Update the signing template (#2932)

mono · Jul 16, 2024 · a73cab5 · a73cab5
1 parent 82e3644
commit a73cab5
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 4 deletions.
diff --git a/scripts/SignList.xml b/scripts/SignList.xml
@@ -21,4 +21,9 @@
     <!-- <Skip Include="System.*.dll" /> -->
   </ItemGroup>
 
+  <ItemGroup>
+    <MacDeveloperSign Include="libSkiaSharp.dylib" />
+    <MacDeveloperSign Include="libHarfBuzzSharp.dylib" />
+  </ItemGroup>
+
 </Project>
diff --git a/scripts/azure-pipelines.yml b/scripts/azure-pipelines.yml
@@ -49,6 +49,10 @@ parameters:
     displayName: 'Run post-build compliance tasks (such as API Scan and PoliCheck)'
     type: boolean
     default: false
+  - name: forceRealSigning
+    displayName: 'Ignore all logic and force Real signing on binaries'
+    type: boolean
+    default: false
 
 variables:
   - template: /scripts/azure-pipelines-variables.yml@self
@@ -78,6 +82,7 @@ extends:
           buildExternals: ${{ parameters.buildExternals }}
           ${{ if and(eq(variables['System.TeamProject'], 'devdiv'), ne(variables['System.PullRequest.IsFork'], 'true')) }}:
             enableSigning: true
+            forceRealSigning: ${{ parameters.forceRealSigning }}
             ${{ if or(parameters.runCompliance, and(eq(variables['Build.Reason'], 'Schedule'), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), startsWith(variables['Build.SourceBranch'], 'refs/heads/release/')))) }}:
               sdl:
                 apiscan:
@@ -107,4 +112,4 @@ extends:
           VM_IMAGE_MAC: ${{ parameters.VM_IMAGE_MAC }}
           VM_IMAGE_MAC_NATIVE: ${{ parameters.VM_IMAGE_MAC }}
           VM_IMAGE_LINUX: ${{ parameters.VM_IMAGE_LINUX }}
-          VM_IMAGE_LINUX_NATIVE: ${{ parameters.VM_IMAGE_LINUX }}
+          VM_IMAGE_LINUX_NATIVE: ${{ parameters.VM_IMAGE_LINUX }}
diff --git a/scripts/azure-templates-stages.yml b/scripts/azure-templates-stages.yml
@@ -34,6 +34,9 @@ parameters:
   - name: enableSigning
     type: boolean
     default: false
+  - name: forceRealSigning
+    type: boolean
+    default: false
 
 stages:
   - stage: prepare
@@ -686,11 +689,11 @@ stages:
       displayName: Sign NuGets
       dependsOn: package
       jobs:
-        - template: sign-artifacts/jobs/v2.yml@xamarin-templates
+        - template: sign-artifacts/jobs/v3.yml@xamarin-templates
           parameters:
-            ${{ if or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), startsWith(variables['Build.SourceBranch'], 'refs/heads/release/')) }}:
+            ${{ if or(eq(parameters.forceRealSigning, 'true'), eq(variables['Build.SourceBranch'], 'refs/heads/main'), startsWith(variables['Build.SourceBranch'], 'refs/heads/release/')) }}:
               signType: 'Real'
-            ${{ if not(or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), startsWith(variables['Build.SourceBranch'], 'refs/heads/release/'))) }}:
+            ${{ else }}:
               signType: 'Test'
             use1ESTemplate: ${{ parameters.use1ESPipelineTemplates }}
             usePipelineArtifactTasks: true