Add Azure DevOps signing support (dotnet/coreclr#21545)

Add signing support for Azure DevOps pipelines. This uses the arcade signing step, but with custom logic to find files to sign while we're not using arcade for the rest of the build.

Commit migrated from https://github.com/dotnet/coreclr/commit/e763e8302028edb4a49e22b7e18b888b3145d48c

diff --git a/eng/build-job.yml b/eng/build-job.yml
index d8a5f61..064db09 100644 (file)
--- a/eng/build-job.yml
+++ b/eng/build-job.yml
@@ -14,6 +14,7 @@ jobs:
     archType: ${{ parameters.archType }}
     osGroup: ${{ parameters.osGroup }}
     osIdentifier: ${{ parameters.osIdentifier }}
+    enableMicrobuild: true
 
     # Compute job name from template parameters
     name: ${{ format('build_{0}_{1}_{2}', parameters.osIdentifier, parameters.archType, parameters.buildConfig) }}
@@ -68,6 +69,19 @@ jobs:
       - script: set __TestIntermediateDir=int&&build.cmd $(buildConfig) $(archType) -skiptests -skipbuildpackages
         displayName: Build product
 
+    # Sign on Windows
+    - ${{ if and(ne(variables['System.TeamProject'], 'public'), ne(variables['Build.Reason'], 'PullRequest'), eq(parameters.osGroup, 'Windows_NT')) }}:
+      - script: powershell eng\common\build.ps1 -ci -sign -restore -configuration:$(buildConfig) -warnaserror:0 /p:ArcadeBuild=true /p:OfficialBuild=true /p:BuildOS=$(osGroup) /p:BuildArch=$(archType) /p:BuildType=$(buildConfig) /p:DotNetSignType=%_SignType%
+        displayName: Sign Binaries
+
+      - task: PublishBuildArtifacts@1
+        displayName: Publish Signing Logs to VSTS
+        inputs:
+          PathtoPublish: '$(Build.SourcesDirectory)/artifacts/'
+          PublishLocation: Container
+          ArtifactName: $(Agent.Os)_$(Agent.JobName)_$(archType)
+        continueOnError: true
+        condition: always()
 
     # Upload build as pipeline artifact
     - ${{ if ne(parameters.osGroup, 'Windows_NT') }}:
@@ -83,13 +97,6 @@ jobs:
           artifactName: ${{ format('{0}_{1}_{2}_build', parameters.osIdentifier, parameters.archType, parameters.buildConfig) }}
           targetPath: $(Build.SourcesDirectory)\bin\Product\$(osGroup).$(archType).$(buildConfigUpper)
 
-
-    # TODO: Sign
-    - ${{ if and(ne(variables['System.TeamProject'], 'public'), ne(variables['Build.Reason'], 'PullRequest')) }}:
-      - script: echo Sign!
-        displayName: Sign Binaries (empty for now)
-
-
     # Get key vault secrets for publishing
     - ${{ if and(ne(variables['System.TeamProject'], 'public'), ne(variables['Build.Reason'], 'PullRequest')) }}:
       - task: AzureKeyVault@1

diff --git a/eng/xplat-job.yml b/eng/xplat-job.yml
index 8b25175..a59dcef 100644 (file)
--- a/eng/xplat-job.yml
+++ b/eng/xplat-job.yml
@@ -11,6 +11,7 @@ parameters:
   timeoutInMinutes: ''
   helixType: ''
   crossrootfsDir: ''
+  enableMicrobuild: ''
 
   # arcade-specific parameters
   gatherAssetManifests: false
@@ -31,6 +32,8 @@ jobs:
     helixRepo: 'dotnet/coreclr'
     helixType: ${{ parameters.helixType }}
 
+    enableMicrobuild: ${{ parameters.enableMicrobuild }}
+
     pool:
       ${{ if and(eq(parameters.osGroup, 'Linux'), eq(variables['System.TeamProject'], 'public')) }}:
         name: Hosted Ubuntu 1604

diff --git a/src/coreclr/Directory.Build.props b/src/coreclr/Directory.Build.props
index 2082362..63bb6d6 100644 (file)
--- a/src/coreclr/Directory.Build.props
+++ b/src/coreclr/Directory.Build.props
@@ -1,4 +1,5 @@
 <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="Sdk.props" Sdk="Microsoft.DotNet.Arcade.Sdk" Condition="'$(ArcadeBuild)' == 'True'"/>
   <PropertyGroup>
     <CL_MPCount>$(NumberOfCores)</CL_MPCount>
   </PropertyGroup>

diff --git a/src/coreclr/Directory.Build.targets b/src/coreclr/Directory.Build.targets
new file mode 100644 (file)
index 0000000..29123fe
--- /dev/null
+++ b/src/coreclr/Directory.Build.targets
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project>
+  <Import Project="Sdk.targets" Sdk="Microsoft.DotNet.Arcade.Sdk" Condition="'$(ArcadeBuild)' == 'True'"/>
+</Project>
\ No newline at end of file