[main] Source code updates from dotnet/emsdk (#1722)

Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com>

Author: dotnet-maestro[bot]

src/emsdk/eng/Version.Details.xml

@@ -20,6 +20,7 @@ parameters:
   artifacts: ''
   enableMicrobuild: false
   enableMicrobuildForMacAndLinux: false
+  microbuildUseESRP: true
   enablePublishBuildArtifacts: false
   enablePublishBuildAssets: false
   enablePublishTestResults: false
@@ -128,6 +129,7 @@ jobs:
       parameters:
         enableMicrobuild: ${{ parameters.enableMicrobuild }}
         enableMicrobuildForMacAndLinux: ${{ parameters.enableMicrobuildForMacAndLinux }}
+        microbuildUseESRP: ${{ parameters.microbuildUseESRP }}
         continueOnError: ${{ parameters.continueOnError }}
 
   - ${{ if and(eq(parameters.runAsPublic, 'false'), eq(variables['System.TeamProject'], 'internal')) }}:

src/emsdk/eng/Versions.props

@@ -83,7 +83,6 @@ jobs:
   - template: /eng/common/core-templates/jobs/source-build.yml
     parameters:
       is1ESPipeline: ${{ parameters.is1ESPipeline }}
-      allCompletedJobId: Source_Build_Complete
       ${{ each parameter in parameters.sourceBuildParameters }}:
         ${{ parameter.key }}: ${{ parameter.value }}
 
@@ -108,8 +107,6 @@ jobs:
         - ${{ if eq(parameters.publishBuildAssetsDependsOn, '') }}:
           - ${{ each job in parameters.jobs }}:
             - ${{ job.job }}
-        - ${{ if eq(parameters.enableSourceBuild, true) }}:
-          - Source_Build_Complete
 
         runAsPublic: ${{ parameters.runAsPublic }}
         publishAssetsImmediately: ${{ or(parameters.publishAssetsImmediately, parameters.isAssetlessBuild) }}

src/emsdk/eng/common/core-templates/job/job.yml

@@ -2,12 +2,6 @@ parameters:
   # This template adds arcade-powered source-build to CI. A job is created for each platform, as
   # well as an optional server job that completes when all platform jobs complete.
 
-  # The name of the "join" job for all source-build platforms. If set to empty string, the job is
-  # not included. Existing repo pipelines can use this job depend on all source-build jobs
-  # completing without maintaining a separate list of every single job ID: just depend on this one
-  # server job. By default, not included. Recommended name if used: 'Source_Build_Complete'.
-  allCompletedJobId: ''
-
   # See /eng/common/core-templates/job/source-build.yml
   jobNamePrefix: 'Source_Build'
 
@@ -31,16 +25,6 @@ parameters:
 
 jobs:
 
-- ${{ if ne(parameters.allCompletedJobId, '') }}:
-  - job: ${{ parameters.allCompletedJobId }}
-    displayName: Source-Build Complete
-    pool: server
-    dependsOn:
-    - ${{ each platform in parameters.platforms }}:
-      - ${{ parameters.jobNamePrefix }}_${{ platform.name }}
-    - ${{ if eq(length(parameters.platforms), 0) }}:
-      - ${{ parameters.jobNamePrefix }}_${{ parameters.defaultManagedPlatform.name }}
-
 - ${{ each platform in parameters.platforms }}:
   - template: /eng/common/core-templates/job/source-build.yml
     parameters:

src/emsdk/eng/common/core-templates/jobs/jobs.yml

@@ -4,8 +4,16 @@ parameters:
   # Enable install tasks for MicroBuild on Mac and Linux
   # Will be ignored if 'enableMicrobuild' is false or 'Agent.Os' is 'Windows_NT'
   enableMicrobuildForMacAndLinux: false
+  # Determines whether the ESRP service connection information should be passed to the signing plugin.
+  # This overlaps with _SignType to some degree. We only need the service connection for real signing.
+  # It's important that the service connection not be passed to the MicroBuildSigningPlugin task in this place.
+  # Doing so will cause the service connection to be authorized for the pipeline, which isn't allowed and won't work for non-prod.
+  # Unfortunately, _SignType can't be used to exclude the use of the service connection in non-real sign scenarios. The
+  # variable is not available in template expression. _SignType has a very large proliferation across .NET, so replacing it is tough.
+  microbuildUseESRP: true
   # Location of the MicroBuild output folder
   microBuildOutputFolder: '$(Build.SourcesDirectory)'
+
   continueOnError: false
 
 steps:
@@ -21,19 +29,37 @@ steps:
           workingDirectory: ${{ parameters.microBuildOutputFolder }}
         condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'))
 
+    - script: |
+        REM Check if ESRP is disabled while SignType is real
+        if /I "${{ parameters.microbuildUseESRP }}"=="false" if /I "$(_SignType)"=="real" (
+          echo Error: ESRP must be enabled when SignType is real.
+          exit /b 1
+        )
+      displayName: 'Validate ESRP usage (Windows)'
+      condition: and(succeeded(), eq(variables['Agent.Os'], 'Windows_NT'))
+    - script: |
+        # Check if ESRP is disabled while SignType is real
+        if [ "${{ parameters.microbuildUseESRP }}" = "false" ] && [ "$(_SignType)" = "real" ]; then
+          echo "Error: ESRP must be enabled when SignType is real."
+          exit 1
+        fi
+      displayName: 'Validate ESRP usage (Non-Windows)'
+      condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'))
+
     - task: MicroBuildSigningPlugin@4
       displayName: Install MicroBuild plugin
       inputs:
         signType: $(_SignType)
         zipSources: false
         feedSource: https://dnceng.pkgs.visualstudio.com/_packaging/MicroBuildToolset/nuget/v3/index.json
-        ${{ if and(eq(parameters.enableMicrobuildForMacAndLinux, 'true'), ne(variables['Agent.Os'], 'Windows_NT')) }}:
-          azureSubscription: 'MicroBuild Signing Task (DevDiv)'
-          useEsrpCli: true
-        ${{ elseif eq(variables['System.TeamProject'], 'DevDiv') }}:
-          ConnectedPMEServiceName: 6cc74545-d7b9-4050-9dfa-ebefcc8961ea
-        ${{ else }}:
-          ConnectedPMEServiceName: 248d384a-b39b-46e3-8ad5-c2c210d5e7ca
+        ${{ if eq(parameters.microbuildUseESRP, true) }}:
+          ${{ if eq(parameters.enableMicrobuildForMacAndLinux, 'true') }}:
+            azureSubscription: 'MicroBuild Signing Task (DevDiv)'
+            useEsrpCli: true
+          ${{ elseif eq(variables['System.TeamProject'], 'DevDiv') }}:
+            ConnectedPMEServiceName: 6cc74545-d7b9-4050-9dfa-ebefcc8961ea
+          ${{ else }}:
+            ConnectedPMEServiceName: 248d384a-b39b-46e3-8ad5-c2c210d5e7ca
       env:
         TeamName: $(_TeamName)
         MicroBuildOutputFolderOverride: ${{ parameters.microBuildOutputFolder }}

src/emsdk/eng/common/core-templates/jobs/source-build.yml

@@ -3,8 +3,8 @@
     "dotnet": "10.0.100-preview.7.25322.101"
   },
   "msbuild-sdks": {
-    "Microsoft.DotNet.Arcade.Sdk": "10.0.0-beta.25372.103",
-    "Microsoft.DotNet.Helix.Sdk": "10.0.0-beta.25372.103",
+    "Microsoft.DotNet.Arcade.Sdk": "10.0.0-beta.25377.103",
+    "Microsoft.DotNet.Helix.Sdk": "10.0.0-beta.25377.103",
     "Microsoft.Build.Traversal": "3.4.0"
   }
 }

src/emsdk/eng/common/core-templates/steps/install-microbuild.yml

@@ -43,10 +43,10 @@
       "commitSha": "d48457ecc786e7d8b7b00cc8b62c77650624348d"
     },
     {
-      "barId": 276379,
+      "barId": 277402,
       "path": "emsdk",
       "remoteUri": "https://github.com/dotnet/emsdk",
-      "commitSha": "d65eb5b36511b6422cbad6e2e140a86831a004d2"
+      "commitSha": "b7028483caf8304909c9f3ee17a8f5b3c685f5bc"
     },
     {
       "barId": 277429,