From be1b64440ab2a15589554db90911b651bdf1e206 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Ros?= Date: Thu, 27 Jun 2024 10:44:40 -0700 Subject: [PATCH 01/10] Update internal mirror instructions (#14906) Co-authored-by: Matt Mitchell --- Documentation/AzureDevOps/internal-mirror.md | 42 ++++++++++++-------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/Documentation/AzureDevOps/internal-mirror.md b/Documentation/AzureDevOps/internal-mirror.md index 35f326e0023..1d4f21a2712 100644 --- a/Documentation/AzureDevOps/internal-mirror.md +++ b/Documentation/AzureDevOps/internal-mirror.md @@ -1,25 +1,33 @@ -# dev.azure.com/dnceng Internal Mirror +# Mirroring GitHub to dev.azure.com/dnceng and dev.azure.com/devdiv -Public code should be mirrored to dev.azure.com/dnceng/internal (see [Azure DevOps Guidance](https://github.com/dotnet/arcade/blob/master/Documentation/AzureDevOps/AzureDevOpsGuidance.md)). These are the steps for setting up your GitHub repo to mirror into dev.azure.com/dnceng/internal. +Public code should be mirrored to dev.azure.com/dnceng/internal or dev.azure.com/dnceng/devdiv, depending on where your pipelines live. (see [Azure DevOps Guidance](https://github.com/dotnet/arcade/blob/master/Documentation/AzureDevOps/AzureDevOpsGuidance.md)). These are the steps for setting up your GitHub repo for mirroring. -1. Add the [maestro web hook](https://github.com/dotnet/arcade/blob/main/Documentation/Maestro/web-hooks.md) -2. Make sure you have created a repo in the dev.azure.com/dnceng/internal project that is in the format "{org}-{repo}" (replace any `/` with `-` in the GitHub repo name). +1. Make sure you have a repo in the dev.azure.com/dnceng/internal project with a name in the format "{org}-{repo}" (replace any `/` with `-` in the GitHub repo name). Please follow up with dnceng if a repository does not exist. For DevDiv repos, the pattern is {org}-{repo}-Trusted. - Example: github.com/dotnet/arcade => dotnet-arcade -3. Create a PR to the dotnet/versions repo which adds data for repo and branches that you want mirrored to the [subscriptions json](https://github.com/dotnet/versions/blob/master/Maestro/subscriptions.json) file. Specifically, add a URI of the pattern `"https://github.com/{org}/{repo}/blob/{branch}/**/*"` for your GitHub repository to the `triggerPaths` list above `"action": "github-dnceng-azdo-mirror"`. Please alphabetize. +2. Create a PR to the `dotnet-mirroring` internal repo which adds data for repo and branches that you want mirrored, to the [dnceng subscriptions json](https://dev.azure.com/dnceng/internal/_git/dotnet-mirroring?path=/dnceng-subscriptions.jsonc) or [devdiv subscriptions json](https://dev.azure.com/dnceng/internal/_git/dotnet-mirroring?path=/devdiv-subscriptions.jsonc) files. Specifically, add a URI for your GitHub repository to the `repos` object, then types of mirroring and regex branch patterns. Please alphabetize. -``` - "https://github.com/dotnet/project-system/blob/release/**/*", - "https://github.com/dotnet/toolset/blob/master/**/*", - "https://github.com/dotnet/toolset/blob/release/**/*", - "https://github.com/dotnet/roslyn/blob/master/**/*", - "https://github.com/dotnet/roslyn/blob/release/**/*", - "https://github.com/{org}/{repo}/blob/{branch}/**/*" // <-- insert your URI here, in alpha order. - "https://github.com/microsoft/msbuild/blob/master/**/*", - "https://github.com/microsoft/msbuild/blob/release/**/*", +Example: +```json + "https://github.com/dotnet/source-indexer": { + "fastForward": [ + "main" + ] + }, + "https://github.com/dotnet/sourcelink": { + "fastForward": [ + "main", // Fast forward main -> main + "release/.*" + ] + }, + "https://github.com/dotnet/spa-templates": { + "fastForward": [ + // GitHubBranchNotFound "main", + "release/.*" ], - "action": "github-dnceng-azdo-mirror", - "actionArguments": { -"vsoSourceBranch": "master", + "internalMerge": [ + "release/.*" // Merge release/.* -> internal/release/.* + ] + }, ``` From af039fad228e3a73db6b5411abd6676b191d869f Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" <42748379+dotnet-maestro[bot]@users.noreply.github.com> Date: Fri, 28 Jun 2024 14:16:12 +0000 Subject: [PATCH 02/10] [main] Update dependencies from dotnet/arcade, dotnet/arcade-services, dotnet/source-build-externals, dotnet/source-build-reference-packages (#14907) [main] Update dependencies from dotnet/arcade, dotnet/arcade-services, dotnet/source-build-externals, dotnet/source-build-reference-packages --- eng/Version.Details.xml | 28 ++++++++++++++-------------- eng/Versions.props | 4 ++-- global.json | 4 ++-- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 7858671ecff..828fcf2a374 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -26,21 +26,21 @@ https://github.com/dotnet/templating 35d4d2654e2ddf43cd0161b049248b818675a1c0 - + https://github.com/dotnet/arcade - 804ee9af4eed5ca4ce5ead1bc48e388b17056cb6 + ede13bd35571c0c8b0c01edcb057031904c5c955 - + https://github.com/dotnet/arcade - 804ee9af4eed5ca4ce5ead1bc48e388b17056cb6 + ede13bd35571c0c8b0c01edcb057031904c5c955 - + https://github.com/dotnet/arcade-services - bb2172dc377157de0b70a855534d630ef6761489 + 50d348db96960cbfcd79e869fb7d3b8a9e62e5e4 - + https://github.com/dotnet/arcade-services - bb2172dc377157de0b70a855534d630ef6761489 + 50d348db96960cbfcd79e869fb7d3b8a9e62e5e4 https://github.com/dotnet/xharness @@ -124,9 +124,9 @@ 39aef81ec6cffa06da9964b46d4b9e3bf2fc9979 - + https://github.com/dotnet/arcade - 804ee9af4eed5ca4ce5ead1bc48e388b17056cb6 + ede13bd35571c0c8b0c01edcb057031904c5c955 @@ -154,15 +154,15 @@ - + https://github.com/dotnet/source-build-externals - 9a2785b8409e4ee8db848cc2fbfa19b3316a3baa + 311ef7fef52828f4a70a94d13e32c394fd3292ee - + https://github.com/dotnet/source-build-reference-packages - 9ae78a4e6412926d19ba97cfed159bf9de70b538 + 0b53e839fa2f09a5994cc6006533dcc3d45a4226 diff --git a/eng/Versions.props b/eng/Versions.props index 7e7b59ff848..53037e43e26 100644 --- a/eng/Versions.props +++ b/eng/Versions.props @@ -12,8 +12,8 @@ 9.0.0-beta.24223.1 - 1.1.0-beta.24326.1 - 1.1.0-beta.24326.1 + 1.1.0-beta.24327.2 + 1.1.0-beta.24327.2 2.0.0-beta4.24126.1 diff --git a/global.json b/global.json index b40dc7c3527..92c78f11875 100644 --- a/global.json +++ b/global.json @@ -7,8 +7,8 @@ "dotnet": "9.0.100-preview.5.24307.3" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "9.0.0-beta.24326.1", - "Microsoft.DotNet.Helix.Sdk": "9.0.0-beta.24326.1", + "Microsoft.DotNet.Arcade.Sdk": "9.0.0-beta.24327.1", + "Microsoft.DotNet.Helix.Sdk": "9.0.0-beta.24327.1", "Microsoft.Build.NoTargets": "3.7.0" } } From ac6857c640d4e97b56ab722d9428d14ac0ea2739 Mon Sep 17 00:00:00 2001 From: Sam Harwell Date: Mon, 1 Jul 2024 15:48:43 -0500 Subject: [PATCH 03/10] Build outputs are not up-to-date inputs (#14900) --- .../tools/VisualStudio.VsixBuild.targets | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/Microsoft.DotNet.Arcade.Sdk/tools/VisualStudio.VsixBuild.targets b/src/Microsoft.DotNet.Arcade.Sdk/tools/VisualStudio.VsixBuild.targets index e1a1c2fb732..420f52f49be 100644 --- a/src/Microsoft.DotNet.Arcade.Sdk/tools/VisualStudio.VsixBuild.targets +++ b/src/Microsoft.DotNet.Arcade.Sdk/tools/VisualStudio.VsixBuild.targets @@ -287,7 +287,18 @@ - + <_InputVSIXSourceItem Include="@(VSIXSourceItem)" /> + <_InputVSIXSourceItem Remove="@(IntermediateAssembly)" /> + <_InputVSIXSourceItem Remove="@(AddModules)" /> + <_InputVSIXSourceItem Remove="$(IntermediateOutputPath)$(_SGenDllName)" /> + <_InputVSIXSourceItem Remove="@(_DebugSymbolsIntermediatePath)" /> + <_InputVSIXSourceItem Remove="@(DocFileItem)" /> + <_InputVSIXSourceItem Remove="@(SatelliteDllsProjectOutputGroupOutput->'%(FinalOutputPath)')" /> + <_InputVSIXSourceItem Remove="@(SatelliteDllsProjectOutputGroupOutput)" /> + <_InputVSIXSourceItem Remove="$(IntermediateOutputPath)$(TargetName).pkgdef" /> + <_InputVSIXSourceItem Remove="@(_GeneratedExtensionJson)" /> + + From df3f1c4f487ba02dc74560525ab02d1e9c6b889b Mon Sep 17 00:00:00 2001 From: Jo Shields Date: Mon, 1 Jul 2024 17:33:26 -0400 Subject: [PATCH 04/10] Don't round-trip download through service principal login during stage 1 upload (#14912) --- .../core-templates/job/source-index-stage1.yml | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/eng/common/core-templates/job/source-index-stage1.yml b/eng/common/core-templates/job/source-index-stage1.yml index 8328e52ab10..945c1c19e82 100644 --- a/eng/common/core-templates/job/source-index-stage1.yml +++ b/eng/common/core-templates/job/source-index-stage1.yml @@ -69,23 +69,11 @@ jobs: - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - task: AzureCLI@2 - displayName: Get stage 1 auth token + displayName: Log in to Azure and upload stage1 artifacts to source index inputs: azureSubscription: 'SourceDotNet Stage1 Publish' addSpnToEnvironment: true scriptType: 'ps' scriptLocation: 'inlineScript' inlineScript: | - echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$env:servicePrincipalId" - echo "##vso[task.setvariable variable=ARM_ID_TOKEN]$env:idToken" - echo "##vso[task.setvariable variable=ARM_TENANT_ID]$env:tenantId" - - - script: | - echo "Client ID: $(ARM_CLIENT_ID)" - echo "ID Token: $(ARM_ID_TOKEN)" - echo "Tenant ID: $(ARM_TENANT_ID)" - az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN) - displayName: "Login to Azure" - - - script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) -s netsourceindexstage1 -b stage1 - displayName: Upload stage1 artifacts to source index + $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) -s netsourceindexstage1 -b stage1 From 48f3eafb2fa9dddb1ca655b9ea96ebf4b5a2ba0a Mon Sep 17 00:00:00 2001 From: Jeremy Koritzinsky Date: Mon, 1 Jul 2024 21:17:41 -0700 Subject: [PATCH 05/10] Don't manually run SDL checks that 1ES pipelines inject when using 1ES pipelines (#14872) --- eng/common/core-templates/job/job.yml | 24 +++-------------- .../steps/component-governance.yml | 2 +- eng/common/templates/job/job.yml | 26 +++++++++++++++++++ 3 files changed, 30 insertions(+), 22 deletions(-) diff --git a/eng/common/core-templates/job/job.yml b/eng/common/core-templates/job/job.yml index 7df58527978..c732bee9f4a 100644 --- a/eng/common/core-templates/job/job.yml +++ b/eng/common/core-templates/job/job.yml @@ -24,12 +24,11 @@ parameters: enablePublishTestResults: false enablePublishUsingPipelines: false enableBuildRetry: false - disableComponentGovernance: '' - componentGovernanceIgnoreDirectories: '' mergeTestResults: false testRunTitle: '' testResultsFormat: '' name: '' + componentGovernanceSteps: [] preSteps: [] artifactPublishSteps: [] runAsPublic: false @@ -170,17 +169,8 @@ jobs: uploadRichNavArtifacts: ${{ coalesce(parameters.richCodeNavigationUploadArtifacts, false) }} continueOnError: true - - template: /eng/common/core-templates/steps/component-governance.yml - parameters: - is1ESPipeline: ${{ parameters.is1ESPipeline }} - ${{ if eq(parameters.disableComponentGovernance, '') }}: - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.runAsPublic, 'false'), or(startsWith(variables['Build.SourceBranch'], 'refs/heads/release/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/dotnet/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/microsoft/'), eq(variables['Build.SourceBranch'], 'refs/heads/main'))) }}: - disableComponentGovernance: false - ${{ else }}: - disableComponentGovernance: true - ${{ else }}: - disableComponentGovernance: ${{ parameters.disableComponentGovernance }} - componentGovernanceIgnoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }} + - ${{ each step in parameters.componentGovernanceSteps }}: + - ${{ step }} - ${{ if eq(parameters.enableMicrobuild, 'true') }}: - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: @@ -190,14 +180,6 @@ jobs: continueOnError: ${{ parameters.continueOnError }} env: TeamName: $(_TeamName) - - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.enableSbom, 'true')) }}: - - template: /eng/common/core-templates/steps/generate-sbom.yml - parameters: - is1ESPipeline: ${{ parameters.is1ESPipeline }} - PackageVersion: ${{ parameters.packageVersion}} - BuildDropPath: ${{ parameters.buildDropPath }} - IgnoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }} - publishArtifacts: false # Publish test results - ${{ if or(and(eq(parameters.enablePublishTestResults, 'true'), eq(parameters.testResultsFormat, '')), eq(parameters.testResultsFormat, 'xunit')) }}: diff --git a/eng/common/core-templates/steps/component-governance.yml b/eng/common/core-templates/steps/component-governance.yml index b8815892a5e..cf0649aa956 100644 --- a/eng/common/core-templates/steps/component-governance.yml +++ b/eng/common/core-templates/steps/component-governance.yml @@ -13,4 +13,4 @@ steps: continueOnError: true displayName: ${{ parameters.displayName }} inputs: - ignoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }} \ No newline at end of file + ignoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }} diff --git a/eng/common/templates/job/job.yml b/eng/common/templates/job/job.yml index 5920952c5ba..8da477dd69f 100644 --- a/eng/common/templates/job/job.yml +++ b/eng/common/templates/job/job.yml @@ -1,5 +1,11 @@ parameters: enablePublishBuildArtifacts: false + disableComponentGovernance: '' + componentGovernanceIgnoreDirectories: '' +# Sbom related params + enableSbom: true + PackageVersion: 9.0.0 + BuildDropPath: '$(Build.SourcesDirectory)/artifacts' jobs: - template: /eng/common/core-templates/job/job.yml @@ -13,6 +19,26 @@ jobs: steps: - ${{ each step in parameters.steps }}: - ${{ step }} + + componentGovernanceSteps: + - template: /eng/common/templates/steps/component-governance.yml + parameters: + ${{ if eq(parameters.disableComponentGovernance, '') }}: + ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.runAsPublic, 'false'), or(startsWith(variables['Build.SourceBranch'], 'refs/heads/release/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/dotnet/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/microsoft/'), eq(variables['Build.SourceBranch'], 'refs/heads/main'))) }}: + disableComponentGovernance: false + ${{ else }}: + disableComponentGovernance: true + ${{ else }}: + disableComponentGovernance: ${{ parameters.disableComponentGovernance }} + componentGovernanceIgnoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }} + + - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.enableSbom, 'true')) }}: + - template: /eng/common/templates/steps/generate-sbom.yml + parameters: + PackageVersion: ${{ parameters.packageVersion }} + BuildDropPath: ${{ parameters.buildDropPath }} + publishArtifacts: false + artifactPublishSteps: - ${{ if ne(parameters.artifacts.publish, '') }}: From dcfed4d3fc3503c6c093d0b250b2f67f0630425d Mon Sep 17 00:00:00 2001 From: Jeremy Koritzinsky Date: Tue, 2 Jul 2024 08:13:48 -0700 Subject: [PATCH 06/10] Split out the "cleanup actions on a schedule" action so other comment-based actions can reuse it (#14911) --- .github/workflows/backport-base.yml | 41 ++-------------- .../scheduled-action-cleanup-base.yml | 49 +++++++++++++++++++ 2 files changed, 52 insertions(+), 38 deletions(-) create mode 100644 .github/workflows/scheduled-action-cleanup-base.yml diff --git a/.github/workflows/backport-base.yml b/.github/workflows/backport-base.yml index 0dfeeb46fbe..1ef310f21bb 100644 --- a/.github/workflows/backport-base.yml +++ b/.github/workflows/backport-base.yml @@ -22,44 +22,9 @@ on: jobs: cleanup: - if: ${{ contains(format('{0},', inputs.repository_owners), format('{0},', github.repository_owner)) && github.event_name == 'schedule' }} - runs-on: ubuntu-latest - permissions: - actions: write - steps: - - name: Cleanup workflow runs - uses: actions/github-script@v7 - with: - script: | - const repo_owner = context.payload.repository.owner.login; - const repo_name = context.payload.repository.name; - - // look up workflow from current run - const currentWorkflowRun = await github.rest.actions.getWorkflowRun({ - owner: repo_owner, - repo: repo_name, - run_id: context.runId - }); - - // get runs which are 'completed' (other candidate values of status field are e.g. 'queued' and 'in_progress') - for await (const response of github.paginate.iterator( - github.rest.actions.listWorkflowRuns, { - owner: repo_owner, - repo: repo_name, - workflow_id: currentWorkflowRun.data.workflow_id, - status: 'completed' - } - )) { - // delete each run - for (const run of response.data) { - console.log(`Deleting workflow run ${run.id}`); - await github.rest.actions.deleteWorkflowRun({ - owner: repo_owner, - repo: repo_name, - run_id: run.id - }); - } - } + uses: dotnet/arcade/.github/workflows/scheduled-action-cleanup-base.yml@main + with: + repository_owners: ${{ inputs.repository_owners }} run_backport: if: ${{ contains(format('{0},', inputs.repository_owners), format('{0},', github.repository_owner)) && github.event.issue.pull_request != '' && contains(github.event.comment.body, '/backport to') }} diff --git a/.github/workflows/scheduled-action-cleanup-base.yml b/.github/workflows/scheduled-action-cleanup-base.yml new file mode 100644 index 00000000000..9485dc60231 --- /dev/null +++ b/.github/workflows/scheduled-action-cleanup-base.yml @@ -0,0 +1,49 @@ +on: + workflow_call: + inputs: + repository_owners: + description: 'A comma-separated list of repository owners where the workflow will run. Defaults to "dotnet,microsoft".' + required: false + type: string + default: 'dotnet,microsoft' + +jobs: + cleanup: + if: ${{ contains(format('{0},', inputs.repository_owners), format('{0},', github.repository_owner)) && github.event_name == 'schedule' }} + runs-on: ubuntu-latest + permissions: + actions: write + steps: + - name: Cleanup workflow runs + uses: actions/github-script@v7 + with: + script: | + const repo_owner = context.payload.repository.owner.login; + const repo_name = context.payload.repository.name; + + // look up workflow from current run + const currentWorkflowRun = await github.rest.actions.getWorkflowRun({ + owner: repo_owner, + repo: repo_name, + run_id: context.runId + }); + + // get runs which are 'completed' (other candidate values of status field are e.g. 'queued' and 'in_progress') + for await (const response of github.paginate.iterator( + github.rest.actions.listWorkflowRuns, { + owner: repo_owner, + repo: repo_name, + workflow_id: currentWorkflowRun.data.workflow_id, + status: 'completed' + } + )) { + // delete each run + for (const run of response.data) { + console.log(`Deleting workflow run ${run.id}`); + await github.rest.actions.deleteWorkflowRun({ + owner: repo_owner, + repo: repo_name, + run_id: run.id + }); + } + } From 4a7d983f833d6b86365ea1b2b4d6ee72fbdbf944 Mon Sep 17 00:00:00 2001 From: Matt Mitchell Date: Tue, 2 Jul 2024 14:50:31 -0700 Subject: [PATCH 07/10] Remove storage account tokens (#14915) --- eng/publishing/v3/publish.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/eng/publishing/v3/publish.yml b/eng/publishing/v3/publish.yml index 65f4dd763bf..b7ec5bdd682 100644 --- a/eng/publishing/v3/publish.yml +++ b/eng/publishing/v3/publish.yml @@ -13,7 +13,6 @@ stages: timeoutInMinutes: 120 variables: - group: DotNet-Symbol-Server-Pats - - group: DotNetBuilds storage account tokens - group: AzureDevOps-Artifact-Feeds-Pats - group: Publish-Build-Assets From 76f733ee57811c38bb5b8e1ac9c6c50e92bc5dc9 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" <42748379+dotnet-maestro[bot]@users.noreply.github.com> Date: Thu, 4 Jul 2024 17:50:06 +0200 Subject: [PATCH 08/10] [main] Update dependencies from dotnet/arcade, dotnet/arcade-services, dotnet/source-build-reference-packages, dotnet/templating, dotnet/xharness (#14909) Co-authored-by: dotnet-maestro[bot] --- eng/Version.Details.xml | 32 ++++++++++++++++---------------- eng/Versions.props | 8 ++++---- global.json | 4 ++-- 3 files changed, 22 insertions(+), 22 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 828fcf2a374..688da4f1f73 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -22,29 +22,29 @@ https://dev.azure.com/dnceng/internal/_git/dotnet-symuploader d617bc8ed2787c235a57cf0dcdfd087b86ff9521 - + https://github.com/dotnet/templating - 35d4d2654e2ddf43cd0161b049248b818675a1c0 + 81ab22e8bf15861237b11d3900ff49de07ee3844 - + https://github.com/dotnet/arcade - ede13bd35571c0c8b0c01edcb057031904c5c955 + 4a7d983f833d6b86365ea1b2b4d6ee72fbdbf944 - + https://github.com/dotnet/arcade - ede13bd35571c0c8b0c01edcb057031904c5c955 + 4a7d983f833d6b86365ea1b2b4d6ee72fbdbf944 - + https://github.com/dotnet/arcade-services - 50d348db96960cbfcd79e869fb7d3b8a9e62e5e4 + 139ee32a7411b80eed60efec092f4394beb7ace8 - + https://github.com/dotnet/arcade-services - 50d348db96960cbfcd79e869fb7d3b8a9e62e5e4 + 139ee32a7411b80eed60efec092f4394beb7ace8 - + https://github.com/dotnet/xharness - 65d0584b517952962b7a79195b5d7606b52fcbfe + c1a7044cbe36ea67281412766a417eece02fb3a5 https://github.com/dotnet/roslyn @@ -124,9 +124,9 @@ 39aef81ec6cffa06da9964b46d4b9e3bf2fc9979 - + https://github.com/dotnet/arcade - ede13bd35571c0c8b0c01edcb057031904c5c955 + 4a7d983f833d6b86365ea1b2b4d6ee72fbdbf944 @@ -160,9 +160,9 @@ - + https://github.com/dotnet/source-build-reference-packages - 0b53e839fa2f09a5994cc6006533dcc3d45a4226 + cc732c57199f725857c201da146525e3be6bc504 diff --git a/eng/Versions.props b/eng/Versions.props index 53037e43e26..cd776f64e00 100644 --- a/eng/Versions.props +++ b/eng/Versions.props @@ -12,8 +12,8 @@ 9.0.0-beta.24223.1 - 1.1.0-beta.24327.2 - 1.1.0-beta.24327.2 + 1.1.0-beta.24353.2 + 1.1.0-beta.24353.2 2.0.0-beta4.24126.1 @@ -80,10 +80,10 @@ 1.1.0-beta2-19575-01 - 9.0.100-preview.7.24323.1 + 9.0.100-preview.7.24330.2 17.5.0 - 9.0.0-prerelease.24317.3 + 9.0.0-prerelease.24326.1 diff --git a/global.json b/global.json index 92c78f11875..833a79b1931 100644 --- a/global.json +++ b/global.json @@ -7,8 +7,8 @@ "dotnet": "9.0.100-preview.5.24307.3" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "9.0.0-beta.24327.1", - "Microsoft.DotNet.Helix.Sdk": "9.0.0-beta.24327.1", + "Microsoft.DotNet.Arcade.Sdk": "9.0.0-beta.24352.2", + "Microsoft.DotNet.Helix.Sdk": "9.0.0-beta.24352.2", "Microsoft.Build.NoTargets": "3.7.0" } } From 9ed291f25d3a56ca6738b0bdbb3fb653396f65de Mon Sep 17 00:00:00 2001 From: Matt Mitchell Date: Tue, 9 Jul 2024 08:28:07 -0700 Subject: [PATCH 09/10] Remove APISCan SP and replace with just ID (#14898) --- .vault-config/product-builds-dnceng-pipeline-secrets.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.vault-config/product-builds-dnceng-pipeline-secrets.yaml b/.vault-config/product-builds-dnceng-pipeline-secrets.yaml index 717421e42e5..df07df86120 100644 --- a/.vault-config/product-builds-dnceng-pipeline-secrets.yaml +++ b/.vault-config/product-builds-dnceng-pipeline-secrets.yaml @@ -42,5 +42,7 @@ secrets: description: set to never expire # Service Principal used by the Guardian APIScan build task - apiscan-service-principal: - type: ad-application + apiscan-service-principal-app-id: + type: text + parameters: + description: set to never expire From f20056daa31b4a08f2ce379cfe4610042c3bc26c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20K=C3=B6plinger?= Date: Wed, 10 Jul 2024 09:35:53 +0200 Subject: [PATCH 10/10] Inline publishing SymbolPublishingExclusionsFile.txt into ReleaseConfigs (#14920) We were publishing SymbolPublishingExclusionsFile.txt in a separate step which results in 1ES PT running SBOM generation on the artifact which fails in the dotnet/runtime repo: > BuildDropPath 'D:\a\_work\1\s\eng\SymbolPublishingExclusionsFile.txt' must be a directory, not a file Since we're just uploading it into the ReleaseConfigs container we can just copy the file when we create that artifact a few lines above. --- .../job/publish-build-assets.yml | 27 +++---------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/eng/common/core-templates/job/publish-build-assets.yml b/eng/common/core-templates/job/publish-build-assets.yml index d99a1a3b284..ec3cd14191a 100644 --- a/eng/common/core-templates/job/publish-build-assets.yml +++ b/eng/common/core-templates/job/publish-build-assets.yml @@ -113,38 +113,19 @@ jobs: Add-Content -Path $filePath -Value "$(DefaultChannels)" Add-Content -Path $filePath -Value $(IsStableBuild) - - template: /eng/common/core-templates/steps/publish-build-artifacts.yml - parameters: - is1ESPipeline: ${{ parameters.is1ESPipeline }} - args: - displayName: Publish ReleaseConfigs Artifact - pathToPublish: '$(Build.StagingDirectory)/ReleaseConfigs' - publishLocation: Container - artifactName: ReleaseConfigs - - - task: powershell@2 - displayName: Check if SymbolPublishingExclusionsFile.txt exists - inputs: - targetType: inline - script: | $symbolExclusionfile = "$(Build.SourcesDirectory)/eng/SymbolPublishingExclusionsFile.txt" - if(Test-Path -Path $symbolExclusionfile) + if (Test-Path -Path $symbolExclusionfile) { Write-Host "SymbolExclusionFile exists" - Write-Host "##vso[task.setvariable variable=SymbolExclusionFile]true" - } - else{ - Write-Host "Symbols Exclusion file does not exist" - Write-Host "##vso[task.setvariable variable=SymbolExclusionFile]false" + Copy-Item -Path $symbolExclusionfile -Destination "$(Build.StagingDirectory)/ReleaseConfigs" } - template: /eng/common/core-templates/steps/publish-build-artifacts.yml parameters: is1ESPipeline: ${{ parameters.is1ESPipeline }} args: - displayName: Publish SymbolPublishingExclusionsFile Artifact - condition: eq(variables['SymbolExclusionFile'], 'true') - pathToPublish: '$(Build.SourcesDirectory)/eng/SymbolPublishingExclusionsFile.txt' + displayName: Publish ReleaseConfigs Artifact + pathToPublish: '$(Build.StagingDirectory)/ReleaseConfigs' publishLocation: Container artifactName: ReleaseConfigs