From 5e3ea2e6fd42cfeee4a829cc62a6652b2b8397d1 Mon Sep 17 00:00:00 2001
From: Will Thant <kythant@microsoft.com>
Date: Wed, 17 Jul 2024 22:44:32 +0000
Subject: [PATCH] Merged PR 11109364: Update to ESRP CodeSigning task V5

Update to ESRP task V5 which eliminates secret usage.

Parameter values to the task can be controlled by this library
https://microsoft.visualstudio.com/WinUI/_apps/hub/ms.vss-distributed-task.hub-library?itemType=VariableGroups&view=VariableGroupView&variableGroupId=5612&path=WinUI2-Signing

This currently points to WindowsAppSDK's ESRP configuration
---
 .../MUX-BuildDevProject-Steps.yml                        | 9 +++++++--
 .../MUX-CreateNugetPackage-Job.yml                       | 9 +++++++--
 .../MUX-InstallDotNetSDK-Steps.yml                       | 2 +-
 .../MUX-MakeFrameworkPackages-Steps.yml                  | 9 +++++++--
 build/WinUI-OB-Official.yml                              | 9 +++++++--
 5 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/build/AzurePipelinesTemplates/MUX-BuildDevProject-Steps.yml b/build/AzurePipelinesTemplates/MUX-BuildDevProject-Steps.yml
index ce85967e6b..a1b16f1019 100644
--- a/build/AzurePipelinesTemplates/MUX-BuildDevProject-Steps.yml
+++ b/build/AzurePipelinesTemplates/MUX-BuildDevProject-Steps.yml
@@ -64,10 +64,15 @@ steps:
       artifactName: nativecodeanalysis
 
   - ${{ if eq( parameters.signOutput, true) }}:
-    - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
+    - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
       displayName: 'CodeSign'
       inputs:
-        ConnectedServiceName: WinUISigning
+        ConnectedServiceName: $(WinUI2SigningConnectedServiceName)
+        AppRegistrationClientId: $(WinUI2SigningAppRegistrationClientId)
+        AppRegistrationTenantId: $(WinUI2SigningAppRegistrationTenantId)
+        AuthAKVName: $(WinUI2SigningAuthAKVName)
+        AuthCertName: $(WinUI2SigningAuthCertName)
+        AuthSignCertName: $(WinUI2SigningAuthSignCertName)
         FolderPath: '$(buildOutputDir)/$(buildConfiguration)/$(buildPlatform)/Microsoft.UI.Xaml'
         # Recursively finds files matching these patterns:
         Pattern: |
diff --git a/build/AzurePipelinesTemplates/MUX-CreateNugetPackage-Job.yml b/build/AzurePipelinesTemplates/MUX-CreateNugetPackage-Job.yml
index ddabf5c8d5..ff150a12a6 100644
--- a/build/AzurePipelinesTemplates/MUX-CreateNugetPackage-Job.yml
+++ b/build/AzurePipelinesTemplates/MUX-CreateNugetPackage-Job.yml
@@ -55,10 +55,15 @@ jobs:
     displayName: 'build-nupkg.ps1'
 
   - ${{ if eq( parameters.signOutput, true) }}:
-    - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
+    - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
       displayName: 'CodeSign (nupkg)'
       inputs:
-        ConnectedServiceName: WinUISigning
+        ConnectedServiceName: $(WinUI2SigningConnectedServiceName)
+        AppRegistrationClientId: $(WinUI2SigningAppRegistrationClientId)
+        AppRegistrationTenantId: $(WinUI2SigningAppRegistrationTenantId)
+        AuthAKVName: $(WinUI2SigningAuthAKVName)
+        AuthCertName: $(WinUI2SigningAuthCertName)
+        AuthSignCertName: $(WinUI2SigningAuthSignCertName)
         FolderPath: '${{ parameters.nupkgdir }}'
         Pattern: |
           **/Microsoft.UI.Xaml*.nupkg
diff --git a/build/AzurePipelinesTemplates/MUX-InstallDotNetSDK-Steps.yml b/build/AzurePipelinesTemplates/MUX-InstallDotNetSDK-Steps.yml
index 9d2aae3778..f764ebcb49 100644
--- a/build/AzurePipelinesTemplates/MUX-InstallDotNetSDK-Steps.yml
+++ b/build/AzurePipelinesTemplates/MUX-InstallDotNetSDK-Steps.yml
@@ -1,5 +1,5 @@
 parameters:
-  dotNetVersion: 3.1.415
+  dotNetVersion: 6.0.414
 
 steps:
   - task: UseDotNet@2
diff --git a/build/AzurePipelinesTemplates/MUX-MakeFrameworkPackages-Steps.yml b/build/AzurePipelinesTemplates/MUX-MakeFrameworkPackages-Steps.yml
index ffaca1823a..2434fbf33b 100644
--- a/build/AzurePipelinesTemplates/MUX-MakeFrameworkPackages-Steps.yml
+++ b/build/AzurePipelinesTemplates/MUX-MakeFrameworkPackages-Steps.yml
@@ -28,10 +28,15 @@ steps:
     displayName: 'Make FrameworkPackages'
 
   - ${{ if eq( parameters.signOutput, true) }}:
-    - task: EsrpCodeSigning@1
+    - task: EsrpCodeSigning@5
       displayName: First Party StoreSign Framework Package
       inputs:
-        ConnectedServiceName: WinUISigning
+        ConnectedServiceName: $(WinUI2SigningConnectedServiceName)
+        AppRegistrationClientId: $(WinUI2SigningAppRegistrationClientId)
+        AppRegistrationTenantId: $(WinUI2SigningAppRegistrationTenantId)
+        AuthAKVName: $(WinUI2SigningAuthAKVName)
+        AuthCertName: $(WinUI2SigningAuthCertName)
+        AuthSignCertName: $(WinUI2SigningAuthSignCertName)
         FolderPath: '${{ parameters.buildOutputDir }}\$(buildConfiguration)\$(buildPlatform)\FrameworkPackage'
         Pattern: |
           *.appx
diff --git a/build/WinUI-OB-Official.yml b/build/WinUI-OB-Official.yml
index e8f0e8ad3f..2c03601b64 100644
--- a/build/WinUI-OB-Official.yml
+++ b/build/WinUI-OB-Official.yml
@@ -245,10 +245,15 @@ extends:
                 -BuildFlavor Release
             displayName: 'build-nupkg.ps1'
 
-          - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
+          - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
             displayName: 'CodeSign (nupkg)'
             inputs:
-              ConnectedServiceName: WinUISigning
+              ConnectedServiceName: $(WinUI2SigningConnectedServiceName)
+              AppRegistrationClientId: $(WinUI2SigningAppRegistrationClientId)
+              AppRegistrationTenantId: $(WinUI2SigningAppRegistrationTenantId)
+              AuthAKVName: $(WinUI2SigningAuthAKVName)
+              AuthCertName: $(WinUI2SigningAuthCertName)
+              AuthSignCertName: $(WinUI2SigningAuthSignCertName)
               FolderPath: $(nupkgdir)
               Pattern: |
                 **/Microsoft.UI.Xaml*.nupkg