Post Reply
jwoodcook
Posts: 4
Joined: Fri Aug 07, 2020 3:07 pm

Enable Trusted Signing causes YAML pipeline to hang for an hour

I need help to figure out why simply clicking Enable signing and choosing Use Trusted Signing (and filling out the correct info for End Point, Account Name, Certificate Name, of course) makes the YAML step hang for an hour, which gets killed by Azure DevOps.
It normally take 8 minutes to run the entire build/deploy pipeline.

Code: Select all

          - task: AdvancedInstaller@2
            displayName: 'Build Advanced Installer Project'
            inputs: 
              advinstLicense: '$(advinstLicense)'
              aipPath: '$(build.SourcesDirectory)\installation\AdvancedInstallers\AdvancedInstaller.ProductName.API\AdvancedInstaller.ProductName.aip'
              aipBuild: 'DefaultBuild'
              aipOutputFolder: '$(build.artifactStagingDirectory)\installers'
Catalin
Posts: 7492
Joined: Wed Jun 13, 2018 7:49 am

Re: Enable Trusted Signing causes YAML pipeline to hang for an hour

Hello,

Please have a look over the following how-to which explains how to handle a non-interactive automated build using Azure Trust Signing:

Handling Azure Trusted Signing in non-interactive automated build processes

Hope this helps!

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube
jwoodcook
Posts: 4
Joined: Fri Aug 07, 2020 3:07 pm

Re: Enable Trusted Signing causes YAML pipeline to hang for an hour

That link doesn't have anything to do with Automation such as YAML pipelines in Azure DevOps.

(It does have some useful info for manually building on a PC and using local ENV Variables, though: AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID)

Are you implying you think the pipeline build process is trying to prompt someone and eventually timing-out after an hour? Perhaps, but that's the beauty of the Trusted Signing Endpoint, that we don't have to store credentials inside the Advanced Installer, nor in the YAML itself (just in our own pipeline run variables).

As this page says: https://www.advancedinstaller.com/azure ... ation.html
"You only need to specify the Azure endpoint, account name, and the certificate you want to be used for signing."

1. Any other ideas?
2. Is there a way to out put the RUN LOG from Advanced Installer's build process?
Daniel
Posts: 8276
Joined: Mon Apr 02, 2012 1:11 pm
Contact: Website

Re: Enable Trusted Signing causes YAML pipeline to hang for an hour

Hi,

Does your Azure DevOps pipeline build run on a self-hosted agent running on a local machine from your network?

If so, then the solution exposed in the previously linked article should work. All you have to do (one time operation) is to interactively log in on your build server machine and create the AZURE_CLIENT_ID, AZURE_CLIENT_SECRET and AZURE_TENANT_ID environment variables for the Windows user account under which your DevOps self-hosted build agent runs.

Otherwise, if your pipeline build runs under a cloud hosted VM, then all you should do is to make sure the related login environment variables are created on build machine before the Advanced Installer build step takes place.

If your Azure account credentials are not found on build machine when the signing operation takes place, then the Windows OS will open (interactively, UI interaction required) in the web browser the Azure log in web page.

Also, in what regards your second question, to get the run log of the Advanced Installer build step you should simply check the "Enable system diagnostics" option (or set the "system.debug" variable to "true") when running your pipeline build.

Let me know if this still does not help you.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube
jwoodcook
Posts: 4
Joined: Fri Aug 07, 2020 3:07 pm

Re: Enable Trusted Signing causes YAML pipeline to hang for an hour

Wow! This worked! (even though we don't use our own VMs, but Azure DevOps by Microsoft)

>>>

Code: Select all

AZURE_CLIENT_ID AZURE_CLIENT_SECRET and AZURE_TENANT_ID
I guess you can't name your Azure DevOps variables anything other than this, so renaming them exactly like this worked! Hallelujah, and THANK YOU!
Daniel
Posts: 8276
Joined: Mon Apr 02, 2012 1:11 pm
Contact: Website

Re: Enable Trusted Signing causes YAML pipeline to hang for an hour

You are always welcome! I am glad you got this sorted out.

I am afraid the variable names cannot be changed. This requirement is imposed by Microsoft's Azure Logging framework.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube
luanto
Posts: 9
Joined: Mon Jan 17, 2022 5:45 am

Re: Enable Trusted Signing causes YAML pipeline to hang for an hour

I got the same error when using selfhosted agent. These 3 Environment variables (AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID) should be added under "System Variables" or under the account that pipeline uses?
Catalin
Posts: 7492
Joined: Wed Jun 13, 2018 7:49 am

Re: Enable Trusted Signing causes YAML pipeline to hang for an hour

Hello,

As previously mentioned by my colleague Daniel:
interactively log in on your build server machine and create the AZURE_CLIENT_ID, AZURE_CLIENT_SECRET and AZURE_TENANT_ID environment variables for the Windows user account under which your DevOps self-hosted build agent runs
The env variables should be added under the Windows User Account under which the build agent runs.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube
Post Reply

Return to “Building Installers”