From 634b4ba663e6c4a6cffce4f53eda9bd7d391df28 Mon Sep 17 00:00:00 2001 From: Andrew Omondi Date: Thu, 8 Aug 2024 12:08:30 +0300 Subject: [PATCH 1/2] ci: upgrades esrp sign tasks --- pipelines/ci-build.yml | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/pipelines/ci-build.yml b/pipelines/ci-build.yml index a2b9395f327..2d94d82616b 100644 --- a/pipelines/ci-build.yml +++ b/pipelines/ci-build.yml @@ -118,10 +118,15 @@ extends: arguments: '-packageName "Microsoft.Graph.Beta" -projectPath "$(Build.SourcesDirectory)\src\Microsoft.Graph\Microsoft.Graph.Beta.csproj"' pwsh: true enabled: true - - task: EsrpCodeSigning@3 + - task: EsrpCodeSigning@5 displayName: 'ESRP DLL Strong Name (Microsoft.Graph.Beta)' inputs: - ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)' + ConnectedServiceName: 'Federated DevX ESRP Managed Identity Connection' + AppRegistrationClientId: '65035b7f-7357-4f29-bf25-c5ee5c3949f8' + AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2' + AuthAKVName: 'akv-prod-eastus' + AuthCertName: 'ReferenceLibraryPrivateCert' + AuthSignCertName: 'ReferencePackagePublisherCertificate' FolderPath: src/Microsoft.Graph/bin/release Pattern: Microsoft.Graph.Beta.dll signConfigType: inlineSignParams @@ -143,10 +148,18 @@ extends: } ] SessionTimeout: 20 - - task: EsrpCodeSigning@3 + MaxConcurrency: 50 + MaxRetryAttempts: 5 + PendingAnalysisWaitTimeoutMinutes: 5 + - task: EsrpCodeSigning@5 displayName: 'ESRP DLL CodeSigning (Microsoft.Graph.Beta)' inputs: - ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)' + ConnectedServiceName: 'Federated DevX ESRP Managed Identity Connection' + AppRegistrationClientId: '65035b7f-7357-4f29-bf25-c5ee5c3949f8' + AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2' + AuthAKVName: 'akv-prod-eastus' + AuthCertName: 'ReferenceLibraryPrivateCert' + AuthSignCertName: 'ReferencePackagePublisherCertificate' FolderPath: src/Microsoft.Graph/bin/release Pattern: Microsoft.Graph.Beta.dll signConfigType: inlineSignParams @@ -189,16 +202,24 @@ extends: } ] SessionTimeout: 20 + MaxConcurrency: 50 + MaxRetryAttempts: 5 + PendingAnalysisWaitTimeoutMinutes: 5 # arguments are not parsed in DotNetCoreCLI@2 task for `pack` command, that's why we have a custom pack command here - powershell: | dotnet pack $env:BUILD_SOURCESDIRECTORY/src/Microsoft.Graph/Microsoft.Graph.Beta.csproj /p:IncludeSymbols=true /p:SymbolPackageFormat=snupkg --no-build --output $env:BUILD_ARTIFACTSTAGINGDIRECTORY --configuration $env:BUILD_CONFIGURATION env: BUILD_CONFIGURATION: $(BuildConfiguration) displayName: 'dotnet pack' - - task: EsrpCodeSigning@3 + - task: EsrpCodeSigning@5 displayName: 'ESRP NuGet CodeSigning' inputs: - ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)' + ConnectedServiceName: 'Federated DevX ESRP Managed Identity Connection' + AppRegistrationClientId: '65035b7f-7357-4f29-bf25-c5ee5c3949f8' + AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2' + AuthAKVName: 'akv-prod-eastus' + AuthCertName: 'ReferenceLibraryPrivateCert' + AuthSignCertName: 'ReferencePackagePublisherCertificate' FolderPath: '$(Build.ArtifactStagingDirectory)' Pattern: '*nupkg' signConfigType: inlineSignParams @@ -220,6 +241,9 @@ extends: } ] SessionTimeout: 20 + MaxConcurrency: 50 + MaxRetryAttempts: 5 + PendingAnalysisWaitTimeoutMinutes: 5 - task: CopyFiles@2 displayName: 'Copy release scripts to artifact staging directory' inputs: From 5ad066c5dd534b4a0dc2452b42267992365e75e6 Mon Sep 17 00:00:00 2001 From: Andrew Omondi Date: Wed, 14 Aug 2024 11:31:26 +0300 Subject: [PATCH 2/2] validate version on main branch --- pipelines/ci-build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/pipelines/ci-build.yml b/pipelines/ci-build.yml index 2d94d82616b..a76420a81fe 100644 --- a/pipelines/ci-build.yml +++ b/pipelines/ci-build.yml @@ -112,6 +112,7 @@ extends: arguments: '--configuration $(BuildConfiguration) --no-build --verbosity normal' - task: PowerShell@2 displayName: 'Validate updated version' + condition: and(contains(variables['build.sourceBranch'], 'refs/heads/master'), succeeded()) inputs: targetType: filePath filePath: '$(Build.SourcesDirectory)\scripts\ValidateUpdatedNugetVersion.ps1'