diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml
index 5de0e8b174e..a2460a5789b 100644
--- a/eng/Version.Details.xml
+++ b/eng/Version.Details.xml
@@ -83,25 +83,25 @@
-
+
https://github.com/dotnet/arcade
- 2eab07c3d7b78219d10099b19fafeef2ecae1779
+ 1844d819e6f33f1106083c5066ea01e0310eefa3
-
+
https://github.com/dotnet/arcade
- 2eab07c3d7b78219d10099b19fafeef2ecae1779
+ 1844d819e6f33f1106083c5066ea01e0310eefa3
-
+
https://github.com/dotnet/arcade
- 2eab07c3d7b78219d10099b19fafeef2ecae1779
+ 1844d819e6f33f1106083c5066ea01e0310eefa3
-
+
https://github.com/dotnet/arcade
- 2eab07c3d7b78219d10099b19fafeef2ecae1779
+ 1844d819e6f33f1106083c5066ea01e0310eefa3
-
+
https://github.com/dotnet/arcade
- 2eab07c3d7b78219d10099b19fafeef2ecae1779
+ 1844d819e6f33f1106083c5066ea01e0310eefa3
diff --git a/eng/Versions.props b/eng/Versions.props
index 6c836ca7941..829495e0806 100644
--- a/eng/Versions.props
+++ b/eng/Versions.props
@@ -56,9 +56,9 @@
- 6.0.0-beta.24266.4
- 6.0.0-beta.24266.4
- 6.0.0-beta.24266.4
+ 6.0.0-beta.24326.2
+ 6.0.0-beta.24326.2
+ 6.0.0-beta.24326.2
diff --git a/eng/common/templates-official/job/source-build.yml b/eng/common/templates-official/job/source-build.yml
index f5fa09f4151..a6f7efa7768 100644
--- a/eng/common/templates-official/job/source-build.yml
+++ b/eng/common/templates-official/job/source-build.yml
@@ -31,6 +31,12 @@ parameters:
# container and pool.
platform: {}
+ # If set to true and running on a non-public project,
+ # Internal blob storage locations will be enabled.
+ # This is not enabled by default because many repositories do not need internal sources
+ # and do not need to have the required service connections approved in the pipeline.
+ enableInternalSources: false
+
jobs:
- job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }}
displayName: Source-Build (${{ parameters.platform.name }})
@@ -59,6 +65,8 @@ jobs:
clean: all
steps:
+ - ${{ if eq(parameters.enableInternalSources, true) }}:
+ - template: /eng/common/templates-official/steps/enable-internal-runtimes.yml
- template: /eng/common/templates-official/steps/source-build.yml
parameters:
platform: ${{ parameters.platform }}
diff --git a/eng/common/templates-official/job/source-index-stage1.yml b/eng/common/templates-official/job/source-index-stage1.yml
index f04ad04c2b1..f6f0c15bfba 100644
--- a/eng/common/templates-official/job/source-index-stage1.yml
+++ b/eng/common/templates-official/job/source-index-stage1.yml
@@ -1,6 +1,7 @@
parameters:
runAsPublic: false
- sourceIndexPackageVersion: 1.0.1-20240320.1
+ sourceIndexUploadPackageVersion: 2.0.0-20240502.12
+ sourceIndexProcessBinlogPackageVersion: 1.0.1-20240129.2
sourceIndexPackageSource: https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json
sourceIndexBuildCommand: powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "eng/common/build.ps1 -restore -build -binarylog -ci"
preSteps: []
@@ -17,14 +18,14 @@ jobs:
dependsOn: ${{ parameters.dependsOn }}
condition: ${{ parameters.condition }}
variables:
- - name: SourceIndexPackageVersion
- value: ${{ parameters.sourceIndexPackageVersion }}
+ - name: SourceIndexUploadPackageVersion
+ value: ${{ parameters.sourceIndexUploadPackageVersion }}
+ - name: SourceIndexProcessBinlogPackageVersion
+ value: ${{ parameters.sourceIndexProcessBinlogPackageVersion }}
- name: SourceIndexPackageSource
value: ${{ parameters.sourceIndexPackageSource }}
- name: BinlogPath
value: ${{ parameters.binlogPath }}
- - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
- - group: source-dot-net stage1 variables
pool: ${{ parameters.pool }}
steps:
@@ -40,8 +41,8 @@ jobs:
workingDirectory: $(Agent.TempDirectory)
- script: |
- $(Agent.TempDirectory)/dotnet/dotnet tool install BinLogToSln --version $(SourceIndexPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
- $(Agent.TempDirectory)/dotnet/dotnet tool install UploadIndexStage1 --version $(SourceIndexPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
+ $(Agent.TempDirectory)/dotnet/dotnet tool install BinLogToSln --version $(sourceIndexProcessBinlogPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
+ $(Agent.TempDirectory)/dotnet/dotnet tool install UploadIndexStage1 --version $(sourceIndexUploadPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
displayName: Download Tools
# Set working directory to temp directory so 'dotnet' doesn't try to use global.json and use the repo's sdk.
workingDirectory: $(Agent.TempDirectory)
@@ -53,7 +54,21 @@ jobs:
displayName: Process Binlog into indexable sln
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
- - script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name)
+ - task: AzureCLI@2
+ displayName: Get stage 1 auth token
+ inputs:
+ azureSubscription: 'SourceDotNet Stage1 Publish'
+ addSpnToEnvironment: true
+ scriptType: 'ps'
+ scriptLocation: 'inlineScript'
+ inlineScript: |
+ echo "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$env:servicePrincipalId"
+ echo "##vso[task.setvariable variable=ARM_ID_TOKEN;issecret=true]$env:idToken"
+ echo "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$env:tenantId"
+
+ - script: |
+ az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)
+ displayName: "Login to Azure"
+
+ - script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) -s netsourceindexstage1 -b stage1
displayName: Upload stage1 artifacts to source index
- env:
- BLOB_CONTAINER_URL: $(source-dot-net-stage1-blob-container-url)
diff --git a/eng/common/templates-official/jobs/source-build.yml b/eng/common/templates-official/jobs/source-build.yml
index b9a1f67b9a9..9f60019cb01 100644
--- a/eng/common/templates-official/jobs/source-build.yml
+++ b/eng/common/templates-official/jobs/source-build.yml
@@ -21,6 +21,12 @@ parameters:
# one job runs on 'defaultManagedPlatform'.
platforms: []
+ # If set to true and running on a non-public project,
+ # Internal nuget and blob storage locations will be enabled.
+ # This is not enabled by default because many repositories do not need internal sources
+ # and do not need to have the required service connections approved in the pipeline.
+ enableInternalSources: false
+
jobs:
- ${{ if ne(parameters.allCompletedJobId, '') }}:
@@ -38,9 +44,11 @@ jobs:
parameters:
jobNamePrefix: ${{ parameters.jobNamePrefix }}
platform: ${{ platform }}
+ enableInternalSources: ${{ parameters.enableInternalSources }}
- ${{ if eq(length(parameters.platforms), 0) }}:
- template: /eng/common/templates-official/job/source-build.yml
parameters:
jobNamePrefix: ${{ parameters.jobNamePrefix }}
platform: ${{ parameters.defaultManagedPlatform }}
+ enableInternalSources: ${{ parameters.enableInternalSources }}
diff --git a/eng/common/templates-official/post-build/common-variables.yml b/eng/common/templates-official/post-build/common-variables.yml
index fae340f4d20..5404cc7ecbe 100644
--- a/eng/common/templates-official/post-build/common-variables.yml
+++ b/eng/common/templates-official/post-build/common-variables.yml
@@ -2,7 +2,6 @@ variables:
- group: AzureDevOps-Artifact-Feeds-Pats
- group: DotNet-Blob-Feed
- group: DotNet-DotNetCli-Storage
- - group: DotNet-MSRC-Storage
- group: Publish-Build-Assets
# Whether the build is internal or not
diff --git a/eng/common/templates-official/steps/enable-internal-runtimes.yml b/eng/common/templates-official/steps/enable-internal-runtimes.yml
new file mode 100644
index 00000000000..93a8394a666
--- /dev/null
+++ b/eng/common/templates-official/steps/enable-internal-runtimes.yml
@@ -0,0 +1,28 @@
+# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64'
+# variable with the base64-encoded SAS token, by default
+
+parameters:
+- name: federatedServiceConnection
+ type: string
+ default: 'dotnetbuilds-internal-read'
+- name: outputVariableName
+ type: string
+ default: 'dotnetbuilds-internal-container-read-token-base64'
+- name: expiryInHours
+ type: number
+ default: 1
+- name: base64Encode
+ type: boolean
+ default: true
+
+steps:
+- ${{ if ne(variables['System.TeamProject'], 'public') }}:
+ - template: /eng/common/templates-official/steps/get-delegation-sas.yml
+ parameters:
+ federatedServiceConnection: ${{ parameters.federatedServiceConnection }}
+ outputVariableName: ${{ parameters.outputVariableName }}
+ expiryInHours: ${{ parameters.expiryInHours }}
+ base64Encode: ${{ parameters.base64Encode }}
+ storageAccount: dotnetbuilds
+ container: internal
+ permissions: rl
diff --git a/eng/common/templates-official/steps/get-delegation-sas.yml b/eng/common/templates-official/steps/get-delegation-sas.yml
new file mode 100644
index 00000000000..c0e8f91317f
--- /dev/null
+++ b/eng/common/templates-official/steps/get-delegation-sas.yml
@@ -0,0 +1,43 @@
+parameters:
+- name: federatedServiceConnection
+ type: string
+- name: outputVariableName
+ type: string
+- name: expiryInHours
+ type: number
+ default: 1
+- name: base64Encode
+ type: boolean
+ default: false
+- name: storageAccount
+ type: string
+- name: container
+ type: string
+- name: permissions
+ type: string
+ default: 'rl'
+
+steps:
+- task: AzureCLI@2
+ displayName: 'Generate delegation SAS Token for ${{ parameters.storageAccount }}/${{ parameters.container }}'
+ inputs:
+ azureSubscription: ${{ parameters.federatedServiceConnection }}
+ scriptType: 'pscore'
+ scriptLocation: 'inlineScript'
+ inlineScript: |
+ # Calculate the expiration of the SAS token and convert to UTC
+ $expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
+
+ $sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv
+
+ if ($LASTEXITCODE -ne 0) {
+ Write-Error "Failed to generate SAS token."
+ exit 1
+ }
+
+ if ('${{ parameters.base64Encode }}' -eq 'true') {
+ $sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas))
+ }
+
+ Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
+ Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$sas"
diff --git a/eng/common/templates-official/steps/get-federated-access-token.yml b/eng/common/templates-official/steps/get-federated-access-token.yml
new file mode 100644
index 00000000000..e3786cef6df
--- /dev/null
+++ b/eng/common/templates-official/steps/get-federated-access-token.yml
@@ -0,0 +1,28 @@
+parameters:
+- name: federatedServiceConnection
+ type: string
+- name: outputVariableName
+ type: string
+# Resource to get a token for. Common values include:
+# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps
+# - 'https://storage.azure.com/' for storage
+# Defaults to Azure DevOps
+- name: resource
+ type: string
+ default: '499b84ac-1321-427f-aa17-267ca6975798'
+
+steps:
+- task: AzureCLI@2
+ displayName: 'Getting federated access token for feeds'
+ inputs:
+ azureSubscription: ${{ parameters.federatedServiceConnection }}
+ scriptType: 'pscore'
+ scriptLocation: 'inlineScript'
+ inlineScript: |
+ $accessToken = az account get-access-token --query accessToken --resource ${{ parameters.resource }} --output tsv
+ if ($LASTEXITCODE -ne 0) {
+ Write-Error "Failed to get access token for resource '${{ parameters.resource }}'"
+ exit 1
+ }
+ Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
+ Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken"
diff --git a/eng/common/templates/job/source-build.yml b/eng/common/templates/job/source-build.yml
index b6137f44ada..8009ccb954a 100644
--- a/eng/common/templates/job/source-build.yml
+++ b/eng/common/templates/job/source-build.yml
@@ -31,6 +31,12 @@ parameters:
# container and pool.
platform: {}
+ # If set to true and running on a non-public project,
+ # Internal blob storage locations will be enabled.
+ # This is not enabled by default because many repositories do not need internal sources
+ # and do not need to have the required service connections approved in the pipeline.
+ enableInternalSources: false
+
jobs:
- job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }}
displayName: Source-Build (${{ parameters.platform.name }})
@@ -58,6 +64,8 @@ jobs:
clean: all
steps:
+ - ${{ if eq(parameters.enableInternalSources, true) }}:
+ - template: /eng/common/templates/steps/enable-internal-runtimes.yml
- template: /eng/common/templates/steps/source-build.yml
parameters:
platform: ${{ parameters.platform }}
diff --git a/eng/common/templates/job/source-index-stage1.yml b/eng/common/templates/job/source-index-stage1.yml
index b710698eb4d..47f36e98bc1 100644
--- a/eng/common/templates/job/source-index-stage1.yml
+++ b/eng/common/templates/job/source-index-stage1.yml
@@ -1,6 +1,7 @@
parameters:
runAsPublic: false
- sourceIndexPackageVersion: 1.0.1-20240320.1
+ sourceIndexUploadPackageVersion: 2.0.0-20240502.12
+ sourceIndexProcessBinlogPackageVersion: 1.0.1-20240129.2
sourceIndexPackageSource: https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json
sourceIndexBuildCommand: powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "eng/common/build.ps1 -restore -build -binarylog -ci"
preSteps: []
@@ -15,14 +16,14 @@ jobs:
dependsOn: ${{ parameters.dependsOn }}
condition: ${{ parameters.condition }}
variables:
- - name: SourceIndexPackageVersion
- value: ${{ parameters.sourceIndexPackageVersion }}
+ - name: SourceIndexUploadPackageVersion
+ value: ${{ parameters.sourceIndexUploadPackageVersion }}
+ - name: SourceIndexProcessBinlogPackageVersion
+ value: ${{ parameters.sourceIndexProcessBinlogPackageVersion }}
- name: SourceIndexPackageSource
value: ${{ parameters.sourceIndexPackageSource }}
- name: BinlogPath
value: ${{ parameters.binlogPath }}
- - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
- - group: source-dot-net stage1 variables
pool: ${{ parameters.pool }}
steps:
@@ -38,8 +39,8 @@ jobs:
workingDirectory: $(Agent.TempDirectory)
- script: |
- $(Agent.TempDirectory)/dotnet/dotnet tool install BinLogToSln --version $(SourceIndexPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
- $(Agent.TempDirectory)/dotnet/dotnet tool install UploadIndexStage1 --version $(SourceIndexPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
+ $(Agent.TempDirectory)/dotnet/dotnet tool install BinLogToSln --version $(sourceIndexProcessBinlogPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
+ $(Agent.TempDirectory)/dotnet/dotnet tool install UploadIndexStage1 --version $(sourceIndexUploadPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
displayName: Download Tools
# Set working directory to temp directory so 'dotnet' doesn't try to use global.json and use the repo's sdk.
workingDirectory: $(Agent.TempDirectory)
@@ -51,7 +52,21 @@ jobs:
displayName: Process Binlog into indexable sln
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
- - script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name)
+ - task: AzureCLI@2
+ displayName: Get stage 1 auth token
+ inputs:
+ azureSubscription: 'SourceDotNet Stage1 Publish'
+ addSpnToEnvironment: true
+ scriptType: 'ps'
+ scriptLocation: 'inlineScript'
+ inlineScript: |
+ echo "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$env:servicePrincipalId"
+ echo "##vso[task.setvariable variable=ARM_ID_TOKEN;issecret=true]$env:idToken"
+ echo "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$env:tenantId"
+
+ - script: |
+ az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)
+ displayName: "Login to Azure"
+
+ - script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) -s netsourceindexstage1 -b stage1
displayName: Upload stage1 artifacts to source index
- env:
- BLOB_CONTAINER_URL: $(source-dot-net-stage1-blob-container-url)
diff --git a/eng/common/templates/jobs/source-build.yml b/eng/common/templates/jobs/source-build.yml
index 7c240e65447..e3fbd9f38e1 100644
--- a/eng/common/templates/jobs/source-build.yml
+++ b/eng/common/templates/jobs/source-build.yml
@@ -21,6 +21,12 @@ parameters:
# one job runs on 'defaultManagedPlatform'.
platforms: []
+ # If set to true and running on a non-public project,
+ # Internal nuget and blob storage locations will be enabled.
+ # This is not enabled by default because many repositories do not need internal sources
+ # and do not need to have the required service connections approved in the pipeline.
+ enableInternalSources: false
+
jobs:
- ${{ if ne(parameters.allCompletedJobId, '') }}:
@@ -38,9 +44,11 @@ jobs:
parameters:
jobNamePrefix: ${{ parameters.jobNamePrefix }}
platform: ${{ platform }}
+ enableInternalSources: ${{ parameters.enableInternalSources }}
- ${{ if eq(length(parameters.platforms), 0) }}:
- template: /eng/common/templates/job/source-build.yml
parameters:
jobNamePrefix: ${{ parameters.jobNamePrefix }}
platform: ${{ parameters.defaultManagedPlatform }}
+ enableInternalSources: ${{ parameters.enableInternalSources }}
diff --git a/eng/common/templates/post-build/common-variables.yml b/eng/common/templates/post-build/common-variables.yml
index fae340f4d20..5404cc7ecbe 100644
--- a/eng/common/templates/post-build/common-variables.yml
+++ b/eng/common/templates/post-build/common-variables.yml
@@ -2,7 +2,6 @@ variables:
- group: AzureDevOps-Artifact-Feeds-Pats
- group: DotNet-Blob-Feed
- group: DotNet-DotNetCli-Storage
- - group: DotNet-MSRC-Storage
- group: Publish-Build-Assets
# Whether the build is internal or not
diff --git a/eng/common/templates/steps/enable-internal-runtimes.yml b/eng/common/templates/steps/enable-internal-runtimes.yml
new file mode 100644
index 00000000000..54dc9416c51
--- /dev/null
+++ b/eng/common/templates/steps/enable-internal-runtimes.yml
@@ -0,0 +1,28 @@
+# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64'
+# variable with the base64-encoded SAS token, by default
+
+parameters:
+- name: federatedServiceConnection
+ type: string
+ default: 'dotnetbuilds-internal-read'
+- name: outputVariableName
+ type: string
+ default: 'dotnetbuilds-internal-container-read-token-base64'
+- name: expiryInHours
+ type: number
+ default: 1
+- name: base64Encode
+ type: boolean
+ default: true
+
+steps:
+- ${{ if ne(variables['System.TeamProject'], 'public') }}:
+ - template: /eng/common/templates/steps/get-delegation-sas.yml
+ parameters:
+ federatedServiceConnection: ${{ parameters.federatedServiceConnection }}
+ outputVariableName: ${{ parameters.outputVariableName }}
+ expiryInHours: ${{ parameters.expiryInHours }}
+ base64Encode: ${{ parameters.base64Encode }}
+ storageAccount: dotnetbuilds
+ container: internal
+ permissions: rl
diff --git a/eng/common/templates/steps/get-delegation-sas.yml b/eng/common/templates/steps/get-delegation-sas.yml
new file mode 100644
index 00000000000..c0e8f91317f
--- /dev/null
+++ b/eng/common/templates/steps/get-delegation-sas.yml
@@ -0,0 +1,43 @@
+parameters:
+- name: federatedServiceConnection
+ type: string
+- name: outputVariableName
+ type: string
+- name: expiryInHours
+ type: number
+ default: 1
+- name: base64Encode
+ type: boolean
+ default: false
+- name: storageAccount
+ type: string
+- name: container
+ type: string
+- name: permissions
+ type: string
+ default: 'rl'
+
+steps:
+- task: AzureCLI@2
+ displayName: 'Generate delegation SAS Token for ${{ parameters.storageAccount }}/${{ parameters.container }}'
+ inputs:
+ azureSubscription: ${{ parameters.federatedServiceConnection }}
+ scriptType: 'pscore'
+ scriptLocation: 'inlineScript'
+ inlineScript: |
+ # Calculate the expiration of the SAS token and convert to UTC
+ $expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
+
+ $sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv
+
+ if ($LASTEXITCODE -ne 0) {
+ Write-Error "Failed to generate SAS token."
+ exit 1
+ }
+
+ if ('${{ parameters.base64Encode }}' -eq 'true') {
+ $sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas))
+ }
+
+ Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
+ Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$sas"
diff --git a/eng/common/templates/steps/get-federated-access-token.yml b/eng/common/templates/steps/get-federated-access-token.yml
new file mode 100644
index 00000000000..c8c49cc0e8f
--- /dev/null
+++ b/eng/common/templates/steps/get-federated-access-token.yml
@@ -0,0 +1,28 @@
+parameters:
+- name: federatedServiceConnection
+ type: string
+- name: outputVariableName
+ type: string
+# Resource to get a token for. Common values include:
+# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps
+# - 'https://storage.azure.com/' for storage
+# Defaults to Azure DevOps
+- name: resource
+ type: string
+ default: '499b84ac-1321-427f-aa17-267ca6975798'
+
+steps:
+- task: AzureCLI@2
+ displayName: 'Getting federated access token for feeds'
+ inputs:
+ azureSubscription: ${{ parameters.federatedServiceConnection }}
+ scriptType: 'pscore'
+ scriptLocation: 'inlineScript'
+ inlineScript: |
+ $accessToken = az account get-access-token --query accessToken --resource ${{ parameters.resource }} --output tsv
+ if ($LASTEXITCODE -ne 0) {
+ Write-Error "Failed to get access token for resource '${{ parameters.resource }}'"
+ exit 1
+ }
+ Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
+ Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken"
\ No newline at end of file
diff --git a/eng/pipeline-pr.yml b/eng/pipeline-pr.yml
index fc6cd2c24fa..6b58ed75938 100644
--- a/eng/pipeline-pr.yml
+++ b/eng/pipeline-pr.yml
@@ -1,7 +1,7 @@
#
-# This file should be kept in sync across https://www.github.com/dotnet/wpf and dotnet-wpf-int repos.
+# This file should be kept in sync across https://www.github.com/dotnet/wpf and dotnet-wpf-int repos.
+#
#
-#
parameters:
# Needed because runAsPublic is used in template expressions, which can't read from user-defined variables
@@ -71,7 +71,6 @@ jobs:
- name: _InternalRuntimeDownloadArgs
value: ''
- ${{ if eq(variables['System.TeamProject'], 'internal') }}:
- - group: DotNetBuilds storage account read tokens
- group: AzureDevOps-Artifact-Feeds-Pats
- name: _InternalRuntimeDownloadArgs
value: >-
@@ -84,17 +83,15 @@ jobs:
# note: You have to use list syntax here (- name: value) or you will get errors about declaring the same variable multiple times
- name: _SignType
value: real
- - group: DotNet-Blob-Feed
- - group: DotNet-Symbol-Server-Pats
- group: DotNet-HelixApi-Access
- # note: Even though they are referenced here, user defined variables (like $(_SignType)) are not resolved
+ # note: Even though they are referenced here, user defined variables (like $(_SignType)) are not resolved
# until the agent is running on the machine. They can be overridden any time before they are resolved,
# like in the job matrix below (see Build_Debug)
- name: _SignArgs
value: /p:DotNetSignType=$(_SignType) /p:TeamName=$(_TeamName)
- name: _PublishArgs
- value:
+ value:
/p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines)
- name: _OfficialBuildIdArgs
value: /p:OfficialBuildId=$(BUILD.BUILDNUMBER)
@@ -153,9 +150,11 @@ jobs:
env:
Token: $(dn-bot-dnceng-artifact-feeds-rw)
+ - template: /eng/common/templates/steps/enable-internal-runtimes.yml
+
# Use utility script to run script command dependent on agent OS.
- script: eng\common\cibuild.cmd
- -configuration $(_BuildConfig)
+ -configuration $(_BuildConfig)
-prepareMachine
$(_PublishArgs)
$(_SignArgs)
@@ -163,8 +162,8 @@ jobs:
$(_PlatformArgs)
$(_InternalRuntimeDownloadArgs)
displayName: Windows Build / Publish
- # This condition should be kept in sync with the condition for 'Run DRTs' step
- # When building on a regular pipeline (!_HelixPipeline), build as usual
+ # This condition should be kept in sync with the condition for 'Run DRTs' step
+ # When building on a regular pipeline (!_HelixPipeline), build as usual
# When building on a Helix pipeline, only build Release configs
# (!_HelixPipeline) ||
# (_HelixPipeline && _PublicBuildPipeline && _ContinuousIntegrationTestsEnabled && _BuildConfig == Release)
@@ -173,7 +172,7 @@ jobs:
# Run DRTs
- powershell: eng\common\cibuild.cmd
-configuration $(_BuildConfig)
- $(_OfficialBuildIdArgs)
+ $(_OfficialBuildIdArgs)
$(_PlatformArgs)
-projects $(Build.SourcesDirectory)\eng\helixpublish.proj
/bl:$(BUILD.SOURCESDIRECTORY)\artifacts\log\$(_BuildConfig)\HelixDrt.binlog
@@ -193,4 +192,3 @@ jobs:
# (_HelixPipeline && _PublicBuildPipeline && _ContinuousIntegrationTestsEnabled && _BuildConfig == Release)
#
condition: and(succeeded(), eq(variables['_HelixPipeline'], 'true') ,eq(variables['_BuildConfig'], 'Release'), eq(variables['_PublicBuildPipeline'], 'true'), eq(variables['_ContinuousIntegrationTestsEnabled'], 'true'))
-
\ No newline at end of file
diff --git a/eng/pipeline.yml b/eng/pipeline.yml
index 381728d7275..fed5acfe3ff 100644
--- a/eng/pipeline.yml
+++ b/eng/pipeline.yml
@@ -1,7 +1,7 @@
#
-# This file should be kept in sync across https://www.github.com/dotnet/wpf and dotnet-wpf-int repos.
+# This file should be kept in sync across https://www.github.com/dotnet/wpf and dotnet-wpf-int repos.
+#
#
-#
parameters:
# Needed because runAsPublic is used in template expressions, which can't read from user-defined variables
@@ -71,7 +71,6 @@ jobs:
- name: _InternalRuntimeDownloadArgs
value: ''
- ${{ if eq(variables['System.TeamProject'], 'internal') }}:
- - group: DotNetBuilds storage account read tokens
- group: AzureDevOps-Artifact-Feeds-Pats
- name: _InternalRuntimeDownloadArgs
value: >-
@@ -84,17 +83,15 @@ jobs:
# note: You have to use list syntax here (- name: value) or you will get errors about declaring the same variable multiple times
- name: _SignType
value: real
- - group: DotNet-Blob-Feed
- - group: DotNet-Symbol-Server-Pats
- group: DotNet-HelixApi-Access
- # note: Even though they are referenced here, user defined variables (like $(_SignType)) are not resolved
+ # note: Even though they are referenced here, user defined variables (like $(_SignType)) are not resolved
# until the agent is running on the machine. They can be overridden any time before they are resolved,
# like in the job matrix below (see Build_Debug)
- name: _SignArgs
value: /p:DotNetSignType=$(_SignType) /p:TeamName=$(_TeamName)
- name: _PublishArgs
- value:
+ value:
/p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines)
- name: _OfficialBuildIdArgs
value: /p:OfficialBuildId=$(BUILD.BUILDNUMBER)
@@ -153,9 +150,11 @@ jobs:
env:
Token: $(dn-bot-dnceng-artifact-feeds-rw)
+ - template: /eng/common/templates-official/steps/enable-internal-runtimes.yml
+
# Use utility script to run script command dependent on agent OS.
- script: eng\common\cibuild.cmd
- -configuration $(_BuildConfig)
+ -configuration $(_BuildConfig)
-prepareMachine
$(_PublishArgs)
$(_SignArgs)
@@ -163,8 +162,8 @@ jobs:
$(_PlatformArgs)
$(_InternalRuntimeDownloadArgs)
displayName: Windows Build / Publish
- # This condition should be kept in sync with the condition for 'Run DRTs' step
- # When building on a regular pipeline (!_HelixPipeline), build as usual
+ # This condition should be kept in sync with the condition for 'Run DRTs' step
+ # When building on a regular pipeline (!_HelixPipeline), build as usual
# When building on a Helix pipeline, only build Release configs
# (!_HelixPipeline) ||
# (_HelixPipeline && _PublicBuildPipeline && _ContinuousIntegrationTestsEnabled && _BuildConfig == Release)
@@ -173,7 +172,7 @@ jobs:
# Run DRTs
- powershell: eng\common\cibuild.cmd
-configuration $(_BuildConfig)
- $(_OfficialBuildIdArgs)
+ $(_OfficialBuildIdArgs)
$(_PlatformArgs)
-projects $(Build.SourcesDirectory)\eng\helixpublish.proj
/bl:$(BUILD.SOURCESDIRECTORY)\artifacts\log\$(_BuildConfig)\HelixDrt.binlog
diff --git a/global.json b/global.json
index d335f06ca23..e5ab6079bd2 100644
--- a/global.json
+++ b/global.json
@@ -12,8 +12,8 @@
}
},
"msbuild-sdks": {
- "Microsoft.DotNet.Arcade.Sdk": "6.0.0-beta.24266.4",
- "Microsoft.DotNet.Helix.Sdk": "6.0.0-beta.24266.4"
+ "Microsoft.DotNet.Arcade.Sdk": "6.0.0-beta.24326.2",
+ "Microsoft.DotNet.Helix.Sdk": "6.0.0-beta.24326.2"
},
"sdk": {
"version": "6.0.130"