From 13ad122c05c6fe315f3b4013780e56a6962eb926 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Tue, 7 May 2024 12:43:30 +0000 Subject: [PATCH 01/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240506.1 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24251.1 -> To Version 8.0.0-alpha.1.24256.1 --- eng/Version.Details.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index f778e9ec066..44deceb34f7 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -6,9 +6,9 @@ 2b7510ccda2be01e2a2b48598498dca24fb69c3a - + https://github.com/dotnet/source-build-reference-packages - 6f814daa935e08b578b1c0c65a1f26ea3317f517 + 704a4d36dce09e9915c9916731392c4e6eeeb487 From e8bc3a82cdbb1e65ca9f715374dc3836fd210234 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Wed, 8 May 2024 12:41:38 +0000 Subject: [PATCH 02/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240507.2 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24256.1 -> To Version 8.0.0-alpha.1.24257.2 --- eng/Version.Details.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 44deceb34f7..9eeb1ce1f08 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -6,9 +6,9 @@ 2b7510ccda2be01e2a2b48598498dca24fb69c3a - + https://github.com/dotnet/source-build-reference-packages - 704a4d36dce09e9915c9916731392c4e6eeeb487 + 6ed73280a6d70f7e7ac39c86f2abe8c10983f0bb From a1598b151423bae3bb3015bdf6e12afb7eb531d6 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Mon, 13 May 2024 14:01:32 +0000 Subject: [PATCH 03/38] Update dependencies from https://github.com/dotnet/source-build-externals build 20240513.1 Microsoft.SourceBuild.Intermediate.source-build-externals From Version 8.0.0-alpha.1.24256.1 -> To Version 8.0.0-alpha.1.24263.1 --- eng/Version.Details.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 9eeb1ce1f08..8981fad7c8e 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -1,9 +1,9 @@ - + https://github.com/dotnet/source-build-externals - 2b7510ccda2be01e2a2b48598498dca24fb69c3a + a3021ef9ed72d7bdf799092a47d2d024fc13bfcd From a7e0c245e79c56b5e40296e3a2b0c290e0bd4ce3 Mon Sep 17 00:00:00 2001 From: Sean Reeser Date: Thu, 16 May 2024 17:32:39 -0700 Subject: [PATCH 04/38] Update branding to 8.0.107 --- eng/Versions.props | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/Versions.props b/eng/Versions.props index a73c884f0f0..80c07a388a0 100644 --- a/eng/Versions.props +++ b/eng/Versions.props @@ -4,7 +4,7 @@ true true - 8.0.106 + 8.0.107 true release From 14ea834f76d1cc934514efc6160b36f1e20e1e5c Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" <42748379+dotnet-maestro[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 06:49:23 +0000 Subject: [PATCH 05/38] Update dependencies from https://github.com/dotnet/arcade build 20240516.3 (#7997) Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24204.3 -> To Version 8.0.0-beta.24266.3 Co-authored-by: dotnet-maestro[bot] --- eng/Version.Details.xml | 4 +- .../job/source-index-stage1.yml | 49 +++++++++++++------ .../templates/job/source-index-stage1.yml | 44 ++++++++++++----- global.json | 2 +- .../ConfigModel/ParameterSymbol.cs | 2 +- .../Mocks/MockPackageManager.cs | 2 +- 6 files changed, 69 insertions(+), 34 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 8981fad7c8e..a59ef187f60 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -17,9 +17,9 @@ - + https://github.com/dotnet/arcade - 188340e12c0a372b1681ad6a5e72c608021efdba + e6f70c7dd528f05cd28cec2a179d58c22e91d9ac diff --git a/eng/common/templates-official/job/source-index-stage1.yml b/eng/common/templates-official/job/source-index-stage1.yml index f0513aee5b0..43ee0c202fc 100644 --- a/eng/common/templates-official/job/source-index-stage1.yml +++ b/eng/common/templates-official/job/source-index-stage1.yml @@ -1,6 +1,7 @@ parameters: runAsPublic: false - sourceIndexPackageVersion: 1.0.1-20230228.2 + sourceIndexUploadPackageVersion: 2.0.0-20240502.12 + sourceIndexProcessBinlogPackageVersion: 1.0.1-20240129.2 sourceIndexPackageSource: https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json sourceIndexBuildCommand: powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "eng/common/build.ps1 -restore -build -binarylog -ci" preSteps: [] @@ -14,15 +15,15 @@ jobs: dependsOn: ${{ parameters.dependsOn }} condition: ${{ parameters.condition }} variables: - - name: SourceIndexPackageVersion - value: ${{ parameters.sourceIndexPackageVersion }} + - name: SourceIndexUploadPackageVersion + value: ${{ parameters.sourceIndexUploadPackageVersion }} + - name: SourceIndexProcessBinlogPackageVersion + value: ${{ parameters.sourceIndexProcessBinlogPackageVersion }} - name: SourceIndexPackageSource value: ${{ parameters.sourceIndexPackageSource }} - name: BinlogPath value: ${{ parameters.binlogPath }} - - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - - group: source-dot-net stage1 variables - - template: /eng/common/templates-official/variables/pool-providers.yml + - template: /eng/common/templates/variables/pool-providers.yml ${{ if ne(parameters.pool, '') }}: pool: ${{ parameters.pool }} @@ -33,24 +34,23 @@ jobs: demands: ImageOverride -equals windows.vs2019.amd64.open ${{ if eq(variables['System.TeamProject'], 'internal') }}: name: $(DncEngInternalBuildPool) - image: windows.vs2022.amd64 - os: windows + demands: ImageOverride -equals windows.vs2019.amd64 steps: - ${{ each preStep in parameters.preSteps }}: - ${{ preStep }} - task: UseDotNet@2 - displayName: Use .NET Core SDK 6 + displayName: Use .NET 8 SDK inputs: packageType: sdk - version: 6.0.x + version: 8.0.x installationPath: $(Agent.TempDirectory)/dotnet workingDirectory: $(Agent.TempDirectory) - script: | - $(Agent.TempDirectory)/dotnet/dotnet tool install BinLogToSln --version $(SourceIndexPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools - $(Agent.TempDirectory)/dotnet/dotnet tool install UploadIndexStage1 --version $(SourceIndexPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools + $(Agent.TempDirectory)/dotnet/dotnet tool install BinLogToSln --version $(sourceIndexProcessBinlogPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools + $(Agent.TempDirectory)/dotnet/dotnet tool install UploadIndexStage1 --version $(sourceIndexUploadPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools displayName: Download Tools # Set working directory to temp directory so 'dotnet' doesn't try to use global.json and use the repo's sdk. workingDirectory: $(Agent.TempDirectory) @@ -62,7 +62,24 @@ jobs: displayName: Process Binlog into indexable sln - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - - script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) - displayName: Upload stage1 artifacts to source index - env: - BLOB_CONTAINER_URL: $(source-dot-net-stage1-blob-container-url) + - task: AzureCLI@2 + displayName: Get stage 1 auth token + inputs: + azureSubscription: 'SourceDotNet Stage1 Publish' + addSpnToEnvironment: true + scriptType: 'ps' + scriptLocation: 'inlineScript' + inlineScript: | + echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$env:servicePrincipalId" + echo "##vso[task.setvariable variable=ARM_ID_TOKEN]$env:idToken" + echo "##vso[task.setvariable variable=ARM_TENANT_ID]$env:tenantId" + + - script: | + echo "Client ID: $(ARM_CLIENT_ID)" + echo "ID Token: $(ARM_ID_TOKEN)" + echo "Tenant ID: $(ARM_TENANT_ID)" + az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN) + displayName: "Login to Azure" + + - script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) -s netsourceindexstage1 -b stage1 + displayName: Upload stage1 artifacts to source index \ No newline at end of file diff --git a/eng/common/templates/job/source-index-stage1.yml b/eng/common/templates/job/source-index-stage1.yml index b98202aa02d..43ee0c202fc 100644 --- a/eng/common/templates/job/source-index-stage1.yml +++ b/eng/common/templates/job/source-index-stage1.yml @@ -1,6 +1,7 @@ parameters: runAsPublic: false - sourceIndexPackageVersion: 1.0.1-20230228.2 + sourceIndexUploadPackageVersion: 2.0.0-20240502.12 + sourceIndexProcessBinlogPackageVersion: 1.0.1-20240129.2 sourceIndexPackageSource: https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json sourceIndexBuildCommand: powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "eng/common/build.ps1 -restore -build -binarylog -ci" preSteps: [] @@ -14,14 +15,14 @@ jobs: dependsOn: ${{ parameters.dependsOn }} condition: ${{ parameters.condition }} variables: - - name: SourceIndexPackageVersion - value: ${{ parameters.sourceIndexPackageVersion }} + - name: SourceIndexUploadPackageVersion + value: ${{ parameters.sourceIndexUploadPackageVersion }} + - name: SourceIndexProcessBinlogPackageVersion + value: ${{ parameters.sourceIndexProcessBinlogPackageVersion }} - name: SourceIndexPackageSource value: ${{ parameters.sourceIndexPackageSource }} - name: BinlogPath value: ${{ parameters.binlogPath }} - - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - - group: source-dot-net stage1 variables - template: /eng/common/templates/variables/pool-providers.yml ${{ if ne(parameters.pool, '') }}: @@ -40,16 +41,16 @@ jobs: - ${{ preStep }} - task: UseDotNet@2 - displayName: Use .NET Core SDK 6 + displayName: Use .NET 8 SDK inputs: packageType: sdk - version: 6.0.x + version: 8.0.x installationPath: $(Agent.TempDirectory)/dotnet workingDirectory: $(Agent.TempDirectory) - script: | - $(Agent.TempDirectory)/dotnet/dotnet tool install BinLogToSln --version $(SourceIndexPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools - $(Agent.TempDirectory)/dotnet/dotnet tool install UploadIndexStage1 --version $(SourceIndexPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools + $(Agent.TempDirectory)/dotnet/dotnet tool install BinLogToSln --version $(sourceIndexProcessBinlogPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools + $(Agent.TempDirectory)/dotnet/dotnet tool install UploadIndexStage1 --version $(sourceIndexUploadPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools displayName: Download Tools # Set working directory to temp directory so 'dotnet' doesn't try to use global.json and use the repo's sdk. workingDirectory: $(Agent.TempDirectory) @@ -61,7 +62,24 @@ jobs: displayName: Process Binlog into indexable sln - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - - script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) - displayName: Upload stage1 artifacts to source index - env: - BLOB_CONTAINER_URL: $(source-dot-net-stage1-blob-container-url) + - task: AzureCLI@2 + displayName: Get stage 1 auth token + inputs: + azureSubscription: 'SourceDotNet Stage1 Publish' + addSpnToEnvironment: true + scriptType: 'ps' + scriptLocation: 'inlineScript' + inlineScript: | + echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$env:servicePrincipalId" + echo "##vso[task.setvariable variable=ARM_ID_TOKEN]$env:idToken" + echo "##vso[task.setvariable variable=ARM_TENANT_ID]$env:tenantId" + + - script: | + echo "Client ID: $(ARM_CLIENT_ID)" + echo "ID Token: $(ARM_ID_TOKEN)" + echo "Tenant ID: $(ARM_TENANT_ID)" + az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN) + displayName: "Login to Azure" + + - script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) -s netsourceindexstage1 -b stage1 + displayName: Upload stage1 artifacts to source index \ No newline at end of file diff --git a/global.json b/global.json index 67b7f26bc1e..63925fe9178 100644 --- a/global.json +++ b/global.json @@ -3,6 +3,6 @@ "dotnet": "8.0.101" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24204.3" + "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24266.3" } } diff --git a/src/Microsoft.TemplateEngine.Orchestrator.RunnableProjects/ConfigModel/ParameterSymbol.cs b/src/Microsoft.TemplateEngine.Orchestrator.RunnableProjects/ConfigModel/ParameterSymbol.cs index ea5b4464d98..3fc52ac2906 100644 --- a/src/Microsoft.TemplateEngine.Orchestrator.RunnableProjects/ConfigModel/ParameterSymbol.cs +++ b/src/Microsoft.TemplateEngine.Orchestrator.RunnableProjects/ConfigModel/ParameterSymbol.cs @@ -62,7 +62,7 @@ internal ParameterSymbol(string name, JObject jObject, string? defaultOverride) DefaultIfOptionWithoutValue = "true"; } - if (DefaultValue == null && IsRequired != true) + if (DefaultValue == null && !IsRequired) { DefaultValue = ParameterConverter.GetDefault(DataType); } diff --git a/test/Microsoft.TemplateEngine.Edge.UnitTests/Mocks/MockPackageManager.cs b/test/Microsoft.TemplateEngine.Edge.UnitTests/Mocks/MockPackageManager.cs index 1141d92b7c4..9f83fe4d110 100644 --- a/test/Microsoft.TemplateEngine.Edge.UnitTests/Mocks/MockPackageManager.cs +++ b/test/Microsoft.TemplateEngine.Edge.UnitTests/Mocks/MockPackageManager.cs @@ -65,7 +65,7 @@ public Task DownloadPackageAsync(string downloadPath, string i Array.Empty())); } - public Task<(string LatestVersion, bool IsLatestVersion, IReadOnlyList Vulnerabilities)> GetLatestVersionAsync(string identifier, string? version = null, string? additionalNuGetSource = null, CancellationToken cancellationToken = default) + public Task<(string LatestVersion, bool IsLatestVersion, IReadOnlyList Vulnerabilities)> GetLatestVersionAsync(string identifier, string? version = null) { // names of exceptions throw them for test purposes return identifier switch From 224824ff7d90e091d7ed93bf056ff70c9d0d6ab9 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" <42748379+dotnet-maestro[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 21:38:55 +0000 Subject: [PATCH 06/38] [release/8.0.1xx] Update dependencies from dotnet/source-build-externals (#8000) [release/8.0.1xx] Update dependencies from dotnet/source-build-externals - Remove redundant equality - Remove unused parameter 'cancellationToken' - Remove unused parameter 'additionalNuGetSource' --- eng/Version.Details.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index a59ef187f60..f9d02d20cd5 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -1,9 +1,9 @@ - + https://github.com/dotnet/source-build-externals - a3021ef9ed72d7bdf799092a47d2d024fc13bfcd + 4f2151df120194f0268944f1b723c14820738fc8 From 722aa9f96dbc51c92fca787ed315d8a461e0aed5 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Mon, 24 Jun 2024 14:36:03 +0000 Subject: [PATCH 07/38] Update dependencies from https://github.com/dotnet/command-line-api build 20240624.2 System.CommandLine From Version 2.0.0-beta4.24209.3 -> To Version 2.0.0-beta4.24324.2 --- eng/Version.Details.xml | 4 ++-- eng/Versions.props | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index f9d02d20cd5..193ac47a80f 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -11,9 +11,9 @@ 6ed73280a6d70f7e7ac39c86f2abe8c10983f0bb - + https://github.com/dotnet/command-line-api - 963d34b1fb712c673bfb198133d7e988182c9ef4 + 6f7a84da2ac39bf0b6fe3eacec302303184bb75a diff --git a/eng/Versions.props b/eng/Versions.props index 80c07a388a0..25af8fecf54 100644 --- a/eng/Versions.props +++ b/eng/Versions.props @@ -20,6 +20,6 @@ - 2.0.0-beta4.24209.3 + 2.0.0-beta4.24324.2 From 58b87a9dccea63b6895c07ffd35aebac12594f6e Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Mon, 24 Jun 2024 15:33:25 +0000 Subject: [PATCH 08/38] Update dependencies from https://github.com/dotnet/command-line-api build 20240624.3 System.CommandLine From Version 2.0.0-beta4.24209.3 -> To Version 2.0.0-beta4.24324.3 --- eng/Version.Details.xml | 4 ++-- eng/Versions.props | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 193ac47a80f..8777a8606b7 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -11,9 +11,9 @@ 6ed73280a6d70f7e7ac39c86f2abe8c10983f0bb - + https://github.com/dotnet/command-line-api - 6f7a84da2ac39bf0b6fe3eacec302303184bb75a + 803d8598f98fb4efd94604b32627ee9407f246db diff --git a/eng/Versions.props b/eng/Versions.props index 25af8fecf54..6fe5eda8289 100644 --- a/eng/Versions.props +++ b/eng/Versions.props @@ -20,6 +20,6 @@ - 2.0.0-beta4.24324.2 + 2.0.0-beta4.24324.3 From 3dc7cbc153046922e4d9387375076426caae64e3 Mon Sep 17 00:00:00 2001 From: vseanreesermsft <78103370+vseanreesermsft@users.noreply.github.com> Date: Tue, 2 Jul 2024 12:40:14 -0700 Subject: [PATCH 09/38] Update branding to 8.0.108 (#8176) --- eng/Versions.props | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/Versions.props b/eng/Versions.props index 80c07a388a0..3b516293320 100644 --- a/eng/Versions.props +++ b/eng/Versions.props @@ -4,7 +4,7 @@ true true - 8.0.107 + 8.0.108 true release From 1e9fcff25e09469c1418595a104dd687a962b5d2 Mon Sep 17 00:00:00 2001 From: Matt Mitchell Date: Tue, 2 Jul 2024 12:40:26 -0700 Subject: [PATCH 10/38] [release/8.0.1xx] Remove internal runtime args (#8171) * Update arcade * Remove internal runtime args --- azure-pipelines-pr.yml | 38 +--------------- azure-pipelines.yml | 41 ++---------------- eng/Version.Details.xml | 4 +- eng/common/post-build/publish-using-darc.ps1 | 15 +++---- .../job/publish-build-assets.yml | 12 +++--- .../templates-official/job/source-build.yml | 8 ++++ .../job/source-index-stage1.yml | 16 +++---- .../templates-official/jobs/source-build.yml | 8 ++++ .../post-build/post-build.yml | 8 ++-- .../steps/enable-internal-runtimes.yml | 28 ++++++++++++ .../steps/get-delegation-sas.yml | 43 +++++++++++++++++++ .../steps/get-federated-access-token.yml | 28 ++++++++++++ .../templates/job/publish-build-assets.yml | 12 +++--- eng/common/templates/job/source-build.yml | 8 ++++ .../templates/job/source-index-stage1.yml | 11 ++--- eng/common/templates/jobs/source-build.yml | 8 ++++ .../templates/post-build/post-build.yml | 8 ++-- .../post-build/setup-maestro-vars.yml | 28 ++++++------ .../steps/enable-internal-runtimes.yml | 28 ++++++++++++ .../templates/steps/get-delegation-sas.yml | 43 +++++++++++++++++++ .../steps/get-federated-access-token.yml | 28 ++++++++++++ global.json | 2 +- 22 files changed, 293 insertions(+), 132 deletions(-) create mode 100644 eng/common/templates-official/steps/enable-internal-runtimes.yml create mode 100644 eng/common/templates-official/steps/get-delegation-sas.yml create mode 100644 eng/common/templates-official/steps/get-federated-access-token.yml create mode 100644 eng/common/templates/steps/enable-internal-runtimes.yml create mode 100644 eng/common/templates/steps/get-delegation-sas.yml create mode 100644 eng/common/templates/steps/get-federated-access-token.yml diff --git a/azure-pipelines-pr.yml b/azure-pipelines-pr.yml index 4f50f3fc0dc..68d8e83c67b 100644 --- a/azure-pipelines-pr.yml +++ b/azure-pipelines-pr.yml @@ -29,15 +29,6 @@ variables: value: false - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - group: Templating-SDLValidation-Params - - - ${{ if ne(variables['System.TeamProject'], 'public') }}: - - group: DotNetBuilds storage account read tokens - - name: _InternalRuntimeDownloadArgs - value: /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal - /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) - - ${{ if eq(variables['System.TeamProject'], 'public') }}: - - name: _InternalRuntimeDownloadArgs - value: '' - template: /eng/common/templates/variables/pool-providers.yml stages: @@ -108,21 +99,12 @@ stages: steps: - checkout: self clean: true - - ${{ if ne(variables['System.TeamProject'], 'public') }}: - - task: PowerShell@2 - displayName: Setup Private Feeds Credentials - inputs: - filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.ps1 - arguments: -ConfigFile $(Build.SourcesDirectory)/NuGet.config -Password $Env:Token - env: - Token: $(dn-bot-dnceng-artifact-feeds-rw) # Use utility script to run script command dependent on agent OS. - script: eng/common/cibuild.cmd -configuration $(_BuildConfig) -prepareMachine -integrationTest $(_InternalBuildArgs) - $(_InternalRuntimeDownloadArgs) displayName: Windows Build / Publish - ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}: @@ -138,19 +120,10 @@ stages: _BuildConfig: Release _SignType: none steps: - - ${{ if ne(variables['System.TeamProject'], 'public') }}: - - task: Bash@3 - displayName: Setup Private Feeds Credentials - inputs: - filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh - arguments: $(Build.SourcesDirectory)/NuGet.config $Token - env: - Token: $(dn-bot-dnceng-artifact-feeds-rw) - script: eng/common/cibuild.sh --configuration $(_BuildConfig) --prepareMachine --integrationTest - $(_InternalRuntimeDownloadArgs) name: Build displayName: Build @@ -158,7 +131,7 @@ stages: - job: Linux pool: ${{ if eq(variables['System.TeamProject'], 'public') }}: - vmImage: ubuntu-latest + vmImage: ubuntu-latest ${{ if eq(variables['System.TeamProject'], 'internal') }}: name: $(DncEngInternalBuildPool) demands: ImageOverride -equals Build.Ubuntu.2204.Amd64 @@ -171,19 +144,10 @@ stages: _BuildConfig: Release _SignType: none steps: - - ${{ if ne(variables['System.TeamProject'], 'public') }}: - - task: Bash@3 - displayName: Setup Private Feeds Credentials - inputs: - filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh - arguments: $(Build.SourcesDirectory)/NuGet.config $Token - env: - Token: $(dn-bot-dnceng-artifact-feeds-rw) - script: eng/common/cibuild.sh --configuration $(_BuildConfig) --prepareMachine --integrationTest - $(_InternalRuntimeDownloadArgs) name: Build displayName: Build condition: succeeded() diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 1353e298b81..9f932707765 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -29,14 +29,6 @@ variables: value: false - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - group: Templating-SDLValidation-Params - - ${{ if ne(variables['System.TeamProject'], 'public') }}: - - group: DotNetBuilds storage account read tokens - - name: _InternalRuntimeDownloadArgs - value: /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal - /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) - - ${{ if eq(variables['System.TeamProject'], 'public') }}: - - name: _InternalRuntimeDownloadArgs - value: '' - template: /eng/common/templates-official/variables/pool-providers.yml resources: @@ -104,7 +96,7 @@ extends: - _SignType: test - ${{ if notin(variables['Build.Reason'], 'PullRequest') }}: - _SignType: real - - _InternalBuildArgs: '' + - _InternalBuildArgs: '' # Only enable publishing in non-public, non PR scenarios. - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: # DotNet-Symbol-Server-Pats provides: microsoft-symbol-server-pat, symweb-symbol-server-pat @@ -116,21 +108,12 @@ extends: steps: - checkout: self clean: true - - ${{ if ne(variables['System.TeamProject'], 'public') }}: - - task: PowerShell@2 - displayName: Setup Private Feeds Credentials - inputs: - filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.ps1 - arguments: -ConfigFile $(Build.SourcesDirectory)/NuGet.config -Password $Env:Token - env: - Token: $(dn-bot-dnceng-artifact-feeds-rw) # Use utility script to run script command dependent on agent OS. - script: eng/common/cibuild.cmd -configuration $(_BuildConfig) -prepareMachine -integrationTest $(_InternalBuildArgs) - $(_InternalRuntimeDownloadArgs) displayName: Windows Build / Publish - ${{ if in(variables['Build.Reason'], 'PullRequest') }}: @@ -143,22 +126,13 @@ extends: - _BuildConfig: ${{ config.buildConfig }} - _SignType: none steps: - - ${{ if ne(variables['System.TeamProject'], 'public') }}: - - task: Bash@3 - displayName: Setup Private Feeds Credentials - inputs: - filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh - arguments: $(Build.SourcesDirectory)/NuGet.config $Token - env: - Token: $(dn-bot-dnceng-artifact-feeds-rw) - script: eng/common/cibuild.sh --configuration $(_BuildConfig) --prepareMachine --integrationTest - $(_InternalRuntimeDownloadArgs) name: Build displayName: Build - + - ${{ if in(variables['Build.Reason'], 'PullRequest') }}: - ${{ each config in parameters.buildConfigurations }}: - job: Linux_${{ config.buildConfig }} @@ -176,23 +150,14 @@ extends: - _BuildConfig: ${{ config.buildConfig }} - _SignType: none steps: - - ${{ if ne(variables['System.TeamProject'], 'public') }}: - - task: Bash@3 - displayName: Setup Private Feeds Credentials - inputs: - filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh - arguments: $(Build.SourcesDirectory)/NuGet.config $Token - env: - Token: $(dn-bot-dnceng-artifact-feeds-rw) - script: eng/common/cibuild.sh --configuration $(_BuildConfig) --prepareMachine --integrationTest - $(_InternalRuntimeDownloadArgs) name: Build displayName: Build condition: succeeded() - + - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - template: eng/common/templates-official/post-build/post-build.yml@self parameters: diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index f9d02d20cd5..b6dec4a3ddd 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -17,9 +17,9 @@ - + https://github.com/dotnet/arcade - e6f70c7dd528f05cd28cec2a179d58c22e91d9ac + 8b879da4e449c48d99f3f642fc429379a64e8fe8 diff --git a/eng/common/post-build/publish-using-darc.ps1 b/eng/common/post-build/publish-using-darc.ps1 index 5a3a32ea8d7..238945cb5ab 100644 --- a/eng/common/post-build/publish-using-darc.ps1 +++ b/eng/common/post-build/publish-using-darc.ps1 @@ -2,7 +2,6 @@ param( [Parameter(Mandatory=$true)][int] $BuildId, [Parameter(Mandatory=$true)][int] $PublishingInfraVersion, [Parameter(Mandatory=$true)][string] $AzdoToken, - [Parameter(Mandatory=$true)][string] $MaestroToken, [Parameter(Mandatory=$false)][string] $MaestroApiEndPoint = 'https://maestro.dot.net', [Parameter(Mandatory=$true)][string] $WaitPublishingFinish, [Parameter(Mandatory=$false)][string] $ArtifactsPublishingAdditionalParameters, @@ -31,13 +30,13 @@ try { } & $darc add-build-to-channel ` - --id $buildId ` - --publishing-infra-version $PublishingInfraVersion ` - --default-channels ` - --source-branch main ` - --azdev-pat $AzdoToken ` - --bar-uri $MaestroApiEndPoint ` - --password $MaestroToken ` + --id $buildId ` + --publishing-infra-version $PublishingInfraVersion ` + --default-channels ` + --source-branch main ` + --azdev-pat "$AzdoToken" ` + --bar-uri "$MaestroApiEndPoint" ` + --ci ` @optionalParams if ($LastExitCode -ne 0) { diff --git a/eng/common/templates-official/job/publish-build-assets.yml b/eng/common/templates-official/job/publish-build-assets.yml index 589ac80a18b..d01739c1285 100644 --- a/eng/common/templates-official/job/publish-build-assets.yml +++ b/eng/common/templates-official/job/publish-build-assets.yml @@ -76,13 +76,16 @@ jobs: - task: NuGetAuthenticate@1 - - task: PowerShell@2 + - task: AzureCLI@2 displayName: Publish Build Assets inputs: - filePath: eng\common\sdk-task.ps1 - arguments: -task PublishBuildAssets -restore -msbuildEngine dotnet + azureSubscription: "Darc: Maestro Production" + scriptType: ps + scriptLocation: scriptPath + scriptPath: $(Build.SourcesDirectory)/eng/common/sdk-task.ps1 + arguments: > + -task PublishBuildAssets -restore -msbuildEngine dotnet /p:ManifestsPath='$(Build.StagingDirectory)/Download/AssetManifests' - /p:BuildAssetRegistryToken=$(MaestroAccessToken) /p:MaestroApiEndpoint=https://maestro-prod.westus2.cloudapp.azure.com /p:PublishUsingPipelines=${{ parameters.publishUsingPipelines }} /p:OfficialBuildId=$(Build.BuildNumber) @@ -144,7 +147,6 @@ jobs: arguments: -BuildId $(BARBuildId) -PublishingInfraVersion 3 -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' - -MaestroToken '$(MaestroApiAccessToken)' -WaitPublishingFinish true -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}' -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}' diff --git a/eng/common/templates-official/job/source-build.yml b/eng/common/templates-official/job/source-build.yml index f193dfbe236..f983033bb02 100644 --- a/eng/common/templates-official/job/source-build.yml +++ b/eng/common/templates-official/job/source-build.yml @@ -31,6 +31,12 @@ parameters: # container and pool. platform: {} + # If set to true and running on a non-public project, + # Internal blob storage locations will be enabled. + # This is not enabled by default because many repositories do not need internal sources + # and do not need to have the required service connections approved in the pipeline. + enableInternalSources: false + jobs: - job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }} displayName: Source-Build (${{ parameters.platform.name }}) @@ -62,6 +68,8 @@ jobs: clean: all steps: + - ${{ if eq(parameters.enableInternalSources, true) }}: + - template: /eng/common/templates-official/steps/enable-internal-runtimes.yml - template: /eng/common/templates-official/steps/source-build.yml parameters: platform: ${{ parameters.platform }} diff --git a/eng/common/templates-official/job/source-index-stage1.yml b/eng/common/templates-official/job/source-index-stage1.yml index 43ee0c202fc..60dfb6b2d1c 100644 --- a/eng/common/templates-official/job/source-index-stage1.yml +++ b/eng/common/templates-official/job/source-index-stage1.yml @@ -23,7 +23,7 @@ jobs: value: ${{ parameters.sourceIndexPackageSource }} - name: BinlogPath value: ${{ parameters.binlogPath }} - - template: /eng/common/templates/variables/pool-providers.yml + - template: /eng/common/templates-official/variables/pool-providers.yml ${{ if ne(parameters.pool, '') }}: pool: ${{ parameters.pool }} @@ -34,7 +34,8 @@ jobs: demands: ImageOverride -equals windows.vs2019.amd64.open ${{ if eq(variables['System.TeamProject'], 'internal') }}: name: $(DncEngInternalBuildPool) - demands: ImageOverride -equals windows.vs2019.amd64 + image: windows.vs2022.amd64 + os: windows steps: - ${{ each preStep in parameters.preSteps }}: @@ -70,16 +71,13 @@ jobs: scriptType: 'ps' scriptLocation: 'inlineScript' inlineScript: | - echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$env:servicePrincipalId" - echo "##vso[task.setvariable variable=ARM_ID_TOKEN]$env:idToken" - echo "##vso[task.setvariable variable=ARM_TENANT_ID]$env:tenantId" + echo "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$env:servicePrincipalId" + echo "##vso[task.setvariable variable=ARM_ID_TOKEN;issecret=true]$env:idToken" + echo "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$env:tenantId" - script: | - echo "Client ID: $(ARM_CLIENT_ID)" - echo "ID Token: $(ARM_ID_TOKEN)" - echo "Tenant ID: $(ARM_TENANT_ID)" az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN) displayName: "Login to Azure" - script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) -s netsourceindexstage1 -b stage1 - displayName: Upload stage1 artifacts to source index \ No newline at end of file + displayName: Upload stage1 artifacts to source index diff --git a/eng/common/templates-official/jobs/source-build.yml b/eng/common/templates-official/jobs/source-build.yml index 08e5db9bb11..5cf6a269c0b 100644 --- a/eng/common/templates-official/jobs/source-build.yml +++ b/eng/common/templates-official/jobs/source-build.yml @@ -21,6 +21,12 @@ parameters: # one job runs on 'defaultManagedPlatform'. platforms: [] + # If set to true and running on a non-public project, + # Internal nuget and blob storage locations will be enabled. + # This is not enabled by default because many repositories do not need internal sources + # and do not need to have the required service connections approved in the pipeline. + enableInternalSources: false + jobs: - ${{ if ne(parameters.allCompletedJobId, '') }}: @@ -38,9 +44,11 @@ jobs: parameters: jobNamePrefix: ${{ parameters.jobNamePrefix }} platform: ${{ platform }} + enableInternalSources: ${{ parameters.enableInternalSources }} - ${{ if eq(length(parameters.platforms), 0) }}: - template: /eng/common/templates-official/job/source-build.yml parameters: jobNamePrefix: ${{ parameters.jobNamePrefix }} platform: ${{ parameters.defaultManagedPlatform }} + enableInternalSources: ${{ parameters.enableInternalSources }} diff --git a/eng/common/templates-official/post-build/post-build.yml b/eng/common/templates-official/post-build/post-build.yml index da1f40958b4..0dfa387e7b7 100644 --- a/eng/common/templates-official/post-build/post-build.yml +++ b/eng/common/templates-official/post-build/post-build.yml @@ -272,14 +272,16 @@ stages: - task: NuGetAuthenticate@1 - - task: PowerShell@2 + - task: AzureCLI@2 displayName: Publish Using Darc inputs: - filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 + azureSubscription: "Darc: Maestro Production" + scriptType: ps + scriptLocation: scriptPath + scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 arguments: -BuildId $(BARBuildId) -PublishingInfraVersion ${{ parameters.publishingInfraVersion }} -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' - -MaestroToken '$(MaestroApiAccessToken)' -WaitPublishingFinish true -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}' -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}' diff --git a/eng/common/templates-official/steps/enable-internal-runtimes.yml b/eng/common/templates-official/steps/enable-internal-runtimes.yml new file mode 100644 index 00000000000..93a8394a666 --- /dev/null +++ b/eng/common/templates-official/steps/enable-internal-runtimes.yml @@ -0,0 +1,28 @@ +# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64' +# variable with the base64-encoded SAS token, by default + +parameters: +- name: federatedServiceConnection + type: string + default: 'dotnetbuilds-internal-read' +- name: outputVariableName + type: string + default: 'dotnetbuilds-internal-container-read-token-base64' +- name: expiryInHours + type: number + default: 1 +- name: base64Encode + type: boolean + default: true + +steps: +- ${{ if ne(variables['System.TeamProject'], 'public') }}: + - template: /eng/common/templates-official/steps/get-delegation-sas.yml + parameters: + federatedServiceConnection: ${{ parameters.federatedServiceConnection }} + outputVariableName: ${{ parameters.outputVariableName }} + expiryInHours: ${{ parameters.expiryInHours }} + base64Encode: ${{ parameters.base64Encode }} + storageAccount: dotnetbuilds + container: internal + permissions: rl diff --git a/eng/common/templates-official/steps/get-delegation-sas.yml b/eng/common/templates-official/steps/get-delegation-sas.yml new file mode 100644 index 00000000000..c0e8f91317f --- /dev/null +++ b/eng/common/templates-official/steps/get-delegation-sas.yml @@ -0,0 +1,43 @@ +parameters: +- name: federatedServiceConnection + type: string +- name: outputVariableName + type: string +- name: expiryInHours + type: number + default: 1 +- name: base64Encode + type: boolean + default: false +- name: storageAccount + type: string +- name: container + type: string +- name: permissions + type: string + default: 'rl' + +steps: +- task: AzureCLI@2 + displayName: 'Generate delegation SAS Token for ${{ parameters.storageAccount }}/${{ parameters.container }}' + inputs: + azureSubscription: ${{ parameters.federatedServiceConnection }} + scriptType: 'pscore' + scriptLocation: 'inlineScript' + inlineScript: | + # Calculate the expiration of the SAS token and convert to UTC + $expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ") + + $sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv + + if ($LASTEXITCODE -ne 0) { + Write-Error "Failed to generate SAS token." + exit 1 + } + + if ('${{ parameters.base64Encode }}' -eq 'true') { + $sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas)) + } + + Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value" + Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$sas" diff --git a/eng/common/templates-official/steps/get-federated-access-token.yml b/eng/common/templates-official/steps/get-federated-access-token.yml new file mode 100644 index 00000000000..e3786cef6df --- /dev/null +++ b/eng/common/templates-official/steps/get-federated-access-token.yml @@ -0,0 +1,28 @@ +parameters: +- name: federatedServiceConnection + type: string +- name: outputVariableName + type: string +# Resource to get a token for. Common values include: +# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps +# - 'https://storage.azure.com/' for storage +# Defaults to Azure DevOps +- name: resource + type: string + default: '499b84ac-1321-427f-aa17-267ca6975798' + +steps: +- task: AzureCLI@2 + displayName: 'Getting federated access token for feeds' + inputs: + azureSubscription: ${{ parameters.federatedServiceConnection }} + scriptType: 'pscore' + scriptLocation: 'inlineScript' + inlineScript: | + $accessToken = az account get-access-token --query accessToken --resource ${{ parameters.resource }} --output tsv + if ($LASTEXITCODE -ne 0) { + Write-Error "Failed to get access token for resource '${{ parameters.resource }}'" + exit 1 + } + Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value" + Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken" diff --git a/eng/common/templates/job/publish-build-assets.yml b/eng/common/templates/job/publish-build-assets.yml index 8ec0151def2..9fd69fa7c9b 100644 --- a/eng/common/templates/job/publish-build-assets.yml +++ b/eng/common/templates/job/publish-build-assets.yml @@ -74,13 +74,16 @@ jobs: - task: NuGetAuthenticate@1 - - task: PowerShell@2 + - task: AzureCLI@2 displayName: Publish Build Assets inputs: - filePath: eng\common\sdk-task.ps1 - arguments: -task PublishBuildAssets -restore -msbuildEngine dotnet + azureSubscription: "Darc: Maestro Production" + scriptType: ps + scriptLocation: scriptPath + scriptPath: $(Build.SourcesDirectory)/eng/common/sdk-task.ps1 + arguments: > + -task PublishBuildAssets -restore -msbuildEngine dotnet /p:ManifestsPath='$(Build.StagingDirectory)/Download/AssetManifests' - /p:BuildAssetRegistryToken=$(MaestroAccessToken) /p:MaestroApiEndpoint=https://maestro.dot.net /p:PublishUsingPipelines=${{ parameters.publishUsingPipelines }} /p:OfficialBuildId=$(Build.BuildNumber) @@ -140,7 +143,6 @@ jobs: arguments: -BuildId $(BARBuildId) -PublishingInfraVersion 3 -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' - -MaestroToken '$(MaestroApiAccessToken)' -WaitPublishingFinish true -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}' -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}' diff --git a/eng/common/templates/job/source-build.yml b/eng/common/templates/job/source-build.yml index 8a3deef2b72..c0ff472b697 100644 --- a/eng/common/templates/job/source-build.yml +++ b/eng/common/templates/job/source-build.yml @@ -31,6 +31,12 @@ parameters: # container and pool. platform: {} + # If set to true and running on a non-public project, + # Internal blob storage locations will be enabled. + # This is not enabled by default because many repositories do not need internal sources + # and do not need to have the required service connections approved in the pipeline. + enableInternalSources: false + jobs: - job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }} displayName: Source-Build (${{ parameters.platform.name }}) @@ -61,6 +67,8 @@ jobs: clean: all steps: + - ${{ if eq(parameters.enableInternalSources, true) }}: + - template: /eng/common/templates/steps/enable-internal-runtimes.yml - template: /eng/common/templates/steps/source-build.yml parameters: platform: ${{ parameters.platform }} diff --git a/eng/common/templates/job/source-index-stage1.yml b/eng/common/templates/job/source-index-stage1.yml index 43ee0c202fc..0b6bb89dc78 100644 --- a/eng/common/templates/job/source-index-stage1.yml +++ b/eng/common/templates/job/source-index-stage1.yml @@ -70,16 +70,13 @@ jobs: scriptType: 'ps' scriptLocation: 'inlineScript' inlineScript: | - echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$env:servicePrincipalId" - echo "##vso[task.setvariable variable=ARM_ID_TOKEN]$env:idToken" - echo "##vso[task.setvariable variable=ARM_TENANT_ID]$env:tenantId" + echo "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$env:servicePrincipalId" + echo "##vso[task.setvariable variable=ARM_ID_TOKEN;issecret=true]$env:idToken" + echo "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$env:tenantId" - script: | - echo "Client ID: $(ARM_CLIENT_ID)" - echo "ID Token: $(ARM_ID_TOKEN)" - echo "Tenant ID: $(ARM_TENANT_ID)" az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN) displayName: "Login to Azure" - script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) -s netsourceindexstage1 -b stage1 - displayName: Upload stage1 artifacts to source index \ No newline at end of file + displayName: Upload stage1 artifacts to source index diff --git a/eng/common/templates/jobs/source-build.yml b/eng/common/templates/jobs/source-build.yml index a15b07eb51d..5f46bfa895c 100644 --- a/eng/common/templates/jobs/source-build.yml +++ b/eng/common/templates/jobs/source-build.yml @@ -21,6 +21,12 @@ parameters: # one job runs on 'defaultManagedPlatform'. platforms: [] + # If set to true and running on a non-public project, + # Internal nuget and blob storage locations will be enabled. + # This is not enabled by default because many repositories do not need internal sources + # and do not need to have the required service connections approved in the pipeline. + enableInternalSources: false + jobs: - ${{ if ne(parameters.allCompletedJobId, '') }}: @@ -38,9 +44,11 @@ jobs: parameters: jobNamePrefix: ${{ parameters.jobNamePrefix }} platform: ${{ platform }} + enableInternalSources: ${{ parameters.enableInternalSources }} - ${{ if eq(length(parameters.platforms), 0) }}: - template: /eng/common/templates/job/source-build.yml parameters: jobNamePrefix: ${{ parameters.jobNamePrefix }} platform: ${{ parameters.defaultManagedPlatform }} + enableInternalSources: ${{ parameters.enableInternalSources }} diff --git a/eng/common/templates/post-build/post-build.yml b/eng/common/templates/post-build/post-build.yml index aba44a25a33..2db4933468f 100644 --- a/eng/common/templates/post-build/post-build.yml +++ b/eng/common/templates/post-build/post-build.yml @@ -268,14 +268,16 @@ stages: - task: NuGetAuthenticate@1 - - task: PowerShell@2 + - task: AzureCLI@2 displayName: Publish Using Darc inputs: - filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 + azureSubscription: "Darc: Maestro Production" + scriptType: ps + scriptLocation: scriptPath + scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 arguments: -BuildId $(BARBuildId) -PublishingInfraVersion ${{ parameters.publishingInfraVersion }} -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' - -MaestroToken '$(MaestroApiAccessToken)' -WaitPublishingFinish true -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}' -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}' diff --git a/eng/common/templates/post-build/setup-maestro-vars.yml b/eng/common/templates/post-build/setup-maestro-vars.yml index 0c87f149a4a..64b9abc6850 100644 --- a/eng/common/templates/post-build/setup-maestro-vars.yml +++ b/eng/common/templates/post-build/setup-maestro-vars.yml @@ -11,13 +11,14 @@ steps: artifactName: ReleaseConfigs checkDownloadedFiles: true - - task: PowerShell@2 + - task: AzureCLI@2 name: setReleaseVars displayName: Set Release Configs Vars inputs: - targetType: inline - pwsh: true - script: | + azureSubscription: "Darc: Maestro Production" + scriptType: pscore + scriptLocation: inlineScript + inlineScript: | try { if (!$Env:PromoteToMaestroChannels -or $Env:PromoteToMaestroChannels.Trim() -eq '') { $Content = Get-Content $(Build.StagingDirectory)/ReleaseConfigs/ReleaseConfigs.txt @@ -31,15 +32,16 @@ steps: $AzureDevOpsBuildId = $Env:Build_BuildId } else { - $buildApiEndpoint = "${Env:MaestroApiEndPoint}/api/builds/${Env:BARBuildId}?api-version=${Env:MaestroApiVersion}" + . $(Build.SourcesDirectory)\eng\common\tools.ps1 + $darc = Get-Darc + $buildInfo = & $darc get-build ` + --id ${{ parameters.BARBuildId }} ` + --extended ` + --output-format json ` + --ci ` + | convertFrom-Json - $apiHeaders = New-Object 'System.Collections.Generic.Dictionary[[String],[String]]' - $apiHeaders.Add('Accept', 'application/json') - $apiHeaders.Add('Authorization',"Bearer ${Env:MAESTRO_API_TOKEN}") - - $buildInfo = try { Invoke-WebRequest -Method Get -Uri $buildApiEndpoint -Headers $apiHeaders | ConvertFrom-Json } catch { Write-Host "Error: $_" } - - $BarId = $Env:BARBuildId + $BarId = ${{ parameters.BARBuildId }} $Channels = $Env:PromoteToMaestroChannels -split "," $Channels = $Channels -join "][" $Channels = "[$Channels]" @@ -65,6 +67,4 @@ steps: exit 1 } env: - MAESTRO_API_TOKEN: $(MaestroApiAccessToken) - BARBuildId: ${{ parameters.BARBuildId }} PromoteToMaestroChannels: ${{ parameters.PromoteToChannelIds }} diff --git a/eng/common/templates/steps/enable-internal-runtimes.yml b/eng/common/templates/steps/enable-internal-runtimes.yml new file mode 100644 index 00000000000..54dc9416c51 --- /dev/null +++ b/eng/common/templates/steps/enable-internal-runtimes.yml @@ -0,0 +1,28 @@ +# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64' +# variable with the base64-encoded SAS token, by default + +parameters: +- name: federatedServiceConnection + type: string + default: 'dotnetbuilds-internal-read' +- name: outputVariableName + type: string + default: 'dotnetbuilds-internal-container-read-token-base64' +- name: expiryInHours + type: number + default: 1 +- name: base64Encode + type: boolean + default: true + +steps: +- ${{ if ne(variables['System.TeamProject'], 'public') }}: + - template: /eng/common/templates/steps/get-delegation-sas.yml + parameters: + federatedServiceConnection: ${{ parameters.federatedServiceConnection }} + outputVariableName: ${{ parameters.outputVariableName }} + expiryInHours: ${{ parameters.expiryInHours }} + base64Encode: ${{ parameters.base64Encode }} + storageAccount: dotnetbuilds + container: internal + permissions: rl diff --git a/eng/common/templates/steps/get-delegation-sas.yml b/eng/common/templates/steps/get-delegation-sas.yml new file mode 100644 index 00000000000..c0e8f91317f --- /dev/null +++ b/eng/common/templates/steps/get-delegation-sas.yml @@ -0,0 +1,43 @@ +parameters: +- name: federatedServiceConnection + type: string +- name: outputVariableName + type: string +- name: expiryInHours + type: number + default: 1 +- name: base64Encode + type: boolean + default: false +- name: storageAccount + type: string +- name: container + type: string +- name: permissions + type: string + default: 'rl' + +steps: +- task: AzureCLI@2 + displayName: 'Generate delegation SAS Token for ${{ parameters.storageAccount }}/${{ parameters.container }}' + inputs: + azureSubscription: ${{ parameters.federatedServiceConnection }} + scriptType: 'pscore' + scriptLocation: 'inlineScript' + inlineScript: | + # Calculate the expiration of the SAS token and convert to UTC + $expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ") + + $sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv + + if ($LASTEXITCODE -ne 0) { + Write-Error "Failed to generate SAS token." + exit 1 + } + + if ('${{ parameters.base64Encode }}' -eq 'true') { + $sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas)) + } + + Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value" + Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$sas" diff --git a/eng/common/templates/steps/get-federated-access-token.yml b/eng/common/templates/steps/get-federated-access-token.yml new file mode 100644 index 00000000000..c8c49cc0e8f --- /dev/null +++ b/eng/common/templates/steps/get-federated-access-token.yml @@ -0,0 +1,28 @@ +parameters: +- name: federatedServiceConnection + type: string +- name: outputVariableName + type: string +# Resource to get a token for. Common values include: +# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps +# - 'https://storage.azure.com/' for storage +# Defaults to Azure DevOps +- name: resource + type: string + default: '499b84ac-1321-427f-aa17-267ca6975798' + +steps: +- task: AzureCLI@2 + displayName: 'Getting federated access token for feeds' + inputs: + azureSubscription: ${{ parameters.federatedServiceConnection }} + scriptType: 'pscore' + scriptLocation: 'inlineScript' + inlineScript: | + $accessToken = az account get-access-token --query accessToken --resource ${{ parameters.resource }} --output tsv + if ($LASTEXITCODE -ne 0) { + Write-Error "Failed to get access token for resource '${{ parameters.resource }}'" + exit 1 + } + Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value" + Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken" \ No newline at end of file diff --git a/global.json b/global.json index 63925fe9178..6d85580a385 100644 --- a/global.json +++ b/global.json @@ -3,6 +3,6 @@ "dotnet": "8.0.101" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24266.3" + "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24352.1" } } From e55a5ff2470084f8dc45bbf1195725194b4bfe9e Mon Sep 17 00:00:00 2001 From: Farhad Alizada <104755925+f-alizada@users.noreply.github.com> Date: Thu, 20 Jun 2024 17:57:01 +0200 Subject: [PATCH 11/38] Onboard new inter-branch merge flow [Workflow] --- .github/workflows/inter-branch-merge-flow.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/workflows/inter-branch-merge-flow.yml diff --git a/.github/workflows/inter-branch-merge-flow.yml b/.github/workflows/inter-branch-merge-flow.yml new file mode 100644 index 00000000000..7cd5b0c7a53 --- /dev/null +++ b/.github/workflows/inter-branch-merge-flow.yml @@ -0,0 +1,13 @@ +name: Inter-branch merge workflow +on: + push: + branches: + - release/** + +permissions: + contents: write + pull-requests: write + +jobs: + Merge: + uses: dotnet/arcade/.github/workflows/inter-branch-merge-base.yml@main From df765074bd9f3cb67559577bc19dfeeb47d4a76c Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Thu, 11 Jul 2024 16:45:07 +0000 Subject: [PATCH 12/38] Update dependencies from https://github.com/dotnet/arcade build 20240710.5 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24352.1 -> To Version 8.0.0-beta.24360.5 --- eng/Version.Details.xml | 4 ++-- .../templates-official/job/publish-build-assets.yml | 9 ++++++--- eng/common/templates/job/publish-build-assets.yml | 9 ++++++--- global.json | 2 +- 4 files changed, 15 insertions(+), 9 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index fba2b9a7918..ea2a4899c72 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -17,9 +17,9 @@ - + https://github.com/dotnet/arcade - 8b879da4e449c48d99f3f642fc429379a64e8fe8 + c9efa535175049eb9cba06cae1f8c3d5dbe768a9 diff --git a/eng/common/templates-official/job/publish-build-assets.yml b/eng/common/templates-official/job/publish-build-assets.yml index d01739c1285..ba3e7df8158 100644 --- a/eng/common/templates-official/job/publish-build-assets.yml +++ b/eng/common/templates-official/job/publish-build-assets.yml @@ -140,11 +140,14 @@ jobs: BARBuildId: ${{ parameters.BARBuildId }} PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }} - - task: PowerShell@2 + - task: AzureCLI@2 displayName: Publish Using Darc inputs: - filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 - arguments: -BuildId $(BARBuildId) + azureSubscription: "Darc: Maestro Production" + scriptType: ps + scriptLocation: scriptPath + scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 + arguments: -BuildId $(BARBuildId) -PublishingInfraVersion 3 -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' -WaitPublishingFinish true diff --git a/eng/common/templates/job/publish-build-assets.yml b/eng/common/templates/job/publish-build-assets.yml index 9fd69fa7c9b..57a41f0a3e1 100644 --- a/eng/common/templates/job/publish-build-assets.yml +++ b/eng/common/templates/job/publish-build-assets.yml @@ -136,11 +136,14 @@ jobs: BARBuildId: ${{ parameters.BARBuildId }} PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }} - - task: PowerShell@2 + - task: AzureCLI@2 displayName: Publish Using Darc inputs: - filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 - arguments: -BuildId $(BARBuildId) + azureSubscription: "Darc: Maestro Production" + scriptType: ps + scriptLocation: scriptPath + scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 + arguments: -BuildId $(BARBuildId) -PublishingInfraVersion 3 -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' -WaitPublishingFinish true diff --git a/global.json b/global.json index 6d85580a385..6d86fe094b2 100644 --- a/global.json +++ b/global.json @@ -3,6 +3,6 @@ "dotnet": "8.0.101" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24352.1" + "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24360.5" } } From e2ba13670386f562c27ca8e00fa1413030ac218a Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" <42748379+dotnet-maestro[bot]@users.noreply.github.com> Date: Thu, 11 Jul 2024 18:28:48 +0000 Subject: [PATCH 13/38] [release/8.0.3xx] Update dependencies from dotnet/arcade (#8213) [release/8.0.3xx] Update dependencies from dotnet/arcade --- eng/Version.Details.xml | 4 ++-- global.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 8eea8f5dca3..1c1af53162d 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -17,9 +17,9 @@ - + https://github.com/dotnet/arcade - db87887481d4110c09a1004191002482fdd7e4f2 + c9efa535175049eb9cba06cae1f8c3d5dbe768a9 diff --git a/global.json b/global.json index 6879014b6f3..6d86fe094b2 100644 --- a/global.json +++ b/global.json @@ -3,6 +3,6 @@ "dotnet": "8.0.101" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24359.3" + "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24360.5" } } From 089a47f72196d5f46c10030e5bfe72064e29b8a5 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" <42748379+dotnet-maestro[bot]@users.noreply.github.com> Date: Tue, 16 Jul 2024 06:26:32 +0000 Subject: [PATCH 14/38] Update dependencies from https://github.com/dotnet/source-build-externals build 20240711.1 (#8222) [release/8.0.1xx] Update dependencies from dotnet/source-build-externals --- eng/Version.Details.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index ea2a4899c72..62f546ae12c 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -1,9 +1,9 @@ - + https://github.com/dotnet/source-build-externals - 4f2151df120194f0268944f1b723c14820738fc8 + b086ae0e4cf1ae64f1237f976fa65221f87cd4a0 From 6d7ccd834b83ff5b09ddac56ecdcb4836087319f Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Tue, 16 Jul 2024 12:29:14 +0000 Subject: [PATCH 15/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240715.2 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24365.2 --- eng/Version.Details.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 62f546ae12c..9969e4705cb 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -6,9 +6,9 @@ b086ae0e4cf1ae64f1237f976fa65221f87cd4a0 - + https://github.com/dotnet/source-build-reference-packages - 6ed73280a6d70f7e7ac39c86f2abe8c10983f0bb + 8258018588e4435f92c8355b51c84c7084f36eae From 5abac5287d71b6c9987729dfa1e73e1331756e2b Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Wed, 17 Jul 2024 12:29:09 +0000 Subject: [PATCH 16/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240716.1 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24366.1 --- eng/Version.Details.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 9969e4705cb..b0a50637cc6 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -6,9 +6,9 @@ b086ae0e4cf1ae64f1237f976fa65221f87cd4a0 - + https://github.com/dotnet/source-build-reference-packages - 8258018588e4435f92c8355b51c84c7084f36eae + a489be6626823d2adcf396c9e6e72987a7229173 From 72fe831bcb24fb1c80a941407bd6763b3145f56b Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Thu, 18 Jul 2024 12:35:59 +0000 Subject: [PATCH 17/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240717.1 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24367.1 --- eng/Version.Details.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index b0a50637cc6..ebad5071251 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -6,9 +6,9 @@ b086ae0e4cf1ae64f1237f976fa65221f87cd4a0 - + https://github.com/dotnet/source-build-reference-packages - a489be6626823d2adcf396c9e6e72987a7229173 + 68d6cef51f1c82d71b435af0f040d72fdd1a782f From 3a313e187ebbc2cf5a86d7102f28fce0a70486a7 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Fri, 19 Jul 2024 12:54:15 +0000 Subject: [PATCH 18/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240717.1 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24367.1 From c64e7d833f2854eaad96d46d0bd5e42bef76e83d Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Sat, 20 Jul 2024 12:41:35 +0000 Subject: [PATCH 19/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240717.1 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24367.1 From fa9f5a0fc7b25a9860e59fcc9b1c18da3a18145d Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Sun, 21 Jul 2024 12:35:06 +0000 Subject: [PATCH 20/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240717.1 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24367.1 From 0bf1b4b5affe9958047a96921de2a4279ca9943c Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Mon, 22 Jul 2024 12:34:53 +0000 Subject: [PATCH 21/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240717.1 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24367.1 From 34187cf4327066f99d0fc20a322ea1f0d8103175 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Tue, 23 Jul 2024 12:51:01 +0000 Subject: [PATCH 22/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240722.3 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24372.3 --- eng/Version.Details.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index ebad5071251..01ceef99b8c 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -6,9 +6,9 @@ b086ae0e4cf1ae64f1237f976fa65221f87cd4a0 - + https://github.com/dotnet/source-build-reference-packages - 68d6cef51f1c82d71b435af0f040d72fdd1a782f + 30ed464acd37779c64e9dc652d4460543ebf9966 From e737c7dac339c926255ce39090851d430ad4015c Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Wed, 24 Jul 2024 12:38:10 +0000 Subject: [PATCH 23/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240722.3 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24372.3 From a6318f80990d614910cc26eefd68e539ac3a3493 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Thu, 25 Jul 2024 12:50:39 +0000 Subject: [PATCH 24/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240722.3 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24372.3 From 7a0592d000a7e8fc19b9ce466944a5240e16a111 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Fri, 26 Jul 2024 12:53:14 +0000 Subject: [PATCH 25/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240722.3 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24372.3 From 0a61705a277f5adbe89ec6701c03bb491248043b Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Sat, 27 Jul 2024 12:42:52 +0000 Subject: [PATCH 26/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240722.3 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24372.3 From 9a710f534b758c8c4d0426f6ba1170b41f853aed Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Sun, 28 Jul 2024 12:43:04 +0000 Subject: [PATCH 27/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240722.3 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24372.3 From d7deebf850e5ad34ce7433a427aafcddc1679463 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Mon, 29 Jul 2024 12:41:04 +0000 Subject: [PATCH 28/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240722.3 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24372.3 From ecc8349779151f87af6aadbbc9b1b05335dbd988 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Tue, 30 Jul 2024 12:50:49 +0000 Subject: [PATCH 29/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240722.3 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24372.3 From 5820f9276e532aeae77bf1cd1dbda2c830c91af8 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Wed, 31 Jul 2024 12:37:06 +0000 Subject: [PATCH 30/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240722.3 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24372.3 From e0df48bb27ff841c3a884faa17932fe47230b897 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Thu, 1 Aug 2024 12:27:12 +0000 Subject: [PATCH 31/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240722.3 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24372.3 From be56dc0595c74ec49d1915dc77b86f56f56f632c Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Fri, 2 Aug 2024 12:42:57 +0000 Subject: [PATCH 32/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240722.3 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24372.3 From d06abb86dd4d821f06287231baf81c4ea35a5781 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Sat, 3 Aug 2024 12:31:47 +0000 Subject: [PATCH 33/38] Update dependencies from https://github.com/dotnet/source-build-reference-packages build 20240722.3 Microsoft.SourceBuild.Intermediate.source-build-reference-packages From Version 8.0.0-alpha.1.24257.2 -> To Version 8.0.0-alpha.1.24372.3 From 3ca7353f6078a4532a3cc7e73d9b6bf79ed5d29f Mon Sep 17 00:00:00 2001 From: vseanreesermsft <78103370+vseanreesermsft@users.noreply.github.com> Date: Tue, 6 Aug 2024 13:30:16 -0700 Subject: [PATCH 34/38] Update branding to 8.0.305 (#8260) --- eng/Versions.props | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/Versions.props b/eng/Versions.props index e3df6e7365d..98cee68935f 100644 --- a/eng/Versions.props +++ b/eng/Versions.props @@ -4,7 +4,7 @@ true true - 8.0.304 + 8.0.305 true release From f1d7a75cb37c3ed5ce6a2e563e2b3ba238c14929 Mon Sep 17 00:00:00 2001 From: vseanreesermsft <78103370+vseanreesermsft@users.noreply.github.com> Date: Tue, 6 Aug 2024 13:30:30 -0700 Subject: [PATCH 35/38] Update branding to 8.0.109 (#8257) --- eng/Versions.props | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/Versions.props b/eng/Versions.props index 3f6f080780a..1fa6a6d6d49 100644 --- a/eng/Versions.props +++ b/eng/Versions.props @@ -4,7 +4,7 @@ true true - 8.0.108 + 8.0.109 true release From 893808174d1839f4ffb7c764c8d200034f34cb99 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" <42748379+dotnet-maestro[bot]@users.noreply.github.com> Date: Tue, 6 Aug 2024 13:31:45 -0700 Subject: [PATCH 36/38] [release/8.0.1xx] Update dependencies from dotnet/source-build-externals (#8239) * Update dependencies from https://github.com/dotnet/source-build-externals build 20240722.2 Microsoft.SourceBuild.Intermediate.source-build-externals From Version 8.0.0-alpha.1.24361.1 -> To Version 8.0.0-alpha.1.24372.2 * Update dependencies from https://github.com/dotnet/source-build-externals build 20240729.1 Microsoft.SourceBuild.Intermediate.source-build-externals From Version 8.0.0-alpha.1.24361.1 -> To Version 8.0.0-alpha.1.24379.1 --------- Co-authored-by: dotnet-maestro[bot] --- eng/Version.Details.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 62f546ae12c..fad2808f9e7 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -1,9 +1,9 @@ - + https://github.com/dotnet/source-build-externals - b086ae0e4cf1ae64f1237f976fa65221f87cd4a0 + fb970eccb0a9cae3092464e29cbabda0d4115049 From 19ed9a197d8d29712899dac54b9f4a32418e7133 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" <42748379+dotnet-maestro[bot]@users.noreply.github.com> Date: Tue, 6 Aug 2024 13:32:30 -0700 Subject: [PATCH 37/38] [release/8.0.3xx] Update dependencies from dotnet/arcade (#8233) * Update dependencies from https://github.com/dotnet/arcade build 20240716.7 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24366.7 * Update dependencies from https://github.com/dotnet/arcade build 20240717.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24367.1 * Update dependencies from https://github.com/dotnet/arcade build 20240717.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24367.1 * Update dependencies from https://github.com/dotnet/arcade build 20240717.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24367.1 * Update dependencies from https://github.com/dotnet/arcade build 20240717.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24367.1 * Update dependencies from https://github.com/dotnet/arcade build 20240717.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24367.1 * Update dependencies from https://github.com/dotnet/arcade build 20240722.3 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24372.3 * Update dependencies from https://github.com/dotnet/arcade build 20240722.3 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24372.3 * Update dependencies from https://github.com/dotnet/arcade build 20240726.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24376.1 * Update dependencies from https://github.com/dotnet/arcade build 20240726.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24376.1 * Update dependencies from https://github.com/dotnet/arcade build 20240726.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24376.1 * Update dependencies from https://github.com/dotnet/arcade build 20240726.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24376.1 * Update dependencies from https://github.com/dotnet/arcade build 20240726.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24376.1 * Update dependencies from https://github.com/dotnet/arcade build 20240726.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24376.1 * Update dependencies from https://github.com/dotnet/arcade build 20240726.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24376.1 * Update dependencies from https://github.com/dotnet/arcade build 20240726.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24376.1 * Update dependencies from https://github.com/dotnet/arcade build 20240726.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24376.1 * Update dependencies from https://github.com/dotnet/arcade build 20240726.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24360.5 -> To Version 8.0.0-beta.24376.1 --------- Co-authored-by: dotnet-maestro[bot] --- eng/Version.Details.xml | 4 ++-- eng/common/sdl/NuGet.config | 4 ++-- eng/common/sdl/execute-all-sdl-tools.ps1 | 4 +--- eng/common/sdl/init-sdl.ps1 | 8 -------- eng/common/sdl/sdl.ps1 | 4 +++- .../job/publish-build-assets.yml | 2 +- .../templates-official/post-build/post-build.yml | 2 +- .../templates-official/steps/execute-sdl.yml | 2 -- .../steps/get-federated-access-token.yml | 14 +++++++++++++- eng/common/templates/job/publish-build-assets.yml | 2 +- eng/common/templates/post-build/post-build.yml | 2 +- eng/common/templates/steps/execute-sdl.yml | 7 ++++--- .../templates/steps/get-federated-access-token.yml | 14 +++++++++++++- global.json | 4 ++-- 14 files changed, 44 insertions(+), 29 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 1c1af53162d..22f69184b81 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -17,9 +17,9 @@ - + https://github.com/dotnet/arcade - c9efa535175049eb9cba06cae1f8c3d5dbe768a9 + 1e2be7464703499cf98e20536fb4da4218c8fce1 diff --git a/eng/common/sdl/NuGet.config b/eng/common/sdl/NuGet.config index 3849bdb3cf5..5bfbb02ef04 100644 --- a/eng/common/sdl/NuGet.config +++ b/eng/common/sdl/NuGet.config @@ -5,11 +5,11 @@ - + - + diff --git a/eng/common/sdl/execute-all-sdl-tools.ps1 b/eng/common/sdl/execute-all-sdl-tools.ps1 index 4715d75e974..81ded5b7f47 100644 --- a/eng/common/sdl/execute-all-sdl-tools.ps1 +++ b/eng/common/sdl/execute-all-sdl-tools.ps1 @@ -6,7 +6,6 @@ Param( [string] $BranchName=$env:BUILD_SOURCEBRANCH, # Optional: name of branch or version of gdn settings; defaults to master [string] $SourceDirectory=$env:BUILD_SOURCESDIRECTORY, # Required: the directory where source files are located [string] $ArtifactsDirectory = (Join-Path $env:BUILD_ARTIFACTSTAGINGDIRECTORY ('artifacts')), # Required: the directory where build artifacts are located - [string] $AzureDevOpsAccessToken, # Required: access token for dnceng; should be provided via KeyVault # Optional: list of SDL tools to run on source code. See 'configure-sdl-tool.ps1' for tools list # format. @@ -75,7 +74,7 @@ try { } Exec-BlockVerbosely { - & $(Join-Path $PSScriptRoot 'init-sdl.ps1') -GuardianCliLocation $guardianCliLocation -Repository $RepoName -BranchName $BranchName -WorkingDirectory $workingDirectory -AzureDevOpsAccessToken $AzureDevOpsAccessToken -GuardianLoggerLevel $GuardianLoggerLevel + & $(Join-Path $PSScriptRoot 'init-sdl.ps1') -GuardianCliLocation $guardianCliLocation -Repository $RepoName -BranchName $BranchName -WorkingDirectory $workingDirectory -GuardianLoggerLevel $GuardianLoggerLevel } $gdnFolder = Join-Path $workingDirectory '.gdn' @@ -104,7 +103,6 @@ try { -TargetDirectory $targetDirectory ` -GdnFolder $gdnFolder ` -ToolsList $tools ` - -AzureDevOpsAccessToken $AzureDevOpsAccessToken ` -GuardianLoggerLevel $GuardianLoggerLevel ` -CrScanAdditionalRunConfigParams $CrScanAdditionalRunConfigParams ` -PoliCheckAdditionalRunConfigParams $PoliCheckAdditionalRunConfigParams ` diff --git a/eng/common/sdl/init-sdl.ps1 b/eng/common/sdl/init-sdl.ps1 index 3ac1d92b370..588ff8e22fb 100644 --- a/eng/common/sdl/init-sdl.ps1 +++ b/eng/common/sdl/init-sdl.ps1 @@ -3,7 +3,6 @@ Param( [string] $Repository, [string] $BranchName='master', [string] $WorkingDirectory, - [string] $AzureDevOpsAccessToken, [string] $GuardianLoggerLevel='Standard' ) @@ -21,14 +20,7 @@ $ci = $true # Don't display the console progress UI - it's a huge perf hit $ProgressPreference = 'SilentlyContinue' -# Construct basic auth from AzDO access token; construct URI to the repository's gdn folder stored in that repository; construct location of zip file -$encodedPat = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$AzureDevOpsAccessToken")) -$escapedRepository = [Uri]::EscapeDataString("/$Repository/$BranchName/.gdn") -$uri = "https://dev.azure.com/dnceng/internal/_apis/git/repositories/sdl-tool-cfg/Items?path=$escapedRepository&versionDescriptor[versionOptions]=0&`$format=zip&api-version=5.0" -$zipFile = "$WorkingDirectory/gdn.zip" - Add-Type -AssemblyName System.IO.Compression.FileSystem -$gdnFolder = (Join-Path $WorkingDirectory '.gdn') try { # if the folder does not exist, we'll do a guardian init and push it to the remote repository diff --git a/eng/common/sdl/sdl.ps1 b/eng/common/sdl/sdl.ps1 index 648c5068d7d..7fe603fe995 100644 --- a/eng/common/sdl/sdl.ps1 +++ b/eng/common/sdl/sdl.ps1 @@ -4,6 +4,8 @@ function Install-Gdn { [Parameter(Mandatory=$true)] [string]$Path, + [string]$Source = "https://pkgs.dev.azure.com/dnceng/_packaging/Guardian1ESPTUpstreamOrgFeed/nuget/v3/index.json", + # If omitted, install the latest version of Guardian, otherwise install that specific version. [string]$Version ) @@ -19,7 +21,7 @@ function Install-Gdn { $ci = $true . $PSScriptRoot\..\tools.ps1 - $argumentList = @("install", "Microsoft.Guardian.Cli", "-Source https://securitytools.pkgs.visualstudio.com/_packaging/Guardian/nuget/v3/index.json", "-OutputDirectory $Path", "-NonInteractive", "-NoCache") + $argumentList = @("install", "Microsoft.Guardian.Cli.win-x64", "-Source $Source", "-OutputDirectory $Path", "-NonInteractive", "-NoCache") if ($Version) { $argumentList += "-Version $Version" diff --git a/eng/common/templates-official/job/publish-build-assets.yml b/eng/common/templates-official/job/publish-build-assets.yml index ba3e7df8158..0117328800c 100644 --- a/eng/common/templates-official/job/publish-build-assets.yml +++ b/eng/common/templates-official/job/publish-build-assets.yml @@ -149,7 +149,7 @@ jobs: scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 arguments: -BuildId $(BARBuildId) -PublishingInfraVersion 3 - -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' + -AzdoToken '$(System.AccessToken)' -WaitPublishingFinish true -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}' -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}' diff --git a/eng/common/templates-official/post-build/post-build.yml b/eng/common/templates-official/post-build/post-build.yml index 0dfa387e7b7..b81b8770b34 100644 --- a/eng/common/templates-official/post-build/post-build.yml +++ b/eng/common/templates-official/post-build/post-build.yml @@ -281,7 +281,7 @@ stages: scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 arguments: -BuildId $(BARBuildId) -PublishingInfraVersion ${{ parameters.publishingInfraVersion }} - -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' + -AzdoToken '$(System.AccessToken)' -WaitPublishingFinish true -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}' -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}' diff --git a/eng/common/templates-official/steps/execute-sdl.yml b/eng/common/templates-official/steps/execute-sdl.yml index 07426fde05d..301d5c591eb 100644 --- a/eng/common/templates-official/steps/execute-sdl.yml +++ b/eng/common/templates-official/steps/execute-sdl.yml @@ -9,8 +9,6 @@ parameters: steps: - task: NuGetAuthenticate@1 - inputs: - nuGetServiceConnections: GuardianConnect - task: NuGetToolInstaller@1 displayName: 'Install NuGet.exe' diff --git a/eng/common/templates-official/steps/get-federated-access-token.yml b/eng/common/templates-official/steps/get-federated-access-token.yml index e3786cef6df..55e33bd38f7 100644 --- a/eng/common/templates-official/steps/get-federated-access-token.yml +++ b/eng/common/templates-official/steps/get-federated-access-token.yml @@ -3,6 +3,12 @@ parameters: type: string - name: outputVariableName type: string +- name: stepName + type: string + default: 'getFederatedAccessToken' +- name: condition + type: string + default: '' # Resource to get a token for. Common values include: # - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps # - 'https://storage.azure.com/' for storage @@ -10,10 +16,16 @@ parameters: - name: resource type: string default: '499b84ac-1321-427f-aa17-267ca6975798' +- name: isStepOutputVariable + type: boolean + default: false steps: - task: AzureCLI@2 displayName: 'Getting federated access token for feeds' + name: ${{ parameters.stepName }} + ${{ if ne(parameters.condition, '') }}: + condition: ${{ parameters.condition }} inputs: azureSubscription: ${{ parameters.federatedServiceConnection }} scriptType: 'pscore' @@ -25,4 +37,4 @@ steps: exit 1 } Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value" - Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken" + Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true;isOutput=${{ parameters.isStepOutputVariable }}]$accessToken" \ No newline at end of file diff --git a/eng/common/templates/job/publish-build-assets.yml b/eng/common/templates/job/publish-build-assets.yml index 57a41f0a3e1..cc2b346ba8b 100644 --- a/eng/common/templates/job/publish-build-assets.yml +++ b/eng/common/templates/job/publish-build-assets.yml @@ -145,7 +145,7 @@ jobs: scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 arguments: -BuildId $(BARBuildId) -PublishingInfraVersion 3 - -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' + -AzdoToken '$(System.AccessToken)' -WaitPublishingFinish true -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}' -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}' diff --git a/eng/common/templates/post-build/post-build.yml b/eng/common/templates/post-build/post-build.yml index 2db4933468f..c3b6a3012fe 100644 --- a/eng/common/templates/post-build/post-build.yml +++ b/eng/common/templates/post-build/post-build.yml @@ -277,7 +277,7 @@ stages: scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 arguments: -BuildId $(BARBuildId) -PublishingInfraVersion ${{ parameters.publishingInfraVersion }} - -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' + -AzdoToken '$(System.AccessToken)' -WaitPublishingFinish true -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}' -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}' diff --git a/eng/common/templates/steps/execute-sdl.yml b/eng/common/templates/steps/execute-sdl.yml index 07426fde05d..fe0ebf8c904 100644 --- a/eng/common/templates/steps/execute-sdl.yml +++ b/eng/common/templates/steps/execute-sdl.yml @@ -9,8 +9,6 @@ parameters: steps: - task: NuGetAuthenticate@1 - inputs: - nuGetServiceConnections: GuardianConnect - task: NuGetToolInstaller@1 displayName: 'Install NuGet.exe' @@ -36,16 +34,19 @@ steps: displayName: Execute SDL (Overridden) continueOnError: ${{ parameters.sdlContinueOnError }} condition: ${{ parameters.condition }} + env: + GUARDIAN_DEFAULT_PACKAGE_SOURCE_SECRET: $(System.AccessToken) - ${{ if eq(parameters.overrideParameters, '') }}: - powershell: ${{ parameters.executeAllSdlToolsScript }} -GuardianCliLocation $(GuardianCliLocation) -NugetPackageDirectory $(Build.SourcesDirectory)\.packages - -AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw) ${{ parameters.additionalParameters }} displayName: Execute SDL continueOnError: ${{ parameters.sdlContinueOnError }} condition: ${{ parameters.condition }} + env: + GUARDIAN_DEFAULT_PACKAGE_SOURCE_SECRET: $(System.AccessToken) - ${{ if ne(parameters.publishGuardianDirectoryToPipeline, 'false') }}: # We want to publish the Guardian results and configuration for easy diagnosis. However, the diff --git a/eng/common/templates/steps/get-federated-access-token.yml b/eng/common/templates/steps/get-federated-access-token.yml index c8c49cc0e8f..55e33bd38f7 100644 --- a/eng/common/templates/steps/get-federated-access-token.yml +++ b/eng/common/templates/steps/get-federated-access-token.yml @@ -3,6 +3,12 @@ parameters: type: string - name: outputVariableName type: string +- name: stepName + type: string + default: 'getFederatedAccessToken' +- name: condition + type: string + default: '' # Resource to get a token for. Common values include: # - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps # - 'https://storage.azure.com/' for storage @@ -10,10 +16,16 @@ parameters: - name: resource type: string default: '499b84ac-1321-427f-aa17-267ca6975798' +- name: isStepOutputVariable + type: boolean + default: false steps: - task: AzureCLI@2 displayName: 'Getting federated access token for feeds' + name: ${{ parameters.stepName }} + ${{ if ne(parameters.condition, '') }}: + condition: ${{ parameters.condition }} inputs: azureSubscription: ${{ parameters.federatedServiceConnection }} scriptType: 'pscore' @@ -25,4 +37,4 @@ steps: exit 1 } Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value" - Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken" \ No newline at end of file + Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true;isOutput=${{ parameters.isStepOutputVariable }}]$accessToken" \ No newline at end of file diff --git a/global.json b/global.json index 6d86fe094b2..b80ec640130 100644 --- a/global.json +++ b/global.json @@ -1,8 +1,8 @@ { "tools": { - "dotnet": "8.0.101" + "dotnet": "8.0.107" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24360.5" + "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24376.1" } } From 401e1de595f3fae1e785004dc1f2dbac2b382a0d Mon Sep 17 00:00:00 2001 From: Jason Zhai Date: Tue, 6 Aug 2024 20:08:40 -0700 Subject: [PATCH 38/38] Revert eng/Version.Details.xml --- eng/Version.Details.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index b395ee9c3fd..22f69184b81 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -6,9 +6,9 @@ 3dc05150cf234f76f6936dcb2853d31a0da1f60e - + https://github.com/dotnet/source-build-reference-packages - 30ed464acd37779c64e9dc652d4460543ebf9966 + 6f814daa935e08b578b1c0c65a1f26ea3317f517