Pipelines/Sign-Apps.ps1


$KeyVaultName = $ENV:KeyVaultName
$CertificateName = $ENV:CertificateName
$ClientId = $ENV:ClientId
$ClientSecret = $ENV:ClientSecret
$TenantId = $ENV:TenantId
$PathToFiles = "./**/*.app"
$description = "Signed with AL-Go for GitHub"
$descriptionUrl = $ENV:BUILD_REPOSITORY_URI

Write-Host "##[group]Parameters"
Write-Host "KeyVaultName: $KeyVaultName"
Write-Host "CertificateName: $CertificateName"
Write-Host "ClientId: $ClientId"
Write-Host "TenantId: $TenantId"
Write-Host "PathToFiles: $PathToFiles"
Write-Host "Description: $description"
Write-Host "DescriptionUrl: $descriptionUrl"
Write-Host "##[endgroup]"

if (-not $CertificateName) {
    Write-Host "CertificateName is not set. Exiting."
    return
}

$PathLocal = (Get-Location).Path
$SignLibPath = Join-Path -Path "$PathLocal\CI Scripts\AL\Pipelines" -ChildPath "Sign.psm1" -Resolve
Write-Host "SignLibPath: $SignLibPath"
Install-Module -Name SMART-BcBuildHelper -Force
#Import-Module $SignLibPath

cd $env:BUILD_ARTIFACTSTAGINGDIRECTORY  # Todo move out as a parameter

$Files = Get-ChildItem -Path $PathToFiles -File | Select-Object -ExpandProperty FullName
if (-not $Files) {
    Write-Host "No files to sign. Exiting."
    return
}

Write-Host "##[group]Files to be signed"
$Files | ForEach-Object {
    Write-Host "- $_"
}
Write-Host "##[endgroup]"

Write-Host "##[group]Signing files" 

Invoke-SigningTool `
    -KeyVaultName $KeyVaultName `
    -CertificateName $CertificateName `
    -ClientId $ClientId `
    -ClientSecret $ClientSecret `
    -TenantId $TenantId `
    -FilesToSign $PathToFiles `
    -Description $description `
    -DescriptionUrl $descriptionUrl `

Write-Host "##[endgroup]"