diff options
| author | Morgan Brown <morganbr@users.noreply.github.com> | 2018-12-14 18:45:55 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-12-14 18:45:55 -0800 |
| commit | e763e8302028edb4a49e22b7e18b888b3145d48c (patch) | |
| tree | 0caf5ddb2364cc1dd8893d7aaa2b6e88b1c78417 /eng/build-job.yml | |
| parent | 483135b05e853290d6890f9f5f72aa0bb96aca23 (diff) | |
| download | coreclr-e763e8302028edb4a49e22b7e18b888b3145d48c.tar.gz coreclr-e763e8302028edb4a49e22b7e18b888b3145d48c.tar.bz2 coreclr-e763e8302028edb4a49e22b7e18b888b3145d48c.zip | |
Add Azure DevOps signing support (#21545)
Add signing support for Azure DevOps pipelines. This uses the arcade signing step, but with custom logic to find files to sign while we're not using arcade for the rest of the build.
Diffstat (limited to 'eng/build-job.yml')
| -rw-r--r-- | eng/build-job.yml | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/eng/build-job.yml b/eng/build-job.yml index d8a5f61102..064db098ed 100644 --- a/eng/build-job.yml +++ b/eng/build-job.yml @@ -14,6 +14,7 @@ jobs: archType: ${{ parameters.archType }} osGroup: ${{ parameters.osGroup }} osIdentifier: ${{ parameters.osIdentifier }} + enableMicrobuild: true # Compute job name from template parameters name: ${{ format('build_{0}_{1}_{2}', parameters.osIdentifier, parameters.archType, parameters.buildConfig) }} @@ -68,6 +69,19 @@ jobs: - script: set __TestIntermediateDir=int&&build.cmd $(buildConfig) $(archType) -skiptests -skipbuildpackages displayName: Build product + # Sign on Windows + - ${{ if and(ne(variables['System.TeamProject'], 'public'), ne(variables['Build.Reason'], 'PullRequest'), eq(parameters.osGroup, 'Windows_NT')) }}: + - script: powershell eng\common\build.ps1 -ci -sign -restore -configuration:$(buildConfig) -warnaserror:0 /p:ArcadeBuild=true /p:OfficialBuild=true /p:BuildOS=$(osGroup) /p:BuildArch=$(archType) /p:BuildType=$(buildConfig) /p:DotNetSignType=%_SignType% + displayName: Sign Binaries + + - task: PublishBuildArtifacts@1 + displayName: Publish Signing Logs to VSTS + inputs: + PathtoPublish: '$(Build.SourcesDirectory)/artifacts/' + PublishLocation: Container + ArtifactName: $(Agent.Os)_$(Agent.JobName)_$(archType) + continueOnError: true + condition: always() # Upload build as pipeline artifact - ${{ if ne(parameters.osGroup, 'Windows_NT') }}: @@ -83,13 +97,6 @@ jobs: artifactName: ${{ format('{0}_{1}_{2}_build', parameters.osIdentifier, parameters.archType, parameters.buildConfig) }} targetPath: $(Build.SourcesDirectory)\bin\Product\$(osGroup).$(archType).$(buildConfigUpper) - - # TODO: Sign - - ${{ if and(ne(variables['System.TeamProject'], 'public'), ne(variables['Build.Reason'], 'PullRequest')) }}: - - script: echo Sign! - displayName: Sign Binaries (empty for now) - - # Get key vault secrets for publishing - ${{ if and(ne(variables['System.TeamProject'], 'public'), ne(variables['Build.Reason'], 'PullRequest')) }}: - task: AzureKeyVault@1 |