ci: Adjust signing

Author: jeromelaban

.azure-pipelines.yml

@@ -70,12 +70,15 @@ steps:
     inputs:
       filePath: build/Sign-Package.ps1
     env:
-      SignClientUser: $(SignClientUser)
-      SignClientSecret: $(SignClientSecret)
-      SignPackageName: "Uno.PackageDiff"
-      SignPackageDescription: "Uno.PackageDiff"
+      VaultSignTenantId: $(VaultSignTenantId)
+      VaultSignClientId: $(VaultSignClientId)
+      VaultSignClientSecret: $(VaultSignClientSecret)
+      VaultSignCertificate: $(VaultSignCertificate)
+      VaultSignUrl: $(VaultSignUrl)
+      SignPackageName: "Uno.Core"
+      SignPackageDescription: "Uno.Core"
       ArtifactDirectory: $(build.artifactstagingdirectory)
-    condition: and(succeeded(), not(eq(variables['build.reason'], 'PullRequest')), not(eq(variables['SignClientSecret'], '')), not(eq(variables['SignClientUser'], '')))
+    condition: and(succeeded(), not(eq(variables['build.reason'], 'PullRequest')), not(eq(variables['VaultSignClientSecret'], '')), not(eq(variables['VaultSignClientId'], '')))
 
   - task: PublishBuildArtifacts@1
     inputs:

build/SignClient.json

@@ -1,21 +1,35 @@
 $currentDirectory = split-path $MyInvocation.MyCommand.Definition
 
 # See if we have the ClientSecret available
-if ([string]::IsNullOrEmpty($env:SignClientSecret)) {
+if ([string]::IsNullOrEmpty($env:VaultSignClientSecret)) {
     Write-Host "Client Secret not found, not signing packages"
     return;
 }
 
-dotnet tool install --tool-path . SignClient
+dotnet tool install --tool-path . sign --version 0.9.1-beta.25278.1
 
-# Setup Variables we need to pass into the sign client tool
-$appSettings = "$currentDirectory\SignClient.json"
-
-$filesToSign = Get-ChildItem -Recurse $Env:ArtifactDirectory\* -Include *.nupkg,*.vsix | Select-Object -ExpandProperty FullName
+$filesToSign = Get-ChildItem -Recurse $Env:ArtifactDirectory\* -Include *.nupkg | Select-Object -ExpandProperty FullName
 
 foreach ($fileToSign in $filesToSign) {
     Write-Host "Submitting $fileToSign for signing"
-    .\SignClient 'sign' -c $appSettings -i $fileToSign -r $env:SignClientUser -s $env:SignClientSecret -n "$env:SignPackageName" -d "$env:SignPackageDescription" -u "$env:build_repository_uri"
+
+    .\sign code azure-key-vault `
+        $fileToSign `
+        --publisher-name "$env:SignPackageName" `
+        --description "$env:SignPackageDescription" `
+        --description-url "$env:build_repository_uri" `
+        --azure-key-vault-tenant-id "$env:VaultSignTenantId" `
+        --azure-key-vault-client-id "$env:VaultSignClientId" `
+        --azure-key-vault-client-secret "$env:VaultSignClientSecret" `
+        --azure-key-vault-certificate "$env:VaultSignCertificate" `
+        --azure-key-vault-url "$env:VaultSignUrl" `
+        --verbosity information
+
+    if ($LASTEXITCODE -ne 0) {
+        Write-Error "Failed to sign $fileToSign"
+        exit $LASTEXITCODE
+    }
+
     Write-Host "Finished signing $fileToSign"
 }