From 0e5adc00fe1a9f126cd2003ee3b16d14693a75ba Mon Sep 17 00:00:00 2001
From: Travis Plunk <travis@ez13.net>
Date: Wed, 9 Dec 2020 11:06:12 -0800
Subject: [PATCH 1/5] fix issue with manually building master

---
 tools/releaseBuild/setReleaseTag.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/releaseBuild/setReleaseTag.ps1 b/tools/releaseBuild/setReleaseTag.ps1
index 1927eb7ae60..121425d963b 100644
--- a/tools/releaseBuild/setReleaseTag.ps1
+++ b/tools/releaseBuild/setReleaseTag.ps1
@@ -79,7 +79,7 @@ if($ReleaseTag -eq 'fromBranch' -or !$ReleaseTag)
             New-BuildInfoJson -ReleaseTag $releaseTag
         }
     }
-    elseif($branchOnly -eq 'master' -or $branchOnly -like '*dailytest*')
+    elseif(($branchOnly -eq 'master' -and $env:BUILD_REASON -ne 'Manual')  -or $branchOnly -like '*dailytest*')
     {
         $isDaily = $true
         Write-Verbose "daily build" -Verbose

From 27b210289da40baeafd391ed564e60a12b253152 Mon Sep 17 00:00:00 2001
From: Travis Plunk <travis@ez13.net>
Date: Wed, 9 Dec 2020 12:51:56 -0800
Subject: [PATCH 2/5] only scan when signed

---
 .../azureDevOps/templates/mac-file-signing.yml        | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml b/tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml
index 46178671496..44657a9d36b 100644
--- a/tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml
+++ b/tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml
@@ -89,11 +89,12 @@ jobs:
         artifactName: signedMacOsBins
         condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
 
-    - template: EsrpScan.yml@ComplianceRepo
-      parameters:
-          scanPath: $(System.ArtifactsDirectory)\azureMacOs
-          pattern: |
-            **\*
+    - ${{ if eq(variables['SHOULD_SIGN'], 'true') }}:
+      - template: EsrpScan.yml@ComplianceRepo
+        parameters:
+            scanPath: $(System.ArtifactsDirectory)\azureMacOs
+            pattern: |
+              **\*
 
     - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
       displayName: 'Component Detection'

From 3f5acf49d6d8fb8d85447cc1a787d65181d3ae43 Mon Sep 17 00:00:00 2001
From: Travis Plunk <travis@ez13.net>
Date: Wed, 9 Dec 2020 12:51:14 -0800
Subject: [PATCH 3/5] pass through shouldsign

---
 tools/releaseBuild/azureDevOps/templates/linux.yml              | 1 +
 tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml   | 1 +
 .../releaseBuild/azureDevOps/templates/mac-package-signing.yml  | 1 +
 tools/releaseBuild/azureDevOps/templates/nuget.yml              | 1 +
 .../azureDevOps/templates/windows-package-signing.yml           | 1 +
 tools/releaseBuild/azureDevOps/templates/windows-packaging.yml  | 2 ++
 6 files changed, 7 insertions(+)

diff --git a/tools/releaseBuild/azureDevOps/templates/linux.yml b/tools/releaseBuild/azureDevOps/templates/linux.yml
index 53e9b4f1924..f8cfd397a3d 100644
--- a/tools/releaseBuild/azureDevOps/templates/linux.yml
+++ b/tools/releaseBuild/azureDevOps/templates/linux.yml
@@ -120,6 +120,7 @@ jobs:
           pattern: |
             **\*.rpm
           useMinimatch: true
+          shouldSign: $(SHOULD_SIGN)
 
   # requires windows
   - task: AzureFileCopy@4
diff --git a/tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml b/tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml
index 44657a9d36b..0332ec560d0 100644
--- a/tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml
+++ b/tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml
@@ -73,6 +73,7 @@ jobs:
           pattern: |
             **\*.zip
           useMinimatch: true
+          shouldSign: $(SHOULD_SIGN)
 
     - pwsh: |
         $destination = "$(System.ArtifactsDirectory)\azureMacOs"
diff --git a/tools/releaseBuild/azureDevOps/templates/mac-package-signing.yml b/tools/releaseBuild/azureDevOps/templates/mac-package-signing.yml
index 3e3d69dcbe5..8d13693ca5a 100644
--- a/tools/releaseBuild/azureDevOps/templates/mac-package-signing.yml
+++ b/tools/releaseBuild/azureDevOps/templates/mac-package-signing.yml
@@ -60,6 +60,7 @@ jobs:
         pattern: |
           **\*.zip
         useMinimatch: true
+        shouldSign: $(SHOULD_SIGN)
 
   - template: upload-final-results.yml
     parameters:
diff --git a/tools/releaseBuild/azureDevOps/templates/nuget.yml b/tools/releaseBuild/azureDevOps/templates/nuget.yml
index a23b9c1ad67..b2702f162ee 100644
--- a/tools/releaseBuild/azureDevOps/templates/nuget.yml
+++ b/tools/releaseBuild/azureDevOps/templates/nuget.yml
@@ -141,6 +141,7 @@ jobs:
         pattern: |
           **\*.nupkg
         useMinimatch: true
+        shouldSign: $(SHOULD_SIGN)
 
   - pwsh: |
       if (-not (Test-Path '$(System.ArtifactsDirectory)\signed\')) { $null = New-Item -ItemType Directory -Path '$(System.ArtifactsDirectory)\signed\' }
diff --git a/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml b/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml
index 81c1a2228d9..070a0840991 100644
--- a/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml
+++ b/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml
@@ -49,6 +49,7 @@ jobs:
           **\*.msi
           **\*.msix
         useMinimatch: true
+        shouldSign: $(SHOULD_SIGN)
 
   - powershell: |
       new-item -itemtype Directory -path '$(Build.StagingDirectory)\signedPackages'
diff --git a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml
index a89a397f343..f5ff90a38ae 100644
--- a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml
+++ b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml
@@ -153,6 +153,7 @@ jobs:
           **\*.ps1
           **\*.exe
         useMinimatch: true
+        shouldSign: $(SHOULD_SIGN)
 
   - pwsh: |
       Import-Module $(PowerShellRoot)/build.psm1 -Force
@@ -188,6 +189,7 @@ jobs:
         pattern: |
           **\*.dll
         useMinimatch: true
+        shouldSign: $(SHOULD_SIGN)
 
   - powershell: |
       Get-ChildItem '$(System.ArtifactsDirectory)\thirdPartySigned\*'

From 0397a73f684b306a0115edf498caf9ecf458ea0b Mon Sep 17 00:00:00 2001
From: Travis Plunk <travis@ez13.net>
Date: Wed, 9 Dec 2020 12:39:38 -0800
Subject: [PATCH 4/5] REVERT ME: switch to should sign branch

---
 tools/releaseBuild/azureDevOps/releaseBuild.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/releaseBuild/azureDevOps/releaseBuild.yml b/tools/releaseBuild/azureDevOps/releaseBuild.yml
index 5e87ff58ec7..13799e4fd46 100644
--- a/tools/releaseBuild/azureDevOps/releaseBuild.yml
+++ b/tools/releaseBuild/azureDevOps/releaseBuild.yml
@@ -16,7 +16,7 @@ resources:
     type: github
     endpoint: ComplianceGHRepo
     name: PowerShell/compliance
-    ref: master
+    ref: consolidate-conditions
 
 variables:
   - name: DOTNET_CLI_TELEMETRY_OPTOUT

From 57631145df12c0745ce174f41e991ab2e1d76797 Mon Sep 17 00:00:00 2001
From: Travis Plunk <travis@ez13.net>
Date: Wed, 9 Dec 2020 14:12:57 -0800
Subject: [PATCH 5/5] Revert "REVERT ME: switch to should sign branch"

This reverts commit 0397a73f684b306a0115edf498caf9ecf458ea0b.
---
 tools/releaseBuild/azureDevOps/releaseBuild.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/releaseBuild/azureDevOps/releaseBuild.yml b/tools/releaseBuild/azureDevOps/releaseBuild.yml
index 13799e4fd46..5e87ff58ec7 100644
--- a/tools/releaseBuild/azureDevOps/releaseBuild.yml
+++ b/tools/releaseBuild/azureDevOps/releaseBuild.yml
@@ -16,7 +16,7 @@ resources:
     type: github
     endpoint: ComplianceGHRepo
     name: PowerShell/compliance
-    ref: consolidate-conditions
+    ref: master
 
 variables:
   - name: DOTNET_CLI_TELEMETRY_OPTOUT