azure-pipelines.yml

name: $(Build.DefinitionName) $(date:yyyyMMdd)$(rev:.r)

stages:
- stage: Build
  jobs:
  - job: Build
    pool:
      vmImage: windows-2022

    variables:
      BuildPlatform: 'any cpu'
      BuildConfiguration: 'release'

    steps:
    - task: UseDotNet@2
      inputs:
        packageType: 'sdk'
        version: '8.0.201'

    - script: '"C:\Program Files\Microsoft Visual Studio\2022\Enterprise\MSBuild\Current\Bin\msbuild.exe" -version'
      displayName: 'log msbuild version'

    - script: 'dotnet --info'
      displayName: 'log dotnet version'

    - task: PowerShell@1
      displayName: 'Set build version'
      inputs:
        scriptType: inlineScript
        inlineScript: |
         (new-object Net.WebClient).DownloadString("https://raw.github.com/tom-englert/BuildScripts/master/BuildScripts.ps1") | iex
         $version = Project-SetVersion "src\Directory.Build.props"
         $version | Build-AppendVersionToBuildNumber
      condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest'))

    - task: NuGetToolInstaller@1
      inputs:
        versionSpec: '6.7.0'

    - task: NuGetCommand@2
      inputs:
        command: 'restore'
        restoreSolution: '**/*.sln'
        feedsToUse: 'config'

    - task: MSBuild@1
      displayName: 'Build solution'
      inputs:
        platform: '$(BuildPlatform)'
        configuration: '$(BuildConfiguration)'
        logProjectEvents: true
        createLogFile: true

    - task: MSBuild@1
      displayName: 'Publish Click Once'
      inputs:
        solution: 'src\ResxManager\ResxManager.csproj'
        platform: AnyCPU
        configuration: release
        msbuildArguments: '/target:publish'
        logProjectEvents: true
        createLogFile: true

    - task: CopyFiles@2
      displayName: 'Copy Files to: $(build.artifactstagingdirectory)'
      inputs:
        SourceFolder: '$(build.sourcesdirectory)\src\Deploy'
        Contents: '*.*'
        TargetFolder: '$(build.artifactstagingdirectory)'
        CleanTargetFolder: true

    - task: PublishBuildArtifacts@1
      displayName: 'Publish Artifact: BuildPackages'
      inputs:
        PathtoPublish: '$(build.artifactstagingdirectory)'
        ArtifactName: BuildPackages

    - task: PublishBuildArtifacts@1
      displayName: 'Publish Artifact: signing scripts'
      inputs:
        PathtoPublish: 'signing'
        ArtifactName: signing

- stage: CodeSign
  dependsOn: Build
  condition: and(succeeded('Build'), ne(variables['build.reason'], 'PullRequest'))
  jobs:
  - job: CodeSign
    displayName: Code Signing
    pool:
      vmImage: windows-latest # Code signing must run on a Windows agent for Authenticode signing (dll/exe)
    steps:
    # Retreive unsigned artifacts and file list
    - download: current
      artifact: signing
      displayName: Download signing file list

    - download: current
      artifact: BuildPackages
      displayName: Download build artifacts

    - task: CmdLine@2
      displayName: "AntiMalware Scan"
      inputs:
        script: |
          Dir "$(Pipeline.Workspace)\BuildPackages"
          "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(Pipeline.Workspace)\BuildPackages"
        failOnStderr: true

    # Install the code signing tool
    - task: DotNetCoreCLI@2
      inputs:
        command: custom
        custom: tool
        arguments: install --tool-path . sign --version 0.9.1-beta.23530.1
      displayName: Install SignTool tool

    - pwsh: Rename-Item -Path "$(Pipeline.Workspace)\BuildPackages\Publish.zip" -NewName Publish.clickonce
      displayName: 'Rename click-once archive to .clickonce'

    - pwsh: |
        .\sign code azure-key-vault `
        "**/*.*" `
        --base-directory "$(Pipeline.Workspace)\BuildPackages" `
        --file-list "$(Pipeline.Workspace)\signing\filelist.txt" `
        --publisher-name "tom-englert" `
        --description "ResX Resource Manager" `
        --description-url "https://github.com/dotnet/ResXResourceManager" `
        --azure-key-vault-tenant-id "$(SignTenantId)" `
        --azure-key-vault-client-id "$(SignClientId)" `
        --azure-key-vault-client-secret "$(SignClientSecret2)" `
        --azure-key-vault-certificate "$(SignKeyVaultCertificate)" `
        --azure-key-vault-url "$(SignKeyVaultUrl)"
      displayName: Sign packages

    - pwsh: Rename-Item -Path "$(Pipeline.Workspace)\BuildPackages\Publish.clickonce" -NewName Publish.zip
      displayName: 'Rename click-once archive back to .zip'

    # Publish the signed packages
    - publish: $(Pipeline.Workspace)/BuildPackages
      displayName: Publish Signed Packages
      artifact: SignedPackages

- stage: Upload
  dependsOn: CodeSign
  jobs:
  - job: Upload
    displayName: Upload to VSIX gallery
    pool:
      vmImage: windows-latest
    steps:
    - download: current
      artifact: SignedPackages
      displayName: Download build artifacts
    - task: PowerShell@1
      displayName: 'Publish to vsix-gallery'
      inputs:
        scriptType: inlineScript
        inlineScript: |
          (new-object Net.WebClient).DownloadString("https://raw.github.com/tom-englert/BuildScripts/master/BuildScripts.ps1") | iex
          Vsix-PublishToGallery "$(Pipeline.Workspace)\SignedPackages\ResXManager.Vsix.vsix"
      continueOnError: true