From 5da67ae6fbf6b350ceea324c7a27da75a2eb7393 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Sep 2024 19:43:02 +0000
Subject: [PATCH 1/5] Bump sign from 0.9.1-beta.24312.3 to 0.9.1-beta.24469.1

Bumps [sign](https://github.com/dotnet/sign) from 0.9.1-beta.24312.3 to 0.9.1-beta.24469.1.
- [Release notes](https://github.com/dotnet/sign/releases)
- [Commits](https://github.com/dotnet/sign/commits)

---
updated-dependencies:
- dependency-name: sign
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .config/dotnet-tools.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json
index 0129756a6ca..5f1654e167b 100644
--- a/.config/dotnet-tools.json
+++ b/.config/dotnet-tools.json
@@ -33,10 +33,10 @@
       ]
     },
     "sign": {
-      "version": "0.9.1-beta.24312.3",
+      "version": "0.9.1-beta.24469.1",
       "commands": [
         "sign"
       ]
     }
   }
-}
+}
\ No newline at end of file

From 7e7760af02ae89a356d1ffc74b19859f434f537b Mon Sep 17 00:00:00 2001
From: martincostello <martin@martincostello.com>
Date: Tue, 1 Oct 2024 09:22:39 +0100
Subject: [PATCH 2/5] Test signing

Testing for #2319.
---
 .github/workflows/build.yml | 45 +------------------------------------
 1 file changed, 1 insertion(+), 44 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index b7073230cf9..812ad559259 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -28,7 +28,7 @@ jobs:
 
     env:
       # HACK Running on Windows instead of Linux due to https://github.com/stryker-mutator/stryker-net/issues/2741
-      RUN_MUTATION_TESTS: ${{ matrix.os_name == 'windows' && !startsWith(github.ref, 'refs/tags/') && 'true' || 'false' }}
+      RUN_MUTATION_TESTS: 'false'
 
     outputs:
       dotnet-sdk-version: ${{ steps.setup-dotnet.outputs.dotnet-version }}
@@ -163,9 +163,6 @@ jobs:
   sign:
     needs: [ build, validate-packages ]
     runs-on: windows-latest
-    if: |
-      github.event.repository.fork == false &&
-      startsWith(github.ref, 'refs/tags/')
 
     steps:
 
@@ -207,9 +204,6 @@ jobs:
           --description "Polly" `
           --description-url "https://github.com/${{ github.repository }}" `
           --azure-key-vault-certificate "${{ secrets.SIGN_CLI_CERT_NAME }}" `
-          --azure-key-vault-client-id ${env:AZURE_CLIENT_ID} `
-          --azure-key-vault-client-secret ${env:AZURE_CLIENT_SECRET} `
-          --azure-key-vault-tenant-id ${env:AZURE_TENANT_ID} `
           --azure-key-vault-url "${{ secrets.SIGN_CLI_VAULT_URI }}" `
           --verbosity "${{ runner.debug == '1' && 'Debug' || 'Warning' }}"
         if ($LASTEXITCODE -ne 0) {
@@ -338,40 +332,3 @@ jobs:
         } else {
           Write-Output "All $($packages.Length) NuGet packages have valid signatures."
         }
-
-  publish-nuget:
-    needs: [ build, validate-signed-packages ]
-    runs-on: ubuntu-latest
-    steps:
-
-    - name: Download signed packages
-      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-      with:
-        name: signed-packages
-
-    - name: Setup .NET SDK
-      uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1
-      with:
-        dotnet-version: ${{ needs.build.outputs.dotnet-sdk-version }}
-
-    - name: Push signed NuGet packages to NuGet.org
-      run: dotnet nuget push "*.nupkg" --api-key ${{ secrets.NUGET_TOKEN }} --skip-duplicate --source https://api.nuget.org/v3/index.json
-
-    - name: Generate GitHub application token
-      id: generate-application-token
-      uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 # v3.0.0
-      with:
-        application_id: ${{ secrets.POLLY_UPDATER_BOT_APP_ID }}
-        application_private_key: ${{ secrets.POLLY_UPDATER_BOT_KEY }}
-        permissions: 'contents:write'
-
-    - name: Publish nuget_packages_published
-      uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
-      with:
-        event-type: nuget_packages_published
-        token: ${{ steps.generate-application-token.outputs.token }}
-        client-payload: |-
-          {
-            "packages": "${{ needs.build.outputs.package-names }}",
-            "version": "${{ needs.build.outputs.package-version }}"
-          }

From 149521396a3a30e352ac9d3637ca6ba1618af5a3 Mon Sep 17 00:00:00 2001
From: martincostello <martin@martincostello.com>
Date: Tue, 1 Oct 2024 12:07:23 +0100
Subject: [PATCH 3/5] Update AuthenticodeLint

Update AuthenticodeLint to a version targeting .NET 8.
---
 .config/dotnet-tools.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json
index 5f1654e167b..0129756a6ca 100644
--- a/.config/dotnet-tools.json
+++ b/.config/dotnet-tools.json
@@ -33,10 +33,10 @@
       ]
     },
     "sign": {
-      "version": "0.9.1-beta.24469.1",
+      "version": "0.9.1-beta.24312.3",
       "commands": [
         "sign"
       ]
     }
   }
-}
\ No newline at end of file
+}

From 4505fdb940a563776d825a8e6d1d88cb0c64b503 Mon Sep 17 00:00:00 2001
From: Martin Costello <martin@martincostello.com>
Date: Tue, 1 Oct 2024 12:20:17 +0100
Subject: [PATCH 4/5] Fix signing

Put flags back that are needed with older version.
---
 .github/workflows/build.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 812ad559259..a93dec9c180 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -204,6 +204,9 @@ jobs:
           --description "Polly" `
           --description-url "https://github.com/${{ github.repository }}" `
           --azure-key-vault-certificate "${{ secrets.SIGN_CLI_CERT_NAME }}" `
+          --azure-key-vault-client-id ${env:AZURE_CLIENT_ID} `
+          --azure-key-vault-client-secret ${env:AZURE_CLIENT_SECRET} `
+          --azure-key-vault-tenant-id ${env:AZURE_TENANT_ID} `
           --azure-key-vault-url "${{ secrets.SIGN_CLI_VAULT_URI }}" `
           --verbosity "${{ runner.debug == '1' && 'Debug' || 'Warning' }}"
         if ($LASTEXITCODE -ne 0) {

From bbe5203d19f279884760fef759c7e7e7977e2325 Mon Sep 17 00:00:00 2001
From: martincostello <martin@martincostello.com>
Date: Tue, 1 Oct 2024 12:36:17 +0100
Subject: [PATCH 5/5] Back to broken version

Verify updated linter still fails.
---
 .config/dotnet-tools.json   | 2 +-
 .github/workflows/build.yml | 3 ---
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json
index 0129756a6ca..db1a73fa17b 100644
--- a/.config/dotnet-tools.json
+++ b/.config/dotnet-tools.json
@@ -33,7 +33,7 @@
       ]
     },
     "sign": {
-      "version": "0.9.1-beta.24312.3",
+      "version": "0.9.1-beta.24469.1",
       "commands": [
         "sign"
       ]
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a93dec9c180..812ad559259 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -204,9 +204,6 @@ jobs:
           --description "Polly" `
           --description-url "https://github.com/${{ github.repository }}" `
           --azure-key-vault-certificate "${{ secrets.SIGN_CLI_CERT_NAME }}" `
-          --azure-key-vault-client-id ${env:AZURE_CLIENT_ID} `
-          --azure-key-vault-client-secret ${env:AZURE_CLIENT_SECRET} `
-          --azure-key-vault-tenant-id ${env:AZURE_TENANT_ID} `
           --azure-key-vault-url "${{ secrets.SIGN_CLI_VAULT_URI }}" `
           --verbosity "${{ runner.debug == '1' && 'Debug' || 'Warning' }}"
         if ($LASTEXITCODE -ne 0) {