Azure Devops - Sign Mac OS .app and publish Artifact - azure

I am trying to automate the process of signing a .app Binary file using Azure Devops CI pipelines. The current CI performs the following tasks:
CI builds a "setup" container containing the files to compile and pushes to our container registry
Runs a script against an Azure VM to pull this image down and compile against in an Ubuntu VM
The Ubuntu VM is required because the compiling process uses a GUI and a display on xhost is required for it to run.
Once it is done compiling we then zip the binary's and publish it to Azure Devops Artifacts.
What I wanted to do here is pull down the binary and then sign it and push it back up, but the pipeline just hangs indefinitely until it times out. My assumption is that it is waiting for some kind of prompt, and I have no idea how to pass it
name: $(Date:yyyyMMdd)$(Rev:.r)
trigger: none
pr: none
variables:
- group: MacOS
jobs:
- job: POC_Pipeline
pool:
vmImage: 'macOS-latest'
steps:
# - task: InstallAppleCertificate#2
# inputs:
# certSecureFile: '$(p12FileName)'
# certPwd: '$(p12Password)'
# keychain: 'temp'
# deleteCert: true
- task: DownloadSecureFile#1
name: AppleCertificate
displayName: 'Download Apple Certificate'
inputs:
secureFile: '$(p12FileName)'
- task: DownloadPackage#1
inputs:
packageType: 'upack'
feed: 'myfeed'
definition: 'mybinary'
version: '*' # Pulls latest
downloadPath: '$(System.ArtifactsDirectory)'
- script: 'security create-keychain -p password temp.keychain'
workingDirectory: '$(System.ArtifactsDirectory)'
displayName: 'Create Keychain'
failOnStderr: true
- script: 'security unlock-keychain -p password temp.keychain'
workingDirectory: '$(System.ArtifactsDirectory)'
displayName: 'Unlock Keychain'
failOnStderr: true
- script: 'security import $(AppleCertificate.secureFilePath) -k temp.keychain -P $(p12Password) -T /usr/bin/codesign'
workingDirectory: '$(System.ArtifactsDirectory)'
displayName: 'Install Apple Certificate'
failOnStderr: true
- script: 'security find-certificate temp.keychain'
workingDirectory: '$(System.ArtifactsDirectory)'
displayName: 'Find Certificate'
failOnStderr: true
- script: 'security find-identity -p codesigning -v keychain temp.keychain'
workingDirectory: '$(System.ArtifactsDirectory)'
displayName: 'Find Identity'
failOnStderr: true
- script: 'security default-keychain -s "/Users/runner/Library/Keychains/temp.keychain-db"'
workingDirectory: '$(System.ArtifactsDirectory)'
displayName: 'Set Default Keychain'
failOnStderr: true
- script: 'unzip -q myBinary.app.zip'
workingDirectory: '$(System.ArtifactsDirectory)'
displayName: 'Unzip myBinary'
failOnStderr: true
- script: 'xattr -rc myBinary.app'
workingDirectory: '$(System.ArtifactsDirectory)'
displayName: 'Extended Attributes'
failOnStderr: true
- script: 'sudo codesign -s Anasazi -f --deep myDinary.app'
workingDirectory: '$(System.ArtifactsDirectory)'
displayName: 'Codesign Dragon.app'
failOnStderr: true
- script: 'codesign -dv myBinary.app'
workingDirectory: '$(System.ArtifactsDirectory)'
displayName: 'Verify Codesign myBinary.app'
failOnStderr: true
Any assistance or recommendations how we can sign the .app file in the CI would be appreciated.

Related

Running .CMD Script in YAML

I have recently needed to run a .CMD script using YAML in Azure DevOps. I can get it to run and put files in the root of $(System.DefaultWorkingDirectory) but I need it to put the files in $(System.DefaultWorkingDirectory)/teacher/website. Every time I try to do this In two different ways I come up short.
I have first tried with this method:
Batch script
Run a Windows command or batch script and optionally allow it to change the environment
- task: BatchScript#1
inputs:
filename: 'scripts/deploy.cmd'
arguments: # Optional
modifyEnvironment: False # Optional
workingFolder: $(Build.ArtifactStagingDirectory)/teacher/website # Optional
failOnStandardError: false # Optional
This way will just put the files in the $(Build.ArtifactStagingDirectory) which is not what I want, as I have some .Net Build files going there.
I then tried this way:
- script: 'scripts/deploy.cmd' # script path or inline
workingDirectory: '$(Build.ArtifactStagingDirectory)/teacher/website'
displayName: run deploy.cmd
#failOnStderr: #
#env: # mapping of environment variables to add
This way I get an error that says: ##[error]Container path not found: C:\azp\agent\_work\17\a\Teacher\website
I am trying to build all this into an artefact and then that artefact is later deployed to the web app. Here is my fully YAML file so you have an idea of what I am doing:
parameters:
- name: buildConfiguration
type: string
default: 'Release'
- name: project
type: string
default: 'Teacher.csproj'
- name: artifactName
type: string
default: 'Teacher'
jobs:
- job:
pool:
name: 'DotNet6_Terraform'
steps:
- checkout: Teacher
submodules: true
- task: CmdLine#2
displayName: make the Teacher Folder
inputs:
script: 'mkdir Teacher'
workingDirectory: $(Build.ArtifactStagingDirectory)
- task: CmdLine#2
displayName: make website directory
inputs:
script: 'mkdir website'
workingDirectory: $(Build.ArtifactStagingDirectory)/Teacher
- task: CmdLine#2
displayName: Check for folders
inputs:
script: |
echo '$(Build.ArtifactStagingDirectory)/Teacher'
echo '$(Build.ArtifactStagingDirectory)/Teacher/website'
- task: CmdLine#2
displayName: show directory tree
inputs:
script: |
cd '$(System.DefaultWorkingDirectory)/Teacher'
dir
- task: DotNetCoreCLI#2
displayName: dotnet restore
inputs:
command: restore
projects: 'Teacher/**/*.csproj'
- task: CmdLine#2
displayName: checking dotnet versions
inputs:
script: |
dotnet --list-sdks
dotnet --list-runtimes
- task: CmdLine#2
displayName: dotnet build
inputs:
script: |
dotnet build Teacher/Teacher.csproj --configuration Release
- task: DotNetCoreCLI#2
displayName: 'Publish Application'
inputs:
command: 'publish'
publishWebProjects: false
projects: '**/*.csproj'
arguments: '--configuration ${{ parameters.buildConfiguration }} --output $(Build.ArtifactStagingDirectory)/Teacher'
publishTestResults: false
zipAfterPublish: true
modifyOutputPath: false
workingDirectory: Teacher
- task: PowerShell#2
displayName: List Files Post Publish
inputs:
targetType: inline
script: Get-ChildItem -path '$(Build.ArtifactStagingDirectory)/Teacher'
- script: 'scripts/deploy.cmd' # script path or inline
workingDirectory: '$(Build.ArtifactStagingDirectory)/Teacher/website'
displayName: run deploy.cmd
#failOnStderr: #
#env: # mapping of environment variables to add
# Batch script
# Run a Windows command or batch script and optionally allow it to change the environment
#- task: BatchScript#1
# inputs:
# filename: 'scripts/deploy.cmd'
#arguments: # Optional
#modifyEnvironment: False # Optional
# workingFolder: $(Build.ArtifactStagingDirectory)/Teacher/website # Optional
# failOnStandardError: false # Optional
- task: PublishPipelineArtifact#1
displayName: 'Publish Artifacts'
inputs:
targetPath: '$(Build.ArtifactStagingDirectory)'
artifact: ${{ parameters.artifactName }}
publishLocation: 'pipeline'

Azure DevOps Failed to update App Service configuration details

I am trying to deploy a WebApp in Azure DevOps and I am getting this error:
[warning]Failed to update App Service configuration details. Error: Error: Failed to update App service 'webapp' configuration. Error: BadRequest - Required parameter AccessKey is missing.
I can't figure out why this is happening, it was working originally and the error came about the other day. Nothing has changed with the WebApp code, no new settings were added. The artifact goes into place and the website works but I get this error, then on another run, the pipeline will fail, so I only have one successful run, then I have to go and delete the web app to have another successful run.
Here is my YAML Code:
trigger:
branches:
include:
- master
pr: none
pool:
vmImage: windows-latest
resources:
repositories:
- repository: Website
name: VALUE/Website
path:
- include: /Website
type: git
ref: VALUE
variables:
System.Debug: false
azureSubscription: VALUE
RG: rg_example
Location: UK South
containername: private
appconnectionname: VALUE
stages:
- stage: build_website_files
displayName: Building Main Website Files
jobs:
- job: job1
displayName: Create And Publish Artifact
steps:
- checkout: Website
- task: CmdLine#2
inputs:
script: 'mkdir Website'
workingDirectory: $(Build.ArtifactStagingDirectory)
- task: CmdLine#2
inputs:
script: 'echo $(Build.ArtifactStagingDirectory)/Website'
- task: DotNetCoreCLI#2
displayName: dotnet restore
inputs:
command: restore
projects: Website.csproj
- task: NodeTool#0
displayName: Install Node .js
inputs:
versionSpec: 14.17.3
force32bit: false
checkLatest: false
- script: |
npm install -g #angular/cli#12.1.3
npm install
ng build --prod
displayName: npm install and build
- task: DotNetCoreCLI#2
displayName: dotnet build
inputs:
projects: Website.csproj
arguments: '--configuration Release'
- task: DotNetCoreCLI#2
displayName: dotnet restore unit tests
inputs:
command: restore
projects: UnitTests/UnitTests.csproj
- task: DotNetCoreCLI#2
displayName: dotnet Test
inputs:
command: test
projects: UnitTests/UnitTests.csproj
arguments: '--configuration Release'
- task: DotNetCoreCLI#2
displayName: dotnet publish
inputs:
command: publish
projects: Website.csproj
arguments: --configuration Release --output $(Build.ArtifactStagingDirectory)/Website
zipAfterPublish: true
modifyOutputPath: false
- task: PublishPipelineArtifact#1
displayName: Publish Pipeline Artifact
inputs:
targetPath: $(Build.ArtifactStagingDirectory)/Website
artifact: Website
publishLocation: pipeline
- stage: put_website_files_into_place
displayName: website_files_into_place
dependsOn: build_website_files
jobs:
- job: job2
displayName: Create Web App
#dependsOn: job1
steps:
- download: none
- task: DownloadPipelineArtifact#2
displayName: Download Build Artifacts
inputs:
patterns: '**/*.zip'
path: $(Build.ArtifactStagingDirectory)/Website/
- task: AzureWebApp#1
displayName: 'Azure Web App Deploy: value'
inputs:
package: $(Build.ArtifactStagingDirectory)/**/*.zip
azureSubscription: $(azureSubscription)
ConnectedServiceName: $(appconnectionname)
appName: value
ResourceGroupName: $(RG)

Yaml Azure Devops TerraformInstaller is ambiguous

Here i am trying to create aks using terraform, using azure-devops to deploy the resource to azure.
pipeline job has failed within a sec.
below is the pipeline code.
trigger:
- main
pool:
vmImage: 'ubuntu-latest'
stages:
- stage: TerraformValidate
jobs:
- job: TerraformValidateJob
continueOnError: false
steps:
- task: PublishPipelineArtifact#1
displayName: Publish Artifacts
inputs:
targetPath: '$(System.DefaultWorkingDirectory)/terraform-manifests'
artifact: 'terraform-manifests-out'
publishLocation: 'pipeline'
- task: TerraformInstaller#0
displayName: Terraform Install
inputs:
terraformVersion: 'latest'
- task: TerraformCLI#0
displayName: Terraform Init
inputs:
command: 'init'
workingDirectory: '$(System.DefaultWorkingDirectory)/terraform-manifests'
backendType: 'azurerm'
backendServiceArm: ''
backendAzureRmResourceGroupName: ''
backendAzureRmStorageAccountName: ''
backendAzureRmContainerName: ''
backendAzureRmKey: 'aks-base.tfstate'
allowTelemetryCollection: false
- task: TerraformCLI#0
displayName: Terraform Validate
inputs:
command: 'validate'
workingDirectory: '$(System.DefaultWorkingDirectory)/terraform-manifests'
allowTelemetryCollection: false
getting below error :
I have installed both the extensions:
After installing these two extensions at the same time, I can reproduce the same issue.
The root cause of the issue is that terraform install task exists in both extensions at the same time.
Their simplified version of YAML task names are all TerraformInstaller#0.
To solve this issue, you can uninstall one of the two extensions.
Or you can specify the full name.
For example:
- task: ms-devlabs.custom-terraform-tasks.custom-terraform-installer-task.TerraformInstaller#0
OR
- task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-installer.TerraformInstaller#0

Azure Pipeline- Copy files from one Repo to another Repo using YAML

There is a folder in one of the repositories (Source Repo) that I like to copy to another repository (Destination Repo) using Azure Pipeline (as they needed to be in sync)
so far I can Copy a folder in the same repository using:
- task: CopyFiles#2
inputs:
SourceFolder: '$(Build.Repository.LocalPath)\MyFolder\'
Contents: |
**
!**\obj\**
!**\bin\**
TargetFolder: '$(Build.Repository.LocalPath)\DestFolder'
flattenFolders: false
CleanTargetFolder: true
OverWrite: true
preserveTimestamp: true
this is how I connect to another repository:
resources:
repositories:
- repository: SourceRepo
type: git
name: MyCollection/SourceRepo
but I don't know how to get files from the source repo and place them in the Destination Repo
after a lot of searching, this is the answer:
resources:
repositories:
- repository: SourceRepo
type: git
name: MyCollection/SourceRepo
steps:
- checkout: SourceRepo
clean: true
- checkout: self
persistCredentials: true
clean: true
- task: DotNetCoreCLI#2
displayName: "restore DestRepo"
inputs:
command: 'restore'
projects: '$(Build.Repository.LocalPath)/DestRepo/**/*.csproj'
feedsToUse: 'select'
- task: DotNetCoreCLI#2
displayName: "build DestRepo"
inputs:
command: 'build'
projects: '$(Build.Repository.LocalPath)/DestRepo/DestRepo/**/*.csproj'
configuration: Release
# configurations for using git command
- task: CmdLine#2
inputs:
script: |
cd $(Agent.HomeDirectory)\externals\git\cmd
git config --global user.email ""
git config --global user.name "$(Build.RequestedFor)"
- task: CmdLine#2
displayName: checkout
inputs:
script: |
git -C RootRep checkout $(Build.SourceBranchName)
- task: CmdLine#2
displayName: pull
inputs:
script: |
git -C DestRepo pull
- task: CopyFiles#2
inputs:
SourceFolder: '$(Build.Repository.LocalPath)\SourceRepo\SourceFolder'
Contents: |
**
!**\obj\**
!**\bin\**
TargetFolder: '$(Build.Repository.LocalPath)\DestRepo\DestFolder'
flattenFolders: false
CleanTargetFolder: true
OverWrite: true
# preserveTimestamp: true
- task: CmdLine#2
displayName: add
inputs:
script: |
git -C DestRepo add --all
- task: CmdLine#2
displayName: commit
continueOnError: true
inputs:
script: |
git -C DestRepo commit -m "Azure Pipeline Repository Integration"
- task: CmdLine#2
displayName: push
inputs:
script: |
git -C DestRepo push -u origin $(Build.SourceBranchName)
I was trying to find some solution related to this problem, but instead of using a copy file task, I found a better way and we can use any number of repositories are resources in the build pipeline and we don't need to check out all these.
This is how my build pipeline looks like.
As you can see I have used two variables
$(System.AccessToken), this variable is available in Azure DevOps aka PAT(Personal Access Token)
$(Build.Repository.Uri) URL of the repository (this could be the URL of any repo in resources).

Waiting for console output in azure pipeline

I am trying to run some unit tests in my azure pipeline but it keeps saying 'Waiting for console output'. This goes on for about an hour until it eventually fails. I do not understand why it can't access the output from console. New to working with Azure/pipelines in general and any help would be appreciated. Thank you.
Here is my yaml file:
pr:
- $(branch)
pool:
vmImage: 'ubuntu-latest'
steps:
- task: NodeTool#0
inputs:
versionSpec: '10.14'
displayName: 'Install Node.js'
- script: |
npm install -g #angular/cli
npm install
displayName: 'Install Angular Dependencies'
- task: Npm#1
displayName: 'Lint Angular'
inputs:
command: custom
customCommand: run lint -- --format=stylish
- script: |
npm run test
displayName: 'Run Unit Tests'
- task: PublishTestResults#2
displayName: 'Publish unit tests results'
condition: succeededOrFailed()
inputs:
searchFolder: $(System.DefaultWorkingDirectory)/src/tests/junit
testRunTitle: Angular
testRunner: JUnit
testResultsFiles: "**/TESTS-*.xml"
- task: PublishCodeCoverageResults#1
displayName: 'Publish unit test code coverage results'
condition: succeededOrFailed()
inputs:
codeCoverageTool: Cobertura
summaryFileLocation: $(System.DefaultWorkingDirectory)/src/tests/coverage/cobertura-coverage.xml
reportDirectory: $(System.DefaultWorkingDirectory)/src/tests/coverage
failIfCoverageEmpty: true
- script: |
$(npm-script)
displayName: 'Build App'
- script: |
cd $(System.DefaultWorkingDirectory)/
ls -a
cp -r dist $(Build.ArtifactStagingDirectory)/
cp ecosystem.config.js $(Build.ArtifactStagingDirectory)/
cd $(Build.ArtifactStagingDirectory)/
ls -a
# rm -r node_modules
# ls -a
displayName: 'Copy Files to Archive'
- task: ArchiveFiles#2
inputs:
rootFolderOrFile: '$(Build.ArtifactStagingDirectory)/'
includeRootFolder: false
archiveType: 'zip'
archiveFile: '$(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip' # '$(System.DefaultWorkingDirectory)/$(Build.BuildId).zip'
replaceExistingArchive: true
- script: |
cd $(System.DefaultWorkingDirectory)/
ls -a
cd $(Build.ArtifactStagingDirectory)/
ls -a
displayName: 'Check Files 2'
- task: CopyFiles#2
displayName: 'Copy File to: $(TargetFolder)'
inputs:
SourceFolder: '$(Build.ArtifactStagingDirectory)/'
Contents: '$(Build.ArtifactStagingDirectory)/**/*.zip'
TargetFolder: '$(Build.ArtifactStagingDirectory)/ArtifactsToBePublished'
- task: PublishBuildArtifacts#1
displayName: 'Publish Artifact: App'
inputs:
PathtoPublish: '$(Build.ArtifactStagingDirectory)/ArtifactsToBePublished'
# - script: |
# npm run pre-e2e
# npm run e2e
# displayName: 'Run E2E Tests'
- script: |
pwd
cd $(Build.ArtifactStagingDirectory)/ArtifactsToBePublished
ls -a
displayName: 'See Content'
I can reproduce the same issue with npm run test script. You can have a try running unit tests with Npm task instead of using script task.
- task: Npm#1
displayName: 'Unit Test'
inputs:
command: custom
customCommand: run test -- --watch=false --code-coverage
Or
- task: Npm#1
displayName: 'Test e2e Angular'
inputs:
command: custom
customCommand: run e2e
I came across with this issue today and, based on this hint, I figured out that the browser was preventing some events from happening. So I disabled my ad blocker—in my case, Brave Shield, because I use Brave browser—and the problem is solved.

Resources