Reputation: 693
Configuring ClickOnce Package on Release
I'm working on a pipeline migration from an old manually implemented ci/cd solution to Azure DevOps. There are some prebuilt functions/processes that I'm still reusing.
For example. Like how they package all their solution as artifacts.
I'm trying to keep the code changes as minimal as possible.
The build pipeline creates a ClickOnce package .zip.
Then on the release stage, the myapp.exe.config in the Application Files gets transformed via XML-Document-Transform. Also the application manifest <ApplicationName>.application gets manually edited through Powershell. The <deploymentProvider codebase="http://1.1.1.1/samplefolder/myapp.application" /> gets changed on release depending on the environment/path it is going to be deployed to.
Application Manifest
<asmv1:assembly ...>
<deployment ...>
<subscription>
<update>
<beforeApplicationStartup />
</update>
</subscription>
<deploymentProvider codebase="http://1.1.1.1/samplefolder/myapp.application" />
</deployment>
</asmv1:assembly>
Now I understand that this method requires Re-Signing of the whole package. They have a custom .exe file to re-sign the whole package (it's not mage.exe). Unfortunately, I cant reuse the said executable to re-sign it.
All I have is their Certificate Thumbprint. But I don't know what to do with it.
Questions:
- What are my other options to re-sign the package?
- Is there a better way to do this? Do I have to make another build step for this solution?
Upvotes: 5
Views: 1185
Answers (1)
Reputation: 693
I have managed to sign the ClickOnce Appmanifest (*.application) and *.exe.manifest files on release by using dotnet mage. I've done this by adding the certificate (.pfx or .p12) file in the Secure Files and the certificate password in the pipeline variables.
- Use the .NET Core task specify to use version 5.x.
- optional step Re-install via
dotnet tool update --global microsoft.dotnet.mage --version 5.0.0 - Run the following in powershell
## Signing the exe.manifest file
dotnet mage -update "<folder>/Application Files/<assembly folder name>/<assemblyname>.exe.manifest" -fd "<folder>/Application Files/<folder>" -CertFile "$(SignKey.secureFilePath)" -Password "$(SignKeyPassword)"
## Signing the .Application file
dotnet mage -update "<the .Application full path>" -pu "$publisherURL" -pub "$(PublisherDetails)" -appmanifest "Application Files/<assembly folder name>/<assemblyname>.exe.manifest" -CertFile "$(SignKey.secureFilePath)" -Password "$(SignKeyPassword)"
Upvotes: 2
Related Questions
- How to Publish a ClickOnce application with Azure DevOps Pipeline on different environments?
- Build fails when signing code in Azure Pipeline
- How to use ClickOnce bootstrapper prerequisites on Azure DevOps build server?
- ClickOnce deployment on Azure DevOps release pipeline
- Azure Devops Build Pipeline - Click Once Application Release Versioning Strategy
- Azure DevOps ClickOnce Build&Release publish.htm missing
- Securely Signing ClickOnce Applications in Azure DevOps Pipeline
- How to sign the assembly in Visual Studio Team Services Build definition
- Set ClickOnce ApplicationVersion and MinimumRequiredVersion to date in VSTS Build
- Clickonce app publishing using visual studio online