diff --git a/.github/workflows/backport-base.yml b/.github/workflows/backport-base.yml
index 0dfeeb46fbe..1ef310f21bb 100644
--- a/.github/workflows/backport-base.yml
+++ b/.github/workflows/backport-base.yml
@@ -22,44 +22,9 @@ on:
jobs:
cleanup:
- if: ${{ contains(format('{0},', inputs.repository_owners), format('{0},', github.repository_owner)) && github.event_name == 'schedule' }}
- runs-on: ubuntu-latest
- permissions:
- actions: write
- steps:
- - name: Cleanup workflow runs
- uses: actions/github-script@v7
- with:
- script: |
- const repo_owner = context.payload.repository.owner.login;
- const repo_name = context.payload.repository.name;
-
- // look up workflow from current run
- const currentWorkflowRun = await github.rest.actions.getWorkflowRun({
- owner: repo_owner,
- repo: repo_name,
- run_id: context.runId
- });
-
- // get runs which are 'completed' (other candidate values of status field are e.g. 'queued' and 'in_progress')
- for await (const response of github.paginate.iterator(
- github.rest.actions.listWorkflowRuns, {
- owner: repo_owner,
- repo: repo_name,
- workflow_id: currentWorkflowRun.data.workflow_id,
- status: 'completed'
- }
- )) {
- // delete each run
- for (const run of response.data) {
- console.log(`Deleting workflow run ${run.id}`);
- await github.rest.actions.deleteWorkflowRun({
- owner: repo_owner,
- repo: repo_name,
- run_id: run.id
- });
- }
- }
+ uses: dotnet/arcade/.github/workflows/scheduled-action-cleanup-base.yml@main
+ with:
+ repository_owners: ${{ inputs.repository_owners }}
run_backport:
if: ${{ contains(format('{0},', inputs.repository_owners), format('{0},', github.repository_owner)) && github.event.issue.pull_request != '' && contains(github.event.comment.body, '/backport to') }}
diff --git a/.github/workflows/scheduled-action-cleanup-base.yml b/.github/workflows/scheduled-action-cleanup-base.yml
new file mode 100644
index 00000000000..9485dc60231
--- /dev/null
+++ b/.github/workflows/scheduled-action-cleanup-base.yml
@@ -0,0 +1,49 @@
+on:
+ workflow_call:
+ inputs:
+ repository_owners:
+ description: 'A comma-separated list of repository owners where the workflow will run. Defaults to "dotnet,microsoft".'
+ required: false
+ type: string
+ default: 'dotnet,microsoft'
+
+jobs:
+ cleanup:
+ if: ${{ contains(format('{0},', inputs.repository_owners), format('{0},', github.repository_owner)) && github.event_name == 'schedule' }}
+ runs-on: ubuntu-latest
+ permissions:
+ actions: write
+ steps:
+ - name: Cleanup workflow runs
+ uses: actions/github-script@v7
+ with:
+ script: |
+ const repo_owner = context.payload.repository.owner.login;
+ const repo_name = context.payload.repository.name;
+
+ // look up workflow from current run
+ const currentWorkflowRun = await github.rest.actions.getWorkflowRun({
+ owner: repo_owner,
+ repo: repo_name,
+ run_id: context.runId
+ });
+
+ // get runs which are 'completed' (other candidate values of status field are e.g. 'queued' and 'in_progress')
+ for await (const response of github.paginate.iterator(
+ github.rest.actions.listWorkflowRuns, {
+ owner: repo_owner,
+ repo: repo_name,
+ workflow_id: currentWorkflowRun.data.workflow_id,
+ status: 'completed'
+ }
+ )) {
+ // delete each run
+ for (const run of response.data) {
+ console.log(`Deleting workflow run ${run.id}`);
+ await github.rest.actions.deleteWorkflowRun({
+ owner: repo_owner,
+ repo: repo_name,
+ run_id: run.id
+ });
+ }
+ }
diff --git a/.vault-config/product-builds-dnceng-pipeline-secrets.yaml b/.vault-config/product-builds-dnceng-pipeline-secrets.yaml
index 717421e42e5..df07df86120 100644
--- a/.vault-config/product-builds-dnceng-pipeline-secrets.yaml
+++ b/.vault-config/product-builds-dnceng-pipeline-secrets.yaml
@@ -42,5 +42,7 @@ secrets:
description: set to never expire
# Service Principal used by the Guardian APIScan build task
- apiscan-service-principal:
- type: ad-application
+ apiscan-service-principal-app-id:
+ type: text
+ parameters:
+ description: set to never expire
diff --git a/Documentation/AzureDevOps/internal-mirror.md b/Documentation/AzureDevOps/internal-mirror.md
index 35f326e0023..1d4f21a2712 100644
--- a/Documentation/AzureDevOps/internal-mirror.md
+++ b/Documentation/AzureDevOps/internal-mirror.md
@@ -1,25 +1,33 @@
-# dev.azure.com/dnceng Internal Mirror
+# Mirroring GitHub to dev.azure.com/dnceng and dev.azure.com/devdiv
-Public code should be mirrored to dev.azure.com/dnceng/internal (see [Azure DevOps Guidance](https://github.com/dotnet/arcade/blob/master/Documentation/AzureDevOps/AzureDevOpsGuidance.md)). These are the steps for setting up your GitHub repo to mirror into dev.azure.com/dnceng/internal.
+Public code should be mirrored to dev.azure.com/dnceng/internal or dev.azure.com/dnceng/devdiv, depending on where your pipelines live. (see [Azure DevOps Guidance](https://github.com/dotnet/arcade/blob/master/Documentation/AzureDevOps/AzureDevOpsGuidance.md)). These are the steps for setting up your GitHub repo for mirroring.
-1. Add the [maestro web hook](https://github.com/dotnet/arcade/blob/main/Documentation/Maestro/web-hooks.md)
-2. Make sure you have created a repo in the dev.azure.com/dnceng/internal project that is in the format "{org}-{repo}" (replace any `/` with `-` in the GitHub repo name).
+1. Make sure you have a repo in the dev.azure.com/dnceng/internal project with a name in the format "{org}-{repo}" (replace any `/` with `-` in the GitHub repo name). Please follow up with dnceng if a repository does not exist. For DevDiv repos, the pattern is {org}-{repo}-Trusted.
- Example: github.com/dotnet/arcade => dotnet-arcade
-3. Create a PR to the dotnet/versions repo which adds data for repo and branches that you want mirrored to the [subscriptions json](https://github.com/dotnet/versions/blob/master/Maestro/subscriptions.json) file. Specifically, add a URI of the pattern `"https://github.com/{org}/{repo}/blob/{branch}/**/*"` for your GitHub repository to the `triggerPaths` list above `"action": "github-dnceng-azdo-mirror"`. Please alphabetize.
+2. Create a PR to the `dotnet-mirroring` internal repo which adds data for repo and branches that you want mirrored, to the [dnceng subscriptions json](https://dev.azure.com/dnceng/internal/_git/dotnet-mirroring?path=/dnceng-subscriptions.jsonc) or [devdiv subscriptions json](https://dev.azure.com/dnceng/internal/_git/dotnet-mirroring?path=/devdiv-subscriptions.jsonc) files. Specifically, add a URI for your GitHub repository to the `repos` object, then types of mirroring and regex branch patterns. Please alphabetize.
-```
- "https://github.com/dotnet/project-system/blob/release/**/*",
- "https://github.com/dotnet/toolset/blob/master/**/*",
- "https://github.com/dotnet/toolset/blob/release/**/*",
- "https://github.com/dotnet/roslyn/blob/master/**/*",
- "https://github.com/dotnet/roslyn/blob/release/**/*",
- "https://github.com/{org}/{repo}/blob/{branch}/**/*" // <-- insert your URI here, in alpha order.
- "https://github.com/microsoft/msbuild/blob/master/**/*",
- "https://github.com/microsoft/msbuild/blob/release/**/*",
+Example:
+```json
+ "https://github.com/dotnet/source-indexer": {
+ "fastForward": [
+ "main"
+ ]
+ },
+ "https://github.com/dotnet/sourcelink": {
+ "fastForward": [
+ "main", // Fast forward main -> main
+ "release/.*"
+ ]
+ },
+ "https://github.com/dotnet/spa-templates": {
+ "fastForward": [
+ // GitHubBranchNotFound "main",
+ "release/.*"
],
- "action": "github-dnceng-azdo-mirror",
- "actionArguments": {
-"vsoSourceBranch": "master",
+ "internalMerge": [
+ "release/.*" // Merge release/.* -> internal/release/.*
+ ]
+ },
```
diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml
index 7858671ecff..688da4f1f73 100644
--- a/eng/Version.Details.xml
+++ b/eng/Version.Details.xml
@@ -22,29 +22,29 @@
https://dev.azure.com/dnceng/internal/_git/dotnet-symuploader
d617bc8ed2787c235a57cf0dcdfd087b86ff9521
-
+
https://github.com/dotnet/templating
- 35d4d2654e2ddf43cd0161b049248b818675a1c0
+ 81ab22e8bf15861237b11d3900ff49de07ee3844
-
+
https://github.com/dotnet/arcade
- 804ee9af4eed5ca4ce5ead1bc48e388b17056cb6
+ 4a7d983f833d6b86365ea1b2b4d6ee72fbdbf944
-
+
https://github.com/dotnet/arcade
- 804ee9af4eed5ca4ce5ead1bc48e388b17056cb6
+ 4a7d983f833d6b86365ea1b2b4d6ee72fbdbf944
-
+
https://github.com/dotnet/arcade-services
- bb2172dc377157de0b70a855534d630ef6761489
+ 139ee32a7411b80eed60efec092f4394beb7ace8
-
+
https://github.com/dotnet/arcade-services
- bb2172dc377157de0b70a855534d630ef6761489
+ 139ee32a7411b80eed60efec092f4394beb7ace8
-
+
https://github.com/dotnet/xharness
- 65d0584b517952962b7a79195b5d7606b52fcbfe
+ c1a7044cbe36ea67281412766a417eece02fb3a5
https://github.com/dotnet/roslyn
@@ -124,9 +124,9 @@
39aef81ec6cffa06da9964b46d4b9e3bf2fc9979
-
+
https://github.com/dotnet/arcade
- 804ee9af4eed5ca4ce5ead1bc48e388b17056cb6
+ 4a7d983f833d6b86365ea1b2b4d6ee72fbdbf944
@@ -154,15 +154,15 @@
-
+
https://github.com/dotnet/source-build-externals
- 9a2785b8409e4ee8db848cc2fbfa19b3316a3baa
+ 311ef7fef52828f4a70a94d13e32c394fd3292ee
-
+
https://github.com/dotnet/source-build-reference-packages
- 9ae78a4e6412926d19ba97cfed159bf9de70b538
+ cc732c57199f725857c201da146525e3be6bc504
diff --git a/eng/Versions.props b/eng/Versions.props
index 7e7b59ff848..cd776f64e00 100644
--- a/eng/Versions.props
+++ b/eng/Versions.props
@@ -12,8 +12,8 @@
9.0.0-beta.24223.1
- 1.1.0-beta.24326.1
- 1.1.0-beta.24326.1
+ 1.1.0-beta.24353.2
+ 1.1.0-beta.24353.2
2.0.0-beta4.24126.1
@@ -80,10 +80,10 @@
1.1.0-beta2-19575-01
- 9.0.100-preview.7.24323.1
+ 9.0.100-preview.7.24330.2
17.5.0
- 9.0.0-prerelease.24317.3
+ 9.0.0-prerelease.24326.1
diff --git a/eng/common/core-templates/job/job.yml b/eng/common/core-templates/job/job.yml
index 7df58527978..c732bee9f4a 100644
--- a/eng/common/core-templates/job/job.yml
+++ b/eng/common/core-templates/job/job.yml
@@ -24,12 +24,11 @@ parameters:
enablePublishTestResults: false
enablePublishUsingPipelines: false
enableBuildRetry: false
- disableComponentGovernance: ''
- componentGovernanceIgnoreDirectories: ''
mergeTestResults: false
testRunTitle: ''
testResultsFormat: ''
name: ''
+ componentGovernanceSteps: []
preSteps: []
artifactPublishSteps: []
runAsPublic: false
@@ -170,17 +169,8 @@ jobs:
uploadRichNavArtifacts: ${{ coalesce(parameters.richCodeNavigationUploadArtifacts, false) }}
continueOnError: true
- - template: /eng/common/core-templates/steps/component-governance.yml
- parameters:
- is1ESPipeline: ${{ parameters.is1ESPipeline }}
- ${{ if eq(parameters.disableComponentGovernance, '') }}:
- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.runAsPublic, 'false'), or(startsWith(variables['Build.SourceBranch'], 'refs/heads/release/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/dotnet/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/microsoft/'), eq(variables['Build.SourceBranch'], 'refs/heads/main'))) }}:
- disableComponentGovernance: false
- ${{ else }}:
- disableComponentGovernance: true
- ${{ else }}:
- disableComponentGovernance: ${{ parameters.disableComponentGovernance }}
- componentGovernanceIgnoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }}
+ - ${{ each step in parameters.componentGovernanceSteps }}:
+ - ${{ step }}
- ${{ if eq(parameters.enableMicrobuild, 'true') }}:
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
@@ -190,14 +180,6 @@ jobs:
continueOnError: ${{ parameters.continueOnError }}
env:
TeamName: $(_TeamName)
- - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.enableSbom, 'true')) }}:
- - template: /eng/common/core-templates/steps/generate-sbom.yml
- parameters:
- is1ESPipeline: ${{ parameters.is1ESPipeline }}
- PackageVersion: ${{ parameters.packageVersion}}
- BuildDropPath: ${{ parameters.buildDropPath }}
- IgnoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }}
- publishArtifacts: false
# Publish test results
- ${{ if or(and(eq(parameters.enablePublishTestResults, 'true'), eq(parameters.testResultsFormat, '')), eq(parameters.testResultsFormat, 'xunit')) }}:
diff --git a/eng/common/core-templates/job/publish-build-assets.yml b/eng/common/core-templates/job/publish-build-assets.yml
index d99a1a3b284..ec3cd14191a 100644
--- a/eng/common/core-templates/job/publish-build-assets.yml
+++ b/eng/common/core-templates/job/publish-build-assets.yml
@@ -113,38 +113,19 @@ jobs:
Add-Content -Path $filePath -Value "$(DefaultChannels)"
Add-Content -Path $filePath -Value $(IsStableBuild)
- - template: /eng/common/core-templates/steps/publish-build-artifacts.yml
- parameters:
- is1ESPipeline: ${{ parameters.is1ESPipeline }}
- args:
- displayName: Publish ReleaseConfigs Artifact
- pathToPublish: '$(Build.StagingDirectory)/ReleaseConfigs'
- publishLocation: Container
- artifactName: ReleaseConfigs
-
- - task: powershell@2
- displayName: Check if SymbolPublishingExclusionsFile.txt exists
- inputs:
- targetType: inline
- script: |
$symbolExclusionfile = "$(Build.SourcesDirectory)/eng/SymbolPublishingExclusionsFile.txt"
- if(Test-Path -Path $symbolExclusionfile)
+ if (Test-Path -Path $symbolExclusionfile)
{
Write-Host "SymbolExclusionFile exists"
- Write-Host "##vso[task.setvariable variable=SymbolExclusionFile]true"
- }
- else{
- Write-Host "Symbols Exclusion file does not exist"
- Write-Host "##vso[task.setvariable variable=SymbolExclusionFile]false"
+ Copy-Item -Path $symbolExclusionfile -Destination "$(Build.StagingDirectory)/ReleaseConfigs"
}
- template: /eng/common/core-templates/steps/publish-build-artifacts.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
args:
- displayName: Publish SymbolPublishingExclusionsFile Artifact
- condition: eq(variables['SymbolExclusionFile'], 'true')
- pathToPublish: '$(Build.SourcesDirectory)/eng/SymbolPublishingExclusionsFile.txt'
+ displayName: Publish ReleaseConfigs Artifact
+ pathToPublish: '$(Build.StagingDirectory)/ReleaseConfigs'
publishLocation: Container
artifactName: ReleaseConfigs
diff --git a/eng/common/core-templates/job/source-index-stage1.yml b/eng/common/core-templates/job/source-index-stage1.yml
index 8328e52ab10..945c1c19e82 100644
--- a/eng/common/core-templates/job/source-index-stage1.yml
+++ b/eng/common/core-templates/job/source-index-stage1.yml
@@ -69,23 +69,11 @@ jobs:
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
- task: AzureCLI@2
- displayName: Get stage 1 auth token
+ displayName: Log in to Azure and upload stage1 artifacts to source index
inputs:
azureSubscription: 'SourceDotNet Stage1 Publish'
addSpnToEnvironment: true
scriptType: 'ps'
scriptLocation: 'inlineScript'
inlineScript: |
- echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$env:servicePrincipalId"
- echo "##vso[task.setvariable variable=ARM_ID_TOKEN]$env:idToken"
- echo "##vso[task.setvariable variable=ARM_TENANT_ID]$env:tenantId"
-
- - script: |
- echo "Client ID: $(ARM_CLIENT_ID)"
- echo "ID Token: $(ARM_ID_TOKEN)"
- echo "Tenant ID: $(ARM_TENANT_ID)"
- az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)
- displayName: "Login to Azure"
-
- - script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) -s netsourceindexstage1 -b stage1
- displayName: Upload stage1 artifacts to source index
+ $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) -s netsourceindexstage1 -b stage1
diff --git a/eng/common/core-templates/steps/component-governance.yml b/eng/common/core-templates/steps/component-governance.yml
index b8815892a5e..cf0649aa956 100644
--- a/eng/common/core-templates/steps/component-governance.yml
+++ b/eng/common/core-templates/steps/component-governance.yml
@@ -13,4 +13,4 @@ steps:
continueOnError: true
displayName: ${{ parameters.displayName }}
inputs:
- ignoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }}
\ No newline at end of file
+ ignoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }}
diff --git a/eng/common/templates/job/job.yml b/eng/common/templates/job/job.yml
index 5920952c5ba..8da477dd69f 100644
--- a/eng/common/templates/job/job.yml
+++ b/eng/common/templates/job/job.yml
@@ -1,5 +1,11 @@
parameters:
enablePublishBuildArtifacts: false
+ disableComponentGovernance: ''
+ componentGovernanceIgnoreDirectories: ''
+# Sbom related params
+ enableSbom: true
+ PackageVersion: 9.0.0
+ BuildDropPath: '$(Build.SourcesDirectory)/artifacts'
jobs:
- template: /eng/common/core-templates/job/job.yml
@@ -13,6 +19,26 @@ jobs:
steps:
- ${{ each step in parameters.steps }}:
- ${{ step }}
+
+ componentGovernanceSteps:
+ - template: /eng/common/templates/steps/component-governance.yml
+ parameters:
+ ${{ if eq(parameters.disableComponentGovernance, '') }}:
+ ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.runAsPublic, 'false'), or(startsWith(variables['Build.SourceBranch'], 'refs/heads/release/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/dotnet/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/microsoft/'), eq(variables['Build.SourceBranch'], 'refs/heads/main'))) }}:
+ disableComponentGovernance: false
+ ${{ else }}:
+ disableComponentGovernance: true
+ ${{ else }}:
+ disableComponentGovernance: ${{ parameters.disableComponentGovernance }}
+ componentGovernanceIgnoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }}
+
+ - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.enableSbom, 'true')) }}:
+ - template: /eng/common/templates/steps/generate-sbom.yml
+ parameters:
+ PackageVersion: ${{ parameters.packageVersion }}
+ BuildDropPath: ${{ parameters.buildDropPath }}
+ publishArtifacts: false
+
artifactPublishSteps:
- ${{ if ne(parameters.artifacts.publish, '') }}:
diff --git a/eng/publishing/v3/publish.yml b/eng/publishing/v3/publish.yml
index 65f4dd763bf..b7ec5bdd682 100644
--- a/eng/publishing/v3/publish.yml
+++ b/eng/publishing/v3/publish.yml
@@ -13,7 +13,6 @@ stages:
timeoutInMinutes: 120
variables:
- group: DotNet-Symbol-Server-Pats
- - group: DotNetBuilds storage account tokens
- group: AzureDevOps-Artifact-Feeds-Pats
- group: Publish-Build-Assets
diff --git a/global.json b/global.json
index b40dc7c3527..833a79b1931 100644
--- a/global.json
+++ b/global.json
@@ -7,8 +7,8 @@
"dotnet": "9.0.100-preview.5.24307.3"
},
"msbuild-sdks": {
- "Microsoft.DotNet.Arcade.Sdk": "9.0.0-beta.24326.1",
- "Microsoft.DotNet.Helix.Sdk": "9.0.0-beta.24326.1",
+ "Microsoft.DotNet.Arcade.Sdk": "9.0.0-beta.24352.2",
+ "Microsoft.DotNet.Helix.Sdk": "9.0.0-beta.24352.2",
"Microsoft.Build.NoTargets": "3.7.0"
}
}
diff --git a/src/Microsoft.DotNet.Arcade.Sdk/tools/VisualStudio.VsixBuild.targets b/src/Microsoft.DotNet.Arcade.Sdk/tools/VisualStudio.VsixBuild.targets
index e1a1c2fb732..420f52f49be 100644
--- a/src/Microsoft.DotNet.Arcade.Sdk/tools/VisualStudio.VsixBuild.targets
+++ b/src/Microsoft.DotNet.Arcade.Sdk/tools/VisualStudio.VsixBuild.targets
@@ -287,7 +287,18 @@
-
+ <_InputVSIXSourceItem Include="@(VSIXSourceItem)" />
+ <_InputVSIXSourceItem Remove="@(IntermediateAssembly)" />
+ <_InputVSIXSourceItem Remove="@(AddModules)" />
+ <_InputVSIXSourceItem Remove="$(IntermediateOutputPath)$(_SGenDllName)" />
+ <_InputVSIXSourceItem Remove="@(_DebugSymbolsIntermediatePath)" />
+ <_InputVSIXSourceItem Remove="@(DocFileItem)" />
+ <_InputVSIXSourceItem Remove="@(SatelliteDllsProjectOutputGroupOutput->'%(FinalOutputPath)')" />
+ <_InputVSIXSourceItem Remove="@(SatelliteDllsProjectOutputGroupOutput)" />
+ <_InputVSIXSourceItem Remove="$(IntermediateOutputPath)$(TargetName).pkgdef" />
+ <_InputVSIXSourceItem Remove="@(_GeneratedExtensionJson)" />
+
+