fix: dotnet azure pipeline (uv sync installation) (#5042)

* add code sign * install uv before build step * update astral to azure pipeline install * use powershell command for uv * add uv to path and get version * use powershell task for uv * add PATH to build task * windows path * separate conditional from path in env * add conditional for just version * separate version suffix conditional out of env * add variables in build job * if else one line * separate if else * rrevert to windows path * comment out nightly build publish * readd conditionals for nightly * update to code sign version 5 for nuget * codesign * add esrp client id * use msi auth * only add dll * remove esrp clientid * remove quotes esrpclientid * change appregistration id * update AppRegistrationClientId * revert auth * use 5.1 format * only use AuthSignCertName * update 5.1 dlls * try v5 standard * usemsi and esrpclient * comment out authcertname * new auth cert * use msi and esrpclientid * ensure all dlls in file path
microsoft · Jan 16, 2025 · 5495a02 · 5495a02
1 parent 1a3ac62
commit 5495a02
Showing 1 changed file with 41 additions and 18 deletions.
diff --git a/.azure/pipelines/templates/build.yaml b/.azure/pipelines/templates/build.yaml
@@ -84,12 +84,20 @@ jobs:
     inputs:
       useGlobalJson: true
       workingDirectory: $(Build.SourcesDirectory)/dotnet
+  - task: PowerShell@2
+    displayName: 'Install uv'
+    inputs:
+      targetType: 'inline'
+      script: |
+        irm https://astral.sh/uv/install.ps1 | iex
+        $env:Path = "C:\Users\cloudtest\.local\bin;$env:Path"
+        uv --version
   - task: Bash@3
     displayName: Install .NET Aspire workload
     inputs:
       targetType: 'inline'
       script: |
-        dotnet nuget locals all --clear 
+        dotnet nuget locals all --clear
         dotnet workload install aspire
   - ${{ if eq(variables.runCodeQL3000, 'true') }}:
     - task: CodeQL3000Init@0
@@ -106,6 +114,7 @@ jobs:
       arguments: '$(build_flags) /bl:${{parameters.build_configuration}}-Build.binlog /p:Configuration=${{parameters.build_configuration}} $(solution)'
       workingDirectory: $(Build.SourcesDirectory)/dotnet
     env:
+      PATH: "C:\\Users\\cloudtest\\.local\\bin;$(PATH)"
       ${{ if and(eq(parameters.include_suffix, true), eq(parameters.publish_nuget, false)) }}:
         VersionSuffix: ${{parameters.version_suffix}}
       OfficialBuild: $(official_build)
@@ -125,16 +134,23 @@ jobs:
       inputs:
         SourceFolder: '$(build.sourcesdirectory)'
         Contents: |
-          src/**/bin/${{parameters.build_configuration}}/**/AutoGen*.dll
-          src/**/bin/${{parameters.build_configuration}}/**/Microsoft.AutoGen.*.dll
+          **/AutoGen*.dll
+          **/Microsoft.AutoGen.*.dll
         TargetFolder: '$(build.artifactstagingdirectory)\codesign'
         CleanTargetFolder: true
-    - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
+    - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
       displayName: 'Codesign: ESRP CodeSigning'
       inputs:
-        ConnectedServiceName: 'CodeSign Service (NuGet)'
+        ConnectedServiceName: 'AI Frontiers ESRP'
+        AppRegistrationClientId: 'c1e7a5c0-ee6b-4cec-9e11-4dc3f4670042'
+        AppRegistrationTenantId: '975f013f-7f24-47e8-a7d3-abc4752bf346'
+        #EsrpClientId: '7129dd35-ad94-49a9-98c7-eb4cf3cd36a9'
+        #UseMSIAuthentication: true
+        AuthAKVName: 'aif-autogen-esrp-kv'
+        AuthCertName: 'AIF-PME-InfrastructureAuth'
+        AuthSignCertName: 'AutoGenPublishESRPPKI' # this variable is only needed for codesign
         FolderPath: '$(build.artifactstagingdirectory)\codesign'
-        Pattern: '*'
+        Pattern: '*.dll'
         signConfigType: inlineSignParams
         inlineOperation: |
           [
@@ -163,15 +179,15 @@ jobs:
                   "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
                 }
               ],
-                "toolName": "sign",
-                "toolVersion": "1.0"
-              },
-              {
-                "keyCode": "CP-230012",
-                "operationSetCode": "SigntoolVerify",
-                "parameters": [ ],
-                "toolName": "sign",
-                "toolVersion": "1.0"
+              "toolName": "sign",
+              "toolVersion": "1.0"
+            },
+            {
+              "keyCode": "CP-230012",
+              "operationSetCode": "SigntoolVerify",
+              "parameters": [ ],
+              "toolName": "sign",
+              "toolVersion": "1.0"
             }
           ]
         SessionTimeout: 180
@@ -200,10 +216,17 @@ jobs:
       inputs:
         packageType: runtime
         version: $(codesign_runtime)
-    - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
+    - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
       displayName: 'Codesign: ESRP CodeSigning (nuget)'
       inputs:
-        ConnectedServiceName: 'CodeSign Service (NuGet)'
+        ConnectedServiceName: 'AI Frontiers ESRP'
+        AppRegistrationClientId: 'c1e7a5c0-ee6b-4cec-9e11-4dc3f4670042'
+        AppRegistrationTenantId: '975f013f-7f24-47e8-a7d3-abc4752bf346'
+        EsrpClientId: '7129dd35-ad94-49a9-98c7-eb4cf3cd36a9'
+        UseMSIAuthentication: true
+        AuthAKVName: 'aif-autogen-esrp-kv'
+        #AuthCertName: 'AutoGenPublishESRPPKI'
+        AuthSignCertName: 'AutoGenPublishESRPPKI' # this variable is only needed for codesign
         FolderPath: '$(build.sourcesdirectory)/Artifacts/${{parameters.build_configuration}}'
         Pattern: '*.nupkg'
         signConfigType: inlineSignParams
@@ -225,4 +248,4 @@ jobs:
             }
           ]
         SessionTimeout: 180
-        VerboseLogin: true
+        VerboseLogin: true