secureFileId variable not supported when using jobs declaration in azure-pipelines.yml

[sbraswell]

We've used this task for quite a while very successfully but have encountered an issue in one very specific situation. We have a build pipeline that sets job specific properties to clean the workspace as shown here:

jobs:
- job: Build
  workspace:
    clean: all

If jobs: exists in the yaml then using a variable for the secureFileId property of the task is not properly handled. Our usage shown here:

  - task: codesigning@2
    displayName: Code Signing Assemblies
    inputs:
      secureFileId: $(CodeSigningFileId)
      signCertPassword: '$(code-signing-password)'
      files: '**/bin/**/$(buildConfiguration)/**/@(*.exe|*.dll)'
      hashingAlgorithm: 'SHA256'

We have other pipelines that do not have a jobs declaration which use a variable in this way and work fine. I get the following build failure immediately:

The pipeline is not valid. Job Build: Step codesigning1 input secureFileId references secure file $(CodeSigningFileId) which could not be found. The secure file does not exist or has not been authorized for use. For authorization details, refer to https://aka.ms/yamlauthz.

I've confirmed with log output that the content of the $(CodeSigningFileId) variable is the value I would expect and if I simply remove the jobs: declaration the task works with the variable.

I don't know that this issue is unique to the codesigning@2 task, but I'm hoping that someone might be able to give me some help on figuring this one out. Maybe there is something different about this task running within the context of a job?

Thanks for any help you can offer!

[StefanKert]

Hi @sbraswell,

that actually sounds interesting. Can you maybe execute a build with debug log enabled to see the extended logs? Can you also add the logs for the codesigning task, since it would show the progress of the download and if anything weird is going on there it should be visible there.