Use azure-cli for signing authenticationHEADv7.0.0-rc.1main

The previous method was deprecated by Azure.

2 files changed, 11 insertions, 12 deletions

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 554d3c17..800749cf 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -41,7 +41,7 @@ jobs:
       - name: Install sign tool
         if: ${{ env.SignBuild == 'true' }}
         shell: cmd
-        run: dotnet tool install --tool-path build\.tools sign --version 0.9.1-beta.24170.3
+        run: dotnet tool install --tool-path build\.tools sign --version 0.9.1-beta.26102.1
 
       - name: Configure automated logging and crash dumps
         shell: cmd
@@ -55,23 +55,22 @@ jobs:
           reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\LocalDumps" /t REG_DWORD /v DumpCount /d 10 /f
           reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\LocalDumps" /t REG_DWORD /v DumpType /d 1
 
-      # - name: 'Az CLI login'
-      #   if: ${{ env.SignBuild == 'true' }}
-      #   uses: azure/login@v1
-      #   with:
-      #     allow-no-subscriptions: true
-      #     client-id: ${{ secrets.WIX_SIGNING_CLIENTID }}
-      #     tenant-id: ${{ secrets.WIX_SIGNING_TENANTID }}
+      - name: 'Az CLI login'
+        if: ${{ env.SignBuild == 'true' }}
+        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # tag: v2.3.0
+        with:
+          allow-no-subscriptions: true
+          client-id: ${{ secrets.WIX_SIGNING_CLIENTID }}
+          tenant-id: ${{ secrets.WIX_SIGNING_TENANTID }}
 
       - name: Build wix7
         shell: cmd
         run: ./src/build_official.cmd
         env:
           RuntimeTestsEnabled: true
+          AZURE_CLIENT_ID: ${{ env.SignBuild == 'true' && secrets.WIX_SIGNING_CLIENTID || '' }}
+          AZURE_TENANT_ID: ${{ env.SignBuild == 'true' && secrets.WIX_SIGNING_TENANTID || '' }}
           SigningKeyVaultUri:  ${{ env.SignBuild == 'true' && secrets.WIX_SIGNING_VAULTURI || '' }}
-          SigningTenantId:  ${{ env.SignBuild == 'true' && secrets.WIX_SIGNING_TENANTID || '' }}
-          SigningClientId:  ${{ env.SignBuild == 'true' && secrets.WIX_SIGNING_CLIENTID || '' }}
-          SigningClientSecret:  ${{ env.SignBuild == 'true' && secrets.WIX_SIGNING_SECRET || '' }}
           SigningCertName:  ${{ env.SignBuild == 'true' && secrets.WIX_SIGNING_CERTNAME || '' }}
 
       - name: Validate test results
diff --git a/src/Directory.Build.targets b/src/Directory.Build.targets
index 45320d19..7e13ae83 100644
--- a/src/Directory.Build.targets
+++ b/src/Directory.Build.targets
@@ -5,7 +5,7 @@
   <PropertyGroup>
     <SigningToolExe>$(ToolsFolder)\sign.exe</SigningToolExe>
     <SigningCommand>code azure-key-vault</SigningCommand>
-    <SigningConfiguration>--description "WiX Toolset" --description-url "https://wixtoolset.org/" --recurse-containers=false --azure-key-vault-url $(SigningKeyVaultUri) --azure-key-vault-tenant-id $(SigningTenantId) --azure-key-vault-client-id $(SigningClientId) --azure-key-vault-client-secret $(SigningClientSecret) --azure-key-vault-certificate $(SigningCertName) --timestamp-url "http://timestamp.digicert.com"</SigningConfiguration>
+    <SigningConfiguration>--publisher-name "WiX Toolset" --description "WiX Toolset" --description-url "https://wixtoolset.org/" --recurse-containers=false --azure-credential-type azure-cli --azure-key-vault-url "$(SigningKeyVaultUri)" --azure-key-vault-certificate "$(SigningCertName)"</SigningConfiguration>
   </PropertyGroup>
 
   <PropertyGroup Condition=" '$(IsWixTestSupportProject)'=='true' ">