mirror of
https://github.com/microsoft/PowerToys.git
synced 2025-12-15 19:27:56 +01:00
Remove WiX v3 infrastructure and migrate exclusively to WiX v5 (#41975)
## Summary: This pull request refactors the installer build pipeline to simplify and modernize the process, focusing exclusively on the WiX 5 (VNext) installer and removing legacy WiX 3 support. It eliminates the use of the `installerSuffix` parameter and related logic, removes the legacy installer build steps and scripts, and updates documentation to reflect the new architecture. The changes streamline the pipeline, reduce complexity, and ensure only the latest installer is built and signed. Pipeline and build system simplification: * Removed the `installerSuffix` parameter and all related logic from pipeline templates and YAML files, including file naming, build steps, and hash calculation scripts. * Removed legacy WiX 3 installer build steps and the associated script `installWiX.ps1`, focusing exclusively on WiX 5 (VNext) installer builds. Installer signing and build process updates: * Updated `.pipelines/ESRPSigning_installer.json` to remove signing configuration for the legacy `PowerToysSetupCustomActions.dll`, ensuring only the VNext DLL is signed. Documentation updates: * Updated `doc/devdocs/core/installer.md` to remove references to WiX 3, clarify the installer architecture as WiX 5 only, and describe the new build process. ## CheckList: - [ ] Should Build successfully and produce installer for both per user and per machine - [ ] Should install without problem --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: vanzue <69313318+vanzue@users.noreply.github.com> Co-authored-by: Kai Tao (from Dev Box) <kaitao@microsoft.com>
This commit is contained in:
Copilot
@@ -4,7 +4,6 @@
|
||||
"SignBatches": [
|
||||
{
|
||||
"MatchedPath": [
|
||||
"PowerToysSetupCustomActions.dll",
|
||||
"PowerToysSetupCustomActionsVNext.dll",
|
||||
"SilentFilesInUseBAFunction.dll",
|
||||
"PowerToys*Setup-*.exe",
|
||||
|
||||
@@ -1,26 +0,0 @@
|
||||
$ProgressPreference = 'SilentlyContinue'
|
||||
|
||||
$WixDownloadUrl = "https://github.com/wixtoolset/wix3/releases/download/wix3141rtm/wix314.exe"
|
||||
$WixBinariesDownloadUrl = "https://github.com/wixtoolset/wix3/releases/download/wix3141rtm/wix314-binaries.zip"
|
||||
|
||||
# Download WiX binaries and verify their hash sums
|
||||
Invoke-WebRequest -Uri $WixDownloadUrl -OutFile "$($ENV:Temp)\wix314.exe"
|
||||
$Hash = (Get-FileHash -Algorithm SHA256 "$($ENV:Temp)\wix314.exe").Hash
|
||||
if ($Hash -ne '6BF6D03D6923D9EF827AE1D943B90B42B8EBB1B0F68EF6D55F868FA34C738A29')
|
||||
{
|
||||
Write-Error "$WixHash"
|
||||
throw "wix314.exe has unexpected SHA256 hash: $Hash"
|
||||
}
|
||||
Invoke-WebRequest -Uri $WixBinariesDownloadUrl -OutFile "$($ENV:Temp)\wix314-binaries.zip"
|
||||
$Hash = (Get-FileHash -Algorithm SHA256 "$($ENV:Temp)\wix314-binaries.zip").Hash
|
||||
if($Hash -ne '6AC824E1642D6F7277D0ED7EA09411A508F6116BA6FAE0AA5F2C7DAA2FF43D31')
|
||||
{
|
||||
throw "wix314-binaries.zip has unexpected SHA256 hash: $Hash"
|
||||
}
|
||||
|
||||
# Install WiX
|
||||
Start-Process -Wait -FilePath "$($ENV:Temp)\wix314.exe" -ArgumentList "/install /quiet"
|
||||
|
||||
# Extract WiX binaries and copy wix.targets to the installed dir
|
||||
Expand-Archive -Path "$($ENV:Temp)\wix314-binaries.zip" -Force -DestinationPath "$($ENV:Temp)"
|
||||
Copy-Item -Path "$($ENV:Temp)\wix.targets" -Destination "C:\Program Files (x86)\WiX Toolset v3.14\"
|
||||
@@ -20,11 +20,6 @@ parameters:
|
||||
type: string
|
||||
default: '0.0.1'
|
||||
|
||||
- name: installerSuffix
|
||||
type: string
|
||||
displayName: "WiX5 installer suffix (e.g., 'wix5', 'vnext', etc.)"
|
||||
default: "wix5"
|
||||
|
||||
- name: buildConfigurations
|
||||
displayName: "Build Configurations"
|
||||
type: object
|
||||
@@ -104,8 +99,7 @@ extends:
|
||||
useManagedIdentity: $(SigningUseManagedIdentity)
|
||||
clientId: $(SigningOriginalClientId)
|
||||
# Have msbuild use the release nuget config profile
|
||||
installerSuffix: ${{ parameters.installerSuffix }}
|
||||
additionalBuildOptions: /p:RestoreConfigFile="$(Build.SourcesDirectory)\.pipelines\release-nuget.config" /p:InstallerSuffix=${{ parameters.installerSuffix }} /p:EnableCmdPalAOT=true
|
||||
additionalBuildOptions: /p:RestoreConfigFile="$(Build.SourcesDirectory)\.pipelines\release-nuget.config" /p:EnableCmdPalAOT=true
|
||||
beforeBuildSteps:
|
||||
# Sets versions for all PowerToy created DLLs
|
||||
- pwsh: |-
|
||||
|
||||
@@ -65,9 +65,6 @@ parameters:
|
||||
- name: versionNumber
|
||||
type: string
|
||||
default: '0.0.1'
|
||||
- name: installerSuffix
|
||||
type: string
|
||||
default: "wix5"
|
||||
- name: useLatestWinAppSDK
|
||||
type: boolean
|
||||
default: false
|
||||
@@ -240,9 +237,7 @@ jobs:
|
||||
parameters:
|
||||
directory: $(build.sourcesdirectory)\src\modules\cmdpal
|
||||
|
||||
- pwsh: |-
|
||||
& "$(build.sourcesdirectory)\.pipelines\installWiX.ps1"
|
||||
displayName: Download and install WiX 3.14 development build
|
||||
|
||||
|
||||
- ${{ parameters.beforeBuildSteps }}
|
||||
|
||||
@@ -508,20 +503,7 @@ jobs:
|
||||
Copy-Item -Verbose -Force "$(CmdPalPackagePath)" "$(JobOutputDirectory)"
|
||||
displayName: Stage the final CmdPal package
|
||||
|
||||
- template: steps-build-installer.yml
|
||||
parameters:
|
||||
codeSign: ${{ parameters.codeSign }}
|
||||
signingIdentity: ${{ parameters.signingIdentity }}
|
||||
versionNumber: ${{ parameters.versionNumber }}
|
||||
additionalBuildOptions: ${{ parameters.additionalBuildOptions }}
|
||||
|
||||
- template: steps-build-installer.yml
|
||||
parameters:
|
||||
codeSign: ${{ parameters.codeSign }}
|
||||
signingIdentity: ${{ parameters.signingIdentity }}
|
||||
versionNumber: ${{ parameters.versionNumber }}
|
||||
additionalBuildOptions: ${{ parameters.additionalBuildOptions }}
|
||||
buildUserInstaller: true # NOTE: This is the distinction between the above and below rules
|
||||
|
||||
- template: steps-build-installer-vnext.yml
|
||||
parameters:
|
||||
@@ -529,7 +511,6 @@ jobs:
|
||||
signingIdentity: ${{ parameters.signingIdentity }}
|
||||
versionNumber: ${{ parameters.versionNumber }}
|
||||
additionalBuildOptions: ${{ parameters.additionalBuildOptions }}
|
||||
installerSuffix: ${{ parameters.installerSuffix }}
|
||||
|
||||
- template: steps-build-installer-vnext.yml
|
||||
parameters:
|
||||
@@ -537,7 +518,6 @@ jobs:
|
||||
signingIdentity: ${{ parameters.signingIdentity }}
|
||||
versionNumber: ${{ parameters.versionNumber }}
|
||||
additionalBuildOptions: ${{ parameters.additionalBuildOptions }}
|
||||
installerSuffix: ${{ parameters.installerSuffix }}
|
||||
buildUserInstaller: true # NOTE: This is the distinction between the above and below rules
|
||||
|
||||
# This saves ~1GiB per architecture. We won't need these later.
|
||||
@@ -576,17 +556,16 @@ jobs:
|
||||
|
||||
- pwsh: |-
|
||||
$p = "$(JobOutputDirectory)\"
|
||||
$installerSuffix = "${{ parameters.installerSuffix }}"
|
||||
|
||||
# Calculate hashes for regular installers (without custom suffix)
|
||||
$userSetupFiles = Get-ChildItem -Path $p -Filter "PowerToysUserSetup*.exe" | Where-Object { $_.Name -notmatch "-$installerSuffix-" }
|
||||
$machineSetupFiles = Get-ChildItem -Path $p -Filter "PowerToysSetup*.exe" | Where-Object { $_.Name -notmatch "-$installerSuffix-" -and $_.Name -notmatch "PowerToysUserSetup" }
|
||||
# Calculate hashes for installers
|
||||
$userSetupFiles = Get-ChildItem -Path $p -Filter "PowerToysUserSetup*.exe"
|
||||
$machineSetupFiles = Get-ChildItem -Path $p -Filter "PowerToysSetup*.exe" | Where-Object { $_.Name -notmatch "PowerToysUserSetup" }
|
||||
|
||||
if ($userSetupFiles.Count -gt 0) {
|
||||
$userHash = ($userSetupFiles[0] | Get-FileHash).Hash;
|
||||
$userPlat = "hash_user_$(BuildPlatform).txt";
|
||||
$combinedUserPath = $p + $userPlat;
|
||||
echo "Regular User: $userHash"
|
||||
echo "User: $userHash"
|
||||
$userHash | out-file -filepath $combinedUserPath
|
||||
}
|
||||
|
||||
@@ -594,29 +573,9 @@ jobs:
|
||||
$machineHash = ($machineSetupFiles[0] | Get-FileHash).Hash;
|
||||
$machinePlat = "hash_machine_$(BuildPlatform).txt";
|
||||
$combinedMachinePath = $p + $machinePlat;
|
||||
echo "Regular Machine: $machineHash"
|
||||
echo "Machine: $machineHash"
|
||||
$machineHash | out-file -filepath $combinedMachinePath
|
||||
}
|
||||
|
||||
# Calculate hashes for VNext installers (with custom suffix)
|
||||
$userVNextFiles = Get-ChildItem -Path $p -Filter "PowerToysUserSetup*-$installerSuffix-*.exe"
|
||||
$machineVNextFiles = Get-ChildItem -Path $p -Filter "PowerToysSetup*-$installerSuffix-*.exe" | Where-Object { $_.Name -notmatch "PowerToysUserSetup" }
|
||||
|
||||
if ($userVNextFiles.Count -gt 0) {
|
||||
$userVNextHash = ($userVNextFiles[0] | Get-FileHash).Hash;
|
||||
$userVNextPlat = "hash_user_vnext_$(BuildPlatform).txt";
|
||||
$combinedUserVNextPath = $p + $userVNextPlat;
|
||||
echo "VNext User: $userVNextHash"
|
||||
$userVNextHash | out-file -filepath $combinedUserVNextPath
|
||||
}
|
||||
|
||||
if ($machineVNextFiles.Count -gt 0) {
|
||||
$machineVNextHash = ($machineVNextFiles[0] | Get-FileHash).Hash;
|
||||
$machineVNextPlat = "hash_machine_vnext_$(BuildPlatform).txt";
|
||||
$combinedMachineVNextPath = $p + $machineVNextPlat;
|
||||
echo "VNext Machine: $machineVNextHash"
|
||||
$machineVNextHash | out-file -filepath $combinedMachineVNextPath
|
||||
}
|
||||
displayName: Calculate file hashes for all installers
|
||||
|
||||
# Publishing the GPO files
|
||||
|
||||
@@ -14,9 +14,6 @@ parameters:
|
||||
- name: additionalBuildOptions
|
||||
type: string
|
||||
default: ''
|
||||
- name: installerSuffix
|
||||
type: string
|
||||
default: "wix5"
|
||||
|
||||
steps:
|
||||
# Install WiX 5.0.2 tools needed for VNext installer (matching project SDK)
|
||||
@@ -41,10 +38,10 @@ steps:
|
||||
# VNext bundle folder; base name intentionally omits the VNext suffix
|
||||
$InstallerFolder = 'PowerToysSetupVNext'
|
||||
if ($IsPerUser) {
|
||||
$InstallerBasename = "PowerToysUserSetup-${{ parameters.versionNumber }}-${{ parameters.installerSuffix }}-$(BuildPlatform)"
|
||||
$InstallerBasename = "PowerToysUserSetup-${{ parameters.versionNumber }}-$(BuildPlatform)"
|
||||
}
|
||||
else {
|
||||
$InstallerBasename = "PowerToysSetup-${{ parameters.versionNumber }}-${{ parameters.installerSuffix }}-$(BuildPlatform)"
|
||||
$InstallerBasename = "PowerToysSetup-${{ parameters.versionNumber }}-$(BuildPlatform)"
|
||||
}
|
||||
|
||||
# Export variables for downstream steps
|
||||
@@ -63,7 +60,6 @@ steps:
|
||||
msbuildArgs: >-
|
||||
/t:PowerToysSetupCustomActionsVNext
|
||||
/p:RunBuildEvents=true;PerUser=${{parameters.buildUserInstaller}};RestorePackagesConfig=true;CIBuild=true
|
||||
/p:InstallerSuffix=${{ parameters.installerSuffix }}
|
||||
-restore -graph
|
||||
/bl:$(LogOutputDirectory)\installer-$(InstallerBuildSlug)-actions.binlog
|
||||
${{ parameters.additionalBuildOptions }}
|
||||
@@ -95,7 +91,6 @@ steps:
|
||||
-restore
|
||||
/t:PowerToysInstallerVNext
|
||||
/p:RunBuildEvents=false;PerUser=${{parameters.buildUserInstaller}};BuildProjectReferences=false;CIBuild=true
|
||||
/p:InstallerSuffix=${{ parameters.installerSuffix }}
|
||||
/bl:$(LogOutputDirectory)\installer-$(InstallerBuildSlug)-msi.binlog
|
||||
${{ parameters.additionalBuildOptions }}
|
||||
platform: $(BuildPlatform)
|
||||
@@ -142,7 +137,6 @@ steps:
|
||||
msbuildArgs: >-
|
||||
/t:SilentFilesInUseBAFunction
|
||||
/p:RunBuildEvents=true;PerUser=${{parameters.buildUserInstaller}};RestorePackagesConfig=true;CIBuild=true
|
||||
/p:InstallerSuffix=${{ parameters.installerSuffix }}
|
||||
-restore -graph
|
||||
/bl:$(LogOutputDirectory)\installer-$(InstallerBuildSlug)-SilentFilesInUseBAFunction.binlog
|
||||
${{ parameters.additionalBuildOptions }}
|
||||
@@ -175,7 +169,6 @@ steps:
|
||||
-restore
|
||||
/t:PowerToysBootstrapperVNext
|
||||
/p:PerUser=${{parameters.buildUserInstaller}};CIBuild=true
|
||||
/p:InstallerSuffix=${{ parameters.installerSuffix }}
|
||||
/bl:$(LogOutputDirectory)\installer-$(InstallerBuildSlug)-bootstrapper.binlog
|
||||
-restore -graph
|
||||
${{ parameters.additionalBuildOptions }}
|
||||
|
||||
@@ -1,208 +0,0 @@
|
||||
parameters:
|
||||
- name: versionNumber
|
||||
type: string
|
||||
default: "0.0.1"
|
||||
- name: buildUserInstaller
|
||||
type: boolean
|
||||
default: false
|
||||
- name: codeSign
|
||||
type: boolean
|
||||
default: false
|
||||
- name: signingIdentity
|
||||
type: object
|
||||
default: {}
|
||||
- name: additionalBuildOptions
|
||||
type: string
|
||||
default: ''
|
||||
|
||||
steps:
|
||||
- pwsh: |-
|
||||
& git clean -xfd -e *exe -- .\installer\
|
||||
displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Clean installer to reduce cross-contamination
|
||||
|
||||
- pwsh: |-
|
||||
$IsPerUser = $${{ parameters.buildUserInstaller }}
|
||||
$InstallerBuildSlug = "MachineSetup"
|
||||
$InstallerBasename = "PowerToysSetup"
|
||||
If($IsPerUser) {
|
||||
$InstallerBuildSlug = "UserSetup"
|
||||
$InstallerBasename = "PowerToysUserSetup"
|
||||
}
|
||||
$InstallerBasename += "-${{ parameters.versionNumber }}-$(BuildPlatform)"
|
||||
Write-Host "##vso[task.setvariable variable=InstallerBuildSlug]$InstallerBuildSlug"
|
||||
Write-Host "##vso[task.setvariable variable=InstallerRelativePath]$(BuildPlatform)\$(BuildConfiguration)\$InstallerBuildSlug"
|
||||
Write-Host "##vso[task.setvariable variable=InstallerBasename]$InstallerBasename"
|
||||
displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Prepare Installer variables
|
||||
|
||||
# This dll needs to be built and signed before building the MSI.
|
||||
- task: VSBuild@1
|
||||
displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Build PowerToysSetupCustomActions
|
||||
inputs:
|
||||
solution: "**/installer/PowerToysSetup.sln"
|
||||
vsVersion: 17.0
|
||||
msbuildArgs: >-
|
||||
/t:PowerToysSetupCustomActions
|
||||
/p:RunBuildEvents=true;PerUser=${{parameters.buildUserInstaller}};RestorePackagesConfig=true;CIBuild=true
|
||||
-restore -graph
|
||||
/bl:$(LogOutputDirectory)\installer-$(InstallerBuildSlug)-actions.binlog
|
||||
${{ parameters.additionalBuildOptions }}
|
||||
platform: $(BuildPlatform)
|
||||
configuration: $(BuildConfiguration)
|
||||
clean: true
|
||||
msbuildArchitecture: x64
|
||||
maximumCpuCount: true
|
||||
|
||||
- ${{ if eq(parameters.codeSign, true) }}:
|
||||
- template: steps-esrp-signing.yml
|
||||
parameters:
|
||||
displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Sign PowerToysSetupCustomActions
|
||||
signingIdentity: ${{ parameters.signingIdentity }}
|
||||
inputs:
|
||||
FolderPath: 'installer/PowerToysSetupCustomActions/$(InstallerRelativePath)'
|
||||
signType: batchSigning
|
||||
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_installer.json'
|
||||
ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml'
|
||||
|
||||
## INSTALLER START
|
||||
#### MSI BUILDING AND SIGNING
|
||||
- task: VSBuild@1
|
||||
displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Build MSI
|
||||
inputs:
|
||||
solution: "**/installer/PowerToysSetup.sln"
|
||||
vsVersion: 17.0
|
||||
msbuildArgs: >-
|
||||
-restore
|
||||
/t:PowerToysInstaller
|
||||
/p:RunBuildEvents=false;PerUser=${{parameters.buildUserInstaller}};BuildProjectReferences=false;CIBuild=true
|
||||
/bl:$(LogOutputDirectory)\installer-$(InstallerBuildSlug)-msi.binlog
|
||||
${{ parameters.additionalBuildOptions }}
|
||||
platform: $(BuildPlatform)
|
||||
configuration: $(BuildConfiguration)
|
||||
clean: false # don't undo our hard work above by deleting the CustomActions dll
|
||||
msbuildArchitecture: x64
|
||||
maximumCpuCount: true
|
||||
|
||||
- script: |-
|
||||
"C:\Program Files (x86)\WiX Toolset v3.14\bin\dark.exe" -x $(build.sourcesdirectory)\extractedMsi installer\PowerToysSetup\$(InstallerRelativePath)\$(InstallerBasename).msi
|
||||
dir $(build.sourcesdirectory)\extractedMsi
|
||||
displayName: "${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Extract and verify MSI"
|
||||
|
||||
# Extract CmdPal msix package to check if its content is signed
|
||||
- pwsh: |-
|
||||
Write-Host "Extracting CmdPal MSIX package"
|
||||
|
||||
# Define the directory to search
|
||||
$searchDir = "extractedMsi\File"
|
||||
|
||||
# Define the regex pattern for MSIX files
|
||||
$pattern = '^Microsoft.CmdPal.UI.*\.msix$'
|
||||
|
||||
# Get all files in the directory and subdirectories
|
||||
$msixFile = Get-ChildItem -Path $searchDir -Recurse -File | Where-Object {
|
||||
$_.Name -match $pattern
|
||||
}
|
||||
|
||||
Write-Host "MSIX file found: " $msixFile
|
||||
|
||||
$destinationDir = "$(build.sourcesdirectory)\extractedMsi\File\extractedCmdPalMsix"
|
||||
|
||||
Expand-Archive -Path $msixFile -DestinationPath $destinationDir
|
||||
Get-ChildItem -Path $destinationDir -Recurse -File
|
||||
|
||||
displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Extract CmdPal MSIX package
|
||||
|
||||
# Check if deps.json files don't reference different dll versions.
|
||||
- pwsh: |-
|
||||
& '.pipelines/verifyDepsJsonLibraryVersions.ps1' -targetDir '$(build.sourcesdirectory)\extractedMsi\File'
|
||||
displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Audit deps.json in MSI extracted files
|
||||
|
||||
- ${{ if eq(parameters.codeSign, true) }}:
|
||||
- pwsh: |-
|
||||
& .pipelines/versionAndSignCheck.ps1 -targetDir '$(build.sourcesdirectory)\extractedMsi\File'
|
||||
& .pipelines/versionAndSignCheck.ps1 -targetDir '$(build.sourcesdirectory)\extractedMsi\Binary'
|
||||
git clean -xfd ./extractedMsi
|
||||
displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Verify all binaries are signed and versioned
|
||||
|
||||
- template: steps-esrp-signing.yml
|
||||
parameters:
|
||||
displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Sign MSI
|
||||
signingIdentity: ${{ parameters.signingIdentity }}
|
||||
inputs:
|
||||
FolderPath: 'installer/PowerToysSetup/$(InstallerRelativePath)'
|
||||
signType: batchSigning
|
||||
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_installer.json'
|
||||
ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml'
|
||||
|
||||
#### END MSI
|
||||
#### BOOTSTRAP BUILDING AND SIGNING
|
||||
|
||||
- task: VSBuild@1
|
||||
displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Build Bootstrapper
|
||||
inputs:
|
||||
solution: "**/installer/PowerToysSetup.sln"
|
||||
vsVersion: 17.0
|
||||
msbuildArgs: >-
|
||||
/t:PowerToysBootstrapper
|
||||
/p:PerUser=${{parameters.buildUserInstaller}};CIBuild=true
|
||||
/bl:$(LogOutputDirectory)\installer-$(InstallerBuildSlug)-bootstrapper.binlog
|
||||
-restore -graph
|
||||
${{ parameters.additionalBuildOptions }}
|
||||
platform: $(BuildPlatform)
|
||||
configuration: $(BuildConfiguration)
|
||||
clean: false # don't undo our hard work above by deleting the MSI
|
||||
msbuildArchitecture: x64
|
||||
maximumCpuCount: true
|
||||
|
||||
# The entirety of bundle unpacking/re-packing is unnecessary if we are not code signing it.
|
||||
- ${{ if eq(parameters.codeSign, true) }}:
|
||||
- script: |-
|
||||
"C:\Program Files (x86)\WiX Toolset v3.14\bin\insignia.exe" -ib installer\PowerToysSetup\$(InstallerRelativePath)\$(InstallerBasename).exe -o installer\engine.exe
|
||||
displayName: "${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Insignia: Extract Engine from Bundle"
|
||||
|
||||
- template: steps-esrp-signing.yml
|
||||
parameters:
|
||||
displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Sign WiX Engine
|
||||
signingIdentity: ${{ parameters.signingIdentity }}
|
||||
inputs:
|
||||
FolderPath: "installer"
|
||||
Pattern: engine.exe
|
||||
signConfigType: inlineSignParams
|
||||
inlineOperation: |
|
||||
[
|
||||
{
|
||||
"KeyCode": "CP-230012",
|
||||
"OperationCode": "SigntoolSign",
|
||||
"Parameters": {
|
||||
"OpusName": "Microsoft",
|
||||
"OpusInfo": "http://www.microsoft.com",
|
||||
"FileDigest": "/fd \"SHA256\"",
|
||||
"PageHash": "/NPH",
|
||||
"TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
|
||||
},
|
||||
"ToolName": "sign",
|
||||
"ToolVersion": "1.0"
|
||||
},
|
||||
{
|
||||
"KeyCode": "CP-230012",
|
||||
"OperationCode": "SigntoolVerify",
|
||||
"Parameters": {},
|
||||
"ToolName": "sign",
|
||||
"ToolVersion": "1.0"
|
||||
}
|
||||
]
|
||||
|
||||
- script: |-
|
||||
"C:\Program Files (x86)\WiX Toolset v3.14\bin\insignia.exe" -ab installer\engine.exe installer\PowerToysSetup\$(InstallerRelativePath)\$(InstallerBasename).exe -o installer\PowerToysSetup\$(InstallerRelativePath)\$(InstallerBasename).exe
|
||||
displayName: "${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Insignia: Merge Engine into Bundle"
|
||||
|
||||
- template: steps-esrp-signing.yml
|
||||
parameters:
|
||||
displayName: ${{replace(replace(parameters.buildUserInstaller,'True','👤'),'False','💻')}} Sign Final Bootstrapper
|
||||
signingIdentity: ${{ parameters.signingIdentity }}
|
||||
inputs:
|
||||
FolderPath: 'installer/PowerToysSetup/$(InstallerRelativePath)'
|
||||
signType: batchSigning
|
||||
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_installer.json'
|
||||
ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml'
|
||||
#### END BOOTSTRAP
|
||||
## END INSTALLER
|
||||
Reference in New Issue
Block a user