forked from dotnet/reproducible-builds
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathazure-pipelines.yml
84 lines (69 loc) · 2.13 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
trigger:
- main
- rel/*
pr:
- main
- rel/*
stages:
- stage: Build
jobs:
- job: Build
pool:
vmImage: windows-latest
variables:
BuildConfiguration: Release
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
steps:
- task: UseDotNet@2
inputs:
packageType: sdk
useGlobalJson: true
displayName: 'Use .NET SDK'
- script: dotnet tool restore
displayName: Install dotnet tools
- script: dotnet nbgv cloud
displayName: Set Version
- script: dotnet test dirs.proj
displayName: Test
- script: dotnet pack dirs.proj
displayName: Create package(s)
- publish: $(Build.ArtifactStagingDirectory)/Packages
displayName: Publish build packages
artifact: BuildPackages
# Keep signing variables in a separate stage
- stage: CodeSign
condition: and(succeeded('Build'), not(eq(variables['build.reason'], 'PullRequest')))
jobs:
- job: CodeSign
displayName: Code Signing
pool:
vmImage: windows-latest
variables:
- group: SignTool-DNF
steps:
- download: current
artifact: BuildPackages
- task: UseDotNet@2
inputs:
packageType: sdk
useGlobalJson: true
displayName: 'Use .NET SDK'
- script: dotnet tool restore
displayName: Install dotnet tools
- pwsh: |
dotnet sign code azure-key-vault `
"**/*.nupkg" `
--base-directory "$(Pipeline.Workspace)/BuildPackages" `
--file-list "$(Build.SourcesDirectory)/config/filelist.txt" `
--publisher-name "DotNet.ReproducibleBuilds" `
--description "DotNet.ReproducibleBuilds" `
--description-url "https://github.com/dotnet/reproducible-builds" `
--azure-key-vault-tenant-id "$(SignTenantId)" `
--azure-key-vault-client-id "$(SignClientId)" `
--azure-key-vault-client-secret '$(SignClientSecret)' `
--azure-key-vault-certificate "$(SignKeyVaultCertificate)" `
--azure-key-vault-url "$(SignKeyVaultUrl)"
displayName: Sign packages
- publish: $(Pipeline.Workspace)/BuildPackages
displayName: Publish Signed Packages
artifact: SignedPackages