Work CI-CD

- Replace sign tool with newest version. - Rework variable declaration to include sign group. ***NO_CI***
nanoframework · Jan 29, 2024 · 8848fad · 8848fad
1 parent 607000b
commit 8848fad
Showing 1 changed file with 30 additions and 18 deletions.
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -106,11 +106,17 @@ jobs:
     vmImage: 'windows-latest'
 
   variables:
-    DOTNET_NOLOGO: true
-    buildPlatform: 'Any CPU'
-    buildConfiguration: 'Release'
-    solution: 'nanoFramework.Tools.MetadataProcessor.sln'
-    NF_MDP_MSBUILDTASK_PATH: '$(System.DefaultWorkingDirectory)/MetadataProcessor.MsBuildTask/bin/Release/net472'
+    - group: sign-client-credentials
+    - name: DOTNET_NOLOGO
+      value: true  
+    - name: buildPlatform
+      value: 'Any CPU'  
+    - name: buildConfiguration
+      value: 'Release'
+    - name: solution
+      value: 'nanoFramework.Tools.MetadataProcessor.sln'
+    - name: NF_MDP_MSBUILDTASK_PATH
+      value: '$(System.DefaultWorkingDirectory)/MetadataProcessor.MsBuildTask/bin/Release/net472'
 
   steps:
 
@@ -222,22 +228,28 @@ jobs:
     inputs:
       command: custom
       custom: tool
-      arguments: install --tool-path . SignClient
-
+      arguments: install --tool-path . sign --version 0.9.1-beta.23530.1
+    
   - pwsh: |
-      .\SignClient "Sign" `
-      --baseDirectory "$(Build.ArtifactStagingDirectory)" `
-      --input "**/*.nupkg" `
-      --config "$(Build.Repository.LocalPath)\config\SignClient.json" `
-      --filelist "$(Build.Repository.LocalPath)\config\filelist.txt" `
-      --user "$(SignClientUser)" `
-      --secret '$(SignClientSecret)' `
-      --name ".NET nanoFramework Metadata Processor" `
-      --description ".NET nanoFramework Metadata Processor" `
-      --descriptionUrl "https://github.com/$env:Build_Repository_Name"
+      .\sign code azure-key-vault `
+      "**/*.nupkg" `
+      --base-directory "$(Build.ArtifactStagingDirectory)" `
+      --file-list "$(Build.Repository.LocalPath)\config\filelist.txt" `
+      --description "$(nugetPackageName)" `
+      --description-url "https://github.com/$env:Build_Repository_Name" `
+      --azure-key-vault-tenant-id "$(SignTenantId)" `
+      --azure-key-vault-client-id "$(SignClientId)" `
+      --azure-key-vault-client-secret "$(SignClientSecret)" `
+      --azure-key-vault-certificate "$(SignKeyVaultCertificate)" `
+      --azure-key-vault-url "$(SignKeyVaultUrl)" `
+      --timestamp-url http://timestamp.digicert.com
     displayName: Sign packages
     continueOnError: true
-    condition: and( succeeded(), eq(variables['System.PullRequest.PullRequestId'], '') )
+    condition: >-
+      and(
+        succeeded(),
+        eq(variables['System.PullRequest.PullRequestId'], '')
+      )
     
   # publish artifacts (only possible if this is not a PR originated on a fork)
   - task: PublishBuildArtifacts@1