@@ -27,6 +27,24 @@ parameters:
2727 os : macOS
2828 runtime : osx-arm64
2929 archiveExt : tar.gz
30+ - pool :
31+ name : Azure-Pipelines-1ESPT-ExDShared
32+ image : ubuntu-latest
33+ os : linux
34+ runtime : linux-x64
35+ archiveExt : deb
36+ - pool :
37+ name : Azure-Pipelines-1ESPT-ExDShared
38+ image : windows-latest
39+ os : windows
40+ runtime : win-arm64
41+ archiveExt : zip
42+ - pool :
43+ name : Azure-Pipelines-1ESPT-ExDShared
44+ image : ubuntu-latest
45+ os : linux
46+ runtime : linux-arm64
47+ archiveExt : deb
3048
3149variables :
3250- name : tags
@@ -51,13 +69,14 @@ resources:
5169 ref : refs/tags/release
5270
5371extends :
54- template : v1/Office.Official .PipelineTemplate.yml@OfficePipelineTemplates
72+ template : v1/Office.Unofficial .PipelineTemplate.yml@OfficePipelineTemplates
5573 parameters :
5674 pool :
5775 name : Azure-Pipelines-1ESPT-ExDShared
5876 image : ubuntu-latest
5977 os : linux
6078 sdl :
79+ enableAllTools : false
6180 sourceAnalysisPool :
6281 name : Azure-Pipelines-1ESPT-ExDShared
6382 image : windows-latest
@@ -108,6 +127,8 @@ extends:
108127 displayName : Use NuGet 6.x
109128 inputs :
110129 versionSpec : 6.x
130+ - task : NuGetAuthenticate@1
131+ displayName : Authenticate to Azure Artifacts
111132 - task : DotNetCoreCLI@2
112133 displayName : Install dependencies
113134 inputs :
@@ -162,12 +183,14 @@ extends:
162183 targetPath : $(artifactsPath)-${{ config.runtime }}-signed
163184 steps :
164185 - task : EsrpCodeSigning@5
165- displayName : Sign artifacts win-x64
166- condition : eq ('${{ config.runtime }}', 'win-x64 ')
186+ displayName : Sign artifacts win
187+ condition : startsWith ('${{ config.runtime }}', 'win')
167188 inputs :
168189 ConnectedServiceName : $(ESRP_KV_SERVICE_CONNECTION)
190+ UseMSIAuthentication : true
169191 AppRegistrationClientId : $(SIGNING_AAD_ID)
170192 AppRegistrationTenantId : $(SIGNING_TENANT_ID)
193+ EsrpClientId : " 9f327a71-bffd-4a67-8a7b-443e11df2909"
171194 AuthAKVName : $(AZURE_VAULT)
172195 AuthCertName : $(AZURE_VAULT_ESRP_AAD_CERT_NAME)
173196 AuthSignCertName : $(AZURE_VAULT_ESRP_REQ_CERT_NAME)
@@ -201,10 +224,10 @@ extends:
201224 MaxConcurrency : ' 50'
202225 MaxRetryAttempts : ' 5'
203226 PendingAnalysisWaitTimeoutMinutes : ' 5'
204- # We need to zip the artifacts for osx before sending to ESRP for signing.
227+ # We need to zip the artifacts for osx and linux before sending to ESRP for signing.
205228 - task : ArchiveFiles@2
206229 displayName : Codesigning - zip artifacts to send to ESRP
207- condition : startsWith('${{ config.runtime }}', 'osx')
230+ condition : or( startsWith('${{ config.runtime }}','osx'), startsWith('${{ config.runtime }}','linux') )
208231 inputs :
209232 rootFolderOrFile : $(artifactsPath)-${{ config.runtime }}
210233 includeRootFolder : false
@@ -215,8 +238,10 @@ extends:
215238 condition : startsWith('${{ config.runtime }}', 'osx')
216239 inputs :
217240 ConnectedServiceName : $(ESRP_KV_SERVICE_CONNECTION)
241+ UseMSIAuthentication : true
218242 AppRegistrationClientId : $(SIGNING_AAD_ID)
219243 AppRegistrationTenantId : $(SIGNING_TENANT_ID)
244+ EsrpClientId : " 9f327a71-bffd-4a67-8a7b-443e11df2909"
220245 AuthAKVName : $(AZURE_VAULT)
221246 AuthCertName : $(AZURE_VAULT_ESRP_AAD_CERT_NAME)
222247 AuthSignCertName : $(AZURE_VAULT_ESRP_REQ_CERT_NAME)
@@ -244,9 +269,46 @@ extends:
244269 MaxConcurrency : ' 50'
245270 MaxRetryAttempts : ' 5'
246271 PendingAnalysisWaitTimeoutMinutes : ' 5'
272+ # Linux signing with ESRP
273+ - task : EsrpCodeSigning@5
274+ displayName : Sign artifacts linux-x64
275+ condition : startsWith('${{ config.runtime }}','linux')
276+ inputs :
277+ ConnectedServiceName : $(ESRP_KV_SERVICE_CONNECTION)
278+ UseMSIAuthentication : true
279+ AppRegistrationClientId : $(SIGNING_AAD_ID)
280+ AppRegistrationTenantId : $(SIGNING_TENANT_ID)
281+ EsrpClientId : " 9f327a71-bffd-4a67-8a7b-443e11df2909"
282+ AuthAKVName : $(AZURE_VAULT)
283+ AuthCertName : $(AZURE_VAULT_ESRP_AAD_CERT_NAME)
284+ AuthSignCertName : $(AZURE_VAULT_ESRP_REQ_CERT_NAME)
285+ FolderPath : $(artifactsPath)-${{ config.runtime }}/AzureAuth
286+ Pattern : ' azureauth-${{ parameters.version }}-${{ config.runtime }}.zip'
287+ signConfigType : ' inlineSignParams'
288+ inlineOperation : |
289+ [
290+ {
291+ "KeyCode": "$(SIGNING_KEY_CODE_LINUX)",
292+ "OperationCode": "LinuxSign",
293+ "ToolName": "sign",
294+ "ToolVersion": "1.0",
295+ "Parameters": {}
296+ },
297+ {
298+ "KeyCode": "$(SIGNING_KEY_CODE_LINUX)",
299+ "OperationCode": "LinuxVerify",
300+ "ToolName": "sign",
301+ "ToolVersion": "1.0",
302+ "Parameters": {}
303+ }
304+ ]
305+ SessionTimeout : ' 60'
306+ MaxConcurrency : ' 50'
307+ MaxRetryAttempts : ' 5'
308+ PendingAnalysisWaitTimeoutMinutes : ' 5'
247309 - task : ExtractFiles@1
248310 displayName : Extract signed artifacts osx
249- condition : startsWith('${{ config.runtime }}', 'osx')
311+ condition : or( startsWith('${{ config.runtime }}','osx'), startsWith('${{ config.runtime }}','linux') )
250312 inputs :
251313 archiveFilePatterns : $(artifactsPath)-${{ config.runtime }}.zip
252314 destinationFolder : $(artifactsPath)-${{ config.runtime }}
@@ -297,6 +359,13 @@ extends:
297359 includeRootFolder : false
298360 archiveType : zip
299361 archiveFile : $(artifactsPath)-packaged/azureauth-${{ parameters.version }}-win-x64.zip
362+ - task : ArchiveFiles@2
363+ displayName : Create win-arm64 archive
364+ inputs :
365+ rootFolderOrFile : $(artifactsPath)-win-arm64-signed/AzureAuth
366+ includeRootFolder : false
367+ archiveType : zip
368+ archiveFile : $(artifactsPath)-packaged/azureauth-${{ parameters.version }}-win-arm64.zip
300369 - task : Bash@3
301370 displayName : Prepare osx-x64 executables
302371 inputs :
@@ -329,6 +398,86 @@ extends:
329398 archiveType : tar
330399 tarCompression : gz
331400 archiveFile : $(artifactsPath)-packaged/azureauth-${{ parameters.version }}-osx-arm64.tar.gz
401+ - task : Bash@3
402+ displayName : Create linux-x64 Debian package
403+ inputs :
404+ workingDirectory : $(Build.ArtifactStagingDirectory)
405+ targetType : inline
406+ script : |
407+ set -e
408+ VERSION="${{ parameters.version }}"
409+ ARCH="amd64"
410+ PKG_NAME="azureauth"
411+ PKG_DIR="${PKG_NAME}_${VERSION}-1_${ARCH}"
412+
413+ # Create Debian package directory structure
414+ mkdir -p "${PKG_DIR}/DEBIAN"
415+ mkdir -p "${PKG_DIR}/usr/bin"
416+ mkdir -p "${PKG_DIR}/usr/lib/azureauth"
417+
418+ # Copy binaries
419+ cp -r azureauth-${{ parameters.version }}-linux-x64-signed/AzureAuth/* "${PKG_DIR}/usr/lib/azureauth/"
420+ chmod +x "${PKG_DIR}/usr/lib/azureauth/azureauth"
421+ chmod +x "${PKG_DIR}/usr/lib/azureauth/createdump"
422+ chmod +x "${PKG_DIR}/usr/lib/azureauth/"*.so
423+
424+ # Create symlink script
425+ ln -sf /usr/lib/azureauth/azureauth "${PKG_DIR}/usr/bin/azureauth"
426+
427+ # Create control file
428+ cat > "${PKG_DIR}/DEBIAN/control" << EOF
429+ Package: ${PKG_NAME}
430+ Version: ${VERSION}-1
431+ Section: misc
432+ Priority: optional
433+ Architecture: ${ARCH}
434+ Maintainer: ES365 Security Experience Team <authcli@microsoft.com>
435+ Description: A CLI interface to MSAL authentication. Visit https://aka.ms/azureauth for more information
436+ EOF
437+
438+ # Build the package
439+ dpkg-deb --build "${PKG_DIR}"
440+ mv "${PKG_DIR}.deb" "azureauth-${{ parameters.version }}-packaged/azureauth-${{ parameters.version }}-linux-x64.deb"
441+ task : Bash@3
442+ displayName : Create linux-arm64 Debian package
443+ inputs :
444+ workingDirectory : $(Build.ArtifactStagingDirectory)
445+ targetType : inline
446+ script : |
447+ set -e
448+ VERSION="${{ parameters.version }}"
449+ ARCH="arm64"
450+ PKG_NAME="azureauth"
451+ PKG_DIR="${PKG_NAME}_${VERSION}-1_${ARCH}"
452+
453+ # Create Debian package directory structure
454+ mkdir -p "${PKG_DIR}/DEBIAN"
455+ mkdir -p "${PKG_DIR}/usr/bin"
456+ mkdir -p "${PKG_DIR}/usr/lib/azureauth"
457+
458+ # Copy binaries
459+ cp -r azureauth-${{ parameters.version }}-linux-arm64-signed/AzureAuth/* "${PKG_DIR}/usr/lib/azureauth/"
460+ chmod +x "${PKG_DIR}/usr/lib/azureauth/azureauth"
461+ chmod +x "${PKG_DIR}/usr/lib/azureauth/createdump"
462+ chmod +x "${PKG_DIR}/usr/lib/azureauth/"*.so
463+
464+ # Create symlink script
465+ ln -sf /usr/lib/azureauth/azureauth "${PKG_DIR}/usr/bin/azureauth"
466+
467+ # Create control file
468+ cat > "${PKG_DIR}/DEBIAN/control" << EOF
469+ Package: ${PKG_NAME}
470+ Version: ${VERSION}-1
471+ Section: misc
472+ Priority: optional
473+ Architecture: ${ARCH}
474+ Maintainer: ES365 Security Experience Team <authcli@microsoft.com>
475+ Description: A CLI interface to MSAL authentication. Visit https://aka.ms/azureauth for more information
476+ EOF
477+
478+ # Build the package
479+ dpkg-deb --build "${PKG_DIR}"
480+ mv "${PKG_DIR}.deb" "azureauth-${{ parameters.version }}-packaged/azureauth-${{ parameters.version }}-linux-arm64.deb"
332481
333482stage : release
334483 displayName : Release
@@ -353,7 +502,7 @@ extends:
353502 os : linux
354503 templateContext :
355504 type : releaseJob
356- isProduction : true
505+ isProduction : false
357506 inputs :
358507 - input : pipelineArtifact
359508 artifactName : azureauth-${{ parameters.version }}-packaged
@@ -376,4 +525,6 @@ extends:
376525 assets : |
377526 $(artifactsPath)-packaged/azureauth-${{ parameters.version }}-win-x64.zip
378527 $(artifactsPath)-packaged/azureauth-${{ parameters.version }}-osx-x64.tar.gz
379- $(artifactsPath)-packaged/azureauth-${{ parameters.version }}-osx-arm64.tar.gz
528+ $(artifactsPath)-packaged/azureauth-${{ parameters.version }}-osx-arm64.tar.gz
529+ $(artifactsPath)-packaged/azureauth-${{ parameters.version }}-linux-x64.deb
530+ $(artifactsPath)-packaged/azureauth-${{ parameters.version }}-linux-arm64.deb
0 commit comments