From ded80f089caee9be07c8a3472c0ee8a374e87f83 Mon Sep 17 00:00:00 2001 From: Jon Thysell Date: Mon, 4 Nov 2024 09:33:57 -0800 Subject: [PATCH] [0.74] Backport certificate fixes to unblock CI (#14059) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Description This PR cherry-picks the following certificate-related commits to unblock CI in 0.74: https://github.com/microsoft/react-native-windows/commit/3a5ca66aab21739e168bd7d236de2f420bf3090c https://github.com/microsoft/react-native-windows/commit/3534af4fdfb0e5b73b1ecf6b3da6c48f129d008b https://github.com/microsoft/react-native-windows/commit/5fad854368beb3bee4a1526bb7fc97ad0f7bf8ad --------- Co-authored-by: Danny van Velzen 🁴 --- .ado/jobs/e2e-test.yml | 2 -- .ado/jobs/playground.yml | 8 +++++-- .ado/jobs/sample-apps.yml | 1 - .ado/templates/react-native-init-windows.yml | 7 +++--- .ado/templates/react-native-init.yml | 1 - .../run-windows-with-certificates.yml | 11 +++++---- .ado/templates/write-certificate.yml | 23 +++++++++++-------- 7 files changed, 29 insertions(+), 24 deletions(-) diff --git a/.ado/jobs/e2e-test.yml b/.ado/jobs/e2e-test.yml index 4252c3602bb..2b638e24d3e 100644 --- a/.ado/jobs/e2e-test.yml +++ b/.ado/jobs/e2e-test.yml @@ -83,7 +83,6 @@ jobs: - template: ../templates/run-windows-with-certificates.yml parameters: buildEnvironment: ${{ parameters.BuildEnvironment }} - certificateName: reactUWPTestAppEncodedKey buildConfiguration: Release buildPlatform: ${{ matrix.BuildPlatform }} buildLogDirectory: $(BuildLogDirectory) @@ -191,7 +190,6 @@ jobs: - template: ../templates/run-windows-with-certificates.yml parameters: buildEnvironment: ${{ parameters.BuildEnvironment }} - certificateName: reactUWPTestAppEncodedKey buildConfiguration: Release buildPlatform: ${{ matrix.BuildPlatform }} buildLogDirectory: $(BuildLogDirectory) diff --git a/.ado/jobs/playground.yml b/.ado/jobs/playground.yml index 751b62b4a15..fa021a1f2c8 100644 --- a/.ado/jobs/playground.yml +++ b/.ado/jobs/playground.yml @@ -8,6 +8,9 @@ parameters: - Continuous - name: AgentPool type: object + - name: certificatePassword + type: string + default: 'pwd' - name: buildMatrix type: object default: @@ -135,8 +138,8 @@ jobs: - ${{if eq(config.BuildEnvironment, 'Continuous')}}: - template: ../templates/write-certificate.yml parameters: - certificateName: playgroundEncodedKey - + certificatePassword: ${{ parameters.certificatePassword }} + - ${{ if eq(matrix.UseExperimentalWinUI3, true) }}: - template: ../templates/set-experimental-feature.yml parameters: @@ -175,6 +178,7 @@ jobs: ${{if eq(config.BuildEnvironment, 'Continuous')}}: msbuildArgs: /p:PackageCertificateKeyFile=$(Build.SourcesDirectory)\EncodedKey.pfx + /p:PackageCertificatePassword=${{ parameters.certificatePassword }} - ${{if and(endsWith(matrix.Name, 'Universal'), eq(matrix.BuildConfiguration, 'Debug')) }}: # Execute debug feature tests (skip this step for the Win32 Playground app and for release builds) diff --git a/.ado/jobs/sample-apps.yml b/.ado/jobs/sample-apps.yml index 50f48283c76..cd121ef5a3b 100644 --- a/.ado/jobs/sample-apps.yml +++ b/.ado/jobs/sample-apps.yml @@ -94,7 +94,6 @@ jobs: - template: ../templates/run-windows-with-certificates.yml parameters: buildEnvironment: ${{ parameters.BuildEnvironment }} - certificateName: sampleAppCPPEncodedKey buildConfiguration: ${{ matrix.BuildConfiguration }} buildPlatform: ${{ matrix.BuildPlatform }} deployOption: ${{ matrix.DeployOption }} diff --git a/.ado/templates/react-native-init-windows.yml b/.ado/templates/react-native-init-windows.yml index f9e5fe59a65..d82e4fdd1ac 100644 --- a/.ado/templates/react-native-init-windows.yml +++ b/.ado/templates/react-native-init-windows.yml @@ -62,8 +62,8 @@ steps: workingDirectory: $(Agent.BuildDirectory) - ${{ if and(endsWith(parameters.template, '-lib'), not(startsWith(parameters.template, 'old'))) }}: - - script: | - npx --yes create-react-native-library@latest --slug testcli --description testcli --author-name "React-Native-Windows Bot" --author-email 53619745+rnbot@users.noreply.github.com --author-url http://example.com --repo-url http://example.com --languages kotlin-objc --type module-new --react-native-version $(reactNativeDevDependency) --example vanilla testcli + - script: | # Force version 0.42.1, version 0.42.2 is broken, see https://github.com/callstack/react-native-builder-bob/issues/674 + npx --yes create-react-native-library@0.42.1 --slug testcli --description testcli --author-name "React-Native-Windows Bot" --author-email 53619745+rnbot@users.noreply.github.com --author-url http://example.com --repo-url http://example.com --languages kotlin-objc --type module-new --react-native-version $(reactNativeDevDependency) --example vanilla testcli displayName: Init new lib project with create-react-native-library workingDirectory: $(Agent.BuildDirectory) @@ -177,7 +177,6 @@ steps: - template: ../templates/run-windows-with-certificates.yml parameters: buildEnvironment: ${{ parameters.BuildEnvironment }} - certificateName: RNWEncodedKey buildConfiguration: ${{ parameters.configuration }} buildPlatform: ${{ parameters.platform }} deployOption: ${{ parameters.additionalRunArguments }} @@ -224,4 +223,4 @@ steps: inputs: pathtoPublish: '$(Build.StagingDirectory)/Tracing' artifactName: 'Traces - $(Agent.JobName)-$(System.JobAttempt)' - condition: succeededOrFailed() \ No newline at end of file + condition: succeededOrFailed() diff --git a/.ado/templates/react-native-init.yml b/.ado/templates/react-native-init.yml index e2b5899ac0c..3f904006589 100644 --- a/.ado/templates/react-native-init.yml +++ b/.ado/templates/react-native-init.yml @@ -161,7 +161,6 @@ steps: - template: ../templates/run-windows-with-certificates.yml parameters: buildEnvironment: ${{ parameters.BuildEnvironment }} - certificateName: RNWEncodedKey buildConfiguration: ${{ parameters.configuration }} buildPlatform: ${{ parameters.platform }} deployOption: ${{ parameters.additionalRunArguments }} diff --git a/.ado/templates/run-windows-with-certificates.yml b/.ado/templates/run-windows-with-certificates.yml index 38eabc69ac8..0a109108b96 100644 --- a/.ado/templates/run-windows-with-certificates.yml +++ b/.ado/templates/run-windows-with-certificates.yml @@ -6,8 +6,6 @@ parameters: - PullRequest - SecurePullRequest - Continuous - - name: certificateName - type: string - name: buildConfiguration type: string values: @@ -31,7 +29,10 @@ parameters: - name: moreMSBuildProps type: string default: '' - + - name: certificatePassword + type: string + default: 'pwd' + steps: - ${{ if eq(parameters.buildConfiguration, 'Debug') }}: - script: > @@ -61,7 +62,7 @@ steps: - ${{ if and(eq(parameters.buildConfiguration, 'Release'), eq(parameters.buildEnvironment, 'Continuous')) }}: - template: ../templates/write-certificate.yml parameters: - certificateName: ${{ parameters.certificateName }} + certificatePassword: ${{ parameters.certificatePassword }} - script: > yarn react-native run-windows @@ -70,7 +71,7 @@ steps: --no-launch --logging --buildLogDirectory ${{ parameters.buildLogDirectory }} - --msbuildprops RestoreLockedMode=${{ parameters.restoreLockedMode }},RestoreForceEvaluate=${{ parameters.restoreForceEvaluate }},PackageCertificateKeyFile=$(Build.SourcesDirectory)\EncodedKey.pfx${{ parameters.moreMSBuildProps }} + --msbuildprops RestoreLockedMode=${{ parameters.restoreLockedMode }},RestoreForceEvaluate=${{ parameters.restoreForceEvaluate }},PackageCertificateKeyFile=$(Build.SourcesDirectory)\EncodedKey.pfx,PackageCertificatePassword=${{ parameters.certificatePassword }}${{ parameters.moreMSBuildProps }} ${{ parameters.deployOption }} displayName: run-windows (Release) - CI workingDirectory: ${{ parameters.workingDirectory }} diff --git a/.ado/templates/write-certificate.yml b/.ado/templates/write-certificate.yml index 2dbf7618755..271272f1ffd 100644 --- a/.ado/templates/write-certificate.yml +++ b/.ado/templates/write-certificate.yml @@ -1,15 +1,20 @@ parameters: - - name: certificateName + - name: certificatePassword type: string + default: 'pwd' steps: - powershell: | - Write-Host "Using certificate named ${{ parameters.certificateName }}" - Write-Host "##vso[task.setvariable variable=EncodedKey]$(${{ parameters.certificateName }})" - displayName: Determining certificate + $certStoreRoot="cert:\CurrentUser\My" + $rootFolder="$(Build.SourcesDirectory)" - - powershell: | - $PfxBytes = [System.Convert]::FromBase64String("$(EncodedKey)") - $PfxPath = [System.IO.Path]::GetFullPath( (Join-Path -Path $(Build.SourcesDirectory) -ChildPath EncodedKey.pfx) ) - [System.IO.File]::WriteAllBytes("$PfxPath", $PfxBytes) - displayName: Write certificate + # the following two lines must match + [System.Security.SecureString] $password = ConvertTo-SecureString -String "${{ parameters.certificatePassword }}" -Force -AsPlainText + + $cert = New-SelfSignedCertificate -KeyExportPolicy Exportable -CertStoreLocation $certStoreRoot -DnsName "Development Root CA" -NotAfter (Get-Date).AddYears(5) -Type CodeSigningCert -KeyUsage DigitalSignature + [String] $pfxPath = [System.IO.Path]::GetFullPath( (Join-Path -Path $rootFolder -ChildPath EncodedKey.pfx) ) + [String] $certPath = "$certStoreRoot\$($cert.Thumbprint)" + + Export-PfxCertificate -Cert $certPath -FilePath $pfxPath -Password $password + + displayName: Create self-signed certificate