-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build: switch to ESRP v5, which supports managed identities #17134
Conversation
This required me to push a bunch more parameters through the build pipeline, but it gave me the opportunity to define them as variables that can be set at queue time.
This comment has been minimized.
This comment has been minimized.
This comment was marked as resolved.
This comment was marked as resolved.
@@ -27,6 +27,9 @@ parameters: | |||
- name: publishArtifacts | |||
type: boolean | |||
default: true | |||
- name: signingIdentity |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
heck at this rate, we should almost have a do-codesign.yml
template that takes one of these signingIdentity
objects we're passing around
ConnectedServiceName: ${{ parameters.signingIdentity.serviceName }} | ||
AppRegistrationClientId: ${{ parameters.signingIdentity.appId }} | ||
AppRegistrationTenantId: ${{ parameters.signingIdentity.tenantId }} | ||
AuthAKVName: ${{ parameters.signingIdentity.akvName }} | ||
AuthCertName: ${{ parameters.signingIdentity.authCertName }} | ||
AuthSignCertName: ${{ parameters.signingIdentity.signCertName }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After googling a bit, I wonder if you can do
inputs:
${{ each var in parameters.signingIdentity }}:
${{var.name}}: ${{ var.value }}
FolderPath: $(Build.ArtifactStagingDirectory)/nupkg
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably, yeah. I'm going to reach for something more like Mike's recommendation though - and maybe do both of these at the same time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wait that sounds like a way to leak secrets. Like, if we add params, forget that we did this, and now we're passing all sorts of stuff to esrp that it wasn't expecting
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This required me to push a bunch more parameters through the build pipeline, but it gave me the opportunity to define them as variables that can be set at queue time. (cherry picked from commit 2f52f27) Service-Card-Id: 92577964 Service-Version: 1.20
This required me to push a bunch more parameters through the build pipeline, but it gave me the opportunity to define them as variables that can be set at queue time.