Skip to content
This repository was archived by the owner on Nov 16, 2023. It is now read-only.

Commit 30ae42f

Browse files
authored
fix: Sign APK during release build using ESRP CodeSign (#17)
Currently, no part of our build or release pipeline signs the APK. This PR introduces the ESRP CodeSign task to release-build.yaml to sign our APK. This will allow us to download the APK from the build artifact for testing purposes and to consume said APK in the release pipeline. You can find a signed apk in the artifacts here. I verified that the cert of the newly published APK matches the cert of our previously published APK using keytool -list -printcert -jarfile <apk>.
1 parent ec36fd0 commit 30ae42f

File tree

1 file changed

+25
-0
lines changed

1 file changed

+25
-0
lines changed

pipeline/release-build.yaml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,31 @@ jobs:
3232
testResultsFiles: '**/TEST-*.xml'
3333
tasks: 'build'
3434

35+
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
36+
displayName: 'sign release apk with ESRP CodeSigning'
37+
inputs:
38+
ConnectedServiceName: 'Accessibility Insights for Android Service AAD APP Id'
39+
FolderPath: '$(system.defaultWorkingDirectory)/AccessibilityInsightsForAndroidService/app/build/outputs/apk/release'
40+
Pattern: '*.apk'
41+
signConfigType: inlineSignParams
42+
inlineOperation: |
43+
[
44+
{
45+
"KeyCode" : "CP-458288-Java",
46+
"OperationCode" : "AndroidSign",
47+
"Parameters" : {},
48+
"ToolName" : "sign",
49+
"ToolVersion" : "1.0"
50+
},
51+
{
52+
"KeyCode" : "CP-458288-Java",
53+
"OperationCode" : "JavaVerify",
54+
"Parameters" : {},
55+
"ToolName" : "sign",
56+
"ToolVersion" : "1.0"
57+
}
58+
]
59+
3560
- task: PublishPipelineArtifact@1
3661
displayName: publish apk folder as artifact
3762
inputs:

0 commit comments

Comments
 (0)