diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml
index d87aab713..00d9f15b1 100644
--- a/eng/Version.Details.xml
+++ b/eng/Version.Details.xml
@@ -151,29 +151,29 @@
-
+
https://github.com/dotnet/arcade
- c9efa535175049eb9cba06cae1f8c3d5dbe768a9
+ 0028fccccc2181a64c5c4a283ac0baae3913284b
-
+
https://github.com/dotnet/arcade
- c9efa535175049eb9cba06cae1f8c3d5dbe768a9
+ 0028fccccc2181a64c5c4a283ac0baae3913284b
-
+
https://github.com/dotnet/arcade
- c9efa535175049eb9cba06cae1f8c3d5dbe768a9
+ 0028fccccc2181a64c5c4a283ac0baae3913284b
-
+
https://github.com/dotnet/arcade
- c9efa535175049eb9cba06cae1f8c3d5dbe768a9
+ 0028fccccc2181a64c5c4a283ac0baae3913284b
-
+
https://github.com/dotnet/arcade
- c9efa535175049eb9cba06cae1f8c3d5dbe768a9
+ 0028fccccc2181a64c5c4a283ac0baae3913284b
-
+
https://github.com/dotnet/arcade
- c9efa535175049eb9cba06cae1f8c3d5dbe768a9
+ 0028fccccc2181a64c5c4a283ac0baae3913284b
diff --git a/eng/Versions.props b/eng/Versions.props
index c0abef433..a67afbc62 100644
--- a/eng/Versions.props
+++ b/eng/Versions.props
@@ -12,10 +12,10 @@
- 8.0.0-beta.24360.5
- 8.0.0-beta.24360.5
- 8.0.0-beta.24360.5
- 8.0.0-beta.24360.5
+ 8.0.0-beta.24461.2
+ 8.0.0-beta.24461.2
+ 8.0.0-beta.24461.2
+ 8.0.0-beta.24461.2
4.5.0
4.8.6
diff --git a/eng/common/sdl/NuGet.config b/eng/common/sdl/NuGet.config
index 3849bdb3c..5bfbb02ef 100644
--- a/eng/common/sdl/NuGet.config
+++ b/eng/common/sdl/NuGet.config
@@ -5,11 +5,11 @@
-
+
-
+
diff --git a/eng/common/sdl/execute-all-sdl-tools.ps1 b/eng/common/sdl/execute-all-sdl-tools.ps1
index 4715d75e9..81ded5b7f 100644
--- a/eng/common/sdl/execute-all-sdl-tools.ps1
+++ b/eng/common/sdl/execute-all-sdl-tools.ps1
@@ -6,7 +6,6 @@ Param(
[string] $BranchName=$env:BUILD_SOURCEBRANCH, # Optional: name of branch or version of gdn settings; defaults to master
[string] $SourceDirectory=$env:BUILD_SOURCESDIRECTORY, # Required: the directory where source files are located
[string] $ArtifactsDirectory = (Join-Path $env:BUILD_ARTIFACTSTAGINGDIRECTORY ('artifacts')), # Required: the directory where build artifacts are located
- [string] $AzureDevOpsAccessToken, # Required: access token for dnceng; should be provided via KeyVault
# Optional: list of SDL tools to run on source code. See 'configure-sdl-tool.ps1' for tools list
# format.
@@ -75,7 +74,7 @@ try {
}
Exec-BlockVerbosely {
- & $(Join-Path $PSScriptRoot 'init-sdl.ps1') -GuardianCliLocation $guardianCliLocation -Repository $RepoName -BranchName $BranchName -WorkingDirectory $workingDirectory -AzureDevOpsAccessToken $AzureDevOpsAccessToken -GuardianLoggerLevel $GuardianLoggerLevel
+ & $(Join-Path $PSScriptRoot 'init-sdl.ps1') -GuardianCliLocation $guardianCliLocation -Repository $RepoName -BranchName $BranchName -WorkingDirectory $workingDirectory -GuardianLoggerLevel $GuardianLoggerLevel
}
$gdnFolder = Join-Path $workingDirectory '.gdn'
@@ -104,7 +103,6 @@ try {
-TargetDirectory $targetDirectory `
-GdnFolder $gdnFolder `
-ToolsList $tools `
- -AzureDevOpsAccessToken $AzureDevOpsAccessToken `
-GuardianLoggerLevel $GuardianLoggerLevel `
-CrScanAdditionalRunConfigParams $CrScanAdditionalRunConfigParams `
-PoliCheckAdditionalRunConfigParams $PoliCheckAdditionalRunConfigParams `
diff --git a/eng/common/sdl/init-sdl.ps1 b/eng/common/sdl/init-sdl.ps1
index 3ac1d92b3..588ff8e22 100644
--- a/eng/common/sdl/init-sdl.ps1
+++ b/eng/common/sdl/init-sdl.ps1
@@ -3,7 +3,6 @@ Param(
[string] $Repository,
[string] $BranchName='master',
[string] $WorkingDirectory,
- [string] $AzureDevOpsAccessToken,
[string] $GuardianLoggerLevel='Standard'
)
@@ -21,14 +20,7 @@ $ci = $true
# Don't display the console progress UI - it's a huge perf hit
$ProgressPreference = 'SilentlyContinue'
-# Construct basic auth from AzDO access token; construct URI to the repository's gdn folder stored in that repository; construct location of zip file
-$encodedPat = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$AzureDevOpsAccessToken"))
-$escapedRepository = [Uri]::EscapeDataString("/$Repository/$BranchName/.gdn")
-$uri = "https://dev.azure.com/dnceng/internal/_apis/git/repositories/sdl-tool-cfg/Items?path=$escapedRepository&versionDescriptor[versionOptions]=0&`$format=zip&api-version=5.0"
-$zipFile = "$WorkingDirectory/gdn.zip"
-
Add-Type -AssemblyName System.IO.Compression.FileSystem
-$gdnFolder = (Join-Path $WorkingDirectory '.gdn')
try {
# if the folder does not exist, we'll do a guardian init and push it to the remote repository
diff --git a/eng/common/sdl/sdl.ps1 b/eng/common/sdl/sdl.ps1
index 648c5068d..7fe603fe9 100644
--- a/eng/common/sdl/sdl.ps1
+++ b/eng/common/sdl/sdl.ps1
@@ -4,6 +4,8 @@ function Install-Gdn {
[Parameter(Mandatory=$true)]
[string]$Path,
+ [string]$Source = "https://pkgs.dev.azure.com/dnceng/_packaging/Guardian1ESPTUpstreamOrgFeed/nuget/v3/index.json",
+
# If omitted, install the latest version of Guardian, otherwise install that specific version.
[string]$Version
)
@@ -19,7 +21,7 @@ function Install-Gdn {
$ci = $true
. $PSScriptRoot\..\tools.ps1
- $argumentList = @("install", "Microsoft.Guardian.Cli", "-Source https://securitytools.pkgs.visualstudio.com/_packaging/Guardian/nuget/v3/index.json", "-OutputDirectory $Path", "-NonInteractive", "-NoCache")
+ $argumentList = @("install", "Microsoft.Guardian.Cli.win-x64", "-Source $Source", "-OutputDirectory $Path", "-NonInteractive", "-NoCache")
if ($Version) {
$argumentList += "-Version $Version"
diff --git a/eng/common/templates-official/job/publish-build-assets.yml b/eng/common/templates-official/job/publish-build-assets.yml
index ba3e7df81..011732880 100644
--- a/eng/common/templates-official/job/publish-build-assets.yml
+++ b/eng/common/templates-official/job/publish-build-assets.yml
@@ -149,7 +149,7 @@ jobs:
scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
arguments: -BuildId $(BARBuildId)
-PublishingInfraVersion 3
- -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
+ -AzdoToken '$(System.AccessToken)'
-WaitPublishingFinish true
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
diff --git a/eng/common/templates-official/post-build/post-build.yml b/eng/common/templates-official/post-build/post-build.yml
index 0dfa387e7..b81b8770b 100644
--- a/eng/common/templates-official/post-build/post-build.yml
+++ b/eng/common/templates-official/post-build/post-build.yml
@@ -281,7 +281,7 @@ stages:
scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
arguments: -BuildId $(BARBuildId)
-PublishingInfraVersion ${{ parameters.publishingInfraVersion }}
- -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
+ -AzdoToken '$(System.AccessToken)'
-WaitPublishingFinish true
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
diff --git a/eng/common/templates-official/steps/execute-sdl.yml b/eng/common/templates-official/steps/execute-sdl.yml
index 07426fde0..301d5c591 100644
--- a/eng/common/templates-official/steps/execute-sdl.yml
+++ b/eng/common/templates-official/steps/execute-sdl.yml
@@ -9,8 +9,6 @@ parameters:
steps:
- task: NuGetAuthenticate@1
- inputs:
- nuGetServiceConnections: GuardianConnect
- task: NuGetToolInstaller@1
displayName: 'Install NuGet.exe'
diff --git a/eng/common/templates-official/steps/get-federated-access-token.yml b/eng/common/templates-official/steps/get-federated-access-token.yml
index e3786cef6..55e33bd38 100644
--- a/eng/common/templates-official/steps/get-federated-access-token.yml
+++ b/eng/common/templates-official/steps/get-federated-access-token.yml
@@ -3,6 +3,12 @@ parameters:
type: string
- name: outputVariableName
type: string
+- name: stepName
+ type: string
+ default: 'getFederatedAccessToken'
+- name: condition
+ type: string
+ default: ''
# Resource to get a token for. Common values include:
# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps
# - 'https://storage.azure.com/' for storage
@@ -10,10 +16,16 @@ parameters:
- name: resource
type: string
default: '499b84ac-1321-427f-aa17-267ca6975798'
+- name: isStepOutputVariable
+ type: boolean
+ default: false
steps:
- task: AzureCLI@2
displayName: 'Getting federated access token for feeds'
+ name: ${{ parameters.stepName }}
+ ${{ if ne(parameters.condition, '') }}:
+ condition: ${{ parameters.condition }}
inputs:
azureSubscription: ${{ parameters.federatedServiceConnection }}
scriptType: 'pscore'
@@ -25,4 +37,4 @@ steps:
exit 1
}
Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
- Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken"
+ Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true;isOutput=${{ parameters.isStepOutputVariable }}]$accessToken"
\ No newline at end of file
diff --git a/eng/common/templates/job/publish-build-assets.yml b/eng/common/templates/job/publish-build-assets.yml
index 57a41f0a3..cc2b346ba 100644
--- a/eng/common/templates/job/publish-build-assets.yml
+++ b/eng/common/templates/job/publish-build-assets.yml
@@ -145,7 +145,7 @@ jobs:
scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
arguments: -BuildId $(BARBuildId)
-PublishingInfraVersion 3
- -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
+ -AzdoToken '$(System.AccessToken)'
-WaitPublishingFinish true
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
diff --git a/eng/common/templates/post-build/post-build.yml b/eng/common/templates/post-build/post-build.yml
index 2db493346..c3b6a3012 100644
--- a/eng/common/templates/post-build/post-build.yml
+++ b/eng/common/templates/post-build/post-build.yml
@@ -277,7 +277,7 @@ stages:
scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
arguments: -BuildId $(BARBuildId)
-PublishingInfraVersion ${{ parameters.publishingInfraVersion }}
- -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
+ -AzdoToken '$(System.AccessToken)'
-WaitPublishingFinish true
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
diff --git a/eng/common/templates/steps/execute-sdl.yml b/eng/common/templates/steps/execute-sdl.yml
index 07426fde0..fe0ebf8c9 100644
--- a/eng/common/templates/steps/execute-sdl.yml
+++ b/eng/common/templates/steps/execute-sdl.yml
@@ -9,8 +9,6 @@ parameters:
steps:
- task: NuGetAuthenticate@1
- inputs:
- nuGetServiceConnections: GuardianConnect
- task: NuGetToolInstaller@1
displayName: 'Install NuGet.exe'
@@ -36,16 +34,19 @@ steps:
displayName: Execute SDL (Overridden)
continueOnError: ${{ parameters.sdlContinueOnError }}
condition: ${{ parameters.condition }}
+ env:
+ GUARDIAN_DEFAULT_PACKAGE_SOURCE_SECRET: $(System.AccessToken)
- ${{ if eq(parameters.overrideParameters, '') }}:
- powershell: ${{ parameters.executeAllSdlToolsScript }}
-GuardianCliLocation $(GuardianCliLocation)
-NugetPackageDirectory $(Build.SourcesDirectory)\.packages
- -AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
${{ parameters.additionalParameters }}
displayName: Execute SDL
continueOnError: ${{ parameters.sdlContinueOnError }}
condition: ${{ parameters.condition }}
+ env:
+ GUARDIAN_DEFAULT_PACKAGE_SOURCE_SECRET: $(System.AccessToken)
- ${{ if ne(parameters.publishGuardianDirectoryToPipeline, 'false') }}:
# We want to publish the Guardian results and configuration for easy diagnosis. However, the
diff --git a/eng/common/templates/steps/get-federated-access-token.yml b/eng/common/templates/steps/get-federated-access-token.yml
index c8c49cc0e..55e33bd38 100644
--- a/eng/common/templates/steps/get-federated-access-token.yml
+++ b/eng/common/templates/steps/get-federated-access-token.yml
@@ -3,6 +3,12 @@ parameters:
type: string
- name: outputVariableName
type: string
+- name: stepName
+ type: string
+ default: 'getFederatedAccessToken'
+- name: condition
+ type: string
+ default: ''
# Resource to get a token for. Common values include:
# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps
# - 'https://storage.azure.com/' for storage
@@ -10,10 +16,16 @@ parameters:
- name: resource
type: string
default: '499b84ac-1321-427f-aa17-267ca6975798'
+- name: isStepOutputVariable
+ type: boolean
+ default: false
steps:
- task: AzureCLI@2
displayName: 'Getting federated access token for feeds'
+ name: ${{ parameters.stepName }}
+ ${{ if ne(parameters.condition, '') }}:
+ condition: ${{ parameters.condition }}
inputs:
azureSubscription: ${{ parameters.federatedServiceConnection }}
scriptType: 'pscore'
@@ -25,4 +37,4 @@ steps:
exit 1
}
Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
- Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken"
\ No newline at end of file
+ Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true;isOutput=${{ parameters.isStepOutputVariable }}]$accessToken"
\ No newline at end of file
diff --git a/eng/common/templates/steps/telemetry-start.yml b/eng/common/templates/steps/telemetry-start.yml
index 32c01ef0b..6abbcb33a 100644
--- a/eng/common/templates/steps/telemetry-start.yml
+++ b/eng/common/templates/steps/telemetry-start.yml
@@ -8,7 +8,7 @@ parameters:
steps:
- ${{ if and(eq(parameters.runAsPublic, 'false'), not(eq(variables['System.TeamProject'], 'public'))) }}:
- - task: AzureKeyVault@1
+ - task: AzureKeyVault@2
inputs:
azureSubscription: 'HelixProd_KeyVault'
KeyVaultName: HelixProdKV
diff --git a/global.json b/global.json
index d9d6b2139..276f69980 100644
--- a/global.json
+++ b/global.json
@@ -1,10 +1,10 @@
{
"tools": {
- "dotnet": "8.0.101"
+ "dotnet": "8.0.108"
},
"msbuild-sdks": {
- "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24360.5",
- "Microsoft.DotNet.SharedFramework.Sdk": "8.0.0-beta.24360.5",
+ "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24461.2",
+ "Microsoft.DotNet.SharedFramework.Sdk": "8.0.0-beta.24461.2",
"Microsoft.Build.NoTargets": "3.7.0",
"Microsoft.Build.Traversal": "3.4.0"
}