-
Notifications
You must be signed in to change notification settings - Fork 0
/
azure-pipelines.yml
102 lines (96 loc) · 3.49 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml
trigger:
- develop
pool:
vmImage: windows-latest
variables:
Major: '1'
Minor: '0'
Patch: '0'
steps:
- task: AzureKeyVault@1
inputs:
azureSubscription: 'AzureResources'
KeyVaultName: 'devop-api-key-vault'
SecretsFilter: '*'
RunAsPreJob: true
#Found a decent tutorial for setting up secrets in devops and github
#https://samlearnsazure.blog/2020/06/17/using-secrets-safely-in-development-with-net-core/
- task: PowerShell@2
inputs:
targetType: 'inline'
script: |
$pathToJson = "Candid.GuideStarAPI.Tests/appsettings.test.json"
$settings = Get-Content $pathToJson | ConvertFrom-Json
$settings.Keys.CHARITY_CHECK_KEY = "$(CHARITY-CHECK-KEY)"
$settings.Keys.CHARITY_CHECK_PDF_KEY = "$(CHARITY-CHECK-PDF-KEY)"
$settings.Keys.ESSENTIALS_KEY = "$(ESSENTIALS-KEY)"
$settings.Keys.PREMIER_KEY = "$(PREMIER-KEY)"
$settings | ConvertTo-Json | set-content $pathToJson
pwsh: true
- task: DotNetCoreCLI@2
displayName: 'Restore'
inputs:
command: 'restore'
projects: '**/*.csproj'
verbosityRestore: 'Normal'
feedsToUse: 'select'
includeNuGetOrg: true
- task: DotNetCoreCLI@2
displayName: 'Build'
inputs:
command: 'build'
projects: '**/*.csproj'
versioningScheme: 'byPrereleaseNumber'
- task: DotNetCoreCLI@2
displayName: 'Test'
inputs:
command: 'test'
projects: '**/*.Tests.csproj'
- task: DotNetCoreCLI@2
displayName: 'Pack'
inputs:
command: pack
nobuild: true
packagesToPack: '**/*.csproj;!**/*.Tests.csproj'
versioningScheme: byPrereleaseNumber
majorVersion: '$(Major)'
minorVersion: '$(Minor)'
patchVersion: '$(Patch)'
- task: PowerShell@2
#found basic explanation here: https://github.com/microsoft/azure-pipelines-tasks/issues/13553
displayName: 'Signing package'
inputs:
targetType: 'inline'
script: |
$package = gci -Path $(Build.ArtifactStagingDirectory) -Filter *.nupkg
$kvSecretBytes = [System.Convert]::FromBase64String("$(GuideStarNugetCert)")
$certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
$certCollection.Import($kvSecretBytes, $null, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
$protectedCertificateBytes = $certCollection.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, "$(SIGNING-CERT-PASSWORD)")
$pfxPath = "temp.pfx"
[System.IO.File]::WriteAllBytes($pfxPath, $protectedCertificateBytes)
nuget sign $package.FullName -CertificatePath $pfxPath -CertificatePassword "$(SIGNING-CERT-PASSWORD)" -Timestamper "http://timestamp.digicert.com"
failOnStderr: true
pwsh: true
- task: PublishSymbols@2
displayName: 'Publish Symbols'
inputs:
SearchPattern: './Candid.GuideStarAPI/bin/**/*.pdb'
SymbolServerType: 'TeamServices'
- task: DotNetCoreCLI@2
displayName: 'Push to local nuget repo'
inputs:
command: 'push'
packagesToPush: '$(Build.ArtifactStagingDirectory)/*.nupkg'
nuGetFeedType: 'internal'
publishVstsFeed: '6f219f31-982d-413d-a320-c7741368a80d'
- task: NuGetCommand@2
inputs:
command: 'push'
packagesToPush: '$(Build.ArtifactStagingDirectory)/**/*.nupkg;!$(Build.ArtifactStagingDirectory)/**/*.symbols.nupkg'
nuGetFeedType: 'external'
publishFeedCredentials: 'Candid Nuget'