Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AzureAuth GitHub release through ADO pipeline #393

Merged
merged 10 commits into from
Jul 8, 2024
Merged

AzureAuth GitHub release through ADO pipeline #393

merged 10 commits into from
Jul 8, 2024

Conversation

Haard30
Copy link
Contributor

@Haard30 Haard30 commented Jun 27, 2024
edited
Loading

This PR adds the ADO pipeline that releases AzureAuth to GitHub.

This pipeline has similar behavior to original github release, except for a few things:

  1. We no longer require SP secrets and instead use federated creds.
  2. We use the 1ES Pipeline template. (We will switch to official pipeline template and mark the pipeline as prod in a follow-up PR). REVIEW the PR
  3. Code signing - Our existing code signing mechanism of downloading the cert from Azure KV and storing it locally on windows cert store is no longer compatible with 1ES PT. So instead, we use the built-in ADO task (similar to how other teams perform code signing with ESRP). We should now be able to remove sign.py which leads to lesser code and dependencies to maintain (in a follow-up PR).

Here's the draft release created through this pipeline: https://github.com/AzureAD/microsoft-authentication-cli/releases/tag/untagged-c463728100f3301ee7c8

Testing:

  1. Test end to end actual release of AureAuth using this pipeline.
  2. Download, install and run AureAuth published through release.
  3. Verify the code signing by looking at code signing summary generated through esrp task.
  4. Reject/Approve the release and see behavior is correctly reflected.

@Haard30 Haard30 marked this pull request as ready for review June 27, 2024 15:19
@Haard30 Haard30 requested a review from a team as a code owner June 27, 2024 15:19
mijpeterson
mijpeterson requested changes Jul 2, 2024
View reviewed changes
Copy link
Contributor

@mijpeterson mijpeterson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just the one comment on pipeline variable casing consistency. No preference which way we go.

@Haard30 Haard30 merged commit af6358e into main Jul 8, 2024
9 checks passed
@Haard30 Haard30 deleted the user/haashah/azure-release-pipeline branch July 8, 2024 18:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mvanchaa mvanchaa mvanchaa approved these changes

@mijpeterson mijpeterson mijpeterson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Haard30 @mvanchaa @mijpeterson