The NuGet Sign action is used to sign a NuGet package with a X.509 certificate to provide protection against content tampering.
NuGet Sign
Name
A friendly name for this action (will be displayed in the actions workflow area).
Enabled
Determines if this action will be run within the relevant stage.
Package(s)
The paths to one or more .nupkg package files to sign. One path per line.
Output Directory
The directory where the signed package should be saved. By default, the original package is overwritten by the signed package. [-OutputDirectory]
Command Line Version
Select the version of the NuGet command line that is installed on the agent. Some other settings and options may be unavailable depending which the command line version is selected.
Using
The Using drop down is populated with any property collector whose namespace matches the pattern defined by the NuGet Spec action. The pattern for this action is ^NuGet.*
If you create a property collector for this action, make sure you select the Path Finder PlugIn type and give it a name that will match the pattern above in blue. Example names listed here, search the table's Plugin column for "NuGet Spec".
For more in-depth explanations on property collectors see Property Collectors.
Alternatively, you can select the Custom option from the Using drop down list and specify a path in the resulting input field that will be displayed. Please read Why it's a good idea to use a property collector before using this option.
Certificate
Path
The path to a X.509 certificate file to be used to sign the package. [-CertificatePath]
Store Location
The location of the X.509 certificate store used to search for the certificate. This defaults to 'CurrentUser', the certificate store for the user the agent service is running under. [-CertificateStoreLocation]
Store Name
The name of the X.509 certificate store used to search for the certificate. This defaults to 'My', the certificate store for personal certificates. [-CertificateStoreName]
Subject Name
The subject name of the certificate used to search for the certificate. The search is a case-insensitive string comparison using the supplied value, which will find all certificates with the subject name containing that string, regardless of other subject values. [-CertificateSubjectName]
Fingerprint
The SHA-1 fingerprint of the certificate used to search a local certificate store for the certificate. [-CertificateFingerprint]
Password
The password associated with the certificate. [-CertificatePassword]
Settings
Configuration File
A specific NuGet configuration file to use. Leave blank to use %AppData%\NuGet\nuget.config. [-ConfigFile]
Hash Algorithm
The hash algorithm to used to sign the package. Default is SHA256. [-HashAlgorithm]
Timestamper
URL to an RFC 3161 timestamping server. [-Timestamper]
Timestamp Hash Algorithm
Hash algorithm to be used by the RFC 3161 timestamp server. Default is SHA256. [-TimestampHashAlgorithm]
Overwrite current signature
If not ticked, the command will fail if the package already has a signature. [-Overwrite]
Options
Verbosity
How much information should the command line output? [-Verbosity]
Force English output
Forces the command line to run using an invariant, English-based culture. [-ForceEnglishOutput]
Timeout (in seconds)
How long to wait for the action to finish running before timing out. Leaving this blank (or zero) will default to 86400 seconds (24 hours).
Treat failure as warning
Tick to continue build on failure marking the action with a warning status.
Ignore warnings
If this is ticked, any warnings logged will not mark the action with a warning status.
Environment
Environment Variables
Multiple environment variables can be defined - one per line. These are set before the command line is run.
Log environment variables
If this is ticked, environment variable values are written to the build log.
Generate system environment variables
Tick this checkbox to set up a list of new environment variables prefixed with 'ContinuaCI.' for all current system expression objects and variables.
Mask sensitive variable values in system environment variables
This checkbox is visible only if the 'Generate system environment variables' checkbox is ticked.
If this is ticked, the values of any variables marked as sensitive will be masked with **** when setting system environment variables. Clear this to expose the values.