Background I recently wrote about the changes I had had to make to our Azure DevOps pipelines to address the changes required when code signing with a new DigiCert certificate due to new private key storage requirements for Code Signing certificates Today I had to do the same for a GitHub Actions pipeline. The process is very similar, but there are a few differences in the syntax and the way the secrets are stored....
This one of those posts that is more a note to self as I keep forgetting how to do this, but I hope it helps others. Background I use Microsoft’s Authenticator to provide MFA on a number of accounts. I recently swapped my Android phone and had to, after restoring a backup, re-authenticate some accounts on the new device. This was a simple process for most accounts, just a case of validating the code generated by the new device, but I had a problem with the entries where my Black Marble Entra ID account was a guest in other company’s Entra ID directories....
Background It is becoming increasingly important to sign files digitally to ensure that they have not been tampered with, to secure the software supply chain. This is something we have done for a good while as a step in our Azure DevOps pipelines. However, recent(ish) changes in the way certificates are issued has meant we have had to revise our approach. The Problem We used to use a .PFX file, stored as an Azure DevOps secure file, that contained the public and private keys and was accessed using a password, to sign our files....
I really like Web Deploy, it is a powerful tool for injecting parameters whilst deploying web applications to both Azure or an on-premise IIS Server. Every project is different, and sometimes you need to be able to inject a step into the Web Deploy package creation process to complete some extra step. This can be done by adding a target to the .csproj project file. The following example shows how you could sign the assemblies before the Web Deploy package is created....
The Issue We are running our SonarQube instance as an Azure hosted Docker container. Over the past few weeks we have been seeing intermittent occurrences of the ProjectFileIndexer exception during the SonarQube analysis step in our Azure DevOps pipelines. ##[error]java.lang.IllegalStateException: Unable to load component class org.sonar.scanner.scan.filesystem.ProjectFileIndexer When I looked closer at the exception stack, I could see at the bottom there was always a timeout error when trying to access the project....