- 
                Notifications
    You must be signed in to change notification settings 
- Fork 8k
Create the Windows.x64 global tool with shim for signing #21559
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create the Windows.x64 global tool with shim for signing #21559
Conversation
| Write-Verbose -Verbose -Message "pathForUpload: $pathForUpload" | ||
| Copy-Item -Path '${{ parameters.binPath }}\*' -Destination $pathForUpload -Recurse -Force -Verbose | ||
| Write-Verbose -Verbose -Message "Files copied to $pathForUpload" | ||
| $isGlobalTool = '${{ parameters.globalTool }}' -eq 'true' | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not blocking. We should move any PS Script of significant size into a script or module. This does two things, makes sure they are scanned by static analysis tools and reduces total yaml size.
| Remove-Item -Path $ridFolder/runtimes/win-arm -Recurse -Force | ||
| $toolSettings = $packagingStrings.GlobalToolSettingsFile -f "pwsh.dll" | ||
| } | ||
| # Due to needing a signed shim for the global tool, we build the global tool in build instead of packaging. | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove dead code?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wanted to keep the code and document why we don't build Windows.x64 here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved with comments
* Bump xunit from 2.6.3 to 2.6.4 (PowerShell#20967) Bumps [xunit](https://github.com/xunit/xunit) from 2.6.3 to 2.6.4. - [Commits](xunit/xunit@2.6.3...2.6.4) --- updated-dependencies: - dependency-name: xunit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump xunit.runner.visualstudio from 2.5.5 to 2.5.6 (PowerShell#20966) Bumps [xunit.runner.visualstudio](https://github.com/xunit/visualstudio.xunit) from 2.5.5 to 2.5.6. - [Release notes](https://github.com/xunit/visualstudio.xunit/releases) - [Commits](xunit/visualstudio.xunit@2.5.5...2.5.6) --- updated-dependencies: - dependency-name: xunit.runner.visualstudio dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add Import-LocalizedData implicit Localization fallback (PowerShell#19896) * Adds culture fallback to Import-LocalizedData * Only add fallback if current culture is not en-US * Pester 4 compatibility * Missing param block in It * Missed param block for It * Skip UICulture name test for Linux and Mac * Removed test fragment * Fix typo in remotingexceptions.cs (PowerShell#21015) formating -> formatting * Fix failures in GitHub action `markdown-link-check` (PowerShell#20996) * Bump xunit from 2.6.4 to 2.6.5 (PowerShell#21008) * Include information about upgrading in README (PowerShell#20993) * Update the cgmanifest (PowerShell#20955) * Add `Aliases` to the properties shown up when formatting the help content of the parameter returned by `Get-Help` (PowerShell#20994) * Bump JsonSchema.Net from 5.4.2 to 5.5.0 (PowerShell#21027) * Fix regression -Tail 0 -Wait (PowerShell#20734) * Update README.md and metadata.json for v7.2.18 and v7.4.1 releases (PowerShell#21044) * Update changelog for v7.2 and v7.3 (PowerShell#21052) * Bump xunit from 2.6.5 to 2.6.6 (PowerShell#21071) * Bump StyleCop.Analyzers from 1.2.0-beta.507 to 1.2.0-beta.556 (PowerShell#20953) * Update to the latest NOTICES file (PowerShell#20905) * Update the cgmanifest (PowerShell#21047) * Fix completion crash for the SCCM provider (PowerShell#20915) * Bump .NET SDK to 8.0.101 (PowerShell#21084) * Add `WinGetCommandNotFound` and `CompletionPredictor` modules to track usage (PowerShell#21040) * Merged PR 29314: Update ChangeLog for v7.5.0-preview.1 Update ChangeLog for v7.5.0-preview.1 * Update `README.md` and `metadata.json` for v7.5.0-preview.1 release (PowerShell#21094) * Fix Get-Error serialization of array values (PowerShell#21085) Ensure Get-Error does not hang when attempting to serialize an exception that contains a property whose type is an array of System.Type instances. Also ensures that primitive types like System.Int32, System.Boolean as well as System.String is formatted as a string rather than an object with properties. * Validate the value for `using namespace` during semantic checks to prevent declaring invalid namespaces (PowerShell#21162) * Fix `using assembly` to use `Path.Combine` when constructing assembly paths (PowerShell#21169) * Add `DirectoryInfo` to the `OutputType` for `New-Item` (PowerShell#21126) * Bump JsonSchema.Net to v5.5.1 (PowerShell#21120) * Update changelog for v7.4.1 (PowerShell#21098) * Update WG members (PowerShell#21091) * Update the cgmanifest (PowerShell#21093) * Fix incorrect examples in XML docs in `PowerShell.cs` (PowerShell#21173) * Generate MSI for `win-arm64` installer (PowerShell#20516) * Rewrite the mac syslog tests to make them less flaky (PowerShell#21174) * Update versions of PSResourceGet (PowerShell#21190) * Add tilde expansion for windows native executables (PowerShell#20402) * Bump XunitXml.TestLogger from 3.1.17 to 3.1.20 (PowerShell#21207) * Remove `PSScheduledJob` module source code (PowerShell#21189) * Update to the latest NOTICES file (PowerShell#21177) * Update the cgmanifest (PowerShell#21178) * Fix a typo in `CoreAdapter.cs` (PowerShell#21179) * ConvertFrom-Json: Add -DateKind parameter (PowerShell#20925) Adds the -DateKind parameter to the ConvertFrom-Json that allows the caller to control how DateTime strings are converted into an object. The default behaviour is to create a DateTime value with the Kind being Unspecified if no TZ is set, Utc if the TZ Z is set, Local (after conversion) if an explicit TZ is set. This adds a Utc, Local to explicitly set the Kind as desired as well as a Offset and String value to create a DateTimeOffset or keep as a string. * Bump Microsoft.NET.Test.Sdk from 17.8.0 to 17.9.0 Bumps [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 17.8.0 to 17.9.0. - [Release notes](https://github.com/microsoft/vstest/releases) - [Changelog](https://github.com/microsoft/vstest/blob/main/docs/releases.md) - [Commits](microsoft/vstest@v17.8.0...v17.9.0) --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Update dependabot.yml Signed-off-by: Matthew Tanner <imatthewtanner@icloud.com> * Create codeql.yml Signed-off-by: Matthew Tanner <imatthewtanner@icloud.com> * Bump the nuget group across 1 directories with 1 update Bumps the nuget group with 1 update in the /test/tools/TestAlc/nested directory: [Newtonsoft.Json](https://github.com/JamesNK/Newtonsoft.Json). Updates `Newtonsoft.Json` from 10.0.1 to 13.0.1 - [Release notes](https://github.com/JamesNK/Newtonsoft.Json/releases) - [Commits](JamesNK/Newtonsoft.Json@10.0.1...13.0.1) --- updated-dependencies: - dependency-name: Newtonsoft.Json dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Bump PowerShellGet from 2.2.5 to 2.2.5.1 in /src/Modules Bumps [PowerShellGet](https://github.com/PowerShell/PowerShellGet) from 2.2.5 to 2.2.5.1. - [Changelog](https://github.com/PowerShell/PowerShellGet/blob/master/CHANGELOG.md) - [Commits](https://github.com/PowerShell/PowerShellGet/commits) --- updated-dependencies: - dependency-name: PowerShellGet dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump to .NET 9 Preview 1 (PowerShell#21229) * Update the cgmanifest (PowerShell#21237) * Update to the latest NOTICES file (PowerShell#21236) * Update experimental-feature json files (PowerShell#21213) * Remove `surrogateFile` setting of APIScan (PowerShell#21238) * Add dotenv install as latest version does not work with current Ruby version (PowerShell#21239) * Bump xunit from 2.6.6 to 2.7.0 Bumps [xunit](https://github.com/xunit/xunit) from 2.6.6 to 2.7.0. - [Commits](xunit/xunit@2.6.6...2.7.0) --- updated-dependencies: - dependency-name: xunit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump xunit.runner.visualstudio from 2.5.6 to 2.5.7 Bumps [xunit.runner.visualstudio](https://github.com/xunit/visualstudio.xunit) from 2.5.6 to 2.5.7. - [Release notes](https://github.com/xunit/visualstudio.xunit/releases) - [Commits](xunit/visualstudio.xunit@2.5.6...2.5.7) --- updated-dependencies: - dependency-name: xunit.runner.visualstudio dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Add dotnet-runtime-9.0 as a dependency for the Mariner package (PowerShell#21259) * Adding WG membership template (PowerShell#21153) * Adding WG membership template * Editing WG membership template * Editing WG membership template * Editing WG membership template * Editing WG membership template * Editing WG membership template * Editing WG membership template * Editing WG membership template * Editing WG membership template * Editing WG membership template * Editing WG membership template * Editing WG membership template * Editing WG membership template * Update .github/ISSUE_TEMPLATE/WG_member_request.yaml Co-authored-by: Steve Lee <slee@microsoft.com> * Update .github/ISSUE_TEMPLATE/WG_member_request.yaml Co-authored-by: Steve Lee <slee@microsoft.com> --------- Co-authored-by: Jason.Helmick <jahelmic@microsoft.com> Co-authored-by: Steve Lee <slee@microsoft.com> * Update `metadata.json` and `README.md` (PowerShell#21264) * Skip test on Windows Server 2012 R2 for `no-nl` (PowerShell#21265) * Fix a regression in `Format-Table` when header label is empty (PowerShell#21156) * Revert "Adjust PUT method behavior to POST one for default content type in WebCmdlets" (PowerShell#21049) * Fix the regression when doing type inference for `$_` (PowerShell#21223) * ConvertTo-Json: Serialize `BigInteger` as a number (PowerShell#21000) * Remove `JetBrains.Annotations` attributes (PowerShell#21246) * Suppress MacOS package manager output (PowerShell#21244) * Enable CA1868: Unnecessary call to 'Contains' for sets (PowerShell#21165) https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1868 * Bump Microsoft.CodeAnalysis.CSharp from 4.8.0 to 4.9.2 Bumps [Microsoft.CodeAnalysis.CSharp](https://github.com/dotnet/roslyn) from 4.8.0 to 4.9.2. - [Release notes](https://github.com/dotnet/roslyn/releases) - [Changelog](https://github.com/dotnet/roslyn/blob/main/docs/Breaking%20API%20Changes.md) - [Commits](https://github.com/dotnet/roslyn/commits) --- updated-dependencies: - dependency-name: Microsoft.CodeAnalysis.CSharp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump Microsoft.CodeAnalysis.Analyzers (PowerShell#21297) * Bump Microsoft.CodeAnalysis.CSharp from 4.9.0-3.final to 4.9.2 (PowerShell#21298) * Fix error formatting for pipeline enumeration exceptions (PowerShell#20211) * Fall back to type inference when hashtable key value cannot be retrieved from safe expression (PowerShell#21184) * Get-Process: Remove admin requirement for `-IncludeUserName` (PowerShell#21302) * Bump Microsoft.CodeAnalysis.Analyzers (PowerShell#21305) * Fix a typo in `releaseTools.psm1` (PowerShell#21306) * Fix PowerShell class to support deriving from an abstract class with abstract properties (PowerShell#21331) * Handle the case that `Runspace.DefaultRunspace is null` when logging for WDAC Audit (PowerShell#21344) * Make sure both stdout and stderr can be redirected from a native executable (PowerShell#20997) * Fix typo in ast.cs (PowerShell#21350) statment -> statement * Make sure the assembly/library resolvers are registered at early stage (PowerShell#21361) * Revert the PR PowerShell#17856 (Do not preserve temporary results when no need to do so) (PowerShell#21368) * Add file description to `pwsh.exe` (PowerShell#21352) * PowerShell co-ordinated build OneBranch pipeline (PowerShell#21364) * Fix argument passing in `GlobalToolShim` (PowerShell#21333) * Fix build failure due to missing reference in `GlobalToolShim.cs` (PowerShell#21388) * Fix typo in a test (PowerShell#21337) connectiong -> connecting * Fix `Test-Path -IsValid` to check for invalid path and filename characters (PowerShell#21358) * Fix typo in SessionStateCmdletAPIs.cs (PowerShell#21413) hte -> the * Update `PSReadLine` to `v2.3.5` for the next `v7.4.x` servicing release (PowerShell#21414) * Multiple fixes in official build pipeline (PowerShell#21408) * Add back two transitive dependency packages (PowerShell#21415) * Verify environment variable for OneBranch before we try to copy (PowerShell#21441) * Update PSResourceGet version from 1.0.2 to 1.0.4.1 (PowerShell#21439) * fix package build to not check some files for a signature. (PowerShell#21458) * Update `metadata.json` and `README.md` (PowerShell#21454) * Fix grammar in FAQ.md (PowerShell#21468) Fix grammar in docs FAQ * Update CHANGELOG for v7.2.19, v7.3.12 and v7.4.2 (PowerShell#21462) * Fix the error when using `Start-Process -Credential` without the admin privilege (PowerShell#21393) * Add `RecommendedAction` to `ConciseView` of the error reporting (PowerShell#20826) * Update Engine & Interactive-UX Working Group Member lists (PowerShell#20991) * Bump `Microsoft.CodeAnalysis.Analyzers` (PowerShell#21449) * Don't complete parameter name and class member declarations (PowerShell#21182) * Update the doc about how to build PowerShell (PowerShell#21334) * [StepSecurity] Apply security best practices (PowerShell#21480) * [StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> * Update dependabot.yml * Delete tools/releaseBuild/Images/microsoft_powershell_centos7 directory * Delete tools/releaseBuild/Images/microsoft_powershell_ubuntu16.04 directory * Delete tools/releaseBuild/Images/microsoft_powershell_ubuntu18.04 directory * Delete tools/releaseBuild/Images/microsoft_powershell_windowsservercore/Dockerfile --------- Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: Travis Plunk <travis.plunk@microsoft.com> * Bump ossf/scorecard-action from 2.0.6 to 2.3.1 (PowerShell#21485) * Bump ossf/scorecard-action from 2.0.6 to 2.3.1 Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.3.1. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@99c5375...0864cf1) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Update windows.yml * Update linux.yml * Update windows.yml * Update mac.yml --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Travis Plunk <travis.plunk@microsoft.com> * Bump actions/upload-artifact from 3.1.3 to 4.3.2 (PowerShell#21501) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.3 to 4.3.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@a8a3f3a...1746f4a) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github/codeql-action from 2.25.0 to 3.25.1 (PowerShell#21498) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.25.0 to 3.25.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2.25.0...c7f9125) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 3.6.0 to 4.1.2 (PowerShell#21482) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.1.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3.6.0...9bb5618) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/dependency-review-action from 2.5.1 to 4.2.5 (PowerShell#21484) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.5.1 to 4.2.5. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@0efb1d1...5bbc3ba) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add a PAT for fetching PMC cli (PowerShell#21503) * Use new pat * remove trailing whitespaces * Fix `[semver]` type to pass semver.org tests (PowerShell#21401) * Fix `[semver]` type to pass semver.org tests * fix test to split per OS specific newline * replace all regex with semver.org ones adding new one for build label, update tests --------- Co-authored-by: Steve Lee (POWERSHELL HE/HIM) (from Dev Box) <slee@ntdev.microsoft.com> * Separate DSC configuration parser check for ARM processor (PowerShell#21395) * Official PowerShell Package pipeline (PowerShell#21504) * Revert to version available on `Nuget` for `Microsoft.CodeAnalysis.Analyzers` (PowerShell#21515) * Use correct signing certificates for RPM and DEBs (PowerShell#21522) * Add branch counter variables for daily package builds (PowerShell#21523) * Expand `~` to `$home` on Windows with tab completion (PowerShell#21529) * Bump github/codeql-action from 3.25.1 to 3.25.3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.1 to 3.25.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@c7f9125...d39d31e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump actions/checkout from 4.1.2 to 4.1.4 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.2 to 4.1.4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@9bb5618...0ad4b8f) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump actions/upload-artifact from 4.3.2 to 4.3.3 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.2 to 4.3.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@1746f4a...6546280) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump super-linter/super-linter from 5.7.2 to 6.4.1 Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 5.7.2 to 6.4.1. - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](super-linter/super-linter@a8150b4...4758be6) --- updated-dependencies: - dependency-name: super-linter/super-linter dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Delete .github/workflows/codeql-analysis.yml Signed-off-by: Matthew Tanner <imatthewtanner@icloud.com> * Update codeql.yml Signed-off-by: Matthew Tanner <imatthewtanner@icloud.com> * Update codeql.yml Signed-off-by: Matthew Tanner <imatthewtanner@icloud.com> * Delete .github/workflows/codeql.yml Signed-off-by: Matthew Tanner <imatthewtanner@icloud.com> * Bump actions/dependency-review-action from 4.2.5 to 4.3.2 Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.2.5 to 4.3.2. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@5bbc3ba...0c155c5) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * update wix package install (PowerShell#21537) * Create the Windows.x64 global tool with shim for signing (PowerShell#21559) * Fix generating `OutputType` when running in Constrained Language Mode (PowerShell#21605) * Use PSScriptRoot to find path to Wix module (PowerShell#21611) * Bump actions/checkout from 4.1.4 to 4.1.5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.4 to 4.1.5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@0ad4b8f...44c2b7a) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Remember installation options and used them to initialize options for the next installation (PowerShell#20420) * Bump github/codeql-action from 3.25.3 to 3.25.4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.3 to 3.25.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@d39d31e...ccf74c9) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump to .NET 9 preview 3 (PowerShell#21782) * Bump ossf/scorecard-action from 2.3.1 to 2.3.3 Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@0864cf1...dc50aa9) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Use feed with Microsoft Wix toolset (PowerShell#21651) * Create codeql.yml Signed-off-by: Matthew Tanner <imatthewtanner@icloud.com> * Bump super-linter/super-linter from 6.4.1 to 6.5.0 Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 6.4.1 to 6.5.0. - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](super-linter/super-linter@4758be6...56576d4) --- updated-dependencies: - dependency-name: super-linter/super-linter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Matthew Tanner <imatthewtanner@icloud.com> Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Chris Dent <134605137+chrisdent-de@users.noreply.github.com> Co-authored-by: Ikko Eltociear Ashimine <eltociear@gmail.com> Co-authored-by: James Truher [MSFT] <jimtru@microsoft.com> Co-authored-by: Steven Bucher <stevenbucher8@gmail.com> Co-authored-by: PowerShell Team Bot <69177312+pwshBot@users.noreply.github.com> Co-authored-by: Dongbo Wang <dongbow@microsoft.com> Co-authored-by: CarloToso <105941898+CarloToso@users.noreply.github.com> Co-authored-by: MartinGC94 <42123497+MartinGC94@users.noreply.github.com> Co-authored-by: Jordan Borean <jborean93@gmail.com> Co-authored-by: Greg Dennis <gregsdennis@yahoo.com> Co-authored-by: Patrick Meinecke <SeeminglyScience@users.noreply.github.com> Co-authored-by: Anam Navied <anam.naviyou@gmail.com> Co-authored-by: alerickson <25858831+alerickson@users.noreply.github.com> Co-authored-by: Dom Slee <domslee1@gmail.com> Co-authored-by: Steve Lee <slee@microsoft.com> Co-authored-by: Aditya Patwardhan <adityap@microsoft.com> Co-authored-by: Jason Helmick <jason.helmick@microsoft.com> Co-authored-by: Jason.Helmick <jahelmic@microsoft.com> Co-authored-by: xtqqczze <45661989+xtqqczze@users.noreply.github.com> Co-authored-by: Friedrich von Never <friedrich@fornever.me> Co-authored-by: guangwu <guoguangwu@magic-shield.com> Co-authored-by: Roshan Ganesh <73138775+CodingGod987@users.noreply.github.com> Co-authored-by: Justin Grote <JustinGrote@users.noreply.github.com> Co-authored-by: Ryan Yates <ryan.yates@kilasuit.org> Co-authored-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: Travis Plunk <travis.plunk@microsoft.com> Co-authored-by: Steve Lee (POWERSHELL HE/HIM) (from Dev Box) <slee@ntdev.microsoft.com> Co-authored-by: David Kontyko <33853225+dkontyko@users.noreply.github.com> Co-authored-by: Tess Gauthier <tgauth@bu.edu> Co-authored-by: Dave <reduckted@outlook.com>
PR Summary
Fixes #20557
The global tool for Windows.x64 is created using dotnet pack so that shim can be generated during the build for signing.
The tool uses a new csproj with added properties for generating the shim, we added the build to fxdependent stage.
More details about shim are documented here: https://github.com/dotnet/sdk/blob/main/documentation/general/signing-global-tool-packages.md
The way the build works is a bit tricky as when it is built, we cannot add the modules that come from gallery.
We have to use
dotnet packto build the nupkg and then expand it as a zip.After expanding we restore the signed files for the modules from the gallery.
We also delete
contentandcontentFilesfolder which are not necessary.After that, we repack using Compress-Archive and rename it back to a nupkg.
PR Context
dotnet-sdk images show that the exe is unsigned and fails compliance requirements.
PR Checklist
.h,.cpp,.cs,.ps1and.psm1files have the correct copyright headerWIP:or[ WIP ]to the beginning of the title (theWIPbot will keep its status check atPendingwhile the prefix is present) and remove the prefix when the PR is ready.(which runs in a different PS Host).