Code signing at azure DevOps
Now on starting the manual build, we have the option of code signing
if developer will push from visual studio by default code signing will be false.
Â
Example to sign the file for code signing can be found in file “Git\CI\azure-devops-pipelines\templates\sign\sign_job_template.yml“
 followings files are signed , we can add more files for code signing.
     Â
# Standard
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'Standard/Signifikant Standard Setup.exe'
hostArtifactsPath: './artifacts'
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'Standard/Signifikant Manager Setup.exe'
hostArtifactsPath: './artifacts'
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'Standard/Components/Assert/Client Deploy.msi'
hostArtifactsPath: './artifacts'
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'Standard/Components/Assert/Server Deploy.msi'
hostArtifactsPath: './artifacts'
# Standard/AnyTime
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'Standard/Components/AnyTime/Setup.exe'
hostArtifactsPath: './artifacts'
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'Standard/Components/AnyTime/AssertAnyTime.Application.exe'
hostArtifactsPath: './artifacts'
# Webviewer
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'WebViewer/Signifikant WebViewer Setup.exe'
hostArtifactsPath: './artifacts'
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'WebViewer/Components/Assert/WebViewer Deploy.msi'
hostArtifactsPath: './artifacts'
# Windows Service
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'Windows Services/Service Deploy.msi'
hostArtifactsPath: './artifacts'
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'Windows Services/setup.exe'
hostArtifactsPath: './artifacts'
# Forms
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'Forms/FormsManager/Forms.Manager.Deploy.msi'
hostArtifactsPath: './artifacts'
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'Forms/FormsManager/setup.exe'
hostArtifactsPath: './artifacts'
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'Forms/FormsApi/FormsApiDeploy.msi'
hostArtifactsPath: './artifacts'
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'Forms/FormsApi/setup.exe'
hostArtifactsPath: './artifacts'
# SignifikantEmailService
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'SignifikantEmailService/DeployService.msi'
hostArtifactsPath: './artifacts'
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'SignifikantEmailService/setup.exe'
hostArtifactsPath: './artifacts'
# UsageLog
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'UsageLog/UsageLogDeploy.msi'
hostArtifactsPath: './artifacts'
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'UsageLog/setup.exe'
hostArtifactsPath: './artifacts'
# ContentApi
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'ContentApi/ContentApiDeploy.msi'
hostArtifactsPath: './artifacts'
- template: sign_code_template.yml
parameters:
hostPackagesPath: './packages/drop'
inputFilename: 'ContentApi/setup.exe'
hostArtifactsPath: './artifacts'
 We have credentials for code signing and they are stored in variable group in azure DevOps. Following credentials are required. They can be found in KeePassXC
Code signing verification
We can download the build and check the files if they are signed by clicking the file properties and then Digital Signatures tab.
Â