In PR validation, test sign contents of nupkg, but not the nupkg itself

[dibarbet]

This allows us to support test signing in PR validation builds.

VS cloudbuild will not build with test signed packages (nuget reports certificate errors related to expiration), and we have no way in an insertion to specify that the PR should be queued with specific parameters to disable the errors.

Instead, we can simply not sign the nuget packages (while still signing the contents to make sure subsequent steps like ngen see strong named dlls).

val build - https://dev.azure.com/devdiv/DevDiv/_git/VS/pullrequest/657144

[dibarbet]

this now pulls publish data from the branch we're on. this does mean that release branch configurations will have to be updated on the release branch, but that doesn't seem unreasonable to me.

this makes it 10x easier to test changes that require test branches.

[jjonescz]

Would this also allow us to run the official build pipeline on any branch? In other words, will we be able to deprecate the "PR validation" pipeline and have one pipeline for both (like we have in Razor) after this PR?

[dibarbet]

Would this also allow us to run the official build pipeline on any branch? In other words, will we be able to deprecate the "PR validation" pipeline and have one pipeline for both (like we have in Razor) after this PR?

Yes and no. We can now pull the publishdata from the branch itself, which allows us to test official build changes (particularly publishing) on other branches. However incoming signing requirements mean that there are special requirements to queue builds on the official pipeline.

So general VS PR validations must be test signed and must be done from a different pipeline. We will have to split the Razor build into two separate pipelines soon.

[dibarbet]

I'm actually going to revert this change. there is more that is needed to actually pull the publishdata from the branch, and I'd rather do it all together (insertion still pulls from main).