mirror of
https://github.com/microsoft/PowerToys.git
synced 2024-11-27 14:59:16 +08:00
Move to ESRPv5, which supports certificate authentication (#32775)
Co-authored-by: Jaime Bernardo <jaime@janeasystems.com>
This commit is contained in:
parent
9699feea40
commit
a46319f19a
1
.github/actions/spell-check/expect.txt
vendored
1
.github/actions/spell-check/expect.txt
vendored
@ -29,6 +29,7 @@ AFFINETRANSFORM
|
||||
AFX
|
||||
AGGREGATABLE
|
||||
AHybrid
|
||||
AKV
|
||||
ALarger
|
||||
ALLAPPS
|
||||
ALLINPUT
|
||||
|
@ -304,6 +304,7 @@
|
||||
"MessagePack.dll",
|
||||
"Nerdbank.Streams.dll",
|
||||
"WinUI3Apps\\SharpCompress.dll",
|
||||
"WinUI3Apps\\ZstdSharp.dll",
|
||||
"ColorCode.Core.dll",
|
||||
"ColorCode.UWP.dll",
|
||||
"UnitsNet.dll",
|
||||
|
@ -11,6 +11,9 @@ parameters:
|
||||
- name: installerPrefix
|
||||
type: string
|
||||
default: "PowerToysSetup"
|
||||
- name: signingParameters
|
||||
type: object
|
||||
default: {}
|
||||
|
||||
steps:
|
||||
- task: VSBuild@1
|
||||
@ -24,10 +27,10 @@ steps:
|
||||
clean: true
|
||||
maximumCpuCount: true
|
||||
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
|
||||
displayName: Sign PowerToysSetupCustomActions DLL
|
||||
inputs:
|
||||
ConnectedServiceName: "Terminal/Console/WinAppDriver Team Code Signing Connection"
|
||||
${{ insert }}: ${{ parameters.signingParameters }}
|
||||
FolderPath: 'installer/PowerToysSetupCustomActions/$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}'
|
||||
signType: batchSigning
|
||||
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_installer.json'
|
||||
@ -74,10 +77,10 @@ steps:
|
||||
scriptName: .pipelines/versionAndSignCheck.ps1
|
||||
arguments: -targetDir '$(build.sourcesdirectory)\extractedMsi\Binary'
|
||||
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
|
||||
displayName: Sign MSI
|
||||
inputs:
|
||||
ConnectedServiceName: "Terminal/Console/WinAppDriver Team Code Signing Connection"
|
||||
${{ insert }}: ${{ parameters.signingParameters }}
|
||||
FolderPath: 'installer/PowerToysSetup/$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}'
|
||||
signType: batchSigning
|
||||
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_installer.json'
|
||||
@ -101,10 +104,10 @@ steps:
|
||||
inputs:
|
||||
script: '"C:\Program Files (x86)\WiX Toolset v3.14\bin\insignia.exe" -ib installer\PowerToysSetup\$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}\${{parameters.installerPrefix}}-${{ parameters.versionNumber }}-$(BuildPlatform).exe -o installer\engine.exe'
|
||||
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
|
||||
displayName: "ESRP CodeSigning (Engine)"
|
||||
inputs:
|
||||
ConnectedServiceName: "Terminal/Console/WinAppDriver Team Code Signing Connection"
|
||||
${{ insert }}: ${{ parameters.signingParameters }}
|
||||
FolderPath: "installer"
|
||||
Pattern: engine.exe
|
||||
signConfigType: inlineSignParams
|
||||
@ -137,10 +140,10 @@ steps:
|
||||
inputs:
|
||||
script: '"C:\Program Files (x86)\WiX Toolset v3.14\bin\insignia.exe" -ab installer\engine.exe installer\PowerToysSetup\$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}\${{parameters.installerPrefix}}-${{ parameters.versionNumber }}-$(BuildPlatform).exe -o installer\PowerToysSetup\$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}\${{parameters.installerPrefix}}-${{ parameters.versionNumber }}-$(BuildPlatform).exe'
|
||||
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
|
||||
displayName: Sign Bootstrapper
|
||||
inputs:
|
||||
ConnectedServiceName: "Terminal/Console/WinAppDriver Team Code Signing Connection"
|
||||
${{ insert }}: ${{ parameters.signingParameters }}
|
||||
FolderPath: 'installer/PowerToysSetup/$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}'
|
||||
signType: batchSigning
|
||||
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_installer.json'
|
||||
|
@ -23,6 +23,15 @@ parameters:
|
||||
- name: versionNumber
|
||||
type: string
|
||||
default: '0.0.1'
|
||||
- name: signingParameters
|
||||
type: object
|
||||
default:
|
||||
ConnectedServiceName: $(SigningServiceName)
|
||||
AppRegistrationClientId: $(SigningAppId)
|
||||
AppRegistrationTenantId: $(SigningTenantId)
|
||||
AuthAKVName: $(SigningAKVName)
|
||||
AuthCertName: $(SigningAuthCertName)
|
||||
AuthSignCertName: $(SigningSignCertName)
|
||||
|
||||
extends:
|
||||
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
|
||||
@ -164,10 +173,10 @@ extends:
|
||||
maximumCpuCount: true
|
||||
|
||||
### BEGIN SECTION - build and sign nuget packages for abstracted UI utils
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
|
||||
displayName: Sign Utilities libraries
|
||||
inputs:
|
||||
ConnectedServiceName: 'Terminal/Console/WinAppDriver Team Code Signing Connection'
|
||||
${{ insert }}: ${{ parameters.signingParameters }}
|
||||
FolderPath: 'src/modules'
|
||||
signType: batchSigning
|
||||
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_abstracted_utils_dll.json'
|
||||
@ -207,10 +216,10 @@ extends:
|
||||
flattenFolders: True
|
||||
targetFolder: $(Build.ArtifactStagingDirectory)/nupkg
|
||||
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
|
||||
displayName: Submit *.nupkg to ESRP for code signing
|
||||
inputs:
|
||||
ConnectedServiceName: 'Terminal/Console/WinAppDriver Team Code Signing Connection'
|
||||
${{ insert }}: ${{ parameters.signingParameters }}
|
||||
FolderPath: $(Build.ArtifactStagingDirectory)/nupkg
|
||||
Pattern: '*.nupkg'
|
||||
UseMinimatch: true
|
||||
@ -412,28 +421,28 @@ extends:
|
||||
# reference https://dev.azure.com/microsoft/Dart/_git/AppDriver?path=/ESRPSigning.json&version=GBarm64-netcore&_a=contents for winappdriver
|
||||
# https://dev.azure.com/microsoft/Dart/_git/AppDriver?path=/CIPolicy.xml&version=GBarm64-netcore&_a=contents
|
||||
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
|
||||
displayName: Sign Core PT
|
||||
inputs:
|
||||
ConnectedServiceName: 'Terminal/Console/WinAppDriver Team Code Signing Connection'
|
||||
${{ insert }}: ${{ parameters.signingParameters }}
|
||||
FolderPath: '$(BuildPlatform)/$(BuildConfiguration)' # Video conf uses x86 and x64.
|
||||
signType: batchSigning
|
||||
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_core.json'
|
||||
ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml'
|
||||
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
|
||||
displayName: Sign DSC Powershell files
|
||||
inputs:
|
||||
ConnectedServiceName: 'Terminal/Console/WinAppDriver Team Code Signing Connection'
|
||||
${{ insert }}: ${{ parameters.signingParameters }}
|
||||
FolderPath: 'src/dsc/Microsoft.PowerToys.Configure'
|
||||
signType: batchSigning
|
||||
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_DSC.json'
|
||||
ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml'
|
||||
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3
|
||||
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
|
||||
displayName: Sign x86 directshow VCM
|
||||
inputs:
|
||||
ConnectedServiceName: 'Terminal/Console/WinAppDriver Team Code Signing Connection'
|
||||
${{ insert }}: ${{ parameters.signingParameters }}
|
||||
FolderPath: 'x86/$(BuildConfiguration)' # Video conf uses x86 and x64.
|
||||
signType: batchSigning
|
||||
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_vcm.json'
|
||||
@ -477,6 +486,7 @@ extends:
|
||||
|
||||
- template: .pipelines/installer-steps.yml@self
|
||||
parameters:
|
||||
signingParameters: ${{ parameters.signingParameters }}
|
||||
versionNumber: ${{ parameters.versionNumber }}
|
||||
perUserArg: "false"
|
||||
buildSubDir: "MachineSetup"
|
||||
@ -491,6 +501,7 @@ extends:
|
||||
|
||||
- template: .pipelines/installer-steps.yml@self
|
||||
parameters:
|
||||
signingParameters: ${{ parameters.signingParameters }}
|
||||
versionNumber: ${{ parameters.versionNumber }}
|
||||
perUserArg: "true"
|
||||
buildSubDir: "UserSetup"
|
||||
|
Loading…
Reference in New Issue
Block a user