Enabling Code Sign Validation through 1ES template

azure-pipelines.yml

@@ -54,10 +54,14 @@ extends:
       tsa:
         enabled: true
         configFile: $(System.DefaultWorkingDirectory)\build\tsaoptions-v2.json
+      codeSignValidation:
+        break: true
+        targetPathExclusionPattern: \"**\*.xml\"
+        ${{ if not(and(eq(variables['Build.Reason'], 'IndividualCI'), eq(variables['Build.SourceBranch'], 'refs/heads/main'))) }}:
+          policyFile: $(MBSIGN_APPFOLDER)\CSVTestSignPolicy.xml
     pool:
       name: AzurePipelines-EO
       image: 1ESPT-Windows2022
       os: windows
     stages:
-    - template: /build/stages/build.yml@self
-    - template: /build/stages/upload.yml@self
+    - template: /build/stages/build.yml@self

build/stages/build.yml

@@ -24,15 +24,11 @@ stages:
         targetPath: '$(Build.ArtifactStagingDirectory)/logs'
         artifactName: logs
         sbomEnabled: false # SBOM only enabled for vsix
+        codeSignValidationEnabled: false
       - output: pipelineArtifact
         displayName: 'Artifacts'
         targetPath: '$(Build.ArtifactStagingDirectory)/package' # vsix will only get published if "CopySignedVsixToPackageDir" target runs in Merq.Vsix.csproj
         artifactName: package
-      - output: pipelineArtifact
-        displayName: 'Symbols'
-        targetPath: '$(Build.ArtifactStagingDirectory)/artifacts'
-        artifactName: symbols
-        sbomEnabled: false # SBOM only enabled for vsix
     steps:
     - checkout: self
       clean: true

src/Vsix/Merq.Vsix/Merq.Vsix.props

@@ -1,23 +1,18 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-	<Import Project="..\..\Merq.props" />
-
-	<PropertyGroup>
-		<VerifyTargetVersion>false</VerifyTargetVersion>
-		<BypassVsixValidation Condition="'$(CI)' == 'true'">true</BypassVsixValidation>
-
-		<UseCodebase>true</UseCodebase>
-		<IncludeDebugSymbolsInVSIXContainer>true</IncludeDebugSymbolsInVSIXContainer>
-		<IncludeDebugSymbolsInLocalVSIXDeployment>true</IncludeDebugSymbolsInLocalVSIXDeployment>
-		<ResolveAssemblyWarnOrErrorOnTargetArchitectureMismatch>None</ResolveAssemblyWarnOrErrorOnTargetArchitectureMismatch>
-
-		<ExtensionInstallationFolder>Merq</ExtensionInstallationFolder>
-		<IsProductComponent>true</IsProductComponent>
-	</PropertyGroup>
-
-	<PropertyGroup Label="Artifacts SDK">
-		<ArtifactsPath Condition="'$(BUILD_ARTIFACTSTAGINGDIRECTORY)' != ''">$(BUILD_ARTIFACTSTAGINGDIRECTORY)/artifacts</ArtifactsPath>
-		<DefaultArtifactsFileMatch>Merq*dll Merq*pdb</DefaultArtifactsFileMatch>
-	</PropertyGroup>
-
+<?xml version="1.0" encoding="utf-8"?>
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+	<Import Project="..\..\Merq.props" />
+
+	<PropertyGroup>
+		<VerifyTargetVersion>false</VerifyTargetVersion>
+		<BypassVsixValidation Condition="'$(CI)' == 'true'">true</BypassVsixValidation>
+
+		<UseCodebase>true</UseCodebase>
+		<IncludeDebugSymbolsInVSIXContainer>true</IncludeDebugSymbolsInVSIXContainer>
+		<IncludeDebugSymbolsInLocalVSIXDeployment>true</IncludeDebugSymbolsInLocalVSIXDeployment>
+		<ResolveAssemblyWarnOrErrorOnTargetArchitectureMismatch>None</ResolveAssemblyWarnOrErrorOnTargetArchitectureMismatch>
+
+		<ExtensionInstallationFolder>Merq</ExtensionInstallationFolder>
+		<IsProductComponent>true</IsProductComponent>
+	</PropertyGroup>
+
 </Project>