Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enabled ESRPCodeSign for docfx v2 - dev #5832

Merged
merged 9 commits into from
Apr 29, 2020
Merged

Enabled ESRPCodeSign for docfx v2 - dev #5832

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
9ac334b
Enable code sign for docfxv2 - dev
sharanya-rao Apr 26, 2020
8a4de0f
Updated matched paths with include filters instead of exclude paths.
sharanya-rao Apr 26, 2020
5b7e998
minor fix
sharanya-rao Apr 26, 2020
419318b
fixed build error
sharanya-rao Apr 27, 2020
2f65996
Included pack step
sharanya-rao Apr 27, 2020
eb80e9a
Resolved review comments.
sharanya-rao Apr 27, 2020
b105b6e
Fixed batchsign policy file.
sharanya-rao Apr 27, 2020
942b9d9
Fixed build/pack/codesign
sharanya-rao Apr 28, 2020
350a624
Fixed indentation; Moved pack after e2etest
sharanya-rao Apr 28, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions azure-pipelines-stable.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,24 @@ steps:

- task: CmdLine@1
displayName: 'gulp build'
inputs:
filename: node
arguments: '.\node_modules\gulp\bin\gulp.js dev:build'
workingFolder: tools/Deployment

- task: EsrpCodeSigning@1
displayName: Sign executables and dlls
inputs:
ConnectedServiceName: 'CodeSigning-APEX'
FolderPath: '$(Build.SourcesDirectory)/target/Release'
signType: 'batchSigning'
batchSignPolicyFile: '$(Build.SourcesDirectory)/codesign_policy.json'
SessionTimeout: '60'
MaxConcurrency: '50'
MaxRetryAttempts: '5'

- task: CmdLine@1
displayName: 'gulp pack'
inputs:
filename: node
arguments: '.\node_modules\gulp\bin\gulp.js dev:release'
Expand Down
156 changes: 16 additions & 140 deletions build.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,28 +14,20 @@ param(
# [-skipTests]: If it's set, running unit tests will be skipped
################################################################################################

# Include
$scriptRoot = $($MyInvocation.MyCommand.Definition) | Split-Path
. "$scriptRoot/common.ps1"

$ErrorActionPreference = 'Stop'
$releaseBranch = "master"
$gitCommand = "git"
$framework = "net472"
$packageVersion = "1.0.0"
$assemblyVersion = "1.0.0.0"

if ([environment]::OSVersion.Platform -eq "Win32NT") {
$os = "Windows"
}
else {
$os = "Linux"
}
$os = GetOperatingSystemName
Write-Host "Running on OS $os"

if ($os -eq "Windows") {
$nugetCommand = "$env:LOCALAPPDATA/Nuget/Nuget.exe"
}
else {
$nugetCommand = "nuget"
}

$nugetCommand = GetNuGetCommand ($os)
$scriptPath = $MyInvocation.MyCommand.Path
$scriptHome = Split-Path $scriptPath
$versionCsFolderPath = $scriptHome + "/TEMP/"
Expand All @@ -46,47 +38,11 @@ $global:LASTEXITCODE = $null

Push-Location $scriptHome

function NugetPack {
param($basepath, $nuspec, $version)
if (Test-Path $nuspec) {
& $nugetCommand pack $nuspec -Version $version -OutputDirectory artifacts/$configuration -BasePath $basepath
ProcessLastExitCode $lastexitcode "$nugetCommand pack $nuspec -Version $version -OutputDirectory artifacts/$configuration -BasePath $basepath"
}
}

function ProcessLastExitCode {
param($exitCode, $msg)
if ($exitCode -eq 0) {
Write-Host "Success: $msg
" -ForegroundColor Green
}
else {
Write-Host "Error $($exitCode): $msg
" -ForegroundColor Red
Pop-Location
Exit 1
}
}

function ValidateCommand {
param($command)
return (Get-Command $command -ErrorAction SilentlyContinue) -ne $null
}

# Check if dotnet cli exists globally
if (-not(ValidateCommand("dotnet"))) {
ProcessLastExitCode 1 "Dotnet CLI is not successfully configured. Please follow https://www.microsoft.com/net/core to install .NET Core."
}

# Check if nuget.exe exists
if (-not(ValidateCommand($nugetCommand))) {
Write-Host "Downloading NuGet.exe..."
mkdir -Path "$env:LOCALAPPDATA/Nuget" -Force
$ProgressPreference = 'SilentlyContinue'
[Net.WebRequest]::DefaultWebProxy.Credentials = [Net.CredentialCache]::DefaultCredentials
Invoke-WebRequest 'https://dist.nuget.org/win-x86-commandline/latest/nuget.exe' -OutFile $nugetCommand
}

# Update template
if ($raw -eq $false) {
./UpdateTemplate.ps1
Expand Down Expand Up @@ -164,6 +120,10 @@ do ()

Write-Host "Using package version $packageVersion, and assembly version $assemblyVersion, assembly file version $assemblyFileVersion"

$packageVersionFilePath = ".\package_version_temp.txt"
$packageVersion | Out-File -FilePath $packageVersionFilePath -Force
Write-Host "Package version saved to $packageVersionFilePath"

foreach ($sln in (Get-ChildItem *.sln)) {
Write-Host "Start building $($sln.FullName)"

Expand Down Expand Up @@ -202,98 +162,14 @@ if (-not $skipTests) {
}
}

# dotnet pack first
foreach ($proj in (Get-ChildItem -Path ("src", "plugins") -Include *.[cf]sproj -Exclude 'docfx.msbuild.csproj' -Recurse)) {
if ($os -eq "Windows") {
& dotnet pack $proj.FullName -c $configuration -o $scriptHome/artifacts/$configuration /p:Version=$packageVersion
ProcessLastExitCode $lastexitcode "dotnet pack $($proj.FullName) -c $configuration -o $scriptHome/artifacts/$configuration /p:Version=$packageVersion"
}
else {
& nuget pack $($proj.FullName) -Properties Configuration=$configuration -OutputDirectory $scriptHome/artifacts/$configuration -Version $packageVersion
ProcessLastExitCode $lastexitcode "nuget pack $($proj.FullName) -Properties Configuration=$configuration -OutputDirectory $scriptHome/artifacts/$configuration -Version $packageVersion"
}
}

# Pack docfx.console
$docfxTarget = "target/$configuration/docfx";
if (-not(Test-Path -path $docfxTarget)) {
New-Item $docfxTarget -Type Directory
}

Copy-Item -Path "src/nuspec/docfx.console/build" -Destination $docfxTarget -Force -Recurse
Copy-Item -Path "src/nuspec/docfx.console/content" -Destination $docfxTarget -Force -Recurse

$packages = @{
"docfx" = @{
"proj" = $null;
"nuspecs" = @("src/nuspec/docfx.console/docfx.console.nuspec");
};
"MergeDeveloperComments" = @{
"proj" = $null;
"nuspecs" = @("src/nuspec/MergeDeveloperComments/MergeDeveloperComments.nuspec");
};
"MergeSourceInfo" = @{
"proj" = $null;
"nuspecs" = @("src/nuspec/MergeSourceInfo/MergeSourceInfo.nuspec");
};
"TocConverter" = @{
"proj" = $null;
"nuspecs" = @("src/nuspec/TocConverter/TocConverter.nuspec");
};
"MarkdownMigrateTool" = @{
"proj" = $null;
"nuspecs" = @("src/nuspec/MarkdownMigrateTool/MarkdownMigrateTool.nuspec");
};
"YamlSplitter" = @{
"proj" = $null;
"nuspecs" = @("src/nuspec/YamlSplitter/YamlSplitter.nuspec");
};
"SandcastleRefMapper" = @{
"proj" = $null;
"nuspecs" = @("src/nuspec/SandcastleRefMapper/SandcastleRefMapper.nuspec")
};
}

# Pack plugins and tools
foreach ($proj in (Get-ChildItem -Path ("src", "plugins", "tools") -Include *.csproj -Recurse)) {
foreach ($proj in (Get-ChildItem -Path ("src", "plugins", "tools") -Include *.csproj -Recurse))
{
$name = $proj.BaseName
if ($packages.ContainsKey($name)) {
$packages[$name].proj = $proj
}
$nuspecs = Join-Path $proj.DirectoryName "*.nuspec" -Resolve
if ($nuspecs -ne $null) {
if ($packages.ContainsKey($name)) {
$packages[$name].nuspecs = $packages[$name].nuspecs + $nuspecs
}
else {
$packages[$name] = @{
nuspecs = $nuspecs;
proj = $proj;
}
}
}
}

foreach ($name in $packages.Keys) {
$val = $packages[$name]
$proj = $val.proj

if ($proj -eq $null) {
Write-Host $package
ProcessLastExitCode 1 "$name does not have project found"
}

$outputFolder = "$scriptHome/target/$configuration/$name"
# publish to target folder before pack
& dotnet publish $proj.FullName -c $configuration -f $framework -o $outputFolder
ProcessLastExitCode $lastexitcode "dotnet publish $($proj.FullName) -c $configuration -f $framework -o $outputFolder"

$nuspecs = $val.nuspecs
foreach ($nuspec in $nuspecs) {
NugetPack $outputFolder $nuspec $packageVersion
}
# publish to target folder
& dotnet publish $proj.FullName -c $configuration --no-build -f $framework -o $outputFolder
ProcessLastExitCode $lastexitcode "dotnet publish $($proj.FullName) -c $configuration --no-build -f $framework -o $outputFolder"
}

Write-Host "Build succeeds." -ForegroundColor Green
Pop-Location

Pop-Location
125 changes: 125 additions & 0 deletions codesign_policy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
{
"Version": "1.0.0",
"UseMinimatch": true,
"SignBatches": [
{
"MatchedPath": [
"Microsoft.DocAsCode*.dll",
"*.exe"
],
"SigningInfo": {
"Operations": [
{
"KeyCode": "CP-230012",
"OperationSetCode": "SigntoolSign",
"parameters": [
{
"parameterName": "OpusName",
"parameterValue": "Microsoft"
},
{
"parameterName": "OpusInfo",
"parameterValue": "http://www.microsoft.com"
},
{
"parameterName": "PageHash",
"parameterValue": "/NPH"
},
{
"parameterName": "TimeStamp",
"parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
},
{
"parameterName": "FileDigest",
"parameterValue": "/fd \"SHA256\""
}
],
"ToolName": "sign",
"ToolVersion": "1.0"
},
{
"KeyCode": "CP-230012",
"OperationSetCode": "SigntoolVerify",
"Parameters": [
{
"parameterName": "VerifyAll",
"parameterValue": "/all"
}
],
"ToolName": "sign",
"ToolVersion": "1.0"
}
]
}
},
{
"MatchedPath": [
"DotLiquid.resources.dll",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you used !Microsoft*.dll in this PR earlier. Can it work?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't seem to work, therefore explicitly listed them.

"AutoMapper.dll",
"CommandLine.dll",
"DotLiquid.dll",
"Dotnet.ProjInfo.dll",
"Dotnet.ProjInfo.Helpers.dll",
"FSharp.Compiler.*.dll",
"HtmlAgilityPack.dll",
"itextsharp.dll",
"Jint.dll",
"Markdig.dll",
"Newtonsoft.Json.dll",
"Newtonsoft.Json.Schema.dll",
"Nustache.Core.dll",
"Owin.dll",
"SQLitePCLRaw.core.dll",
"YamlDotNet.dll"
],
"SigningInfo": {
"Operations": [
{
"KeyCode": "CP-231522",
"OperationSetCode": "SigntoolSign",
"parameters": [
{
"parameterName": "OpusName",
"parameterValue": "Microsoft"
},
{
"parameterName": "OpusInfo",
"parameterValue": "http://www.microsoft.com"
},
{
"parameterName": "Append",
sharanya-rao marked this conversation as resolved.
Show resolved Hide resolved
"parameterValue": "/as"
},
{
"parameterName": "PageHash",
"parameterValue": "/NPH"
},
{
"parameterName": "TimeStamp",
"parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
},
{
"parameterName": "FileDigest",
"parameterValue": "/fd \"SHA256\""
}
],
"ToolName": "sign",
"ToolVersion": "1.0"
},
{
"KeyCode": "CP-231522",
"OperationSetCode": "SigntoolVerify",
"Parameters": [
{
"parameterName": "VerifyAll",
"parameterValue": "/all"
}
],
"ToolName": "sign",
"ToolVersion": "1.0"
}
]
}
}
]
}
38 changes: 38 additions & 0 deletions common.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
function GetOperatingSystemName()
{
if ([environment]::OSVersion.Platform -eq "Win32NT") {
return "Windows"
}
else {
return "Linux"
}
}

function GetNuGetCommand([string]$os)
{
if ($os -eq "Windows") {
return "$env:LOCALAPPDATA/Nuget/Nuget.exe"
}
else {
return "nuget"
}
}

function ProcessLastExitCode {
param($exitCode, $msg)
if ($exitCode -eq 0) {
Write-Host "Success: $msg
" -ForegroundColor Green
}
else {
Write-Host "Error $($exitCode): $msg
" -ForegroundColor Red
Pop-Location
Exit 1
}
}

function ValidateCommand {
param($command)
return (Get-Command $command -ErrorAction SilentlyContinue) -ne $null
}
Loading