diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json
new file mode 100644
index 00000000..1213a528
--- /dev/null
+++ b/.config/dotnet-tools.json
@@ -0,0 +1,18 @@
+{
+ "version": 1,
+ "isRoot": true,
+ "tools": {
+ "azuresigntool": {
+ "version": "2.0.17",
+ "commands": [
+ "azuresigntool"
+ ]
+ },
+ "nugetkeyvaultsigntool": {
+ "version": "1.2.28",
+ "commands": [
+ "NuGetKeyVaultSignTool"
+ ]
+ }
+ }
+}
\ No newline at end of file
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 791be7b5..b56034fb 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -9,11 +9,7 @@ pr:
- '*'
variables:
-- name: kv-access-token
- value: ''
- group: AzureKeyVault
-- name: DOTNET_SKIP_FIRST_TIME_EXPERIENCE
- value: 1
- name: BUILD_NUMBER
value: $[counter('buildnumber', 1)]
@@ -38,10 +34,8 @@ stages:
packageType: runtime
- powershell: ./build.ps1 -ci
displayName: Invoke build.ps1
- condition: eq(variables['kv-access-token'], '')
- - powershell: ./build.ps1 -ci /p:AzureKeyVaultClientSecret=$(kv-access-token)
- displayName: Invoke build.ps1
- condition: ne(variables['kv-access-token'], '')
+ env:
+ KEYVAULT_CLIENT_SECRET: kv-access-token
- powershell: .\docs\generate.ps1 -Verbose -NoBuild
displayName: Compile documentation
- task: PublishTestResults@2
diff --git a/build.ps1 b/build.ps1
index 1b42acf5..a5715a12 100755
--- a/build.ps1
+++ b/build.ps1
@@ -20,8 +20,11 @@ Import-Module -Force -Scope Local "$PSScriptRoot/src/common.psm1"
# Main
#
+$isPr = $env:BUILD_REASON -eq 'PullRequest'
+
if ($env:CI -eq 'true') {
$ci = $true
+ & dotnet --info
}
if (!$Configuration) {
@@ -32,7 +35,6 @@ if ($ci) {
$MSBuildArgs += '-p:CI=true'
}
-$isPr = $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT -or ($env:BUILD_REASON -eq 'PullRequest')
if (-not (Test-Path variable:\IsCoreCLR)) {
$IsWindows = $true
}
@@ -40,36 +42,16 @@ if (-not (Test-Path variable:\IsCoreCLR)) {
$CodeSign = $sign -or ($ci -and -not $isPr -and $IsWindows)
if ($CodeSign) {
- $toolsDir = "$PSScriptRoot/.build/tools"
- $AzureSignToolPath = "$toolsDir/azuresigntool"
- if ($IsWindows) {
- $AzureSignToolPath += ".exe"
- }
-
- if (-not (Test-Path $AzureSignToolPath)) {
- exec dotnet tool install --tool-path $toolsDir `
- AzureSignTool `
- --version 2.0.17
- }
-
- $nstDir = "$toolsDir/nugetsigntool/1.1.4"
- $NuGetKeyVaultSignToolPath = "$nstDir/tools/net471/NuGetKeyVaultSignTool.exe"
- if (-not (Test-Path $NuGetKeyVaultSignToolPath)) {
- New-Item $nstDir -ItemType Directory -ErrorAction Ignore | Out-Null
- Invoke-WebRequest https://github.com/onovotny/NuGetKeyVaultSignTool/releases/download/v1.1.4/NuGetKeyVaultSignTool.1.1.4.nupkg `
- -OutFile "$nstDir/NuGetKeyVaultSignTool.zip"
- Expand-Archive "$nstDir/NuGetKeyVaultSignTool.zip" -DestinationPath $nstDir
- }
-
+ exec dotnet tool restore
$MSBuildArgs += '-p:CodeSign=true'
- $MSBuildArgs += "-p:AzureSignToolPath=$AzureSignToolPath"
- $MSBuildArgs += "-p:NuGetKeyVaultSignToolPath=$NuGetKeyVaultSignToolPath"
}
$artifacts = "$PSScriptRoot/artifacts/"
Remove-Item -Recurse $artifacts -ErrorAction Ignore
-exec dotnet msbuild /t:UpdateCiSettings @MSBuildArgs
+if ($ci) {
+ exec dotnet msbuild /t:UpdateCiSettings @MSBuildArgs
+}
exec dotnet build --configuration $Configuration '-warnaserror:CS1591' @MSBuildArgs
exec dotnet pack --no-restore --no-build --configuration $Configuration -o $artifacts @MSBuildArgs
exec dotnet build --configuration $Configuration "$PSScriptRoot/docs/samples/samples.sln"
diff --git a/src/CodeSign.targets b/src/CodeSign.targets
index 5245bfd1..a0588c97 100644
--- a/src/CodeSign.targets
+++ b/src/CodeSign.targets
@@ -12,10 +12,8 @@
Inputs="$(TargetPath)"
Outputs="$(CodeSignCacheFile)">
-
-
- "$(AzureSignToolPath)" sign
+ dotnet tool run azuresigntool sign
$(SignToolArgs) --file-digest sha256
$(SignToolArgs) --description-url $(PackageProjectUrl)
$(SignToolArgs) --no-page-hashing
@@ -38,12 +36,11 @@
BeforeTargets="Pack"
Inputs="$(PackageOutputAbsolutePath)$(PackageId).$(PackageVersion).nupkg"
Outputs="$(PackageSignCacheFile)">
-
$(PackageOutputAbsolutePath)$(PackageId).$(PackageVersion).nupkg
- "$(NuGetKeyVaultSignToolPath)" sign
+ dotnet tool run NuGetKeyVaultSignTool sign
$(NupkgSignToolArgs) --file-digest sha256
$(NupkgSignToolArgs) --timestamp-rfc3161 http://timestamp.digicert.com
$(NupkgSignToolArgs) --timestamp-digest sha256