diff --git a/EsrpSign.yml b/EsrpSign.yml index 10699b7..3cf7eed 100644 --- a/EsrpSign.yml +++ b/EsrpSign.yml @@ -47,6 +47,11 @@ steps: { throw "Only one of useCustomEsrpJson and certificateId must be set!" } + + $vstsCommandString = "vso[task.setvariable variable=ESRP_TEMPLATE_CERT_ID]${{ parameters.certificateId }}" + Write-Verbose -Message ("sending " + $vstsCommandString) -Verbose + Write-Host "##$vstsCommandString" + displayName: ${{ parameters.displayName }} - Log parameters - pwsh: | @@ -65,72 +70,65 @@ steps: Write-Host "##$vstsCommandString" displayName: ${{ parameters.displayName }} - Set ESRP_TEMPLATE_SHOULD_SIGN -- ${{ if eq(parameters.certificateId , 'CP-230012') }}: - - template: template-compliance/authenticode-sign.yml - parameters: - buildOutputPath: ${{ parameters.buildOutputPath }} - signOutputPath: ${{ parameters.signOutputPath }} - pattern: ${{ parameters.pattern }} - certificateId: ${{ parameters.certificateId }} - verifySignature: ${{ parameters.verifySignature }} - pageHash: ${{ parameters.pageHash }} - displayName: ${{ parameters.displayName }} - -- ${{ if eq(parameters.certificateId , 'CP-460906') }}: - - template: template-compliance/authenticode-sign.yml - parameters: - buildOutputPath: ${{ parameters.buildOutputPath }} - signOutputPath: ${{ parameters.signOutputPath }} - pattern: ${{ parameters.pattern }} - certificateId: ${{ parameters.certificateId }} - verifySignature: ${{ parameters.verifySignature }} - pageHash: ${{ parameters.pageHash }} - displayName: ${{ parameters.displayName }} - -- ${{ if eq(parameters.certificateId , 'CP-231522') }}: - - template: template-compliance/authenticode-sign.yml - parameters: - buildOutputPath: ${{ parameters.buildOutputPath }} - signOutputPath: ${{ parameters.signOutputPath }} - pattern: ${{ parameters.pattern }} - certificateId: ${{ parameters.certificateId }} - verifySignature: ${{ parameters.verifySignature }} - pageHash: ${{ parameters.pageHash }} - displayName: ${{ parameters.displayName }} - -- ${{ if eq(parameters.certificateId, 'CP-401405') }}: - - template: template-compliance/nuget-sign.yml - parameters: - buildOutputPath: ${{ parameters.buildOutputPath }} - signOutputPath: ${{ parameters.signOutputPath }} - pattern: ${{ parameters.pattern }} - certificateId: ${{ parameters.certificateId }} - verifySignature: ${{ parameters.verifySignature }} - displayName: ${{ parameters.displayName }} - -- ${{ if or(eq(parameters.certificateId, 'CP-450779-Pgp'),eq(parameters.certificateId, 'CP-450778-Pgp')) }}: - - template: template-compliance/pgp-sign.yml - parameters: - signOutputPath: ${{ parameters.signOutputPath }} - pattern: ${{ parameters.pattern }} - certificateId: ${{ parameters.certificateId }} - displayName: ${{ parameters.displayName }} - -- ${{ if eq(parameters.certificateId, 'CP-401337-Apple') }}: - - template: template-compliance/macOS-sign.yml - parameters: - signOutputPath: ${{ parameters.signOutputPath }} - pattern: ${{ parameters.pattern }} - certificateId: ${{ parameters.certificateId }} - displayName: ${{ parameters.displayName }} - -- ${{ if eq(parameters.certificateId, 'CP-233863-SN') }}: - - template: template-compliance/strongname-sign.yml - parameters: - signOutputPath: ${{ parameters.signOutputPath }} - pattern: ${{ parameters.pattern }} - certificateId: ${{ parameters.certificateId }} - displayName: ${{ parameters.displayName }} +- template: template-compliance/authenticode-sign.yml + parameters: + buildOutputPath: ${{ parameters.buildOutputPath }} + signOutputPath: ${{ parameters.signOutputPath }} + pattern: ${{ parameters.pattern }} + certificateId: ${{ parameters.certificateId }} + verifySignature: ${{ parameters.verifySignature }} + pageHash: ${{ parameters.pageHash }} + displayName: ${{ parameters.displayName }} + +- template: template-compliance/authenticode-sign.yml + parameters: + buildOutputPath: ${{ parameters.buildOutputPath }} + signOutputPath: ${{ parameters.signOutputPath }} + pattern: ${{ parameters.pattern }} + certificateId: ${{ parameters.certificateId }} + verifySignature: ${{ parameters.verifySignature }} + pageHash: ${{ parameters.pageHash }} + displayName: ${{ parameters.displayName }} + +- template: template-compliance/authenticode-sign.yml + parameters: + buildOutputPath: ${{ parameters.buildOutputPath }} + signOutputPath: ${{ parameters.signOutputPath }} + pattern: ${{ parameters.pattern }} + certificateId: ${{ parameters.certificateId }} + verifySignature: ${{ parameters.verifySignature }} + pageHash: ${{ parameters.pageHash }} + displayName: ${{ parameters.displayName }} + +- template: template-compliance/nuget-sign.yml + parameters: + buildOutputPath: ${{ parameters.buildOutputPath }} + signOutputPath: ${{ parameters.signOutputPath }} + pattern: ${{ parameters.pattern }} + certificateId: ${{ parameters.certificateId }} + verifySignature: ${{ parameters.verifySignature }} + displayName: ${{ parameters.displayName }} + +- template: template-compliance/pgp-sign.yml + parameters: + signOutputPath: ${{ parameters.signOutputPath }} + pattern: ${{ parameters.pattern }} + certificateId: ${{ parameters.certificateId }} + displayName: ${{ parameters.displayName }} + +- template: template-compliance/macOS-sign.yml + parameters: + signOutputPath: ${{ parameters.signOutputPath }} + pattern: ${{ parameters.pattern }} + certificateId: ${{ parameters.certificateId }} + displayName: ${{ parameters.displayName }} + +- template: template-compliance/strongname-sign.yml + parameters: + signOutputPath: ${{ parameters.signOutputPath }} + pattern: ${{ parameters.pattern }} + certificateId: ${{ parameters.certificateId }} + displayName: ${{ parameters.displayName }} - ${{ if eq(parameters.useCustomEsrpJson, 'true') }}: - template: template-compliance/custom-sign.yml diff --git a/template-compliance/authenticode-sign.yml b/template-compliance/authenticode-sign.yml index 30b2cd3..b9ccea5 100644 --- a/template-compliance/authenticode-sign.yml +++ b/template-compliance/authenticode-sign.yml @@ -68,4 +68,4 @@ steps: Write-Verbose -Message ("sending " + $vstsCommandString) -Verbose Write-Host "##$vstsCommandString" displayName: ${{ parameters.displayName }} - Generate Authenticode signing JSON - condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True')) + condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True'), or( eq(variables['ESRP_TEMPLATE_CERT_ID'], 'CP-230012'), eq(variables['ESRP_TEMPLATE_CERT_ID'], 'CP-460906'), eq(variables['ESRP_TEMPLATE_CERT_ID'], 'CP-231522') )) diff --git a/template-compliance/macOS-sign.yml b/template-compliance/macOS-sign.yml index 43c3184..177cb10 100644 --- a/template-compliance/macOS-sign.yml +++ b/template-compliance/macOS-sign.yml @@ -34,4 +34,4 @@ steps: Write-Verbose -Message ("sending " + $vstsCommandString) -Verbose Write-Host "##$vstsCommandString" displayName: ${{ parameters.displayName }} - Generate PGP signing JSON - condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True')) + condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True'), eq(variables['ESRP_TEMPLATE_CERT_ID'], 'CP-401337-Apple')) diff --git a/template-compliance/nuget-sign.yml b/template-compliance/nuget-sign.yml index 17e45eb..2d7cb37 100644 --- a/template-compliance/nuget-sign.yml +++ b/template-compliance/nuget-sign.yml @@ -50,4 +50,4 @@ steps: Write-Verbose -Message ("sending " + $vstsCommandString) -Verbose Write-Host "##$vstsCommandString" displayName: ${{ parameters.displayName }} - Generate NuGet signing JSON - condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True')) + condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True'), eq(variables['ESRP_TEMPLATE_CERT_ID'], 'CP-401405')) diff --git a/template-compliance/pgp-sign.yml b/template-compliance/pgp-sign.yml index c4c3101..9b98e08 100644 --- a/template-compliance/pgp-sign.yml +++ b/template-compliance/pgp-sign.yml @@ -34,4 +34,4 @@ steps: Write-Verbose -Message ("sending " + $vstsCommandString) -Verbose Write-Host "##$vstsCommandString" displayName: ${{ parameters.displayName }} - Generate PGP signing JSON - condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True')) + condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True'), or(eq(variables['ESRP_TEMPLATE_CERT_ID'], 'CP-450779-Pgp'),eq(variables['ESRP_TEMPLATE_CERT_ID'], 'CP-450778-Pgp'))) diff --git a/template-compliance/strongname-sign.yml b/template-compliance/strongname-sign.yml index 34b997d..d732a1b 100644 --- a/template-compliance/strongname-sign.yml +++ b/template-compliance/strongname-sign.yml @@ -56,4 +56,4 @@ steps: Write-Verbose -Message ("sending " + $vstsCommandString) -Verbose Write-Host "##$vstsCommandString" displayName: ${{ parameters.displayName }} - Generate Strong Name signing JSON - condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True')) + condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True'), eq(variables['ESRP_TEMPLATE_CERT_ID'], 'CP-233863-SN'))