github/msft-calculator
1
0
Fork 0
mirror of https://github.com/Microsoft/calculator.git synced 2025-08-20 13:23:13 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Use managed identity for ESRP code signing task (#2185)

Browse source 
* draft: update esrp

* variable

* update
This commit is contained in:
oneonezhang 2024-06-12 14:06:40 +08:00 committed by GitHub
commit 1feb376108
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 22 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
build/pipelines/templates/build-single-architecture.yaml
View file

@ -55,7 +55,7 @@ jobs:
downloadDirectory: $(Build.SourcesDirectory) downloadDirectory: $(Build.SourcesDirectory)
vstsFeed: WindowsInboxApps vstsFeed: WindowsInboxApps
vstsFeedPackage: calculator-internals vstsFeedPackage: calculator-internals
vstsPackageVersion: 0.0.106 vstsPackageVersion: 0.0.109
- task: NuGetToolInstaller@1 - task: NuGetToolInstaller@1
displayName: Use NuGet 6.x displayName: Use NuGet 6.x

23
build/pipelines/templates/package-msixbundle.yaml
View file

@ -83,7 +83,7 @@ jobs:
itemPattern: '**/*.msix' itemPattern: '**/*.msix'
targetPath: $(Build.ArtifactStagingDirectory)\drop\ARM64 targetPath: $(Build.ArtifactStagingDirectory)\drop\ARM64
- ${{ if eq(parameters.createStoreBrokerPackages, true) }}: - ${{ if or(eq(parameters.createStoreBrokerPackages, true), eq(parameters.signBundle, true)) }}:
- task: UniversalPackages@0 - task: UniversalPackages@0
displayName: Download internals package displayName: Download internals package
inputs: inputs:
@ -91,7 +91,7 @@ jobs:
downloadDirectory: $(Build.SourcesDirectory) downloadDirectory: $(Build.SourcesDirectory)
vstsFeed: WindowsInboxApps vstsFeed: WindowsInboxApps
vstsFeedPackage: calculator-internals vstsFeedPackage: calculator-internals
vstsPackageVersion: 0.0.106 vstsPackageVersion: 0.0.109
- task: PowerShell@2 - task: PowerShell@2
displayName: Generate MsixBundle mapping displayName: Generate MsixBundle mapping
@ -117,10 +117,25 @@ jobs:
targetFolder: $(Build.ArtifactStagingDirectory)\msixBundle targetFolder: $(Build.ArtifactStagingDirectory)\msixBundle
- ${{ if eq(parameters.signBundle, true) }}: - ${{ if eq(parameters.signBundle, true) }}:
- task: EsrpCodeSigning@2 - pwsh: |
$configPath = "$(Build.SourcesDirectory)\Tools\Build\Signing\ESRP-codesign.json"
$config = Get-Content -Raw $configPath | ConvertFrom-Json
$esrpClientId = $config.AppRegistrationClientId
$esrpTenantId = $config.AppRegistrationTenantId
echo ClientId:$esrpClientId, TenantId:$esrpTenantId
echo "##vso[task.setvariable variable=EsrpClientId]$esrpClientId"
echo "##vso[task.setvariable variable=EsrpTenantId]$esrpTenantId"
displayName: Get ESRP config
- task: EsrpCodeSigning@5
displayName: Send msixbundle to code signing service displayName: Send msixbundle to code signing service
inputs: inputs:
ConnectedServiceName: Essential Experiences Codesign ConnectedServiceName: Essential Experiences Codesign ARM
AppRegistrationClientId: $(EsrpClientId)
AppRegistrationTenantId: $(EsrpTenantId)
AuthAKVName: EE-CodeSignKeyVault
AuthCertName: EE-Auth-Cert
AuthSignCertName: EE-Codesign-Cert
FolderPath: $(Build.ArtifactStagingDirectory)\msixBundle FolderPath: $(Build.ArtifactStagingDirectory)\msixBundle
Pattern: Microsoft.WindowsCalculator_8wekyb3d8bbwe.msixbundle Pattern: Microsoft.WindowsCalculator_8wekyb3d8bbwe.msixbundle
signConfigType: inlineSignParams signConfigType: inlineSignParams

2
build/pipelines/templates/release-vpack.yaml
View file

@ -35,7 +35,7 @@ jobs:
downloadDirectory: $(Build.SourcesDirectory) downloadDirectory: $(Build.SourcesDirectory)
vstsFeed: WindowsInboxApps vstsFeed: WindowsInboxApps
vstsFeedPackage: calculator-internals vstsFeedPackage: calculator-internals
vstsPackageVersion: 0.0.106 vstsPackageVersion: 0.0.109
- pwsh: | - pwsh: |
$configPath = "$(Build.SourcesDirectory)\Tools\Build\Signing\ESRP-auth.json" $configPath = "$(Build.SourcesDirectory)\Tools\Build\Signing\ESRP-auth.json"