@@ -135,6 +135,18 @@ stages:
135135 displayName: 'Install signing tool and generate files'
136136 workingDirectory: $(Build.BinariesDirectory)
137137
138+ task : AzureCLI@2
139+ displayName : ' Azure CLI'
140+ inputs :
141+ azureSubscription : ' Python Signing'
142+ scriptType : ' ps'
143+ scriptLocation : ' inlineScript'
144+ inlineScript : |
145+ "##vso[task.setvariable variable=AZURE_CLIENT_ID;issecret=true]$servicePrincipalId"
146+ "##vso[task.setvariable variable=AZURE_ID_TOKEN;issecret=true]$idToken"
147+ "##vso[task.setvariable variable=AZURE_TENANT_ID;issecret=true]$tenantId"
148+ addSpnToEnvironment : true
149+
138150 - powershell : |
139151 python make.py
140152 displayName: 'Build package'
@@ -145,21 +157,20 @@ stages:
145157 PYMANAGER_APPX_PUBLISHER: $(TrustedSigningCertificateSubject)
146158
147159${{ if or(eq(parameters.Sign, 'true'), eq(parameters.TestSign, 'true')) }} :
148- - task : AzureCLI@2
160+ - powershell : >
161+ dir -r *.exe, *.pyd | %{
162+ sign code trusted-signing "$_"
163+ -fd sha256 -t http://timestamp.acs.microsoft.com -td sha256
164+ -tse "$(TrustedSigningUri)" -tsa "$(TrustedSigningAccount)" -tscp "$(TrustedSigningCertificateName)"
165+ -d "PyManager $(Build.BuildNumber)"
166+ -fl $env:SIGNLIST1
167+ }
149168 displayName: 'Sign binaries'
150- inputs :
151- azureSubscription : ' Python Signing'
152- scriptType : ps
153- scriptLocation : inlineScript
154- inlineScript : |
155- dir -r *.exe, *.pyd | %{
156- sign code trusted-signing "$_" `
157- -fd sha256 -t http://timestamp.acs.microsoft.com -td sha256 `
158- -tse "$(TrustedSigningUri)" -tsa "$(TrustedSigningAccount)" -tscp "$(TrustedSigningCertificateName)" `
159- -d "PyManager $(Build.BuildNumber)" `
160- -fl $env:SIGNLIST1
161- }
162- workingDirectory : $(LAYOUT_DIR)
169+ workingDirectory: $(LAYOUT_DIR)
170+ env:
171+ AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
172+ AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
173+ AZURE_TENANT_ID: $(AZURE_TENANT_ID)
163174
164175powershell : |
165176 python make-msix.py
@@ -181,21 +192,35 @@ stages:
181192 PYMANAGER_APPX_PUBLISHER: $(TrustedSigningCertificateSubject)
182193
183194${{ if or(eq(parameters.Sign, 'true'), eq(parameters.TestSign, 'true')) }} :
184- - task : AzureCLI@2
185- displayName : ' Sign packages'
186- inputs :
187- azureSubscription : ' Python Signing'
188- scriptType : ps
189- scriptLocation : inlineScript
190- inlineScript : |
191- dir *.msix, *.msi | %{
192- sign code trusted-signing "$_" `
193- -fd sha256 -t http://timestamp.acs.microsoft.com -td sha256 `
194- -tse "$(TrustedSigningUri)" -tsa "$(TrustedSigningAccount)" -tscp "$(TrustedSigningCertificateName)" `
195- -d "PyManager $(Build.BuildNumber)" `
196- -fl $env:SIGNLIST2
197- }
198- workingDirectory : $(DIST_DIR)
195+ - powershell : >
196+ dir *.msix | %{
197+ sign code trusted-signing "$_"
198+ -fd sha256 -t http://timestamp.acs.microsoft.com -td sha256
199+ -tse "$(TrustedSigningUri)" -tsa "$(TrustedSigningAccount)" -tscp "$(TrustedSigningCertificateName)"
200+ -d "PyManager $(Build.BuildNumber)"
201+ -fl $env:SIGNLIST2
202+ }
203+ displayName: 'Sign MSIX package'
204+ workingDirectory: $(DIST_DIR)
205+ env:
206+ AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
207+ AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
208+ AZURE_TENANT_ID: $(AZURE_TENANT_ID)
209+
210+ powershell : >
211+ dir *.msi | %{
212+ sign code trusted-signing "$_"
213+ -fd sha256 -t http://timestamp.acs.microsoft.com -td sha256
214+ -tse "$(TrustedSigningUri)" -tsa "$(TrustedSigningAccount)" -tscp "$(TrustedSigningCertificateName)"
215+ -d "PyManager $(Build.BuildNumber)"
216+ -fl $env:SIGNLIST3
217+ }
218+ displayName: 'Sign MSI package'
219+ workingDirectory: $(DIST_DIR)
220+ env:
221+ AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
222+ AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
223+ AZURE_TENANT_ID: $(AZURE_TENANT_ID)
199224
200225${{ if eq(parameters.TestSign, 'true') }} :
201226 - powershell : Write-Host "##vso[build.addbuildtag]test-signed"
0 commit comments