[ci] Use sign-artifacts template for macOS signing #9091
Conversation
|
Finally managed to get through all the issues and various outages, and the latest test build looks good: https://devdiv.visualstudio.com/DevDiv/_build/results?buildId=9889091&view=results Checking a few files randomly in the Darwin pack the signatures seems right:
|
| <MacDeveloperSign Include="*.dylib" /> | ||
| <MacDeveloperSignHarden Include="Darwin/aapt2" /> | ||
| <MacDeveloperSignHarden Include="Darwin/binutils/bin/*as" /> | ||
| <MacDeveloperSignHarden Include="Darwin/binutils/bin/*ld" /> | ||
| <MacDeveloperSignHarden Include="Darwin/binutils/bin/llc" /> | ||
| <MacDeveloperSignHarden Include="Darwin/binutils/bin/llvm-mc" /> | ||
| <MacDeveloperSignHarden Include="Darwin/binutils/bin/*strip" /> |
There was a problem hiding this comment.
Previously, we used an item group like @(_MSBuildFilesUnixSignAndHarden) or @(_BinUtilsFilesUnixSign), is there a chance we might miss a file?
There was a problem hiding this comment.
That is possible, but we have signing validation steps in place that should catch any file additions that don't have a corresponding signlist update. We could look to partially generate this in the future, though I'd like to try to get this in to help ease all of the signing pain we've been hitting over the last few weeks.
I don't think we will need to backport this, as the recent changes to use dotnet build and disable CodeQL on non-main branches should get us building again there. |
* main: (23 commits) Localized file check-in by OneLocBuild Task (#9129) [ci] Disable CodeQL on CI/PR pipelines (#9128) Refine 16k page alignment support (#9075) [build] fix `ConfigureLocalWorkload` target (#9124) Bump to NDK r27 (#9020) [ci] Use drop service for SDK insertion artifacts (#9116) Fix up all mapping paths (#9121) [ci] Fix maestro publishing for stable packages (#9118) Bump to dotnet/sdk@2f14fea98b 9.0.100-preview.7.24367.21 (#9108) Missing androidx.window.[extensions|sidecar] warnings (#9085) [ci] Use sign-artifacts template for macOS signing (#9091) [ci] Use DotNetCoreCLI to sign macOS files (#9102) [ci] Disable CodeQL on macOS, Linux, non-main jobs (#9111) [tests] re-enable `JavaAbstractMethodTest` (#9097) [Microsoft.Android.Sdk.ILLink] preserve types with `IJniNameProviderAttribute` (#9099) [Mono.Android] Data sharing and Close() overrides (#9103) [AndroidManifest] Add `Android.App.PropertyAttribute` (#9016) [Mono.Android] Add support for AndroidMessageHandler ClientCertificates (#8961) [Mono.Android] Bind and enumify API-35 (#9043) Bump to dotnet/java-interop@7a058c0e (#9066) ...
Context: https://github.com/xamarin/yaml-templates/pull/317
We've been hitting a lot of issues recently in the macOS developer
signing steps that run during the build. Mono MSBuild has been crashing,
and signing service requests have been timing out.
The macOS developer signing steps have been moved to the post build
signing job that runs on Windows agents to try to mitigate these issues.