From 2067054d75e22bd5a5fe95b7f2661c0dc8d3f6d6 Mon Sep 17 00:00:00 2001 From: Luca Piccirillo Date: Fri, 12 Jul 2024 00:17:35 +0200 Subject: [PATCH] Update cicd-keyvault.md to fix variables Added missing AzureKeyVaultTenantId variable Renamed AzureKeyVaultName variable into AzureKeyVaultCertificateName --- msix-src/desktop/cicd-keyvault.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/msix-src/desktop/cicd-keyvault.md b/msix-src/desktop/cicd-keyvault.md index adb92fac..40249e8a 100644 --- a/msix-src/desktop/cicd-keyvault.md +++ b/msix-src/desktop/cicd-keyvault.md @@ -99,10 +99,11 @@ At first, you will need to create a few variables to store the information requi In Azure DevOps select your pipeline and press the **Edit** button at the top. Once you are in the YAML editor, click on the **Variables** button at the top to open the panel. You're going to click on the + button to add the following variables: -- **AzureKeyVaultName**, with the friendly name of your vault. +- **AzureKeyVaultCertificateName**, with the friendly name of your certificate in vault. - **AzureKeyVaultUrl**, with the URL of your vault. - **AzureKeyVaultClientId**, with the application id of your Azure application. - **AzureKeyVaultClientSecret**, with the client secret of your Azure application. +- **AzureKeyVaultTenantId**, with the tenant id to get token for the Azure application When you create each variable, make sure to enable the **Keep this value** secret option. It will make sure that other people who have access to the pipeline won't be able to see their values. @@ -122,7 +123,7 @@ Now you can customize your existing YAML pipeline by adding a .NET Core task to The next step is to add a PowerShell task to execute the command that will sign the package. You must perform this task only at the end of the build process, once the MSIX package has been created. ```yaml -- powershell: '& AzureSignTool sign -kvu $(AzureKeyVaultUrl) -kvi $(AzureKeyVaultClientId) -kvs $(AzureKeyVaultClientSecret) -kvc $(AzureKeyVaultName) -tr http://timestamp.digicert.com -v "$(System.DefaultWorkingDirectory)\MyPipeline\MyContosoApp\MyContosoApp.msix"' +- powershell: '& AzureSignTool sign -kvu $(AzureKeyVaultUrl) -kvi $(AzureKeyVaultClientId) -kvs $(AzureKeyVaultClientSecret) -kvc $(AzureKeyVaultCertificateName) -tr http://timestamp.digicert.com -v "$(System.DefaultWorkingDirectory)\MyPipeline\MyContosoApp\MyContosoApp.msix"' displayName: 'Sign the package' ``` @@ -161,7 +162,7 @@ The second one will sign the package and, as such, it must be executed after the run: | Get-ChildItem -recurse -Include **.msix | ForEach-Object { $msixPath = $_.FullName - & AzureSignTool sign -kvu "${{ secrets.AzureKeyVaultUrl }}" -kvi "${{ secrets.AzureKeyVaultClientId }}" -kvs "${{ secrets.AzureKeyVaultClientSecret }}" -kvc ${{ secrets.AzureKeyVaultName }} -tr http://timestamp.digicert.com -v $msixPath + & AzureSignTool sign -kvt $(AzureKeyVaultTenantId) -kvu "${{ secrets.AzureKeyVaultUrl }}" -kvi "${{ secrets.AzureKeyVaultClientId }}" -kvs "${{ secrets.AzureKeyVaultClientSecret }}" -kvc ${{ secrets.AzureKeyVaultName }} -tr http://timestamp.digicert.com -v $msixPath } ```