NET-775 Public pipeline: Remove signing

pavel-mikula-sonarsource · sonartech · commit d904f76716c5 · 2024-11-28T16:44:27.000+01:00
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -18,7 +18,6 @@ variables:
   - group: sonar-dotnet-variables
   - group: sonarsource-build-variables
   - group: artifactory_access
-  - group: digicert-keylocker
   # ~https://github.com/SonarSource/re-ci-images/blob/master/docker/mvn/settings-private.xml
   - name: ARTIFACTORY_PRIVATE_USERNAME
     value: $[variables.ARTIFACTORY_PRIVATE_READER_USERNAME]
@@ -32,8 +31,6 @@ variables:
     value: '$(Build.SourcesDirectory)\coverage'
   - name: UnitTestExclusionsPattern
     value: 'analyzers/tests/SonarAnalyzer.Test/TestCases/**/*'
-  - name: isReleaseBranch
-    value: ${{ or(eq(variables['Build.SourceBranch'], 'refs/heads/master'), startsWith(variables['Build.SourceBranch'], 'refs/heads/branch-')) }}
   - name: vsVersion
     value: '17.0'
 
@@ -46,7 +43,6 @@ resources:
 
 stages:
 - stage: build
-  # Build the dotnet analyzers and stage to repox
   displayName: 'Build:'
   jobs:
   - job: dotnetBuildjob
@@ -80,57 +76,13 @@ stages:
         msbuildArgs: '/p:Sha1=$(Build.SourceVersion) /p:BranchName=$(Build.SourceBranchName) /p:BuildNumber=$(Build.BuildId) /p:BuildConfiguration=$(BuildConfiguration)'
         vsVersion: $(vsVersion)
 
-    - task: DownloadSecureFile@1
-      displayName: 'Download snk file'
-      name: snk
-      inputs:
-        secureFile: SonarSourceSecret.snk
-
-    - task: DownloadSecureFile@1
-      # This file is used by the "DigiCert Signing Manager KSP" Key Storage Provider to authenticate against the DigiCert private key provider server.
-      displayName: 'Download p12 file'
-      name: SM_CLIENT_CERT
-      inputs:
-        secureFile: digicert_authentication_certificate.p12
-
-    - task: DownloadSecureFile@1
-      # This file contains the signing certificate without the private key. The private key will be downloaded later, during the signing process.
-      displayName: 'Download crt file'
-      name: SM_CLIENT_CRT
-      inputs:
-        secureFile: cert_525594307.crt
-
-    - task: PowerShell@2
-      displayName: "Signing certificate setup"
-      # Initialize the DigiCert Private Key Provider.
-      # What we think it does: The smctl tool authenticates with a client certificate (SM_CLIENT_CERT_FILE) and a client password (SM_CLIENT_CERT_PASSWORD).
-      # It uses an API Key (SM_API_KEY) and the ID of the certificate (SM_CERT) to check if the authenticated client is authorized to use the
-      # certificate specified and synchronize (potentially private) information about the certificate.
-      condition: eq(variables.isReleaseBranch, 'True')
-      env:
-        SM_CLIENT_CERT_FILE: $(SM_CLIENT_CERT.secureFilePath)
-        SM_CLIENT_CERT_PASSWORD: $(SM_CLIENT_CERT_PASSWORD)
-        SM_API_KEY: $(SM_API_KEY)
-        SM_CERT: $(SM_CERT)
-      inputs:
-        targetType: 'inline'
-        script: |
-          Write-Output "smctl sync:"
-          smctl windows certsync
-
     - task: VSBuild@1
-      displayName: "Build and sign SonarAnalyzer solution"
-      env:
-        SM_CLIENT_CRT_FILE: $(SM_CLIENT_CRT.secureFilePath)
-        SM_CLIENT_CERT_FILE: $(SM_CLIENT_CERT.secureFilePath)
-        SM_CLIENT_CERT_PASSWORD: $(SM_CLIENT_CERT_PASSWORD)
-        SM_API_KEY: $(SM_API_KEY)
-        SM_CERT: $(SM_CERT)
+      displayName: "Build SonarAnalyzer solution"
       inputs:
         solution: '$(solution)'
         platform: '$(buildPlatform)'
         configuration: '$(buildConfiguration)'
-        msbuildArgs: '/p:SignAssembly=$(isReleaseBranch) /p:AssemblyOriginatorKeyFile="$(snk.secureFilePath)" /p:Sha1=$(Build.SourceVersion) /p:BuildNumber=$(Build.BuildId) /p:WarningLevel=0'
+        msbuildArgs: '/p:Sha1=$(Build.SourceVersion) /p:BuildNumber=$(Build.BuildId) /p:WarningLevel=0'
         vsVersion: $(vsVersion)
 
     - task: NuGetCommand@2
@@ -143,20 +95,6 @@ stages:
         verbosityPack: 'Detailed'
         publishPackageMetadata: true
 
-    - task: PowerShell@2
-      displayName: "Sign NuGet packages"
-      condition: eq(variables.isReleaseBranch, 'True')
-      env:
-        PACKAGES_PATH: '$(Build.ArtifactStagingDirectory)\packages\*.nupkg'
-        SM_CLIENT_CERT_FILE: $(SM_CLIENT_CERT.secureFilePath)
-        SM_CLIENT_CERT_PASSWORD: $(SM_CLIENT_CERT_PASSWORD)
-        SM_API_KEY: $(SM_API_KEY)
-        SM_CERT: $(SM_CERT)
-      inputs:
-        targetType: 'inline'
-        script: |
-          nuget sign "$env:PACKAGES_PATH" -Overwrite -HashAlgorithm SHA256 -CertificateFingerprint $(SM_CERT_FP) -Timestamper http://timestamp.digicert.com -TimestampHashAlgorithm SHA256
-
     - task: PublishBuildArtifacts@1
       displayName: 'Publish NuGet packages as build artifacts'
       inputs:
