Merge branch 'develop'

Todd Lair · Todd Lair · commit c5b4e4b90f22 · 2022-05-02T13:29:34.000-05:00
diff --git a/Scripts/codesign.ps1 b/Scripts/codesign.ps1
@@ -0,0 +1,22 @@
+param ([string]$pfxSecretStringValue,  [string]$pfxPswrd)
+ 
+Write-Host("Certificate bytes size = $($pfxSecretStringValue.Length)")
+Write-Host("Certificate password length = $($pfxPswrd.Length)")
+
+
+# construct the certificate
+$kvSecretBytes = [System.Convert]::FromBase64String($pfxSecretStringValue)
+$certCollection = [System.Security.Cryptography.X509Certificates.X509Certificate2Collection]::new()
+$certCollection.Import($kvSecretBytes, $null, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
+
+# Get the file created
+$protectedCertificateBytes = $certCollection.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $pfxPswrd)
+$pfxPath ="./certificate.pfx"
+[System.IO.File]::WriteAllBytes($pfxPath, $protectedCertificateBytes)
+
+# write password file for use in nsis
+[System.IO.File]::WriteAllText("./passwd.txt", $pfxPswrd)
+
+# write file names for debugging
+$colItems =  (get-childitem  "./" -include *.* -recurse | tee-object -variable files | measure-object -property length -sum)
+$files | foreach-object {write-host $_.FullName}
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -0,0 +1,176 @@
+trigger:
+  branches:
+    include:
+    - develop
+
+pool:
+  name: win2016-vs2017
+#  name: Azure Pipelines
+
+steps:
+  - checkout: self
+    clean: true
+    lfs: true
+  - task: AzureKeyVault@2
+    displayName: 'Azure Key Vault: keyvault-build-resources'
+    inputs:
+      ConnectedServiceName: 514ed7d6-3846-4422-8013-af27483dd22c
+      KeyVaultName: keyvault-build-resources
+      RunAsPreJob: true
+  - task: PowerShell@2
+    displayName: PowerShell Script
+    condition: and(succeeded(), eq('${{ variables.veracodeSCA }}', 'true'))
+    inputs:
+      targetType: inline
+      script: >
+        $Env:SRCCLR_API_TOKEN="$(SRCCLR_API_TOKEN)"; Set-ExecutionPolicy AllSigned -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://download.srcclr.com/ci.ps1')); srcclr scan .\Src\StackifyLib;
+  - task: DownloadSecureFile@1
+    name: SNK
+    displayName: Download Strong Name Key
+    inputs:
+      secureFile: 9d810a2d-d090-431c-9012-df939a4b1afe
+  - task: PowerShell@2
+    displayName: Move Signing Key To Project Directory
+    inputs:
+      targetType: inline
+      filePath: Src/StackifyLib
+      script: |
+        # Write your PowerShell commands here.
+        ls
+        Move-Item $(SNK.secureFilePath) Src/StackifyLib/Netreo.snk
+  - task: PowerShell@2
+    displayName: Update csproj for .snk
+    inputs:
+      targetType: inline
+      script: >
+        (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace '<PackageId>StackifyLib</PackageId>','<PackageId>StackifyLib.signed</PackageId>' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj
+  - task: PowerShell@2
+    displayName: 'Setup Code Signing'
+    inputs:
+      targetType: filePath
+      filePath: ./Scripts/codesign.ps1
+      arguments: '$(codeSigning2023) $(codeSigning2023-pw)'
+      workingDirectory: $(Build.SourcesDirectory)
+  - task: DotNetCoreCLI@2
+    displayName: dotnet restore
+    inputs:
+      command: restore
+      restoreArguments: .\Src
+  - task: DotNetCoreCLI@2
+    displayName: dotnet build
+    inputs:
+      projects: |
+        Src\StackifyLib\*.csproj
+        Src\StackifyLib.AspNetCore\*.csproj
+        Src\StackifyLib.CoreLogger\*.csproj
+        Src\StackifyLib.log4net\*.csproj
+        Src\Nlog.Targets.Stackify\*.csproj
+        Src\NLog.Web.Stackify\*.csproj
+        Src\StackifyLib.StackifyTraceListener\*.csproj
+      arguments: '-c $(BuildConfiguration)'
+  - task: DotNetCoreCLI@2
+    displayName: dotnet pack signed stackify lib
+    inputs:
+      command: pack
+      searchPatternPack: Src\StackifyLib\*.csproj;
+      nobuild: true
+  - task: PowerShell@2
+    displayName: 'Sign Nuget Packages'
+    inputs:
+      targetType: inline
+      script: dotnet nuget sign $(Build.ArtifactStagingDirectory)\*.nupkg --certificate-path $(Build.SourcesDirectory)/certificate.pfx --certificate-password $(codeSigning2023-pw) --timestamper http://timestamp.sectigo.com
+      workingDirectory: $(Build.SourcesDirectory)
+  - task: PowerShell@2
+    displayName: Rename signed assemblies
+    enabled: False
+    inputs:
+      targetType: inline
+      script: "$files = @(Get-ChildItem -Path . -File -Filter *.nupkg)\n\nforeach($file in $files) {\n  $BaseFilename = $file.BaseName\n  $BaseFilenameSplit = $file.BaseName.Split(\".\")\n  $LastVersionDigit = \"\"\n  $NewFilenameBase = \"\"\n  $PackageVersion = \"\"\n  $IsBeta = \"False\"\n  if ($BaseFilename.contains(\"beta\")) {\n    $IsBeta = \"True\"\n    $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 6,1)\n  }\n  else {\n    $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 1)\n  }\n  foreach($namePart in $BaseFilenameSplit) {\n    if (!$namePart.contains(\"beta\") -and $namePart -notmatch \"^\\d+$\") {\n      $NewFilenameBase = $NewFilenameBase + $namePart + \".\"\n    } else {\n      # check for beta\n      if ($namePart.contains(\"beta\")) {\n        $PackageVersion = $PackageVersion + $namePart.Substring(0,1)\n      } else {\n        $PackageVersion = $PackageVersion + $namePart\n      }\n      # check length to append a .\n      if ($namePart -notmatch $LastVersionDigit) {\n        $PackageVersion = $PackageVersion + \".\"\n      }\n    }\n  }\n  \n  # check beta\n  $FinalFilenameBase = \"\"\n  if ($IsBeta -match \"True\") {\n    $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion + \"-beta\"\n  } else {\n    $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion\n  }\n  $FinalFilename = $FinalFilenameBase + $file.Extension\n  Rename-Item -Path $file -NewName $FinalFilename\n}"
+      workingDirectory: $(Build.ArtifactStagingDirectory)
+  - task: PublishPipelineArtifact@1
+    displayName: Publish Pipeline Artifact
+    inputs:
+      path: $(Build.ArtifactStagingDirectory)
+      artifactName: Signed NuGet Packages
+  - task: PowerShell@2
+    displayName: Delete signed assemblies
+    enabled: true
+    inputs:
+      targetType: inline
+      script: >
+        Remove-Item *.signed*.nupkg
+      workingDirectory: $(Build.ArtifactStagingDirectory)
+  - task: PowerShell@2
+    displayName: Remove Sign Code
+    enabled: false
+    inputs:
+      targetType: filePath
+      arguments: ''
+      filePath: Scripts/RemoveSignCode.ps1
+      workingDirectory: $(Build.SourcesDirectory)
+  - task: PowerShell@2
+    displayName: Remove Sign Code Inline
+    inputs:
+      targetType: 'inline'
+      script: |
+        function Remove-SignCode {
+            param (
+                $ASMFile
+            )
+            Set-Content -Path $ASMFile -Value (Get-Content -Path $ASMFile | Select-String -Pattern AssemblyKeyFileAttribute -NotMatch )
+        }
+        
+        $files = @(Get-ChildItem -Path . -Directory -Filter Stackify*)
+        
+        foreach ($file in $files) {
+            $asmInfo = Get-ChildItem -Path $file/Properties/AssemblyInfo.cs
+            Remove-SignCode -ASMFile $asmInfo
+        }
+  - task: PowerShell@2
+    displayName: Update csproj for no .snk
+    inputs:
+      targetType: inline
+      script: >
+        (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace '<PackageId>StackifyLib.signed</PackageId>','<PackageId>StackifyLib</PackageId>' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj
+  - task: DotNetCoreCLI@2
+    displayName: dotnet build [Unsigned]
+    inputs:
+      projects: |
+        Src\StackifyLib\*.csproj
+        Src\StackifyLib.AspNetCore\*.csproj
+        Src\StackifyLib.CoreLogger\*.csproj
+        Src\StackifyLib.log4net\*.csproj
+        Src\Nlog.Targets.Stackify\*.csproj
+        Src\NLog.Web.Stackify\*.csproj
+        Src\StackifyLib.StackifyTraceListener\*.csproj
+      arguments: '-c $(BuildConfiguration)'
+  - task: DotNetCoreCLI@2
+    displayName: dotnet pack copy [Unsigned]
+    inputs:
+      command: pack
+      searchPatternPack: 'Src\StackifyLib\*.csproj;Src\StackifyLib.AspNetCore\*.csproj;Src\StackifyLib.CoreLogger\*.csproj;Src\StackifyLib.log4net\*.csproj;Src\Nlog.Targets.Stackify\*.csproj;Src\NLog.Web.Stackify\*.csproj;Src\StackifyLib.StackifyTraceListener\*.csproj '
+      nobuild: true
+  - task: PublishPipelineArtifact@1
+    displayName: Publish Pipeline Artifact [Unsigned]
+    inputs:
+      path: $(Build.ArtifactStagingDirectory)
+      artifactName: Unsigned NuGet Packages
+  - task: PowerShell@2
+    displayName: PowerShell Script
+    inputs:
+      targetType: inline
+      script: |
+        $xml = [Xml] (Get-Content .\Src\StackifyLib\StackifyLib.csproj)
+        $version = $xml.Project.PropertyGroup.Version
+        echo $version
+        echo "##vso[task.setvariable variable=version]$version"
+        echo "StackifyLib."$version".nupkg"
+      workingDirectory: $(Build.SourcesDirectory)
+  - task: Veracode@3
+    displayName: 'Upload and scan: $(Build.ArtifactStagingDirectory)/StackifyLib.$(BuildVersion).nupkg'
+    enabled: False
+    inputs:
+      AnalysisService: 51003f89-58ab-463c-8e20-41484888d9c7
+      veracodeAppProfile: Retrace .Net StackifyLib
+      version: AZ-Devops-Build-$(build.buildNumber)
+      filepath: $(Build.ArtifactStagingDirectory)/StackifyLib.$(BuildVersion).nupkg
