diff --git a/.azure-pipelines/release-cli.yaml b/.azure-pipelines/release-cli.yaml index 5aff291c95..eccc381060 100644 --- a/.azure-pipelines/release-cli.yaml +++ b/.azure-pipelines/release-cli.yaml @@ -181,14 +181,14 @@ parameters: # MacOS images aren't available in 1ES templates # https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/onboarding/macos-support - name: Azure Pipelines - image: macOS-11 + image: macOS-latest os: macOS rid: osx-x64 label: macOSx64 jobName: MacOS-x64 - name: Azure Pipelines - image: macOS-12 + image: macOS-latest os: macOS rid: osx-arm64 label: macOSArm64 @@ -581,11 +581,16 @@ extends: inputs: version: 6.x - - task: EsrpCodeSigning@2 + - task: EsrpCodeSigning@5 displayName: 'ESRP CodeSigning (Sign Build output)' inputs: # Pipeline validation can't expand service name from matrix variables - ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)" + ConnectedServiceName: 'Federated DevX ESRP Managed Identity Connection' + AppRegistrationClientId: '65035b7f-7357-4f29-bf25-c5ee5c3949f8' + AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2' + AuthAKVName: 'akv-prod-eastus' + AuthCertName: 'ReferenceLibraryPrivateCert' + AuthSignCertName: 'ReferencePackagePublisherCertificate' FolderPath: $(SIGN_PATH) signConfigType: inlineSignParams UseMinimatch: true @@ -595,11 +600,16 @@ extends: condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'True')) - ${{ if and(eq(variables.notarize, 'true'), startsWith(pool.rid, 'osx')) }}: - - task: EsrpCodeSigning@2 + - task: EsrpCodeSigning@5 displayName: 'ESRP CodeSigning (Notarize)' inputs: # Pipeline validation can't expand service name from matrix variables - ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)" + ConnectedServiceName: 'Federated DevX ESRP Managed Identity Connection' + AppRegistrationClientId: '65035b7f-7357-4f29-bf25-c5ee5c3949f8' + AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2' + AuthAKVName: 'akv-prod-eastus' + AuthCertName: 'ReferenceLibraryPrivateCert' + AuthSignCertName: 'ReferencePackagePublisherCertificate' FolderPath: $(SIGN_PATH) signConfigType: inlineSignParams UseMinimatch: true @@ -615,11 +625,16 @@ extends: displayName: DotNet pack (nuget) condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'True')) - - task: EsrpCodeSigning@2 + - task: EsrpCodeSigning@5 displayName: 'ESRP CodeSigning (Sign Nuget)' inputs: # Pipeline validation can't expand service name from matrix variables - ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)" + ConnectedServiceName: 'Federated DevX ESRP Managed Identity Connection' + AppRegistrationClientId: '65035b7f-7357-4f29-bf25-c5ee5c3949f8' + AppRegistrationTenantId: 'cdc5aeea-15c5-4db6-b079-fcadd2505dc2' + AuthAKVName: 'akv-prod-eastus' + AuthCertName: 'ReferenceLibraryPrivateCert' + AuthSignCertName: 'ReferencePackagePublisherCertificate' FolderPath: $(SIGN_PATH) signConfigType: inlineSignParams UseMinimatch: true