-
Notifications
You must be signed in to change notification settings - Fork 1
/
azure-pipelines.yml
90 lines (77 loc) · 2.37 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
trigger:
- main
- rel/*
pr:
- main
- rel/*
stages:
- stage: Build
jobs:
- job: Build
pool:
vmImage: ubuntu-latest
variables:
BuildConfiguration: Release
steps:
- task: UseDotNet@2
displayName: 'Use .NET SDK 6.x'
inputs:
version: 6.x
- task: DotNetCoreCLI@2
inputs:
command: pack
packagesToPack: src/AClassLibrary/AClassLibrary.csproj
configuration: $(BuildConfiguration)
packDirectory: $(Build.ArtifactStagingDirectory)/Packages
verbosityPack: Minimal
displayName: Build Package
- publish: $(Build.ArtifactStagingDirectory)/Packages
displayName: Publish Build Artifacts
artifact: BuildPackages
- publish: config
displayName: Publish signing file list
artifact: config
- stage: CodeSign
dependsOn: Build
condition: and(succeeded('Build'), not(eq(variables['build.reason'], 'PullRequest')))
jobs:
- job: CodeSign
displayName: Code Signing
pool:
vmImage: windows-latest
variables:
- group: Sign Client Credentials
steps:
- download: current
artifact: config
displayName: Download signing file list
- download: current
artifact: BuildPackages
displayName: Download build artifacts
- task: UseDotNet@2
displayName: 'Use .NET SDK 6.x'
inputs:
version: 6.x
- task: DotNetCoreCLI@2
inputs:
command: custom
custom: tool
arguments: install --tool-path . sign --version 0.9.0-beta.23127.3
displayName: Install SignTool tool
- pwsh: |
.\sign code azure-key-vault `
"**/*.nupkg" `
--base-directory "$(Pipeline.Workspace)\BuildPackages" `
--file-list "$(Pipeline.Workspace)\config\filelist.txt" `
--publisher-name "CodeSignDemo" `
--description "CodeSignDemo" `
--description-url "https://github.com/novotnyllc/CodeSignDemo" `
--azure-key-vault-tenant-id "$(SignTenantId)" `
--azure-key-vault-client-id "$(SignClientId)" `
--azure-key-vault-client-secret '$(SignClientSecret)' `
--azure-key-vault-certificate "$(SignKeyVaultCertificate)" `
--azure-key-vault-url "$(SignKeyVaultUrl)"
displayName: Sign packages
- publish: $(Pipeline.Workspace)/BuildPackages
displayName: Publish Signed Packages
artifact: SignedPackages