-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Expand file tree
/
Copy pathpreview.yml
More file actions
149 lines (148 loc) · 5.88 KB
/
Copy pathpreview.yml
File metadata and controls
149 lines (148 loc) · 5.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
#
# Build preview packages for internal feed
#
parameters:
- name: upload
type: string
default: False
values:
- False
- True
- name: config
type: string
default: Release
values:
- Debug
- Release
jobs:
- job: nuget${{parameters.config}}
displayName: Pack Nugets ${{parameters.config}}
pool:
vmImage: 'windows-2025-vs2026'
variables:
- group: codesign
- name: msbuildversion
value: '/p:Version=$(NBGV_Version) /p:AssemblyVersion=$(NBGV_SimpleVersion) /p:FileVersion=$(NBGV_AssemblyFileVersion)'
- name: msbuildsign
value: '/p:AssemblyOriginatorKeyFile=$(strongnamefile.secureFilePath) /p:SignAssembly=true'
- name: nugetpreviewversion
value: '$(NBGV_NuGetPackageVersion)'
- name: nugetpublicversion
value: '$(NBGV_Version)$(NBGV_PrereleaseVersion)'
- name: signinglist
value: '.azurepipelines/signlist${{parameters.config}}.txt'
steps:
- task: UseDotNet@2
displayName: 'Install .NET 10.0'
inputs:
packageType: 'sdk'
version: '10.0.x'
includePreviewVersions: false
- task: DownloadSecureFile@1
name: strongnamefile
displayName: 'Download Strong Name Key'
inputs:
secureFile: 'OPCFoundation.NetStandard.Key.snk'
- task: DotNetCoreCLI@2
inputs:
command: 'custom'
custom: 'tool'
arguments: 'install --version 3.0.0 --tool-path . azuresigntool'
displayName: Install AzureSignTool
- task: DotNetCoreCLI@2
inputs:
command: 'custom'
custom: 'tool'
arguments: 'install --version 3.0.45 --tool-path . NuGetKeyVaultSignTool'
displayName: Install NuGetKeyVaultSignTool
- task: NuGetToolInstaller@1
inputs:
versionSpec: '>=7.0.x'
- task: PowerShell@2
displayName: Versioning
inputs:
targetType: filePath
filePath: ./.azurepipelines/set-version.ps1
- task: DotNetCoreCLI@2
displayName: Restore ${{parameters.config}}
inputs:
command: restore
projects: 'UA Core Library.slnx'
arguments: '--configuration ${{parameters.config}}'
restoreArguments: '--disable-parallel'
- task: DotNetCoreCLI@2
displayName: Build ${{parameters.config}}
inputs:
command: build
projects: 'UA Core Library.slnx'
arguments: '--no-incremental --configuration ${{parameters.config}} ${{ variables.msbuildversion }} ${{ variables.msbuildsign }}'
- task: CmdLine@2
displayName: 'List of assemblies to sign'
inputs:
script: |
dir /b /s Stack\Opc.Ua*.dll > .\list.txt
dir /b /s Tools\Opc.Ua*.dll >> .\list.txt
dir /b /s Libraries\Opc.Ua*.dll >> .\list.txt
dir /b /s Applications\Opc.Ua.Mcp\bin\Opc.Ua*.dll >> .\list.txt
dir /b /s .azurepipelines\*.* >> .\list.txt
type .\list.txt
- task: CmdLine@2
displayName: 'Sign Assemblies'
condition: ne( variables['SigningClientSecret'], '')
inputs:
script: |
azuresigntool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvt "$(SigningTenantId)" -kvi "$(SigningClientId)" -tr http://timestamp.digicert.com -td sha384 -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v -ifl ${{ variables.signinglist }}
- task: DotNetCoreCLI@2
displayName: Pack Nuget ${{parameters.config}}
inputs:
command: pack
packagesToPack: 'UA Core Library.slnx'
configuration: ${{parameters.config}}
configurationToPack: ${{parameters.config}}
nobuild: true
- task: NuGetCommand@2
displayName: Pack Nuget Legacy Preview
condition: and(succeeded(), and(eq('${{parameters.config}}', 'Release'), ne(variables['NBGV_PublicRelease'], 'True')))
continueOnError: true
inputs:
command: 'pack'
packagesToPack: '**/Opc.*.nuspec'
versioningScheme: 'byEnvVar'
versionEnvVar: 'nugetpreviewversion'
- task: NuGetCommand@2
displayName: Pack Nuget Legacy Public
condition: and(succeeded(), and(eq('${{parameters.config}}', 'Release'), eq(variables['NBGV_PublicRelease'], 'True')))
continueOnError: true
inputs:
command: 'pack'
packagesToPack: '**/Opc.*.nuspec'
versioningScheme: 'byEnvVar'
versionEnvVar: 'nugetpublicversion'
- task: CmdLine@2
displayName: 'List of nuget packages to sign'
inputs:
script: |
dir /b /s $(Build.ArtifactStagingDirectory)\OPCFoundation.*.*nupkg > .\nupkglist.txt
type .\nupkglist.txt
- task: CmdLine@2
displayName: Sign Nuget packages
condition: and(succeeded(), ne( variables['SigningClientSecret'], ''))
continueOnError: true
inputs:
script: |
NuGetKeyVaultSignTool sign $(Build.ArtifactStagingDirectory)/**/OPCFoundation.*.nupkg --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --timestamp-digest sha256 --azure-key-vault-url "$(SigningVaultURL)" --azure-key-vault-client-id "$(SigningClientId)" --azure-key-vault-tenant-id "$(SigningTenantId)" --azure-key-vault-client-secret "$(SigningClientSecret)" --azure-key-vault-certificate "$(SigningCertName)"
NuGetKeyVaultSignTool sign $(Build.ArtifactStagingDirectory)/**/OPCFoundation.*.snupkg --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --timestamp-digest sha256 --azure-key-vault-url "$(SigningVaultURL)" --azure-key-vault-client-id "$(SigningClientId)" --azure-key-vault-tenant-id "$(SigningTenantId)" --azure-key-vault-client-secret "$(SigningClientSecret)" --azure-key-vault-certificate "$(SigningCertName)"
- ${{ if eq(parameters.upload, 'True') }}:
- task: NuGetCommand@2
displayName: Upload Nuget Preview
inputs:
command: 'push'
packagesToPush: '$(Build.ArtifactStagingDirectory)/**/OPCFoundation.*.nupkg'
nuGetFeedType: 'internal'
publishVstsFeed: '$(VSTSFEED)'
allowPackageConflicts: true
- task: PublishPipelineArtifact@1
displayName: 'Publish Artifacts'
inputs:
path: $(Build.ArtifactStagingDirectory)
artifact: 'opcua_${{parameters.config}}_$(NBGV_Version)_$(NBGV_NugetPackageVersion)'