From 2a084ef212450b4f70fc599360111e420065d10d Mon Sep 17 00:00:00 2001
From: Jeffrey Stedfast <jestedfa@microsoft.com>
Date: Tue, 13 Aug 2024 14:04:18 -0400
Subject: [PATCH] Fixed package signing

* Explicitly invoke the 'SignFiles' target in the package signing step
* Generate & archive a binlog for the NuGet package signing step
* Disable sbom for the nuget packages.
---
 azure-pipelines/build.yml              | 15 +++++++++++----
 azure-pipelines/nuget-package.signproj |  6 +++---
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/azure-pipelines/build.yml b/azure-pipelines/build.yml
index c53a10517..fb645d6c4 100644
--- a/azure-pipelines/build.yml
+++ b/azure-pipelines/build.yml
@@ -56,13 +56,20 @@ extends:
             sbom:
               enabled: true
           outputs:
+          - output: pipelineArtifact
+            displayName: 'Publish Logs'
+            condition: always()
+            targetPath: '$(Build.ArtifactStagingDirectory)\Logs'
+            artifactType: container
+            sbomEnabled: false
           - output: nuget
-            displayName: 'NuGet push to NuGet.org'
+            displayName: 'Publish packages to NuGet.org'
             condition: and(succeeded(), eq(variables['Build.OfficialRelease'], 'true'))
             packageParentPath: '$(Build.ArtifactStagingDirectory)\Packages'
             packagesToPush: $(Build.ArtifactStagingDirectory)\Packages\*.nupkg;!$(Build.ArtifactStagingDirectory)\Packages\*.symbols.nupkg
             nuGetFeedType: external
             publishFeedCredentials: UpgradeAssistantExtensions-NuGet.org
+            sbomEnabled: false
         steps:
         - checkout: self
           clean: true
@@ -113,10 +120,10 @@ extends:
           displayName: Build Mappings NuGet package
           inputs:
             solution: src\UpgradeAssistant.Mappings\UpgradeAssistant.Mappings.csproj
-            msbuildArgs: /t:Pack /p:PublicRelease=$(Build.OfficialRelease) /p:TimestampPackage=$(TimestampPackage) /p:PackageOutputPath="$(Build.ArtifactStagingDirectory)\UnsignedPackages"
+            msbuildArgs: /t:Pack /p:PublicRelease=$(Build.OfficialRelease) /p:TimestampPackage=$(TimestampPackage) /p:PackageOutputPath="$(Build.ArtifactStagingDirectory)\Packages"
             configuration: release
         - task: MSBuild@1
-          displayName: 'Sign Mappings NuGet Package'
+          displayName: 'Sign NuGet Packages'
           inputs:
             solution: 'azure-pipelines\nuget-package.signproj'
-            msbuildArguments: '/p:OutDir=$(Build.ArtifactStagingDirectory)\Packages /p:UnsignedPackagesPath=$(Build.ArtifactStagingDirectory)\UnsignedPackages'
+            msbuildArguments: '/t:SignFiles /v:diagnostic /bl:$(Build.ArtifactStagingDirectory)\Logs\SignNugetPackages.binlog /p:OutDir=$(Build.ArtifactStagingDirectory)\Packages /p:PackagesPath=$(Build.ArtifactStagingDirectory)\Packages'
diff --git a/azure-pipelines/nuget-package.signproj b/azure-pipelines/nuget-package.signproj
index 47fe93528..8ce4d4753 100644
--- a/azure-pipelines/nuget-package.signproj
+++ b/azure-pipelines/nuget-package.signproj
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="Current" Sdk="Microsoft.Build.NoTargets/3.7.56">
+<Project ToolsVersion="Current" Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <TargetFrameworks>net8.0</TargetFrameworks>
   </PropertyGroup>
@@ -8,9 +8,9 @@
     <PackageReference Include="Microsoft.VisualStudioEng.MicroBuild.Core" version="1.0.0" />
   </ItemGroup>
 
-  <Target Name="Sign" DependsOnTargets="$(SignDependsOn)" AfterTargets="AfterBuild">
+  <Target Name="CollectNuGetPackagesToSign" DependsOnTargets="$(SignDependsOn)" BeforeTargets="SignFiles">
     <ItemGroup>
-      <FilesToSign Include="$(UnsignedPackagesPath)\*.nupkg">
+      <FilesToSign Include="$(PackagesPath)\*.nupkg">
         <Authenticode>NuGet</Authenticode>
       </FilesToSign>
     </ItemGroup>