DevWiki/calculator
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update signing config in release build (#1330)

Browse Source
This commit is contained in:
Matt Cooley 2020-07-31 08:09:44 -07:00 committed by GitHub
parent fa81d9d75d
commit 271d326dc8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 48 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
build/config/SignConfig.xml
View File

@ -1,5 +0,0 @@
<SignConfigXML>
<job platform="" configuration="" certSubject="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" jobname="EngFunSimpleSign" approvers="">
<file src="__INPATHROOT__\Microsoft.WindowsCalculator_8wekyb3d8bbwe.appxbundle" signType="FirstPartyWindowsStoreVNext" dest="__OUTPATHROOT__\Microsoft.WindowsCalculator_8wekyb3d8bbwe.appxbundle" />
</job>
</SignConfigXML>

2
build/pipelines/azure-pipelines.release.yaml
View File

@ -49,5 +49,7 @@ jobs:
platform: x86 platform: x86
- template: ./templates/package-appxbundle.yaml - template: ./templates/package-appxbundle.yaml
parameters:
signBundle: true
- template: ./templates/prepare-release-internalonly.yaml - template: ./templates/prepare-release-internalonly.yaml

43
build/pipelines/templates/package-appxbundle.yaml
View File

@ -1,6 +1,9 @@
# This template contains a job which takes .appx packages which were built separately for each # This template contains a job which takes .appx packages which were built separately for each
# architecture (arm, x86, etc.) and combines them into a single .appxbundle. # architecture (arm, x86, etc.) and combines them into a single .appxbundle.
parameters:
signBundle: false
jobs: jobs:
- job: Package - job: Package
dependsOn: dependsOn:
@ -58,3 +61,43 @@ jobs:
inputs: inputs:
artifactName: appxBundle artifactName: appxBundle
pathToPublish: $(Build.ArtifactStagingDirectory)\appxBundle pathToPublish: $(Build.ArtifactStagingDirectory)\appxBundle
- ${{ if eq(parameters.signBundle, true) }}:
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
displayName: Send appxbundle to code signing service
inputs:
ConnectedServiceName: Essential Experiences Codesign
FolderPath: $(Build.ArtifactStagingDirectory)\appxBundle
Pattern: Microsoft.WindowsCalculator_8wekyb3d8bbwe.appxbundle
signConfigType: inlineSignParams
inlineOperation: |
[
{
"CertTemplateName": "WINMSAPP1ST",
"CertSubjectName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US",
"KeyCode": "Dynamic",
"OperationCode": "SigntoolvNextSign",
"Parameters": {
"OpusName": "Microsoft",
"OpusInfo": "http://www.microsoft.com",
"FileDigest": "/fd \"SHA256\"",
"TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
},
"ToolName": "sign",
"ToolVersion": "1.0"
},
{
"CertTemplateName": "WINMSAPP1ST",
"CertSubjectName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US",
"KeyCode": "Dynamic",
"OperationCode": "SigntoolvNextVerify",
"Parameters": {},
"ToolName": "sign",
"ToolVersion": "1.0"
}
]
- task: PublishBuildArtifacts@1
displayName: Publish AppxBundleSigned artifact
inputs:
pathtoPublish: $(Build.ArtifactStagingDirectory)\appxBundle
artifactName: appxBundleSigned

22
build/pipelines/templates/prepare-release-internalonly.yaml
View File

@ -2,8 +2,6 @@
# Windows using Microsoft-internal systems. It relies on Microsoft-internal resources and will not # Windows using Microsoft-internal systems. It relies on Microsoft-internal resources and will not
# work outside of Microsoft. # work outside of Microsoft.
# Specifically, this job: # Specifically, this job:
# - Signs the bundle using a secure system. If you want to build your own, use SignTool following
# the example in the continuous integration pipeline.
# - Builds VPacks for including the app in the Windows OS build. Azure DevOps Universal Packages # - Builds VPacks for including the app in the Windows OS build. Azure DevOps Universal Packages
# offers similar capabilities. # offers similar capabilities.
# - Creates StoreBroker packages containing Microsoft Store assets. Although the Store assets for # - Creates StoreBroker packages containing Microsoft Store assets. Although the Store assets for
@ -45,29 +43,15 @@ jobs:
versionSpec: 5.x versionSpec: 5.x
- task: DownloadBuildArtifacts@0 - task: DownloadBuildArtifacts@0
displayName: Download appxBundle artifact displayName: Download appxBundleSigned artifact
inputs: inputs:
artifactName: appxBundle artifactName: appxBundleSigned
- task: PkgESCodeSign@10
displayName: Send bundle to Package ES code signing service
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
inputs:
signConfigXml: build\config\SignConfig.xml
inPathRoot: $(Build.ArtifactStagingDirectory)\appxBundle
outPathRoot: $(Build.ArtifactStagingDirectory)\appxBundleSigned
- task: PublishBuildArtifacts@1
displayName: Publish AppxBundleSigned artifact
inputs:
pathtoPublish: $(Build.ArtifactStagingDirectory)\appxBundleSigned
artifactName: AppxBundleSigned
- task: CopyFiles@2 - task: CopyFiles@2
displayName: Copy signed AppxBundle to vpack staging folder displayName: Copy signed AppxBundle to vpack staging folder
inputs: inputs:
sourceFolder: $(Build.ArtifactStagingDirectory)\appxBundleSigned sourceFolder: $(Build.ArtifactStagingDirectory)\appxBundleSigned
contents: Microsoft.WindowsCalculator_8wekyb3d8bbwe.appxbundle
targetFolder: $(Build.ArtifactStagingDirectory)\vpack\appxBundle targetFolder: $(Build.ArtifactStagingDirectory)\vpack\appxBundle
- task: PkgESVPack@10 - task: PkgESVPack@10