From 366c54633e7d6a4ce94c3f0f80c2abf82a869e15 Mon Sep 17 00:00:00 2001
From: Steve Dower <steve.dower@python.org>
Date: Wed, 23 Mar 2022 23:36:26 +0000
Subject: [PATCH] Fix GPG signing in Windows release build (GH-32089)

---
 .azure-pipelines/windows-release/gpg-sign.yml | 31 -----------------
 .../stage-publish-pythonorg.yml               | 34 ++++++++++++++-----
 2 files changed, 25 insertions(+), 40 deletions(-)
 delete mode 100644 .azure-pipelines/windows-release/gpg-sign.yml

diff --git a/.azure-pipelines/windows-release/gpg-sign.yml b/.azure-pipelines/windows-release/gpg-sign.yml
deleted file mode 100644
index 04206d23e49..00000000000
--- a/.azure-pipelines/windows-release/gpg-sign.yml
+++ /dev/null
@@ -1,31 +0,0 @@
-parameters:
-  GPGKeyFile: $(GPGKey)
-  GPGPassphrase: $(GPGPassphrase)
-  Files: '*'
-  WorkingDirectory: $(Build.BinariesDirectory)
-  Condition: succeeded()
-
-steps:
-- task: DownloadSecureFile@1
-  name: gpgkey
-  inputs:
-    secureFile: ${{ parameters.GPGKeyFile }}
-  condition: ${{ parameters.Condition }}
-  displayName: 'Download GPG key'
-
-- powershell: |
-    git clone https://github.com/python/cpython-bin-deps --branch gpg --single-branch --depth 1 --progress -v "gpg"
-    gpg/gpg2.exe --import "$(gpgkey.secureFilePath)"
-    (gci -File ${{ parameters.Files }}).FullName | %{
-        gpg/gpg2.exe -ba --batch --passphrase ${{ parameters.GPGPassphrase }} $_
-        "Made signature for $_"
-    }
-  condition: ${{ parameters.Condition }}
-  displayName: 'Generate GPG signatures'
-  workingDirectory: ${{ parameters.WorkingDirectory }}
-
-- powershell: |
-    $p = gps "gpg-agent" -EA 0
-    if ($p) { $p.Kill() }
-  displayName: 'Kill GPG agent'
-  condition: true
diff --git a/.azure-pipelines/windows-release/stage-publish-pythonorg.yml b/.azure-pipelines/windows-release/stage-publish-pythonorg.yml
index ee50e4e8aa0..e8f12b64e55 100644
--- a/.azure-pipelines/windows-release/stage-publish-pythonorg.yml
+++ b/.azure-pipelines/windows-release/stage-publish-pythonorg.yml
@@ -84,16 +84,32 @@ jobs:
     condition: and(succeeded(), ne(variables['PublishARM64'], 'true'))
 
 
-  - template: ./gpg-sign.yml
-    parameters:
-      GPGKeyFile: 'python-signing.key'
-      Files: 'msi\*\*, embed\*.zip'
+  - task: DownloadSecureFile@1
+    name: gpgkey
+    inputs:
+      secureFile: 'python-signing.key'
+    displayName: 'Download GPG key'
+
+  - powershell: |
+      git clone https://github.com/python/cpython-bin-deps --branch gpg --single-branch --depth 1 --progress -v "gpg"
+      gpg/gpg2.exe --import "$(gpgkey.secureFilePath)"
+      $files = gci -File "msi\*\*", "embed\*.zip"
+      if ("$(DoCHM)" -ieq "true") {
+          $files = $files + (gci -File "doc\htmlhelp\*.chm")
+      }
+      $files.FullName | %{
+          gpg/gpg2.exe -ba --batch --passphrase $(GPGPassphrase) $_
+          "Made signature for $_"
+      }
+    displayName: 'Generate GPG signatures'
+    workingDirectory: $(Build.BinariesDirectory)
+
+  - powershell: |
+      $p = gps "gpg-agent" -EA 0
+      if ($p) { $p.Kill() }
+    displayName: 'Kill GPG agent'
+    condition: true
 
-  - template: ./gpg-sign.yml
-    parameters:
-      GPGKeyFile: 'python-signing.key'
-      Files: 'doc\htmlhelp\*.chm'
-      Condition: and(succeeded(), eq(variables['DoCHM'], 'true'))
 
   - powershell: >
       $(Build.SourcesDirectory)\Tools\msi\uploadrelease.ps1