-
Notifications
You must be signed in to change notification settings - Fork 2
/
codesign-nuget-packages.yml
47 lines (35 loc) · 2.03 KB
/
codesign-nuget-packages.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Repo: FirelyTeam/azure-pipeline-templates
# File: codesign-nuget-packages.yml
# README:
# - Create a Variable Group in your Azure Pipeline Project
# - Link secrets from an Azure key vault as variables
# - Select the secrets you want to use and pass them to this template
# Place this template after creating the NuGet Packages (pack command)
# See for an example of using this template:
# https://github.com/FirelyTeam/firely-net-sdk/blob/develop-stu3/build/azure-pipelines.yml
parameters:
certificateValue: # this the secret which refers to a pfx variable in the Azure Key Vault
certificatePasswordValue: # this the secret which refers to the password of the pfx certificate
packagePaths: # the NuGet Packages to sign. Wildcards can be used, like *.nupkg
steps:
- powershell: |
#Convert the Secure password that's presented as plain text back into a secure string
$pwd = ConvertTo-SecureString -String "${{ parameters.certificatePasswordValue }}" -Force -AsPlainText
#Create PFX file from Certificate Variable
New-Item Temp-Certificate.pfx -Value ${{ parameters.certificateValue }}
#Import the PFX certificate from the newly created file and password. Read the thumbprint into variable
$Thumbprint = (Import-PfxCertificate -CertStoreLocation Cert:\CurrentUser\My -FilePath Temp-Certificate.pfx -Password $pwd).Thumbprint
Write-Host "##vso[task.setvariable variable=Thumbprint]$Thumbprint"
#Remove the pfx file, the certificate is now imported
Remove-Item Temp-Certificate.pfx
displayName: 'Import Code Signing certificate'
- task: DotNetCoreCLI@2
displayName: 'Code signing of packages'
inputs:
command: custom
custom: nuget
arguments: sign ${{ parameters.packagePaths }} --certificate-fingerprint $(Thumbprint) --timestamper http://timestamp.digicert.com
- powershell: |
#Delete the certificate by thumbprint, so it cannot be used elsewhere.
Get-ChildItem Cert:\CurrentUser\My\$(Thumbprint) | Remove-Item
displayName: 'Remove the certificate from cert store'