Pipelines/Sign.ps1
|
<#
.SYNOPSIS Version search dotnet signing tool. .DESCRIPTION version search dotnet signing tool. #> function Get-PackageVersion($PackageName) { $Path = $env:PIPELINE_WORKSPACE $alGoPackages = Get-Content -Path "$Path\s\CI Scripts\AL\Pipelines\Packages.json" | ConvertFrom-Json # Check if the package is in the list of packages if ($alGoPackages.PSobject.Properties.name -match $PackageName) { return $alGoPackages.$PackageName } else { throw "Package $PackageName is not in the list of packages" } } <# .SYNOPSIS Installs the dotnet signing tool. .DESCRIPTION Installs the dotnet signing tool. #> function Install-SigningTool() { # Create folder in temp directory with a unique name $tempFolder = Join-Path -Path ([System.IO.Path]::GetTempPath()) "SigningTool-$(Get-Random)" # Get version of the signing tool $version = Get-PackageVersion -PackageName "sign" # Install the signing tool in the temp folder Write-Host "Installing signing tool version $version in $tempFolder" New-Item -ItemType Directory -Path $tempFolder | Out-Null dotnet tool install sign --version $version --tool-path $tempFolder | Out-Null # Return the path to the signing tool $signingTool = Join-Path -Path $tempFolder "sign.exe" -Resolve return $signingTool } <# .SYNOPSIS Signs files in a given path using a certificate from Azure Key Vault. .DESCRIPTION Signs files in a given path using a certificate from Azure Key Vault. .PARAMETER KeyVaultName The name of the Azure Key Vault where the certificate is stored. .PARAMETER CertificateName The name of the certificate in the Azure Key Vault. .PARAMETER ClientId The client ID of the service principal used to authenticate with Azure Key Vault. .PARAMETER ClientSecret The client secret of the service principal used to authenticate with Azure Key Vault. .PARAMETER TenantId The tenant ID of the service principal used to authenticate with Azure Key Vault. .PARAMETER FilesToSign The path to the file(s) to be signed. Supports wildcards. .PARAMETER Description The description to be included in the signature. .PARAMETER DescriptionUrl The URL to be included in the signature. .PARAMETER TimestampService The URL of the timestamp server. .PARAMETER DigestAlgorithm The digest algorithm to use for signing and timestamping. .PARAMETER Verbosity The verbosity level of the signing tool. .EXAMPLE Invoke-SigningTool -KeyVaultName "my-key-vault" -CertificateName "my-certificatename" -ClientId "my-client-id" -ClientSecret "my-client-secret" -TenantId "my-tenant-id" -FilesToSign "C:\path\to\files\*.app" -Description "Signed with AL-Go for GitHub" -DescriptionUrl "github.com/myorg/myrepo" #> function Invoke-SigningTool() { param( [Parameter(Mandatory = $true)] [string] $KeyVaultName, [Parameter(Mandatory = $true)] [string] $CertificateName, [Parameter(Mandatory = $true)] [string] $ClientId, [Parameter(Mandatory = $true)] [string] $ClientSecret, [Parameter(Mandatory = $true)] [string] $TenantId, [Parameter(Mandatory = $true)] [string] $FilesToSign, [Parameter(Mandatory = $true)] [string] $Description, [Parameter(Mandatory = $true)] [string] $DescriptionUrl, [Parameter(Mandatory = $false)] [string] $TimestampService = "http://timestamp.digicert.com", [Parameter(Mandatory = $false)] [string] $DigestAlgorithm = "sha256", [Parameter(Mandatory = $false)] [string] $Verbosity = "Information" ) $signingToolExe = Install-SigningTool # Sign files . $signingToolExe code azure-key-vault ` --azure-key-vault-url "https://$KeyVaultName.vault.azure.net/" ` --azure-key-vault-certificate $CertificateName ` --azure-key-vault-client-id $ClientId ` --azure-key-vault-client-secret $ClientSecret ` --azure-key-vault-tenant-id $TenantId ` --description $Description ` --description-url $DescriptionUrl ` --file-digest $DigestAlgorithm ` --timestamp-digest $DigestAlgorithm ` --timestamp-url $TimestampService ` --verbosity $Verbosity ` $FilesToSign } |