Update to cli tool

clairernovotny · clairernovotny · commit b6e08daa0e82 · 2023-01-17T11:58:12.000-05:00
diff --git a/Directory.Build.props b/Directory.Build.props
@@ -1,8 +1,8 @@
 ﻿<Project>
   
   <ItemGroup>
-    <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0-beta2-19367-01" PrivateAssets="All"/>
-    <PackageReference Include="Nerdbank.GitVersioning" Version="3.0.26" PrivateAssets="All"/>
+    <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.1.1" PrivateAssets="All"/>
+    <PackageReference Include="Nerdbank.GitVersioning" Version="3.5.119" PrivateAssets="All"/>
   </ItemGroup>
 
 </Project>
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2019 Oren Novotny
+Copyright (c) 2023 Claire Novotny
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 # CodeSigningDemo
-Skeleton for demonstrating use of the .NET Foundation's code signing service
+Skeleton for demonstrating use of the Sign CLI tool
 
 The `azure-pipelines.yml` shows how you can use a multi-stage build with an `environment` to require
 a manual approval for code signing. Once signed, a Release is created and pushed though a release pipeline.
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -1,9 +1,9 @@
 trigger:
-- master
+- main
 - rel/*
 
 pr:
-- master
+- main
 - rel/*
 
 stages:
@@ -17,6 +17,11 @@ stages:
       BuildConfiguration: Release
 
     steps:
+    - task: UseDotNet@2
+      displayName: 'Use .NET SDK 6.x'
+      inputs:
+        version: 6.x
+
     - task: DotNetCoreCLI@2  
       inputs:
         command: custom
@@ -41,7 +46,7 @@ stages:
       artifact: BuildPackages
 
     - publish: config
-      displayName: Publish Signing Scripts
+      displayName: Publish signing file list
       artifact: config
 
 - stage: CodeSign
@@ -51,38 +56,39 @@ stages:
     displayName: Code Signing
     pool:
       vmImage: windows-latest    
-    environment: Code Sign - Approvals
     variables:
     - group: Sign Client Credentials
     strategy:
       runOnce:
         deploy:
           steps:
-          # If you have MSCA: https://aka.ms/mscadocs
-          - task: ms-codeanalysis.vss-microsoft-security-code-analysis-devops.build-task-antimalware.AntiMalware@3
-            displayName: AntiMalware Scan
+          - task: UseDotNet@2
+            displayName: 'Use .NET SDK 6.x'
             inputs:
-              EnableServices: true
-              FileDirPath: $(Pipeline.Workspace)\BuildPackages
+              version: 6.x
 
           - task: DotNetCoreCLI@2
             inputs:
               command: custom
               custom: tool
-              arguments: install --tool-path . SignClient
+              arguments: install --tool-path . sign --version 0.9.0-beta.23063.3
             displayName: Install SignTool tool
 
           - pwsh: |
-              .\SignClient "Sign" `
-              --baseDirectory "$(Pipeline.Workspace)\BuildPackages" `
-              --input "**/*.nupkg" `
-              --config "$(Pipeline.Workspace)\config\SignClient.json" `
-              --filelist "$(Pipeline.Workspace)\config\filelist.txt" `
-              --user "$(SignClientUser)" `
-              --secret '$(SignClientSecret)' `
-              --name "CodeSignDemo" `
+              .\sign "code azure-key-vault" `
+              "**/*.nupkg" `
+              --timestamp-url "http://timestamp.digicert.com" `
+              --base-directory "$(Pipeline.Workspace)\BuildPackages" `                            
+              --file-list "$(Pipeline.Workspace)\config\filelist.txt" `
+              --publisher-name "CodeSignDemo" `
               --description "CodeSignDemo" `
-              --descriptionUrl "https://github.com/novotnyllc/CodeSignDemo"
+              --description-url "https://github.com/novotnyllc/CodeSignDemo" `
+              --azure-key-vault-tenant-id "$(SignTenantId)" `
+              --azure-key-vault-client-id "$(SignClientId)" `
+              --azure-key-vault-certificate "$(SignClientId)" `
+              --azure-key-vault-client-secret '$(SignClientSecret)' 
+              --azure-key-vault-certificate "$(SignKeyVaultCertificate)" `
+              --azure-key-vault-url "$(SignKeyVaultUrl)" 
             displayName: Sign packages
               
           - publish: $(Pipeline.Workspace)/BuildPackages
diff --git a/config/SignClient.json b/config/SignClient.json
