azure-pipelines.yml

pool:
  vmImage: 'windows-latest'

variables:
  - name: buildPlatform 
    value: 'Any CPU'
  - name: buildConfiguration
    value: 'Release'
  - name: build.version.major
    value: 1
  - name: build.version.minor
    value: 1
  - name: build.version.revision
    value: $[counter(format('{0}.{1}', variables['build.version.major'], variables['build.version.minor']), 0)]
  - name: build.version.suffix
    value:
  - name: build.version
    value: $(build.version.major).$(build.version.minor).$(build.version.revision)$(build.version.suffix)
  - name: build.versionShort
    value: $(build.version.major).$(build.version.minor).$(build.version.revision)
  - name: build.date
    value: $[format('{0:yyyy}-{0:MM}-{0:dd}T{0:HH}:{0:mm}:{0:ss}', pipeline.startTime)]
  - group: Azure KeyVault Code Signing

name: $(build.version.major).$(build.version.minor).$(build.version.revision)$(build.version.suffix)
trigger: none

stages:
- stage: build_provider
  displayName: Build credential provider
  dependsOn: []
  jobs:
    - job: "build_provider_job"
      steps:
      - task: DotNetCoreCLI@2
        displayName: dotnet build
        inputs:
          command: build
          arguments: '-c $(buildConfiguration) -p:Version=$(build.version) -p:GeneratePackageOnBuild=false'
          projects: 'src/Lithnet.CredentialProvider/Lithnet.CredentialProvider.csproj'

      - task: DotNetCoreCLI@2
        inputs:
          command: 'custom'
          custom: 'tool'
          arguments: 'update --global azuresigntool'
        displayName: Install AzureSignTool

      - task: PowerShell@2
        displayName: 'Sign files with AzureSignTool'
        inputs:
          targetType: 'inline'
          script: |
            $files = @()
            $files += (Get-ChildItem -Recurse -Path "$(Build.SourcesDirectory)\Lithnet*.dll").FullName

            write-host "Signing $($files.Length) files:"
            write-output $files

            $cmdargs = @(
              "sign",
              "-d", "Lithnet Windows Credential Provider",
              "-kvu", "$(akv.url)",
              "-kvi", "$(akv.applicationID)",
              "-kvs", "$(akv.secret)",
              "-kvt", "$(akv.tenantId)",
              "-kvc", "$(akv.certificateName)",
              "-tr", "http://timestamp.digicert.com",
              "-td", "sha256"
            )

            $cmdargs += $files
        
            & AzureSignTool $cmdargs
          failOnStderr: true
          showWarnings: true

      - task: DotNetCoreCLI@2
        displayName: dotnet pack
        inputs:
          command: 'pack'
          packagesToPack: 'src/Lithnet.CredentialProvider/Lithnet.CredentialProvider.csproj'
          packDirectory: '$(Build.ArtifactStagingDirectory)\cp'
          nobuild: true
          includesymbols: true
          versioningScheme: 'byEnvVar'
          versionEnvVar: 'build.version'

      - task: DotNetCoreCLI@2
        inputs:
          command: 'custom'
          custom: 'tool'
          arguments: 'update --global NuGetKeyVaultSignTool'
        displayName: Install NugetKeyVaultSignTool

      - task: PowerShell@2
        displayName: 'Sign Nuget package'
        inputs:
          targetType: 'inline'
          script: |
            $cmdargs = @(
              "sign", "$(Build.ArtifactStagingDirectory)\cp\Lithnet.CredentialProvider.$(build.version).nupkg"
              "-fd", "sha256",
              "-kvu", "$(akv.url)",
              "-kvi", "$(akv.applicationID)",
              "-kvs", "$(akv.secret)",
              "-kvt", "$(akv.tenantId)",
              "-kvc", "$(akv.certificateName)",
              "-tr", "http://timestamp.digicert.com",
              "-td", "sha256"
            )
        
            & NuGetKeyVaultSignTool $cmdargs
          failOnStderr: true
          showWarnings: true

      - task: PowerShell@2
        displayName: 'Sign Nuget symbols package'
        inputs:
          targetType: 'inline'
          script: |
            $cmdargs = @(
              "sign", "$(Build.ArtifactStagingDirectory)\cp\Lithnet.CredentialProvider.$(build.version).snupkg"
              "-fd", "sha256",
              "-kvu", "$(akv.url)",
              "-kvi", "$(akv.applicationID)",
              "-kvs", "$(akv.secret)",
              "-kvt", "$(akv.tenantId)",
              "-kvc", "$(akv.certificateName)",
              "-tr", "http://timestamp.digicert.com",
              "-td", "sha256"
            )
        
            & NuGetKeyVaultSignTool $cmdargs
          failOnStderr: true
          showWarnings: true

      - task: DotNetCoreCLI@2
        displayName: Publish package to internal feed
        inputs:
          command: 'push'
          packagesToPush: '$(Build.ArtifactStagingDirectory)/cp/*.nupkg'
          nuGetFeedType: 'internal'
          publishVstsFeed: '91a552bc-359d-4f28-bdbd-f36f71cfdf81'

      - task: DotNetCoreCLI@2
        displayName: Publish symbols to internal feed
        inputs:
          command: 'push'
          packagesToPush: '$(Build.ArtifactStagingDirectory)/cp/*.snupkg'
          nuGetFeedType: 'internal'
          publishVstsFeed: '91a552bc-359d-4f28-bdbd-f36f71cfdf81'

      - task: PublishPipelineArtifact@1
        displayName: Publish nuget artifact
        inputs:
          targetPath: '$(Build.ArtifactStagingDirectory)/cp'
          publishLocation: 'pipeline'
          artifact: cp

      - task: GitHubRelease@1
        inputs:
            gitHubConnection: github.com_lithnet # string. Required. GitHub connection (OAuth or PAT). 
            repositoryName: '$(Build.Repository.Name)' # string. Required. Repository. Default: $(Build.Repository.Name).
            action: 'create' # 'create' | 'edit' | 'delete'. Required. Action. Default: create.
            #target: '$(Build.SourceVersion)' # string. Required when action = create || action = edit. Target. Default: $(Build.SourceVersion).
            tagSource: 'userSpecifiedTag' # 'gitTag' | 'userSpecifiedTag'. Required when action = create. Tag source. Default: gitTag.
            #tagPattern: # string. Optional. Use when tagSource = gitTag. Tag Pattern. 
            tag:  v$(build.version) # string. Required when action = edit || action = delete || tagSource = userSpecifiedTag. Tag. 
            title: v$(build.version) # string. Optional. Use when action = create || action = edit. Release title. 
            #releaseNotesSource: 'filePath' # 'filePath' | 'inline'. Optional. Use when action = create || action = edit. Release notes source. Default: filePath.
            #releaseNotesFilePath: # string. Optional. Use when releaseNotesSource = filePath. Release notes file path. 
            #releaseNotesInline: # string. Optional. Use when releaseNotesSource = inline. Release notes. 
            assets: | # string. Optional. Use when action = create || action = edit. Assets. Default: $(Build.ArtifactStagingDirectory)/*.
                $(Build.ArtifactStagingDirectory)/cp/*.nupkg
            #assetUploadMode: 'delete' # 'delete' | 'replace'. Optional. Use when action = edit. Asset upload mode. Default: delete.
            #isDraft: false # boolean. Optional. Use when action = create || action = edit. Draft release. Default: false.
            isPreRelease: true # boolean. Optional. Use when action = create || action = edit. Pre-release. Default: false.
            addChangeLog: true # boolean. Optional. Use when action = create || action = edit. Add changelog. Default: true.
            # Changelog configuration
            changeLogCompareToRelease: 'lastFullRelease' # 'lastFullRelease' | 'lastNonDraftRelease' | 'lastNonDraftReleaseByTag'. Required when addChangeLog = true. Compare to. Default: lastFullRelease.
            #changeLogCompareToReleaseTag: # string. Required when changeLogCompareToRelease = lastNonDraftReleaseByTag && addChangeLog = true. Release Tag. 
            changeLogType: 'commitBased' # 'commitBased' | 'issueBased'. Required when addChangeLog = true. Changelog type. Default: commitBased.
            #changeLogLabels: '[{ "label" : "bug", "displayName" : "Bugs", "state" : "closed" }]' # string. Optional. Use when changeLogType = issueBased && addChangeLog = true. Categories. Default: [{ "label" : "bug", "displayName" : "Bugs", "state" : "closed" }].   

- stage: publish_nuget
  displayName: Publish CredProvider to nuget.org
  dependsOn: "build_provider"
  jobs:
      - deployment: 'PublishPackages'
        environment: 'Public nuget feed'
        displayName: Publish packages to public nuget feed 
        pool:
          vmImage: windows-2022 
        strategy:
          runOnce:
            deploy:            
              steps:
              - checkout: none
              - download: current
                artifact: cp
              - task: NuGetToolInstaller@1
                inputs:
                  versionSpec: '>=4.9.0-0'
              - task: NuGetCommand@2
                displayName: 'Publish nuget package to public feed'
                inputs:
                  command: 'push'
                  packagesToPush: '$(Pipeline.Workspace)/cp/*.nupkg'
                  nuGetFeedType: 'external'
                  publishFeedCredentials: 'WindowsCredentialProviderNuget'
              - task: GitHubRelease@1
                inputs:
                    gitHubConnection: github.com_lithnet # string. Required. GitHub connection (OAuth or PAT). 
                    repositoryName: '$(Build.Repository.Name)' # string. Required. Repository. Default: $(Build.Repository.Name).
                    action: 'edit' # 'create' | 'edit' | 'delete'. Required. Action. Default: create.
                    target: '$(Build.SourceVersion)' # string. Required when action = create || action = edit. Target. Default: $(Build.SourceVersion).
                    tagSource: 'userSpecifiedTag' # 'gitTag' | 'userSpecifiedTag'. Required when action = create. Tag source. Default: gitTag.
                    #tagPattern: # string. Optional. Use when tagSource = gitTag. Tag Pattern. 
                    tag:  v$(build.version) # string. Required when action = edit || action = delete || tagSource = userSpecifiedTag. Tag. 
                    isPreRelease: false # boolean. Optional. Use when action = create || action = edit. Pre-release. Default: false.
                    addChangeLog: false # boolean. Optional. Use when action = create || action = edit. Add changelog. Default: true.