Update ESRP Code Signing to V5 (#86)

* Update ESRP Code Signing to V5

* Added missing connection

* Updated to latest macOS

---------

Co-authored-by: Microsoft Graph DevX Tooling <[email protected]>

Author: timayabi2020

.azure-pipelines/release-cli.yaml

@@ -181,14 +181,14 @@ parameters:
       # MacOS images aren't available in 1ES templates
       # https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/onboarding/macos-support
       - name: Azure Pipelines
-        image: macOS-11
+        image: macOS-latest
         os: macOS
         rid: osx-x64
         label: macOSx64
         jobName: MacOS-x64
 
       - name: Azure Pipelines
-        image: macOS-12
+        image: macOS-latest
         os: macOS
         rid: osx-arm64
         label: macOSArm64
@@ -586,11 +586,16 @@ extends:
                       inputs:
                         version: 6.x
 
-                  - task: EsrpCodeSigning@2
+                  - task: EsrpCodeSigning@5
                     displayName: 'ESRP CodeSigning (Sign Build output)'
                     inputs:
                       # Pipeline validation can't expand service name from matrix variables
-                      ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)"
+                      ConnectedServiceName: 'Federated DevX ESRP Managed Identity Connection'
+                      AppRegistrationClientId: '65035b7f-7357-4f29-bf25-c5ee5c3949f8'
+                      AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2'
+                      AuthAKVName: 'akv-prod-eastus'
+                      AuthCertName: 'ReferenceLibraryPrivateCert'
+                      AuthSignCertName: 'ReferencePackagePublisherCertificate'
                       FolderPath: $(SIGN_PATH)
                       signConfigType: inlineSignParams
                       UseMinimatch: true
@@ -600,11 +605,16 @@ extends:
                     condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'True'))
 
                   - ${{ if and(eq(variables.notarize, 'true'), startsWith(pool.rid, 'osx')) }}:
-                    - task: EsrpCodeSigning@2
+                    - task: EsrpCodeSigning@5
                       displayName: 'ESRP CodeSigning (Notarize)'
                       inputs:
                         # Pipeline validation can't expand service name from matrix variables
-                        ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)"
+                        ConnectedServiceName: 'Federated DevX ESRP Managed Identity Connection'
+                        AppRegistrationClientId: '65035b7f-7357-4f29-bf25-c5ee5c3949f8'
+                        AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2'
+                        AuthAKVName: 'akv-prod-eastus'
+                        AuthCertName: 'ReferenceLibraryPrivateCert'
+                        AuthSignCertName: 'ReferencePackagePublisherCertificate'
                         FolderPath: $(SIGN_PATH)
                         signConfigType: inlineSignParams
                         UseMinimatch: true
@@ -620,11 +630,16 @@ extends:
                       displayName: DotNet pack (nuget)
                       condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'True'))
 
-                    - task: EsrpCodeSigning@2
+                    - task: EsrpCodeSigning@5
                       displayName: 'ESRP CodeSigning (Sign Nuget)'
                       inputs:
                         # Pipeline validation can't expand service name from matrix variables
-                        ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)"
+                        ConnectedServiceName: 'Federated DevX ESRP Managed Identity Connection'
+                        AppRegistrationClientId: '65035b7f-7357-4f29-bf25-c5ee5c3949f8'
+                        AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2'
+                        AuthAKVName: 'akv-prod-eastus'
+                        AuthCertName: 'ReferenceLibraryPrivateCert'
+                        AuthSignCertName: 'ReferencePackagePublisherCertificate'
                         FolderPath: $(SIGN_PATH)
                         signConfigType: inlineSignParams
                         UseMinimatch: true