diff --git a/tools/devops/automation/build-pipeline.yml b/tools/devops/automation/build-pipeline.yml index f2c67a7fdd62..76b9ee06b669 100644 --- a/tools/devops/automation/build-pipeline.yml +++ b/tools/devops/automation/build-pipeline.yml @@ -35,7 +35,7 @@ resources: - repository: release-scripts type: github name: xamarin/release-scripts - ref: refs/heads/sign-and-notarized + ref: refs/heads/esrp-signing endpoint: xamarin variables: diff --git a/tools/devops/automation/templates/build/build.yml b/tools/devops/automation/templates/build/build.yml index 3a9ee42f5d8d..7f7d2ad689fe 100644 --- a/tools/devops/automation/templates/build/build.yml +++ b/tools/devops/automation/templates/build/build.yml @@ -69,7 +69,7 @@ steps: which python3 Write-Host "Pip version" - pip -V + pip3 -V displayName: 'Show Python information' - bash: $(System.DefaultWorkingDirectory)/xamarin-macios/tools/devops/automation/scripts/bash/clean-bot.sh @@ -381,6 +381,7 @@ steps: inputs: signType: 'Real' azureSubscription: 'MicroBuild Signing Task (DevDiv)' + zipSources: false env: SYSTEM_ACCESSTOKEN: $(System.AccessToken) @@ -421,21 +422,23 @@ steps: PACKAGES="$IOS_PKG $MAC_PKG $IOS_DOTNET_PKG $TVOS_DOTNET_PKG $WATCHOS_DOTNET_PKG $MACOS_DOTNET_PKG" echo "Packages found at $PACKAGES" - echo "$PACKAGES" | xargs python $(Build.SourcesDirectory)/release-scripts/sign_and_notarize.py --no_notarization -a "$APP_ID" -i "$INSTALL_ID" -u "$APPLE_ACCOUNT" -p "$APPLE_PASS" -t "$TEAM_ID" -d $(Build.SourcesDirectory)/package/notarized -e "$MAC_ENTITLEMENTS" -k "$KEYCHAIN" + echo "$PACKAGES" | xargs -t python3 $(Build.SourcesDirectory)/release-scripts/esrp_sign.py -vv -c "8023" -d $(Build.SourcesDirectory)/package/notarized -e "$MAC_ENTITLEMENTS" ls -R $(Build.SourcesDirectory)/package env: PRODUCTSIGN_KEYCHAIN_PASSWORD: $(OSX_KEYCHAIN_PASS) MAC_ENTITLEMENTS: $(Build.SourcesDirectory)/xamarin-macios/mac-entitlements.plist - APP_ID: $(XamarinAppId) - INSTALL_ID: $(XamarinAppId) - APPLE_ACCOUNT: $(XamarinUserId) - APPLE_PASS: $(XamarinPassword) - TEAM_ID: $(TeamID) - KEYCHAIN: $(SigningKeychain) name: notarize displayName: 'Signing Release Build' condition: and(succeeded(), contains(variables['configuration.SignPkgs'], 'True'), contains(variables['configuration.IsPr'], 'False')) - timeoutInMinutes: 90 + timeoutInMinutes: 180 + +# upload each of the pkgs into the pipeline artifacts +- task: PublishPipelineArtifact@1 + displayName: 'Publish Not Notarized Build Artifacts' + inputs: + targetPath: $(Build.SourcesDirectory)/package/notarized + artifactName: not-notarized-pkg + continueOnError: true - task: ms-vseng.MicroBuildTasks.30666190-6959-11e5-9f96-f56098202fef.MicroBuildSigningPlugin@3 displayName: 'Install Notarizing Plugin' @@ -446,7 +449,19 @@ steps: env: SYSTEM_ACCESSTOKEN: $(System.AccessToken) -- pwsh: $(Build.SourcesDirectory)/release-scripts/notarize.ps1 -FolderForApps $(Build.SourcesDirectory)/package/notarized +- pwsh: | + # so... we have to many pkgs, that results in timeouts, so we need to split things and call it several times + $pkgDir = "$(Build.SourcesDirectory)/package/notarized" + $files = @(Get-ChildItem -Path "$pkgDir/*" -Filter "*.pkg") + # we are going to be one by one... why? because if we send all, we timeout!!!! + if ($files.count -gt 0) + { + foreach($pkg in $files) + { + Write-Host "Notarizing $($pkg.FullName) into" + dotnet $Env:MBSIGN_APPFOLDER/DDSignFiles.dll /file:"$($pkg.FullName)" /certs:"8020" + } + } displayName: 'ESRP notarizing packages' condition: and(succeeded(), contains(variables['configuration.SignPkgs'], 'True'), contains(variables['configuration.IsPr'], 'False')) # if we are a PR, do not use ESRP since is not supported diff --git a/tools/devops/automation/templates/build/stage.yml b/tools/devops/automation/templates/build/stage.yml index 1788c5c95a84..29639cb8142b 100644 --- a/tools/devops/automation/templates/build/stage.yml +++ b/tools/devops/automation/templates/build/stage.yml @@ -70,7 +70,7 @@ jobs: demands: - Agent.OS -equals Darwin - Agent.OSVersion -equals 10.15 - - macios_image -equals v1 + - macios_image -equals v1.1 workspace: clean: all