python
diff --git a/‎windows-release/libffi-build.yml
Lines changed: 56 additions & 37 deletions b/‎windows-release/libffi-build.yml
Lines changed: 56 additions & 37 deletions
diff --git a/‎windows-release/openssl-build.yml
Lines changed: 35 additions & 20 deletions b/‎windows-release/openssl-build.yml
Lines changed: 35 additions & 20 deletions
diff --git a/‎windows-release/sign-files.yml
Lines changed: 4 additions & 4 deletions b/‎windows-release/sign-files.yml
Lines changed: 4 additions & 4 deletions
diff --git a/‎windows-release/tcltk-build.yml
Lines changed: 56 additions & 14 deletions b/‎windows-release/tcltk-build.yml
Lines changed: 56 additions & 14 deletions
@@ -1,13 +1,37 @@
-name: $(SourceTag)_$(Date:yyyyMMdd)$(Rev:.rr)
+parameters:
+- name: SourceTag
+  displayName: 'LibFFI Source Tag'
+  type: string
+- name: SigningCertificate
+  displayName: "Code signing certificate"
+  type: string
+  default: 'PythonSoftwareFoundation'
+  values:
+  - 'PythonSoftwareFoundation'
+  - 'TestSign'
+  - 'Unsigned'
+- name: SourcesRepo
+  displayName: 'Sources Repository'
+  type: string
+  default: 'https://github.com/python/cpython-source-deps'
+- name: LibFFIBuildScript
+  displayName: 'Build script'
+  type: string
+  default: 'https://github.com/python/cpython/raw/main/PCbuild/prepare_libffi.bat'
+
+
+name: ${{ parameters.SourceTag }}_$(Date:yyyyMMdd)$(Rev:.rr)
+
 
 variables:
-  IntDir: '$(Build.BinariesDirectory)'
-  OutDir: '$(Build.ArtifactStagingDirectory)'
+- group: CPythonSign
+- name: IntDir
+  value: '$(Build.BinariesDirectory)'
+- name: OutDir
+  value: '$(Build.ArtifactStagingDirectory)'
+- name: SigningDescription
+  value: 'LibFFI for Python (${{ parameters.SourceTag }})'
 
-  # MUST BE SET AT QUEUE TIME
-  # SigningCertificate: 'Python Software Foundation'
-  <
8000
span class="pl-c"># SourcesRepo: 'https://github.com/python/cpython-source-deps'
-  # SourceTag: 'libffi-3.4.2'
 
 jobs:
 - job: Build_LibFFI
@@ -25,12 +49,11 @@ jobs:
 
     - powershell: |
        mkdir -Force "$(IntDir)\script"
-       iwr "https://github.com/python/cpython/raw/main/PCbuild/prepare_libffi.bat" `
-           -outfile "$(IntDir)\script\prepare_libffi.bat"
+       iwr "${{ parameters.LibFFIBuildScript }}" -outfile "$(IntDir)\script\prepare_libffi.bat"
       displayName: 'Download build script'
 
     - powershell: |
-        git clone $(SourcesRepo) -b $(SourceTag) --depth 1 -c core.autocrlf=false -c core.eol=lf .
+        git clone ${{ parameters.SourcesRepo }} -b ${{ parameters.SourceTag }} --depth 1 -c core.autocrlf=false -c core.eol=lf .
       displayName: 'Check out LibFFI sources'
 
     - script: 'prepare_libffi.bat --install-cygwin'
@@ -42,10 +65,10 @@ jobs:
         LIBFFI_OUT: '$(OutDir)'
 
     - powershell: |
-       if ((gci *\*.dll).Count -lt 4) {
+       if ((gci *\*.dll).Count -lt 3) {
            Write-Error "Did not generate enough DLL files"
        }
-       if ((gci *\Include\ffi.h).Count -lt 4) {
+       if ((gci *\Include\ffi.h).Count -lt 3) {
            Write-Error "Did not generate enough include files"
        }
       failOnStderr: true
@@ -56,32 +79,28 @@ jobs:
       artifact: 'unsigned'
       displayName: 'Publish unsigned build'
 
-- job: Sign_LibFFI
-  displayName: Sign LibFFI
-  dependsOn: Build_LibFFI
-  condition: and(succeeded(), variables['SigningCertificate'])
-  pool:
-    name: 'Windows Release'
 
-  workspace:
-    clean: all
+- ${{ if ne(parameters.SigningCertificate, 'Unsigned') }}:
+  - job: Sign_LibFFI
+    displayName: Sign LibFFI
+    dependsOn: Build_LibFFI
+    pool:
+      vmImage: windows-latest
 
-  steps:
-    - checkout: none
-    - download: current
-      artifact: unsigned
+    workspace:
+      clean: all
 
-    - template: ./find-tools.yml
+    steps:
+      - checkout: none
+      - download: current
+        artifact: unsigned
 
-    - powershell: |
-        signtool sign /q /a `
-            /n "$(SigningCertificate)" `
-            /fd sha256 `
-            /tr http://timestamp.digicert.com/ /td sha256 `
-            /d "LibFFI for Python" `
-            (gci "$(Pipeline.Workspace)\unsigned\*.dll" -r)
-      displayName: 'Sign files'
-
-    - publish: '$(Pipeline.Workspace)\unsigned'
-      artifact: 'libffi'
-      displayName: 'Publish libffi'
+      - template: sign-files.yml
+        parameters:
+          Include: '-r *.dll'
+          WorkingDir: '$(Pipeline.Workspace)\unsigned'
+          SigningCertificate: ${{ parameters.SigningCertificate }}
+
+      - publish: '$(Pipeline.Workspace)\unsigned'
+        artifact: 'libffi'
+        displayName: 'Publish libffi'
@@ -1,20 +1,39 @@
-name: $(SourceTag)_$(Date:yyyyMMdd)$(Rev:.rr)
+parameters:
+- name: SourceTag
+  displayName: 'OpenSSL Source Tag'
+  type: string
+- name: SigningCertificate
+  displayName: "Code signing certificate"
+  type: string
+  default: 'PythonSoftwareFoundation'
+  values:
+  - 'PythonSoftwareFoundation'
+  - 'TestSign'
+  - 'Unsigned'
+- name: SourcesRepo
+  displayName: 'Sources Repository'
+  type: string
+  default: 'https://github.com/python/cpython-source-deps'
+
+
+name: ${{ parameters.SourceTag }}_$(Date:yyyyMMdd)$(Rev:.rr)
+
 
 variables:
-  IntDir: '$(Build.BinariesDirectory)'
-  OutDir: '$(Build.ArtifactStagingDirectory)'
+- group: CPythonSign
+- name: IntDir
+  value: '$(Build.BinariesDirectory)'
+- name: OutDir
+  value: '$(Build.ArtifactStagingDirectory)'
+- name: SigningDescription
+  value: 'OpenSSL for Python (${{ parameters.SourceTag }})'
 
-  # MUST BE SET AT QUEUE TIME
-  # SigningCertificate: 'Python Software Foundation'
-  # SourcesRepo: 'https://github.com/python/cpython-source-deps'
-  # SourceTag: 'openssl-1.1.1k'
 
 jobs:
 - job: Build_SSL
   displayName: OpenSSL
   pool:
-    name: 'Windows Release'
-    #vmImage: windows-latest
+    vmImage: windows-latest
 
   strategy:
     matrix:
@@ -26,10 +45,6 @@ jobs:
         Platform: 'amd64'
         VCPlatform: 'amd64'
         OpenSSLPlatform: 'VC-WIN64A-masm'
-      arm32:
-        Platform: 'arm32'
-        VCPlatform: 'amd64_arm'
-        OpenSSLPlatform: 'VC-WIN32-ARM'
       arm64:
         Platform: 'arm64'
         VCPlatform: 'amd64_arm64'
@@ -44,7 +59,7 @@ jobs:
     - template: ./find-tools.yml
 
     - powershell: |
-        git clone $(SourcesRepo) -b $(SourceTag) --depth 1 .
+        git clone ${{ parameters.SourcesRepo }} -b ${{ parameters.SourceTag }} --depth 1 .
       displayName: 'Check out OpenSSL sources'
 
     - powershell: |
@@ -65,12 +80,12 @@ jobs:
       workingDirectory: '$(IntDir)'
       displayName: 'Build OpenSSL'
 
-    - script: |
-        call "$(vcvarsall)" $(VCPlatform)
-        signtool sign /q /a /n "$(SigningCertificate)" /fd sha256 /tr http://timestamp.digicert.com/ /td sha256 /d "OpenSSL for Python" *.dll
-      workingDirectory: '$(IntDir)'
-      displayName: 'Sign OpenSSL Build'
-      condition: and(succeeded(), variables['SigningCertificate'])
+    - ${{ if ne(parameters.SigningCertificate, 'Unsigned') }}:
+      - template: sign-files.yml
+        parameters:
+          Include: 'lib*.dll'
+          WorkingDir: $(IntDir)
+          SigningCertificate: ${{ parameters.SigningCertificate }}
 
     - task: CopyFiles@2
       displayName: 'Copy built libraries for upload'
 
@@ -16,9 +16,9 @@ steps:
 
   - powershell: |
       if ("${{ parameters.Exclude }}") {
-        $files = (gi ${{ parameters.Include }} -Exclude ${{ parameters.Exclude }})
+        $files = (dir ${{ parameters.Include }} -Exclude ${{ parameters.Exclude }} -File)
       } else {
-        $files = (gi ${{ parameters.Include }})
+        $files = (dir ${{ parameters.Include }} -File)
       }
       AzureSignTool sign -kvu '$(KeyVaultUri)' `
                     -kvi '$(KeyVaultApplication)' -kvt '$(KeyVaultDirectory)' -kvs '$(KeyVaultSecret)' `
@@ -32,9 +32,9 @@ steps:
 - ${{ if parameters.ExtractDir }}:
   - powershell: |
       if ("${{ parameters.Exclude }}") {
-        $files = (gi ${{ parameters.Include }} -Exclude ${{ parameters.Exclude }})
+        $files = (dir ${{ parameters.Include }} -Exclude ${{ parameters.Exclude }} -File
2851
)
       } else {
-        $files = (gi ${{ parameters.Include }})
+        $files = (dir ${{ parameters.Include }} -File)
       }
       $c = $files | %{ (Get-AuthenticodeSignature $_).SignerCertificate } | ?{ $_ -ne $null } | select -First 1
       if (-not $c) {
 
@@ -1,4 +1,30 @@
-name: tcl$(TkSourceTag)_$(Date:yyyyMMdd)$(Rev:.rr)
+parameters:
+- name: TclSourceTag
+  displayName: 'Tcl Source Tag'
+  type: string
+- name: TkSourceTag
+  displayName: 'Tk Source Tag'
+  type: string
+- name: TixSourceTag
+  displayName: 'Tix Source Tag'
+  type: string
+  default: tix-8.4.3.6
+- name: SigningCertificate
+  displayName: "Code signing certificate"
+  type: string
+  default: 'PythonSoftwareFoundation'
+  values:
+  - 'PythonSoftwareFoundation'
+  - 'TestSign'
+  - 'Unsigned'
+- name: SourcesRepo
+  displayName: 'Sources Repository'
+  type: string
+  default: 'https://github.com/python/cpython-source-deps'
+
+
+name: tcltk$(TkSourceTag)_$(Date:yyyyMMdd)$(Rev:.rr)
+
 
 resources:
   repositories:
@@ -7,25 +33,34 @@ resources:
     name: Python/cpython
     endpoint: "Steve's github repos"
 
+
 variables:
-  IntDir: '$(Build.BinariesDirectory)\obj'
-  ExternalsDir: '$(Build.BinariesDirectory)\externals'
-  OutDir: '$(Build.ArtifactStagingDirectory)'
-  Configuration: 'Release'
-  
-  # MUST BE SET AT QUEUE TIME
-  # SigningCertificate: 'Python Software Foundation'
-  # SourcesRepo: 'https://github.com/python/cpython-source-deps'
-  # TclSourceTag: 'tcl-core-8.6.12.0'
-  # TkSourceTag: 'tk-8.6.12.0'
-  # TixSourceTag: 'tix-8.4.3.6'
+- group: CPythonSign
+- name: IntDir
+  value: '$(Build.BinariesDirectory)\obj'
+- name: ExternalsDir
+  value: '$(Build.BinariesDirectory)\externals'
+- name: OutDir
+  value: '$(Build.ArtifactStagingDirectory)'
+- name: Configuration
+  value: 'Release'
+- name: SigningDescription
+  value: 'Tcl/Tk for Python (${{ parameters.TclSourceTag }})'
+- name: SourcesRepo
+  value: ${{ parameters.SourcesRepo }}
+- name: TclSourceTag
+  value: ${{ parameters.TclSourceTag }}
+- name: TkSourceTag
+  value: ${{ parameters.TkSourceTag }}
+- name: TixSourceTag
+  value: ${{ parameters.TixSourceTag }}
+
 
 jobs:
 - job: Build_TclTk
   displayName: 'Tcl/Tk'
   pool:
-    name: 'Windows Release'
-    #vmImage: windows-latest
+    vmImage: windows-latest
 
   workspace:
     clean: all
@@ -75,6 +110,13 @@ jobs:
         & "$(msbuild)" cpython\PCbuild\tix.vcxproj "@msbuild.rsp" /p:Platform=ARM64 /p:tcltkDir="$(OutDir)\arm64"
       displayName: 'Build for arm64'
 
+      - template: sign-files.yml
+        parameters:
+          Include: '-r *.dll'
+          WorkingDir: '$(OutDir)'
+          SigningCertificate: ${{ parameters.SigningCertificate }}
+
     - publish: '$(OutDir)'
       artifact: 'tcltk'
       displayName: 'Publishing tcltk'