As part of Microsoft's continued push for supply chain security, our CI that builds shipping software must extend an "official" template that can be used to ensure various safety checks have run.
Unfortunately, this requires extensive changes to our CI to fit their model. This PR requires both necessary changes and cleanup done to make our process mesh better with the template.
The only functional difference should be:
Previously the outputs of both the Windows and MacOS builds were copied to the same artifact directory ("nuget") which was signed and released. This meant that the last one written "won" and that's what we shipped. The new template didn't like multiple agents writing to the same output directory, so now we only write to output-windows and output-macos, and we always sign and ship the output-windows output.
As part of Microsoft's continued push for supply chain security, our CI that builds shipping software must extend an "official" template that can be used to ensure various safety checks have run.
Unfortunately, this requires extensive changes to our CI to fit their model. This PR requires both necessary changes and cleanup done to make our process mesh better with the template.
The only functional difference should be:
Windows
andMacOS
builds were copied to the same artifact directory ("nuget"
) which was signed and released. This meant that the last one written "won" and that's what we shipped. The new template didn't like multiple agents writing to the same output directory, so now we only write tooutput-windows
andoutput-macos
, and we always sign and ship theoutput-windows
output.