Skip to content
This repository was archived by the owner on Aug 29, 2025. It is now read-only.

Commit cfde9d0

Browse files
calebkiagecalebkiage
authored
ci: update ESRP code signing config (#499)
* ci: update ESRP code signing config * ci: use latest MacOS images macOS-11 is deprecated. see https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/hosted?view=azure-devops&tabs=yaml#software
1 parent 168689c commit cfde9d0

File tree

1 file changed

+23
-8
lines changed

1 file changed

+23
-8
lines changed

.azure-pipelines/release-cli.yaml

Lines changed: 23 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -181,14 +181,14 @@ parameters:
181181
# MacOS images aren't available in 1ES templates
182182
# https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/onboarding/macos-support
183183
- name: Azure Pipelines
184-
image: macOS-11
184+
image: macOS-latest
185185
os: macOS
186186
rid: osx-x64
187187
label: macOSx64
188188
jobName: MacOS-x64
189189

190190
- name: Azure Pipelines
191-
image: macOS-12
191+
image: macOS-latest
192192
os: macOS
193193
rid: osx-arm64
194194
label: macOSArm64
@@ -581,11 +581,16 @@ extends:
581581
inputs:
582582
version: 6.x
583583

584-
- task: EsrpCodeSigning@2
584+
- task: EsrpCodeSigning@5
585585
displayName: 'ESRP CodeSigning (Sign Build output)'
586586
inputs:
587587
# Pipeline validation can't expand service name from matrix variables
588-
ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)"
588+
ConnectedServiceName: 'Federated DevX ESRP Managed Identity Connection'
589+
AppRegistrationClientId: '65035b7f-7357-4f29-bf25-c5ee5c3949f8'
590+
AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2'
591+
AuthAKVName: 'akv-prod-eastus'
592+
AuthCertName: 'ReferenceLibraryPrivateCert'
593+
AuthSignCertName: 'ReferencePackagePublisherCertificate'
589594
FolderPath: $(SIGN_PATH)
590595
signConfigType: inlineSignParams
591596
UseMinimatch: true
@@ -595,11 +600,16 @@ extends:
595600
condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'True'))
596601

597602
- ${{ if and(eq(variables.notarize, 'true'), startsWith(pool.rid, 'osx')) }}:
598-
- task: EsrpCodeSigning@2
603+
- task: EsrpCodeSigning@5
599604
displayName: 'ESRP CodeSigning (Notarize)'
600605
inputs:
601606
# Pipeline validation can't expand service name from matrix variables
602-
ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)"
607+
ConnectedServiceName: 'Federated DevX ESRP Managed Identity Connection'
608+
AppRegistrationClientId: '65035b7f-7357-4f29-bf25-c5ee5c3949f8'
609+
AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2'
610+
AuthAKVName: 'akv-prod-eastus'
611+
AuthCertName: 'ReferenceLibraryPrivateCert'
612+
AuthSignCertName: 'ReferencePackagePublisherCertificate'
603613
FolderPath: $(SIGN_PATH)
604614
signConfigType: inlineSignParams
605615
UseMinimatch: true
@@ -615,11 +625,16 @@ extends:
615625
displayName: DotNet pack (nuget)
616626
condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'True'))
617627
618-
- task: EsrpCodeSigning@2
628+
- task: EsrpCodeSigning@5
619629
displayName: 'ESRP CodeSigning (Sign Nuget)'
620630
inputs:
621631
# Pipeline validation can't expand service name from matrix variables
622-
ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)"
632+
ConnectedServiceName: 'Federated DevX ESRP Managed Identity Connection'
633+
AppRegistrationClientId: '65035b7f-7357-4f29-bf25-c5ee5c3949f8'
634+
AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2'
635+
AuthAKVName: 'akv-prod-eastus'
636+
AuthCertName: 'ReferenceLibraryPrivateCert'
637+
AuthSignCertName: 'ReferencePackagePublisherCertificate'
623638
FolderPath: $(SIGN_PATH)
624639
signConfigType: inlineSignParams
625640
UseMinimatch: true

0 commit comments

Comments
 (0)