-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathazure-pipelines.yml
70 lines (55 loc) · 2.18 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# ASP.NET
# Build and test ASP.NET projects.
# Add steps that publish symbols, save build artifacts, deploy, and more:
# https://docs.microsoft.com/azure/devops/pipelines/apps/aspnet/build-aspnet-4
trigger:
- master
pool:
vmImage: 'windows-latest'
steps:
- task: PowerShell@2
inputs:
targetType: 'inline'
script: |
param(
[string]$sigingListFile = "$psscriptroot\filestosign.csv",
[string]$signingRoot = "$PSScriptRoot\..\..\..\..",
[string]$KeyVaultUrl = "https://sdl-lt-keyvault.vault.azure.net/",
[string]$TimestampServer="http://timestamp.digicert.com",
[string]$CertificateName="SDLPLCAuthenticode"
)
$SigningClientId = "unset"
$SigningSecret = "unset"
if ($null -ne $env:KeyVaultUrl)
{
$KeyVaultUrl = $env:KeyVaultUrl
}
if ($null -ne $env:CurrentCertificateName)
{
$CertificateName = $env:CurrentCertificateName
}
if ($env:SigningSecret -ne $null)
{
$SigningSecret = $env:SigningSecret
}
if ($env:SigningClientId -ne $null)
{
$SigningClientId = $env:SigningClientId
}
#files to sign are now in a csv to keep the code generic -Header "Description", "Path"
$FilesToSign = import-csv -Path $sigingListFile
$buildRoot="$psscriptroot\..\..\..\.."
$SrcRoot="$psscriptroot\..\..\.."
$ToolPath=[System.IO.Path]::GetFullPath("$SrcRoot\tools\azuresigntool.exe");
$signingRoot=[System.IO.Path]::GetFullPath("$signingRoot");
function AuthenticodeSign
{
param( [string]$path, [string]$description)
attrib -r "$path"
& "$ToolPath" sign -kvu "$KeyVaultUrl" -kvi "$SigningClientId" -kvs "$SigningSecret" -kvc "$CertificateName" -d "$description" -tr "$TimestampServer" -td sha512 -fd sha512 -v "$path"
}
foreach ($item in $FilesToSign)
{
$path=[System.IO.Path]::GetFullPath($signingRoot + $item.Path);
AuthenticodeSign "$path" $item.Description
}