Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
99837d4
build: drop .NET Framework target from projects
mjcheetham Jun 24, 2026
41f0f46
dotnet: remove .NET Framework conditional code
mjcheetham Jun 24, 2026
322b4c2
os: add .NET attributes to guard OS-specific types
mjcheetham Jun 24, 2026
867dadd
build: suppress the CA1416 warning in test projects
mjcheetham Jun 24, 2026
436345b
avalonia: upgrade to Avalonia 12.0.5
mjcheetham Jun 25, 2026
d543535
json: enable JSON source generation product wide
mjcheetham Jun 26, 2026
f160ef2
trace2: enable JSON source generation
mjcheetham Jun 26, 2026
82632ea
aot: enable ahead-of-time (AOT) compilation
mjcheetham Jun 26, 2026
8aeed02
ci: build Linux Arm AOT on Arm runners
mjcheetham Jun 29, 2026
bc1123a
installsrc: disable AOT for the install-from-source build
mjcheetham Jun 29, 2026
6976c0d
src: flatten shared projects into the src root
mjcheetham Jun 28, 2026
be6fcf7
build: relocate shared build props to src
mjcheetham Jun 28, 2026
23a9849
gcm: rename project to git-credential-manager
mjcheetham Jun 28, 2026
7bae5b0
gcm: drop the standalone dotnet-tool project
mjcheetham Jun 28, 2026
0a2312b
msbuild: move build tasks under build/msbuild
mjcheetham Jun 28, 2026
5d11ed3
build: add shared CLI scripting library
mjcheetham Jun 28, 2026
dde1fa2
linux: rework packaging under build/linux
mjcheetham Jun 28, 2026
426dcb3
macos: rework packaging under build/macos
mjcheetham Jun 28, 2026
cb3285e
windows: rework packaging under build/windows
mjcheetham Jun 28, 2026
ba9eddc
sln: migrate solution to SLNX format
mjcheetham Jun 28, 2026
5f487a2
build: adopt .NET 10 root build configuration
mjcheetham Jun 28, 2026
a1e1f4d
ci: update pipelines for the new build layout
mjcheetham Jun 28, 2026
7e8ec43
docs: update development guide for the new layout
mjcheetham Jun 28, 2026
63b7895
sln: exclude distribution projects from solution build
mjcheetham Jun 28, 2026
8c70667
publish: add an --aot/--no-aot toggle
mjcheetham Jun 28, 2026
703b343
installsrc: rework install-from-source as a cross-platform script
mjcheetham Jun 28, 2026
2bac784
ci: validate install-from-source on the new path and macOS
mjcheetham Jun 28, 2026
18ca704
docs: update install-from-source for the new script
mjcheetham Jun 28, 2026
10a3391
docs: fix heading levels in the .NET tool section
mjcheetham Jun 28, 2026
c6a5aba
dntool: add .NET tool packaging
mjcheetham Jun 28, 2026
c052d42
ci: build the .NET tool package
mjcheetham Jun 28, 2026
32615ce
release: sign and publish the .NET tool package
mjcheetham Jun 28, 2026
26046c4
docs: document building the .NET tool package
mjcheetham Jun 28, 2026
f3ddc41
ci: install C++ build tools for Windows AOT
mjcheetham Jun 29, 2026
1b7bd49
ci: install the Windows .NET SDK per architecture
mjcheetham Jun 29, 2026
8a40722
ci: use Central Feed Services for release builds
mjcheetham Jun 29, 2026
e663c88
publish: raise dotnet publish verbosity to normal
mjcheetham Jun 30, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
176 changes: 176 additions & 0 deletions .azure-pipelines/esrp/sign.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,176 @@
# Reusable step template for ESRP code signing via EsrpCodeSigning@6.
#
# For macOS, ESRP requires files to be submitted as a zip archive.
# Set 'useArchive: true' to automatically handle the
# copy → zip → sign → extract cycle. For Windows/Linux where ESRP
# can sign files directly in a folder, leave it as false (default).
#
parameters:
- name: displayName
type: string
- name: folderPath
type: string
- name: pattern
type: string
- name: inlineOperation
type: string
# When true, matching files are copied to a staging dir, zipped,
# signed, and extracted back to folderPath.
- name: useArchive
type: boolean
default: false
# Comma-separated list of MIME types (as reported by 'file --mime-type'). When
# set, the staged files are filtered down to just those whose type matches one
# of the listed types before signing, so a mixed payload can be passed straight
# through and only the matching files are signed (e.g. pass
# 'application/x-mach-binary' to sign only Mach-O executables and dylibs). Only
# applies when useArchive is true.
- name: archiveMimeFilter
type: string
default: ''
# Where to move the CodeSignSummary-*.md receipt that ESRP writes alongside
# the signed files. When empty (default) the receipt is deleted instead, so it
# is never packaged or published with the signed output.
- name: codeSignSummaryPath
type: string
default: ''
# ESRP connection parameters (defaults use pipeline variables)
- name: connectedServiceName
type: string
default: $(esrpAppConnectionName)
- name: appRegistrationClientId
type: string
default: $(esrpClientId)
- name: appRegistrationTenantId
type: string
default: $(esrpTenantId)
- name: authAkvName
type: string
default: $(esrpKeyVaultName)
- name: authSignCertName
type: string
default: $(esrpSignReqCertName)
- name: serviceEndpointUrl
type: string
default: $(esrpEndpointUrl)

steps:
- ${{ if eq(parameters.useArchive, true) }}:
- task: DeleteFiles@1
displayName: 'Clean staging dir for ${{ parameters.displayName }}'
inputs:
SourceFolder: '$(Agent.TempDirectory)/esrp-staging'
Contents: '*'
RemoveSourceFolder: true
- task: CopyFiles@2
displayName: 'Collect files for ${{ parameters.displayName }}'
inputs:
SourceFolder: '${{ parameters.folderPath }}'
Contents: '${{ parameters.pattern }}'
TargetFolder: '$(Agent.TempDirectory)/esrp-staging/contents'
- ${{ if ne(parameters.archiveMimeFilter, '') }}:
# Filter the staged files to the requested MIME type(s); ESRP would
# otherwise try to sign every file in a mixed payload.
- task: Bash@3
displayName: 'Filter files by MIME type for ${{ parameters.displayName }}'
inputs:
targetType: inline
script: |
set -euo pipefail
dir="$(Agent.TempDirectory)/esrp-staging/contents"
# Comma-separated list of allowed 'file --mime-type' values; strip spaces.
filter="$(printf '%s' "${{ parameters.archiveMimeFilter }}" | tr -d '[:space:]')"
find "$dir" -type f -print0 \
| while IFS= read -r -d '' f; do
mt="$(file --mime-type -b "$f" 2>/dev/null || true)"
# For fat/universal binaries 'file' prints a line per
# architecture; the first line is the overall type.
mt="${mt%%$'\n'*}"
case ",$filter," in
*",$mt,"*) : ;; # keep: type is in the filter list
*) rm -f "$f" ;; # drop: not a requested type
esac
done
# Drop any directories left empty by the filtering.
find "$dir" -type d -empty -delete 2>/dev/null || true
- task: ArchiveFiles@2
displayName: 'Archive files for ${{ parameters.displayName }}'
inputs:
rootFolderOrFile: '$(Agent.TempDirectory)/esrp-staging/contents'
includeRootFolder: false
archiveType: zip
archiveFile: '$(Agent.TempDirectory)/esrp-staging/archive.zip'
- task: EsrpCodeSigning@6
displayName: '${{ parameters.displayName }}'
inputs:
connectedServiceName: '${{ parameters.connectedServiceName }}'
useMSIAuthentication: true
appRegistrationClientId: '${{ parameters.appRegistrationClientId }}'
appRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}'
authAkvName: '${{ parameters.authAkvName }}'
authSignCertName: '${{ parameters.authSignCertName }}'
serviceEndpointUrl: '${{ parameters.serviceEndpointUrl }}'
folderPath: '$(Agent.TempDirectory)/esrp-staging'
pattern: 'archive.zip'
useMinimatch: true
signConfigType: inlineSignParams
inlineOperation: ${{ parameters.inlineOperation }}
- task: ExtractFiles@1
displayName: 'Extract signed files for ${{ parameters.displayName }}'
inputs:
archiveFilePatterns: '$(Agent.TempDirectory)/esrp-staging/archive.zip'
destinationFolder: '${{ parameters.folderPath }}'
# Only the signed files are present in the returned archive (the MIME
# filter can exclude others), so cleaning the destination would delete
# every unsigned file that belongs in the folder. Overwrite the
# originals in place instead of cleaning first.
cleanDestinationFolder: false
overwriteExistingFiles: true
# ESRP writes a CodeSignSummary-*.md receipt into the staging dir; move it
# aside first when a destination is given, otherwise the cleanup below
# deletes it along with the rest of the staging dir.
- ${{ if ne(parameters.codeSignSummaryPath, '') }}:
- task: CopyFiles@2
displayName: 'Move code signing summary for ${{ parameters.displayName }}'
inputs:
SourceFolder: '$(Agent.TempDirectory)/esrp-staging'
Contents: '**/CodeSignSummary-*.md'
TargetFolder: '${{ parameters.codeSignSummaryPath }}'
- task: DeleteFiles@1
displayName: 'Clean up staging dir for ${{ parameters.displayName }}'
condition: always()
inputs:
SourceFolder: '$(Agent.TempDirectory)/esrp-staging'
Contents: '*'
RemoveSourceFolder: true
- ${{ else }}:
- task: EsrpCodeSigning@6
displayName: '${{ parameters.displayName }}'
inputs:
connectedServiceName: '${{ parameters.connectedServiceName }}'
useMSIAuthentication: true
appRegistrationClientId: '${{ parameters.appRegistrationClientId }}'
appRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}'
authAkvName: '${{ parameters.authAkvName }}'
authSignCertName: '${{ parameters.authSignCertName }}'
serviceEndpointUrl: '${{ parameters.serviceEndpointUrl }}'
folderPath: '${{ parameters.folderPath }}'
pattern: '${{ parameters.pattern }}'
useMinimatch: true
signConfigType: inlineSignParams
inlineOperation: ${{ parameters.inlineOperation }}
# ESRP writes a CodeSignSummary-*.md receipt next to the signed files. Move
# it to the given destination when set, then always remove it from the
# signed folder so it is not packaged or published with the output.
- ${{ if ne(parameters.codeSignSummaryPath, '') }}:
- task: CopyFiles@2
displayName: 'Move code signing summary for ${{ parameters.displayName }}'
inputs:
SourceFolder: '${{ parameters.folderPath }}'
Contents: '**/CodeSignSummary-*.md'
TargetFolder: '${{ parameters.codeSignSummaryPath }}'
- task: DeleteFiles@1
displayName: 'Remove code signing summary for ${{ parameters.displayName }}'
inputs:
SourceFolder: '${{ parameters.folderPath }}'
Contents: '**/CodeSignSummary-*.md'
11 changes: 11 additions & 0 deletions .azure-pipelines/nuget.config
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
This Nuget config file is only used in release builds to redirect all
NuGet package sources to the Central Feed Services (CFS) feed.
-->
<configuration>
<packageSources>
<clear />
<add key="CFS" value="https://pkgs.dev.azure.com/mseng/1ES/_packaging/1ES_PublicPackages/nuget/v3/index.json" />
</packageSources>
</configuration>
Loading
Loading