From 862f998b734e016e71fa5045909e64208de05437 Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Tue, 14 Jan 2025 11:52:44 -0700 Subject: [PATCH 1/5] Fix Install-NuGetPackage.ps1 script --- azure-pipelines/Install-NuGetPackage.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines/Install-NuGetPackage.ps1 b/azure-pipelines/Install-NuGetPackage.ps1 index 9afde0550..f1db577ab 100644 --- a/azure-pipelines/Install-NuGetPackage.ps1 +++ b/azure-pipelines/Install-NuGetPackage.ps1 @@ -33,7 +33,7 @@ Param( [string]$Verbosity='normal' ) -$nugetPath = & "$PSScriptRoot\Get-NuGetTool.ps1" +$nugetPath = & "$PSScriptRoot\..\tools\Get-NuGetTool.ps1" try { Write-Verbose "Installing $PackageId..." From d1583877d80f8b6447cfc22986391b4e54e7b780 Mon Sep 17 00:00:00 2001 From: Matteo Prosperi <41970398+matteo-prosperi@users.noreply.github.com> Date: Tue, 14 Jan 2025 11:06:13 -0800 Subject: [PATCH 2/5] Create a separate unofficial.yml pipeline (#334) --- Expand-Template.ps1 | 2 +- azure-pipelines/apiscan.yml | 8 ++ azure-pipelines/build.yml | 1 + azure-pipelines/official.yml | 129 +++++++++++---------------------- azure-pipelines/unofficial.yml | 90 +++++++++++++++++++++++ 5 files changed, 141 insertions(+), 89 deletions(-) create mode 100644 azure-pipelines/unofficial.yml diff --git a/Expand-Template.ps1 b/Expand-Template.ps1 index 0bc5f440e..9ba1f04ef 100755 --- a/Expand-Template.ps1 +++ b/Expand-Template.ps1 @@ -156,7 +156,7 @@ try { $YmlReplacements = @{ "(?m)^\s+- microbuild`r?`n"="" } - Replace-Placeholders -Path "azure-pipelines\official.yml" -Replacements $YmlReplacements + Replace-Placeholders -Path "azure-pipelines\unofficial.yml" -Replacements $YmlReplacements Replace-Placeholders -Path "azure-pipelines.yml" -Replacements $YmlReplacements $YmlReplacements = @{} diff --git a/azure-pipelines/apiscan.yml b/azure-pipelines/apiscan.yml index af78f15c0..c3c8aed16 100644 --- a/azure-pipelines/apiscan.yml +++ b/azure-pipelines/apiscan.yml @@ -1,6 +1,8 @@ parameters: - name: windowsPool type: object +- name: RealSign + type: boolean jobs: - job: apiscan @@ -9,6 +11,12 @@ jobs: pool: ${{ parameters.windowsPool }} timeoutInMinutes: 120 templateContext: + ${{ if not(parameters.RealSign) }}: + mb: + signing: # if the build is test-signed, install the signing plugin so that CSVTestSignPolicy.xml is available + enabled: true + zipSources: false + signType: test outputs: - output: pipelineArtifact displayName: 📢 collect apiscan artifact diff --git a/azure-pipelines/build.yml b/azure-pipelines/build.yml index 279c10a63..1a8305867 100644 --- a/azure-pipelines/build.yml +++ b/azure-pipelines/build.yml @@ -313,3 +313,4 @@ jobs: - template: apiscan.yml parameters: windowsPool: ${{ parameters.windowsPool }} + RealSign: ${{ parameters.RealSign }} diff --git a/azure-pipelines/official.yml b/azure-pipelines/official.yml index 35beb818c..a9b5b81ef 100644 --- a/azure-pipelines/official.yml +++ b/azure-pipelines/official.yml @@ -1,17 +1,5 @@ -trigger: - batch: true - branches: - include: - - main - - microbuild - - 'validate/*' - paths: - exclude: - - doc/ - - '*.md' - - .vscode/ - - azure-pipelines/release.yml - - azure-pipelines/vs-insertion.yml +trigger: none # We only want to trigger manually or based on a schedule +pr: none #schedules: #- cron: "0 3 * * *" # Daily @ 8 PM PST # displayName: Daily vs-insertion @@ -23,10 +11,6 @@ parameters: # As an entrypoint pipeline yml file, all parameters here show up in the Queue Run dialog. # If any paramaters should NOT be queue-time options, they should be removed from here # and references to them in this file replaced with hard-coded values. -- name: ForceOfficialBuild - displayName: Official build (sign, compliance, etc.) - type: boolean - default: false # this should remain false so PR builds using this pipeline are unofficial # - name: ShouldSkipOptimize # Uncomment this and references to it below when setting EnableOptProf to true in build.yml. # displayName: Skip OptProf optimization # type: boolean @@ -55,75 +39,44 @@ variables: - template: GlobalVariables.yml extends: - ${{ if or(parameters.ForceOfficialBuild, eq(variables['Build.Reason'],'Schedule')) }}: - template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate - parameters: - sdl: - sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES - codeSignValidation: - enabled: true - break: true - additionalTargetsGlobPattern: -|Variables-*\*.ps1;-|APIScanInputs-*\**;-|test_symbols-*\**;-|MicroBuild\** - policheck: - enabled: true - exclusionsFile: $(System.DefaultWorkingDirectory)\azure-pipelines\PoliCheckExclusions.xml - suppression: - suppressionFile: $(System.DefaultWorkingDirectory)\azure-pipelines\falsepositives.gdnsuppress - sbom: - enabled: true - stages: - - stage: Build - variables: - - template: /azure-pipelines/BuildStageVariables.yml@self - jobs: - - template: /azure-pipelines/build.yml@self - parameters: - Is1ESPT: true - RealSign: true - # ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }} - EnableAPIScan: ${{ and(parameters.EnableAPIScan, ne(variables['Build.Reason'], 'pullRequest')) }} - windowsPool: VSEngSS-MicroBuild2022-1ES - linuxPool: - name: AzurePipelines-EO - demands: - - ImageOverride -equals 1ESPT-Ubuntu22.04 - os: Linux - macOSPool: - name: Azure Pipelines - vmImage: macOS-14 - os: macOS - EnableMacOSBuild: ${{ parameters.EnableMacOSBuild }} - RunTests: ${{ parameters.RunTests }} - - template: /azure-pipelines/prepare-insertion-stages.yml@self + template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate + parameters: + sdl: + sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES + codeSignValidation: + enabled: true + break: true + additionalTargetsGlobPattern: -|Variables-*\*.ps1;-|APIScanInputs-*\**;-|test_symbols-*\**;-|MicroBuild\** + policheck: + enabled: true + exclusionsFile: $(System.DefaultWorkingDirectory)\azure-pipelines\PoliCheckExclusions.xml + suppression: + suppressionFile: $(System.DefaultWorkingDirectory)\azure-pipelines\falsepositives.gdnsuppress + sbom: + enabled: true + stages: + - stage: Build + variables: + - template: /azure-pipelines/BuildStageVariables.yml@self + jobs: + - template: /azure-pipelines/build.yml@self parameters: + Is1ESPT: true RealSign: true - ${{ else }}: - template: azure-pipelines/MicroBuild.1ES.Unofficial.yml@MicroBuildTemplate - parameters: - sdl: - sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES - suppression: - suppressionFile: $(System.DefaultWorkingDirectory)\azure-pipelines\falsepositives.gdnsuppress - stages: - - stage: Build - variables: - - template: /azure-pipelines/BuildStageVariables.yml@self - jobs: - - template: /azure-pipelines/build.yml@self - parameters: - Is1ESPT: true - RealSign: false - # ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }} - EnableAPIScan: false - windowsPool: VSEngSS-MicroBuild2022-1ES - linuxPool: - name: AzurePipelines-EO - demands: - - ImageOverride -equals 1ESPT-Ubuntu22.04 - os: Linux - macOSPool: - name: Azure Pipelines - vmImage: macOS-14 - os: macOS - EnableMacOSBuild: ${{ parameters.EnableMacOSBuild }} - RunTests: ${{ parameters.RunTests }} + # ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }} + EnableAPIScan: ${{ parameters.EnableAPIScan }} + windowsPool: VSEngSS-MicroBuild2022-1ES + linuxPool: + name: AzurePipelines-EO + demands: + - ImageOverride -equals 1ESPT-Ubuntu22.04 + os: Linux + macOSPool: + name: Azure Pipelines + vmImage: macOS-14 + os: macOS + EnableMacOSBuild: ${{ parameters.EnableMacOSBuild }} + RunTests: ${{ parameters.RunTests }} + - template: /azure-pipelines/prepare-insertion-stages.yml@self + parameters: + RealSign: true diff --git a/azure-pipelines/unofficial.yml b/azure-pipelines/unofficial.yml new file mode 100644 index 000000000..afce810bf --- /dev/null +++ b/azure-pipelines/unofficial.yml @@ -0,0 +1,90 @@ +trigger: + batch: true + branches: + include: + - main + - microbuild + - 'validate/*' + paths: + exclude: + - doc/ + - '*.md' + - .vscode/ + - azure-pipelines/release.yml + - azure-pipelines/vs-insertion.yml + +parameters: +# As an entrypoint pipeline yml file, all parameters here show up in the Queue Run dialog. +# If any paramaters should NOT be queue-time options, they should be removed from here +# and references to them in this file replaced with hard-coded values. +# - name: ShouldSkipOptimize # Uncomment this and references to it below when setting EnableOptProf to true in build.yml. +# displayName: Skip OptProf optimization +# type: boolean +# default: false +- name: EnableMacOSBuild + displayName: Build on macOS + type: boolean + default: false # macOS is often bogged down in Azure Pipelines +- name: RunTests + displayName: Run tests + type: boolean + default: true +- name: EnableAPIScan + displayName: Include APIScan with compliance tools + type: boolean + default: false +- name: EnableProductionSDL + displayName: Enable Production SDL + type: boolean + default: false + +resources: + repositories: + - repository: MicroBuildTemplate + type: git + name: 1ESPipelineTemplates/MicroBuildTemplate + ref: refs/tags/release + +variables: +- template: GlobalVariables.yml + +extends: + template: azure-pipelines/MicroBuild.1ES.Unofficial.yml@MicroBuildTemplate + parameters: + sdl: + sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES + suppression: + suppressionFile: $(System.DefaultWorkingDirectory)\azure-pipelines\falsepositives.gdnsuppress + enableProductionSDL: ${{ parameters.EnableProductionSDL }} + codeSignValidation: + enabled: ${{ parameters.EnableProductionSDL }} + break: true + policyFile: $(MBSIGN_APPFOLDER)\CSVTestSignPolicy.xml + policheck: + enabled: ${{ parameters.EnableProductionSDL }} + exclusionsFile: $(System.DefaultWorkingDirectory)\azure-pipelines\PoliCheckExclusions.xml + sbom: + enabled: ${{ parameters.EnableProductionSDL }} + stages: + - stage: Build + variables: + - template: /azure-pipelines/BuildStageVariables.yml@self + jobs: + - template: /azure-pipelines/build.yml@self + parameters: + Is1ESPT: true + RealSign: false + # ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }} + EnableAPIScan: ${{ parameters.EnableAPIScan }} + windowsPool: VSEngSS-MicroBuild2022-1ES + linuxPool: + name: AzurePipelines-EO + demands: + - ImageOverride -equals 1ESPT-Ubuntu22.04 + os: Linux + macOSPool: + name: Azure Pipelines + vmImage: macOS-14 + os: macOS + EnableMacOSBuild: ${{ parameters.EnableMacOSBuild }} + RunTests: ${{ parameters.RunTests }} From 2545e3021b61162d5f23b4b41e7405f1b25dbbfb Mon Sep 17 00:00:00 2001 From: Matteo Prosperi <41970398+matteo-prosperi@users.noreply.github.com> Date: Tue, 14 Jan 2025 13:18:08 -0800 Subject: [PATCH 3/5] Add back signcheck exclusion for unofficial builds --- azure-pipelines/unofficial.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/azure-pipelines/unofficial.yml b/azure-pipelines/unofficial.yml index afce810bf..ff3c2b5d7 100644 --- a/azure-pipelines/unofficial.yml +++ b/azure-pipelines/unofficial.yml @@ -59,6 +59,7 @@ extends: codeSignValidation: enabled: ${{ parameters.EnableProductionSDL }} break: true + additionalTargetsGlobPattern: -|Variables-*\*.ps1;-|APIScanInputs-*\**;-|test_symbols-*\**;-|MicroBuild\** policyFile: $(MBSIGN_APPFOLDER)\CSVTestSignPolicy.xml policheck: enabled: ${{ parameters.EnableProductionSDL }} From 8c45970cd587e8923048ebef3db71ad559a870a3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 14 Jan 2025 18:21:19 -0700 Subject: [PATCH 4/5] Update Dockerfile and global.json updates to v9.0.102 (#340) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .devcontainer/Dockerfile | 2 +- global.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 3674e182a..6952a419f 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,5 +1,5 @@ # Refer to https://hub.docker.com/_/microsoft-dotnet-sdk for available versions -FROM mcr.microsoft.com/dotnet/sdk:9.0.101-noble +FROM mcr.microsoft.com/dotnet/sdk:9.0.102-noble # Installing mono makes `dotnet test` work without errors even for net472. # But installing it takes a long time, so it's excluded by default. diff --git a/global.json b/global.json index f3e0b3239..119eff7ee 100644 --- a/global.json +++ b/global.json @@ -1,6 +1,6 @@ { "sdk": { - "version": "9.0.101", + "version": "9.0.102", "rollForward": "patch", "allowPrerelease": false } From 25d6df9315be95115c164411a39ee242b29de0ed Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Tue, 14 Jan 2025 18:27:14 -0700 Subject: [PATCH 5/5] Migrate xunit settings from app.config to xunit.runner.json --- test/Directory.Build.targets | 4 ++++ test/Library.Tests/app.config | 5 ----- test/Library.Tests/xunit.runner.json | 4 ++++ 3 files changed, 8 insertions(+), 5 deletions(-) delete mode 100644 test/Library.Tests/app.config create mode 100644 test/Library.Tests/xunit.runner.json diff --git a/test/Directory.Build.targets b/test/Directory.Build.targets index a6e0f4ace..9f32cd061 100644 --- a/test/Directory.Build.targets +++ b/test/Directory.Build.targets @@ -1,4 +1,8 @@ + + + + diff --git a/test/Library.Tests/app.config b/test/Library.Tests/app.config deleted file mode 100644 index 61890f055..000000000 --- a/test/Library.Tests/app.config +++ /dev/null @@ -1,5 +0,0 @@ - - - - - diff --git a/test/Library.Tests/xunit.runner.json b/test/Library.Tests/xunit.runner.json new file mode 100644 index 000000000..8465a4543 --- /dev/null +++ b/test/Library.Tests/xunit.runner.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://xunit.net/schema/current/xunit.runner.schema.json", + "shadowCopy": false +}