tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Versatile OpenID Connect stack for ASP.NET Core and Microsoft.Owin (compatible with ASP.NET 4.6.1)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2093 Commits
2 Branches
79 Tags
29 MiB
 
 
 
 
 
 
Tree: 1ef7be587f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1ef7be587f'
${ noResults }
openiddict-core/eng/common/core-templates/steps/install-microbuild.yml

90 lines
5.0 KiB
Raw Blame History

parameters:
# Enable install tasks for MicroBuild
enableMicrobuild: false
# Enable install tasks for MicroBuild on Mac and Linux
# Will be ignored if 'enableMicrobuild' is false or 'Agent.Os' is 'Windows_NT'
enableMicrobuildForMacAndLinux: false
# Determines whether the ESRP service connection information should be passed to the signing plugin.
# This overlaps with _SignType to some degree. We only need the service connection for real signing.
# It's important that the service connection not be passed to the MicroBuildSigningPlugin task in this place.
# Doing so will cause the service connection to be authorized for the pipeline, which isn't allowed and won't work for non-prod.
# Unfortunately, _SignType can't be used to exclude the use of the service connection in non-real sign scenarios. The
# variable is not available in template expression. _SignType has a very large proliferation across .NET, so replacing it is tough.
microbuildUseESRP: true
continueOnError: false
steps:
- ${{ if eq(parameters.enableMicrobuild, 'true') }}:
- ${{ if eq(parameters.enableMicrobuildForMacAndLinux, 'true') }}:
# Installing .NET 8 is required to use the MicroBuild signing plugin on non-Windows platforms
- task: UseDotNet@2
displayName: Install .NET 8.0 SDK for MicroBuild Plugin
inputs:
packageType: sdk
version: 8.0.x
# Installing the SDK in a '.dotnet-microbuild' directory is required for signing.
# See target FindDotNetPathForMicroBuild in arcade/src/Microsoft.DotNet.Arcade.Sdk/tools/Sign.proj
# Do not remove '.dotnet-microbuild' from the path without changing the corresponding logic.
installationPath: $(Agent.TempDirectory)/.dotnet-microbuild
condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'))
- script: |
REM Check if ESRP is disabled while SignType is real
if /I "${{ parameters.microbuildUseESRP }}"=="false" if /I "$(_SignType)"=="real" (
echo Error: ESRP must be enabled when SignType is real.
exit /b 1
)
displayName: 'Validate ESRP usage (Windows)'
condition: and(succeeded(), eq(variables['Agent.Os'], 'Windows_NT'))
- script: |
# Check if ESRP is disabled while SignType is real
if [ "${{ parameters.microbuildUseESRP }}" = "false" ] && [ "$(_SignType)" = "real" ]; then
echo "Error: ESRP must be enabled when SignType is real."
exit 1
fi
displayName: 'Validate ESRP usage (Non-Windows)'
condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'))
# Two different MB install steps. This is due to not being able to use the agent OS during
# YAML expansion, and Windows vs. Linux/Mac uses different service connections. However,
# we can avoid including the MB install step if not enabled at all. This avoids a bunch of
# extra pipeline authorizations, since most pipelines do not sign on non-Windows.
- task: MicroBuildSigningPlugin@4
displayName: Install MicroBuild plugin (Windows)
inputs:
signType: $(_SignType)
zipSources: false
feedSource: https://dnceng.pkgs.visualstudio.com/_packaging/MicroBuildToolset/nuget/v3/index.json
${{ if eq(parameters.microbuildUseESRP, true) }}:
ConnectedServiceName: 'MicroBuild Signing Task (DevDiv)'
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
ConnectedPMEServiceName: 6cc74545-d7b9-4050-9dfa-ebefcc8961ea
${{ else }}:
ConnectedPMEServiceName: 248d384a-b39b-46e3-8ad5-c2c210d5e7ca
env:
TeamName: $(_TeamName)
MicroBuildOutputFolderOverride: $(Agent.TempDirectory)/MicroBuild
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
continueOnError: ${{ parameters.continueOnError }}
condition: and(succeeded(), eq(variables['Agent.Os'], 'Windows_NT'), in(variables['_SignType'], 'real', 'test'))
- ${{ if eq(parameters.enableMicrobuildForMacAndLinux, true) }}:
- task: MicroBuildSigningPlugin@4
displayName: Install MicroBuild plugin (non-Windows)
inputs:
signType: $(_SignType)
zipSources: false
feedSource: https://dnceng.pkgs.visualstudio.com/_packaging/MicroBuildToolset/nuget/v3/index.json
${{ if eq(parameters.microbuildUseESRP, true) }}:
ConnectedServiceName: 'MicroBuild Signing Task (DevDiv)'
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
ConnectedPMEServiceName: beb8cb23-b303-4c95-ab26-9e44bc958d39
${{ else }}:
ConnectedPMEServiceName: c24de2a5-cc7a-493d-95e4-8e5ff5cad2bc
env:
TeamName: $(_TeamName)
MicroBuildOutputFolderOverride: $(Agent.TempDirectory)/MicroBuild
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
continueOnError: ${{ parameters.continueOnError }}
condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'), eq(variables['_SignType'], 'real'))