diff --git a/eng/pipelines/akv-official-pipeline.yml b/eng/pipelines/akv-official-pipeline.yml deleted file mode 100644 index d7bc900bb8..0000000000 --- a/eng/pipelines/akv-official-pipeline.yml +++ /dev/null @@ -1,147 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -name: $(Year:YY)$(DayOfYear)$(Rev:.r) - -# @TODO: Add triggers and schedules - -parameters: - - name: oneBranchType - displayName: 'OneBranch template' - type: 'string' - values: - - 'Official' - - 'NonOfficial' - default: 'Official' - - - name: buildConfiguration - displayName: 'Build configuration' - type: 'string' - values: - - 'Release' - - 'Debug' - default: 'Release' - - - name: publishSymbols - displayName: 'Publish symbols' - type: 'boolean' - default: false - - - name: runSdlTasks - displayName: 'Run SDL Tasks' - type: 'boolean' - default: true - -variables: - - template: /eng/pipelines/variables/common-variables.yml@self - - template: /eng/pipelines/variables/onebranch-variables.yml@self - - template: /eng/pipelines/variables/esrp-signing-variables.yml@self - - template: /eng/pipelines/variables/akv-official-variables.yml@self - -resources: - repositories: - - repository: templates - type: 'git' - name: 'OneBranch.Pipelines/GovernedTemplates' - ref: 'refs/heads/main' - -extends: - template: 'v2/OneBranch.${{ parameters.oneBranchType }}.CrossPlat.yml@templates' - - parameters: - featureFlags: - WindowsHostVersion: - Version: '2022' - - globalSdl: - # See https://aka.ms/obpipelines/sdl - - apiscan: - enabled: ${{ parameters.runSdlTasks }} - softwareFolder: '${{ variables.apiScanDllPath }}' - softwareName: 'Microsoft.Data.SqlClient' # Note: This name is registered with ApiScan - softwareVersionNum: '${{ variables.assemblyFileVersion }}' - symbolsFolder: '${{ variables.apiScanPdbPath }}' - - armory: - enabled: ${{ parameters.runSdlTasks }} - break: true - - asyncSdl: - # If this should be enabled, move supported tools under this item, - # see https://aka.ms/obpipelines/asyncsdl - enabled: false - - binskim: - enabled: ${{ parameters.runSdlTasks }} - break: true - - codeinspector: - enabled: ${{ parameters.runSdlTasks }} - logLevel: Error - - codeql: - enabled: ${{ parameters.runSdlTasks }} - sourceRoot: '$(REPO_ROOT)/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider' - # Note, this can only be done if project doesn't depend on other projects. In - # package reference mode, this is true, but if we ever enable project reference - # builds, this will have to be removed. - - credscan: - enabled: ${{ parameters.runSdlTasks }} - suppressionsFile: '$(REPO_ROOT)/.config/CredScanSuppressions.json' - - eslint: - enabled: false - - policheck: - enabled: ${{ parameters.runSdlTasks }} - break: true - exclusionFile: '$(REPO_ROOT)/.config/PolicheckExclusions.xml' - - roslyn: - enabled: ${{ parameters.runSdlTasks }} - break: true - # Requires RoslynAnalyzers task to be added after build task - - publishLogs: - enabled: ${{ parameters.runSdlTasks }} - - sbom: - enabled: ${{ parameters.runSdlTasks }} - packageName: 'Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider' - packageVersion: ${{ variables.nugetPackageVersion }} - - tsa: - # OneBranch publishes all sdl results to TSA. If TSA is disabled all SDL tools will - # be forced into 'break' build mode. - enabled: ${{ eq(parameters.oneBranchType, 'Official') }} - configFile: '$(REPO_ROOT)/.config/tsaoptions.json' - - stages: - - stage: BuildAkv - displayName: 'Build AKV' - jobs: - - template: /eng/pipelines/jobs/build-akv-official-job.yml@self - parameters: - apiScanDllPath: '${{ variables.apiScanDllPath }}' - apiScanPdbPath: '${{ variables.apiScanPdbPath }}' - assemblyFileVersion: '${{ variables.assemblyFileVersion }}' - buildConfiguration: '${{ parameters.buildConfiguration }}' - nugetPackageVersion: '${{ variables.nugetPackageVersion }}' - mdsPackageVersion: '${{ variables.mdsPackageVersion }}' - publishSymbols: '${{ parameters.publishSymbols }}' - signingAppRegistrationClientId: '$(SigningAppRegistrationClientId)' - signingAppRegistrationTenantId: '$(SigningAppRegistrationTenantId)' - signingAuthAkvName: '$(SigningAuthAkvName)' - signingAuthSignCertName: '$(SigningAuthSignCertName)' - signingEsrpClientId: '$(SigningEsrpClientId)' - signingEsrpConnectedServiceName: '$(SigningEsrpConnectedServiceName)' - symbolsAzureSubscription: '$(SymbolsAzureSubscription)' - symbolsPublishProjectName: '$(SymbolsPublishProjectName)' - symbolsPublishServer: '$(SymbolsPublishServer)' - symbolsPublishTokenUri: '$(SymbolsPublishTokenUri)' - symbolsUploadAccount: '$(SymbolsUploadAccount)' diff --git a/eng/pipelines/common/templates/jobs/ci-build-nugets-job.yml b/eng/pipelines/common/templates/jobs/ci-build-nugets-job.yml index 25b5e75959..de5bfb48c3 100644 --- a/eng/pipelines/common/templates/jobs/ci-build-nugets-job.yml +++ b/eng/pipelines/common/templates/jobs/ci-build-nugets-job.yml @@ -38,7 +38,7 @@ jobs: - msbuild variables: - - template: ../../../libraries/ci-build-variables.yml@self + - template: /eng/pipelines/libraries/ci-build-variables.yml@self steps: - ${{ if ne(parameters.prebuildSteps, '') }}: @@ -52,21 +52,21 @@ jobs: # compilation errors. We won't use the Release artifacts for anything else # though. - ${{ if eq(parameters.configuration, 'Debug') }}: - - template: ../steps/ci-project-build-step.yml@self + - template: /eng/pipelines/common/templates/steps/ci-project-build-step.yml@self parameters: platform: ${{ parameters.platform }} configuration: Release operatingSystem: Windows build: all - - template: ../steps/ci-project-build-step.yml@self + - template: /eng/pipelines/common/templates/steps/ci-project-build-step.yml@self parameters: platform: ${{ parameters.platform }} configuration: ${{ parameters.configuration }} operatingSystem: Windows build: all - - template: ../steps/generate-nuget-package-step.yml@self + - template: /eng/pipelines/common/templates/steps/generate-nuget-package-step.yml@self parameters: NugetPackageVersion: $(NugetPackageVersion) configuration: $(Configuration) @@ -75,7 +75,7 @@ jobs: generateSymbolsPackage: false displayName: 'Generate NuGet package M.D.SqlClient' - - template: ../steps/generate-nuget-package-step.yml@self + - template: /eng/pipelines/common/templates/steps/generate-nuget-package-step.yml@self parameters: NugetPackageVersion: $(NugetPackageVersion) configuration: $(Configuration) diff --git a/eng/pipelines/common/templates/jobs/ci-run-tests-job.yml b/eng/pipelines/common/templates/jobs/ci-run-tests-job.yml index 7e1da7a84d..dcde2cfbed 100644 --- a/eng/pipelines/common/templates/jobs/ci-run-tests-job.yml +++ b/eng/pipelines/common/templates/jobs/ci-run-tests-job.yml @@ -123,12 +123,12 @@ jobs: - ${{ parameters.prebuildSteps }} # extra steps to run before the build like downloading sni and the required configuration - ${{ if eq(parameters.buildType, 'Project') }}: - - template: ../steps/ci-project-build-step.yml@self + - template: /eng/pipelines/common/templates/steps/ci-project-build-step.yml@self parameters: build: allNoDocs - ${{ if ne(parameters.configProperties, '{}') }}: - - template: ../steps/update-config-file-step.yml@self # update config.json file + - template: /eng/pipelines/common/templates/steps/update-config-file-step.yml@self # update config.json file parameters: debug: ${{ parameters.debug }} saPassword: ${{ parameters.saPassword }} @@ -204,7 +204,7 @@ jobs: displayName: 'Start Sql Browser' condition: eq(variables['Agent.OS'], 'Windows_NT') - ${{ elseif eq(parameters.configSqlFor, 'local') }}: - - template: ../steps/configure-sql-server-step.yml@self # configure SQL Server + - template: /eng/pipelines/common/templates/steps/configure-sql-server-step.yml@self # configure SQL Server parameters: operatingSystem: ${{ parameters.operatingSystem }} netcoreVersionTestUtils: ${{ parameters.netcoreVersionTestUtils }} @@ -236,7 +236,7 @@ jobs: ${{ if parameters.configProperties.FileStreamDirectory }}: fileStreamDirectory: ${{ parameters.configProperties.FileStreamDirectory }} - - template: ../steps/build-all-tests-step.yml@self # build tests + - template: /eng/pipelines/common/templates/steps/build-all-tests-step.yml@self # build tests parameters: targetFramework: ${{ parameters.targetFramework }} referenceType: ${{ parameters.buildType }} @@ -245,7 +245,7 @@ jobs: OSGroup: Unix - ${{ if eq(parameters.enableX64Test, true) }}: # run native tests - - template: ../steps/run-all-tests-step.yml@self # run tests + - template: /eng/pipelines/common/templates/steps/run-all-tests-step.yml@self # run tests parameters: debug: ${{ parameters.debug }} targetFramework: ${{ parameters.targetFramework }} @@ -268,7 +268,7 @@ jobs: installDir: $(dotnetx86RootPath) runtimes: [8.x, 9.x] - - template: ../steps/run-all-tests-step.yml@self + - template: /eng/pipelines/common/templates/steps/run-all-tests-step.yml@self parameters: debug: ${{ parameters.debug }} targetFramework: ${{ parameters.targetFramework }} @@ -279,7 +279,7 @@ jobs: operatingSystem: ${{ parameters.operatingSystem }} - ${{ if and(eq(parameters.publishTestResults, true), eq(parameters.buildType, 'Project')) }}: # publish test results if build type is project - - template: ../steps/publish-test-results-step.yml@self + - template: /eng/pipelines/common/templates/steps/publish-test-results-step.yml@self parameters: debug: ${{ parameters.debug }} targetFramework: ${{ parameters.targetFramework }} diff --git a/eng/pipelines/common/templates/jobs/run-tests-package-reference-job.yml b/eng/pipelines/common/templates/jobs/run-tests-package-reference-job.yml deleted file mode 100644 index 136933c1f8..0000000000 --- a/eng/pipelines/common/templates/jobs/run-tests-package-reference-job.yml +++ /dev/null @@ -1,80 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# -parameters: - - name: downloadPackageStep - type: step - default: - script: echo - - - name: packageFolderName - type: string - default: drop_build_build_signed_package - - - name: dependsOn - type: string - default: empty - - - name: isPreview - type: boolean - - # The timeout, in minutes, for this job. - - name: timeout - type: string - default: 90 - -jobs: -- job: run_tests_package_reference - displayName: 'Run tests with package reference' - ${{ if ne(parameters.dependsOn, 'empty')}}: - dependsOn: '${{parameters.dependsOn }}' - - # Some of our tests take longer than the default 60 minutes to run on some - # OSes and configurations. - timeoutInMinutes: ${{ parameters.timeout }} - - pool: - type: windows # read more about custom job pool types at https://aka.ms/obpipelines/yaml/jobs - isCustom: true - name: ADO-1ES-Pool - vmImage: 'ADO-MMS22-SQL19' - - variables: # More settings at https://aka.ms/obpipelines/yaml/jobs - - template: ../../../libraries/mds-validation-variables.yml@self - - steps: - - template: ../steps/pre-build-step.yml - - - ${{parameters.downloadPackageStep }} - - - template: ../steps/update-nuget-config-local-feed-step.yml - parameters: - downloadedNugetPath: $(Pipeline.Workspace)\${{parameters.packageFolderName }} - ${{ if parameters.isPreview }}: - nugetPackageVersion: $(PreviewNugetPackageVersion) - - - template: ../steps/update-config-file-step.yml - parameters: - # We use the Library $(Password) variable as the SA password in this pipeline. - saPassword: $(Password) - TCPConnectionString: $(SQL_TCP_CONN_STRING) - NPConnectionString: $(SQL_NP_CONN_STRING) - SupportsIntegratedSecurity: false - - - template: ../steps/prepare-test-db-step.yml - -# build & test - - template: ../steps/build-and-run-tests-netfx-step.yml - parameters: - referenceType: Package - ${{ if parameters.isPreview }}: - nugetPackageVersion: $(PreviewNugetPackageVersion) - - - template: ../steps/build-and-run-tests-netcore-step.yml - parameters: - referenceType: Package - cleanFirst: true - ${{ if parameters.isPreview }}: - nugetPackageVersion: $(PreviewNugetPackageVersion) diff --git a/eng/pipelines/common/templates/stages/ci-run-tests-stage.yml b/eng/pipelines/common/templates/stages/ci-run-tests-stage.yml index 32e074eb8e..0b15bea851 100644 --- a/eng/pipelines/common/templates/stages/ci-run-tests-stage.yml +++ b/eng/pipelines/common/templates/stages/ci-run-tests-stage.yml @@ -57,7 +57,7 @@ stages: - ${{ each platform in config.value.buildPlatforms }}: - ${{ each testSet in config.value.TestSets }}: - ${{ if contains(targetFramework, 'net4') }}: # .NET Framework - - template: ../jobs/ci-run-tests-job.yml@self + - template: /eng/pipelines/common/templates/jobs/ci-run-tests-job.yml@self parameters: debug: ${{ parameters.debug }} buildType: ${{ parameters.buildType }} @@ -85,7 +85,7 @@ stages: enableX64Test: false - ${{ else }}: # .NET - ${{ each useManagedSNI in config.value.useManagedSNI }}: - - template: ../jobs/ci-run-tests-job.yml@self + - template: /eng/pipelines/common/templates/jobs/ci-run-tests-job.yml@self parameters: debug: ${{ parameters.debug }} buildType: ${{ parameters.buildType }} diff --git a/eng/pipelines/common/templates/steps/build-and-run-tests-netcore-step.yml b/eng/pipelines/common/templates/steps/build-and-run-tests-netcore-step.yml deleted file mode 100644 index c70fe776a7..0000000000 --- a/eng/pipelines/common/templates/steps/build-and-run-tests-netcore-step.yml +++ /dev/null @@ -1,82 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# -parameters: - - name: TargetNetCoreVersion - type: string - default: $(TargetNetCoreVersion) - - - name: configuration - type: string - default: $(Configuration) - - - name: referenceType - default: Project - values: - - Project - - Package - - - name: NugetPackageVersion - type: string - default: $(NugetPackageVersion) - - - name: platform - type: string - default: $(Platform) - - - name: cleanFirst - type: boolean - default: false - - - name: TestTargetOS - type: string - default: Windowsnetcoreapp - values: - - Windowsnetfx - - Windowsnetcoreapp - - Unixnetcoreapp - - - name: retryCountOnManualTests - type: number - default: 2 - -steps: -- ${{ if eq(parameters.cleanFirst, true)}}: - - task: MSBuild@1 - displayName: 'Clean artifacts folder' - inputs: - solution: build.proj - msbuildArguments: '-t:clean' - -- task: MSBuild@1 - displayName: 'Build AKV Provider .NET' - inputs: - solution: build.proj - msbuildArchitecture: x64 - msbuildArguments: '-p:Configuration=${{parameters.configuration }} -t:BuildAKVNetCore -p:ReferenceType=${{parameters.referenceType }} -p:TestMicrosoftDataSqlClientVersion=${{parameters.NugetPackageVersion }}' - -- task: MSBuild@1 - displayName: 'MSBuild Build Tests for ${{parameters.TargetNetCoreVersion }}' - inputs: - solution: build.proj - msbuildArchitecture: x64 - msbuildArguments: '-t:BuildTestsNetCore -p:ReferenceType=${{parameters.referenceType }} -p:TargetNetCoreVersion=${{parameters.TargetNetCoreVersion }} -p:TestMicrosoftDataSqlClientVersion=${{parameters.NugetPackageVersion }} -p:Configuration=${{parameters.configuration }}' - -# Don't run unit tests using package reference. Unit tests are only run using project reference. - -- task: DotNetCoreCLI@2 - displayName: 'Run Functional Tests for ${{parameters.TargetNetCoreVersion }}' - inputs: - command: test - projects: 'src\Microsoft.Data.SqlClient\tests\FunctionalTests\Microsoft.Data.SqlClient.FunctionalTests.csproj' - arguments: '-p:Platform=${{parameters.platform }} -p:TestTargetOS="${{parameters.TestTargetOS }}" -p:TargetNetCoreVersion=${{parameters.TargetNetCoreVersion }} -p:ReferenceType=${{parameters.referenceType }} -p:Configuration=${{parameters.configuration }} -p:TestMicrosoftDataSqlClientVersion=${{parameters.NugetPackageVersion }} --no-build -v n --filter "category!=nonnetcoreapptests&category!=failing&category!=nonwindowstests"' - -- task: DotNetCoreCLI@2 - displayName: 'Run Manual Tests for ${{parameters.TargetNetCoreVersion }}' - inputs: - command: test - projects: 'src\Microsoft.Data.SqlClient\tests\ManualTests\Microsoft.Data.SqlClient.ManualTesting.Tests.csproj' - arguments: '-p:Platform=${{parameters.platform }} -p:TestTargetOS="${{parameters.TestTargetOS }}" -p:TargetNetCoreVersion=${{parameters.TargetNetCoreVersion }} -p:ReferenceType=${{parameters.referenceType }} -p:Configuration=${{parameters.configuration }} -p:TestMicrosoftDataSqlClientVersion=${{parameters.NugetPackageVersion }} --no-build -v n --filter category!=nonnetcoreapptests&category!=failing&category!=nonwindowstests --collect "Code Coverage"' - retryCountOnTaskFailure: ${{parameters.retryCountOnManualTests }} diff --git a/eng/pipelines/common/templates/steps/build-and-run-tests-netfx-step.yml b/eng/pipelines/common/templates/steps/build-and-run-tests-netfx-step.yml deleted file mode 100644 index d7266692dd..0000000000 --- a/eng/pipelines/common/templates/steps/build-and-run-tests-netfx-step.yml +++ /dev/null @@ -1,81 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# -parameters: - - name: TargetNetFxVersion - type: string - default: $(TargetNetFxVersion) - - - name: configuration - type: string - default: $(Configuration) - - - name: referenceType - default: Project - values: - - Project - - Package - - - name: NugetPackageVersion - type: string - default: $(NugetPackageVersion) - - - name: platform - type: string - default: $(Platform) - - - name: cleanFirst - type: boolean - default: false - - - name: TestTargetOS - type: string - default: Windowsnetfx - values: - - Windowsnetfx - - Windowsnetcoreapp - - Unixnetcoreapp - - - name: retryCountOnManualTests - type: number - default: 2 - -steps: -- ${{ if eq(parameters.cleanFirst, true)}}: - - task: MSBuild@1 - displayName: 'Clean artifacts folder' - inputs: - solution: build.proj - msbuildArguments: '-t:clean' - -- task: MSBuild@1 - displayName: 'Build AKV Provider .NET Framework' - inputs: - solution: build.proj - msbuildArchitecture: x64 - msbuildArguments: '-p:Configuration=${{parameters.configuration }} -t:BuildAKVNetFx -p:ReferenceType=${{parameters.referenceType }} -p:TestMicrosoftDataSqlClientVersion=${{parameters.NugetPackageVersion }}' - -- task: MSBuild@1 - displayName: 'MSBuild Build Tests for ${{parameters.TargetNetFxVersion }}' - inputs: - solution: build.proj - msbuildArguments: ' -t:BuildTestsNetFx -p:ReferenceType=${{parameters.referenceType }} -p:TestMicrosoftDataSqlClientVersion=${{parameters.NugetPackageVersion }} -p:TF=${{parameters.TargetNetFxVersion }} -p:Configuration=${{parameters.configuration }} -p:Platform=${{parameters.platform }}' - -# Don't run unit tests using package reference. Unit tests are only run using project reference. - -- task: DotNetCoreCLI@2 - displayName: 'Run Functional Tests for ${{parameters.TargetNetFxVersion }}' - inputs: - command: test - projects: 'src\Microsoft.Data.SqlClient\tests\FunctionalTests\Microsoft.Data.SqlClient.FunctionalTests.csproj' - arguments: '-p:Platform=${{parameters.platform }} -p:TestTargetOS="${{parameters.TestTargetOS }}" -p:TargetNetFxVersion=${{parameters.TargetNetFxVersion }} -p:ReferenceType=${{parameters.referenceType }} -p:Configuration=${{parameters.configuration }} -p:TestMicrosoftDataSqlClientVersion=${{parameters.NugetPackageVersion }} --no-build -v n --filter "category!=nonnetfxtests&category!=failing&category!=nonwindowstests" --collect "Code Coverage"' - -- task: DotNetCoreCLI@2 - displayName: 'Run Manual Tests for ${{parameters.TargetNetFxVersion }}' - inputs: - command: test - projects: 'src\Microsoft.Data.SqlClient\tests\ManualTests\Microsoft.Data.SqlClient.ManualTesting.Tests.csproj' - arguments: '-p:Platform=${{parameters.platform }} -p:TestTargetOS="${{parameters.TestTargetOS }}" -p:TargetNetFxVersion=${{parameters.TargetNetFxVersion }} -p:ReferenceType=${{parameters.referenceType }} -p:Configuration=${{parameters.configuration }} -p:TestMicrosoftDataSqlClientVersion=${{parameters.NugetPackageVersion }} --no-build -v n --filter "category!=nonnetfxtests&category!=failing&category!=nonwindowstests" --collect "Code Coverage"' - retryCountOnTaskFailure: ${{parameters.retryCountOnManualTests }} diff --git a/eng/pipelines/common/templates/steps/ci-prebuild-step.yml b/eng/pipelines/common/templates/steps/ci-prebuild-step.yml index d366d2f9ff..615e2da2c7 100644 --- a/eng/pipelines/common/templates/steps/ci-prebuild-step.yml +++ b/eng/pipelines/common/templates/steps/ci-prebuild-step.yml @@ -34,7 +34,7 @@ steps: patterns: '**/*.nupkg' targetPath: $(Pipeline.Workspace)/${{parameters.artifactName }} - - template: update-nuget-config-local-feed-step.yml@self + - template: /eng/pipelines/common/templates/steps/update-nuget-config-local-feed-step.yml@self parameters: downloadedNugetPath: $(Pipeline.Workspace)\${{parameters.artifactName }} debug: ${{ parameters.debug }} diff --git a/eng/pipelines/common/templates/steps/configure-sql-server-step.yml b/eng/pipelines/common/templates/steps/configure-sql-server-step.yml index 877b73403e..ec63696cb7 100644 --- a/eng/pipelines/common/templates/steps/configure-sql-server-step.yml +++ b/eng/pipelines/common/templates/steps/configure-sql-server-step.yml @@ -72,7 +72,7 @@ parameters: steps: - ${{ if eq(parameters.operatingSystem, 'Windows') }}: # windows only steps - - template: configure-sql-server-win-step.yml@self + - template: /eng/pipelines/common/templates/steps/configure-sql-server-win-step.yml@self parameters: instanceName: ${{parameters.instanceName}} user: ${{parameters.user}} @@ -90,13 +90,13 @@ steps: - ${{ elseif eq(parameters.operatingSystem, 'Linux') }}: # Linux only steps - - template: configure-sql-server-linux-step.yml@self + - template: /eng/pipelines/common/templates/steps/configure-sql-server-linux-step.yml@self parameters: password: ${{parameters.saPassword}} - ${{ elseif eq(parameters.operatingSystem, 'Mac') }}: # macOS only steps - - template: configure-sql-server-macos-step.yml@self + - template: /eng/pipelines/common/templates/steps/configure-sql-server-macos-step.yml@self parameters: password: ${{parameters.saPassword}} diff --git a/eng/pipelines/common/templates/steps/pre-build-step.yml b/eng/pipelines/common/templates/steps/pre-build-step.yml deleted file mode 100644 index 068223af70..0000000000 --- a/eng/pipelines/common/templates/steps/pre-build-step.yml +++ /dev/null @@ -1,25 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# -steps: - # Install the .NET SDK and Runtimes. - - template: /eng/pipelines/steps/install-dotnet.yml@self - parameters: - runtimes: [8.x, 9.x] - - - script: SET - displayName: 'Print Environment Variables' - - - powershell: | - # use sqlcmd to try to connect to localdb - $svc_name = "SQLBrowser" - Get-Service $svc_name | Select-Object -Property Name, StartType, Status - Set-Service -StartupType Automatic $svc_name - net start $svc_name - Get-Service $svc_name | Select-Object -Property Name, StartType, Status - displayName: 'Start SQLBrowser' - - - task: NuGetToolInstaller@1 - displayName: 'Use NuGet' diff --git a/eng/pipelines/common/templates/steps/prepare-test-db-step.yml b/eng/pipelines/common/templates/steps/prepare-test-db-step.yml deleted file mode 100644 index addd2a69b6..0000000000 --- a/eng/pipelines/common/templates/steps/prepare-test-db-step.yml +++ /dev/null @@ -1,27 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# -parameters: - - name: databaseName - type: string - default: $(Database) - - - name: targetFramework - type: string - default: net9.0 - -steps: -- task: DotNetCoreCLI@2 - displayName: 'Build Ext Utilities' - inputs: - command: build - arguments: '-f ${{parameters.targetFramework }}' - workingDirectory: src/Microsoft.Data.SqlClient/tests/tools/Microsoft.Data.SqlClient.ExtUtilities -- task: DotNetCoreCLI@2 - displayName: 'Create Test Database' - inputs: - command: run - arguments: '-f ${{parameters.targetFramework }} -- "CreateDatabase" ${{parameters.databaseName }} ' - workingDirectory: src/Microsoft.Data.SqlClient/tests/tools/Microsoft.Data.SqlClient.ExtUtilities diff --git a/eng/pipelines/dotnet-sqlclient-ci-core.yml b/eng/pipelines/dotnet-sqlclient-ci-core.yml index 0a0839e140..0b61a430a5 100644 --- a/eng/pipelines/dotnet-sqlclient-ci-core.yml +++ b/eng/pipelines/dotnet-sqlclient-ci-core.yml @@ -87,7 +87,7 @@ parameters: default: 90 variables: - - template: libraries/ci-build-variables.yml@self + - template: /eng/pipelines/libraries/ci-build-variables.yml@self - name: artifactName value: Artifacts @@ -102,19 +102,19 @@ stages: - stage: build_nugets displayName: 'Build NuGet Packages' jobs: - - template: common/templates/jobs/ci-build-nugets-job.yml@self + - template: /eng/pipelines/common/templates/jobs/ci-build-nugets-job.yml@self parameters: configuration: ${{ parameters.buildConfiguration }} artifactName: $(artifactName) ${{if ne(parameters.SNIVersion, '')}}: prebuildSteps: - - template: common/templates/steps/override-sni-version.yml@self + - template: /eng/pipelines/common/templates/steps/override-sni-version.yml@self parameters: SNIVersion: ${{parameters.SNIVersion}} SNIValidationFeed: ${{parameters.SNIValidationFeed}} - ${{ if eq(parameters.enableStressTests, true) }}: - - template: stages/stress-tests-ci-stage.yml@self + - template: /eng/pipelines/stages/stress-tests-ci-stage.yml@self parameters: buildConfiguration: ${{ parameters.buildConfiguration }} additionalDependsOn: @@ -124,7 +124,7 @@ stages: ${{ if eq(parameters.debug, 'true') }}: verbosity: 'detailed' - - template: common/templates/stages/ci-run-tests-stage.yml@self + - template: /eng/pipelines/common/templates/stages/ci-run-tests-stage.yml@self parameters: debug: ${{ parameters.debug }} buildType: ${{ parameters.buildType }} @@ -135,18 +135,18 @@ stages: ${{if ne(parameters.SNIVersion, '')}}: prebuildSteps: # steps to run prior to building and running tests on each job - - template: common/templates/steps/override-sni-version.yml@self + - template: /eng/pipelines/common/templates/steps/override-sni-version.yml@self parameters: SNIVersion: ${{parameters.SNIVersion}} SNIValidationFeed: ${{parameters.SNIValidationFeed}} - - template: common/templates/steps/ci-prebuild-step.yml@self + - template: /eng/pipelines/common/templates/steps/ci-prebuild-step.yml@self parameters: debug: ${{ parameters.debug }} artifactName: $(artifactName) buildType: ${{ parameters.buildType }} ${{else}}: prebuildSteps: # steps to run prior to building and running tests on each job - - template: common/templates/steps/ci-prebuild-step.yml@self + - template: /eng/pipelines/common/templates/steps/ci-prebuild-step.yml@self parameters: debug: ${{ parameters.debug }} artifactName: $(artifactName) @@ -154,7 +154,7 @@ stages: ${{ if eq(parameters.buildType, 'Project') }}: # only run the code coverage job if the build type is project postTestJobs: # jobs to run after the tests are done - - template: common/templates/jobs/ci-code-coverage-job.yml@self + - template: /eng/pipelines/common/templates/jobs/ci-code-coverage-job.yml@self parameters: debug: ${{ parameters.debug }} image: ADO-MMS22-CodeCov diff --git a/eng/pipelines/dotnet-sqlclient-ci-package-reference-pipeline.yml b/eng/pipelines/dotnet-sqlclient-ci-package-reference-pipeline.yml index 953a123487..d77d71e04d 100644 --- a/eng/pipelines/dotnet-sqlclient-ci-package-reference-pipeline.yml +++ b/eng/pipelines/dotnet-sqlclient-ci-package-reference-pipeline.yml @@ -14,19 +14,21 @@ name: $(DayOfYear)$(Rev:rr) pr: branches: include: - - release/6.1 + - release/6.1 paths: include: - - .azuredevops - - .config - - doc - - eng - - src - - tools - - azurepipelines-coverage.yml - - build.proj - - NuGet.config + - .azuredevops + - .config + - doc + - eng + - src + - tools + - azurepipelines-coverage.yml + - build.proj + - NuGet.config + exclude: + - eng/pipelines/onebranch/* # Commit triggers for CI runs on specified branches. # @@ -37,8 +39,8 @@ trigger: batch: true branches: include: - - release/6.1 - - internal/release/6.1 + - release/6.1 + - internal/release/6.1 # Scheduled runs. schedules: @@ -48,7 +50,7 @@ schedules: displayName: Sunday Run branches: include: - - release/6.1 + - release/6.1 always: true # ADO on Sundays 05:30 UTC. @@ -56,7 +58,7 @@ schedules: displayName: Sunday Run branches: include: - - internal/release/6.1 + - internal/release/6.1 always: true parameters: # parameters are shown up in ADO UI in a build queue time @@ -123,7 +125,7 @@ parameters: # parameters are shown up in ADO UI in a build queue time default: 90 extends: - template: dotnet-sqlclient-ci-core.yml@self + template: /eng/pipelines/dotnet-sqlclient-ci-core.yml@self parameters: debug: ${{ parameters.debug }} targetFrameworks: ${{ parameters.targetFrameworks }} diff --git a/eng/pipelines/dotnet-sqlclient-ci-project-reference-pipeline.yml b/eng/pipelines/dotnet-sqlclient-ci-project-reference-pipeline.yml index 628295dca9..cdb558d709 100644 --- a/eng/pipelines/dotnet-sqlclient-ci-project-reference-pipeline.yml +++ b/eng/pipelines/dotnet-sqlclient-ci-project-reference-pipeline.yml @@ -14,19 +14,21 @@ name: $(DayOfYear)$(Rev:rr) pr: branches: include: - - release/6.1 + - release/6.1 paths: include: - - .azuredevops - - .config - - doc - - eng - - src - - tools - - azurepipelines-coverage.yml - - build.proj - - NuGet.config + - .azuredevops + - .config + - doc + - eng + - src + - tools + - azurepipelines-coverage.yml + - build.proj + - NuGet.config + exclude: + - eng/pipelines/onebranch/* # Commit triggers for CI runs on specified branches. # @@ -37,8 +39,8 @@ trigger: batch: true branches: include: - - release/6.1 - - internal/release/6.1 + - release/6.1 + - internal/release/6.1 # Scheduled runs. schedules: @@ -48,7 +50,7 @@ schedules: displayName: Sunday Run branches: include: - - release/6.1 + - release/6.1 always: true # ADO on Sundays 05:00 UTC. @@ -56,7 +58,7 @@ schedules: displayName: Sunday Run branches: include: - - internal/release/6.1 + - internal/release/6.1 always: true parameters: # parameters are shown up in ADO UI in a build queue time @@ -123,7 +125,7 @@ parameters: # parameters are shown up in ADO UI in a build queue time default: 90 extends: - template: dotnet-sqlclient-ci-core.yml@self + template: /eng/pipelines/dotnet-sqlclient-ci-core.yml@self parameters: debug: ${{ parameters.debug }} targetFrameworks: ${{ parameters.targetFrameworks }} diff --git a/eng/pipelines/dotnet-sqlclient-signing-pipeline.yml b/eng/pipelines/dotnet-sqlclient-signing-pipeline.yml deleted file mode 100644 index cabb39e11f..0000000000 --- a/eng/pipelines/dotnet-sqlclient-signing-pipeline.yml +++ /dev/null @@ -1,169 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -name: $(Year:YY)$(DayOfYear)$(Rev:.r) -trigger: - branches: - include: - - internal/release/6.1 - paths: - include: - - src - - eng - - tools - - .config - - build.proj - - Nuget.config - - '*.cmd' - - '*.sh' - -schedules: -- cron: '0 5 * * Mon' - displayName: Weekly Sunday 10:00 PM (UTC - 7) Build - branches: - include: - - internal/release/6.1 - always: true - -parameters: # parameters are shown up in ADO UI in a build queue time -- name: 'debug' - displayName: 'Enable debug output' - type: boolean - default: true - -- name: publishSymbols - displayName: 'Publish symbols' - type: boolean - default: false - -- name: CurrentNetFxVersion - displayName: 'Lowest supported .NET Framework version (MDS validation)' - type: string - default: 'net462' - -- name: oneBranchType - displayName: 'Select OneBranch template' - default: Official - values: - - NonOfficial - - Official - -- name: isPreview - displayName: 'Is this a preview build?' - type: boolean - default: false - -# The timeout, in minutes, for each test job. -- name: testsTimeout - displayName: 'Tests timeout (in minutes)' - type: string - default: 90 - -variables: - - template: /eng/pipelines/libraries/variables.yml@self - - name: packageFolderName - value: drop_buildMDS_build_signed_package - - name: PublishSymbols - value: ${{ parameters['publishSymbols'] }} - - name: CurrentNetFxVersion - value: ${{ parameters['CurrentNetFxVersion'] }} - -resources: - repositories: - - repository: templates - type: git - name: OneBranch.Pipelines/GovernedTemplates - ref: refs/heads/main - -extends: - template: v2/OneBranch.${{parameters.oneBranchType }}.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates - parameters: - featureFlags: - # Suggested by MerlinBot (https://sqlclientdrivers.visualstudio.com/ADO.Net/_git/dotnet-sqlclient/pullrequest/4882) - EnableCDPxPAT: false - WindowsHostVersion: 1ESWindows2022 - globalSdl: # https://aka.ms/obpipelines/sdl - tsa: - # The OneBranch template will set 'break' to false for the other SDL - # tools when TSA is enabled. This allows TSA to gather the results - # and publish them for downstream analysis. - enabled: true - apiscan: - enabled: true - # For non-official builds, the OneBranch template seems to set APIScan's - # 'break' to true even when TSA is enabled. We don't want APIScan to - # break non-official builds, so we explicitly set 'break' to false here. - ${{ if ne(parameters.oneBranchType, 'Official') }}: - break: false - softwareFolder: $(softwareFolder) - symbolsFolder: $(symbolsFolder) - softwarename: Microsoft.Data.SqlClient - versionNumber: $(AssemblyFileVersion) - codeql: - compiled: - enabled: ${{ not(parameters['isPreview']) }} - sbom: - enabled: ${{ not(parameters['isPreview']) }} - packageName: Microsoft.Data.SqlClient - packageVersion: $(NugetPackageVersion) - policheck: - enabled: ${{ not(parameters['isPreview']) }} - break: true # always break the build on policheck issues. You can disable it by setting to 'false' - exclusionsFile: $(REPOROOT)\.config\PolicheckExclusions.xml - asyncSdl: - enabled: false - credscan: - enabled: ${{ not(parameters['isPreview']) }} - suppressionsFile: $(REPOROOT)/.config/CredScanSuppressions.json - binskim: - enabled: ${{ not(parameters['isPreview']) }} - armory: - enabled: ${{ not(parameters['isPreview']) }} - break: true - eslint: # TypeScript and JavaScript - enabled: false - roslyn: - enabled: ${{ not(parameters['isPreview']) }} - break: true - publishLogs: - enabled: ${{ not(parameters['isPreview']) }} - tsaOptionsPath: $(REPOROOT)\.config\tsaoptions.json - disableLegacyManifest: true - stages: - - stage: buildMDS - displayName: 'Build MDS' - jobs: - - template: eng/pipelines/common/templates/jobs/build-signed-package-job.yml@self - parameters: - symbolsFolder: $(symbolsFolder) - softwareFolder: $(softwareFolder) - publishSymbols: ${{ parameters['publishSymbols'] }} - isPreview: ${{ parameters['isPreview'] }} - - - stage: mds_package_validation - displayName: 'MDS Package Validation' - dependsOn: buildMDS - jobs: - - template: eng/pipelines/common/templates/jobs/validate-signed-package-job.yml@self - parameters: - packageFolderName: $(packageFolderName) - isPreview: ${{ parameters['isPreview'] }} - downloadPackageStep: - download: current - artifact: $(packageFolderName) - patterns: '**/*.*nupkg' - displayName: 'Download NuGet Package' - - - template: eng/pipelines/common/templates/jobs/run-tests-package-reference-job.yml@self - parameters: - packageFolderName: $(packageFolderName) - isPreview: ${{ parameters['isPreview'] }} - timeout: ${{ parameters.testsTimeout }} - downloadPackageStep: - download: current - artifact: $(packageFolderName) - patterns: '**/*.nupkg' - displayName: 'Download NuGet Package' diff --git a/eng/pipelines/libraries/common-variables.yml b/eng/pipelines/libraries/common-variables.yml deleted file mode 100644 index 736a5fe79e..0000000000 --- a/eng/pipelines/libraries/common-variables.yml +++ /dev/null @@ -1,53 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -variables: - - group: ESRP Federated Creds (AME) - # ESRPConnectedServiceName - # ESRPClientId - # AppRegistrationClientId - # AppRegistrationTenantId - # AuthAKVName - # AuthSignCertName - - - name: Configuration - value: Release - - name: CommitHead - value: '' # the value will be extracted from the repo's head - - name: REPOROOT - value: $(Build.SourcesDirectory) - - name: softwareFolder - value: $(REPOROOT)/software - - name: symbolsFolder - value: $(REPOROOT)/symbols - - name: artifactDirectory - value: '$(REPOROOT)/packages' - - # Update this after every release. This is used to generate the MDS NuGet package version. - - name: Major - value: '6' - - name: Minor - value: '1' - - name: Patch - value: '5' - - - name: NugetPackageVersion - value: $(Major).$(Minor).$(Patch) - - # Since we're on the release/6.1 branch, there will never be another legitimate preview release. - # However, we routinely want to run preview builds to test other changes, so we continue to - # maintain this variable such that these testing preview builds receive newer version numbers - # than previous builds. - - name: PreviewNugetPackageVersion - value: 6.1.6-preview1 - - # GOTCHA: We're intentionally omitting the '.' between Minor and Patch because the BuildNumber - # already contains a '.' and assembly file versions must only contain a maximum of three '.' - # characters. - - name: AssemblyFileVersion - value: '$(Major).$(Minor)$(Patch).$(Build.BuildNumber)' - - name: nuspecPath - value: '$(REPOROOT)/tools/specs/Microsoft.Data.SqlClient.nuspec' diff --git a/eng/pipelines/jobs/build-akv-official-job.yml b/eng/pipelines/onebranch/jobs/build-akv-official-job.yml similarity index 71% rename from eng/pipelines/jobs/build-akv-official-job.yml rename to eng/pipelines/onebranch/jobs/build-akv-official-job.yml index af8f546eff..53f1e94643 100644 --- a/eng/pipelines/jobs/build-akv-official-job.yml +++ b/eng/pipelines/onebranch/jobs/build-akv-official-job.yml @@ -16,6 +16,7 @@ parameters: - name: buildConfiguration type: string + default: Release - name: nugetPackageVersion type: string @@ -26,38 +27,53 @@ parameters: - name: publishSymbols type: boolean + - name: isOfficialBuild + type: boolean + default: false + - name: signingAppRegistrationClientId type: string + default: $(SigningAppRegistrationClientId) - name: signingAppRegistrationTenantId type: string + default: $(SigningAppRegistrationTenantId) - name: signingAuthAkvName type: string + default: $(SigningAuthAkvName) - name: signingAuthSignCertName type: string + default: $(SigningAuthSignCertName) - name: signingEsrpClientId type: string + default: $(SigningEsrpClientId) - name: signingEsrpConnectedServiceName type: string + default: $(SigningEsrpConnectedServiceName) - name: symbolsAzureSubscription type: string + default: $(SymbolsAzureSubscription) - name: symbolsPublishProjectName type: string + default: $(SymbolsPublishProjectNameSqlClient) - name: symbolsPublishServer type: string + default: $(SymbolsPublishServerPpe) - name: symbolsPublishTokenUri type: string + default: $(SymbolsPublishTokenUriPpe) - name: symbolsUploadAccount type: string + default: $(SymbolsUploadAccount) # @TODO: This should be determined from build output, or at a higher level - # Note: not intended to be passed in, is only used for copying files for ApiScan. @@ -79,22 +95,21 @@ jobs: ob_outputDirectory: '$(ARTIFACT_PATH)' steps: - - template: ../steps/script-output-environment-variables-step.yml@self + - template: /eng/pipelines/onebranch/steps/script-output-environment-variables-step.yml@self - powershell: | $jsonParams = '${{ convertToJson(parameters) }}' -replace '\\', '\\' $jsonParams | ConvertFrom-Json | Format-List displayName: 'Output Job Parameters' - - template: ../steps/compound-build-akv-step.yml@self + - template: /eng/pipelines/onebranch/steps/compound-build-akv-step.yml@self parameters: assemblyFileVersion: '${{ parameters.assemblyFileVersion }}' buildConfiguration: '${{ parameters.buildConfiguration }}' mdsPackageVersion: '${{ parameters.mdsPackageVersion }}' - signingKeyPath: '$(Agent.TempDirectory)/netfxKeypair.snk' - ${{ each targetFramework in parameters.targetFrameworks }}: - - template: ../steps/compound-extract-akv-apiscan-files-step.yml + - template: /eng/pipelines/onebranch/steps/compound-extract-akv-apiscan-files-step.yml parameters: buildConfiguration: '${{ parameters.buildConfiguration }}' dllPath: '${{ parameters.apiScanDllPath }}' @@ -102,43 +117,33 @@ jobs: referenceType: Package targetFramework: '${{ targetFramework }}' - - template: ../steps/roslyn-analyzers-akv-step.yml@self + - template: /eng/pipelines/onebranch/steps/roslyn-analyzers-akv-step.yml@self parameters: buildConfiguration: '${{ parameters.buildConfiguration }}' mdsPackageVersion: '${{ parameters.mdsPackageVersion }}' signingKeyPath: '$(Agent.TempDirectory)/netfxKeypair.snk' - - template: ../steps/compound-esrp-code-signing-step.yml@self - parameters: - appRegistrationClientId: '${{ parameters.signingAppRegistrationClientId }}' - appRegistrationTenantId: '${{ parameters.signingAppRegistrationTenantId }}' - artifactType: 'dll' - authAkvName: '${{ parameters.signingAuthAkvName }}' - authSignCertName: '${{ parameters.signingAuthSignCertName }}' - esrpClientId: '${{ parameters.signingEsrpClientId }}' - esrpConnectedServiceName: '${{ parameters.signingEsrpConnectedServiceName }}' - - - template: ../steps/compound-nuget-pack-step.yml@self + - ${{ if eq(parameters.isOfficialBuild, true) }}: + - template: /eng/pipelines/onebranch/steps/esrp-code-signing-step.yml@self + parameters: + artifactType: 'dll' + + - template: /eng/pipelines/onebranch/steps/compound-nuget-pack-step.yml@self parameters: buildConfiguration: '${{ parameters.buildConfiguration }}' generateSymbolsPackage: true # Always generate symbols, even if they are not published packageVersion: '${{ parameters.nugetPackageVersion }}' - nuspecPath: '$(REPO_ROOT)/tools/specs/add-ons/$(PACKAGE_NAME).nuspec' + nuspecPath: '$(REPOROOT)/tools/specs/add-ons/$(PACKAGE_NAME).nuspec' outputDirectory: '$(ARTIFACT_PATH)' referenceType: 'Package' - - template: ../steps/compound-esrp-code-signing-step.yml@self - parameters: - appRegistrationClientId: '${{ parameters.signingAppRegistrationClientId }}' - appRegistrationTenantId: '${{ parameters.signingAppRegistrationTenantId }}' - artifactType: 'pkg' - authAkvName: '${{ parameters.signingAuthAkvName }}' - authSignCertName: '${{ parameters.signingAuthSignCertName }}' - esrpClientId: '${{ parameters.signingEsrpClientId }}' - esrpConnectedServiceName: '${{ parameters.signingEsrpConnectedServiceName }}' + - ${{ if eq(parameters.isOfficialBuild, true) }}: + - template: /eng/pipelines/onebranch/steps/esrp-code-signing-step.yml@self + parameters: + artifactType: pkg - ${{ if parameters.publishSymbols }}: - - template: ../steps/compound-publish-symbols-step.yml@self + - template: /eng/pipelines/onebranch/steps/compound-publish-symbols-step.yml@self parameters: artifactName: 'akv_symbols_$(System.TeamProject)_$(Build.Repository.Name)_$(Build.SourceBranchName)_${{ parameters.nugetPackageVersion }}_$(System.TimelineId)' azureSubscription: '${{ parameters.symbolsAzureSubscription }}' diff --git a/eng/pipelines/common/templates/jobs/build-signed-package-job.yml b/eng/pipelines/onebranch/jobs/build-signed-package-job.yml similarity index 50% rename from eng/pipelines/common/templates/jobs/build-signed-package-job.yml rename to eng/pipelines/onebranch/jobs/build-signed-package-job.yml index 91eb864337..4d337f9f68 100644 --- a/eng/pipelines/common/templates/jobs/build-signed-package-job.yml +++ b/eng/pipelines/onebranch/jobs/build-signed-package-job.yml @@ -15,9 +15,21 @@ parameters: - name: publishSymbols type: boolean + - name: symbolServer + type: string + default: '$(SymbolsPublishServerProd)' + + - name: symbolTokenUri + type: string + default: '$(SymbolsPublishTokenUriProd)' + - name: isPreview type: boolean + - name: isOfficialBuild + type: boolean + default: false + jobs: - job: build_signed_package displayName: 'Build Signed MDS Package' @@ -25,7 +37,7 @@ jobs: type: windows # read more about custom job pool types at https://aka.ms/obpipelines/yaml/jobs variables: - - template: ../../../libraries/variables.yml@self + - template: /eng/pipelines/onebranch/variables/variables.yml@self - ${{ if parameters.isPreview }}: - name: NugetPackageVersion value: $(PreviewNugetPackageVersion) @@ -38,30 +50,36 @@ jobs: Write-Host "##vso[task.setvariable variable=CDP_BUILD_TYPE_COPY;isOutput=true]$($env:CDP_BUILD_TYPE)" name: GetBuildType - - template: ../steps/build-all-configurations-signed-dlls-step.yml@self + - template: /eng/pipelines/onebranch/steps/build-all-configurations-signed-dlls-step.yml@self - - template: ../steps/code-analyze-step.yml@self + - template: /eng/pipelines/onebranch/steps/code-analyze-step.yml@self parameters: analyzeType: all - - template: ../steps/esrp-code-signing-step.yml@self - parameters: - artifactType: dll + - ${{ if eq(parameters['isOfficialBuild'], true) }}: + - template: /eng/pipelines/onebranch/steps/esrp-code-signing-step.yml@self + parameters: + artifactType: dll - - template: ../steps/generate-nuget-package-step.yml@self + - template: /eng/pipelines/common/templates/steps/generate-nuget-package-step.yml@self parameters: OutputDirectory: $(artifactDirectory) - - template: ../steps/esrp-code-signing-step.yml@self - parameters: - artifactType: pkg + - ${{ if eq(parameters['isOfficialBuild'], true) }}: + - template: /eng/pipelines/onebranch/steps/esrp-code-signing-step.yml@self + parameters: + artifactType: pkg - - template: ../steps/copy-dlls-for-test-step.yml@self + - template: /eng/pipelines/onebranch/steps/copy-dlls-for-test-step.yml@self parameters: product: MDS + symbolsFolder: ${{ parameters['symbolsFolder'] }} + softwareFolder: ${{ parameters['softwareFolder'] }} # Publish symbols to servers - - template: ../steps/publish-symbols-step.yml@self + - template: /eng/pipelines/onebranch/steps/publish-symbols-step.yml@self parameters: - publishSymbols: ${{ parameters['PublishSymbols'] }} - symbolsArtifactName: mds_symbols_$(System.TeamProject)_$(Build.Repository.Name)_$(Build.SourceBranchName)_$(NuGetPackageVersion)_$(System.TimelineId) + publishSymbols: ${{ parameters['publishSymbols'] }} + symbolServer: ${{ parameters['symbolServer'] }} + symbolTokenUri: ${{ parameters['symbolTokenUri'] }} + symbolsArtifactName: mds_symbols_$(System.TeamProject)_$(Build.Repository.Name)_$(Build.SourceBranchName)_$(NugetPackageVersion)_$(System.TimelineId) diff --git a/eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml b/eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml new file mode 100644 index 0000000000..554ffa927b --- /dev/null +++ b/eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml @@ -0,0 +1,103 @@ +################################################################################# +# Licensed to the .NET Foundation under one or more agreements. # +# The .NET Foundation licenses this file to you under the MIT license. # +# See the LICENSE file in the project root for more information. # +################################################################################# + +# Reusable job template for publishing a signed NuGet package to a NuGet feed. +# Downloads the pipeline artifact produced by a build job and pushes .nupkg +# and .snupkg files using NuGetCommand@2. +# +# Uses a deployment job with ADO environment for approval gates. +# +# OneBranch Requirements: +# - All deployment jobs must use releaseJob syntax per 1ES Pipeline Templates v2. +# - Must declare inputs via templateContext since deploy lifecycle doesn't +# auto-download. +# - See: +# https://eng.ms/docs/products/onebranch/build/releasepipelines/releaseworkflows/deploymentjob + +parameters: + # The NuGet package name, used to form the default packagePath and for display + # strings. + - name: packageName + type: string + + # The pipeline artifact name to download (OneBranch naming: drop__). + - name: artifactName + type: string + + # NuGet service connection name for authentication. + - name: nugetServiceConnection + type: string + + # Indicates whether this is a production release (enables additional 1ES PT + # checks). + - name: isProduction + type: boolean + default: false + + # The path to the NuGet package to publish, relative to the root of the + # downloaded pipeline artifact. + # + # Defaults to '${{ parameters.packageName }}.*.nupkg' to match any version + # of the package. + - name: packagePath + type: string + default: '' + + # When true, lists the package that would be published without actually pushing. + - name: isDryRun + type: boolean + default: false + +# Read more: https://eng.ms/docs/products/onebranch/release/yamlreleasepipelines/pipelinebasics#what-is-a-onebranch-release-yaml-pipeline +jobs: + - job: publish_${{ replace(parameters.packageName, '.', '_') }} + displayName: Publish ${{ parameters.packageName }} + + variables: + - name: ob_outputDirectory + value: $(Build.SourcesDirectory)/output + + - name: artifactPath + value: $(Pipeline.Workspace)/${{ parameters.artifactName }} + + - name: packageToPush + value: $(artifactPath)/${{ coalesce(parameters.packagePath, format('{0}.*.nupkg', parameters.packageName)) }} + + # Template context inputs are used to pass parameters to the deployment job + # since it doesn't automatically download pipeline artifacts. + templateContext: + type: releaseJob + isProduction: ${{ parameters.isProduction }} + inputs: + - input: pipelineArtifact + artifactName: ${{ parameters.artifactName }} + targetPath: $(artifactPath) + + pool: + type: release + + steps: + + # Artifacts are downloaded via templateContext.inputs per OneBranch + # requirements. + + - ${{ if eq(parameters.isDryRun, true) }}: + - pwsh: | + Write-Host "##[section]DRY RUN — The following packages would be published:" + + Get-ChildItem -Path "$(packageToPush)" -ErrorAction SilentlyContinue + + Write-Host "##[warning]DRY RUN — No packages were pushed." + displayName: Dry Run — List ${{ parameters.packageName }} packages + + - ${{ else }}: + - task: NuGetCommand@2 + displayName: Push ${{ parameters.packageName }} to NuGet + inputs: + command: push + packagesToPush: $(packageToPush) + nuGetFeedType: external + publishFeedCredentials: ${{ parameters.nugetServiceConnection }} diff --git a/eng/pipelines/common/templates/jobs/validate-signed-package-job.yml b/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml similarity index 88% rename from eng/pipelines/common/templates/jobs/validate-signed-package-job.yml rename to eng/pipelines/onebranch/jobs/validate-signed-package-job.yml index 009e6f2647..e01588b235 100644 --- a/eng/pipelines/common/templates/jobs/validate-signed-package-job.yml +++ b/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml @@ -36,6 +36,10 @@ parameters: - name: isPreview type: boolean + - name: isOfficialBuild + type: boolean + default: false + jobs: - job: validate_signed_package displayName: 'Verify signed package' @@ -48,7 +52,7 @@ jobs: vmImage: 'ADO-MMS22-SQL19' variables: # More settings at https://aka.ms/obpipelines/yaml/jobs - - template: ../../../libraries/mds-validation-variables.yml@self + - template: /eng/pipelines/onebranch/variables/mds-validation-variables.yml@self - name: pathToDownloadedNuget # path to the downloaded nuget files value: $(Pipeline.Workspace)\${{parameters.packageFolderName }} @@ -105,23 +109,24 @@ jobs: Write-Host "--------------------------------------------------" displayName: 'Extract Nuget in temp folder' - - powershell: | - # Artifact is stored in the Nuget folder - $packageType = '${{parameters.packageType}}' + - ${{ if eq(parameters.isOfficialBuild, true) }}: + - powershell: | + # Artifact is stored in the Nuget folder + $packageType = '${{parameters.packageType}}' - Write-Host "--------------------------------------------------" - Write-Host "This will verify the artifact signature" -ForegroundColor Green - Write-Host "--------------------------------------------------" - - if ($packageType -eq 'dll' -or $packageType -eq 'both') - { - nuget verify -All $(pathToDownloadedNuget)\*.nupkg - } - if ($packageType -eq 'pdb' -or $packageType -eq 'both') - { - nuget verify -All $(pathToDownloadedNuget)\*.snupkg - } - displayName: 'Verify nuget signature' + Write-Host "--------------------------------------------------" + Write-Host "This will verify the artifact signature" -ForegroundColor Green + Write-Host "--------------------------------------------------" + + if ($packageType -eq 'dll' -or $packageType -eq 'both') + { + nuget verify -All $(pathToDownloadedNuget)\*.nupkg + } + if ($packageType -eq 'pdb' -or $packageType -eq 'both') + { + nuget verify -All $(pathToDownloadedNuget)\*.snupkg + } + displayName: 'Verify nuget signature' - powershell: | $buildType = [string]"$(BuildType)" @@ -263,24 +268,25 @@ jobs: } } displayName: 'Verify all DLLs unzipped match "expected" hierarchy' - - powershell: | - # Verify all dlls status are Valid - - $dlls = Get-ChildItem -Path $(extractedNugetPath) -Recurse -Include *.dll - foreach ($status in $dlls | Get-AuthenticodeSignature) - { - if ($status.Status -eq "Valid") - { - Write-Host $status.Status $status.Path - } - else - { - Write-Host "dll status of '$status.Path' is not valid!" -ForegroundColor Red - $status - Exit -1 - } - } - displayName: 'Verify all dlls status are Valid' + - ${{ if eq(parameters.isOfficialBuild, true) }}: + - powershell: | + # Verify all dlls are signed + + $dlls = Get-ChildItem -Path $(extractedNugetPath) -Recurse -Include *.dll + foreach ($status in $dlls | Get-AuthenticodeSignature) + { + if ($status.Status -eq "Valid") + { + Write-Host $status.Status $status.Path + } + else + { + Write-Host "dll status of '$status.Path' is not valid!" -ForegroundColor Red + $status + Exit -1 + } + } + displayName: 'Verify all dlls are signed and signatures are valid' - powershell: | # This will check for ProductVersion and FileVersion. diff --git a/eng/pipelines/onebranch/sqlclient-non-official.yml b/eng/pipelines/onebranch/sqlclient-non-official.yml new file mode 100644 index 0000000000..45e2858be7 --- /dev/null +++ b/eng/pipelines/onebranch/sqlclient-non-official.yml @@ -0,0 +1,266 @@ +################################################################################# +# Licensed to the .NET Foundation under one or more agreements. # +# The .NET Foundation licenses this file to you under the MIT license. # +# See the LICENSE file in the project root for more information. # +################################################################################# + +name: $(Year:YY)$(DayOfYear)$(Rev:.r) + +trigger: none +pr: none + +schedules: +- cron: '0 4 * * Mon' + displayName: Weekly Sunday 09:00 PM (UTC - 7) Build + branches: + include: + - internal/release/6.1 + always: true + +parameters: # parameters are shown up in ADO UI in a build queue time +- name: 'debug' + displayName: 'Enable debug output' + type: boolean + default: true + +- name: publishSymbols + displayName: 'Publish symbols' + type: boolean + default: false + +- name: CurrentNetFxVersion + displayName: 'Lowest supported .NET Framework version (MDS validation)' + type: string + default: 'net462' + +- name: isPreview + displayName: 'Is this a preview build?' + type: boolean + default: false + +# The timeout, in minutes, for each test job. +- name: testsTimeout + displayName: 'Tests timeout (in minutes)' + type: string + default: 90 + +# Build the AKV Provider package. +- name: buildAKVProvider + displayName: 'Build Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider' + type: boolean + default: true + +# Release Dry Run (do not push to NuGet) +- name: releaseDryRun + displayName: 'Release Dry Run (do not push to NuGet)' + type: boolean + default: true + +# Release the Microsoft.Data.SqlClient package. +- name: releaseSqlClient + displayName: 'Release Microsoft.Data.SqlClient' + type: boolean + default: false + +# Release the AKV Provider package. +- name: releaseAKVProvider + displayName: 'Release Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider' + type: boolean + default: false + +variables: + - template: /eng/pipelines/onebranch/variables/variables.yml@self + - name: packageFolderName + value: drop_buildMDS_build_signed_package + - name: PublishSymbols + value: ${{ parameters['publishSymbols'] }} + - name: CurrentNetFxVersion + value: ${{ parameters['CurrentNetFxVersion'] }} + # The effective NuGet package version used by the release stage. + - ${{ if parameters.isPreview }}: + - name: effectiveMDSPackageVersion + value: $(PreviewNugetPackageVersion) + - name: effectiveAkvPackageVersion + value: $(akvPreviewPackageVersion) + - ${{ else }}: + - name: effectiveMDSPackageVersion + value: $(NugetPackageVersion) + - name: effectiveAkvPackageVersion + value: $(akvPackageVersion) + +resources: + repositories: + - repository: templates + type: git + name: OneBranch.Pipelines/GovernedTemplates + ref: refs/heads/main + +extends: + template: v2/OneBranch.NonOfficial.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates + parameters: + release: + # This indicates the pipeline category to deploy Box products. See: + # https://eng.ms/docs/products/onebranch/release/yamlreleasepipelines/deployboxproducts + category: NonAzure + featureFlags: + # Suggested by MerlinBot (https://sqlclientdrivers.visualstudio.com/ADO.Net/_git/dotnet-sqlclient/pullrequest/4882) + EnableCDPxPAT: false + WindowsHostVersion: 1ESWindows2022 + globalSdl: # https://aka.ms/obpipelines/sdl + tsa: + # The OneBranch template will set 'break' to false for the other SDL + # tools when TSA is enabled. This allows TSA to gather the results + # and publish them for downstream analysis. + enabled: false + apiscan: + enabled: true + break: false + softwareFolder: $(softwareFolder) + symbolsFolder: $(symbolsFolder) + softwarename: Microsoft.Data.SqlClient + versionNumber: $(AssemblyFileVersion) + codeql: + compiled: + enabled: ${{ not(parameters['isPreview']) }} + sbom: + enabled: ${{ not(parameters['isPreview']) }} + packageName: Microsoft.Data.SqlClient + packageVersion: $(NugetPackageVersion) + policheck: + enabled: ${{ not(parameters['isPreview']) }} + break: true # always break the build on policheck issues. You can disable it by setting to 'false' + exclusionsFile: $(REPOROOT)\.config\PolicheckExclusions.xml + asyncSdl: + enabled: false + credscan: + enabled: ${{ not(parameters['isPreview']) }} + suppressionsFile: $(REPOROOT)/.config/CredScanSuppressions.json + binskim: + enabled: ${{ not(parameters['isPreview']) }} + armory: + enabled: ${{ not(parameters['isPreview']) }} + break: true + eslint: # TypeScript and JavaScript + enabled: false + roslyn: + enabled: ${{ not(parameters['isPreview']) }} + break: true + publishLogs: + enabled: ${{ not(parameters['isPreview']) }} + tsaOptionsPath: $(REPOROOT)\.config\tsaoptions.json + disableLegacyManifest: true + stages: + - stage: buildMDS + displayName: 'Build MDS' + jobs: + - template: /eng/pipelines/onebranch/jobs/build-signed-package-job.yml@self + parameters: + symbolsFolder: $(symbolsFolder) + softwareFolder: $(softwareFolder) + publishSymbols: ${{ parameters['publishSymbols'] }} + symbolServer: $(SymbolsPublishServerPpe) + symbolTokenUri: $(SymbolsPublishTokenUriPpe) + isPreview: ${{ parameters['isPreview'] }} + isOfficialBuild: false + + - stage: mds_package_validation + displayName: 'MDS Package Validation' + dependsOn: buildMDS + jobs: + - template: /eng/pipelines/onebranch/jobs/validate-signed-package-job.yml@self + parameters: + packageFolderName: $(packageFolderName) + isPreview: ${{ parameters['isPreview'] }} + isOfficialBuild: false + downloadPackageStep: + download: current + artifact: $(packageFolderName) + patterns: '**/*.*nupkg' + displayName: 'Download NuGet Package' + + # ================================================================== + # Build Add-on Packages (AKV Provider) + # Depends on MDS build completing first. + # ================================================================== + - ${{ if eq(parameters.buildAKVProvider, true) }}: + - stage: build_addons + displayName: 'Build Add-on Packages' + dependsOn: buildMDS + + variables: + - name: PACKAGE_NAME + value: 'Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider' + + jobs: + - template: /eng/pipelines/onebranch/jobs/build-akv-official-job.yml@self + parameters: + apiScanDllPath: $(apiScanDllPath) + apiScanPdbPath: $(apiScanPdbPath) + assemblyFileVersion: $(akvAssemblyFileVersion) + nugetPackageVersion: $(effectiveAkvPackageVersion) + mdsPackageVersion: $(akvMdsPackageVersion) + publishSymbols: ${{ parameters['publishSymbols'] }} + isOfficialBuild: false + + # ================================================================== + # Release Stage — on-demand publish to NuGet.org + # + # Compile-time conditional: stage is removed entirely when no + # release parameters are selected, avoiding OneBranch validation + # errors for empty stages. + # + # Official pipeline → Production environment, approval gate, + # dryRun controlled by releaseDryRun parameter. + # Non-official → Test environment, dryRun always enforced. + # ================================================================== + - ${{ if eq(parameters.releaseSqlClient, true) }}: + - stage: release_sqlclient + ${{ if eq(parameters.releaseDryRun, true) }}: + displayName: 'Release Microsoft.Data.SqlClient (Dry Run)' + ${{ else }}: + displayName: 'Release Microsoft.Data.SqlClient' + dependsOn: + - buildMDS + - mds_package_validation + + variables: + - name: ob_release_environment + value: Test + - name: ob_release_usedeploymentjob + value: true + - name: ob_deploymentjob_environment + value: NuGet-DryRun + + jobs: + - template: /eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml@self + parameters: + packageName: Microsoft.Data.SqlClient + artifactName: $(packageFolderName) + packagePath: Microsoft.Data.SqlClient.$(effectiveMDSPackageVersion).nupkg + nugetServiceConnection: $(NuGetServiceConnection) + isProduction: false + isDryRun: true + + - ${{ if eq(parameters.releaseAKVProvider, true) }}: + - stage: release_akv_provider + displayName: 'Release AKV Provider (Dry Run)' + dependsOn: + - build_addons + + variables: + - name: ob_release_environment + value: Test + - name: ob_release_usedeploymentjob + value: true + - name: ob_deploymentjob_environment + value: NuGet-DryRun + + jobs: + - template: /eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml@self + parameters: + packageName: Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider + artifactName: $(akvPackageFolderName) + packagePath: Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.$(effectiveAkvPackageVersion).nupkg + nugetServiceConnection: $(NuGetServiceConnection) + isProduction: false + isDryRun: true diff --git a/eng/pipelines/onebranch/sqlclient-official.yml b/eng/pipelines/onebranch/sqlclient-official.yml new file mode 100644 index 0000000000..c07958cf0c --- /dev/null +++ b/eng/pipelines/onebranch/sqlclient-official.yml @@ -0,0 +1,282 @@ +################################################################################# +# Licensed to the .NET Foundation under one or more agreements. # +# The .NET Foundation licenses this file to you under the MIT license. # +# See the LICENSE file in the project root for more information. # +################################################################################# + +name: $(Year:YY)$(DayOfYear)$(Rev:.r) + +trigger: none +pr: none + +schedules: +- cron: '0 5 * * Mon' + displayName: Weekly Sunday 10:00 PM (UTC - 7) Build + branches: + include: + - internal/release/6.1 + always: true + +parameters: # parameters are shown up in ADO UI in a build queue time +- name: 'debug' + displayName: 'Enable debug output' + type: boolean + default: true + +- name: publishSymbols + displayName: 'Publish symbols' + type: boolean + default: false + +- name: CurrentNetFxVersion + displayName: 'Lowest supported .NET Framework version (MDS validation)' + type: string + default: 'net462' + +- name: isPreview + displayName: 'Is this a preview build?' + type: boolean + default: false + +# The timeout, in minutes, for each test job. +- name: testsTimeout + displayName: 'Tests timeout (in minutes)' + type: string + default: 90 + +# Build the AKV Provider package. +- name: buildAKVProvider + displayName: 'Build Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider' + type: boolean + default: true + +# Release Dry Run (do not push to NuGet) +- name: releaseDryRun + displayName: 'Release Dry Run (do not push to NuGet)' + type: boolean + default: true + +# Release the Microsoft.Data.SqlClient package. +- name: releaseSqlClient + displayName: 'Release Microsoft.Data.SqlClient' + type: boolean + default: false + +# Release the AKV Provider package. +- name: releaseAKVProvider + displayName: 'Release Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider' + type: boolean + default: false + +variables: + - template: /eng/pipelines/onebranch/variables/variables.yml@self + - name: packageFolderName + value: drop_buildMDS_build_signed_package + - name: PublishSymbols + value: ${{ parameters['publishSymbols'] }} + - name: CurrentNetFxVersion + value: ${{ parameters['CurrentNetFxVersion'] }} + # The effective NuGet package version used by the release stage. + - ${{ if parameters.isPreview }}: + - name: effectiveMDSPackageVersion + value: $(PreviewNugetPackageVersion) + - name: effectiveAkvPackageVersion + value: $(akvPreviewPackageVersion) + - ${{ else }}: + - name: effectiveMDSPackageVersion + value: $(NugetPackageVersion) + - name: effectiveAkvPackageVersion + value: $(akvPackageVersion) + +resources: + repositories: + - repository: templates + type: git + name: OneBranch.Pipelines/GovernedTemplates + ref: refs/heads/main + +extends: + template: v2/OneBranch.Official.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates + parameters: + release: + # This indicates the pipeline category to deploy Box products. See: + # https://eng.ms/docs/products/onebranch/release/yamlreleasepipelines/deployboxproducts + category: NonAzure + featureFlags: + # Suggested by MerlinBot (https://sqlclientdrivers.visualstudio.com/ADO.Net/_git/dotnet-sqlclient/pullrequest/4882) + EnableCDPxPAT: false + WindowsHostVersion: 1ESWindows2022 + globalSdl: # https://aka.ms/obpipelines/sdl + tsa: + # The OneBranch template will set 'break' to false for the other SDL + # tools when TSA is enabled. This allows TSA to gather the results + # and publish them for downstream analysis. + enabled: true + apiscan: + enabled: true + softwareFolder: $(softwareFolder) + symbolsFolder: $(symbolsFolder) + softwarename: Microsoft.Data.SqlClient + versionNumber: $(AssemblyFileVersion) + codeql: + compiled: + enabled: ${{ not(parameters['isPreview']) }} + sbom: + enabled: ${{ not(parameters['isPreview']) }} + packageName: Microsoft.Data.SqlClient + packageVersion: $(NugetPackageVersion) + policheck: + enabled: ${{ not(parameters['isPreview']) }} + break: true # always break the build on policheck issues. You can disable it by setting to 'false' + exclusionsFile: $(REPOROOT)\.config\PolicheckExclusions.xml + asyncSdl: + enabled: false + credscan: + enabled: ${{ not(parameters['isPreview']) }} + suppressionsFile: $(REPOROOT)/.config/CredScanSuppressions.json + binskim: + enabled: ${{ not(parameters['isPreview']) }} + armory: + enabled: ${{ not(parameters['isPreview']) }} + break: true + eslint: # TypeScript and JavaScript + enabled: false + roslyn: + enabled: ${{ not(parameters['isPreview']) }} + break: true + publishLogs: + enabled: ${{ not(parameters['isPreview']) }} + tsaOptionsPath: $(REPOROOT)\.config\tsaoptions.json + disableLegacyManifest: true + stages: + - stage: buildMDS + displayName: 'Build MDS' + jobs: + - template: /eng/pipelines/onebranch/jobs/build-signed-package-job.yml@self + parameters: + symbolsFolder: $(symbolsFolder) + softwareFolder: $(softwareFolder) + publishSymbols: ${{ parameters['publishSymbols'] }} + symbolServer: $(SymbolsPublishServerProd) + symbolTokenUri: $(SymbolsPublishTokenUriProd) + isPreview: ${{ parameters['isPreview'] }} + isOfficialBuild: true + + - stage: mds_package_validation + displayName: 'MDS Package Validation' + dependsOn: buildMDS + jobs: + - template: /eng/pipelines/onebranch/jobs/validate-signed-package-job.yml@self + parameters: + packageFolderName: $(packageFolderName) + isPreview: ${{ parameters['isPreview'] }} + isOfficialBuild: true + downloadPackageStep: + download: current + artifact: $(packageFolderName) + patterns: '**/*.*nupkg' + displayName: 'Download NuGet Package' + + # ================================================================== + # Build Add-on Packages (AKV Provider) + # Depends on MDS build completing first. + # ================================================================== + - ${{ if eq(parameters.buildAKVProvider, true) }}: + - stage: build_addons + displayName: 'Build Add-on Packages' + dependsOn: buildMDS + + variables: + - name: PACKAGE_NAME + value: 'Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider' + + jobs: + - template: /eng/pipelines/onebranch/jobs/build-akv-official-job.yml@self + parameters: + apiScanDllPath: $(apiScanDllPath) + apiScanPdbPath: $(apiScanPdbPath) + assemblyFileVersion: $(akvAssemblyFileVersion) + buildConfiguration: Release + nugetPackageVersion: $(effectiveAkvPackageVersion) + mdsPackageVersion: $(akvMdsPackageVersion) + publishSymbols: ${{ parameters['publishSymbols'] }} + isOfficialBuild: true + signingAppRegistrationClientId: $(SigningAppRegistrationClientId) + signingAppRegistrationTenantId: $(SigningAppRegistrationTenantId) + signingAuthAkvName: $(SigningAuthAkvName) + signingAuthSignCertName: $(SigningAuthSignCertName) + signingEsrpClientId: $(SigningEsrpClientId) + signingEsrpConnectedServiceName: $(SigningEsrpConnectedServiceName) + symbolsAzureSubscription: $(SymbolsAzureSubscription) + # @TODO: Should there be a project name registered for AKV provider project, + # or should they go under the same project as SQL Client? + symbolsPublishProjectName: $(SymbolsPublishProjectNameSqlClient) + symbolsPublishServer: $(SymbolsPublishServerProd) + symbolsPublishTokenUri: $(SymbolsPublishTokenUriProd) + symbolsUploadAccount: $(SymbolsUploadAccount) + + # ================================================================== + # Release Stage — on-demand publish to NuGet.org + # + # Compile-time conditional: stage is removed entirely when no + # release parameters are selected, avoiding OneBranch validation + # errors for empty stages. + # + # Official pipeline → Production environment, approval gate, + # dryRun controlled by releaseDryRun parameter. + # Non-official → Test environment, dryRun always enforced. + # ================================================================== + - ${{ if eq(parameters.releaseSqlClient, true) }}: + - stage: release_sqlclient + ${{ if eq(parameters.releaseDryRun, true) }}: + displayName: 'Release Microsoft.Data.SqlClient (Dry Run)' + ${{ else }}: + displayName: 'Release Microsoft.Data.SqlClient' + dependsOn: + - buildMDS + - mds_package_validation + + variables: + - name: ob_release_environment + value: Production + - name: ob_release_usedeploymentjob + value: true + - name: ob_deploymentjob_environment + value: NuGet-Production + + jobs: + - template: /eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml@self + parameters: + packageName: Microsoft.Data.SqlClient + artifactName: $(packageFolderName) + packagePath: Microsoft.Data.SqlClient.$(effectiveMDSPackageVersion).nupkg + nugetServiceConnection: $(NuGetServiceConnection) + isProduction: true + isDryRun: ${{ parameters.releaseDryRun }} + + - ${{ if eq(parameters.releaseAKVProvider, true) }}: + - stage: release_akv_provider + ${{ if eq(parameters.releaseDryRun, true) }}: + displayName: 'Release AKV Provider (Dry Run)' + ${{ else }}: + displayName: 'Release AKV Provider' + dependsOn: + - build_addons + + variables: + - name: ob_release_environment + value: Production + - name: ob_release_usedeploymentjob + value: true + - name: ob_deploymentjob_environment + value: NuGet-Production + + jobs: + - template: /eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml@self + parameters: + packageName: Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider + artifactName: $(akvPackageFolderName) + packagePath: Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.$(effectiveAkvPackageVersion).nupkg + nugetServiceConnection: $(NuGetServiceConnection) + isProduction: true + isDryRun: ${{ parameters.releaseDryRun }} diff --git a/eng/pipelines/common/templates/steps/build-all-configurations-signed-dlls-step.yml b/eng/pipelines/onebranch/steps/build-all-configurations-signed-dlls-step.yml similarity index 100% rename from eng/pipelines/common/templates/steps/build-all-configurations-signed-dlls-step.yml rename to eng/pipelines/onebranch/steps/build-all-configurations-signed-dlls-step.yml diff --git a/eng/pipelines/common/templates/steps/code-analyze-step.yml b/eng/pipelines/onebranch/steps/code-analyze-step.yml similarity index 100% rename from eng/pipelines/common/templates/steps/code-analyze-step.yml rename to eng/pipelines/onebranch/steps/code-analyze-step.yml diff --git a/eng/pipelines/steps/compound-build-akv-step.yml b/eng/pipelines/onebranch/steps/compound-build-akv-step.yml similarity index 97% rename from eng/pipelines/steps/compound-build-akv-step.yml rename to eng/pipelines/onebranch/steps/compound-build-akv-step.yml index d01d6b51cc..74b505a235 100644 --- a/eng/pipelines/steps/compound-build-akv-step.yml +++ b/eng/pipelines/onebranch/steps/compound-build-akv-step.yml @@ -36,7 +36,7 @@ steps: - task: MSBuild@1 displayName: 'Build.proj - BuildAkv' inputs: - solution: '$(REPO_ROOT)/build.proj' + solution: '$(REPOROOT)/build.proj' configuration: '${{ parameters.buildConfiguration }}' msbuildArguments: >- -t:BuildAkv diff --git a/eng/pipelines/steps/compound-extract-akv-apiscan-files-step.yml b/eng/pipelines/onebranch/steps/compound-extract-akv-apiscan-files-step.yml similarity index 100% rename from eng/pipelines/steps/compound-extract-akv-apiscan-files-step.yml rename to eng/pipelines/onebranch/steps/compound-extract-akv-apiscan-files-step.yml diff --git a/eng/pipelines/steps/compound-nuget-pack-step.yml b/eng/pipelines/onebranch/steps/compound-nuget-pack-step.yml similarity index 100% rename from eng/pipelines/steps/compound-nuget-pack-step.yml rename to eng/pipelines/onebranch/steps/compound-nuget-pack-step.yml diff --git a/eng/pipelines/steps/compound-publish-symbols-step.yml b/eng/pipelines/onebranch/steps/compound-publish-symbols-step.yml similarity index 100% rename from eng/pipelines/steps/compound-publish-symbols-step.yml rename to eng/pipelines/onebranch/steps/compound-publish-symbols-step.yml diff --git a/eng/pipelines/common/templates/steps/copy-dlls-for-test-step.yml b/eng/pipelines/onebranch/steps/copy-dlls-for-test-step.yml similarity index 100% rename from eng/pipelines/common/templates/steps/copy-dlls-for-test-step.yml rename to eng/pipelines/onebranch/steps/copy-dlls-for-test-step.yml diff --git a/eng/pipelines/common/templates/steps/esrp-code-signing-step.yml b/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml similarity index 93% rename from eng/pipelines/common/templates/steps/esrp-code-signing-step.yml rename to eng/pipelines/onebranch/steps/esrp-code-signing-step.yml index e9d62ad074..5a8e538823 100644 --- a/eng/pipelines/common/templates/steps/esrp-code-signing-step.yml +++ b/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml @@ -19,31 +19,31 @@ parameters: - name: ESRPConnectedServiceName type: string - default: $(ESRPConnectedServiceName) + default: $(SigningESRPConnectedServiceName) - name: appRegistrationClientId type: string - default: $(appRegistrationClientId) + default: $(SigningAppRegistrationClientId) - name: appRegistrationTenantId type: string - default: $(appRegistrationTenantId) + default: $(SigningAppRegistrationTenantId) - name: AuthAKVName type: string - default: $(AuthAKVName) + default: $(SigningAuthAKVName) - name: AuthSignCertName type: string - default: $(AuthSignCertName) + default: $(SigningAuthSignCertName) - name: EsrpClientId type: string - default: $(EsrpClientId) + default: $(SigningEsrpClientId) steps: - ${{ if eq(parameters.artifactType, 'dll') }}: - - task: EsrpMalwareScanning@5 + - task: EsrpMalwareScanning@6 displayName: 'ESRP MalwareScanning' inputs: ConnectedServiceName: '${{parameters.ESRPConnectedServiceName }}' @@ -55,7 +55,7 @@ steps: Pattern: '*.dll' CleanupTempStorage: 1 VerboseLogin: 1 - - task: EsrpCodeSigning@5 + - task: EsrpCodeSigning@6 displayName: 'ESRP CodeSigning' inputs: ConnectedServiceName: '${{parameters.ESRPConnectedServiceName }}' @@ -108,7 +108,7 @@ steps: ] - ${{ if eq(parameters.artifactType, 'pkg') }}: - - task: EsrpMalwareScanning@5 + - task: EsrpMalwareScanning@6 displayName: 'ESRP MalwareScanning Nuget Package' inputs: ConnectedServiceName: '${{parameters.ESRPConnectedServiceName }}' @@ -120,7 +120,7 @@ steps: Pattern: '*.*nupkg' CleanupTempStorage: 1 VerboseLogin: 1 - - task: EsrpCodeSigning@5 + - task: EsrpCodeSigning@6 displayName: 'ESRP CodeSigning Nuget Package' inputs: inputs: diff --git a/eng/pipelines/common/templates/steps/publish-symbols-step.yml b/eng/pipelines/onebranch/steps/publish-symbols-step.yml similarity index 94% rename from eng/pipelines/common/templates/steps/publish-symbols-step.yml rename to eng/pipelines/onebranch/steps/publish-symbols-step.yml index 52e622d9a3..0e0c53dc37 100644 --- a/eng/pipelines/common/templates/steps/publish-symbols-step.yml +++ b/eng/pipelines/onebranch/steps/publish-symbols-step.yml @@ -64,7 +64,7 @@ steps: SymbolServerType: TeamServices SymbolsMaximumWaitTime: 60 SymbolExpirationInDays: 1825 # 5 years - SymbolsProduct: Microsoft.Data.SqlClient + SymbolsProduct: $(SymbolsPublishProjectNameSqlClient) SymbolsVersion: ${{parameters.symbolsVersion }} SymbolsArtifactName: ${{parameters.symbolsArtifactName }} Pat: $(System.AccessToken) @@ -74,7 +74,7 @@ steps: displayName: 'Publish symbols' condition: and(succeeded(), ${{ eq(parameters.publishSymbols, 'true') }}) inputs: - azureSubscription: 'Symbols publishing Workload Identity federation service-ADO.Net' + azureSubscription: '$(SymbolsAzureSubscription)' scriptType: ps scriptLocation: inlineScript inlineScript: | @@ -87,8 +87,7 @@ steps: $symbolServer = "${{parameters.symbolServer }}" $tokenUri = "${{parameters.symbolTokenUri }}" - # Registered project name in the symbol publishing pipeline: https://portal.microsofticm.com/imp/v3/incidents/incident/520844254/summary - $projectName = "Microsoft.Data.SqlClient.SNI" + $projectName = "$(SymbolsPublishProjectNameSqlClient)" # Get the access token for the symbol publishing service $symbolPublishingToken = az account get-access-token --resource $tokenUri --query accessToken -o tsv diff --git a/eng/pipelines/steps/roslyn-analyzers-akv-step.yml b/eng/pipelines/onebranch/steps/roslyn-analyzers-akv-step.yml similarity index 98% rename from eng/pipelines/steps/roslyn-analyzers-akv-step.yml rename to eng/pipelines/onebranch/steps/roslyn-analyzers-akv-step.yml index d65ec57ca4..a43be26324 100644 --- a/eng/pipelines/steps/roslyn-analyzers-akv-step.yml +++ b/eng/pipelines/onebranch/steps/roslyn-analyzers-akv-step.yml @@ -29,7 +29,7 @@ steps: msBuildArchitecture: x64 msBuildCommandLine: >- msbuild - $(REPO_ROOT)/build.proj + $(REPOROOT)/build.proj -t:BuildAkv -p:Configuration=${{ parameters.buildConfiguration }} -p:NugetPackageVersion=${{ parameters.mdsPackageVersion }} diff --git a/eng/pipelines/steps/script-output-environment-variables-step.yml b/eng/pipelines/onebranch/steps/script-output-environment-variables-step.yml similarity index 100% rename from eng/pipelines/steps/script-output-environment-variables-step.yml rename to eng/pipelines/onebranch/steps/script-output-environment-variables-step.yml diff --git a/eng/pipelines/libraries/build-variables.yml b/eng/pipelines/onebranch/variables/build-variables.yml similarity index 74% rename from eng/pipelines/libraries/build-variables.yml rename to eng/pipelines/onebranch/variables/build-variables.yml index 3dd87fe7d7..15da600d01 100644 --- a/eng/pipelines/libraries/build-variables.yml +++ b/eng/pipelines/onebranch/variables/build-variables.yml @@ -5,5 +5,5 @@ ################################################################################# variables: - - template: common-variables.yml@self - - template: mds-variables.yml@self + - template: /eng/pipelines/onebranch/variables/common-variables.yml@self + - template: /eng/pipelines/onebranch/variables/mds-variables.yml@self diff --git a/eng/pipelines/onebranch/variables/common-variables.yml b/eng/pipelines/onebranch/variables/common-variables.yml new file mode 100644 index 0000000000..946740a35a --- /dev/null +++ b/eng/pipelines/onebranch/variables/common-variables.yml @@ -0,0 +1,120 @@ +################################################################################# +# Licensed to the .NET Foundation under one or more agreements. # +# The .NET Foundation licenses this file to you under the MIT license. # +# See the LICENSE file in the project root for more information. # +################################################################################# + +variables: + - group: ESRP Federated Creds (AME) + # ESRPConnectedServiceName + # ESRPClientId + # AppRegistrationClientId + # AppRegistrationTenantId + # AuthAKVName + # AuthSignCertName + + - name: Configuration + value: Release + - name: CommitHead + value: '' # the value will be extracted from the repo's head + - name: REPOROOT + value: $(Build.SourcesDirectory) + - name: softwareFolder + value: $(REPOROOT)/software + - name: symbolsFolder + value: $(REPOROOT)/symbols + - name: artifactDirectory + value: '$(REPOROOT)/packages' + + - name: Major + value: '6' + - name: Minor + value: '1' + - name: Patch + value: '5' + + - name: NugetPackageVersion + value: '$(Major).$(Minor).$(Patch)' + + # Since we're on the release/6.1 branch, there will never be another legitimate preview release. + # However, we routinely want to run preview builds to test other changes, so we continue to + # maintain this variable such that these testing preview builds receive newer version numbers + # than previous builds. + - name: PreviewNugetPackageVersion + value: 6.1.6-preview1 + + # GOTCHA: We're intentionally omitting the '.' between Minor and Patch because the BuildNumber + # already contains a '.' and assembly file versions must only contain a maximum of three '.' + # characters. + - name: AssemblyFileVersion + value: '$(Major).$(Minor)$(Patch).$(Build.BuildNumber)' + - name: nuspecPath + value: '$(REPOROOT)/tools/specs/Microsoft.Data.SqlClient.nuspec' + + # NuGet service connection used by the release stage to push packages. + # This should match the name of an ADO service connection configured with + # NuGet.org credentials (API key or federated auth). + - name: NuGetServiceConnection + value: ADO Nuget Org Connection + + # ---------------------------------------------------------------------------- + # AKV Provider Package Versions + # + # These are version values that will be used by the official build. They + # should be updated after each release to reflect the next release's versions. + + - name: akvVersionMajor + value: '6' + - name: akvVersionMinor + value: '1' + - name: akvVersionPatch + value: '2' + - name: akvVersionPreview + value: '' + + - name: akvPackageVersion + value: $(akvVersionMajor).$(akvVersionMinor).$(akvVersionPatch) + - name: akvPreviewPackageVersion + value: $(akvVersionMajor).$(akvVersionMinor).$(akvVersionPatch)$(akvVersionPreview).$(Build.BuildNumber) + - name: akvAssemblyFileVersion + value: '$(akvVersionMajor).$(akvVersionMinor)$(akvVersionPatch).$(Build.BuildNumber)' + - name: akvMdsPackageVersion + value: $(Major).$(Minor).$(Patch) + - name: akvNuspecPath + value: '$(REPOROOT)/tools/specs/add-ons/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.nuspec' + + # AKV Provider artifact name (drop__) + - name: akvPackageFolderName + value: drop_build_addons_buildSignedAkvPackage + + # AKV ApiScan paths + - name: apiScanDllPath + value: '$(Build.SourcesDirectory)/apiScan/dlls' + - name: apiScanPdbPath + value: '$(Build.SourcesDirectory)/apiScan/pdbs' + + # ---------------------------------------------------------------------------- + # Symbols Publishing + # + # Credentials for publishing symbols to symbol servers. + - group: 'symbols-variables-v3' + # SymbolsAzureSubscription + # SymbolsPublishProjectNameSqlClient + # SymbolsPublishProjectNameSni + # SymbolsPublishServerProd + # SymbolsPublishServerPpe + # SymbolsPublishTokenUriProd + # SymbolsPublishTokenUriPpe + # SymbolsUploadAccount + + # ---------------------------------------------------------------------------- + # ESRP Signing (AKV pipeline) + # + # Signing credentials used by the AKV build job. + - group: 'esrp-variables-v2' + # SigningAppRegistrationClientId + # SigningAppRegistrationTenantId + # SigningAuthAkvName + # SigningAuthSignCertName + # SigningEsrpClientId + # SigningEsrpConnectedServiceName diff --git a/eng/pipelines/libraries/mds-validation-variables.yml b/eng/pipelines/onebranch/variables/mds-validation-variables.yml similarity index 90% rename from eng/pipelines/libraries/mds-validation-variables.yml rename to eng/pipelines/onebranch/variables/mds-validation-variables.yml index d7723a059f..cf37d543a2 100644 --- a/eng/pipelines/libraries/mds-validation-variables.yml +++ b/eng/pipelines/onebranch/variables/mds-validation-variables.yml @@ -5,8 +5,8 @@ ################################################################################# variables: - - template: common-variables.yml@self - - template: mds-variables.yml@self + - template: /eng/pipelines/onebranch/variables/common-variables.yml@self + - template: /eng/pipelines/onebranch/variables/mds-variables.yml@self - name: TempFolderName # extract the nuget package here value: temp diff --git a/eng/pipelines/libraries/mds-variables.yml b/eng/pipelines/onebranch/variables/mds-variables.yml similarity index 100% rename from eng/pipelines/libraries/mds-variables.yml rename to eng/pipelines/onebranch/variables/mds-variables.yml diff --git a/eng/pipelines/libraries/variables.yml b/eng/pipelines/onebranch/variables/variables.yml similarity index 92% rename from eng/pipelines/libraries/variables.yml rename to eng/pipelines/onebranch/variables/variables.yml index 57894459d3..1b58903f4b 100644 --- a/eng/pipelines/libraries/variables.yml +++ b/eng/pipelines/onebranch/variables/variables.yml @@ -5,7 +5,7 @@ ################################################################################# variables: - - template: build-variables.yml@self + - template: /eng/pipelines/onebranch/variables/build-variables.yml@self # onebranch template variables - name: ob_outputDirectory value: '$(artifactDirectory)' # this directory is uploaded to pipeline artifacts, reddog and cloudvault. More info at https://aka.ms/obpipelines/artifacts diff --git a/eng/pipelines/stages/stress-tests-ci-stage.yml b/eng/pipelines/stages/stress-tests-ci-stage.yml index 396f8fd4cd..b3c714e368 100644 --- a/eng/pipelines/stages/stress-tests-ci-stage.yml +++ b/eng/pipelines/stages/stress-tests-ci-stage.yml @@ -139,7 +139,7 @@ stages: # -------------------------------------------------------------------------- # Build and test on Linux. - - template: ../jobs/stress-tests-ci-job.yml@self + - template: /eng/pipelines/jobs/stress-tests-ci-job.yml@self parameters: jobNameSuffix: linux displayNamePrefix: Linux @@ -160,7 +160,7 @@ stages: # -------------------------------------------------------------------------- # Build and test on Windows - - template: ../jobs/stress-tests-ci-job.yml + - template: /eng/pipelines/jobs/stress-tests-ci-job.yml parameters: jobNameSuffix: windows displayNamePrefix: Win @@ -186,7 +186,7 @@ stages: # -------------------------------------------------------------------------- # Build and test on macOS. - - template: ../jobs/stress-tests-ci-job.yml + - template: /eng/pipelines/jobs/stress-tests-ci-job.yml parameters: jobNameSuffix: macos displayNamePrefix: macOS diff --git a/eng/pipelines/steps/compound-esrp-code-signing-step.yml b/eng/pipelines/steps/compound-esrp-code-signing-step.yml deleted file mode 100644 index 1eedc78c48..0000000000 --- a/eng/pipelines/steps/compound-esrp-code-signing-step.yml +++ /dev/null @@ -1,145 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -parameters: - - name: appRegistrationClientId - type: string - - - name: appRegistrationTenantId - type: string - - - # Name of the Azure Key Vault to retrieve certificates from. - # note: This has nothing to do with the AKV provider package. - name: authAkvName - type: string - - - name: authSignCertName - type: string - - - name: artifactType - type: string - values: - - dll - - pkg - - - name: esrpConnectedServiceName - type: string - - - name: esrpClientId - type: string - -steps: - - ${{ if eq(parameters.artifactType, 'dll') }}: - - task: EsrpMalwareScanning@5 - displayName: 'ESRP Malware Scanning Code' - inputs: - AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' - AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' - CleanupTempStorage: 1 - ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' - EsrpClientId: '${{ parameters.esrpClientId }}' - FolderPath: '$(BUILD_OUTPUT)' - Pattern: '*.dll' - UseMSIAuthentication: true - VerboseLogin: 1 - - - task: EsrpCodeSigning@5 - displayName: 'ESRP Signing Code' - inputs: - AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' - AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' - AuthAKVName: '${{ parameters.authAkvName }}' - AuthSignCertName: '${{ parameters.authSignCertName }}' - ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' - EsrpClientId: '${{ parameters.esrpClientId }}' - FolderPath: '$(BUILD_OUTPUT)' - Pattern: '*.dll' - signConfigType: 'inlineSignParams' - UseMSIAuthentication: true - inlineOperation: | - [ - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": - [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft Data SqlClient Data Provider for SQL Server" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd \"SHA256\"" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - } - ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - - - ${{ else }}: - - task: EsrpMalwareScanning@5 - displayName: 'ESRP Malware Scanning NuGet Package' - inputs: - AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' - AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' - CleanupTempStorage: 1 - ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' - EsrpClientId: '${{ parameters.esrpClientId }}' - FolderPath: '$(ARTIFACT_PATH)' - Pattern: '*.*nupkg' - UseMSIAuthentication: true - VerboseLogin: 1 - - - task: EsrpCodeSigning@5 - displayName: 'ESRP Signing NuGet Package' - inputs: - AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' - AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' - ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' - EsrpClientId: '${{ parameters.esrpClientId }}' - AuthAKVName: '${{ parameters.authAkvName }}' - AuthSignCertName: '${{ parameters.authSignCertName }}' - FolderPath: '$(ARTIFACT_PATH)' - Pattern: '*.*nupkg' - signConfigType: 'inlineSignParams' - UseMSIAuthentication: true - inlineOperation: | - [ - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetSign", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] diff --git a/eng/pipelines/steps/install-dotnet.yml b/eng/pipelines/steps/install-dotnet.yml index 5b0c413475..6408b49a36 100644 --- a/eng/pipelines/steps/install-dotnet.yml +++ b/eng/pipelines/steps/install-dotnet.yml @@ -45,9 +45,11 @@ parameters: # # https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/use-dotnet-v2 # + # 10.x: Install .NET 10 for ESRP code signing tasks for official builds. + # - name: runtimes type: object - default: [] + default: [10.x] steps: diff --git a/eng/pipelines/variables/akv-official-variables.yml b/eng/pipelines/variables/akv-official-variables.yml deleted file mode 100644 index 48a38d504c..0000000000 --- a/eng/pipelines/variables/akv-official-variables.yml +++ /dev/null @@ -1,42 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -# @TODO: These seem to only really apply to official builds. Name should probably be adjusted to match. - -variables: - # @TODO: If symbols variables are indeed shared between projects and not expected to change - # then they can be removed from this variable group. - - group: 'akv-variables-v2' - # SymbolsAzureSubscription - # SymbolsPublishProjectName - # SymbolsPublishServer - # SymbolsPublishTokenUri - # SymbolsUploadAccount - - # Well-Known Variables ------------------------------------------------- - - name: PACKAGE_NAME - value: 'Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider' - - # Base Variables ------------------------------------------------------- - - name: mdsPackageVersion - value: '6.1.5' - - # @TODO: Version should ideally be pulled from one location (versions.props?) - - name: versionMajor - value: '6' - - name: versionMinor - value: '1' - - name: versionPatch - value: '2' - - name: versionPreview - value: '' - - # Compound Variables --------------------------------------------------- - - name: assemblyFileVersion - value: '${{ variables.versionMajor }}.${{ variables.versionMinor }}${{ variables.versionPatch }}.$(Build.BuildNumber)' - - name: nugetPackageVersion - value: '${{ variables.versionMajor }}.${{ variables.versionMinor }}.${{ variables.versionPatch }}' - #value: '${{ variables.versionMajor }}.${{ variables.versionMinor }}.${{ variables.versionPatch }}${{ variables.versionPreview }}' diff --git a/eng/pipelines/variables/common-variables.yml b/eng/pipelines/variables/common-variables.yml deleted file mode 100644 index 1486c3c227..0000000000 --- a/eng/pipelines/variables/common-variables.yml +++ /dev/null @@ -1,19 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -variables: - # Well-known paths - - name: REPO_ROOT - value: '$(Build.SourcesDirectory)' - readonly: true - - - name: BUILD_OUTPUT - value: '$(Build.SourcesDirectory)/artifacts' - readonly: true - - - name: ARTIFACT_PATH - value: '$(Build.SourcesDirectory)/packages' - readonly: true diff --git a/eng/pipelines/variables/esrp-signing-variables.yml b/eng/pipelines/variables/esrp-signing-variables.yml deleted file mode 100644 index 15d920759f..0000000000 --- a/eng/pipelines/variables/esrp-signing-variables.yml +++ /dev/null @@ -1,17 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -# These variables are used for running ESRP signing tasks. All names start with "Signing" to make -# it clear that these variables are used for signing (as opposed to other msc tasks). - -variables: - - group: 'esrp-variables-v2' - # SigningAppRegistrationClientId - # SigningAppRegistrationTenantId - # SigningAuthAkvName - # SigningAuthSignCertName - # SigningEsrpClientId - # SigningEsrpConnectedServiceName diff --git a/eng/pipelines/variables/onebranch-variables.yml b/eng/pipelines/variables/onebranch-variables.yml deleted file mode 100644 index 1a8ffadec5..0000000000 --- a/eng/pipelines/variables/onebranch-variables.yml +++ /dev/null @@ -1,21 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -variables: - # Variables defined by us ---------------------------------------------- - - name: apiScanDllPath - value: '$(Build.SourcesDirectory)/apiScan/dlls' - - - name: apiScanPdbPath - value: '$(Build.SourcesDirectory)/apiScan/pdbs' - - # Variables defined by OneBranch --------------------------------------- - - name: Packaging.EnableSBOMSigning - value: true - - - # Docker image which is used to build the project https://aka.ms/obpipelines/containers - name: WindowsContainerImage - value: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest' diff --git a/global.json b/global.json index 836b730053..ca7945da47 100644 --- a/global.json +++ b/global.json @@ -15,7 +15,7 @@ // system, etc.) may use their own installed SDKs unless configured // otherwise. // - "version": "9.0.309", + "version": "9.0.312", // Any 9.x version is acceptable. "rollForward": "latestMinor",