From a8242852a166d3385a95cb438eec8d64cd3c40a8 Mon Sep 17 00:00:00 2001 From: Eric Johnson Date: Tue, 4 Jun 2024 14:23:47 -0700 Subject: [PATCH] Update ESRP yaml task --- build/azure-pipelines.yml | 158 +++++++++++++------------- build/templates/EsrpSigning-Steps.yml | 22 ++++ 2 files changed, 100 insertions(+), 80 deletions(-) create mode 100644 build/templates/EsrpSigning-Steps.yml diff --git a/build/azure-pipelines.yml b/build/azure-pipelines.yml index c00faf0..ea0d9b3 100644 --- a/build/azure-pipelines.yml +++ b/build/azure-pipelines.yml @@ -148,46 +148,45 @@ extends: filePath: 'build/scripts/Build.ps1' arguments: -Platform "${{ platform }}" -Configuration "${{ configuration }}" -Version $(MSIXVersion) -BuildStep "msix" -AzureBuildingBranch "$(BuildingBranch)" -IsAzurePipelineBuild -ClientId $(GitHubClientId) -ClientSecret $(GitHubClientSecret) - - task: EsrpCodeSigning@2 - inputs: - ConnectedServiceName: 'Xlang Code Signing' - FolderPath: '$(appxPackageDir)\${{ configuration }}' - Pattern: '*.msix' - signConfigType: 'inlineSignParams' - inlineOperation: | - [ - { - "keycode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd sha256" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - } - ], - "toolName": "signtool.exe", - "toolVersion": "6.2.9304.0" - } - ] - SessionTimeout: '60' - MaxConcurrency: '50' - MaxRetryAttempts: '5' + - template: ./build/templates/EsrpSigning-Steps.yml@self + parameters: + displayName: Submit *.msix to ESRP for code signing + inputs: + FolderPath: '$(appxPackageDir)\${{ configuration }}' + Pattern: '*.msix' + UseMinimatch: true + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "keycode": "CP-230012", + "operationSetCode": "SigntoolSign", + "parameters": [ + { + "parameterName": "OpusName", + "parameterValue": "Microsoft" + }, + { + "parameterName": "OpusInfo", + "parameterValue": "http://www.microsoft.com" + }, + { + "parameterName": "PageHash", + "parameterValue": "/NPH" + }, + { + "parameterName": "FileDigest", + "parameterValue": "/fd sha256" + }, + { + "parameterName": "TimeStamp", + "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + } + ], + "toolName": "signtool.exe", + "toolVersion": "6.2.9304.0" + } + ] # Commented out until our implementation is fixed # - task: AzureKeyVault@1 @@ -292,46 +291,45 @@ extends: filePath: 'build/scripts/Build.ps1' arguments: -Configuration "${{ configuration }}" -Version $(MSIXVersion) -BuildStep "msixbundle" -IsAzurePipelineBuild - - task: EsrpCodeSigning@2 - inputs: - ConnectedServiceName: 'Xlang Code Signing' - FolderPath: 'AppxBundles\${{ configuration }}' - Pattern: '*.msixbundle' - signConfigType: 'inlineSignParams' - inlineOperation: | - [ - { - "keycode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd sha256" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - } - ], - "toolName": "signtool.exe", - "toolVersion": "6.2.9304.0" - } - ] - SessionTimeout: '60' - MaxConcurrency: '50' - MaxRetryAttempts: '5' + - template: ./build/templates/EsrpSigning-Steps.yml@self + parameters: + displayName: Submit *.msixbundle to ESRP for code signing + inputs: + FolderPath: 'AppxBundles\${{ configuration }}' + Pattern: '*.msixbundle' + UseMinimatch: true + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "keycode": "CP-230012", + "operationSetCode": "SigntoolSign", + "parameters": [ + { + "parameterName": "OpusName", + "parameterValue": "Microsoft" + }, + { + "parameterName": "OpusInfo", + "parameterValue": "http://www.microsoft.com" + }, + { + "parameterName": "PageHash", + "parameterValue": "/NPH" + }, + { + "parameterName": "FileDigest", + "parameterValue": "/fd sha256" + }, + { + "parameterName": "TimeStamp", + "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + } + ], + "toolName": "signtool.exe", + "toolVersion": "6.2.9304.0" + } + ] templateContext: outputs: diff --git a/build/templates/EsrpSigning-Steps.yml b/build/templates/EsrpSigning-Steps.yml new file mode 100644 index 0000000..63eb25b --- /dev/null +++ b/build/templates/EsrpSigning-Steps.yml @@ -0,0 +1,22 @@ +parameters: + - name: displayName + type: string + default: ESRP Code Signing + - name: inputs + type: object + default: {} + +steps: + - task: EsrpCodeSigning@5 + displayName: ${{ parameters.displayName }} + inputs: + ConnectedServiceName: $(EsrpConnectedServiceName) + AppRegistrationClientId: $(EsrpAppRegistrationClientId) + AppRegistrationTenantId: $(EsrpAppRegistrationTenantId) + AuthAKVName: $(EsrpAuthAKVName) + AuthCertName: $(EsrpAuthCertName) + AuthSignCertName: $(EsrpAuthSignCertName) + SessionTimeout: '60' + MaxConcurrency: '50' + MaxRetryAttempts: '5' + ${{ insert }}: ${{ parameters.inputs }}