Skip to content

Commit 5a0e525

Browse files
testforstephentestforstephen
authored
onboard code sign to microbuild
1 parent 51c48ad commit 5a0e525

File tree

2 files changed

+62
-197
lines changed

2 files changed

+62
-197
lines changed

.azure-pipelines/signjars-nightly.yml

Lines changed: 18 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -87,38 +87,16 @@ extends:
8787
8888
mkdir -p jars
8989
mv .repository/com/microsoft/java/com.microsoft.java.debug.core/$RELEASE_VERSION/com.microsoft.java.debug.core*.jar jars/
90-
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
91-
displayName: Sign core.jar
90+
- task: CmdLine@2
91+
displayName: Sign core jars
9292
inputs:
93-
ConnectedServiceName: $(ConnectedServiceName)
94-
AppRegistrationClientId: $(AppRegistrationClientId)
95-
AppRegistrationTenantId: $(AppRegistrationTenantId)
96-
AuthAKVName: $(AuthAKVName)
97-
AuthCertName: $(AuthCertName)
98-
AuthSignCertName: $(AuthSignCertName)
99-
FolderPath: jars
100-
Pattern: com.microsoft.java.debug.core*.jar
101-
signConfigType: inlineSignParams
102-
inlineOperation: |-
103-
[
104-
{
105-
"KeyCode" : "CP-447347-Java",
106-
"OperationCode" : "JavaSign",
107-
"Parameters" : {
108-
"SigAlg" : "SHA256withRSA",
109-
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
110-
},
111-
"ToolName" : "sign",
112-
"ToolVersion" : "1.0"
113-
},
114-
{
115-
"KeyCode" : "CP-447347-Java",
116-
"OperationCode" : "JavaVerify",
117-
"Parameters" : {},
118-
"ToolName" : "sign",
119-
"ToolVersion" : "1.0"
120-
}
121-
]
93+
script: |
94+
files=$(find . -type f -name "com.microsoft.java.debug.core*.jar")
95+
for file in $files; do
96+
fileName=$(basename "$file")
97+
dotnet "$MBSIGN_APPFOLDER/DDSignFiles.dll" -- /file:"$fileName" /certs:100010171
98+
done
99+
workingDirectory: 'jars'
122100
- task: CmdLine@2
123101
displayName: install signed core.jar
124102
inputs:
@@ -133,38 +111,16 @@ extends:
133111
134112
mkdir -p jars
135113
mv .repository/com/microsoft/java/com.microsoft.java.debug.plugin/$RELEASE_VERSION/com.microsoft.java.debug.plugin*.jar jars/
136-
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
137-
displayName: Sign plugin.jar
114+
- task: CmdLine@2
115+
displayName: Sign plugin jars
138116
inputs:
139-
ConnectedServiceName: $(ConnectedServiceName)
140-
AppRegistrationClientId: $(AppRegistrationClientId)
141-
AppRegistrationTenantId: $(AppRegistrationTenantId)
142-
AuthAKVName: $(AuthAKVName)
143-
AuthCertName: $(AuthCertName)
144-
AuthSignCertName: $(AuthSignCertName)
145-
FolderPath: jars
146-
Pattern: com.microsoft.java.debug.plugin*.jar
147-
signConfigType: inlineSignParams
148-
inlineOperation: |-
149-
[
150-
{
151-
"KeyCode" : "CP-447347-Java",
152-
"OperationCode" : "JavaSign",
153-
"Parameters" : {
154-
"SigAlg" : "SHA256withRSA",
155-
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
156-
},
157-
"ToolName" : "sign",
158-
"ToolVersion" : "1.0"
159-
},
160-
{
161-
"KeyCode" : "CP-447347-Java",
162-
"OperationCode" : "JavaVerify",
163-
"Parameters" : {},
164-
"ToolName" : "sign",
165-
"ToolVersion" : "1.0"
166-
}
167-
]
117+
script: |
118+
files=$(find . -type f -name "com.microsoft.java.debug.plugin*.jar")
119+
for file in $files; do
120+
fileName=$(basename "$file")
121+
dotnet "$MBSIGN_APPFOLDER/DDSignFiles.dll" -- /file:"$fileName" /certs:100010171
122+
done
123+
workingDirectory: 'jars'
168124
- task: CopyFiles@2
169125
displayName: "Copy plugin.jar to: $(Build.ArtifactStagingDirectory)"
170126
inputs:

.azure-pipelines/signjars-rc.yml

Lines changed: 44 additions & 135 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,23 @@ extends:
4444
steps:
4545
- checkout: self
4646
fetchTags: true
47+
- task: UsePythonVersion@0
48+
displayName: 'Use Python 3.11.x'
49+
inputs:
50+
versionSpec: 3.11.x
51+
- task: UseDotNet@2
52+
displayName: 'Use .NET Core 3.1.x'
53+
inputs:
54+
packageType: 'sdk'
55+
version: '3.1.x'
56+
- task: MicroBuildSigningPlugin@4
57+
displayName: 'Install Signing Plugin'
58+
inputs:
59+
signType: real
60+
azureSubscription: 'MicroBuild Signing Task (MSEng)'
61+
feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json'
62+
env:
63+
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
4764
- task: JavaToolInstaller@0
4865
displayName: Use Java 21
4966
inputs:
@@ -71,38 +88,16 @@ extends:
7188
7289
mkdir -p jars
7390
mv .repository/com/microsoft/java/com.microsoft.java.debug.core/$RELEASE_VERSION/com.microsoft.java.debug.core*.jar jars/
74-
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
75-
displayName: Sign core.jar
91+
- task: CmdLine@2
92+
displayName: Sign core jars
7693
inputs:
77-
ConnectedServiceName: $(ConnectedServiceName)
78-
AppRegistrationClientId: $(AppRegistrationClientId)
79-
AppRegistrationTenantId: $(AppRegistrationTenantId)
80-
AuthAKVName: $(AuthAKVName)
81-
AuthCertName: $(AuthCertName)
82-
AuthSignCertName: $(AuthSignCertName)
83-
FolderPath: jars
84-
Pattern: com.microsoft.java.debug.core*.jar
85-
signConfigType: inlineSignParams
86-
inlineOperation: |-
87-
[
88-
{
89-
"KeyCode" : "CP-447347-Java",
90-
"OperationCode" : "JavaSign",
91-
"Parameters" : {
92-
"SigAlg" : "SHA256withRSA",
93-
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
94-
},
95-
"ToolName" : "sign",
96-
"ToolVersion" : "1.0"
97-
},
98-
{
99-
"KeyCode" : "CP-447347-Java",
100-
"OperationCode" : "JavaVerify",
101-
"Parameters" : {},
102-
"ToolName" : "sign",
103-
"ToolVersion" : "1.0"
104-
}
105-
]
94+
script: |
95+
files=$(find . -type f -name "com.microsoft.java.debug.core*.jar")
96+
for file in $files; do
97+
fileName=$(basename "$file")
98+
dotnet "$MBSIGN_APPFOLDER/DDSignFiles.dll" -- /file:"$fileName" /certs:100010171
99+
done
100+
workingDirectory: 'jars'
106101
- task: CmdLine@2
107102
displayName: install signed core.jar
108103
inputs:
@@ -116,84 +111,20 @@ extends:
116111
117112
mkdir -p jars
118113
mv .repository/com/microsoft/java/com.microsoft.java.debug.plugin/$RELEASE_VERSION/com.microsoft.java.debug.plugin*.jar jars/
119-
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
120-
displayName: Sign plugin.jar
114+
- task: CmdLine@2
115+
displayName: Sign plugin jars
121116
inputs:
122-
ConnectedServiceName: $(ConnectedServiceName)
123-
AppRegistrationClientId: $(AppRegistrationClientId)
124-
AppRegistrationTenantId: $(AppRegistrationTenantId)
125-
AuthAKVName: $(AuthAKVName)
126-
AuthCertName: $(AuthCertName)
127-
AuthSignCertName: $(AuthSignCertName)
128-
FolderPath: jars
129-
Pattern: com.microsoft.java.debug.plugin*.jar
130-
signConfigType: inlineSignParams
131-
inlineOperation: |-
132-
[
133-
{
134-
"KeyCode" : "CP-447347-Java",
135-
"OperationCode" : "JavaSign",
136-
"Parameters" : {
137-
"SigAlg" : "SHA256withRSA",
138-
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
139-
},
140-
"ToolName" : "sign",
141-
"ToolVersion" : "1.0"
142-
},
143-
{
144-
"KeyCode" : "CP-447347-Java",
145-
"OperationCode" : "JavaVerify",
146-
"Parameters" : {},
147-
"ToolName" : "sign",
148-
"ToolVersion" : "1.0"
149-
}
150-
]
117+
script: |
118+
files=$(find . -type f -name "com.microsoft.java.debug.plugin*.jar")
119+
for file in $files; do
120+
fileName=$(basename "$file")
121+
dotnet "$MBSIGN_APPFOLDER/DDSignFiles.dll" -- /file:"$fileName" /certs:100010171
122+
done
123+
workingDirectory: 'jars'
151124
- task: CmdLine@2
152125
displayName: install signed plugin.jar
153126
inputs:
154127
script: cp jars/com.microsoft.java.debug.plugin*.jar .repository/com/microsoft/java/com.microsoft.java.debug.plugin/$RELEASE_VERSION/
155-
- task: CmdLine@2
156-
displayName: Build p2 artifacts
157-
inputs:
158-
script: |-
159-
# 3. Build the p2 artifacts.
160-
./mvnw clean package -f com.microsoft.java.debug.repository/pom.xml -Dmaven.repo.local=./.repository
161-
162-
mkdir -p p2/target
163-
cp -r com.microsoft.java.debug.repository/target/repository p2/target/
164-
cp com.microsoft.java.debug.repository/pushToBintray.sh p2/
165-
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
166-
displayName: Sign p2
167-
inputs:
168-
ConnectedServiceName: $(ConnectedServiceName)
169-
AppRegistrationClientId: $(AppRegistrationClientId)
170-
AppRegistrationTenantId: $(AppRegistrationTenantId)
171-
AuthAKVName: $(AuthAKVName)
172-
AuthCertName: $(AuthCertName)
173-
AuthSignCertName: $(AuthSignCertName)
174-
FolderPath: p2
175-
Pattern: "*.jar"
176-
signConfigType: inlineSignParams
177-
inlineOperation: |-
178-
[
179-
{
180-
"KeyCode" : "CP-447347-Java",
181-
"OperationCode" : "JavaSign",
182-
"Parameters" : {
183-
"SigAlg" : "SHA256withRSA",
184-
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
185-
},
186-
"ToolName" : "sign",
187-
"ToolVersion" : "1.0"
188-
},
189-
{
190-
"KeyCode" : "CP-447347-Java",
191-
"OperationCode" : "JavaVerify",
192-
"Parameters" : {},
193-
"ToolName" : "sign",
194-
"ToolVersion" : "1.0"
195-
}
196-
]
197128
- task: CmdLine@2
198129
displayName: build m2 artifacts
199130
inputs:
@@ -214,38 +145,16 @@ extends:
214145
mkdir -p m2/com.microsoft.java.debug.plugin
215146
cp com.microsoft.java.debug.plugin/target/com.microsoft.java.debug.plugin*.jar m2/com.microsoft.java.debug.plugin
216147
cp com.microsoft.java.debug.plugin/pom.xml m2/com.microsoft.java.debug.plugin/com.microsoft.java.debug.plugin-$RELEASE_VERSION.pom
217-
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
218-
displayName: Sign m2
148+
- task: CmdLine@2
149+
displayName: Sign m2 jars
219150
inputs:
220-
ConnectedServiceName: $(ConnectedServiceName)
221-
AppRegistrationClientId: $(AppRegistrationClientId)
222-
AppRegistrationTenantId: $(AppRegistrationTenantId)
223-
AuthAKVName: $(AuthAKVName)
224-
AuthCertName: $(AuthCertName)
225-
AuthSignCertName: $(AuthSignCertName)
226-
FolderPath: m2
227-
Pattern: "*.jar"
228-
signConfigType: inlineSignParams
229-
inlineOperation: |-
230-
[
231-
{
232-
"KeyCode" : "CP-447347-Java",
233-
"OperationCode" : "JavaSign",
234-
"Parameters" : {
235-
"SigAlg" : "SHA256withRSA",
236-
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
237-
},
238-
"ToolName" : "sign",
239-
"ToolVersion" : "1.0"
240-
},
241-
{
242-
"KeyCode" : "CP-447347-Java",
243-
"OperationCode" : "JavaVerify",
244-
"Parameters" : {},
245-
"ToolName" : "sign",
246-
"ToolVersion" : "1.0"
247-
}
248-
]
151+
script: |
152+
files=$(find . -type f -name "*.jar")
153+
for file in $files; do
154+
fileName=$(basename "$file")
155+
dotnet "$MBSIGN_APPFOLDER/DDSignFiles.dll" -- /file:"$fileName" /certs:100010171
156+
done
157+
workingDirectory: 'm2'
249158
- task: CopyFiles@2
250159
displayName: "Copy p2/m2 to: $(Build.ArtifactStagingDirectory)"
251160
inputs:

0 commit comments

Comments
 (0)