VMR vs MSFT signing comparison #48404
Conversation
ghost
added
ellahathaway
force-pushed
the
vmr-msft-signing-comparison
branch
5 times, most recently
from
0bc6bfe to
28ba6e9
Compare
ellahathaway
force-pushed
the
vmr-msft-signing-comparison
branch
2 times, most recently
from
605486e to
e839a3d
Compare
ellahathaway
force-pushed
the
vmr-msft-signing-comparison
branch
from
e839a3d to
e8efaf9
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR introduces new tooling for comparing MSFT and VMR artifacts with a focus on signing validation. Key changes include:
- A new pipeline for running asset and signing comparisons.
- Refactored BuildComparer with separate sub-commands for assets and signing.
- Enhancements to artifact/signing handling in several C# utility and pipeline template files.
Reviewed Changes
Copilot reviewed 14 out of 17 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| BuildComparer/Utils.cs | New extension methods for removing version identifiers and filtering package files |
| BuildComparer/SigningComparer.cs | Implements parallel signing validation with error handling and recursive result comparisons |
| BuildComparer/SignCheckResults.cs | Introduces XML serialization for sign check results |
| BuildComparer/IssueType.cs | Adds a new Unsigned issue type for mismatched signing statuses |
| BuildComparer/BaselineEntry.cs, AssetMapping.cs | Includes license header updates and additional properties for ignoring certain assets |
| Various YAML pipeline templates | New pipeline and step definitions for downloading artifacts and comparing builds |
Files not reviewed (3)
- eng/GatherDrops.ps1: Language not supported
- eng/pipelines/templates/steps/vmr-validate-asset-baseline.yml: Language not supported
- eng/vmr-msft-comparison-baseline.json: Language not supported
Comments suppressed due to low confidence (1)
src/SourceBuild/content/eng/tools/BuildComparer/SigningComparer.cs:188
- [nitpick] The class name 'SignCheckExecuter' appears to use a nonstandard spelling. Consider renaming it to 'SignCheckExecutor' to align with common naming conventions.
private class SignCheckExecuter
|
I'm encountering some new issues that are causing the pipeline runs to fail:
I've pinged FR for help on the first issue, but the second issue is tricky to resolve. Sometimes the machines have space, and sometimes they don't. I don't have a clear idea on how to better avoid this issue because these artifacts have to be downloaded and checked, and I've already split the mac job into two (one for blobs and one for packages). @mmitche - any thoughts on the mac space issue? Those issues aside, this PR is ready for review. Those two issues don't currently impact the state of this PR. |
|
Closing in favor of dotnet/dotnet#264 |
1 participant
Closes dotnet/arcade#15192
This PR introduces new tooling for comparing the MSFT and VMR artifacts, naming the signing status of their signed files. Some notable changes in this PR include:
dotnet-unified-build-comparisonfor running the asset and signing comparison. This pipeline runs on every build of main and release branches and can also be run manually. On manual runs, signing asset comparison is run as specified. On automated runs, asset comparison is always run and signing comparision is run whensignEnabledis true.BuildComparerhas been reworked so that there are two sub-commands:assetsandsigning.Test pipeline run