Merge pull request #133 from fiskaltrust/add-code-signing

Sign launcher executables
fiskaltrust · Nov 10, 2023 · 975fdec · 975fdec
2 parents 45ea3d2 + 8513c05
commit 975fdec
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 4 deletions.
diff --git a/azure-pipelines/fiskaltrust.Launcher.yml b/azure-pipelines/fiskaltrust.Launcher.yml
@@ -6,7 +6,9 @@ trigger:
       - refs/tags/*
 
 variables:
-  branch: $(Build.SourceBranch)
+  - name: branch
+    value: $(Build.SourceBranch)
+  - group: "Code Signing Certificates"
 
 stages:
   - template: templates/stages/test.yml

diff --git a/azure-pipelines/templates/deb/build.yml b/azure-pipelines/templates/deb/build.yml
@@ -28,6 +28,18 @@ stages:
         dotnet publish ./src/fiskaltrust.Launcher/fiskaltrust.Launcher.csproj -c Release -o $(Pipeline.Workspace)/drop-$(target) -r $(target) -f net6.0 --self-contained true /p:SelfUpdate='false' /p:EnableCompressionInSingleFile=true /p:DebugType=None /p:DebugSymbols=false /p:GenerateRuntimeConfigurationFiles=false -p:PublishSingleFile=true -p:PublishReadyToRun=true
       displayName: Publish
 
+    - task: codesigning@2
+      displayName: 'Code Signing'
+      inputs:
+        secureFileId: 'codesigning.pfx'
+        signCertPassword: '$(Code_Signing_Password)'
+        filePaths: |
+          $(Build.ArtifactStagingDirectory)/**/*fiskaltrust*
+          ./src/**/*fiskaltrust*.dll
+          ./src/**/fiskaltrust.Launcher.dll
+          ./src/**/fiskaltrust.Launcher
+          ./src/**/fiskaltrust.LauncherUpdater
+
     - pwsh: |
         $meta = Get-Content ./meta.json -Encoding UTF8 | ConvertFrom-Json
         $arch = $meta.deb.architectures."$(target)"

diff --git a/azure-pipelines/templates/stages/build.yml b/azure-pipelines/templates/stages/build.yml
@@ -47,8 +47,24 @@ stages:
       - pwsh: |
           mv ./Directory.build.props ./Directory.Build.props
           dotnet publish ./src/${{ project }}/${{ project }}.csproj -c ${{ parameters.config }} -o $(Build.ArtifactStagingDirectory)/drop-$(target) -r $(target) -f net6.0 --self-contained true /p:EnableCompressionInSingleFile=true /p:DebugType=None /p:DebugSymbols=false /p:GenerateRuntimeConfigurationFiles=false -p:PublishSingleFile=true -p:PublishReadyToRun=true
-        displayName: Publish
-
+        displayName: "[${{ project }}] Publish"
+
+
+    - task: codesigning@2
+      displayName: 'Code Signing'
+      inputs:
+        secureFileId: 'codesigning.pfx'
+        signCertPassword: '$(Code_Signing_Password)'
+        filePaths: |
+          $(Build.ArtifactStagingDirectory)/**/*fiskaltrust*
+          ./src/**/*fiskaltrust*.exe
+          ./src/**/*fiskaltrust*.dll
+          ./src/**/fiskaltrust.Launcher.dll
+          ./src/**/fiskaltrust.Launcher
+          ./src/**/fiskaltrust.Launcher.exe
+          ./src/**/fiskaltrust.LauncherUpdater
+          ./src/**/fiskaltrust.LauncherUpdater.exe
+          
     - publish: $(Build.ArtifactStagingDirectory)/drop-$(target)
       artifact: drop-$(target)
 
@@ -60,7 +76,7 @@ stages:
     - ${{ each project in parameters.projects }}:
       - pwsh: |
           Move-Item -Path $(Build.ArtifactStagingDirectory)/drop-$(target)/${{ project }}* -Destination $(Build.ArtifactStagingDirectory)/raw-$(target)/
-        displayName: Copy executables
+        displayName: "[${{ project }}] Copy executables"
         
 
     - pwsh: |