Change: [CI] Use Azure Code Signing for Windows build
parent
3a3d8f3b53
commit
d4a6ee9554
@ -1,18 +1,2 @@
|
||||
@echo off
|
||||
REM Signing script
|
||||
REM Arguments: sign.bat exe_to_sign certificate_subject_name
|
||||
|
||||
REM This is a loose wrapper around the Microsoft signtool application (included in the Windows SDK).
|
||||
REM See https://docs.microsoft.com/en-us/dotnet/framework/tools/signtool-exe for more details.
|
||||
|
||||
REM Path to signtool.exe
|
||||
IF NOT DEFINED SIGNTOOL_PATH (SET SIGNTOOL_PATH=signtool)
|
||||
|
||||
REM URL of the timestamp server
|
||||
IF NOT DEFINED SIGNTOOL_TIMESTAMP_URL (SET SIGNTOOL_TIMESTAMP_URL=http://timestamp.digicert.com)
|
||||
|
||||
REM Sign with SHA-1 for Windows 7 and below
|
||||
"%SIGNTOOL_PATH%" sign -v -n %2 -t %SIGNTOOL_TIMESTAMP_URL% -fd sha1 %1
|
||||
|
||||
REM Sign with SHA-256 for Windows 8 and above
|
||||
"%SIGNTOOL_PATH%" sign -v -n %2 -tr %SIGNTOOL_TIMESTAMP_URL% -fd sha256 -td sha256 -as %1
|
||||
pwsh -File "%~dp0sign_azure.ps1" %1
|
||||
|
@ -0,0 +1,40 @@
|
||||
# Signing script for Azure Code Signing
|
||||
# Arguments: sign_azure.ps1 path_to_sign
|
||||
#
|
||||
# Environment variables must be set up before use:
|
||||
#
|
||||
# AZURE_TENANT_ID
|
||||
# AZURE_CLIENT_ID
|
||||
# AZURE_CLIENT_SECRET
|
||||
# AZURE_CODESIGN_ACCOUNT_NAME
|
||||
# AZURE_CODESIGN_ENDPOINT
|
||||
# AZURE_CODESIGN_PROFILE_NAME
|
||||
|
||||
Param
|
||||
(
|
||||
# Files folder
|
||||
[Parameter(Mandatory=$true, Position=0)]
|
||||
$FilesFolder
|
||||
)
|
||||
|
||||
if (!$Env:AZURE_CODESIGN_ENDPOINT -or !$Env:AZURE_CODESIGN_ACCOUNT_NAME -or !$Env:AZURE_CODESIGN_PROFILE_NAME -or
|
||||
!$Env:AZURE_TENANT_ID -or !$Env:AZURE_CLIENT_ID -or !$Env:AZURE_CLIENT_SECRET)
|
||||
{
|
||||
"Code signing variables not found; most likely running in a fork. Skipping signing."
|
||||
exit
|
||||
}
|
||||
|
||||
Install-Module -Name AzureCodeSigning -Scope CurrentUser -RequiredVersion 0.3.0 -Force -Repository PSGallery
|
||||
|
||||
$params = @{}
|
||||
|
||||
$params["Endpoint"] = $Env:AZURE_CODESIGN_ENDPOINT
|
||||
$params["CodeSigningAccountName"] = $Env:AZURE_CODESIGN_ACCOUNT_NAME
|
||||
$params["CertificateProfileName"] = $Env:AZURE_CODESIGN_PROFILE_NAME
|
||||
$params["FilesFolder"] = $FilesFolder
|
||||
$params["FilesFolderFilter"] = "exe"
|
||||
$params["FileDigest"] = "SHA256"
|
||||
$params["TimestampRfc3161"] = "http://timestamp.acs.microsoft.com"
|
||||
$params["TimestampDigest"] = "SHA256"
|
||||
|
||||
Invoke-AzureCodeSigning @params
|
Loading…
Reference in New Issue