@@ -49,6 +49,8 @@ stages:
4949 displayName : Code Signing
5050 pool :
5151 vmImage : windows-latest # Code signing must run on a Windows agent for Authenticode signing (dll/exe)
52+ variables :
53+ - group : Sign Client Credentials # This is a variable group with secrets in it
5254
5355 steps :
5456
@@ -69,26 +71,30 @@ stages:
6971 "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(Pipeline.Workspace)\BuildPackages"
7072failOnStderr : true
7173
74+ # Install the code signing tool
7275 - task : DotNetCoreCLI@2
7376 inputs :
7477 command : custom
7578 custom : tool
76- arguments : install --tool-path . SignClient
79+ arguments : install --tool-path . sign --version 0.9.1-beta.23530.1
7780 displayName : Install SignTool tool
7881
7982 - pwsh : |
80- .\SignClient "Sign" `
81- --baseDirectory "$(Pipeline.Workspace)\BuildPackages" `
82- --input "**/*.*" `
83- --config "$(Pipeline.Workspace)\signing\SignClient.json" `
83+ .\sign code azure-key-vault `
84+ "**/*.*" `
85+ --base-directory "$(Pipeline.Workspace)\BuildPackages" `
8486 --filelist "$(Pipeline.Workspace)\signing\filelist.txt" `
85- --user "$(SignClientUser)" `
86- --secret "$(SignClientSecret)" `
87- --name "DataGrid Extensions" `
87+ --publisher-name "tom-englert" `
8888 --description "DataGrid Extensions" `
8989 --descriptionUrl "https://github.com/dotnet/DataGridExtensions"
90+ --azure-key-vault-tenant-id "$(SignTenantId)" `
91+ --azure-key-vault-client-id "$(SignClientId)" `
92+ --azure-key-vault-client-secret '$(SignClientSecret)' `
93+ --azure-key-vault-certificate "$(SignKeyVaultCertificate)" `
94+ --azure-key-vault-url "$(SignKeyVaultUrl)"
9095 displayName: Sign packages
9196
92- publish : $(Pipeline.Workspace)\BuildPackages
97+ # Publish the signed packages
98+ - publish : $(Pipeline.Workspace)/BuildPackages
9399 displayName : Publish Signed Packages
94100 artifact : SignedPackages
0 commit comments