/templates/EsrpSigning-Steps.yml@self
parameters:
displayName: Submit *.msixbundle to ESRP for code signing
inputs:
FolderPath: 'AppxBundles\${{ configuration }}'
Pattern: '*.msixbundle'
UseMinimatch: true
signConfigType: inlineSignParams
inlineOperation: |
[
{
"keycode": "CP-230012",
"operationSetCode": "SigntoolSign",
"parameters": [
{
"parameterName": "OpusName",
"parameterValue": "Microsoft"
},
{
"parameterName": "OpusInfo",
"parameterValue": "http://www.microsoft.com"
},
{
"parameterName": "PageHash",
"parameterValue": "/NPH"
},
{
"parameterName": "FileDigest",
"parameterValue": "/fd sha256"
},
{
"parameterName": "TimeStamp",
"parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
}
],
"toolName": "signtool.exe",
"toolVersion": "6.2.9304.0"
}
]
templateContext:
outputs:
Expand Down
22 changes: 22 additions & 0 deletions build/templates/EsrpSigning-Steps.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
parameters:
- name: displayName
type: string
default: ESRP Code Signing
- name: inputs
type: object
default: {}

steps:
- task: EsrpCodeSigning@5
displayName: ${{ parameters.displayName }}
inputs:
ConnectedServiceName: $(EsrpConnectedServiceName)
AppRegistrationClientId: $(EsrpAppRegistrationClientId)
AppRegistrationTenantId: $(EsrpAppRegistrationTenantId)
AuthAKVName: $(EsrpAuthAKVName)
AuthCertName: $(EsrpAuthCertName)
AuthSignCertName: $(EsrpAuthSignCertName)
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
${{ insert }}: ${{ parameters.inputs }}

0 comments on commit 67cc48b

Please sign in to comment.