KX-11391 - SignFile replaced with AzureSignTool (#36)

* KX-11391 - SignFile replaced with AzureSignTool * KX-11391 - Timestamp server URL inlined * KX-11391 - Update build-and-release.yaml --------- Co-authored-by: Zdenek Strach <[email protected]>
Kentico · Mar 6, 2024 · eb456e0 · eb456e0
1 parent 3d4343f
commit eb456e0
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 2 deletions.
diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json
@@ -0,0 +1,12 @@
+{
+  "version": 1,
+  "isRoot": true,
+  "tools": {
+    "azuresigntool": {
+      "version": "4.0.1",
+      "commands": [
+        "azuresigntool"
+      ]
+    }
+  }
+}
diff --git a/build-and-release.yaml b/build-and-release.yaml
@@ -30,7 +30,7 @@ stages:
           clean: resources
 
         variables:
-          - group: 14.0 Authenticode signature parameters
+          - group: Code Sign KV Auth
 
           - name: Configuration
             value: Release
@@ -45,6 +45,14 @@ stages:
               packageType: sdk
               version: ${{ variables.DotNetSdkVersion }}
 
+          - task: DotNetCoreCLI@2
+            displayName: Restore dotnet tools
+            inputs:
+              command: custom
+              custom: tool
+              arguments: restore
+              workingDirectory: $(System.DefaultWorkingDirectory)
+
           - task: DotNetCoreCLI@2
             displayName: Restore dependencies
             inputs:
@@ -67,7 +75,7 @@ stages:
                           <AssemblyToSign Include="`$(RazorViewsTargetPath)" Condition="Exists('`$(RazorViewsTargetPath)')" />
                       </ItemGroup>
 
-                      <SignFile CertificateThumbprint="`$(AuthenticodeCertificateThumbprint)" TimestampUrl="http://time.certum.pl" SigningTarget="%(AssemblyToSign.Identity)" />
+                      <Exec Command="dotnet AzureSignTool sign --azure-key-vault-url $(AuthenticodeKeyVaultUrl) --azure-key-vault-tenant-id $(AuthenticodeTenantId) --azure-key-vault-client-id $(AuthenticodeClientId) --azure-key-vault-client-secret $(AuthenticodeClientSecret) --azure-key-vault-certificate $(AuthenticodeCertificateName) --timestamp-rfc3161 http://timestamp.digicert.com --skip-signed %(AssemblyToSign.Identity)" />
                   </Target>
               </Project>
               "@
@@ -81,6 +89,8 @@ stages:
               command: build
               projects: '**/*.csproj'
               arguments: --no-restore --configuration ${{ variables.Configuration }}
+            env:
+              AuthenticodeClientSecret: $(AuthenticodeClientSecret)
 
           - task: DotNetCoreCLI@2
             displayName: Test