Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

CI check signatures#382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
edvilme merged 29 commits intomainfromci-check-signatures
Apr 1, 2025
Merged

CI check signatures#382

edvilme merged 29 commits intomainfromci-check-signatures
Apr 1, 2025

Conversation

edvilme
Copy link
Contributor

@edvilmeedvilme commentedMar 31, 2025
edited
Loading

Signatures are not working properly after latest Arcade update.

This fixes the issues and adds an extra step for signature verification so that these are easier to debug in the future.

@edvilmeedvilme marked this pull request as ready for reviewMarch 31, 2025 23:35
@edvilmeedvilme requested a review froma teamMarch 31, 2025 23:35
@edvilmeedvilme changed the titleCi check signaturesCI check signaturesMar 31, 2025
@edvilmeedvilme requested a review fromCopilotMarch 31, 2025 23:35
Copy link

@CopilotCopilotAI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Pull Request Overview

This PR addresses issues with signature verification after the latest Arcade update by fixing signature checks and enhancing the verification process in the CI pipeline.

  • Updates artifact paths to use a subfolder "artifacts" for consistency in publishing.
  • Introduces a new task (MicroBuildCodesignVerify@3) and a script step to verify signatures post-build.
  • Adjusts build parameters by parameterizing build configuration and sign type.
Files not reviewed (4)
  • eng/SignVerifyIgnore.txt: Language not supported
  • eng/Signing.props: Language not supported
  • src/redist/redist.csproj: Language not supported
  • src/redist/targets/MacEntitlements/AddMacEntitlements.targets: Language not supported
Comments suppressed due to low confidence (1)

.vsts-ci.yml:147

  • The flag for signing was changed from '--sign' to '-sign'. Confirm that this change is intentional, as it may break the expected behavior of the signing script.
+                -sign

Comment on lines +4 to +9
<ItemGroup>
<PackageReference Include="Microsoft.VisualStudioEng.MicroBuild.Core" Version="$(MicrosoftVisualStudioEngMicroBuildCoreVersion)" />
</ItemGroup>
<Target Name="AddMacEntitlements"
BeforeTargets="SignFiles"
AfterTargets="GenerateLayout">
Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Important so that this runsbefore MicroBuild signing

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Needed for signing verification on windows

@@ -112,11 +111,16 @@ extends:
inputs:
sourceFolder: 'artifacts/packages/$(_BuildConfig)/Shipping/'
contents: '*.msi'
targetFolder: '$(Build.ArtifactStagingDirectory)'
targetFolder: '$(Build.ArtifactStagingDirectory)\artifacts'
Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Added artifacts dir to isolate from other files when doing signing verification in the next step

- task: MicroBuildCodesignVerify@3
inputs:
TargetFolders: '$(Build.ArtifactStagingDirectory)\artifacts'
ExcludeSNVerify: true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

What does ExcludeSNVerify do? May you provide the link to where this task is documented, I couldn't find it on the web.

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

nagilson reacted with heart emoji
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Thank you :)

Copy link
Member

@nagilsonnagilson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Please see my comments below, but looks good!

edvilme reacted with thumbs up emoji
@edvilmeedvilmeenabled auto-merge (squash)April 1, 2025 00:00
@edvilmeedvilme merged commit6f834e0 intomainApr 1, 2025
8 checks passed
edvilme added a commit that referenced this pull requestApr 4, 2025
commit2011e55Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Thu Apr 3 10:02:00 2025 -0700    Windows: Remove version from .msi (#384)commitcfc4641Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Thu Apr 3 10:01:48 2025 -0700    Mac: Add rid to tar.gz artifacts (#383)commit6f834e0Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Mon Mar 31 17:08:40 2025 -0700    CI check signatures (#382)    * Fix signing on Windows and macOS    * Added signing verification steps to CIcommit7ea9cf1Author: dotnet-maestro[bot] <42748379+dotnet-maestro[bot]@users.noreply.github.com>Date:   Sat Mar 29 10:55:39 2025 -0700    [main] Update dependencies from dotnet/arcade (#375)commitedff54cAuthor: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Thu Mar 27 10:53:37 2025 -0700    Update options (#380)    * dry-run: Add option --preserve-vs-for-mac-sdks    * Do not hide --version    * Add version description stringcommitb4be6e6Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Mon Mar 24 15:37:22 2025 -0700    Update help text (#376)    Update help text    ---------    Co-authored-by: Noah Gilson <OTAKUPENGUINOP@GMAIL.COM>commit9fba2f3Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Mon Mar 24 13:28:21 2025 -0700    Windows: Detect arm64 correctly (#370)commit289b92fAuthor: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Thu Mar 20 11:06:51 2025 -0700    Update ci workflow (#372)commit13d1cf7Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Wed Mar 19 14:35:24 2025 -0700    macOS: Fix corrupted binary (#346)    Add entitlements.plistcommit4da3500Author: dotnet-maestro[bot] <42748379+dotnet-maestro[bot]@users.noreply.github.com>Date:   Wed Mar 19 13:50:00 2025 -0700    Update dependencies fromhttps://github.com/dotnet/arcade build 20250314.6 (#343)    Microsoft.DotNet.Arcade.Sdk     From Version 10.0.0-beta.25157.1 -> To Version 10.0.0-beta.25164.6    Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com>commit882aff1Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Fri Mar 14 13:42:02 2025 -0700    Require enter on user input (#340)commit24bea7dAuthor: dotnet-maestro[bot] <42748379+dotnet-maestro[bot]@users.noreply.github.com>Date:   Thu Mar 13 08:51:54 2025 -0700    Update dependencies fromhttps://github.com/dotnet/arcade build 20250307.1 (#336)    Microsoft.DotNet.Arcade.Sdk     From Version 10.0.0-beta.25126.4 -> To Version 10.0.0-beta.25157.1    Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com>commite72b91fAuthor: Marc Paine <marcpop@microsoft.com>Date:   Thu Mar 13 08:51:43 2025 -0700    Update to AwesomeAssertions (#337)    * Update to AwesomeAssertions    Update the addreportable call    * Remove unused using directivecommit03c8952Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Wed Mar 5 12:18:25 2025 -0600    Remove Visual Studio macOS checks (#318)    * Remove checks for VSfM    * Add --preserve-mac-vs-sdks flag    * Update testscommitb648857Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Tue Mar 4 16:55:10 2025 -0600    Update CLI options and help text (#335)    * Add target argument    * Add TARGET argument    * Add not for list by now    * Update LocalizableStrings    * Update --all description    * Remove target from options (?)    * Restore xlf translation    * Show bundle types in <TARGET> argument    * Update help link format    * Restore CommandLine Arguments    * Add --arm64 option    * Fix archSelection.HasFlagcommit9823503Author: dotnet-maestro[bot] <42748379+dotnet-maestro[bot]@users.noreply.github.com>Date:   Mon Mar 3 11:36:05 2025 -0800    [main] Update dependencies from dotnet/arcade (#327)    * Update dependencies fromhttps://github.com/dotnet/arcade build 20250206.4    Microsoft.DotNet.Arcade.Sdk     From Version 10.0.0-beta.25080.7 -> To Version 10.0.0-beta.25106.4    * Update dependencies fromhttps://github.com/dotnet/arcade build 20250213.2    Microsoft.DotNet.Arcade.Sdk     From Version 10.0.0-beta.25080.7 -> To Version 10.0.0-beta.25113.2    * Update dependencies fromhttps://github.com/dotnet/arcade build 20250220.6    Microsoft.DotNet.Arcade.Sdk     From Version 10.0.0-beta.25080.7 -> To Version 10.0.0-beta.25120.6    * Update dependencies fromhttps://github.com/dotnet/arcade build 20250225.2    Microsoft.DotNet.Arcade.Sdk     From Version 10.0.0-beta.25080.7 -> To Version 10.0.0-beta.25125.2    * Update dependencies fromhttps://github.com/dotnet/arcade build 20250226.4    Microsoft.DotNet.Arcade.Sdk     From Version 10.0.0-beta.25080.7 -> To Version 10.0.0-beta.25126.4    ---------    Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com>commitea26b97Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Mon Mar 3 12:31:19 2025 -0600    Remove System.Reflection.Metadata (#334)commit275578eAuthor: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Mon Mar 3 11:41:07 2025 -0600    Remove Microsoft.Win32.Registry package (#333)commit2ac5028Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Fri Feb 28 13:14:49 2025 -0600    Small refactorings (#331)commit2393ca9Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Tue Feb 25 16:51:31 2025 -0600    Hide .xlf files in PRs (#330)commit62b46a0Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Tue Feb 25 13:58:14 2025 -0600    Fix Windows Signing (#329)    Add CreateLightCommandPackageDrop to generate wixpack.zip and signcommit06d1e0eAuthor: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Tue Feb 18 12:33:11 2025 -0600    Sign macOS build (#323)    * Sign on Mac    * Fix typo on ArtifactName    * Add TeamName variable    * Add certificatename to binary    * Update binary path    * Update build command to include signing    * Typos    * Globb files to sign    * Add proper certificate    * Add proper certificate    * MacDeveloperHarden    * Add files separately    * Change flags    * Update certificate name    * Update build parameters    * Update cert namecommit85f5414Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Mon Feb 10 09:01:45 2025 -0800    Remove unused signing target    Add files to ItemsToSign    Sign .msi file too    Update `ItemsToSign`    Update certificate name    UseDotNetCertificate    Add .msi certificatenamecommit8c89301Author: MerlinBot <MerlinBot>Date:   Fri Feb 7 21:44:29 2025 +0000    This pull request includes baselines **with an expiration date of 180 days from now** automatically generated for your 1ES PT-based pipelines. Complete this pull request as soon as possible to make sure that your pipeline becomes compliant. Longer delays in completing this PR can trigger additional emails or S360 alerts in the future.    1ES PT Auto-baselining feature helps capture existing violations in your repo and ensures to break your pipeline only for newly introduced SDL violations after baselining. Running SDL tools in break mode is required for your pipeline to be compliant. Go tohttps://aka.ms/1espt-autobaselining for more details.    **Please do not Abandon this PR.** Please reach out to 1ES PT for support. More details:https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/supportcommit6a94223Author: dotnet-maestro[bot] <42748379+dotnet-maestro[bot]@users.noreply.github.com>Date:   Wed Feb 5 14:33:46 2025 -0800    [main] Update dependencies from dotnet/arcade (#316)    * Update dependencies fromhttps://github.com/dotnet/arcade build 20241222.1    Microsoft.DotNet.Arcade.Sdk     From Version 10.0.0-beta.24504.4 -> To Version 10.0.0-beta.24622.1    * Update dependencies fromhttps://github.com/dotnet/arcade build 20241226.1    Microsoft.DotNet.Arcade.Sdk     From Version 10.0.0-beta.24504.4 -> To Version 10.0.0-beta.24626.1    * Update dependencies fromhttps://github.com/dotnet/arcade build 20250103.3    Microsoft.DotNet.Arcade.Sdk     From Version 10.0.0-beta.24504.4 -> To Version 10.0.0-beta.25053.3    * Update dependencies fromhttps://github.com/dotnet/arcade build 20250106.1    Microsoft.DotNet.Arcade.Sdk     From Version 10.0.0-beta.24504.4 -> To Version 10.0.0-beta.25056.1    * Update dependencies fromhttps://github.com/dotnet/arcade build 20250111.1    Microsoft.DotNet.Arcade.Sdk     From Version 10.0.0-beta.24504.4 -> To Version 10.0.0-beta.25061.1    * Update dependencies fromhttps://github.com/dotnet/arcade build 20250117.3    Microsoft.DotNet.Arcade.Sdk     From Version 10.0.0-beta.24504.4 -> To Version 10.0.0-beta.25067.3    * Update dependencies fromhttps://github.com/dotnet/arcade build 20250126.1    Microsoft.DotNet.Arcade.Sdk     From Version 10.0.0-beta.24504.4 -> To Version 10.0.0-beta.25076.1    * Update dependencies fromhttps://github.com/dotnet/arcade build 20250130.7    Microsoft.DotNet.Arcade.Sdk     From Version 10.0.0-beta.24504.4 -> To Version 10.0.0-beta.25080.7    ---------    Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com>commit0cc67a3Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Mon Feb 3 17:51:20 2025 -0600    Refactor macOS build pipeline (#325)    Use matrix strategy to avoid repeating codecommit11995adAuthor: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Fri Jan 31 11:43:31 2025 -0600    macOS: Support building on Apple Silicon (#322)    Update solution file, project file and ci/cd to support building for osx-arm64commitaa40644Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Wed Jan 29 17:54:52 2025 -0600    GetBundleVersion: Parse versions correctly to avoid duplicates or incomplete versions (#324)commit288db58Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Mon Jan 27 15:08:07 2025 -0600    Identify macOS runtimes correctly (#321)commit802fef7Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date:   Fri Jan 24 18:40:01 2025 -0600    macOS: Show correct arm64 architecture (#320)
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers

@nagilsonnagilsonnagilson approved these changes

Copilot code reviewCopilotCopilot left review comments

@MiYanniMiYanniMiYanni approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

3 participants
@edvilme@MiYanni@nagilson

[8]ページ先頭

©2009-2025 Movatter.jp