Adding new pipeline and switching authenticode and strong name signing on the repo. (#1733)

Directory.Build.props

@@ -19,8 +19,23 @@
     <LangVersion>9</LangVersion>
     <!-- Generate snupkg package -->
     <IncludeSymbols>true</IncludeSymbols>
+
+    <!--We are reusing arcade targets for strongname signing the assembly. Due to this, we must set the strongnamekeyid property
+    in order to ensure that the values for publickey and publickeytoken won't be overwritten by arcade later in the evaluation.-->
+    <StrongNameKeyId>DotnetIot</StrongNameKeyId>
+    <SymbolPackageFormat>snupkg</SymbolPackageFormat>
   </PropertyGroup>
 
+  <Choose>
+    <When Condition="'$(StrongNameKeyId)' == 'DotnetIot'">
+      <PropertyGroup>
+        <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)config/DotnetIoT.snk</AssemblyOriginatorKeyFile>
+        <PublicKey>00240000048000009400000006020000002400005253413100040000010001006535ddf81eb69ab2fa653a01bb31e5c54ac3935f86b2a5a325da43c6fd6e6e6df9ad5e56eb066524c9f80709b5377c6f1a86640bb9c690797836440c31accb04f81734bc7b717b18fc520452acd99aa9f6224a0ffff65a9617ced97f8accdbbea433db509ba8351b5af58ab60e35b584bff1baec4a41b3bdea31cc690fcf4dda</PublicKey>
+        <PublicKeyToken>ca48e82f56eaea9f</PublicKeyToken>
+      </PropertyGroup>
+    </When>
+  </Choose>
+
   <ItemGroup>
     <!-- Include license and third party files to packages -->
     <Content Include="$(RepoRoot)THIRD-PARTY-NOTICES.TXT" Pack="true" PackagePath="\" />

azure-pipelines.yml

+trigger:
+  batch: true
+  branches:
+    include:
+    - main
+    - release/3.0
+    
+pr:
+  branches:
+    include:
+    - main
+    - release/3.0
+
+variables:
+  - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
+    - name: OfficialBuildId
+      value: $(Build.BuildNumber)
+    - name: DOTNET_SKIP_FIRST_TIME_EXPERIENCE
+      value: 1
+    - name: DOTNET_MULTILEVEL_LOOKUP
+      value: 0
+
+resources:
+  containers:
+  - container: LinuxContainer
+    image: mcr.microsoft.com/dotnet-buildtools/prereqs:ubuntu-14.04-cross-0cd4667-20170319080304
+
+stages:
+- stage: Build
+  jobs:
+  - job: Windows_NT
+    displayName: Windows Build
+    pool:
+      vmImage: windows-latest
+
+    strategy:
+      matrix:
+        Build_Release:
+          BuildConfiguration: Release
+        Build_Debug:
+          BuildConfiguration: Debug
+
+    steps:
+    - powershell: |
+        npm install -g markdownlint-cli
+        markdownlint -c  $(System.DefaultWorkingDirectory)/.markdownlint.json $(System.DefaultWorkingDirectory)
+      displayName: 'Execute Markdownlint'
+      condition: eq(variables['build.reason'], 'PullRequest')
+
+    - script: build.cmd -ci
+        -configuration $(BuildConfiguration)
+        -prepareMachine
+        /p:BuildPackages=true
+      displayName: Build
+
+    - script: powershell -ExecutionPolicy ByPass -NoProfile eng\common\msbuild.ps1 -warnaserror:0 -ci
+        eng/sendToHelix.proj
+        /t:Test
+        /p:TestOS=Windows_NT
+        /p:Configuration=$(BuildConfiguration)
+        /p:HelixBuild=$(Build.BuildNumber)
+        /bl:$(Build.SourcesDirectory)/artifacts/log/$(BuildConfiguration)/SendToHelix.binlog
+      displayName: Run Helix Tests
+      condition: eq(variables['build.reason'], 'PullRequest')
+      env:
+        SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+
+    - task: PublishBuildArtifacts@1
+      displayName: Publish Build logs
+      condition: always()
+      inputs:
+        pathToPublish: $(Build.SourcesDirectory)/artifacts/log/$(BuildConfiguration)/
+        artifactName: BuildLogs
+        artifactType: container
+
+    - task: CopyFiles@2
+      condition: eq(variables['BuildConfiguration'], 'Release')
+      inputs:
+        sourceFolder: $(Build.SourcesDirectory)/artifacts/packages/$(BuildConfiguration)/Shipping
+        targetFolder: $(Build.ArtifactStagingDirectory)/Packages
+
+    - publish: $(Build.ArtifactStagingDirectory)/Packages
+      displayName: Publish Build Artifacts
+      artifact: BuildPackages
+      condition: eq(variables['BuildConfiguration'], 'Release')
+
+    - publish: config
+      displayName: Publish Signing Scripts
+      artifact: config
+      condition: eq(variables['BuildConfiguration'], 'Release')
+
+  - job: Linux
+    displayName: Linux Build
+    container: LinuxContainer
+    pool:
+      vmImage: ubuntu-latest
+
+    strategy:
+      matrix:
+        Build_Release:
+          BuildConfiguration: Release
+        Build_Debug:
+          BuildConfiguration: Debug
+
+    steps:
+    - script: ./build.sh --ci
+        --configuration $(BuildConfiguration)
+        --prepareMachine
+      displayName: Build
+
+    - script: ./eng/common/msbuild.sh --warnaserror false --ci
+        eng/sendToHelix.proj
+        /t:Test
+        /p:TestOS=Unix
+        /p:Configuration=$(_BuildConfig)
+        /p:HelixBuild=$(Build.BuildNumber)
+        /bl:$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)/SendToHelix.binlog
+        /p:HelixAccessToken=$(HelixApiAccessToken)
+      displayName: Run Helix Tests
+      condition: eq(variables['build.reason'], 'PullRequest')
+      env:
+        SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+
+    - task: PublishBuildArtifacts@1
+      displayName: Publish Build logs
+      condition: always()
+      inputs:
+        pathToPublish: $(Build.SourcesDirectory)/artifacts/log/$(BuildConfiguration)/
+        artifactName: BuildLogs
+        artifactType: container
+
+- stage: CodeSign
+  condition: and(succeeded('Build'), not(eq(variables['build.reason'], 'PullRequest')))
+  jobs:
+  - deployment: CodeSign
+    displayName: Code Signing
+    pool:
+      vmImage: windows-latest
+    environment: Dotnet Iot
+    variables:
+    - group: SignClient
+    strategy:
+      runOnce:
+        deploy:
+          steps:
+          - task: DotNetCoreCLI@2
+            inputs:
+              command: custom
+              custom: tool
+              arguments: install --tool-path . SignClient
+            displayName: Install SignTool tool
+
+          - pwsh: |
+              .\SignClient "Sign" `
+              --baseDirectory "$(Pipeline.Workspace)\BuildPackages" `
+              --input "**/*.nupkg" `
+              --config "$(Pipeline.Workspace)\config\SignClient.json" `
+              --filelist "$(Pipeline.Workspace)\config\filelist.txt" `
+              --user "$(SignClientUser)" `
+              --secret '$(SignClientSecret)' `
+              --name "DotnetIoT" `
+              --description "dotnet/iot" `
+              --descriptionUrl "https://github.com/dotnet/iot"
+            displayName: Sign packages
+              
+          - publish: $(Pipeline.Workspace)/BuildPackages
+            displayName: Publish Signed Packages
+            artifact: SignedPackages

config/SignClient.json

+{
+    "SignClient": {
+        "AzureAd": {
+            "AADInstance": "https://login.microsoftonline.com/",
+            "ClientId": "c248d68a-ba6f-4aa9-8a68-71fe872063f8",
+            "TenantId": "16076fdc-fcc1-4a15-b1ca-32c9a255900e"
+        },
+        "Service": {
+            "Url": "https://codesign.dotnetfoundation.org/",
+            "ResourceId": "https://SignService/3c30251f-36f3-490b-a955-520addb85001"
+        }
+    }
+}

config/filelist.txt

+**/Iot.Device.Bindings.*
+**/System.Device.Gpio.*

src/Iot.Device.Bindings/CompatibilitySuppressions.xml

@@ -733,4 +733,11 @@
     <DiagnosticId>CP1002</DiagnosticId>
     <Target>Windows.Foundation.UniversalApiContract.dll</Target>
   </Suppression>
-</Suppressions>
\ No newline at end of file
+  <!--We are changing public key token being used, so the following are baselined:-->
+  <Suppression>
+    <DiagnosticId>CP0003</DiagnosticId>
+    <Left>lib/netcoreapp2.1/Iot.Device.Bindings.dll</Left>
+    <Right>lib/netcoreapp2.1/Iot.Device.Bindings.dll</Right>
+    <IsBaselineSuppression>true</IsBaselineSuppression>
+  </Suppression>
+</Suppressions>

src/Iot.Device.Bindings/Directory.Build.props

 <Project>
   <!-- Packaging related properties -->
   <PropertyGroup>
-    <MajorVersion>1</MajorVersion>
-    <MinorVersion>6</MinorVersion>
+    <MajorVersion>2</MajorVersion>
+    <MinorVersion>0</MinorVersion>
     <Description>This package provides a set of Device Bindings that use System.Device.Gpio package to communicate with a microcontroller.</Description>
     <PackageTags>.NET Core GPIO Pins SPI I2C PWM BCM2835 BCM2837 RPi IoT Device Bindings</PackageTags>
     <EnablePackageValidation>true</EnablePackageValidation>

src/System.Device.Gpio/CompatibilitySuppressions.xml

 <?xml version="1.0" encoding="utf-8"?>
 <Suppressions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-  <!-- All of these breaking changes are against 1.0.0 windows runtime asset which nobody compiles against so we are fine in taking them. -->
   <Suppression>
     <DiagnosticId>CP0007</DiagnosticId>
     <Target>T:System.Device.Gpio.Drivers.HummingBoardDriver</Target>
@@ -38,7 +37,6 @@
     <DiagnosticId>CP1003</DiagnosticId>
     <Target>lib/net5.0-windows10.0.17763/System.Device.Gpio.dll</Target>
   </Suppression>
-  <!-- The suppressions below are all related to Enum types which are not currently properly handled by PackageValidation. -->
   <Suppression>
     <DiagnosticId>CP0008</DiagnosticId>
     <Target>T:System.Device.Spi.DataFlow</Target>
@@ -135,4 +133,23 @@
     <Left>lib/netstandard2.0/System.Device.Gpio.dll</Left>
     <Right>lib/net5.0-windows10.0.17763/System.Device.Gpio.dll</Right>
   </Suppression>
-</Suppressions>
\ No newline at end of file
+  <!--We are changing public key token being used, so the following are baselined:-->
+  <Suppression>
+    <DiagnosticId>CP0003</DiagnosticId>
+    <Left>runtimes/win/lib/netstandard2.0/System.Device.Gpio.dll</Left>
+    <Right>lib/netstandard2.0/System.Device.Gpio.dll</Right>
+    <IsBaselineSuppression>true</IsBaselineSuppression>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0003</DiagnosticId>
+    <Left>runtimes/linux/lib/netstandard2.0/System.Device.Gpio.dll</Left>
+    <Right>lib/netstandard2.0/System.Device.Gpio.dll</Right>
+    <IsBaselineSuppression>true</IsBaselineSuppression>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0003</DiagnosticId>
+    <Left>lib/netstandard2.0/System.Device.Gpio.dll</Left>
+    <Right>lib/netstandard2.0/System.Device.Gpio.dll</Right>
+    <IsBaselineSuppression>true</IsBaselineSuppression>
+  </Suppression>
+</Suppressions>

src/System.Device.Gpio/Directory.Build.props

 <Project>
   <!-- Packaging related properties -->
   <PropertyGroup>
-    <MajorVersion>1</MajorVersion>
-    <MinorVersion>6</MinorVersion>
+    <MajorVersion>2</MajorVersion>
+    <MinorVersion>0</MinorVersion>
     <Description>The System.Device.Gpio package supports general-purpose I/O (GPIO) pins, PWM, I2C, SPI and related interfaces for interacting with low level hardware pins to control hardware sensors, displays and input devices on single-board-computers; Raspberry Pi, BeagleBoard, HummingBoard, ODROID, and other single-board-computers that are supported by Linux and Windows 10 IoT Core OS can be used with .NET Core and System.Device.Gpio.  On Windows 10 IoT Core OS, the library wraps the Windows.Devices.Gpio.dll assembly.  On Linux, the library supports three driver modes: libgpiod for fast full-featured GPIO access on all Linux distros since version 4.8 of the Linux kernel; slower and limited-functionality GPIO access via the deprecated Sysfs interface (/sys/class/gpio) when running on older Linux distro versions with a Linux kernel older than version 4.8; and lastly board-specific Linux drivers that access GPIO addresses in /dev/mem for fasted performance at the trade-off of being able to run on very specific versions of single-board-computers.  In the future, the board-specific Linux drivers may be removed in favor of only supporting libgpiod and sysfs Linux interfaces.  In addition to System.Device.Gpio, the optional IoT.Device.Bindings NuGet package contains device bindings for many sensors, displays, and input devices that can be used with System.Device.Gpio.
     </Description>
     <PackageTags>.NET Core GPIO Pins SPI I2C PWM BCM2835 RPi IoT</PackageTags>