Kentico · radekpetruska · Mar 6, 2024 · Mar 5, 2024 · Mar 6, 2024
diff --git a/.azuredevops/pipelines/build-and-release.yml b/.azuredevops/pipelines/build-and-release.yml
@@ -31,7 +31,7 @@ stages:
               - Agent.Name -equals ${{ parameters.AgentName }}
 
         variables:
-          - group: 14.0 Authenticode signature parameters
+          - group: Code Sign KV Auth
 
           - name: Configuration
             value: Release
@@ -49,6 +49,14 @@ stages:
               packageType: sdk
               useGlobalJson: true
 
+          - task: DotNetCoreCLI@2
+            displayName: Restore dotnet tools
+            inputs:
+              command: custom
+              custom: tool
+              arguments: restore
+              workingDirectory: $(System.DefaultWorkingDirectory)
+
           - task: DotNetCoreCLI@2
             displayName: Restore dependencies
             inputs:
@@ -64,6 +72,8 @@ stages:
               projects: ${{ variables.ProjectFilePath }}
               configuration: ${{ variables.Configuration }}
               arguments: --no-restore
+            env:
+              AuthenticodeClientSecret: $(AuthenticodeClientSecret)
 
           - task: DotNetCoreCLI@2
             displayName: Create NuGet package

diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json
@@ -0,0 +1,12 @@
+{
+  "version": 1,
+  "isRoot": true,
+  "tools": {
+    "azuresigntool": {
+      "version": "4.0.1",
+      "commands": [
+        "azuresigntool"
+      ]
+    }
+  }
+}
diff --git a/Directory.Build.props b/Directory.Build.props
@@ -34,6 +34,7 @@
     <NoWarn>$(NoWarn);1591</NoWarn>
 
     <EnableDefaultEmbeddedResourceItems>false</EnableDefaultEmbeddedResourceItems>
+    <TimestampServerUrl>http://timestamp.digicert.com</TimestampServerUrl>
   </PropertyGroup>
 
   <PropertyGroup Condition=" $(Configuration) == 'Release' ">

diff --git a/Directory.build.targets b/Directory.build.targets
@@ -9,6 +9,6 @@
             <AssemblyToSign Include="$(XmlSerializersTargetPath)" Condition="Exists('$(XmlSerializersTargetPath)')" />
         </ItemGroup>
 
-        <SignFile CertificateThumbprint="$(AuthenticodeCertificateThumbprint)" TimestampUrl="http://time.certum.pl" SigningTarget="%(AssemblyToSign.Identity)" />
+        <Exec Command="dotnet AzureSignTool sign --azure-key-vault-url $(AuthenticodeKeyVaultUrl) --azure-key-vault-tenant-id $(AuthenticodeTenantId) --azure-key-vault-client-id $(AuthenticodeClientId) --azure-key-vault-client-secret $(AuthenticodeClientSecret) --azure-key-vault-certificate $(AuthenticodeCertificateName) --timestamp-rfc3161 $(TimestampServerUrl) --skip-signed %(AssemblyToSign.Identity)" />
     </Target>
-</Project>
+</Project>