Sign packages during the no publish type leg

Commit migrated from https://github.com/dotnet/core-setup/commit/b81337350a3edcf3d8a0ba8edf893ea429851723

diff --git a/src/installer/buildpipeline/Core-Setup-Publish.json b/src/installer/buildpipeline/Core-Setup-Publish.json
index 333b483..66378e0 100644 (file)
--- a/src/installer/buildpipeline/Core-Setup-Publish.json
+++ b/src/installer/buildpipeline/Core-Setup-Publish.json
@@ -254,7 +254,7 @@
       "continueOnError": false,
       "alwaysRun": false,
       "displayName": "Publish via PublishType",
-      "condition": "and(succeeded(), ne(variables.PB_PublishType, ''))",
+      "condition": "and(succeeded(), ne(variables.PB_PublishType, ''), ne(variables.PB_PublishType, 'nopublishtype'))",
       "timeoutInMinutes": 0,
       "task": {
         "id": "c6c4c611-aa2e-4a33-b606-5eaba2196824",

diff --git a/src/installer/publish/publish.proj b/src/installer/publish/publish.proj
index de704f4..461b044 100644 (file)
--- a/src/installer/publish/publish.proj
+++ b/src/installer/publish/publish.proj
@@ -33,6 +33,20 @@
   <Target Name="PublishFinalOutput"
           Condition="'$(Finalize)' == 'true'"
           DependsOnTargets="PublishCoreHostPackages;SetupPublishSymbols;PublishSymbols;FinalizeBuildInAzure;UpdateVersionsRepo" />
+    
+  <Target Name="GetPackagesToSign" DependsOnTargets="GatherShippingPackages">
+    <ItemGroup>
+      <FilesToSign Include="@(ShippedNugetPackage)">
+        <Authenticode>NuGet</Authenticode>
+      </FilesToSign>
+    </ItemGroup>
+    <Message Importance="High" Text="Attempting to sign package '%(FilesToSign.Identity)'" />
+  </Target>
+  
+  <Target Name="SignPackages"
+          Condition="'$(SkipSigning)' != 'true' and '$(SignType)' != 'public'"
+          DependsOnTargets="GetPackagesToSign;SignFiles">
+  </Target>
 
   <!--
     Target wrapping UpdatePublishedVersions: ensures that ShippedNuGetPackage items are created and
@@ -41,10 +55,10 @@
   -->
   <Target Name="UpdateVersionsRepo"
           Condition="'$(GitHubAuthToken)' != ''"
-          DependsOnTargets="ExcludeSymbolsPackagesFromPublishedVersions;
+          DependsOnTargets="GatherShippingPackages;
                             UpdatePublishedVersions" />
 
-  <Target Name="ExcludeSymbolsPackagesFromPublishedVersions">
+  <Target Name="GatherShippingPackages">
     <ItemGroup>
       <PackagesToShip Include="$(DownloadDirectory)*.nupkg" Exclude="$(DownloadDirectory)*.symbols.nupkg" />
       <PackagesToShip Remove="%(PackagesToShip.Identity)" Condition="$([System.String]::Copy('%(PackagesToShip.Identity)').Contains('latest'))" />
@@ -175,7 +189,7 @@
   </Target>
 
   <Target Name="PublishCoreHostPackages"
-          DependsOnTargets="CheckIfAllBuildsHavePublished;DownloadCoreHostPackages;DoPushCoreHostPackagesToFeed;DoPushCoreHostPackagesToAzure"
+          DependsOnTargets="CheckIfAllBuildsHavePublished;DownloadCoreHostPackages;SignPackages;DoPushCoreHostPackagesToFeed;DoPushCoreHostPackagesToAzure"
           Condition="'@(_MissingBlobNames)' == '' AND '$(NuGetFeedUrl)' != ''">
     <Error Condition="'$(NuGetFeedUrl)' ==''" Text="Missing required property NuGetFeedUrl" />
     <Error Condition="'$(NuGetApiKey)' == ''" Text="Missing required property NuGetApiKey" />
@@ -197,6 +211,8 @@
     </ItemGroup>
     <PropertyGroup>
       <DownloadDirectory Condition="'$(DownloadDirectory)' == ''">$(BinDir)PackageDownload/</DownloadDirectory>
+      <!-- The SignFiles target needs OutDir to be defined -->
+      <OutDir>$(DownloadDirectory)</OutDir>
     </PropertyGroup>
     <MakeDir Directories="$(DownloadDirectory)"
              Condition="!Exists('$(DownloadDirectory)')" />