Skip to content

Commit

Permalink
Update ESRP yaml tasks (#3118)
Browse files Browse the repository at this point in the history
  • Loading branch information
@EricJohnson327
EricJohnson327 authored Jun 4, 2024
1 parent d3a3ade commit 6a16543
Show file tree
Hide file tree
Showing 2 changed files with 138 additions and 119 deletions.
235 changes: 116 additions & 119 deletions build/azure-pipelines.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,46 +241,45 @@ extends:
$(Build.SourcesDirectory)\**\obj\**\*.r2r.ni.pdb
- task: EsrpCodeSigning@2
inputs:
ConnectedServiceName: 'Xlang Code Signing'
FolderPath: '$(appxPackageDir)\${{ configuration }}'
Pattern: '*.msix'
signConfigType: 'inlineSignParams'
inlineOperation: |
[
{
"keycode": "CP-230012",
"operationSetCode": "SigntoolvNextSign",
"parameters": [
{
"parameterName": "OpusName",
"parameterValue": "Microsoft"
},
{
"parameterName": "OpusInfo",
"parameterValue": "http://www.microsoft.com"
},
{
"parameterName": "PageHash",
"parameterValue": "/NPH"
},
{
"parameterName": "FileDigest",
"parameterValue": "/fd sha256"
},
{
"parameterName": "TimeStamp",
"parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
}
],
"toolName": "signtool.exe",
"toolVersion": "6.2.9304.0"
}
]
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
- template: ./build/templates/EsrpSigning-Steps.yml@self
parameters:
displayName: Submit *.msix to ESRP for code signing
inputs:
FolderPath: '$(appxPackageDir)\${{ configuration }}'
Pattern: '*.msix'
UseMinimatch: true
signConfigType: inlineSignParams
inlineOperation: >-
[
{
"keycode": "CP-230012",
"operationSetCode": "SigntoolvNextSign",
"parameters": [
{
"parameterName": "OpusName",
"parameterValue": "Microsoft"
},
{
"parameterName": "OpusInfo",
"parameterValue": "http://www.microsoft.com"
},
{
"parameterName": "PageHash",
"parameterValue": "/NPH"
},
{
"parameterName": "FileDigest",
"parameterValue": "/fd sha256"
},
{
"parameterName": "TimeStamp",
"parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
}
],
"toolName": "signtool.exe",
"toolVersion": "6.2.9304.0"
}
]
# Commented out until our implementation is fixed
# - task: AzureKeyVault@1
Expand Down Expand Up @@ -394,94 +393,92 @@ extends:
filePath: 'build/scripts/UnbundleStubPackage.ps1'
arguments: -InputPath $(appxPackageDir)\Staging -OutputLocation $(appxPackageDir)\${{ configuration }}\AppxMetadata\Stub

- task: EsrpCodeSigning@2
condition: and(eq(variables['BuildingBranch'], 'release'), eq('${{ configuration }}', 'Release'))
inputs:
ConnectedServiceName: 'Xlang Code Signing'
FolderPath: '$(appxPackageDir)\${{ configuration }}\AppxMetadata\Stub'
Pattern: '*.msix'
signConfigType: 'inlineSignParams'
inlineOperation: |
[
{
"keycode": "CP-230012",
"operationSetCode": "SigntoolvNextSign",
"parameters": [
{
"parameterName": "OpusName",
"parameterValue": "Microsoft"
},
{
"parameterName": "OpusInfo",
"parameterValue": "http://www.microsoft.com"
},
{
"parameterName": "PageHash",
"parameterValue": "/NPH"
},
{
"parameterName": "FileDigest",
"parameterValue": "/fd sha256"
},
- ${{ if and(eq(variables['BuildingBranch'], 'release'), eq('${{ configuration }}', 'Release')) }}:
- template: ./build/templates/EsrpSigning-Steps.yml@self
parameters:
displayName: Submit *.msix to ESRP for code signing
inputs:
FolderPath: '$(appxPackageDir)\${{ configuration }}\AppxMetadata\Stub'
Pattern: '*.msix'
UseMinimatch: true
signConfigType: inlineSignParams
inlineOperation: |
[
{
"parameterName": "TimeStamp",
"parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
"keycode": "CP-230012",
"operationSetCode": "SigntoolvNextSign",
"parameters": [
{
"parameterName": "OpusName",
"parameterValue": "Microsoft"
},
{
"parameterName": "OpusInfo",
"parameterValue": "http://www.microsoft.com"
},
{
"parameterName": "PageHash",
"parameterValue": "/NPH"
},
{
"parameterName": "FileDigest",
"parameterValue": "/fd sha256"
},
{
"parameterName": "TimeStamp",
"parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
}
],
"toolName": "signtool.exe",
"toolVersion": "6.2.9304.0"
}
],
"toolName": "signtool.exe",
"toolVersion": "6.2.9304.0"
}
]
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
]
- task: PowerShell@2
displayName: Build MsixBundle
inputs:
filePath: 'Build.ps1'
arguments: -Configuration "${{ configuration }}" -Version $(MSIXVersion) -BuildStep "msixbundle" -IsAzurePipelineBuild

- task: EsrpCodeSigning@2
inputs:
ConnectedServiceName: 'Xlang Code Signing'
FolderPath: 'AppxBundles\${{ configuration }}'
Pattern: '*.msixbundle'
signConfigType: 'inlineSignParams'
inlineOperation: |
[
{
"keycode": "CP-230012",
"operationSetCode": "SigntoolvNextSign",
"parameters": [
{
"parameterName": "OpusName",
"parameterValue": "Microsoft"
},
{
"parameterName": "OpusInfo",
"parameterValue": "http://www.microsoft.com"
},
{
"parameterName": "PageHash",
"parameterValue": "/NPH"
},
{
"parameterName": "FileDigest",
"parameterValue": "/fd sha256"
},
{
"parameterName": "TimeStamp",
"parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
}
],
"toolName": "signtool.exe",
"toolVersion": "6.2.9304.0"
}
]
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
- template: ./build/templates/EsrpSigning-Steps.yml@self
parameters:
displayName: Submit *.msixbundle to ESRP for code signing
inputs:
FolderPath: 'AppxBundles\${{ configuration }}'
Pattern: '*.msixbundle'
UseMinimatch: true
signConfigType: inlineSignParams
inlineOperation: |
[
{
"keycode": "CP-230012",
"operationSetCode": "SigntoolvNextSign",
"parameters": [
{
"parameterName": "OpusName",
"parameterValue": "Microsoft"
},
{
"parameterName": "OpusInfo",
"parameterValue": "http://www.microsoft.com"
},
{
"parameterName": "PageHash",
"parameterValue": "/NPH"
},
{
"parameterName": "FileDigest",
"parameterValue": "/fd sha256"
},
{
"parameterName": "TimeStamp",
"parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
}
],
"toolName": "signtool.exe",
"toolVersion": "6.2.9304.0"
}
]
templateContext:
outputs:
Expand Down
22 changes: 22 additions & 0 deletions build/templates/EsrpSigning-Steps.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
parameters:
- name: displayName
type: string
default: ESRP Code Signing
- name: inputs
type: object
default: {}

steps:
- task: EsrpCodeSigning@5
displayName: ${{ parameters.displayName }}
inputs:
ConnectedServiceName: $(EsrpConnectedServiceName)
AppRegistrationClientId: $(EsrpAppRegistrationClientId)
AppRegistrationTenantId: $(EsrpAppRegistrationTenantId)
AuthAKVName: $(EsrpAuthAKVName)
AuthCertName: $(EsrpAuthCertName)
AuthSignCertName: $(EsrpAuthSignCertName)
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'
${{ insert }}: ${{ parameters.inputs }}

0 comments on commit 6a16543

Please sign in to comment.