Skip to content

Commit b090924

Browse files
turbobobbytraykovturbobobbytraykov
authored
Proper use of the certificate-related secrets (I hope)
1 parent c87614b commit b090924

File tree

1 file changed

+12
-13
lines changed

1 file changed

+12
-13
lines changed

azure-pipelines/build-and-publish.yml

Lines changed: 12 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -49,17 +49,16 @@ stages:
4949
-c $(buildConfiguration)
5050
/p:Version=$(releaseTag)
5151
52-
- powershell: |
53-
$outputDir = "$(Build.SourcesDirectory)\bin\$(buildConfiguration)\net9.0"
54-
Write-Host "Listing contents of: $outputDir"
55-
if (-Not (Test-Path $outputDir)) {
56-
Write-Error "Output folder not found: $outputDir"
57-
exit 1
58-
}
59-
Get-ChildItem $outputDir -Recurse | ForEach-Object {
60-
Write-Host $_.FullName
61-
}
62-
displayName: 'Debug: List build output contents'
52+
- name: Setup Code Signing Certificate
53+
if: ${{ inputs.enable-code-signing == 'true' }}
54+
run: |
55+
Write-Host "Setting up code signing certificate from GitHub secrets..."
56+
57+
# Create certificate file from secret (base64 encoded)
58+
$certBytes = [Convert]::FromBase64String("${{ env.SIGNING_CERTIFICATE_2023_2026 }}")
59+
[System.IO.File]::WriteAllBytes("${{ github.workspace }}/code-signing-reissue-2023-2026.pfx", $certBytes)
60+
Write-Host "Certificate file created from GitHub secret"
61+
shell: pwsh
6362

6463
- powershell: |
6564
$dllFolder = "$(Build.SourcesDirectory)\bin\$(buildConfiguration)\net9.0"
@@ -95,7 +94,7 @@ stages:
9594
$dllFiles = Get-ChildItem -Path $dllFolder -Filter *.dll -Recurse
9695
foreach ($dll in $dllFiles) {
9796
Write-Host "Signing $($dll.FullName)..."
98-
& $signtoolPath sign /f $(cert.secureFilePath) /p $env:CERT_PASS /tr $(SigningCertificateTimestampUrl) /td sha256 /fd sha256 $dll.FullName
97+
& $signtoolPath sign /f ${{ github.workspace }}/code-signing-reissue-2023-2026.pfx /p ${{ secrets.SIGNING_CERTIFICATE_PASSWORD }} /tr ${{ secrets.SIGNING_CERTIFICATE_TIMESTAMP_URL }} /td sha256 /fd sha256 $dll.FullName
9998
10099
if ($LASTEXITCODE -ne 0) {
101100
Write-Error "Signing failed for $($dll.FullName)"
@@ -130,7 +129,7 @@ stages:
130129
inputs:
131130
targetType: 'inline'
132131
script: |
133-
nuget.exe sign $(Build.ArtifactStagingDirectory)\nuget\*.nupkg -CertificatePath $(cert.secureFilePath) -CertificatePassword $env:CERT_PASS -Timestamper $(SigningCertificateTimestampUrl)
132+
nuget.exe sign $(Build.ArtifactStagingDirectory)\nuget\*.nupkg -CertificatePath ${{ github.workspace }}/code-signing-reissue-2023-2026.pfx -CertificatePassword ${{ secrets.SIGNING_CERTIFICATE_PASSWORD }} -Timestamper ${{ secrets.SIGNING_CERTIFICATE_TIMESTAMP_URL }}
134133
135134
- task: PublishBuildArtifacts@1
136135
inputs:

0 commit comments

Comments
 (0)