Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[main] Update dependencies from dotnet/arcade #1158

Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
bc8219a
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] May 27, 2024
af96458
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] Jun 3, 2024
db25658
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] Jun 10, 2024
d22d2f0
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] Jun 17, 2024
a2a47ea
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] Jun 24, 2024
3580926
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] Jul 1, 2024
bb8d50d
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] Jul 8, 2024
5dcf371
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] Jul 11, 2024
8a640a0
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] Jul 15, 2024
4adc9a4
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] Jul 22, 2024
710b805
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] Jul 29, 2024
8afcc4e
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] Aug 5, 2024
9201494
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] Aug 19, 2024
11cd6ef
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] Aug 26, 2024
cef6925
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] Sep 2, 2024
1f8d4cf
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] Sep 16, 2024
cd0e2c4
Update dependencies from https://github.com/dotnet/arcade build 20240…
dotnet-maestro[bot] Sep 30, 2024
a8f8cf5
Update dependencies from https://github.com/dotnet/arcade build 20241…
dotnet-maestro[bot] Oct 10, 2024
7f7b3c2
Update dependencies from https://github.com/dotnet/arcade build 20241…
dotnet-maestro[bot] Oct 16, 2024
72821f0
Update dependencies from https://github.com/dotnet/arcade build 20241…
dotnet-maestro[bot] Oct 28, 2024
b966ac4
Update dependencies from https://github.com/dotnet/arcade build 20241…
dotnet-maestro[bot] Nov 18, 2024
e8d75ab
Update dependencies from https://github.com/dotnet/arcade build 20241…
dotnet-maestro[bot] Nov 25, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions eng/Version.Details.xml
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
<ProductDependencies>
</ProductDependencies>
<ToolsetDependencies>
<Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="8.0.0-beta.24266.3">
<Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="8.0.0-beta.24570.5">
<Uri>https://github.com/dotnet/arcade</Uri>
<Sha>e6f70c7dd528f05cd28cec2a179d58c22e91d9ac</Sha>
<Sha>3c7e11bf80279cde53a6251c4d0fa10e613fc739</Sha>
</Dependency>
</ToolsetDependencies>
</Dependencies>
15 changes: 7 additions & 8 deletions eng/common/post-build/publish-using-darc.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ param(
[Parameter(Mandatory=$true)][int] $BuildId,
[Parameter(Mandatory=$true)][int] $PublishingInfraVersion,
[Parameter(Mandatory=$true)][string] $AzdoToken,
[Parameter(Mandatory=$true)][string] $MaestroToken,
[Parameter(Mandatory=$false)][string] $MaestroApiEndPoint = 'https://maestro.dot.net',
[Parameter(Mandatory=$true)][string] $WaitPublishingFinish,
[Parameter(Mandatory=$false)][string] $ArtifactsPublishingAdditionalParameters,
Expand Down Expand Up @@ -31,13 +30,13 @@ try {
}

& $darc add-build-to-channel `
--id $buildId `
--publishing-infra-version $PublishingInfraVersion `
--default-channels `
--source-branch main `
--azdev-pat $AzdoToken `
--bar-uri $MaestroApiEndPoint `
--password $MaestroToken `
--id $buildId `
--publishing-infra-version $PublishingInfraVersion `
--default-channels `
--source-branch main `
--azdev-pat "$AzdoToken" `
--bar-uri "$MaestroApiEndPoint" `
--ci `
@optionalParams

if ($LastExitCode -ne 0) {
Expand Down
4 changes: 2 additions & 2 deletions eng/common/sdl/NuGet.config
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@
</solution>
<packageSources>
<clear />
<add key="guardian" value="https://securitytools.pkgs.visualstudio.com/_packaging/Guardian/nuget/v3/index.json" />
<add key="guardian" value="https://pkgs.dev.azure.com/dnceng/_packaging/Guardian1ESPTUpstreamOrgFeed/nuget/v3/index.json" />
</packageSources>
<packageSourceMapping>
<packageSource key="guardian">
<package pattern="microsoft.guardian.cli" />
<package pattern="Microsoft.Guardian.Cli.win-x64" />
</packageSource>
</packageSourceMapping>
<disabledPackageSources>
Expand Down
4 changes: 1 addition & 3 deletions eng/common/sdl/execute-all-sdl-tools.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ Param(
[string] $BranchName=$env:BUILD_SOURCEBRANCH, # Optional: name of branch or version of gdn settings; defaults to master
[string] $SourceDirectory=$env:BUILD_SOURCESDIRECTORY, # Required: the directory where source files are located
[string] $ArtifactsDirectory = (Join-Path $env:BUILD_ARTIFACTSTAGINGDIRECTORY ('artifacts')), # Required: the directory where build artifacts are located
[string] $AzureDevOpsAccessToken, # Required: access token for dnceng; should be provided via KeyVault

# Optional: list of SDL tools to run on source code. See 'configure-sdl-tool.ps1' for tools list
# format.
Expand Down Expand Up @@ -75,7 +74,7 @@ try {
}

Exec-BlockVerbosely {
& $(Join-Path $PSScriptRoot 'init-sdl.ps1') -GuardianCliLocation $guardianCliLocation -Repository $RepoName -BranchName $BranchName -WorkingDirectory $workingDirectory -AzureDevOpsAccessToken $AzureDevOpsAccessToken -GuardianLoggerLevel $GuardianLoggerLevel
& $(Join-Path $PSScriptRoot 'init-sdl.ps1') -GuardianCliLocation $guardianCliLocation -Repository $RepoName -BranchName $BranchName -WorkingDirectory $workingDirectory -GuardianLoggerLevel $GuardianLoggerLevel
}
$gdnFolder = Join-Path $workingDirectory '.gdn'

Expand Down Expand Up @@ -104,7 +103,6 @@ try {
-TargetDirectory $targetDirectory `
-GdnFolder $gdnFolder `
-ToolsList $tools `
-AzureDevOpsAccessToken $AzureDevOpsAccessToken `
-GuardianLoggerLevel $GuardianLoggerLevel `
-CrScanAdditionalRunConfigParams $CrScanAdditionalRunConfigParams `
-PoliCheckAdditionalRunConfigParams $PoliCheckAdditionalRunConfigParams `
Expand Down
8 changes: 0 additions & 8 deletions eng/common/sdl/init-sdl.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ Param(
[string] $Repository,
[string] $BranchName='master',
[string] $WorkingDirectory,
[string] $AzureDevOpsAccessToken,
[string] $GuardianLoggerLevel='Standard'
)

Expand All @@ -21,14 +20,7 @@ $ci = $true
# Don't display the console progress UI - it's a huge perf hit
$ProgressPreference = 'SilentlyContinue'

# Construct basic auth from AzDO access token; construct URI to the repository's gdn folder stored in that repository; construct location of zip file
$encodedPat = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$AzureDevOpsAccessToken"))
$escapedRepository = [Uri]::EscapeDataString("/$Repository/$BranchName/.gdn")
$uri = "https://dev.azure.com/dnceng/internal/_apis/git/repositories/sdl-tool-cfg/Items?path=$escapedRepository&versionDescriptor[versionOptions]=0&`$format=zip&api-version=5.0"
$zipFile = "$WorkingDirectory/gdn.zip"

Add-Type -AssemblyName System.IO.Compression.FileSystem
$gdnFolder = (Join-Path $WorkingDirectory '.gdn')

try {
# if the folder does not exist, we'll do a guardian init and push it to the remote repository
Expand Down
4 changes: 3 additions & 1 deletion eng/common/sdl/sdl.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ function Install-Gdn {
[Parameter(Mandatory=$true)]
[string]$Path,

[string]$Source = "https://pkgs.dev.azure.com/dnceng/_packaging/Guardian1ESPTUpstreamOrgFeed/nuget/v3/index.json",

# If omitted, install the latest version of Guardian, otherwise install that specific version.
[string]$Version
)
Expand All @@ -19,7 +21,7 @@ function Install-Gdn {
$ci = $true
. $PSScriptRoot\..\tools.ps1

$argumentList = @("install", "Microsoft.Guardian.Cli", "-Source https://securitytools.pkgs.visualstudio.com/_packaging/Guardian/nuget/v3/index.json", "-OutputDirectory $Path", "-NonInteractive", "-NoCache")
$argumentList = @("install", "Microsoft.Guardian.Cli.win-x64", "-Source $Source", "-OutputDirectory $Path", "-NonInteractive", "-NoCache")

if ($Version) {
$argumentList += "-Version $Version"
Expand Down
23 changes: 14 additions & 9 deletions eng/common/templates-official/job/publish-build-assets.yml
Original file line number Diff line number Diff line change
Expand Up @@ -76,13 +76,16 @@ jobs:

- task: NuGetAuthenticate@1

- task: PowerShell@2
- task: AzureCLI@2
displayName: Publish Build Assets
inputs:
filePath: eng\common\sdk-task.ps1
arguments: -task PublishBuildAssets -restore -msbuildEngine dotnet
azureSubscription: "Darc: Maestro Production"
scriptType: ps
scriptLocation: scriptPath
scriptPath: $(Build.SourcesDirectory)/eng/common/sdk-task.ps1
arguments: >
-task PublishBuildAssets -restore -msbuildEngine dotnet
/p:ManifestsPath='$(Build.StagingDirectory)/Download/AssetManifests'
/p:BuildAssetRegistryToken=$(MaestroAccessToken)
/p:MaestroApiEndpoint=https://maestro-prod.westus2.cloudapp.azure.com
/p:PublishUsingPipelines=${{ parameters.publishUsingPipelines }}
/p:OfficialBuildId=$(Build.BuildNumber)
Expand Down Expand Up @@ -137,14 +140,16 @@ jobs:
BARBuildId: ${{ parameters.BARBuildId }}
PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}

- task: PowerShell@2
- task: AzureCLI@2
displayName: Publish Using Darc
inputs:
filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
arguments: -BuildId $(BARBuildId)
azureSubscription: "Darc: Maestro Production"
scriptType: ps
scriptLocation: scriptPath
scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
arguments: -BuildId $(BARBuildId)
-PublishingInfraVersion 3
-AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
-MaestroToken '$(MaestroApiAccessToken)'
-AzdoToken '$(System.AccessToken)'
-WaitPublishingFinish true
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
Expand Down
8 changes: 8 additions & 0 deletions eng/common/templates-official/job/source-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,12 @@ parameters:
# container and pool.
platform: {}

# If set to true and running on a non-public project,
# Internal blob storage locations will be enabled.
# This is not enabled by default because many repositories do not need internal sources
# and do not need to have the required service connections approved in the pipeline.
enableInternalSources: false

jobs:
- job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }}
displayName: Source-Build (${{ parameters.platform.name }})
Expand Down Expand Up @@ -62,6 +68,8 @@ jobs:
clean: all

steps:
- ${{ if eq(parameters.enableInternalSources, true) }}:
- template: /eng/common/templates-official/steps/enable-internal-runtimes.yml
- template: /eng/common/templates-official/steps/source-build.yml
parameters:
platform: ${{ parameters.platform }}
16 changes: 7 additions & 9 deletions eng/common/templates-official/job/source-index-stage1.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:
value: ${{ parameters.sourceIndexPackageSource }}
- name: BinlogPath
value: ${{ parameters.binlogPath }}
- template: /eng/common/templates/variables/pool-providers.yml
- template: /eng/common/templates-official/variables/pool-providers.yml

${{ if ne(parameters.pool, '') }}:
pool: ${{ parameters.pool }}
Expand All @@ -34,7 +34,8 @@ jobs:
demands: ImageOverride -equals windows.vs2019.amd64.open
${{ if eq(variables['System.TeamProject'], 'internal') }}:
name: $(DncEngInternalBuildPool)
demands: ImageOverride -equals windows.vs2019.amd64
image: windows.vs2022.amd64
os: windows

steps:
- ${{ each preStep in parameters.preSteps }}:
Expand Down Expand Up @@ -70,16 +71,13 @@ jobs:
scriptType: 'ps'
scriptLocation: 'inlineScript'
inlineScript: |
echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$env:servicePrincipalId"
echo "##vso[task.setvariable variable=ARM_ID_TOKEN]$env:idToken"
echo "##vso[task.setvariable variable=ARM_TENANT_ID]$env:tenantId"
echo "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$env:servicePrincipalId"
echo "##vso[task.setvariable variable=ARM_ID_TOKEN;issecret=true]$env:idToken"
echo "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$env:tenantId"

- script: |
echo "Client ID: $(ARM_CLIENT_ID)"
echo "ID Token: $(ARM_ID_TOKEN)"
echo "Tenant ID: $(ARM_TENANT_ID)"
az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)
displayName: "Login to Azure"

- script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) -s netsourceindexstage1 -b stage1
displayName: Upload stage1 artifacts to source index
displayName: Upload stage1 artifacts to source index
8 changes: 8 additions & 0 deletions eng/common/templates-official/jobs/source-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,12 @@ parameters:
# one job runs on 'defaultManagedPlatform'.
platforms: []

# If set to true and running on a non-public project,
# Internal nuget and blob storage locations will be enabled.
# This is not enabled by default because many repositories do not need internal sources
# and do not need to have the required service connections approved in the pipeline.
enableInternalSources: false

jobs:

- ${{ if ne(parameters.allCompletedJobId, '') }}:
Expand All @@ -38,9 +44,11 @@ jobs:
parameters:
jobNamePrefix: ${{ parameters.jobNamePrefix }}
platform: ${{ platform }}
enableInternalSources: ${{ parameters.enableInternalSources }}

- ${{ if eq(length(parameters.platforms), 0) }}:
- template: /eng/common/templates-official/job/source-build.yml
parameters:
jobNamePrefix: ${{ parameters.jobNamePrefix }}
platform: ${{ parameters.defaultManagedPlatform }}
enableInternalSources: ${{ parameters.enableInternalSources }}
10 changes: 6 additions & 4 deletions eng/common/templates-official/post-build/post-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -272,14 +272,16 @@ stages:

- task: NuGetAuthenticate@1

- task: PowerShell@2
- task: AzureCLI@2
displayName: Publish Using Darc
inputs:
filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
azureSubscription: "Darc: Maestro Production"
scriptType: ps
scriptLocation: scriptPath
scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
arguments: -BuildId $(BARBuildId)
-PublishingInfraVersion ${{ parameters.publishingInfraVersion }}
-AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
-MaestroToken '$(MaestroApiAccessToken)'
-AzdoToken '$(System.AccessToken)'
-WaitPublishingFinish true
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
28 changes: 28 additions & 0 deletions eng/common/templates-official/steps/enable-internal-runtimes.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64'
# variable with the base64-encoded SAS token, by default

parameters:
- name: federatedServiceConnection
type: string
default: 'dotnetbuilds-internal-read'
- name: outputVariableName
type: string
default: 'dotnetbuilds-internal-container-read-token-base64'
- name: expiryInHours
type: number
default: 1
- name: base64Encode
type: boolean
default: true

steps:
- ${{ if ne(variables['System.TeamProject'], 'public') }}:
- template: /eng/common/templates-official/steps/get-delegation-sas.yml
parameters:
federatedServiceConnection: ${{ parameters.federatedServiceConnection }}
outputVariableName: ${{ parameters.outputVariableName }}
expiryInHours: ${{ parameters.expiryInHours }}
base64Encode: ${{ parameters.base64Encode }}
storageAccount: dotnetbuilds
container: internal
permissions: rl
2 changes: 0 additions & 2 deletions eng/common/templates-official/steps/execute-sdl.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,6 @@ parameters:

steps:
- task: NuGetAuthenticate@1
inputs:
nuGetServiceConnections: GuardianConnect

- task: NuGetToolInstaller@1
displayName: 'Install NuGet.exe'
Expand Down
52 changes: 52 additions & 0 deletions eng/common/templates-official/steps/get-delegation-sas.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
parameters:
- name: federatedServiceConnection
type: string
- name: outputVariableName
type: string
- name: expiryInHours
type: number
default: 1
- name: base64Encode
type: boolean
default: false
- name: storageAccount
type: string
- name: container
type: string
- name: permissions
type: string
default: 'rl'

steps:
- task: AzureCLI@2
displayName: 'Generate delegation SAS Token for ${{ parameters.storageAccount }}/${{ parameters.container }}'
inputs:
azureSubscription: ${{ parameters.federatedServiceConnection }}
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
# Calculate the expiration of the SAS token and convert to UTC
$expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")

# Temporarily work around a helix issue where SAS tokens with / in them will cause incorrect downloads
# of correlation payloads. https://github.com/dotnet/dnceng/issues/3484
$sas = ""
do {
$sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv
if ($LASTEXITCODE -ne 0) {
Write-Error "Failed to generate SAS token."
exit 1
}
} while($sas.IndexOf('/') -ne -1)

if ($LASTEXITCODE -ne 0) {
Write-Error "Failed to generate SAS token."
exit 1
}

if ('${{ parameters.base64Encode }}' -eq 'true') {
$sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas))
}

Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$sas"
Loading
Loading