Make conditions for template selection evaluated at runtime

EsrpSign.yml

@@ -47,6 +47,11 @@ steps:
     {
       throw "Only one of useCustomEsrpJson and certificateId must be set!"
     }
+
+    $vstsCommandString = "vso[task.setvariable variable=ESRP_TEMPLATE_CERT_ID]${{ parameters.certificateId }}"
+    Write-Verbose -Message ("sending " + $vstsCommandString) -Verbose
+    Write-Host "##$vstsCommandString"
+
   displayName: ${{ parameters.displayName }} - Log parameters
 
 - pwsh: |
@@ -65,72 +70,65 @@ steps:
     Write-Host "##$vstsCommandString"
   displayName: ${{ parameters.displayName }} - Set ESRP_TEMPLATE_SHOULD_SIGN
 
-- ${{ if eq(parameters.certificateId , 'CP-230012') }}:
-  - template: template-compliance/authenticode-sign.yml
-    parameters:
-      buildOutputPath: ${{ parameters.buildOutputPath }}
-      signOutputPath: ${{ parameters.signOutputPath }}
-      pattern: ${{ parameters.pattern }}
-      certificateId: ${{ parameters.certificateId }}
-      verifySignature: ${{ parameters.verifySignature }}
-      pageHash: ${{ parameters.pageHash }}
-      displayName: ${{ parameters.displayName }}
-
-- ${{ if eq(parameters.certificateId , 'CP-460906') }}:
-  - template: template-compliance/authenticode-sign.yml
-    parameters:
-      buildOutputPath: ${{ parameters.buildOutputPath }}
-      signOutputPath: ${{ parameters.signOutputPath }}
-      pattern: ${{ parameters.pattern }}
-      certificateId: ${{ parameters.certificateId }}
-      verifySignature: ${{ parameters.verifySignature }}
-      pageHash: ${{ parameters.pageHash }}
-      displayName: ${{ parameters.displayName }}
-
-- ${{ if eq(parameters.certificateId , 'CP-231522') }}:
-  - template: template-compliance/authenticode-sign.yml
-    parameters:
-      buildOutputPath: ${{ parameters.buildOutputPath }}
-      signOutputPath: ${{ parameters.signOutputPath }}
-      pattern: ${{ parameters.pattern }}
-      certificateId: ${{ parameters.certificateId }}
-      verifySignature: ${{ parameters.verifySignature }}
-      pageHash: ${{ parameters.pageHash }}
-      displayName: ${{ parameters.displayName }}
-
-- ${{ if eq(parameters.certificateId, 'CP-401405') }}:
-  - template: template-compliance/nuget-sign.yml
-    parameters:
-      buildOutputPath: ${{ parameters.buildOutputPath }}
-      signOutputPath: ${{ parameters.signOutputPath }}
-      pattern: ${{ parameters.pattern }}
-      certificateId: ${{ parameters.certificateId }}
-      verifySignature: ${{ parameters.verifySignature }}
-      displayName: ${{ parameters.displayName }}
-
-- ${{ if or(eq(parameters.certificateId, 'CP-450779-Pgp'),eq(parameters.certificateId, 'CP-450778-Pgp')) }}:
-  - template: template-compliance/pgp-sign.yml
-    parameters:
-      signOutputPath: ${{ parameters.signOutputPath }}
-      pattern: ${{ parameters.pattern }}
-      certificateId: ${{ parameters.certificateId }}
-      displayName: ${{ parameters.displayName }}
-
-- ${{ if eq(parameters.certificateId, 'CP-401337-Apple') }}:
-  - template: template-compliance/macOS-sign.yml
-    parameters:
-      signOutputPath: ${{ parameters.signOutputPath }}
-      pattern: ${{ parameters.pattern }}
-      certificateId: ${{ parameters.certificateId }}
-      displayName: ${{ parameters.displayName }}
-
-- ${{ if eq(parameters.certificateId, 'CP-233863-SN') }}:
-  - template: template-compliance/strongname-sign.yml
-    parameters:
-      signOutputPath: ${{ parameters.signOutputPath }}
-      pattern: ${{ parameters.pattern }}
-      certificateId: ${{ parameters.certificateId }}
-      displayName: ${{ parameters.displayName }}
+- template: template-compliance/authenticode-sign.yml
+  parameters:
+    buildOutputPath: ${{ parameters.buildOutputPath }}
+    signOutputPath: ${{ parameters.signOutputPath }}
+    pattern: ${{ parameters.pattern }}
+    certificateId: ${{ parameters.certificateId }}
+    verifySignature: ${{ parameters.verifySignature }}
+    pageHash: ${{ parameters.pageHash }}
+    displayName: ${{ parameters.displayName }}
+
+- template: template-compliance/authenticode-sign.yml
+  parameters:
+    buildOutputPath: ${{ parameters.buildOutputPath }}
+    signOutputPath: ${{ parameters.signOutputPath }}
+    pattern: ${{ parameters.pattern }}
+    certificateId: ${{ parameters.certificateId }}
+    verifySignature: ${{ parameters.verifySignature }}
+    pageHash: ${{ parameters.pageHash }}
+    displayName: ${{ parameters.displayName }}
+
+- template: template-compliance/authenticode-sign.yml
+  parameters:
+    buildOutputPath: ${{ parameters.buildOutputPath }}
+    signOutputPath: ${{ parameters.signOutputPath }}
+    pattern: ${{ parameters.pattern }}
+    certificateId: ${{ parameters.certificateId }}
+    verifySignature: ${{ parameters.verifySignature }}
+    pageHash: ${{ parameters.pageHash }}
+    displayName: ${{ parameters.displayName }}
+
+- template: template-compliance/nuget-sign.yml
+  parameters:
+    buildOutputPath: ${{ parameters.buildOutputPath }}
+    signOutputPath: ${{ parameters.signOutputPath }}
+    pattern: ${{ parameters.pattern }}
+    certificateId: ${{ parameters.certificateId }}
+    verifySignature: ${{ parameters.verifySignature }}
+    displayName: ${{ parameters.displayName }}
+
+- template: template-compliance/pgp-sign.yml
+  parameters:
+    signOutputPath: ${{ parameters.signOutputPath }}
+    pattern: ${{ parameters.pattern }}
+    certificateId: ${{ parameters.certificateId }}
+    displayName: ${{ parameters.displayName }}
+
+- template: template-compliance/macOS-sign.yml
+  parameters:
+    signOutputPath: ${{ parameters.signOutputPath }}
+    pattern: ${{ parameters.pattern }}
+    certificateId: ${{ parameters.certificateId }}
+    displayName: ${{ parameters.displayName }}
+
+- template: template-compliance/strongname-sign.yml
+  parameters:
+    signOutputPath: ${{ parameters.signOutputPath }}
+    pattern: ${{ parameters.pattern }}
+    certificateId: ${{ parameters.certificateId }}
+    displayName: ${{ parameters.displayName }}
 
 - ${{ if eq(parameters.useCustomEsrpJson, 'true') }}:
   - template: template-compliance/custom-sign.yml

template-compliance/authenticode-sign.yml

@@ -68,4 +68,4 @@ steps:
     Write-Verbose -Message ("sending " + $vstsCommandString) -Verbose
     Write-Host "##$vstsCommandString"
   displayName: ${{ parameters.displayName }} - Generate Authenticode signing JSON
-  condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True'))
+  condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True'), or( eq(variables['ESRP_TEMPLATE_CERT_ID'], 'CP-230012'), eq(variables['ESRP_TEMPLATE_CERT_ID'], 'CP-460906'), eq(variables['ESRP_TEMPLATE_CERT_ID'], 'CP-231522') ))

template-compliance/macOS-sign.yml

@@ -34,4 +34,4 @@ steps:
     Write-Verbose -Message ("sending " + $vstsCommandString) -Verbose
     Write-Host "##$vstsCommandString"
   displayName: ${{ parameters.displayName }} - Generate PGP signing JSON
-  condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True'))
+  condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True'), eq(variables['ESRP_TEMPLATE_CERT_ID'], 'CP-401337-Apple'))

template-compliance/nuget-sign.yml

@@ -50,4 +50,4 @@ steps:
     Write-Verbose -Message ("sending " + $vstsCommandString) -Verbose
     Write-Host "##$vstsCommandString"
   displayName: ${{ parameters.displayName }} - Generate NuGet signing JSON
-  condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True'))
+  condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True'), eq(variables['ESRP_TEMPLATE_CERT_ID'], 'CP-401405'))

template-compliance/pgp-sign.yml

@@ -34,4 +34,4 @@ steps:
     Write-Verbose -Message ("sending " + $vstsCommandString) -Verbose
     Write-Host "##$vstsCommandString"
   displayName: ${{ parameters.displayName }} - Generate PGP signing JSON
-  condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True'))
+  condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True'), or(eq(variables['ESRP_TEMPLATE_CERT_ID'], 'CP-450779-Pgp'),eq(variables['ESRP_TEMPLATE_CERT_ID'], 'CP-450778-Pgp')))

template-compliance/strongname-sign.yml

@@ -56,4 +56,4 @@ steps:
     Write-Verbose -Message ("sending " + $vstsCommandString) -Verbose
     Write-Host "##$vstsCommandString"
   displayName: ${{ parameters.displayName }} - Generate Strong Name signing JSON
-  condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True'))
+  condition: and(succeeded(), eq(variables['ESRP_TEMPLATE_SHOULD_SIGN'], 'True'), eq(variables['ESRP_TEMPLATE_CERT_ID'], 'CP-233863-SN'))