-
Notifications
You must be signed in to change notification settings - Fork 7.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable signing daily release build with lifetime certificate #15642
Enable signing daily release build with lifetime certificate #15642
Conversation
@@ -1,9 +1,12 @@ | |||
steps: | |||
- powershell: | | |||
$shouldSign = $true | |||
if($env:BUILD_REASON -ne 'Manual') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this mean that builds that are not manual and are not daily will now be signed with the standard Authenticode cert?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe we do not have any builds for this pipeline that are not manual and not daily. The builds we have are:
- Daily build - kicked off automatically so not manual. -> signed
- Manual kicked off for release - so not daily
- Manually kicked off for testing - so not daily
The pipeline also has an option to skip signing using the pipeline schedule time parameter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No automated on-push branch build?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
on-push is disabled for the pipeline.
@@ -1,9 +1,12 @@ | |||
steps: | |||
- powershell: | | |||
$shouldSign = $true | |||
if($env:BUILD_REASON -ne 'Manual') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No automated on-push branch build?
🎉 Handy links: |
PR Summary
Enable signing of daily builds with a lifetime certificate. This will allow us to release a signed build but with a certificate which has a small expiry.
MSIX does not support the lifetime cert, hence keep it unchanged.
PR Context
PR Checklist
.h
,.cpp
,.cs
,.ps1
and.psm1
files have the correct copyright headerWIP:
or[ WIP ]
to the beginning of the title (theWIP
bot will keep its status check atPending
while the prefix is present) and remove the prefix when the PR is ready.(which runs in a different PS Host).