Some fixes for signing on internal CI #11
Merged
Merged
Conversation
Add a new publish_nuget stage following the dotnet/aspire pattern: - settings.networkIsolationPolicy: Permissive (required for external feeds) - templateContext type: releaseJob with isProduction: true - task: 1ES.PublishNuget@1 with useDotNetTask: false - nuGetFeedType: external with publishFeedCredentials The stage runs after Validate and publish_using_darc, gated by the publishPackages parameter. A NuGet.org service connection named 'NuGet.org - dotnet/maui-labs' must be created in the dnceng project. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Arcade SDK Sign.proj unconditionally requires both WiX 3 and WiX 5 toolsets even for repos that produce no MSI/WiX installers. Add a PackageDownload for Microsoft.WixToolset.Sdk so it is available in the NuGet cache when Sign.proj resolves WixToolsPath. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The PackageDownload workaround for dotnet/arcade#16611 didn't fix the CI build - Sign.proj still can't find WixToolsPath. Added diagnostic step (runs on failure) to list: - .packages/ repo-local folder contents - NuGet global cache for microsoft.wixtoolset.sdk - Built shipping packages Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The PackageDownload approach didn't work — the WiX 5 SDK package
IS downloaded to .packages/ by Tools.proj, but Sign.proj constructs
WixToolsPath as tools/net472/{Platform} (e.g. tools/net472/x64),
and the package has no platform subdirectory — only tools/net472/
with two DLLs directly in it.
Fix: create the expected x64 and arm64 subdirectories during Build
phase (before Sign.proj runs), so SignToolTask's existence check
passes. The directories are empty which is fine — this repo has no
WiX content to sign.
Tracked by dotnet/arcade#16611.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ablePublishUsingPipelines The Validate stage (signing/NuGet validation) was failing because the ReleaseConfigs artifact was never created. This happened because 'enablePublishUsingPipelines' is a legacy V2 parameter that no longer exists in Arcade SDK 10. The correct parameter is 'enablePublishBuildAssets', which triggers the publish-build-assets job that registers with BAR and creates the ReleaseConfigs artifact. Also removes the obsolete DotNetPublishUsingPipelines MSBuild property. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
MicroBuild Signing Plugin was not being installed because enableMicrobuild defaults to false in Arcade's job template. Without it, DotNetSignType=Real tries to sign files but MicroBuild isn't available to process signing requests, causing 'PE file is not signed properly' errors. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…tion The post-build Signing Validation stage uses SignCheck which validates all files in NuGet packages. JavaScript files (.js) like Blazor static web assets cannot be Authenticode-signed. The Signing.props exclusion (FileExtensionSignInfo) only applies to build-time signing, not to the post-build SignCheck validation which uses a separate exclusions file. Pattern from dotnet/Scaffolding. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the repo’s official internal CI to improve signing and publishing, while also refreshing toolchain/dependency pins and adding a build workaround for Arcade signing.
Changes:
- Updated the official Azure DevOps pipeline to use the Windows 2026 preview image, enable MicroBuild/asset publishing, switch signing to “Real”, and add a NuGet.org publish stage.
- Bumped .NET SDK and Arcade SDK versions and refreshed dependency metadata (Version.Details.xml / NuGet source annotations).
- Added signing/build workarounds and policy tweaks (WiX tools directory workaround, SignCheck exclusions, disable Swix build plugin, ignore
.dotnet).
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| global.json | Bumps .NET SDK/tooling and Arcade SDK version pins. |
| eng/pipelines/devflow-official.yml | Updates official CI pool/image, signing/publishing behavior, and adds NuGet.org publishing stage. |
| eng/Version.Details.xml | Updates dependency URIs/SHAs and Arcade SDK metadata. |
| eng/SignCheckExclusionsFile.txt | Adds SignCheck exclusions to avoid signing JS files. |
| NuGet.config | Adds markers/comments for dependency automation-managed package source blocks. |
| Directory.Build.targets | Adds MSBuild target to create expected WiX directories for Arcade signing. |
| Directory.Build.props | Disables Swix build plugin via property. |
| .gitignore | Ignores .dotnet directory. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
jfversluis
approved these changes
Mar 20, 2026
Redth
added a commit
that referenced
this pull request
Mar 29, 2026
Phase 1 - Fix core drawing correctness: - Rewrite DrawPathInternal to handle all PathOperation segment types (Move, Line, Cubic bezier, Quad bezier, Arc, Close) using PathF.GetSegmentType/GetPointsForSegment API - Apply stroke properties (dash patterns, line caps/joins, miter limit) to Cairo context in ApplyStroke() - Replace fake GetStringSize (length*fontSize*0.6) with proper Cairo TextExtents/FontExtents measurement - Implement gradient paint support (LinearGradientPaint, RadialGradientPaint) via cairo_pattern_create_linear/radial P/Invoke - Implement text alignment (horizontal/vertical) and font weight/style in DrawString using text/font extents for positioning Phase 2 - Complete missing canvas operations: - Implement ConcatenateTransform via Cairo.Matrix.Init + cr.Transform - Implement DrawImage with CairoPlatformImage (IImage backed by Cairo.ImageSurface) including Downsize, Resize, Save, FromStream - Apply Antialias and BlendMode properties to Cairo context - Implement SubtractFromClip via even-odd fill rule trick - Store SetShadow parameters (rendering deferred to future work) Phase 3 - GraphicsView interaction events: - Wire GestureClick for StartInteraction/EndInteraction/CancelInteraction - Wire GestureDrag for DragInteraction - Wire EventControllerMotion for hover events Architecture: - Extract CairoCanvas from GraphicsViewHandler.cs to dedicated Graphics/CairoCanvas.cs file (grew from ~280 to ~660 lines) - Add Graphics/CairoPlatformImage.cs implementing IImage + IDrawable Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Redth
added a commit
that referenced
this pull request
Mar 29, 2026
Adds a comprehensive demo page to the sample app with 9 IDrawable sections that exercise every graphics feature implemented for issue #11: 1. Path operations: cubic bezier, quadratic bezier, arc, closed paths 2. Stroke properties: dash patterns, line caps (butt/round/square), line joins (miter/round/bevel) 3. Gradient paint: linear gradient, radial gradient, gradient on path 4. Text features: horizontal/vertical alignment, font weight/style, GetStringSize measurement 5. ConcatenateTransform: rotation, scale, skew, composite transforms 6. Shadow rendering: shadows on rect, rounded rect, ellipse, path 7. Antialias & BlendMode: aliased vs antialiased, Xor and DestOver 8. SubtractFromClip: ClipRectangle, SubtractFromClip, ClipPath 9. Interaction events: StartInteraction, EndInteraction, DragInteraction, hover events with live log display Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
mattleibow
added a commit
that referenced
this pull request
May 12, 2026
Critical/High fixes: - #1: Use namespace+class for unique hint names (prevents AddSource crash when two pages share the same simple class name) - #2: CrossFileResolver uses FQN lookup + ambiguity detection for duplicate simple names across namespaces - #3: CollectionView conditional rendering fixed — no more [[double brackets]], uses unified annotation list builder - #4: Root ContentPage walks children directly, preventing SemanticProperties on root from swallowing the entire page - #5: Visibility conditions on layout containers now propagate as condition group wrappers ('When [visible when X = true]:') - #6: Property-element content (ContentPage.Content, ScrollView.Content) no longer dropped — unknown property elements are transparent by default, only known non-visual ones (Resources, Triggers, etc.) are suppressed - #7: Shell routes stored in UiElement for Shell page markdown Medium fixes: - #8: Promoted containers (Border with Description) now walk children too, preserving actionable descendants like buttons - #9: Unresolved user controls kept as placeholders (previously dropped), important for third-party controls with SemanticProperties - #10: DataTrigger with IsVisible=False setter now correctly inverted to 'hidden when Property = Value' instead of 'visible when' - #11: IsVisible=False elements skipped entirely — not reachable by screen readers, should not appear in accessibility-first index - #12: Aggregate namespace validated as legal C# before emitting - #13: Always use global:: for page references in aggregate, even for no-namespace pages - #14: BindingRegex now requires whitespace after 'Binding' keyword, preventing false matches like {BindingSource} - #15: CrossFileResolver uses in-progress set for cycle detection, preventing partial cache on indirect A→B→A cycles Low fixes: - #16: Dead emptyViewChildren code block removed - #17: Removed unused TemplateVariants from dead CollectionView code 104 exact-match tests, all passing. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request includes several infrastructure updates to improve build, signing, and publishing processes, as well as dependency management. The most significant changes are enhancements to the official build pipeline, updates to dependency versions and sources, and new workarounds for build tooling compatibility.
Build and publishing pipeline improvements:
eng/pipelines/devflow-official.yml) to use the new Windows 2026 preview image, enabled microbuild and asset publishing, switched signing to "Real", and added a stage for publishing packages directly to NuGet.org using the 1ES.PublishNuget task. Also added network isolation policy settings for external publishing. [1] [2] [3] [4]Dependency and tooling updates:
global.jsonandeng/Version.Details.xmlto newer versions of .NET SDK and Arcade SDK, and switched several dependencies to reference thedotnet/dotnetrepo with updated commit hashes. [1] [2]NuGet.configto clarify package sources managed by dependency automation.Build system compatibility and signing:
Directory.Build.targetsto create missing directories for WiX tools, ensuring compatibility with the Arcade SDK's signing process.eng/SignCheckExclusionsFile.txtto prevent signing of JavaScript files, aligning with signing policy.Directory.Build.propsto avoid unnecessary build steps.