Skip to content

Replace Microbuild with 1ES PT + ESRP #1972

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mjcheetham merged 10 commits into from
May 14, 2026
Merged

Replace Microbuild with 1ES PT + ESRP #1972

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
b20b555
Build: drop MicroBuild signing wiring
mjcheetham May 13, 2026
21364ae
GVFS.Installers: gate CreateInstaller on $(SkipCreateInstaller)
mjcheetham May 13, 2026
f3af9cd
.azure-pipelines: migrate release pipeline from MicroBuild to 1ESPT +…
mjcheetham May 13, 2026
2fab771
.azure-pipelines: publish debug symbols with GitHub Release
mjcheetham May 13, 2026
11a4147
.azure-pipelines: install pinned .NET SDK from global.json
mjcheetham May 13, 2026
d7a11ae
Build.bat: fail when VS MSBuild is missing
mjcheetham May 13, 2026
8721e68
.azure-pipelines: install VS C++ workload before build
mjcheetham May 13, 2026
0f30e3d
.azure-pipelines: enable Projected File System for unit tests
mjcheetham May 13, 2026
c21ed31
GVFS.Payload: drop VS code-analysis marker files from payload
mjcheetham May 14, 2026
6eaea92
.azure-pipelines: introduce esrp/sign.yml template
mjcheetham May 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 59 additions & 0 deletions .azure-pipelines/esrp/sign.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
# Reusable step template for ESRP code signing via EsrpCodeSigning@6.
#
# Wraps a single signing operation with automatic cleanup of the
# CodeSignSummary-<guid>.md report ESRP CLI drops into the signing
# folder -- otherwise that file is packaged into the installer or
# uploaded as part of the pipeline artifact.
#
parameters:
- name: displayName
type: string
- name: folderPath
type: string
- name: pattern
type: string
- name: inlineOperation
type: string
# ESRP connection parameters (defaults use pipeline variables)
- name: connectedServiceName
type: string
default: $(esrpAppConnectionName)
- name: appRegistrationClientId
type: string
default: $(esrpClientId)
- name: appRegistrationTenantId
type: string
default: $(esrpTenantId)
- name: authAkvName
type: string
default: $(esrpKeyVaultName)
- name: authSignCertName
type: string
default: $(esrpSignReqCertName)
- name: serviceEndpointUrl
type: string
default: $(esrpEndpointUrl)

steps:
- task: EsrpCodeSigning@6
displayName: '${{ parameters.displayName }}'
inputs:
connectedServiceName: '${{ parameters.connectedServiceName }}'
useMSIAuthentication: true
appRegistrationClientId: '${{ parameters.appRegistrationClientId }}'
appRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}'
authAkvName: '${{ parameters.authAkvName }}'
authSignCertName: '${{ parameters.authSignCertName }}'
serviceEndpointUrl: '${{ parameters.serviceEndpointUrl }}'
folderPath: '${{ parameters.folderPath }}'
pattern: '${{ parameters.pattern }}'
useMinimatch: true
signConfigType: inlineSignParams
inlineOperation: ${{ parameters.inlineOperation }}

- task: PowerShell@2
displayName: 'Clean up code signing artifacts (${{ parameters.displayName }})'
inputs:
targetType: inline
script: |
Remove-Item -Force "${{ parameters.folderPath }}\CodeSignSummary-*.md" -ErrorAction SilentlyContinue
Loading
Loading