Mirrors/PowerToys
1
0
Fork 0
mirror of https://github.com/microsoft/PowerToys.git synced 2025-12-15 11:17:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move to ESRPv5, which supports certificate authentication (#32775)

Browse Source 
Co-authored-by: Jaime Bernardo <jaime@janeasystems.com>
This commit is contained in:
Dustin L. Howett
2024-05-08 11:32:25 -05:00
committed by GitHub
parent 9699feea40
commit a46319f19a
4 changed files with 34 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/actions/spell-check/expect.txt vendored
View File

@@ -29,6 +29,7 @@ AFFINETRANSFORM
AFX AFX
AGGREGATABLE AGGREGATABLE
AHybrid AHybrid
AKV
ALarger ALarger
ALLAPPS ALLAPPS
ALLINPUT ALLINPUT

1
.pipelines/ESRPSigning_core.json
View File

@@ -304,6 +304,7 @@
"MessagePack.dll", "MessagePack.dll",
"Nerdbank.Streams.dll", "Nerdbank.Streams.dll",
"WinUI3Apps\\SharpCompress.dll", "WinUI3Apps\\SharpCompress.dll",
"WinUI3Apps\\ZstdSharp.dll",
"ColorCode.Core.dll", "ColorCode.Core.dll",
"ColorCode.UWP.dll", "ColorCode.UWP.dll",
"UnitsNet.dll", "UnitsNet.dll",

19
.pipelines/installer-steps.yml
View File

@@ -11,6 +11,9 @@ parameters:
- name: installerPrefix - name: installerPrefix
type: string type: string
default: "PowerToysSetup" default: "PowerToysSetup"
- name: signingParameters
type: object
default: {}
steps: steps:
- task: VSBuild@1 - task: VSBuild@1
@@ -24,10 +27,10 @@ steps:
clean: true clean: true
maximumCpuCount: true maximumCpuCount: true
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3 - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: Sign PowerToysSetupCustomActions DLL displayName: Sign PowerToysSetupCustomActions DLL
inputs: inputs:
ConnectedServiceName: "Terminal/Console/WinAppDriver Team Code Signing Connection" ${{ insert }}: ${{ parameters.signingParameters }}
FolderPath: 'installer/PowerToysSetupCustomActions/$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}' FolderPath: 'installer/PowerToysSetupCustomActions/$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}'
signType: batchSigning signType: batchSigning
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_installer.json' batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_installer.json'
@@ -74,10 +77,10 @@ steps:
scriptName: .pipelines/versionAndSignCheck.ps1 scriptName: .pipelines/versionAndSignCheck.ps1
arguments: -targetDir '$(build.sourcesdirectory)\extractedMsi\Binary' arguments: -targetDir '$(build.sourcesdirectory)\extractedMsi\Binary'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3 - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: Sign MSI displayName: Sign MSI
inputs: inputs:
ConnectedServiceName: "Terminal/Console/WinAppDriver Team Code Signing Connection" ${{ insert }}: ${{ parameters.signingParameters }}
FolderPath: 'installer/PowerToysSetup/$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}' FolderPath: 'installer/PowerToysSetup/$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}'
signType: batchSigning signType: batchSigning
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_installer.json' batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_installer.json'
@@ -101,10 +104,10 @@ steps:
inputs: inputs:
script: '"C:\Program Files (x86)\WiX Toolset v3.14\bin\insignia.exe" -ib installer\PowerToysSetup\$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}\${{parameters.installerPrefix}}-${{ parameters.versionNumber }}-$(BuildPlatform).exe -o installer\engine.exe' script: '"C:\Program Files (x86)\WiX Toolset v3.14\bin\insignia.exe" -ib installer\PowerToysSetup\$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}\${{parameters.installerPrefix}}-${{ parameters.versionNumber }}-$(BuildPlatform).exe -o installer\engine.exe'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3 - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: "ESRP CodeSigning (Engine)" displayName: "ESRP CodeSigning (Engine)"
inputs: inputs:
ConnectedServiceName: "Terminal/Console/WinAppDriver Team Code Signing Connection" ${{ insert }}: ${{ parameters.signingParameters }}
FolderPath: "installer" FolderPath: "installer"
Pattern: engine.exe Pattern: engine.exe
signConfigType: inlineSignParams signConfigType: inlineSignParams
@@ -137,10 +140,10 @@ steps:
inputs: inputs:
script: '"C:\Program Files (x86)\WiX Toolset v3.14\bin\insignia.exe" -ab installer\engine.exe installer\PowerToysSetup\$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}\${{parameters.installerPrefix}}-${{ parameters.versionNumber }}-$(BuildPlatform).exe -o installer\PowerToysSetup\$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}\${{parameters.installerPrefix}}-${{ parameters.versionNumber }}-$(BuildPlatform).exe' script: '"C:\Program Files (x86)\WiX Toolset v3.14\bin\insignia.exe" -ab installer\engine.exe installer\PowerToysSetup\$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}\${{parameters.installerPrefix}}-${{ parameters.versionNumber }}-$(BuildPlatform).exe -o installer\PowerToysSetup\$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}\${{parameters.installerPrefix}}-${{ parameters.versionNumber }}-$(BuildPlatform).exe'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3 - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: Sign Bootstrapper displayName: Sign Bootstrapper
inputs: inputs:
ConnectedServiceName: "Terminal/Console/WinAppDriver Team Code Signing Connection" ${{ insert }}: ${{ parameters.signingParameters }}
FolderPath: 'installer/PowerToysSetup/$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}' FolderPath: 'installer/PowerToysSetup/$(BuildPlatform)\$(BuildConfiguration)\${{parameters.buildSubDir}}'
signType: batchSigning signType: batchSigning
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_installer.json' batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_installer.json'

31
.pipelines/release.yml
View File

@@ -23,6 +23,15 @@ parameters:
- name: versionNumber - name: versionNumber
type: string type: string
default: '0.0.1' default: '0.0.1'
- name: signingParameters
type: object
default:
ConnectedServiceName: $(SigningServiceName)
AppRegistrationClientId: $(SigningAppId)
AppRegistrationTenantId: $(SigningTenantId)
AuthAKVName: $(SigningAKVName)
AuthCertName: $(SigningAuthCertName)
AuthSignCertName: $(SigningSignCertName)
extends: extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
@@ -164,10 +173,10 @@ extends:
maximumCpuCount: true maximumCpuCount: true
### BEGIN SECTION - build and sign nuget packages for abstracted UI utils ### BEGIN SECTION - build and sign nuget packages for abstracted UI utils
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3 - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: Sign Utilities libraries displayName: Sign Utilities libraries
inputs: inputs:
ConnectedServiceName: 'Terminal/Console/WinAppDriver Team Code Signing Connection' ${{ insert }}: ${{ parameters.signingParameters }}
FolderPath: 'src/modules' FolderPath: 'src/modules'
signType: batchSigning signType: batchSigning
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_abstracted_utils_dll.json' batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_abstracted_utils_dll.json'
@@ -207,10 +216,10 @@ extends:
flattenFolders: True flattenFolders: True
targetFolder: $(Build.ArtifactStagingDirectory)/nupkg targetFolder: $(Build.ArtifactStagingDirectory)/nupkg
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3 - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: Submit *.nupkg to ESRP for code signing displayName: Submit *.nupkg to ESRP for code signing
inputs: inputs:
ConnectedServiceName: 'Terminal/Console/WinAppDriver Team Code Signing Connection' ${{ insert }}: ${{ parameters.signingParameters }}
FolderPath: $(Build.ArtifactStagingDirectory)/nupkg FolderPath: $(Build.ArtifactStagingDirectory)/nupkg
Pattern: '*.nupkg' Pattern: '*.nupkg'
UseMinimatch: true UseMinimatch: true
@@ -412,28 +421,28 @@ extends:
# reference https://dev.azure.com/microsoft/Dart/_git/AppDriver?path=/ESRPSigning.json&version=GBarm64-netcore&_a=contents for winappdriver # reference https://dev.azure.com/microsoft/Dart/_git/AppDriver?path=/ESRPSigning.json&version=GBarm64-netcore&_a=contents for winappdriver
# https://dev.azure.com/microsoft/Dart/_git/AppDriver?path=/CIPolicy.xml&version=GBarm64-netcore&_a=contents # https://dev.azure.com/microsoft/Dart/_git/AppDriver?path=/CIPolicy.xml&version=GBarm64-netcore&_a=contents
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3 - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: Sign Core PT displayName: Sign Core PT
inputs: inputs:
ConnectedServiceName: 'Terminal/Console/WinAppDriver Team Code Signing Connection' ${{ insert }}: ${{ parameters.signingParameters }}
FolderPath: '$(BuildPlatform)/$(BuildConfiguration)' # Video conf uses x86 and x64. FolderPath: '$(BuildPlatform)/$(BuildConfiguration)' # Video conf uses x86 and x64.
signType: batchSigning signType: batchSigning
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_core.json' batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_core.json'
ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml' ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3 - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: Sign DSC Powershell files displayName: Sign DSC Powershell files
inputs: inputs:
ConnectedServiceName: 'Terminal/Console/WinAppDriver Team Code Signing Connection' ${{ insert }}: ${{ parameters.signingParameters }}
FolderPath: 'src/dsc/Microsoft.PowerToys.Configure' FolderPath: 'src/dsc/Microsoft.PowerToys.Configure'
signType: batchSigning signType: batchSigning
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_DSC.json' batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_DSC.json'
ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml' ciPolicyFile: '$(build.sourcesdirectory)\.pipelines\CIPolicy.xml'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@3 - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: Sign x86 directshow VCM displayName: Sign x86 directshow VCM
inputs: inputs:
ConnectedServiceName: 'Terminal/Console/WinAppDriver Team Code Signing Connection' ${{ insert }}: ${{ parameters.signingParameters }}
FolderPath: 'x86/$(BuildConfiguration)' # Video conf uses x86 and x64. FolderPath: 'x86/$(BuildConfiguration)' # Video conf uses x86 and x64.
signType: batchSigning signType: batchSigning
batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_vcm.json' batchSignPolicyFile: '$(build.sourcesdirectory)\.pipelines\ESRPSigning_vcm.json'
@@ -477,6 +486,7 @@ extends:
- template: .pipelines/installer-steps.yml@self - template: .pipelines/installer-steps.yml@self
parameters: parameters:
signingParameters: ${{ parameters.signingParameters }}
versionNumber: ${{ parameters.versionNumber }} versionNumber: ${{ parameters.versionNumber }}
perUserArg: "false" perUserArg: "false"
buildSubDir: "MachineSetup" buildSubDir: "MachineSetup"
@@ -491,6 +501,7 @@ extends:
- template: .pipelines/installer-steps.yml@self - template: .pipelines/installer-steps.yml@self
parameters: parameters:
signingParameters: ${{ parameters.signingParameters }}
versionNumber: ${{ parameters.versionNumber }} versionNumber: ${{ parameters.versionNumber }}
perUserArg: "true" perUserArg: "true"
buildSubDir: "UserSetup" buildSubDir: "UserSetup"