From 43f08e7efbbe9fd5e8f71680d4e9d2d0d2b2655c Mon Sep 17 00:00:00 2001 From: Aasim Khan Date: Wed, 19 Aug 2020 10:43:23 -0700 Subject: [PATCH] Added ESRP task for signing extensions (#11845) * Added esrp task for vsix * added the condition to sign only when needed * Changed dotnet core task name for more context --- .../linux/sql-product-build-linux.yml | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/build/azure-pipelines/linux/sql-product-build-linux.yml b/build/azure-pipelines/linux/sql-product-build-linux.yml index 835c275338..634f455589 100644 --- a/build/azure-pipelines/linux/sql-product-build-linux.yml +++ b/build/azure-pipelines/linux/sql-product-build-linux.yml @@ -159,6 +159,45 @@ steps: yarn gulp vscode-linux-x64-build-rpm displayName: Build Rpm + - task: UseDotNet@2 + displayName: 'Install .NET Core sdk for signing' + inputs: + packageType: sdk + version: 2.1.x + installationPath: $(Agent.ToolsDirectory)/dotnet + + - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 + inputs: + ConnectedServiceName: 'Code Signing' + FolderPath: '$(Build.SourcesDirectory)/.build' + Pattern: 'extensions/*.vsix' + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "keyCode": "CP-233016", + "operationSetCode": "OpcSign", + "parameters": [ + { + "parameterName": "FileDigest", + "parameterValue": "/fd \"SHA256\"" + } + ], + "toolName": "sign", + "toolVersion": "1.0" + }, + { + "keyCode": "CP-233016", + "operationSetCode": "OpcVerify", + "parameters": [], + "toolName": "sign", + "toolVersion": "1.0" + } + ] + SessionTimeout: 120 + displayName: 'Signing Extensions' + condition: and(succeeded(), eq(variables['signed'], true)) + - script: | set -e ./build/azure-pipelines/linux/createDrop.sh