-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcodesign-nuget-packages.yml
61 lines (49 loc) · 2.38 KB
/
codesign-nuget-packages.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# Repo: FirelyTeam/azure-pipeline-templates
# File: codesign-nuget-packages.yml
# README:
# - Create a Variable Group in your Azure Pipeline Project
# - Link secrets from an Azure key vault as variables
# - Select the secrets you want to use and pass them to this template
# Place this template after creating the NuGet Packages (pack command)
# See for an example of using this template:
# https://github.com/FirelyTeam/firely-net-sdk/blob/develop-stu3/build/azure-pipelines.yml
parameters:
- name: certificateValue
type: string
displayName: 'The certificate value'
default: ''
- name: certificatePasswordValue
type: string
displayName: 'The certificate password value'
default: ''
- name: packagePaths
type: string
displayName: 'The path to the NuGet packages to sign. Wildcards can be used, like *.nupkg'
default: ''
steps:
- ${{ if parameters.certificateValue }}: # Only sign if a code signing certificate is provided
- powershell: |
#Convert the Secure password that's presented as plain text back into a secure string
$pwd = ConvertTo-SecureString -String "${{ parameters.certificatePasswordValue }}" -Force -AsPlainText
#Create PFX file from Certificate Variable
New-Item Temp-Certificate.pfx -Value ${{ parameters.certificateValue }}
#Import the PFX certificate from the newly created file and password. Read the thumbprint into variable
$Thumbprint = (Import-PfxCertificate -CertStoreLocation Cert:\CurrentUser\My -FilePath Temp-Certificate.pfx -Password $pwd).Thumbprint
Write-Host "##vso[task.setvariable variable=Thumbprint]$Thumbprint"
#Remove the pfx file, the certificate is now imported
Remove-Item Temp-Certificate.pfx
displayName: 'Import Code Signing certificate'
- task: DotNetCoreCLI@2
displayName: 'Code signing of packages'
inputs:
command: custom
custom: nuget
arguments: sign ${{ parameters.packagePaths }} --certificate-fingerprint $(Thumbprint) --timestamper http://timestamp.digicert.com
- powershell: |
#Delete the certificate by thumbprint, so it cannot be used elsewhere.
Get-ChildItem Cert:\CurrentUser\My\$(Thumbprint) | Remove-Item
displayName: 'Remove the certificate from cert store'
- ${{ else }}:
- powershell: |
Write-Host "No code signing certificate provided, skipping signing of packages"
displayName: 'No code signing certificate provided'