Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge latest Library.Template #187

Merged
merged 17 commits into from
Jun 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .config/dotnet-tools.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@
]
},
"dotnet-coverage": {
"version": "17.11.0",
"version": "17.11.3",
"commands": [
"dotnet-coverage"
]
},
"nbgv": {
"version": "3.6.133",
"version": "3.6.139",
"commands": [
"nbgv"
]
Expand Down
19 changes: 0 additions & 19 deletions Directory.Build.props
Original file line number Diff line number Diff line change
Expand Up @@ -59,23 +59,4 @@
<PackageReleaseNotes Condition="'$(PackageProjectUrl)'!=''">$(PackageProjectUrl)/releases/tag/v$(Version)</PackageReleaseNotes>
</PropertyGroup>
</Target>

<PropertyGroup Condition="'$(IsWpfTempProject)' == ''">
<IsWpfTempProject>false</IsWpfTempProject>
<IsWpfTempProject Condition="$(MSBuildProjectName.EndsWith('_wpftmp'))">true</IsWpfTempProject>
</PropertyGroup>

<!--
Inspired by https://github.com/dotnet/arcade/blob/cbfa29d4e859622ada3d226f90f103f659665d31/src/Microsoft.DotNet.Arcade.Sdk/tools/Workarounds.props#L14-L31

Disable Source Link and Xliff in WPF temp projects to avoid generating non-deterministic file names to obj dir.
The project name is non-deterministic and is included in the Source Link json file name and xlf directory names.
It's also not necessary to generate these assets.
-->
<PropertyGroup Condition="'$(IsWpfTempProject)' == 'true'">
<EnableSourceLink>false</EnableSourceLink>
<EmbedUntrackedSources>false</EmbedUntrackedSources>
<DeterministicSourcePaths>false</DeterministicSourcePaths>
<EnableXlfLocalization>false</EnableXlfLocalization>
</PropertyGroup>
</Project>
5 changes: 0 additions & 5 deletions Directory.Build.targets
Original file line number Diff line number Diff line change
@@ -1,10 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<Project>
<PropertyGroup>
<!-- Workaround https://github.com/dotnet/wpf/issues/1718 -->
<EmbedUntrackedSources Condition=" '$(UseWPF)' == 'true' ">false</EmbedUntrackedSources>
</PropertyGroup>

<ItemGroup>
<!-- Avoid compile error about missing namespace when combining ImplicitUsings with .NET Framework target frameworks. -->
<Using Remove="System.Net.Http" Condition="'$(TargetFrameworkIdentifier)'=='.NETFramework'" />
Expand Down
6 changes: 1 addition & 5 deletions Directory.Packages.props
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,8 @@
<GlobalPackageReference Include="CSharpIsNullAnalyzer" Version="0.1.495" />
<GlobalPackageReference Include="DotNetAnalyzers.DocumentationAnalyzers" Version="1.0.0-beta.59" />
<GlobalPackageReference Include="Microsoft.VisualStudio.Internal.MicroBuild.VisualStudio" Version="$(MicroBuildVersion)" />
<GlobalPackageReference Include="Nerdbank.GitVersioning" Version="3.6.133" />
<GlobalPackageReference Include="Nerdbank.GitVersioning" Version="3.6.139" />
<GlobalPackageReference Include="Nullable" Version="1.3.1" />
<GlobalPackageReference Include="StyleCop.Analyzers.Unstable" Version="1.2.0.556" />
</ItemGroup>
<ItemGroup>
<!-- <GlobalPackageReference Include="Microsoft.SourceLink.AzureRepos.Git" Version="8.0.0" /> -->
<GlobalPackageReference Include="Microsoft.SourceLink.GitHub" Version="8.0.0" />
</ItemGroup>
</Project>
22 changes: 22 additions & 0 deletions azure-pipelines/WIFtoPATauth.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
parameters:
- name: deadPATServiceConnectionId # The GUID of the PAT-based service connection whose access token must be replaced.
type: string
- name: wifServiceConnectionName # The name of the WIF service connection to use to get the access token.
type: string
- name: resource # The scope for which the access token is requested.
type: string
default: 499b84ac-1321-427f-aa17-267ca6975798 # Azure Artifact feeds (any of them)

steps:
- task: AzureCLI@2
displayName: 🔏 Authenticate with WIF service connection
inputs:
azureSubscription: ${{ parameters.wifServiceConnectionName }}
scriptType: pscore
scriptLocation: inlineScript
inlineScript: |
$accessToken = az account get-access-token --query accessToken --resource '${{ parameters.resource }}' -o tsv
# Set the access token as a secret, so it doesn't get leaked in the logs
Write-Host "##vso[task.setsecret]$accessToken"
# Override the apitoken of the nuget service connection, for the duration of this stage
Write-Host "##vso[task.setendpoint id=${{ parameters.deadPATServiceConnectionId }};field=authParameter;key=apitoken]$accessToken"
17 changes: 13 additions & 4 deletions azure-pipelines/install-dependencies.yml
Original file line number Diff line number Diff line change
@@ -1,14 +1,23 @@
parameters:
initArgs:
- name: initArgs
type: string
default: ''
- name: needsAzurePublicFeeds
type: boolean
default: true # If nuget.config pulls from the azure-public account, we need to authenticate when building on the devdiv account.

steps:
- ${{ if and(parameters.needsAzurePublicFeeds, eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9')) }}:
- template: WIFtoPATauth.yml
parameters:
wifServiceConnectionName: azure-public/vside package pull
deadPATServiceConnectionId: 0ae39abc-4d06-4436-a7b5-865833df49db # azure-public/msft_consumption

- task: NuGetAuthenticate@1
displayName: 🔏 Authenticate NuGet feeds
inputs:
${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}:
nuGetServiceConnections: azure-public/msft_consumption # Only necessary for GitHub-hosted repos
forceReinstallCredentialProvider: true
${{ if and(parameters.needsAzurePublicFeeds, eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9')) }}:
nuGetServiceConnections: azure-public/msft_consumption

- powershell: |
$AccessToken = '$(System.AccessToken)' # Avoid specifying the access token directly on the init.ps1 command line to avoid it showing up in errors
Expand Down
32 changes: 16 additions & 16 deletions azure-pipelines/official.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,10 @@ parameters:
# As an entrypoint pipeline yml file, all parameters here show up in the Queue Run dialog.
# If any paramaters should NOT be queue-time options, they should be removed from here
# and references to them in this file replaced with hard-coded values.
- name: RealSign
displayName: Real sign?
- name: ForceOfficialBuild
displayName: Official build (sign, compliance, etc.)
type: boolean
default: false
default: false # this should remain false so PR builds using this pipeline are unofficial
# - name: ShouldSkipOptimize # Uncomment this and references to it below when setting EnableOptProf to true in build.yml.
# displayName: Skip OptProf optimization
# type: boolean
Expand All @@ -39,12 +39,8 @@ parameters:
displayName: Run tests
type: boolean
default: true
- name: EnableCompliance
displayName: Run Compliance Tools
type: boolean
default: true
- name: EnableAPIScan
displayName: Include APIScan with Compliance tools
displayName: Include APIScan with compliance tools
type: boolean
default: false # enable in individual repos only AFTER updating TSAOptions.json with your own values

Expand All @@ -59,18 +55,22 @@ variables:
- template: GlobalVariables.yml

extends:
${{ if parameters.EnableCompliance }}:
${{ if or(parameters.ForceOfficialBuild, eq(variables['Build.Reason'],'Schedule')) }}:
template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
parameters:
sdl:
sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES
codeSignValidation:
enabled: true
break: true
additionalTargetsGlobPattern: -|Variables-*\*.ps1;-|APIScanInputs-*\**;-|test_symbols-*\**;-|MicroBuild\**
policheck:
enabled: true
exclusionsFile: $(System.DefaultWorkingDirectory)\azure-pipelines\PoliCheckExclusions.xml
suppression:
suppressionFile: $(System.DefaultWorkingDirectory)\azure-pipelines\falsepositives.gdnsuppress
sbom:
enabled: ${{ or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }} # Disable the generation for SBOMs for artifacts in unsigned builds since it's slow
enabled: true
stages:
- stage: Build
variables:
Expand All @@ -79,9 +79,9 @@ extends:
- template: /azure-pipelines/build.yml@self
parameters:
Is1ESPT: true
RealSign: ${{ or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }}
RealSign: true
# ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }}
EnableAPIScan: ${{ and(parameters.EnableCompliance, parameters.EnableAPIScan, ne(variables['Build.Reason'], 'pullRequest')) }}
EnableAPIScan: ${{ and(parameters.EnableAPIScan, ne(variables['Build.Reason'], 'pullRequest')) }}
windowsPool: VSEngSS-MicroBuild2022-1ES
linuxPool:
name: AzurePipelines-EO
Expand All @@ -96,7 +96,7 @@ extends:
RunTests: ${{ parameters.RunTests }}
- template: /azure-pipelines/prepare-insertion-stages.yml@self
parameters:
RealSign: ${{ or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }}
RealSign: true
${{ else }}:
template: azure-pipelines/MicroBuild.1ES.Unofficial.yml@MicroBuildTemplate
parameters:
Expand All @@ -112,9 +112,9 @@ extends:
- template: /azure-pipelines/build.yml@self
parameters:
Is1ESPT: true
RealSign: ${{ or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }}
RealSign: false
# ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }}
EnableAPIScan: ${{ and(parameters.EnableCompliance, parameters.EnableAPIScan, ne(variables['Build.Reason'], 'pullRequest')) }}
EnableAPIScan: false
windowsPool: VSEngSS-MicroBuild2022-1ES
linuxPool:
name: AzurePipelines-EO
Expand All @@ -129,4 +129,4 @@ extends:
RunTests: ${{ parameters.RunTests }}
- template: /azure-pipelines/prepare-insertion-stages.yml@self
parameters:
RealSign: ${{ or(parameters.RealSign, eq(variables['Build.Reason'],'Schedule')) }}
RealSign: false
4 changes: 4 additions & 0 deletions azure-pipelines/prepare-insertion-stages.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,3 +61,7 @@ stages:
- download: current
artifact: deployables-Windows
displayName: 🔻 Download deployables-Windows artifact
- template: WIFtoPATauth.yml
parameters:
wifServiceConnectionName: azure-public/vside package push
deadPATServiceConnectionId: 42175e93-c771-4a4f-a132-3cca78f44b3b # azure-public/vssdk
1 change: 1 addition & 0 deletions azure-pipelines/vs-insertion.yml
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ extends:
InsertionReviewers: $(Build.RequestedFor),Andrew Arnott
AutoCompletePR: true
AutoCompleteMergeStrategy: Squash
ShallowClone: true
- powershell: |
$contentType = 'application/json';
$headers = @{ Authorization = 'Bearer $(System.AccessToken)' };
Expand Down
1 change: 1 addition & 0 deletions azure-pipelines/vs-validation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ extends:
InsertionBuildPolicy: Request Perf DDRITs
InsertionReviewers: $(Build.RequestedFor)
AutoCompletePR: false
ShallowClone: true
- powershell: |
$insertionPRId = azure-pipelines/Get-InsertionPRId.ps1
$Markdown = @"
Expand Down