我有一个成功运行的管道并将我的软件部署到容器中。我想在 ACA 中发布之前将代码签名添加到构建阶段创建的 exe 中。
我们的证书保存在密钥保管库中,我尝试使用 AzureSignTool 对 exe 文件进行签名作为部署前的测试。
按照 AzureSignTool 的演练,您需要向管道添加两个任务。第一个安装 AzureSignTool,第二个运行命令来对要签名的文件进行签名。我遇到的问题是,安装该工具后出现此错误:
sh:第 1 行:AzureSignTool:找不到命令
这是全局安装,我不明白为什么找不到它?
需要注意的一件事是一位前同事编写了原始管道并选择使用 Unbunto。我习惯于编写使用 Windows Server 的管道,所以不确定这是否会产生很大的差异。
管道的精简版本:
trigger:
tags:
include:
- '*'
branches:
include:
- develop
- release/*
variables:
- group: 'CodeSigningVariables' #variable group
pool: ubuntu-20.04
stages:
# Build Project
- stage: Build
displayName: Build & Test Project
jobs:
- job: Build
steps:
- checkout: self
persistCredentials: true
clean: true
- #### BUILD SECTION REDACTED ####
- task: DotNetCoreCLI@2
displayName: 'Install AzureSignTool'
inputs:
command: custom
custom: tool
arguments: 'update --global azuresigntool'
- task: CmdLine@2
displayName: 'Sign Application'
inputs:
script: |
AzureSignTool sign -kvu $(SigningVaultURL) -kvi $(SigningClientId) -tr $(SigningTimeStamp) -kvt $(SigningTennentId) -kvs $(SigningClientSecret) -kvc $(SigningCertName) -v $(Build.SourcesDirectory)/src/Project/bin/Release/Project.exe
“安装 AzureSignTool”步骤的输出:
Starting: Install AzureSignTool
==============================================================================
Task : .NET Core
Description : Build, test, package, or publish a dotnet application, or run a custom dotnet command
Version : 2.221.0
Author : Microsoft Corporation
Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/build/dotnet-core-cli
==============================================================================
Info: .NET Core SDK/runtime 2.2 and 3.0 are now End of Life(EOL) and have been removed from all hosted agents. If you're using these SDK/runtimes on hosted agents, kindly upgrade to newer versions which are not EOL, or else use UseDotNet task to install the required version.
/usr/bin/dotnet tool update --global azuresigntool
Skipping NuGet package signature verification.
Tool 'azuresigntool' was reinstalled with the latest stable version (version '4.0.1').
Info: Azure Pipelines hosted agents have been updated and now contain .Net 5.x SDK/Runtime along with the older .Net Core version which are currently lts. Unless you have locked down a SDK version for your project(s), 5.x SDK might be picked up which might have breaking behavior as compared to previous versions. You can learn more about the breaking changes here: https://docs.microsoft.com/en-us/dotnet/core/tools/ and https://docs.microsoft.com/en-us/dotnet/core/compatibility/ . To learn about more such changes and troubleshoot, refer here: https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/build/dotnet-core-cli?view=azure-devops#troubleshooting
Finishing: Install AzureSignTool
“签署申请”步骤的输出:
Starting: Sign Application
==============================================================================
Task : Command line
Description : Run a command line script using Bash on Linux and macOS and cmd.exe on Windows
Version : 2.231.1
Author : Microsoft Corporation
Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/command-line
==============================================================================
Generating script.
Script contents:
AzureSignTool sign -kvu https://keyvault.vault.azure.net/ -kvi *** -tr http://timestamp.digicert.com -kvt *** -kvs *** -kvc CertName -v /datadrive/agent/11/s/src/Project/bin/Release/Project.exe
========================== Starting Command Output ===========================
/usr/bin/bash --noprofile --norc /datadrive/agent/_temp/b365c9f0-b063-4456-84b0-ab382de1b5ac.sh
/datadrive/agent/_temp/b365c9f0-b063-4456-84b0-ab382de1b5ac.sh: line 1: AzureSignTool: command not found
##[error]Bash exited with code '127'.
Finishing: Sign Application
对此的任何帮助将不胜感激。