Skip to content

Commit

Permalink
Fixed package signing
Browse files Browse the repository at this point in the history
* Explicitly invoke the 'SignFiles' target in the package signing step
* Generate & archive a binlog for the NuGet package signing step
* Disable sbom for the nuget packages.
  • Loading branch information
jstedfast committed Aug 14, 2024
1 parent 1881513 commit 08e5a27
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 9 deletions.
23 changes: 17 additions & 6 deletions azure-pipelines/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,13 +56,20 @@ extends:
sbom:
enabled: true
outputs:
- output: pipelineArtifact
displayName: 'Publish Logs'
condition: always()
targetPath: '$(Build.ArtifactStagingDirectory)\Logs'
artifactType: container
sbomEnabled: false
- output: nuget
displayName: 'NuGet push to NuGet.org'
displayName: 'Publish packages to NuGet.org'
condition: and(succeeded(), eq(variables['Build.OfficialRelease'], 'true'))
packageParentPath: '$(Build.ArtifactStagingDirectory)\Packages'
packagesToPush: $(Build.ArtifactStagingDirectory)\Packages\*.nupkg;!$(Build.ArtifactStagingDirectory)\Packages\*.symbols.nupkg
nuGetFeedType: external
publishFeedCredentials: UpgradeAssistantExtensions-NuGet.org
sbomEnabled: false
steps:
- checkout: self
clean: true
Expand All @@ -87,7 +94,7 @@ extends:
- task: NuGetAuthenticate@1
displayName: NuGet Authenticate
- task: NuGetCommand@2
displayName: NuGet restore
displayName: Restore NuGet Packages
inputs:
solution: UpgradeAssistant.Extensions.sln
- task: VSBuild@1
Expand All @@ -113,10 +120,14 @@ extends:
displayName: Build Mappings NuGet package
inputs:
solution: src\UpgradeAssistant.Mappings\UpgradeAssistant.Mappings.csproj
msbuildArgs: /t:Pack /p:PublicRelease=$(Build.OfficialRelease) /p:TimestampPackage=$(TimestampPackage) /p:PackageOutputPath="$(Build.ArtifactStagingDirectory)\UnsignedPackages"
msbuildArgs: /t:Pack /p:PublicRelease=$(Build.OfficialRelease) /p:TimestampPackage=$(TimestampPackage) /p:PackageOutputPath="$(Build.ArtifactStagingDirectory)\Packages"
configuration: release
- task: NuGetCommand@2
displayName: Restore NuGet Packages (Package Signing)
inputs:
solution: azure-pipelines\nuget-package.signproj
- task: MSBuild@1
displayName: 'Sign Mappings NuGet Package'
displayName: 'Sign NuGet Packages'
inputs:
solution: 'azure-pipelines\nuget-package.signproj'
msbuildArguments: '/p:OutDir=$(Build.ArtifactStagingDirectory)\Packages /p:UnsignedPackagesPath=$(Build.ArtifactStagingDirectory)\UnsignedPackages'
solution: azure-pipelines\nuget-package.signproj
msbuildArguments: '/t:SignFiles /v:diagnostic /bl:$(Build.ArtifactStagingDirectory)\Logs\SignNugetPackages.binlog /p:OutDir=$(Build.ArtifactStagingDirectory)\Packages /p:PackagesPath=$(Build.ArtifactStagingDirectory)\Packages'
6 changes: 3 additions & 3 deletions azure-pipelines/nuget-package.signproj
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" Sdk="Microsoft.Build.NoTargets/3.7.56">
<Project ToolsVersion="Current" Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFrameworks>net8.0</TargetFrameworks>
</PropertyGroup>
Expand All @@ -8,9 +8,9 @@
<PackageReference Include="Microsoft.VisualStudioEng.MicroBuild.Core" version="1.0.0" />
</ItemGroup>

<Target Name="Sign" DependsOnTargets="$(SignDependsOn)" AfterTargets="AfterBuild">
<Target Name="CollectNuGetPackagesToSign" DependsOnTargets="$(SignDependsOn)" BeforeTargets="SignFiles">
<ItemGroup>
<FilesToSign Include="$(UnsignedPackagesPath)\*.nupkg">
<FilesToSign Include="$(PackagesPath)\*.nupkg">
<Authenticode>NuGet</Authenticode>
</FilesToSign>
</ItemGroup>
Expand Down

0 comments on commit 08e5a27

Please sign in to comment.