Merge pull request Azure#8193 from markcowl/help-check

ESRP signing for master and fix help check

Author: markcowl

CodeSign.targets

@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+
+    <UsingTask TaskName="ESRPSignTask" AssemblyFile="$(CISignRepoPath)\tools\sdkbuildtools\tasks\MS.Az.Sdk.OnPremise.Build.Tasks.dll" />
+
+    <PropertyGroup>
+        <!-- CISignRepo is an environment variable that points to ci-signing repo clone -->
+        <CISignRepoPath>$(CISignRepo)</CISignRepoPath>
+    </PropertyGroup>
+   
+    <Target Name="CodeSignBinaries" DependsOnTargets="RestoreNugetPackages;BuildMsBuildTask">
+
+        <Message Text="====> Executing CodeSignBinaries Target..." Importance="high"/>
+        
+        <PropertyGroup>
+            <!--public token associated with MSSharedLibKey.snk-->
+            <StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
+        </PropertyGroup>
+        
+        <Message Text="----> Dlls signing section" Importance="high"/>
+
+         <!-- Azure -->
+        <ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
+            <DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft*Azure*PowerShell*Cmdlets*.dll" />
+            <DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft.Azure.Management.Sql.Legacy.dll" />
+        </ItemGroup>
+
+        <Message Importance="high" Text="$(PackageDirectory)\$(Configuration) does not contains any files to sign. Code sign will skip."
+            Condition="'@(DelaySignedAssembliesToSign)' == ''" />
+        
+        <ESRPSignTask
+            CopyBackSignedFilesToOriginalLocation="true"
+            UnsignedFileList="@(DelaySignedAssembliesToSign)"
+            SignLogDirPath="$(LibraryRoot)dlls-signing.log" 
+            Condition="!$(DelaySign) and '@(DelaySignedAssembliesToSign)' != ''"/>
+
+        <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\UpdateModules.ps1 -BuildConfig $(Configuration) -Scope $(Scope) &quot;" />
+
+        <!-- Copying shortcut to be signed -->
+        <Copy SourceFiles="$(LibraryRoot)tools\Az\Az.psm1" DestinationFolder="$(PackageDirectory)\$(Configuration)" Condition="'$(Scope)' == 'Netcore'" />
+              
+        <Message Text="----> Scripts signing section" Importance="high"/>
+
+         <!-- Azure -->
+        <ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
+            <ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1" />
+            <ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.psm1" />
+            <ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1xml" />
+            <ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.js" />
+        </ItemGroup>
+
+        <ESRPSignTask
+        	CopyBackSignedFilesToOriginalLocation="true"
+            UnsignedFileList="@(ScriptsToSign)"
+            SignLogDirPath="$(LibraryRoot)scripts-signing.log" 
+            Condition="!$(DelaySign) and '@(ScriptsToSign)' != ''"/>            
+
+        <!-- RemoveCodeSignArtifacts.ps1 -->
+        <Message Text="----> Remove artifacts section" Importance="high"/>
+        <Exec Command="$(PowerShellCoreCommandPrefix) &quot;Get-ChildItem -Path $(PackageDirectory) -Recurse -Include 'Signed','Unsigned' | Remove-Item -Recurse -Force -Confirm:$false -ErrorAction Ignore&quot;" 
+       	  	ContinueOnError="WarnAndContinue" 
+          	IgnoreExitCode="true" />
+        
+        <!-- CheckSignature.ps1 -->    
+        <Message Text="----> CheckSignature section" Importance="high"/>        
+        <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\CheckSignature.ps1 -CustomPath $(PackageDirectory)\$(Configuration) &quot;" Condition="'$(Scope)' != 'Stack'" ContinueOnError="ErrorAndContinue" />
+
+        <!-- Copy files back after signing -->
+        <Copy SourceFiles="$(PackageDirectory)\$(Configuration)\Az.psm1" DestinationFolder="$(LibraryRoot)tools\Az" Condition="'$(Scope)' == 'Netcore'" />
+    </Target>
+
+    <Target Name="CodeSignInstaller">
+        <Message Text="----> CodeSignInstaller section" Importance="high"/>
+        <PropertyGroup>
+            <!--public token associated with MSSharedLibKey.snk-->
+            <StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
+        </PropertyGroup>
+        <GetFrameworkSdkPath>
+            <Output TaskParameter="Path" PropertyName="WindowsSdkPath"/>
+        </GetFrameworkSdkPath>
+
+        <ItemGroup>
+            <InstallersToSign Include="$(LibraryRoot)\setup\*.msi" />
+        </ItemGroup>
+
+        <Message Importance="high" Text="$(LibraryRoot)\setup does not contain any installers to sign. Code sign will skip."
+            Condition="'@(InstallersToSign)' == ''" />
+
+        <ESRPSignTask
+            SignedFilesRootDirPath="$(SignedOutputRootDir)"
+            UnsignedFileList="@(InstallersToSign)"
+            SignLogDirPath="$(LibraryRoot)\msi-signing.log" 
+            Condition="!$(DelaySign) and '@(InstallersToSign)' != ''"/>
+
+        <!--If we are testing locally then we copy the binaries and do not submit to the code sign server-->
+        <Copy SourceFiles="@(InstallersToSign)" DestinationFolder="signed" Condition="$(DelaySign)" />
+        <SetEnvVar EnvName="SignedMsiDir" EnvValue="$(SignedOutputRootDir)" />
+    </Target>
+</Project>

build.proj

@@ -51,7 +51,7 @@
     <LocalFeedFolder>$(LibraryToolsFolder)\LocalFeed</LocalFeedFolder>
     <PublishDirectory>$(LibrarySourceFolder)\Publish</PublishDirectory>
     <Configuration Condition=" '$(Configuration)' != 'Release'">Debug</Configuration>
-    <CodeSign Condition=" '$(CodeSign)' == '' ">false</CodeSign>
+    <CodeSign>false</CodeSign>
     <!--Set this true only if you want to test the code sign workflow locally-->
     <DelaySign Condition =" '$(DelaySign)' == '' ">false</DelaySign>
     <SignedOutputRootDir>$(LibraryRoot)signed</SignedOutputRootDir>
@@ -121,9 +121,9 @@
     <OnPremiseBuild Condition=" ! Exists($(OnPremiseBuildTasks)) ">false</OnPremiseBuild>
   </PropertyGroup>
 
-  <UsingTask Condition=" $(OnPremiseBuild) " TaskName="CodeSigningTask" AssemblyFile="$(CIToolsPath)\Microsoft.WindowsAzure.Tools.Build.Tasks.OnPremise.dll" />
   <UsingTask Condition=" $(OnPremiseBuild) " TaskName="CorporateValidation" AssemblyFile="$(CIToolsPath)\Microsoft.WindowsAzure.Tools.Build.Tasks.OnPremise.dll" />
   <Import Condition=" $(OnPremiseBuild) " Project="$(CIToolsPath)\Microsoft.WindowsAzure.Build.OnPremise.msbuild" />
+  <Import Project="CodeSign.targets"/>
 
   <UsingTask AssemblyFile="$(MSBuildProjectDirectory)\packages\xunit.runner.msbuild.2.1.0\build\portable-net45+win8+wp8+wpa81\xunit.runner.msbuild.dll" TaskName="Xunit.Runner.MSBuild.xunit" />
 
@@ -291,7 +291,7 @@
     <CallTarget Targets="RunPoliCheck" Condition="'$(OnPremiseBuild)'" />
 
     <CallTarget Targets="CodeSignBinaries" Condition="'$(CodeSign)' == 'true'" />
-
+	
     <Exec ContinueOnError="false" Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\NewOutputTypeIndex.ps1 -OutputFile $(PackageDirectory)\outputtypes.json -BuildConfig $(Configuration)&quot;" Condition="('$(Scope)' == 'All' or '$(Scope)' == 'Latest') and $(CodeSign) == 'true'" />
 
     <Message Importance="high" Text="Running Static Analyser" />
@@ -310,118 +310,13 @@
     <MSBuild Projects="@(LocalBuildTasks)" Targets="Build" Properties="Configuration=$(Configuration);Platform=Any CPU" />
   </Target>
 
-  <Target Name="CodeSignBinaries" DependsOnTargets="RestoreNugetPackages;BuildMsBuildTask">
-    <PropertyGroup>
-      <!--public token associated with MSSharedLibKey.snk-->
-      <StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
-    </PropertyGroup>
-    <GetFrameworkSdkPath>
-      <Output TaskParameter="Path" PropertyName="WindowsSdkPath" />
-    </GetFrameworkSdkPath>
-
-    <!-- Azure -->
-    <ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
-      <DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft*Azure*PowerShell*Cmdlets*.dll" />
-      <DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft.Azure.Management.Sql.Legacy.dll" />
-    </ItemGroup>
-
-    <Message Importance="high" Text="$(PackageDirectory)\$(Configuration) does not contains any files to sign. Code sign will skip." Condition="'@(DelaySignedAssembliesToSign)' == ''" />
-
-    <ValidateStrongNameSignatureTask
-      WindowsSdkPath="$(WindowsSdkPath)"
-      Assembly="%(DelaySignedAssembliesToSign.Identity)"
-      ExpectedTokenSignature="$(StrongNameToken)"
-      ExpectedDelaySigned="true"
-      ContinueOnError="false"
-      Condition="'@(DelaySignedAssembliesToSign)' != ''" />
-
-    <CodeSigningTask
-      Description="Microsoft Azure PowerShell"
-      Keywords="Microsoft Azure PowerShell"
-      UnsignedFiles="@(DelaySignedAssembliesToSign)"
-      DestinationPath="$(LibrarySourceFolder)"
-      BasePath="$(LibrarySourceFolder)"
-      Certificates="72, 400"
-      SigningLogPath="$(LibraryRoot)\signing.log"
-      ToolsPath="$(CIToolsPath)"
-      Condition="!$(DelaySign) and '@(DelaySignedAssembliesToSign)' != ''" />
-
-    <ValidateStrongNameSignatureTask
-        WindowsSdkPath="$(WindowsSdkPath)"
-        Assembly="%(DelaySignedAssembliesToSign.Identity)"
-        ExpectedTokenSignature="$(StrongNameToken)"
-        ExpectedDelaySigned="false"
-        ContinueOnError="false"
-        Condition="!$(DelaySign) and '@(DelaySignedAssembliesToSign)' != ''" />
-
-    <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\UpdateModules.ps1 -BuildConfig $(Configuration) -Scope $(Scope) &quot;" />
-
-    <!-- Copying shortcut to be signed -->
-    <Copy SourceFiles="$(LibraryRoot)tools\Az\Az.psm1" DestinationFolder="$(PackageDirectory)\$(Configuration)" Condition="'$(Scope)' == 'Netcore'" />
-
-    <!-- Azure -->
-    <ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
-      <ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1" />
-      <ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.psm1" />
-      <ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1xml" />
-      <ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.js" />
-    </ItemGroup>
-
-    <CodeSigningTask
-      Description="Microsoft Azure PowerShell"
-      Keywords="Microsoft Azure PowerShell"
-      UnsignedFiles="@(ScriptsToSign)"
-      DestinationPath="$(LibrarySourceFolder)"
-      BasePath="$(LibrarySourceFolder)"
-      Certificates="400"
-      SigningLogPath="$(LibraryRoot)\signing-scripts.log"
-      ToolsPath="$(CIToolsPath)"
-      Condition="!$(DelaySign) and '@(ScriptsToSign)' != ''" />
-
-    <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\CheckSignature.ps1 -CustomPath $(PackageDirectory)\$(Configuration) &quot;" Condition="'$(Scope)' != 'Stack'" ContinueOnError="ErrorAndContinue" />
-
-    <!-- Copy files back after signing -->
-    <Copy SourceFiles="$(PackageDirectory)\$(Configuration)\Az.psm1" DestinationFolder="$(LibraryRoot)tools\Az" Condition="'$(Scope)' == 'Netcore'" />
-  </Target>
-
   <Target Name="BuildInstaller" Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
     <Exec Command="$(PowerShellCommandPrefix) &quot;. Register-PSRepository -Name MSIcreationrepository -SourceLocation $(PackageDirectory) -InstallationPolicy Trusted &quot; " />
     <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryRoot)\setup\generate.ps1 -repository MSIcreationrepository &quot; " />
     <Exec Command="$(PowerShellCommandPrefix) &quot;. Unregister-PSRepository -Name MSIcreationrepository &quot; " />
     <CallTarget Targets="CodeSignInstaller" Condition=" '$(CodeSign)' == 'true'" />
   </Target>
 
-  <Target Name="CodeSignInstaller">
-    <PropertyGroup>
-      <!--public token associated with MSSharedLibKey.snk-->
-      <StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
-    </PropertyGroup>
-    <GetFrameworkSdkPath>
-      <Output TaskParameter="Path" PropertyName="WindowsSdkPath" />
-    </GetFrameworkSdkPath>
-
-    <ItemGroup>
-      <InstallersToSign Include="$(LibraryRoot)\setup\*.msi" />
-    </ItemGroup>
-
-    <Message Importance="high" Text="$(LibraryRoot)\setup does not contain any installers to sign. Code sign will skip."
-             Condition="'@(InstallersToSign)' == ''" />
-
-    <CodeSigningTask
-      Description="Microsoft Azure PowerShell"
-      Keywords="Microsoft Azure PowerShell"
-      UnsignedFiles="@(InstallersToSign)"
-      DestinationPath="$(SignedOutputRootDir)"
-      SigningLogPath="$(LibraryRoot)\msi-signing.log"
-      Certificates="402"
-      ToolsPath="$(CIToolsPath)"
-      Condition="!$(DelaySign) and '@(InstallersToSign)' != ''" />
-
-    <!--If we are testing locally then we copy the binaries and do not submit to the code sign server-->
-    <Copy SourceFiles="@(InstallersToSign)" DestinationFolder="signed" Condition="$(DelaySign)" />
-    <SetEnvVar EnvName="SignedMsiDir" EnvValue="$(SignedOutputRootDir)" />
-  </Target>
-
   <!-- Run Validation -->
   <Target Name="DependencyAnalysis" Condition="'$(SkipDependencyAnalysis)' == 'false'">
     <Message Importance="high" Text="Running dependency analysis..." />

tools/GenerateHelp.ps1

@@ -11,7 +11,7 @@ Param(
     [string]$FilteredModules
 )
 
-$ResourceManagerFolders = Get-ChildItem -Path ".\src\ResourceManager"
+$ResourceManagerFolders = Get-ChildItem -Path "$PSScriptRoot\..\src\ResourceManager"
 Import-Module "$PSScriptRoot\HelpGeneration\HelpGeneration.psm1"
 $UnfilteredHelpFolders = Get-ChildItem "help" -Recurse -Directory | where { $_.FullName -like "*$BuildConfig*" -and $_.FullName -notlike "*Stack*" }
 $FilteredHelpFolders = $UnfilteredHelpFolders
@@ -40,7 +40,7 @@ if ($ValidateMarkdownHelp)
     $Exceptions = @()
     foreach ($ServiceFolder in $ResourceManagerFolders)
     {
-        $HelpFolder = Get-ChildItem -Path $ServiceFolder -Filter "help" -Recurse -Directory
+        $HelpFolder = (Get-ChildItem -Path $ServiceFolder.FullName -Filter "help" -Recurse -Directory)
         if ($HelpFolder -eq $null)
         {
             $Exceptions += $ServiceFolder.Name