[BUG]: InstallAppleCertificate@2 fails to expose APPLE_CERTIFICATE_SHA1HASH

[bengavin]

New issue checklist

• [X] I searched for existing GitHub issues
• [X] I read pipeline troubleshooting guide
• [X] I checked how to collect logs

Task name

InstallAppleCertificate

Task version

2

Issue Description

During execution of the InstallAppleCertificate task, a variable is 'set' which holds the SHA hash of the certificate as loaded. This variable is not accessible by later tasks. For certificates which have a signing identity containing certain not-command-line-safe characters, it becomes necessary to use the hash / thumbprint to identify the signing identity.

Environment type (Please select at least one enviroment where you face this issue)

• [ ] Self-Hosted
• [X] Microsoft Hosted
• [ ] VMSS Pool
• [ ] Container

Azure DevOps Server type

dev.azure.com (formerly visualstudio.com)

Azure DevOps Server Version (if applicable)

No response

Operation system

macos-14

Relevant log output

##[debug]P12 common name (CN): Apple Distribution: Problematic Name With a Comma, Inc. (abc123blahblah)
##[debug]NotBefore: Tue Oct 10 2023 13:43:06 GMT+0000 (Coordinated Universal Time)
##[debug]NotAfter: Wed Oct 09 2024 13:43:05 GMT+0000 (Coordinated Universal Time)
##[debug]certSigningIdentity=undefined
##[debug]Agent.Version=3.241.0
##[debug]set task variable: APPLE_CERTIFICATE_SHA1HASH=...actual cert thumbprint...
##[debug]Processed: ##vso[task.settaskvariable variable=APPLE_CERTIFICATE_SHA1HASH;issecret=false;]...actual cert thumbprint...

Full task logs with system.debug enabled

No response

Repro steps

- Create build YAML file
- Add properly configured InstallAppleCertificate@2 task
- Add any task which needs the signing identity, reference the $(APPLE_CERTIFICATE_SHA1HASH) variable
- Notice it isn't replaced with the actual value

[KonstantinTyukalov]

Thanks for the reporting! We are working on higher priority issues, but we'll get back to this on soon

[bengavin]

@KonstantinTyukalov - in the off chance it helps, I put together a PR that should resolve the issue. It also does some 'cleanup?' which may or may not be needed and Code Spaces doesn't like the Node10 stuff and I wasn't certainly exactly how to get rid of Node10 support entirely, so likely some work to do there yet.