71 lines
2.2 KiB
PowerShell
71 lines
2.2 KiB
PowerShell
param(
|
|
[Parameter(ValueFromRemainingArguments = $true)]
|
|
[string[]] $Path
|
|
)
|
|
|
|
$ErrorActionPreference = "Stop"
|
|
|
|
if (-not $Path -or $Path.Count -eq 0) {
|
|
throw "At least one path is required"
|
|
}
|
|
|
|
if ($env:GITHUB_ACTIONS -ne "true") {
|
|
Write-Host "Skipping Windows signing because this is not running on GitHub Actions"
|
|
exit 0
|
|
}
|
|
|
|
$vars = @{
|
|
endpoint = $env:AZURE_TRUSTED_SIGNING_ENDPOINT
|
|
account = $env:AZURE_TRUSTED_SIGNING_ACCOUNT_NAME
|
|
profile = $env:AZURE_TRUSTED_SIGNING_CERTIFICATE_PROFILE
|
|
}
|
|
|
|
if ($vars.Values | Where-Object { -not $_ }) {
|
|
Write-Host "Skipping Windows signing because Azure Artifact Signing is not configured"
|
|
exit 0
|
|
}
|
|
|
|
$moduleVersion = "0.5.8"
|
|
$module = Get-Module -ListAvailable -Name TrustedSigning | Where-Object { $_.Version -eq [version] $moduleVersion }
|
|
|
|
if (-not $module) {
|
|
try {
|
|
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -Scope CurrentUser | Out-Null
|
|
}
|
|
catch {
|
|
Write-Host "NuGet package provider install skipped: $($_.Exception.Message)"
|
|
}
|
|
|
|
Install-Module -Name TrustedSigning -RequiredVersion $moduleVersion -Force -Repository PSGallery -Scope CurrentUser
|
|
}
|
|
|
|
Import-Module TrustedSigning -RequiredVersion $moduleVersion -Force
|
|
|
|
$files = @($Path | ForEach-Object { Resolve-Path $_ -ErrorAction SilentlyContinue } | Select-Object -ExpandProperty Path -Unique)
|
|
|
|
if (-not $files -or $files.Count -eq 0) {
|
|
throw "No files matched the requested paths"
|
|
}
|
|
|
|
$params = @{
|
|
Endpoint = $vars.endpoint
|
|
CodeSigningAccountName = $vars.account
|
|
CertificateProfileName = $vars.profile
|
|
Files = ($files -join ",")
|
|
FileDigest = "SHA256"
|
|
TimestampDigest = "SHA256"
|
|
TimestampRfc3161 = "http://timestamp.acs.microsoft.com"
|
|
ExcludeEnvironmentCredential = $true
|
|
ExcludeWorkloadIdentityCredential = $true
|
|
ExcludeManagedIdentityCredential = $true
|
|
ExcludeSharedTokenCacheCredential = $true
|
|
ExcludeVisualStudioCredential = $true
|
|
ExcludeVisualStudioCodeCredential = $true
|
|
ExcludeAzureCliCredential = $false
|
|
ExcludeAzurePowerShellCredential = $true
|
|
ExcludeAzureDeveloperCliCredential = $true
|
|
ExcludeInteractiveBrowserCredential = $true
|
|
}
|
|
|
|
Invoke-TrustedSigning @params
|