Adding the sign stage. #28
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This pipeline will be triggered manually. | |
| parameters: | |
| - name: version | |
| type: string | |
| default: 0.8.6 | |
| - name: prerelease | |
| displayName: Prerelease? | |
| type: boolean | |
| default: true | |
| - name: buildConfigs | |
| type: object | |
| default: | |
| - pool: | |
| name: Azure-Pipelines-1ESPT-ExDShared | |
| image: windows-latest | |
| os: windows | |
| runtime: win10-x64 | |
| - pool: | |
| name: Azure Pipelines | |
| image: macOS-latest | |
| os: macOS | |
| runtime: osx-x64 | |
| - pool: | |
| name: Azure Pipelines | |
| image: macOS-latest | |
| os: macOS | |
| runtime: osx-arm64 | |
| variables: | |
| - name: tags | |
| value: "nonproduction" | |
| readonly: true | |
| - name: pythonVersion | |
| value: 3.10 | |
| readonly: true | |
| trigger: | |
| branches: | |
| include: | |
| - fixing-indentation | |
| pr: none | |
| resources: | |
| repositories: | |
| - repository: CustomPipelineTemplates | |
| type: git | |
| name: 1ESPipelineTemplates/OfficePipelineTemplates | |
| ref: refs/tags/release | |
| extends: | |
| template: v1/Office.Unofficial.PipelineTemplate.yml@CustomPipelineTemplates | |
| parameters: | |
| pool: | |
| name: Azure-Pipelines-1ESPT-ExDShared | |
| image: ubuntu-latest | |
| os: linux | |
| sdl: | |
| sourceAnalysisPool: | |
| name: Azure-Pipelines-1ESPT-ExDShared | |
| image: windows-latest | |
| os: windows | |
| stages: | |
| - stage: validate | |
| displayName: Validate | |
| jobs: | |
| - job: validate | |
| displayName: Validate | |
| steps: | |
| - checkout: self | |
| - task: UsePythonVersion@0 | |
| displayName: Use Python $(pythonVersion) | |
| inputs: | |
| versionSpec: $(pythonVersion) | |
| - task: Bash@3 | |
| inputs: | |
| targetType: inline | |
| script: | | |
| echo ${{ parameters.version }} | python ./bin/version.py | |
| - stage: build | |
| displayName: Build | |
| jobs: | |
| - ${{ each config in parameters.buildConfigs }}: | |
| - job: build_${{ replace(config.runtime,'-', '_') }} | |
| displayName: Building for ${{ config.runtime }} on ${{ config.pool.name }} | |
| pool: | |
| name: ${{ config.pool.name }} | |
| image: ${{ config.pool.image }} | |
| os: ${{ config.pool.os }} | |
| steps: | |
| - checkout: self | |
| - task: UseDotNet@2 | |
| displayName: Use .NET Core sdk 6.x | |
| inputs: | |
| version: 6.x | |
| - task: NuGetToolInstaller@0 | |
| displayName: Use NuGet 6.x | |
| inputs: | |
| versionSpec: 6.x | |
| - task: DotNetCoreCLI@2 | |
| displayName: Install dependencies | |
| inputs: | |
| command: restore | |
| feedsToUse: select | |
| vstsFeed: $(vstsFeedId) | |
| includeNuGetOrg: false | |
| arguments: --runtime ${{ config.runtime }} | |
| - task: DotNetCoreCLI@2 | |
| displayName: Test | |
| inputs: | |
| command: test | |
| arguments: --configuration release --no-restore | |
| - task: DotNetCoreCLI@2 | |
| displayName: Build artifacts | |
| env: | |
| ADO_TOKEN: $(System.AccessToken) | |
| inputs: | |
| command: publish | |
| projects: src/AzureAuth/AzureAuth.csproj | |
| arguments: -p:Version=${{ parameters.version }} --configuration release --self-contained true --runtime ${{ config.runtime }} --output dist/${{ config.runtime }} | |
| publishWebProjects: false | |
| zipAfterPublish: false | |
| modifyOutputPath: true | |
| templateContext: | |
| outputs: | |
| - output: pipelineArtifact | |
| targetPath: dist/${{ config.runtime }} | |
| artifactName: azureauth-${{ parameters.version }}-${{ config.runtime }} | |
| - stage: sign | |
| displayName: Sign | |
| dependsOn: build | |
| jobs: | |
| - job: sign | |
| displayName: Sign | |
| pool: | |
| name: Azure-Pipelines-1ESPT-ExDShared | |
| # This step has to run on Windows because ESRPClient.exe is currently only available for that platform. | |
| image: windows-latest | |
| os: windows | |
| templateContext: | |
| inputs: | |
| - input: pipelineArtifact | |
| targetPath: . | |
| steps: | |
| - checkout: self | |
| - task: UsePythonVersion@0 | |
| displayName: Use Python $(pythonVersion) | |
| inputs: | |
| versionSpec: $(pythonVersion) | |
| - task: NuGetToolInstaller@1 | |
| inputs: | |
| versionSpec: 5.x | |
| - task: PowerShell@2 | |
| displayName: Download ESRPClient.exe | |
| env: | |
| ESRP_VERSION: $(esrpVersion) | |
| NUGET_CREDENTIALS: $(System.AccessToken) | |
| inputs: | |
| targetType: inline | |
| script: | | |
| nuget sources add -Name esrp -Username esrp-downloader -Password $env:NUGET_CREDENTIALS -Source https://pkgs.dev.azure.com/office/_packaging/Office/nuget/v3/index.json | |
| nuget install Microsoft.EsrpClient -Version "$env:ESRP_VERSION" -OutputDirectory .\esrp -Source https://pkgs.dev.azure.com/office/_packaging/Office/nuget/v3/index.json | |
| failOnStderr: true | |
| - task: AzureCLI@2 | |
| displayName: Login to Azure with Service Principal | |
| inputs: | |
| azureSubscription: $(esrpKVServiceConnection) | |
| scriptType: ps | |
| scriptLocation: inlineScript | |
| addSpnToEnvironment: true | |
| inlineScript: | | |
| az keyvault secret download --subscription "$env:AZURE_SUBSCRIPTION" --vault-name "$env:AZURE_VAULT" --name "$env:ESRP_AAD_CERT_NAME" -f cert.pfx | |
| certutil -f -importpfx cert.pfx | |
| Remove-Item cert.pfx | |
| az keyvault secret download --subscription "$env:AZURE_SUBSCRIPTION" --vault-name "$env:AZURE_VAULT" --name "$env:ESRP_REQ_CERT_NAME" -f cert.pfx | |
| certutil -f -importpfx cert.pfx | |
| Remove-Item cert.pfx |