From 6c6625a740207e95cae113adbd5de147a0f374f1 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Thu, 21 Mar 2024 22:36:07 +0000 Subject: [PATCH 1/8] Update dependencies from https://github.com/dotnet/arcade build Microsoft.DotNet.Arcade.Sdk , Microsoft.DotNet.Build.Tasks.Installers , Microsoft.DotNet.CMake.Sdk From Version 7.0.0-beta.24163.12 -> To Version 7.0.0-beta.24171.2 --- NuGet.config | 9 - eng/Version.Details.xml | 12 +- eng/Versions.props | 2 +- eng/common/templates-official/job/job.yml | 276 +++++++++++++++++ .../templates-official/job/onelocbuild.yml | 112 +++++++ .../job/publish-build-assets.yml | 162 ++++++++++ .../templates-official/job/source-build.yml | 64 ++++ .../job/source-index-stage1.yml | 68 ++++ .../templates-official/jobs/codeql-build.yml | 31 ++ eng/common/templates-official/jobs/jobs.yml | 97 ++++++ .../templates-official/jobs/source-build.yml | 46 +++ .../post-build/common-variables.yml | 25 ++ .../post-build/post-build.yml | 290 ++++++++++++++++++ .../post-build/setup-maestro-vars.yml | 70 +++++ .../post-build/trigger-subscription.yml | 13 + .../steps/add-build-to-channel.yml | 13 + .../steps/component-governance.yml | 10 + .../steps/execute-codeql.yml | 32 ++ .../steps/generate-sbom.yml | 44 +++ .../templates-official/steps/publish-logs.yml | 23 ++ .../templates-official/steps/retain-build.yml | 28 ++ .../steps/send-to-helix.yml | 91 ++++++ .../templates-official/steps/source-build.yml | 108 +++++++ .../variables/sdl-variables.yml | 7 + global.json | 4 +- 25 files changed, 1619 insertions(+), 18 deletions(-) create mode 100644 eng/common/templates-official/job/job.yml create mode 100644 eng/common/templates-official/job/onelocbuild.yml create mode 100644 eng/common/templates-official/job/publish-build-assets.yml create mode 100644 eng/common/templates-official/job/source-build.yml create mode 100644 eng/common/templates-official/job/source-index-stage1.yml create mode 100644 eng/common/templates-official/jobs/codeql-build.yml create mode 100644 eng/common/templates-official/jobs/jobs.yml create mode 100644 eng/common/templates-official/jobs/source-build.yml create mode 100644 eng/common/templates-official/post-build/common-variables.yml create mode 100644 eng/common/templates-official/post-build/post-build.yml create mode 100644 eng/common/templates-official/post-build/setup-maestro-vars.yml create mode 100644 eng/common/templates-official/post-build/trigger-subscription.yml create mode 100644 eng/common/templates-official/steps/add-build-to-channel.yml create mode 100644 eng/common/templates-official/steps/component-governance.yml create mode 100644 eng/common/templates-official/steps/execute-codeql.yml create mode 100644 eng/common/templates-official/steps/generate-sbom.yml create mode 100644 eng/common/templates-official/steps/publish-logs.yml create mode 100644 eng/common/templates-official/steps/retain-build.yml create mode 100644 eng/common/templates-official/steps/send-to-helix.yml create mode 100644 eng/common/templates-official/steps/source-build.yml create mode 100644 eng/common/templates-official/variables/sdl-variables.yml diff --git a/NuGet.config b/NuGet.config index b05560e292ba..bdc3a6cb9239 100644 --- a/NuGet.config +++ b/NuGet.config @@ -10,19 +10,14 @@ - - - - - @@ -44,15 +39,11 @@ - - - - diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 3e09d1c59d9d..f623ff164617 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -192,18 +192,18 @@ - + https://github.com/dotnet/arcade - bbc75d8a5897763eaf6945c263759930e02dd32b + bc35747acd136d5aca170df4ec527c346db76c8e - + https://github.com/dotnet/arcade - bbc75d8a5897763eaf6945c263759930e02dd32b + bc35747acd136d5aca170df4ec527c346db76c8e - + https://github.com/dotnet/arcade - bbc75d8a5897763eaf6945c263759930e02dd32b + bc35747acd136d5aca170df4ec527c346db76c8e https://github.com/dotnet/source-build-reference-packages diff --git a/eng/Versions.props b/eng/Versions.props index dc5488682062..f330e20571b2 100644 --- a/eng/Versions.props +++ b/eng/Versions.props @@ -33,7 +33,7 @@ - 7.0.0-beta.24163.12 + 7.0.0-beta.24171.2 diff --git a/eng/common/templates-official/job/job.yml b/eng/common/templates-official/job/job.yml new file mode 100644 index 000000000000..a1bb79c43a7c --- /dev/null +++ b/eng/common/templates-official/job/job.yml @@ -0,0 +1,276 @@ +# Internal resources (telemetry, microbuild) can only be accessed from non-public projects, +# and some (Microbuild) should only be applied to non-PR cases for internal builds. + +parameters: +# Job schema parameters - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#job + cancelTimeoutInMinutes: '' + condition: '' + container: '' + continueOnError: false + dependsOn: '' + displayName: '' + pool: '' + steps: [] + strategy: '' + timeoutInMinutes: '' + variables: [] + workspace: '' + templateContext: '' + +# Job base template specific parameters + # See schema documentation - https://github.com/dotnet/arcade/blob/master/Documentation/AzureDevOps/TemplateSchema.md + artifacts: '' + enableMicrobuild: false + enablePublishBuildArtifacts: false + enablePublishBuildAssets: false + enablePublishTestResults: false + enablePublishUsingPipelines: false + disableComponentGovernance: '' + mergeTestResults: false + testRunTitle: '' + testResultsFormat: '' + name: '' + preSteps: [] + runAsPublic: false +# Sbom related params + enableSbom: true + PackageVersion: 7.0.0 + BuildDropPath: '$(Build.SourcesDirectory)/artifacts' + +jobs: +- job: ${{ parameters.name }} + + ${{ if ne(parameters.cancelTimeoutInMinutes, '') }}: + cancelTimeoutInMinutes: ${{ parameters.cancelTimeoutInMinutes }} + + ${{ if ne(parameters.condition, '') }}: + condition: ${{ parameters.condition }} + + ${{ if ne(parameters.container, '') }}: + container: ${{ parameters.container }} + + ${{ if ne(parameters.continueOnError, '') }}: + continueOnError: ${{ parameters.continueOnError }} + + ${{ if ne(parameters.dependsOn, '') }}: + dependsOn: ${{ parameters.dependsOn }} + + ${{ if ne(parameters.displayName, '') }}: + displayName: ${{ parameters.displayName }} + + ${{ if ne(parameters.pool, '') }}: + pool: ${{ parameters.pool }} + + ${{ if ne(parameters.strategy, '') }}: + strategy: ${{ parameters.strategy }} + + ${{ if ne(parameters.timeoutInMinutes, '') }}: + timeoutInMinutes: ${{ parameters.timeoutInMinutes }} + + ${{ if ne(parameters.templateContext, '') }}: + templateContext: ${{ parameters.templateContext }} + + variables: + - ${{ if ne(parameters.enableTelemetry, 'false') }}: + - name: DOTNET_CLI_TELEMETRY_PROFILE + value: '$(Build.Repository.Uri)' + - ${{ if eq(parameters.enableRichCodeNavigation, 'true') }}: + - name: EnableRichCodeNavigation + value: 'true' + # Retry signature validation up to three times, waiting 2 seconds between attempts. + # See https://learn.microsoft.com/en-us/nuget/reference/errors-and-warnings/nu3028#retry-untrusted-root-failures + - name: NUGET_EXPERIMENTAL_CHAIN_BUILD_RETRY_POLICY + value: 3,2000 + - ${{ each variable in parameters.variables }}: + # handle name-value variable syntax + # example: + # - name: [key] + # value: [value] + - ${{ if ne(variable.name, '') }}: + - name: ${{ variable.name }} + value: ${{ variable.value }} + + # handle variable groups + - ${{ if ne(variable.group, '') }}: + - group: ${{ variable.group }} + + # handle key-value variable syntax. + # example: + # - [key]: [value] + - ${{ if and(eq(variable.name, ''), eq(variable.group, '')) }}: + - ${{ each pair in variable }}: + - name: ${{ pair.key }} + value: ${{ pair.value }} + + # DotNet-HelixApi-Access provides 'HelixApiAccessToken' for internal builds + - ${{ if and(eq(parameters.enableTelemetry, 'true'), eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - group: DotNet-HelixApi-Access + + ${{ if ne(parameters.workspace, '') }}: + workspace: ${{ parameters.workspace }} + + steps: + - ${{ if ne(parameters.preSteps, '') }}: + - ${{ each preStep in parameters.preSteps }}: + - ${{ preStep }} + + - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - ${{ if eq(parameters.enableMicrobuild, 'true') }}: + - task: MicroBuildSigningPlugin@3 + displayName: Install MicroBuild plugin + inputs: + signType: $(_SignType) + zipSources: false + feedSource: https://dnceng.pkgs.visualstudio.com/_packaging/MicroBuildToolset/nuget/v3/index.json + env: + TeamName: $(_TeamName) + continueOnError: ${{ parameters.continueOnError }} + condition: and(succeeded(), in(variables['_SignType'], 'real', 'test'), eq(variables['Agent.Os'], 'Windows_NT')) + + - task: NuGetAuthenticate@1 + + - ${{ if or(eq(parameters.artifacts.download, 'true'), ne(parameters.artifacts.download, '')) }}: + - task: DownloadPipelineArtifact@2 + inputs: + buildType: current + artifactName: ${{ coalesce(parameters.artifacts.download.name, 'Artifacts_$(Agent.OS)_$(_BuildConfig)') }} + targetPath: ${{ coalesce(parameters.artifacts.download.path, 'artifacts') }} + itemPattern: ${{ coalesce(parameters.artifacts.download.pattern, '**') }} + + - ${{ each step in parameters.steps }}: + - ${{ step }} + + - ${{ if eq(parameters.enableRichCodeNavigation, true) }}: + - task: RichCodeNavIndexer@0 + displayName: RichCodeNav Upload + inputs: + languages: ${{ coalesce(parameters.richCodeNavigationLanguage, 'csharp') }} + environment: ${{ coalesce(parameters.richCodeNavigationEnvironment, 'production') }} + richNavLogOutputDirectory: $(Build.SourcesDirectory)/artifacts/bin + continueOnError: true + + - template: /eng/common/templates-official/steps/component-governance.yml + parameters: + ${{ if eq(parameters.disableComponentGovernance, '') }}: + ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.runAsPublic, 'false'), or(startsWith(variables['Build.SourceBranch'], 'refs/heads/release/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/dotnet/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/microsoft/'), eq(variables['Build.SourceBranch'], 'refs/heads/main'))) }}: + disableComponentGovernance: false + ${{ else }}: + disableComponentGovernance: true + ${{ else }}: + disableComponentGovernance: ${{ parameters.disableComponentGovernance }} + + - ${{ if eq(parameters.enableMicrobuild, 'true') }}: + - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - task: MicroBuildCleanup@1 + displayName: Execute Microbuild cleanup tasks + condition: and(always(), in(variables['_SignType'], 'real', 'test'), eq(variables['Agent.Os'], 'Windows_NT')) + continueOnError: ${{ parameters.continueOnError }} + env: + TeamName: $(_TeamName) + + - ${{ if ne(parameters.artifacts.publish, '') }}: + - ${{ if or(eq(parameters.artifacts.publish.artifacts, 'true'), ne(parameters.artifacts.publish.artifacts, '')) }}: + - task: CopyFiles@2 + displayName: Gather binaries for publish to artifacts + inputs: + SourceFolder: 'artifacts/bin' + Contents: '**' + TargetFolder: '$(Build.ArtifactStagingDirectory)/artifacts/bin' + - task: CopyFiles@2 + displayName: Gather packages for publish to artifacts + inputs: + SourceFolder: 'artifacts/packages' + Contents: '**' + TargetFolder: '$(Build.ArtifactStagingDirectory)/artifacts/packages' + - task: 1ES.PublishBuildArtifacts@1 + displayName: Publish pipeline artifacts + inputs: + PathtoPublish: '$(Build.ArtifactStagingDirectory)/artifacts' + PublishLocation: Container + ArtifactName: ${{ coalesce(parameters.artifacts.publish.artifacts.name , 'Artifacts_$(Agent.Os)_$(_BuildConfig)') }} + continueOnError: true + condition: always() + - ${{ if or(eq(parameters.artifacts.publish.logs, 'true'), ne(parameters.artifacts.publish.logs, '')) }}: + - task: 1ES.PublishPipelineArtifact@1 + inputs: + targetPath: 'artifacts/log' + artifactName: ${{ coalesce(parameters.artifacts.publish.logs.name, 'Logs_Build_$(Agent.Os)_$(_BuildConfig)') }} + displayName: 'Publish logs' + continueOnError: true + condition: always() + + - ${{ if or(eq(parameters.artifacts.publish.manifests, 'true'), ne(parameters.artifacts.publish.manifests, '')) }}: + - ${{ if and(ne(parameters.enablePublishUsingPipelines, 'true'), eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - task: CopyFiles@2 + displayName: Gather Asset Manifests + inputs: + SourceFolder: '$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)/AssetManifest' + TargetFolder: '$(Build.ArtifactStagingDirectory)/AssetManifests' + continueOnError: ${{ parameters.continueOnError }} + condition: and(succeeded(), eq(variables['_DotNetPublishToBlobFeed'], 'true')) + + - task: 1ES.PublishBuildArtifacts@1 + displayName: Push Asset Manifests + inputs: + PathtoPublish: '$(Build.ArtifactStagingDirectory)/AssetManifests' + PublishLocation: Container + ArtifactName: AssetManifests + continueOnError: ${{ parameters.continueOnError }} + condition: and(succeeded(), eq(variables['_DotNetPublishToBlobFeed'], 'true')) + + - ${{ if ne(parameters.enablePublishBuildArtifacts, 'false') }}: + - task: 1ES.PublishBuildArtifacts@1 + displayName: Publish Logs + inputs: + PathtoPublish: '$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)' + PublishLocation: Container + ArtifactName: ${{ coalesce(parameters.enablePublishBuildArtifacts.artifactName, '$(Agent.Os)_$(Agent.JobName)' ) }} + continueOnError: true + condition: always() + + - ${{ if or(and(eq(parameters.enablePublishTestResults, 'true'), eq(parameters.testResultsFormat, '')), eq(parameters.testResultsFormat, 'xunit')) }}: + - task: PublishTestResults@2 + displayName: Publish XUnit Test Results + inputs: + testResultsFormat: 'xUnit' + testResultsFiles: '*.xml' + searchFolder: '$(Build.SourcesDirectory)/artifacts/TestResults/$(_BuildConfig)' + testRunTitle: ${{ coalesce(parameters.testRunTitle, parameters.name, '$(System.JobName)') }}-xunit + mergeTestResults: ${{ parameters.mergeTestResults }} + continueOnError: true + condition: always() + - ${{ if or(and(eq(parameters.enablePublishTestResults, 'true'), eq(parameters.testResultsFormat, '')), eq(parameters.testResultsFormat, 'vstest')) }}: + - task: PublishTestResults@2 + displayName: Publish TRX Test Results + inputs: + testResultsFormat: 'VSTest' + testResultsFiles: '*.trx' + searchFolder: '$(Build.SourcesDirectory)/artifacts/TestResults/$(_BuildConfig)' + testRunTitle: ${{ coalesce(parameters.testRunTitle, parameters.name, '$(System.JobName)') }}-trx + mergeTestResults: ${{ parameters.mergeTestResults }} + continueOnError: true + condition: always() + + - ${{ if and(eq(parameters.enablePublishBuildAssets, true), ne(parameters.enablePublishUsingPipelines, 'true'), eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - task: CopyFiles@2 + displayName: Gather Asset Manifests + inputs: + SourceFolder: '$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)/AssetManifest' + TargetFolder: '$(Build.StagingDirectory)/AssetManifests' + continueOnError: ${{ parameters.continueOnError }} + condition: and(succeeded(), eq(variables['_DotNetPublishToBlobFeed'], 'true')) + + - task: 1ES.PublishBuildArtifacts@1 + displayName: Push Asset Manifests + inputs: + PathtoPublish: '$(Build.StagingDirectory)/AssetManifests' + PublishLocation: Container + ArtifactName: AssetManifests + continueOnError: ${{ parameters.continueOnError }} + condition: and(succeeded(), eq(variables['_DotNetPublishToBlobFeed'], 'true')) + + - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.enableSbom, 'true')) }}: + - template: /eng/common/templates-official/steps/generate-sbom.yml + parameters: + PackageVersion: ${{ parameters.packageVersion}} + BuildDropPath: ${{ parameters.buildDropPath }} diff --git a/eng/common/templates-official/job/onelocbuild.yml b/eng/common/templates-official/job/onelocbuild.yml new file mode 100644 index 000000000000..52b4d05d3f8d --- /dev/null +++ b/eng/common/templates-official/job/onelocbuild.yml @@ -0,0 +1,112 @@ +parameters: + # Optional: dependencies of the job + dependsOn: '' + + # Optional: A defined YAML pool - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#pool + pool: '' + + CeapexPat: $(dn-bot-ceapex-package-r) # PAT for the loc AzDO instance https://dev.azure.com/ceapex + GithubPat: $(BotAccount-dotnet-bot-repo-PAT) + + SourcesDirectory: $(Build.SourcesDirectory) + CreatePr: true + AutoCompletePr: false + ReusePr: true + UseLfLineEndings: true + UseCheckedInLocProjectJson: false + SkipLocProjectJsonGeneration: false + LanguageSet: VS_Main_Languages + LclSource: lclFilesInRepo + LclPackageId: '' + RepoType: gitHub + GitHubOrg: dotnet + MirrorRepo: '' + MirrorBranch: main + condition: '' + JobNameSuffix: '' + +jobs: +- job: OneLocBuild${{ parameters.JobNameSuffix }} + + dependsOn: ${{ parameters.dependsOn }} + + displayName: OneLocBuild${{ parameters.JobNameSuffix }} + + variables: + - group: OneLocBuildVariables # Contains the CeapexPat and GithubPat + - name: _GenerateLocProjectArguments + value: -SourcesDirectory ${{ parameters.SourcesDirectory }} + -LanguageSet "${{ parameters.LanguageSet }}" + -CreateNeutralXlfs + - ${{ if eq(parameters.UseCheckedInLocProjectJson, 'true') }}: + - name: _GenerateLocProjectArguments + value: ${{ variables._GenerateLocProjectArguments }} -UseCheckedInLocProjectJson + - template: /eng/common/templates-official/variables/pool-providers.yml + + ${{ if ne(parameters.pool, '') }}: + pool: ${{ parameters.pool }} + ${{ if eq(parameters.pool, '') }}: + pool: + # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com) + ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}: + name: AzurePipelines-EO + image: 1ESPT-Windows2022 + demands: Cmd + os: windows + # If it's not devdiv, it's dnceng + ${{ if ne(variables['System.TeamProject'], 'DevDiv') }}: + name: $(DncEngInternalBuildPool) + image: 1es-windows-2022 + os: windows + + steps: + - ${{ if ne(parameters.SkipLocProjectJsonGeneration, 'true') }}: + - task: Powershell@2 + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/generate-locproject.ps1 + arguments: $(_GenerateLocProjectArguments) + displayName: Generate LocProject.json + condition: ${{ parameters.condition }} + + - task: OneLocBuild@2 + displayName: OneLocBuild + env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + inputs: + locProj: eng/Localize/LocProject.json + outDir: $(Build.ArtifactStagingDirectory) + lclSource: ${{ parameters.LclSource }} + lclPackageId: ${{ parameters.LclPackageId }} + isCreatePrSelected: ${{ parameters.CreatePr }} + isAutoCompletePrSelected: ${{ parameters.AutoCompletePr }} + ${{ if eq(parameters.CreatePr, true) }}: + isUseLfLineEndingsSelected: ${{ parameters.UseLfLineEndings }} + ${{ if eq(parameters.RepoType, 'gitHub') }}: + isShouldReusePrSelected: ${{ parameters.ReusePr }} + packageSourceAuth: patAuth + patVariable: ${{ parameters.CeapexPat }} + ${{ if eq(parameters.RepoType, 'gitHub') }}: + repoType: ${{ parameters.RepoType }} + gitHubPatVariable: "${{ parameters.GithubPat }}" + ${{ if ne(parameters.MirrorRepo, '') }}: + isMirrorRepoSelected: true + gitHubOrganization: ${{ parameters.GitHubOrg }} + mirrorRepo: ${{ parameters.MirrorRepo }} + mirrorBranch: ${{ parameters.MirrorBranch }} + condition: ${{ parameters.condition }} + + - task: 1ES.PublishBuildArtifacts@1 + displayName: Publish Localization Files + inputs: + PathtoPublish: '$(Build.ArtifactStagingDirectory)/loc' + PublishLocation: Container + ArtifactName: Loc + condition: ${{ parameters.condition }} + + - task: 1ES.PublishBuildArtifacts@1 + displayName: Publish LocProject.json + inputs: + PathtoPublish: '$(Build.SourcesDirectory)/eng/Localize/' + PublishLocation: Container + ArtifactName: Loc + condition: ${{ parameters.condition }} \ No newline at end of file diff --git a/eng/common/templates-official/job/publish-build-assets.yml b/eng/common/templates-official/job/publish-build-assets.yml new file mode 100644 index 000000000000..d0073ea8aadc --- /dev/null +++ b/eng/common/templates-official/job/publish-build-assets.yml @@ -0,0 +1,162 @@ +parameters: + configuration: 'Debug' + + # Optional: condition for the job to run + condition: '' + + # Optional: 'true' if future jobs should run even if this job fails + continueOnError: false + + # Optional: dependencies of the job + dependsOn: '' + + # Optional: Include PublishBuildArtifacts task + enablePublishBuildArtifacts: false + + # Optional: A defined YAML pool - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#pool + pool: {} + + # Optional: should run as a public build even in the internal project + # if 'true', the build won't run any of the internal only steps, even if it is running in non-public projects. + runAsPublic: false + + # Optional: whether the build's artifacts will be published using release pipelines or direct feed publishing + publishUsingPipelines: false + + # Optional: whether the build's artifacts will be published using release pipelines or direct feed publishing + publishAssetsImmediately: false + + artifactsPublishingAdditionalParameters: '' + + signingValidationAdditionalParameters: '' + +jobs: +- job: Asset_Registry_Publish + + dependsOn: ${{ parameters.dependsOn }} + timeoutInMinutes: 150 + + ${{ if eq(parameters.publishAssetsImmediately, 'true') }}: + displayName: Publish Assets + ${{ else }}: + displayName: Publish to Build Asset Registry + + variables: + - template: /eng/common/templates-official/variables/pool-providers.yml + - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - group: Publish-Build-Assets + - group: AzureDevOps-Artifact-Feeds-Pats + - name: runCodesignValidationInjection + value: false + - ${{ if eq(parameters.publishAssetsImmediately, 'true') }}: + - template: /eng/common/templates-official/post-build/common-variables.yml + + pool: + # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com) + ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}: + name: AzurePipelines-EO + image: 1ESPT-Windows2022 + demands: Cmd + os: windows + # If it's not devdiv, it's dnceng + ${{ if ne(variables['System.TeamProject'], 'DevDiv') }}: + name: $(DncEngInternalBuildPool) + image: 1es-windows-2022 + os: windows + + steps: + - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - task: DownloadBuildArtifacts@0 + displayName: Download artifact + inputs: + artifactName: AssetManifests + downloadPath: '$(Build.StagingDirectory)/Download' + checkDownloadedFiles: true + condition: ${{ parameters.condition }} + continueOnError: ${{ parameters.continueOnError }} + + - task: NuGetAuthenticate@1 + + - task: PowerShell@2 + displayName: Enable cross-org NuGet feed authentication + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/enable-cross-org-publishing.ps1 + arguments: -token $(dn-bot-all-orgs-artifact-feeds-rw) + + - task: PowerShell@2 + displayName: Publish Build Assets + inputs: + filePath: eng\common\sdk-task.ps1 + arguments: -task PublishBuildAssets -restore -msbuildEngine dotnet + /p:ManifestsPath='$(Build.StagingDirectory)/Download/AssetManifests' + /p:BuildAssetRegistryToken=$(MaestroAccessToken) + /p:MaestroApiEndpoint=https://maestro.dot.net + /p:PublishUsingPipelines=${{ parameters.publishUsingPipelines }} + /p:OfficialBuildId=$(Build.BuildNumber) + condition: ${{ parameters.condition }} + continueOnError: ${{ parameters.continueOnError }} + + - task: powershell@2 + displayName: Create ReleaseConfigs Artifact + inputs: + targetType: inline + script: | + New-Item -Path "$(Build.StagingDirectory)/ReleaseConfigs" -ItemType Directory -Force + $filePath = "$(Build.StagingDirectory)/ReleaseConfigs/ReleaseConfigs.txt" + Add-Content -Path $filePath -Value $(BARBuildId) + Add-Content -Path $filePath -Value "$(DefaultChannels)" + Add-Content -Path $filePath -Value $(IsStableBuild) + + - task: 1ES.PublishBuildArtifacts@1 + displayName: Publish ReleaseConfigs Artifact + inputs: + PathtoPublish: '$(Build.StagingDirectory)/ReleaseConfigs' + PublishLocation: Container + ArtifactName: ReleaseConfigs + + - task: powershell@2 + displayName: Check if SymbolPublishingExclusionsFile.txt exists + inputs: + targetType: inline + script: | + $symbolExclusionfile = "$(Build.SourcesDirectory)/eng/SymbolPublishingExclusionsFile.txt" + if(Test-Path -Path $symbolExclusionfile) + { + Write-Host "SymbolExclusionFile exists" + Write-Host "##vso[task.setvariable variable=SymbolExclusionFile]true" + } + else{ + Write-Host "Symbols Exclusion file does not exists" + Write-Host "##vso[task.setvariable variable=SymbolExclusionFile]false" + } + + - task: 1ES.PublishBuildArtifacts@1 + displayName: Publish SymbolPublishingExclusionsFile Artifact + condition: eq(variables['SymbolExclusionFile'], 'true') + inputs: + PathtoPublish: '$(Build.SourcesDirectory)/eng/SymbolPublishingExclusionsFile.txt' + PublishLocation: Container + ArtifactName: ReleaseConfigs + + - ${{ if eq(parameters.publishAssetsImmediately, 'true') }}: + - template: /eng/common/templates-official/post-build/setup-maestro-vars.yml + parameters: + BARBuildId: ${{ parameters.BARBuildId }} + PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }} + + - task: PowerShell@2 + displayName: Publish Using Darc + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 + arguments: -BuildId $(BARBuildId) + -PublishingInfraVersion 3 + -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' + -MaestroToken '$(MaestroApiAccessToken)' + -WaitPublishingFinish true + -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}' + -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}' + + - ${{ if eq(parameters.enablePublishBuildArtifacts, 'true') }}: + - template: /eng/common/templates-official/steps/publish-logs.yml + parameters: + JobLabel: 'Publish_Artifacts_Logs' diff --git a/eng/common/templates-official/job/source-build.yml b/eng/common/templates-official/job/source-build.yml new file mode 100644 index 000000000000..f5fa09f41511 --- /dev/null +++ b/eng/common/templates-official/job/source-build.yml @@ -0,0 +1,64 @@ +parameters: + # This template adds arcade-powered source-build to CI. The template produces a server job with a + # default ID 'Source_Build_Complete' to put in a dependency list if necessary. + + # Specifies the prefix for source-build jobs added to pipeline. Use this if disambiguation needed. + jobNamePrefix: 'Source_Build' + + # Defines the platform on which to run the job. By default, a linux-x64 machine, suitable for + # managed-only repositories. This is an object with these properties: + # + # name: '' + # The name of the job. This is included in the job ID. + # targetRID: '' + # The name of the target RID to use, instead of the one auto-detected by Arcade. + # nonPortable: false + # Enables non-portable mode. This means a more specific RID (e.g. fedora.32-x64 rather than + # linux-x64), and compiling against distro-provided packages rather than portable ones. + # skipPublishValidation: false + # Disables publishing validation. By default, a check is performed to ensure no packages are + # published by source-build. + # container: '' + # A container to use. Runs in docker. + # pool: {} + # A pool to use. Runs directly on an agent. + # buildScript: '' + # Specifies the build script to invoke to perform the build in the repo. The default + # './build.sh' should work for typical Arcade repositories, but this is customizable for + # difficult situations. + # jobProperties: {} + # A list of job properties to inject at the top level, for potential extensibility beyond + # container and pool. + platform: {} + +jobs: +- job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }} + displayName: Source-Build (${{ parameters.platform.name }}) + + ${{ each property in parameters.platform.jobProperties }}: + ${{ property.key }}: ${{ property.value }} + + ${{ if ne(parameters.platform.container, '') }}: + container: ${{ parameters.platform.container }} + + ${{ if eq(parameters.platform.pool, '') }}: + # The default VM host AzDO pool. This should be capable of running Docker containers: almost all + # source-build builds run in Docker, including the default managed platform. + pool: + ${{ if eq(variables['System.TeamProject'], 'public') }}: + name: NetCore-Svc-Public + demands: ImageOverride -equals Build.Ubuntu.1804.Amd64.Open + ${{ if eq(variables['System.TeamProject'], 'internal') }}: + name: NetCore1ESPool-Svc-Internal + image: 1es-mariner-2 + os: linux + ${{ if ne(parameters.platform.pool, '') }}: + pool: ${{ parameters.platform.pool }} + + workspace: + clean: all + + steps: + - template: /eng/common/templates-official/steps/source-build.yml + parameters: + platform: ${{ parameters.platform }} diff --git a/eng/common/templates-official/job/source-index-stage1.yml b/eng/common/templates-official/job/source-index-stage1.yml new file mode 100644 index 000000000000..73bf386edb3a --- /dev/null +++ b/eng/common/templates-official/job/source-index-stage1.yml @@ -0,0 +1,68 @@ +parameters: + runAsPublic: false + sourceIndexPackageVersion: 1.0.1-20220804.1 + sourceIndexPackageSource: https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json + sourceIndexBuildCommand: powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "eng/common/build.ps1 -restore -build -binarylog -ci" + preSteps: [] + binlogPath: artifacts/log/Debug/Build.binlog + condition: '' + dependsOn: '' + pool: '' + +jobs: +- job: SourceIndexStage1 + dependsOn: ${{ parameters.dependsOn }} + condition: ${{ parameters.condition }} + variables: + - name: SourceIndexPackageVersion + value: ${{ parameters.sourceIndexPackageVersion }} + - name: SourceIndexPackageSource + value: ${{ parameters.sourceIndexPackageSource }} + - name: BinlogPath + value: ${{ parameters.binlogPath }} + - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - group: source-dot-net stage1 variables + - template: /eng/common/templates-official/variables/pool-providers.yml + + ${{ if ne(parameters.pool, '') }}: + pool: ${{ parameters.pool }} + ${{ if eq(parameters.pool, '') }}: + pool: + ${{ if eq(variables['System.TeamProject'], 'public') }}: + name: $(DncEngPublicBuildPool) + demands: ImageOverride -equals windows.vs2019.amd64.open + ${{ if eq(variables['System.TeamProject'], 'internal') }}: + name: $(DncEngInternalBuildPool) + image: 1es-windows-2022 + os: windows + + steps: + - ${{ each preStep in parameters.preSteps }}: + - ${{ preStep }} + + - task: UseDotNet@2 + displayName: Use .NET Core sdk 3.1 + inputs: + packageType: sdk + version: 3.1.x + installationPath: $(Agent.TempDirectory)/dotnet + workingDirectory: $(Agent.TempDirectory) + + - script: | + $(Agent.TempDirectory)/dotnet/dotnet tool install BinLogToSln --version $(SourceIndexPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools + $(Agent.TempDirectory)/dotnet/dotnet tool install UploadIndexStage1 --version $(SourceIndexPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools + displayName: Download Tools + # Set working directory to temp directory so 'dotnet' doesn't try to use global.json and use the repo's sdk. + workingDirectory: $(Agent.TempDirectory) + + - script: ${{ parameters.sourceIndexBuildCommand }} + displayName: Build Repository + + - script: $(Agent.TempDirectory)/.source-index/tools/BinLogToSln -i $(BinlogPath) -r $(Build.SourcesDirectory) -n $(Build.Repository.Name) -o .source-index/stage1output + displayName: Process Binlog into indexable sln + + - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) + displayName: Upload stage1 artifacts to source index + env: + BLOB_CONTAINER_URL: $(source-dot-net-stage1-blob-container-url) diff --git a/eng/common/templates-official/jobs/codeql-build.yml b/eng/common/templates-official/jobs/codeql-build.yml new file mode 100644 index 000000000000..b68d3c2f3199 --- /dev/null +++ b/eng/common/templates-official/jobs/codeql-build.yml @@ -0,0 +1,31 @@ +parameters: + # See schema documentation in /Documentation/AzureDevOps/TemplateSchema.md + continueOnError: false + # Required: A collection of jobs to run - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#job + jobs: [] + # Optional: if specified, restore and use this version of Guardian instead of the default. + overrideGuardianVersion: '' + +jobs: +- template: /eng/common/templates-official/jobs/jobs.yml + parameters: + enableMicrobuild: false + enablePublishBuildArtifacts: false + enablePublishTestResults: false + enablePublishBuildAssets: false + enablePublishUsingPipelines: false + enableTelemetry: true + + variables: + - group: Publish-Build-Assets + # The Guardian version specified in 'eng/common/sdl/packages.config'. This value must be kept in + # sync with the packages.config file. + - name: DefaultGuardianVersion + value: 0.109.0 + - name: GuardianPackagesConfigFile + value: $(Build.SourcesDirectory)\eng\common\sdl\packages.config + - name: GuardianVersion + value: ${{ coalesce(parameters.overrideGuardianVersion, '$(DefaultGuardianVersion)') }} + + jobs: ${{ parameters.jobs }} + diff --git a/eng/common/templates-official/jobs/jobs.yml b/eng/common/templates-official/jobs/jobs.yml new file mode 100644 index 000000000000..857a0f8ba43e --- /dev/null +++ b/eng/common/templates-official/jobs/jobs.yml @@ -0,0 +1,97 @@ +parameters: + # See schema documentation in /Documentation/AzureDevOps/TemplateSchema.md + continueOnError: false + + # Optional: Include PublishBuildArtifacts task + enablePublishBuildArtifacts: false + + # Optional: Enable publishing using release pipelines + enablePublishUsingPipelines: false + + # Optional: Enable running the source-build jobs to build repo from source + enableSourceBuild: false + + # Optional: Parameters for source-build template. + # See /eng/common/templates-official/jobs/source-build.yml for options + sourceBuildParameters: [] + + graphFileGeneration: + # Optional: Enable generating the graph files at the end of the build + enabled: false + # Optional: Include toolset dependencies in the generated graph files + includeToolset: false + + # Required: A collection of jobs to run - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#job + jobs: [] + + # Optional: Override automatically derived dependsOn value for "publish build assets" job + publishBuildAssetsDependsOn: '' + + # Optional: Publish the assets as soon as the publish to BAR stage is complete, rather doing so in a separate stage. + publishAssetsImmediately: false + + # Optional: If using publishAssetsImmediately and additional parameters are needed, can be used to send along additional parameters (normally sent to post-build.yml) + artifactsPublishingAdditionalParameters: '' + signingValidationAdditionalParameters: '' + + # Optional: should run as a public build even in the internal project + # if 'true', the build won't run any of the internal only steps, even if it is running in non-public projects. + runAsPublic: false + + enableSourceIndex: false + sourceIndexParams: {} + +# Internal resources (telemetry, microbuild) can only be accessed from non-public projects, +# and some (Microbuild) should only be applied to non-PR cases for internal builds. + +jobs: +- ${{ each job in parameters.jobs }}: + - template: ../job/job.yml + parameters: + # pass along parameters + ${{ each parameter in parameters }}: + ${{ if ne(parameter.key, 'jobs') }}: + ${{ parameter.key }}: ${{ parameter.value }} + + # pass along job properties + ${{ each property in job }}: + ${{ if ne(property.key, 'job') }}: + ${{ property.key }}: ${{ property.value }} + + name: ${{ job.job }} + +- ${{ if eq(parameters.enableSourceBuild, true) }}: + - template: /eng/common/templates-official/jobs/source-build.yml + parameters: + allCompletedJobId: Source_Build_Complete + ${{ each parameter in parameters.sourceBuildParameters }}: + ${{ parameter.key }}: ${{ parameter.value }} + +- ${{ if eq(parameters.enableSourceIndex, 'true') }}: + - template: ../job/source-index-stage1.yml + parameters: + runAsPublic: ${{ parameters.runAsPublic }} + ${{ each parameter in parameters.sourceIndexParams }}: + ${{ parameter.key }}: ${{ parameter.value }} + +- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - ${{ if or(eq(parameters.enablePublishBuildAssets, true), eq(parameters.artifacts.publish.manifests, 'true'), ne(parameters.artifacts.publish.manifests, '')) }}: + - template: ../job/publish-build-assets.yml + parameters: + continueOnError: ${{ parameters.continueOnError }} + dependsOn: + - ${{ if ne(parameters.publishBuildAssetsDependsOn, '') }}: + - ${{ each job in parameters.publishBuildAssetsDependsOn }}: + - ${{ job.job }} + - ${{ if eq(parameters.publishBuildAssetsDependsOn, '') }}: + - ${{ each job in parameters.jobs }}: + - ${{ job.job }} + - ${{ if eq(parameters.enableSourceBuild, true) }}: + - Source_Build_Complete + + runAsPublic: ${{ parameters.runAsPublic }} + publishUsingPipelines: ${{ parameters.enablePublishUsingPipelines }} + publishAssetsImmediately: ${{ parameters.publishAssetsImmediately }} + enablePublishBuildArtifacts: ${{ parameters.enablePublishBuildArtifacts }} + artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }} + signingValidationAdditionalParameters: ${{ parameters.signingValidationAdditionalParameters }} diff --git a/eng/common/templates-official/jobs/source-build.yml b/eng/common/templates-official/jobs/source-build.yml new file mode 100644 index 000000000000..a5168eb3506e --- /dev/null +++ b/eng/common/templates-official/jobs/source-build.yml @@ -0,0 +1,46 @@ +parameters: + # This template adds arcade-powered source-build to CI. A job is created for each platform, as + # well as an optional server job that completes when all platform jobs complete. + + # The name of the "join" job for all source-build platforms. If set to empty string, the job is + # not included. Existing repo pipelines can use this job depend on all source-build jobs + # completing without maintaining a separate list of every single job ID: just depend on this one + # server job. By default, not included. Recommended name if used: 'Source_Build_Complete'. + allCompletedJobId: '' + + # See /eng/common/templates-official/job/source-build.yml + jobNamePrefix: 'Source_Build' + + # This is the default platform provided by Arcade, intended for use by a managed-only repo. + defaultManagedPlatform: + name: 'Managed' + container: 'mcr.microsoft.com/dotnet-buildtools/prereqs:centos-stream8-20220809204800-17a4aab' + + # Defines the platforms on which to run build jobs. One job is created for each platform, and the + # object in this array is sent to the job template as 'platform'. If no platforms are specified, + # one job runs on 'defaultManagedPlatform'. + platforms: [] + +jobs: + +- ${{ if ne(parameters.allCompletedJobId, '') }}: + - job: ${{ parameters.allCompletedJobId }} + displayName: Source-Build Complete + pool: server + dependsOn: + - ${{ each platform in parameters.platforms }}: + - ${{ parameters.jobNamePrefix }}_${{ platform.name }} + - ${{ if eq(length(parameters.platforms), 0) }}: + - ${{ parameters.jobNamePrefix }}_${{ parameters.defaultManagedPlatform.name }} + +- ${{ each platform in parameters.platforms }}: + - template: /eng/common/templates-official/job/source-build.yml + parameters: + jobNamePrefix: ${{ parameters.jobNamePrefix }} + platform: ${{ platform }} + +- ${{ if eq(length(parameters.platforms), 0) }}: + - template: /eng/common/templates-official/job/source-build.yml + parameters: + jobNamePrefix: ${{ parameters.jobNamePrefix }} + platform: ${{ parameters.defaultManagedPlatform }} diff --git a/eng/common/templates-official/post-build/common-variables.yml b/eng/common/templates-official/post-build/common-variables.yml new file mode 100644 index 000000000000..b504fe55cb80 --- /dev/null +++ b/eng/common/templates-official/post-build/common-variables.yml @@ -0,0 +1,25 @@ +variables: + - group: AzureDevOps-Artifact-Feeds-Pats + - group: DotNet-DotNetCli-Storage + - group: DotNet-MSRC-Storage + - group: Publish-Build-Assets + + # Whether the build is internal or not + - name: IsInternalBuild + value: ${{ and(ne(variables['System.TeamProject'], 'public'), contains(variables['Build.SourceBranch'], 'internal')) }} + + # Default Maestro++ API Endpoint and API Version + - name: MaestroApiEndPoint + value: "https://maestro.dot.net" + - name: MaestroApiAccessToken + value: $(MaestroAccessToken) + - name: MaestroApiVersion + value: "2020-02-20" + + - name: SourceLinkCLIVersion + value: 3.0.0 + - name: SymbolToolVersion + value: 1.0.1 + + - name: runCodesignValidationInjection + value: false diff --git a/eng/common/templates-official/post-build/post-build.yml b/eng/common/templates-official/post-build/post-build.yml new file mode 100644 index 000000000000..35976adb7d50 --- /dev/null +++ b/eng/common/templates-official/post-build/post-build.yml @@ -0,0 +1,290 @@ +parameters: + # Which publishing infra should be used. THIS SHOULD MATCH THE VERSION ON THE BUILD MANIFEST. + # Publishing V1 is no longer supported + # Publishing V2 is no longer supported + # Publishing V3 is the default + - name: publishingInfraVersion + displayName: Which version of publishing should be used to promote the build definition? + type: number + default: 3 + values: + - 3 + + - name: BARBuildId + displayName: BAR Build Id + type: number + default: 0 + + - name: PromoteToChannelIds + displayName: Channel to promote BARBuildId to + type: string + default: '' + + - name: enableSourceLinkValidation + displayName: Enable SourceLink validation + type: boolean + default: false + + - name: enableSigningValidation + displayName: Enable signing validation + type: boolean + default: true + + - name: enableSymbolValidation + displayName: Enable symbol validation + type: boolean + default: false + + - name: enableNugetValidation + displayName: Enable NuGet validation + type: boolean + default: true + + - name: publishInstallersAndChecksums + displayName: Publish installers and checksums + type: boolean + default: true + + - name: SDLValidationParameters + type: object + default: + enable: false + publishGdn: false + continueOnError: false + params: '' + artifactNames: '' + downloadArtifacts: true + + # These parameters let the user customize the call to sdk-task.ps1 for publishing + # symbols & general artifacts as well as for signing validation + - name: symbolPublishingAdditionalParameters + displayName: Symbol publishing additional parameters + type: string + default: '' + + - name: artifactsPublishingAdditionalParameters + displayName: Artifact publishing additional parameters + type: string + default: '' + + - name: signingValidationAdditionalParameters + displayName: Signing validation additional parameters + type: string + default: '' + + # Which stages should finish execution before post-build stages start + - name: validateDependsOn + type: object + default: + - build + + - name: publishDependsOn + type: object + default: + - Validate + + # Optional: Call asset publishing rather than running in a separate stage + - name: publishAssetsImmediately + type: boolean + default: false + +stages: +- ${{ if or(eq( parameters.enableNugetValidation, 'true'), eq(parameters.enableSigningValidation, 'true'), eq(parameters.enableSourceLinkValidation, 'true'), eq(parameters.SDLValidationParameters.enable, 'true')) }}: + - stage: Validate + dependsOn: ${{ parameters.validateDependsOn }} + displayName: Validate Build Assets + variables: + - template: common-variables.yml + - template: /eng/common/templates-official/variables/pool-providers.yml + jobs: + - job: + displayName: NuGet Validation + condition: eq( ${{ parameters.enableNugetValidation }}, 'true') + pool: + # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com) + ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}: + name: AzurePipelines-EO + image: 1ESPT-Windows2022 + demands: Cmd + os: windows + # If it's not devdiv, it's dnceng + ${{ else }}: + name: $(DncEngInternalBuildPool) + image: 1es-windows-2022 + os: windows + + steps: + - template: setup-maestro-vars.yml + parameters: + BARBuildId: ${{ parameters.BARBuildId }} + PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }} + + - task: DownloadBuildArtifacts@0 + displayName: Download Package Artifacts + inputs: + buildType: specific + buildVersionToDownload: specific + project: $(AzDOProjectName) + pipeline: $(AzDOPipelineId) + buildId: $(AzDOBuildId) + artifactName: PackageArtifacts + checkDownloadedFiles: true + + - task: PowerShell@2 + displayName: Validate + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/post-build/nuget-validation.ps1 + arguments: -PackagesPath $(Build.ArtifactStagingDirectory)/PackageArtifacts/ + -ToolDestinationPath $(Agent.BuildDirectory)/Extract/ + + - job: + displayName: Signing Validation + condition: and( eq( ${{ parameters.enableSigningValidation }}, 'true'), ne( variables['PostBuildSign'], 'true')) + pool: + # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com) + ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}: + name: AzurePipelines-EO + image: 1ESPT-Windows2022 + demands: Cmd + os: windows + # If it's not devdiv, it's dnceng + ${{ else }}: + name: $(DncEngInternalBuildPool) + image: 1es-windows-2022 + os: windows + steps: + - template: setup-maestro-vars.yml + parameters: + BARBuildId: ${{ parameters.BARBuildId }} + PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }} + + - task: DownloadBuildArtifacts@0 + displayName: Download Package Artifacts + inputs: + buildType: specific + buildVersionToDownload: specific + project: $(AzDOProjectName) + pipeline: $(AzDOPipelineId) + buildId: $(AzDOBuildId) + artifactName: PackageArtifacts + checkDownloadedFiles: true + itemPattern: | + ** + !**/Microsoft.SourceBuild.Intermediate.*.nupkg + + # This is necessary whenever we want to publish/restore to an AzDO private feed + # Since sdk-task.ps1 tries to restore packages we need to do this authentication here + # otherwise it'll complain about accessing a private feed. + - task: NuGetAuthenticate@1 + displayName: 'Authenticate to AzDO Feeds' + + - task: PowerShell@2 + displayName: Enable cross-org publishing + inputs: + filePath: eng\common\enable-cross-org-publishing.ps1 + arguments: -token $(dn-bot-dnceng-artifact-feeds-rw) + + # Signing validation will optionally work with the buildmanifest file which is downloaded from + # Azure DevOps above. + - task: PowerShell@2 + displayName: Validate + inputs: + filePath: eng\common\sdk-task.ps1 + arguments: -task SigningValidation -restore -msbuildEngine vs + /p:PackageBasePath='$(Build.ArtifactStagingDirectory)/PackageArtifacts' + /p:SignCheckExclusionsFile='$(Build.SourcesDirectory)/eng/SignCheckExclusionsFile.txt' + ${{ parameters.signingValidationAdditionalParameters }} + + - template: ../steps/publish-logs.yml + parameters: + StageLabel: 'Validation' + JobLabel: 'Signing' + + - job: + displayName: SourceLink Validation + condition: eq( ${{ parameters.enableSourceLinkValidation }}, 'true') + pool: + # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com) + ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}: + name: AzurePipelines-EO + image: 1ESPT-Windows2022 + demands: Cmd + os: windows + # If it's not devdiv, it's dnceng + ${{ else }}: + name: $(DncEngInternalBuildPool) + image: 1es-windows-2022 + os: windows + steps: + - template: setup-maestro-vars.yml + parameters: + BARBuildId: ${{ parameters.BARBuildId }} + PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }} + + - task: DownloadBuildArtifacts@0 + displayName: Download Blob Artifacts + inputs: + buildType: specific + buildVersionToDownload: specific + project: $(AzDOProjectName) + pipeline: $(AzDOPipelineId) + buildId: $(AzDOBuildId) + artifactName: BlobArtifacts + checkDownloadedFiles: true + + - task: PowerShell@2 + displayName: Validate + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/post-build/sourcelink-validation.ps1 + arguments: -InputPath $(Build.ArtifactStagingDirectory)/BlobArtifacts/ + -ExtractPath $(Agent.BuildDirectory)/Extract/ + -GHRepoName $(Build.Repository.Name) + -GHCommit $(Build.SourceVersion) + -SourcelinkCliVersion $(SourceLinkCLIVersion) + continueOnError: true + +- ${{ if ne(parameters.publishAssetsImmediately, 'true') }}: + - stage: publish_using_darc + ${{ if or(eq(parameters.enableNugetValidation, 'true'), eq(parameters.enableSigningValidation, 'true'), eq(parameters.enableSourceLinkValidation, 'true'), eq(parameters.SDLValidationParameters.enable, 'true')) }}: + dependsOn: ${{ parameters.publishDependsOn }} + ${{ else }}: + dependsOn: ${{ parameters.validateDependsOn }} + displayName: Publish using Darc + variables: + - template: common-variables.yml + - template: /eng/common/templates-official/variables/pool-providers.yml + jobs: + - job: + displayName: Publish Using Darc + timeoutInMinutes: 120 + pool: + # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com) + ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}: + name: AzurePipelines-EO + image: 1ESPT-Windows2022 + demands: Cmd + os: windows + # If it's not devdiv, it's dnceng + ${{ else }}: + name: $(DncEngInternalBuildPool) + image: 1es-windows-2022 + os: windows + steps: + - template: setup-maestro-vars.yml + parameters: + BARBuildId: ${{ parameters.BARBuildId }} + PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }} + + - task: NuGetAuthenticate@1 + + - task: PowerShell@2 + displayName: Publish Using Darc + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 + arguments: -BuildId $(BARBuildId) + -PublishingInfraVersion ${{ parameters.publishingInfraVersion }} + -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' + -MaestroToken '$(MaestroApiAccessToken)' + -WaitPublishingFinish true + -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}' + -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}' diff --git a/eng/common/templates-official/post-build/setup-maestro-vars.yml b/eng/common/templates-official/post-build/setup-maestro-vars.yml new file mode 100644 index 000000000000..0c87f149a4ad --- /dev/null +++ b/eng/common/templates-official/post-build/setup-maestro-vars.yml @@ -0,0 +1,70 @@ +parameters: + BARBuildId: '' + PromoteToChannelIds: '' + +steps: + - ${{ if eq(coalesce(parameters.PromoteToChannelIds, 0), 0) }}: + - task: DownloadBuildArtifacts@0 + displayName: Download Release Configs + inputs: + buildType: current + artifactName: ReleaseConfigs + checkDownloadedFiles: true + + - task: PowerShell@2 + name: setReleaseVars + displayName: Set Release Configs Vars + inputs: + targetType: inline + pwsh: true + script: | + try { + if (!$Env:PromoteToMaestroChannels -or $Env:PromoteToMaestroChannels.Trim() -eq '') { + $Content = Get-Content $(Build.StagingDirectory)/ReleaseConfigs/ReleaseConfigs.txt + + $BarId = $Content | Select -Index 0 + $Channels = $Content | Select -Index 1 + $IsStableBuild = $Content | Select -Index 2 + + $AzureDevOpsProject = $Env:System_TeamProject + $AzureDevOpsBuildDefinitionId = $Env:System_DefinitionId + $AzureDevOpsBuildId = $Env:Build_BuildId + } + else { + $buildApiEndpoint = "${Env:MaestroApiEndPoint}/api/builds/${Env:BARBuildId}?api-version=${Env:MaestroApiVersion}" + + $apiHeaders = New-Object 'System.Collections.Generic.Dictionary[[String],[String]]' + $apiHeaders.Add('Accept', 'application/json') + $apiHeaders.Add('Authorization',"Bearer ${Env:MAESTRO_API_TOKEN}") + + $buildInfo = try { Invoke-WebRequest -Method Get -Uri $buildApiEndpoint -Headers $apiHeaders | ConvertFrom-Json } catch { Write-Host "Error: $_" } + + $BarId = $Env:BARBuildId + $Channels = $Env:PromoteToMaestroChannels -split "," + $Channels = $Channels -join "][" + $Channels = "[$Channels]" + + $IsStableBuild = $buildInfo.stable + $AzureDevOpsProject = $buildInfo.azureDevOpsProject + $AzureDevOpsBuildDefinitionId = $buildInfo.azureDevOpsBuildDefinitionId + $AzureDevOpsBuildId = $buildInfo.azureDevOpsBuildId + } + + Write-Host "##vso[task.setvariable variable=BARBuildId]$BarId" + Write-Host "##vso[task.setvariable variable=TargetChannels]$Channels" + Write-Host "##vso[task.setvariable variable=IsStableBuild]$IsStableBuild" + + Write-Host "##vso[task.setvariable variable=AzDOProjectName]$AzureDevOpsProject" + Write-Host "##vso[task.setvariable variable=AzDOPipelineId]$AzureDevOpsBuildDefinitionId" + Write-Host "##vso[task.setvariable variable=AzDOBuildId]$AzureDevOpsBuildId" + } + catch { + Write-Host $_ + Write-Host $_.Exception + Write-Host $_.ScriptStackTrace + exit 1 + } + env: + MAESTRO_API_TOKEN: $(MaestroApiAccessToken) + BARBuildId: ${{ parameters.BARBuildId }} + PromoteToMaestroChannels: ${{ parameters.PromoteToChannelIds }} diff --git a/eng/common/templates-official/post-build/trigger-subscription.yml b/eng/common/templates-official/post-build/trigger-subscription.yml new file mode 100644 index 000000000000..da669030daf6 --- /dev/null +++ b/eng/common/templates-official/post-build/trigger-subscription.yml @@ -0,0 +1,13 @@ +parameters: + ChannelId: 0 + +steps: +- task: PowerShell@2 + displayName: Triggering subscriptions + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/post-build/trigger-subscriptions.ps1 + arguments: -SourceRepo $(Build.Repository.Uri) + -ChannelId ${{ parameters.ChannelId }} + -MaestroApiAccessToken $(MaestroAccessToken) + -MaestroApiEndPoint $(MaestroApiEndPoint) + -MaestroApiVersion $(MaestroApiVersion) diff --git a/eng/common/templates-official/steps/add-build-to-channel.yml b/eng/common/templates-official/steps/add-build-to-channel.yml new file mode 100644 index 000000000000..f67a210d62f3 --- /dev/null +++ b/eng/common/templates-official/steps/add-build-to-channel.yml @@ -0,0 +1,13 @@ +parameters: + ChannelId: 0 + +steps: +- task: PowerShell@2 + displayName: Add Build to Channel + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/post-build/add-build-to-channel.ps1 + arguments: -BuildId $(BARBuildId) + -ChannelId ${{ parameters.ChannelId }} + -MaestroApiAccessToken $(MaestroApiAccessToken) + -MaestroApiEndPoint $(MaestroApiEndPoint) + -MaestroApiVersion $(MaestroApiVersion) diff --git a/eng/common/templates-official/steps/component-governance.yml b/eng/common/templates-official/steps/component-governance.yml new file mode 100644 index 000000000000..babc2757d8d1 --- /dev/null +++ b/eng/common/templates-official/steps/component-governance.yml @@ -0,0 +1,10 @@ +parameters: + disableComponentGovernance: false + +steps: +- ${{ if eq(parameters.disableComponentGovernance, 'true') }}: + - script: "echo ##vso[task.setvariable variable=skipComponentGovernanceDetection]true" + displayName: Set skipComponentGovernanceDetection variable +- ${{ if ne(parameters.disableComponentGovernance, 'true') }}: + - task: ComponentGovernanceComponentDetection@0 + continueOnError: true \ No newline at end of file diff --git a/eng/common/templates-official/steps/execute-codeql.yml b/eng/common/templates-official/steps/execute-codeql.yml new file mode 100644 index 000000000000..9b4a5ffa30a7 --- /dev/null +++ b/eng/common/templates-official/steps/execute-codeql.yml @@ -0,0 +1,32 @@ +parameters: + # Language that should be analyzed. Defaults to csharp + language: csharp + # Build Commands + buildCommands: '' + overrideParameters: '' # Optional: to override values for parameters. + additionalParameters: '' # Optional: parameters that need user specific values eg: '-SourceToolsList @("abc","def") -ArtifactToolsList @("ghi","jkl")' + # Optional: if specified, restore and use this version of Guardian instead of the default. + overrideGuardianVersion: '' + # Optional: if true, publish the '.gdn' folder as a pipeline artifact. This can help with in-depth + # diagnosis of problems with specific tool configurations. + publishGuardianDirectoryToPipeline: false + # The script to run to execute all SDL tools. Use this if you want to use a script to define SDL + # parameters rather than relying on YAML. It may be better to use a local script, because you can + # reproduce results locally without piecing together a command based on the YAML. + executeAllSdlToolsScript: 'eng/common/sdl/execute-all-sdl-tools.ps1' + # There is some sort of bug (has been reported) in Azure DevOps where if this parameter is named + # 'continueOnError', the parameter value is not correctly picked up. + # This can also be remedied by the caller (post-build.yml) if it does not use a nested parameter + # optional: determines whether to continue the build if the step errors; + sdlContinueOnError: false + +steps: +- template: /eng/common/templates-official/steps/execute-sdl.yml + parameters: + overrideGuardianVersion: ${{ parameters.overrideGuardianVersion }} + executeAllSdlToolsScript: ${{ parameters.executeAllSdlToolsScript }} + overrideParameters: ${{ parameters.overrideParameters }} + additionalParameters: '${{ parameters.additionalParameters }} + -CodeQLAdditionalRunConfigParams @("BuildCommands < ${{ parameters.buildCommands }}", "Language < ${{ parameters.language }}")' + publishGuardianDirectoryToPipeline: ${{ parameters.publishGuardianDirectoryToPipeline }} + sdlContinueOnError: ${{ parameters.sdlContinueOnError }} \ No newline at end of file diff --git a/eng/common/templates-official/steps/generate-sbom.yml b/eng/common/templates-official/steps/generate-sbom.yml new file mode 100644 index 000000000000..f98fe1d2fa84 --- /dev/null +++ b/eng/common/templates-official/steps/generate-sbom.yml @@ -0,0 +1,44 @@ +# BuildDropPath - The root folder of the drop directory for which the manifest file will be generated. +# PackageName - The name of the package this SBOM represents. +# PackageVersion - The version of the package this SBOM represents. +# ManifestDirPath - The path of the directory where the generated manifest files will be placed + +parameters: + PackageVersion: 7.0.0 + BuildDropPath: '$(Build.SourcesDirectory)/artifacts' + PackageName: '.NET' + ManifestDirPath: $(Build.ArtifactStagingDirectory)/sbom + sbomContinueOnError: true + +steps: +- task: PowerShell@2 + displayName: Prep for SBOM generation in (Non-linux) + condition: or(eq(variables['Agent.Os'], 'Windows_NT'), eq(variables['Agent.Os'], 'Darwin')) + inputs: + filePath: ./eng/common/generate-sbom-prep.ps1 + arguments: ${{parameters.manifestDirPath}} + +# Chmodding is a workaround for https://github.com/dotnet/arcade/issues/8461 +- script: | + chmod +x ./eng/common/generate-sbom-prep.sh + ./eng/common/generate-sbom-prep.sh ${{parameters.manifestDirPath}} + displayName: Prep for SBOM generation in (Linux) + condition: eq(variables['Agent.Os'], 'Linux') + continueOnError: ${{ parameters.sbomContinueOnError }} + +- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 + displayName: 'Generate SBOM manifest' + continueOnError: ${{ parameters.sbomContinueOnError }} + inputs: + PackageName: ${{ parameters.packageName }} + BuildDropPath: ${{ parameters.buildDropPath }} + PackageVersion: ${{ parameters.packageVersion }} + ManifestDirPath: ${{ parameters.manifestDirPath }} + +- task: 1ES.PublishPipelineArtifact@1 + displayName: Publish SBOM manifest + continueOnError: ${{parameters.sbomContinueOnError}} + inputs: + targetPath: '${{parameters.manifestDirPath}}' + artifactName: $(ARTIFACT_NAME) + diff --git a/eng/common/templates-official/steps/publish-logs.yml b/eng/common/templates-official/steps/publish-logs.yml new file mode 100644 index 000000000000..04012fed182a --- /dev/null +++ b/eng/common/templates-official/steps/publish-logs.yml @@ -0,0 +1,23 @@ +parameters: + StageLabel: '' + JobLabel: '' + +steps: +- task: Powershell@2 + displayName: Prepare Binlogs to Upload + inputs: + targetType: inline + script: | + New-Item -ItemType Directory $(Build.SourcesDirectory)/PostBuildLogs/${{parameters.StageLabel}}/${{parameters.JobLabel}}/ + Move-Item -Path $(Build.SourcesDirectory)/artifacts/log/Debug/* $(Build.SourcesDirectory)/PostBuildLogs/${{parameters.StageLabel}}/${{parameters.JobLabel}}/ + continueOnError: true + condition: always() + +- task: 1ES.PublishBuildArtifacts@1 + displayName: Publish Logs + inputs: + PathtoPublish: '$(Build.SourcesDirectory)/PostBuildLogs' + PublishLocation: Container + ArtifactName: PostBuildLogs + continueOnError: true + condition: always() diff --git a/eng/common/templates-official/steps/retain-build.yml b/eng/common/templates-official/steps/retain-build.yml new file mode 100644 index 000000000000..83d97a26a01f --- /dev/null +++ b/eng/common/templates-official/steps/retain-build.yml @@ -0,0 +1,28 @@ +parameters: + # Optional azure devops PAT with build execute permissions for the build's organization, + # only needed if the build that should be retained ran on a different organization than + # the pipeline where this template is executing from + Token: '' + # Optional BuildId to retain, defaults to the current running build + BuildId: '' + # Azure devops Organization URI for the build in the https://dev.azure.com/ format. + # Defaults to the organization the current pipeline is running on + AzdoOrgUri: '$(System.CollectionUri)' + # Azure devops project for the build. Defaults to the project the current pipeline is running on + AzdoProject: '$(System.TeamProject)' + +steps: + - task: powershell@2 + inputs: + targetType: 'filePath' + filePath: eng/common/retain-build.ps1 + pwsh: true + arguments: > + -AzdoOrgUri: ${{parameters.AzdoOrgUri}} + -AzdoProject ${{parameters.AzdoProject}} + -Token ${{coalesce(parameters.Token, '$env:SYSTEM_ACCESSTOKEN') }} + -BuildId ${{coalesce(parameters.BuildId, '$env:BUILD_ID')}} + displayName: Enable permanent build retention + env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + BUILD_ID: $(Build.BuildId) \ No newline at end of file diff --git a/eng/common/templates-official/steps/send-to-helix.yml b/eng/common/templates-official/steps/send-to-helix.yml new file mode 100644 index 000000000000..2f51ef5b9ac1 --- /dev/null +++ b/eng/common/templates-official/steps/send-to-helix.yml @@ -0,0 +1,91 @@ +# Please remember to update the documentation if you make changes to these parameters! +parameters: + HelixSource: 'pr/default' # required -- sources must start with pr/, official/, prodcon/, or agent/ + HelixType: 'tests/default/' # required -- Helix telemetry which identifies what type of data this is; should include "test" for clarity and must end in '/' + HelixBuild: $(Build.BuildNumber) # required -- the build number Helix will use to identify this -- automatically set to the AzDO build number + HelixTargetQueues: '' # required -- semicolon-delimited list of Helix queues to test on; see https://helix.dot.net/ for a list of queues + HelixAccessToken: '' # required -- access token to make Helix API requests; should be provided by the appropriate variable group + HelixConfiguration: '' # optional -- additional property attached to a job + HelixPreCommands: '' # optional -- commands to run before Helix work item execution + HelixPostCommands: '' # optional -- commands to run after Helix work item execution + WorkItemDirectory: '' # optional -- a payload directory to zip up and send to Helix; requires WorkItemCommand; incompatible with XUnitProjects + WorkItemCommand: '' # optional -- a command to execute on the payload; requires WorkItemDirectory; incompatible with XUnitProjects + WorkItemTimeout: '' # optional -- a timeout in TimeSpan.Parse-ready value (e.g. 00:02:00) for the work item command; requires WorkItemDirectory; incompatible with XUnitProjects + CorrelationPayloadDirectory: '' # optional -- a directory to zip up and send to Helix as a correlation payload + XUnitProjects: '' # optional -- semicolon-delimited list of XUnitProjects to parse and send to Helix; requires XUnitRuntimeTargetFramework, XUnitPublishTargetFramework, XUnitRunnerVersion, and IncludeDotNetCli=true + XUnitWorkItemTimeout: '' # optional -- the workitem timeout in seconds for all workitems created from the xUnit projects specified by XUnitProjects + XUnitPublishTargetFramework: '' # optional -- framework to use to publish your xUnit projects + XUnitRuntimeTargetFramework: '' # optional -- framework to use for the xUnit console runner + XUnitRunnerVersion: '' # optional -- version of the xUnit nuget package you wish to use on Helix; required for XUnitProjects + IncludeDotNetCli: false # optional -- true will download a version of the .NET CLI onto the Helix machine as a correlation payload; requires DotNetCliPackageType and DotNetCliVersion + DotNetCliPackageType: '' # optional -- either 'sdk', 'runtime' or 'aspnetcore-runtime'; determines whether the sdk or runtime will be sent to Helix; see https://raw.githubusercontent.com/dotnet/core/main/release-notes/releases-index.json + DotNetCliVersion: '' # optional -- version of the CLI to send to Helix; based on this: https://raw.githubusercontent.com/dotnet/core/main/release-notes/releases-index.json + WaitForWorkItemCompletion: true # optional -- true will make the task wait until work items have been completed and fail the build if work items fail. False is "fire and forget." + IsExternal: false # [DEPRECATED] -- doesn't do anything, jobs are external if HelixAccessToken is empty and Creator is set + HelixBaseUri: 'https://helix.dot.net/' # optional -- sets the Helix API base URI (allows targeting https://helix.int-dot.net ) + Creator: '' # optional -- if the build is external, use this to specify who is sending the job + DisplayNamePrefix: 'Run Tests' # optional -- rename the beginning of the displayName of the steps in AzDO + condition: succeeded() # optional -- condition for step to execute; defaults to succeeded() + continueOnError: false # optional -- determines whether to continue the build if the step errors; defaults to false + +steps: + - powershell: 'powershell "$env:BUILD_SOURCESDIRECTORY\eng\common\msbuild.ps1 $env:BUILD_SOURCESDIRECTORY\eng\common\helixpublish.proj /restore /p:TreatWarningsAsErrors=false /t:Test /bl:$env:BUILD_SOURCESDIRECTORY\artifacts\log\$env:BuildConfig\SendToHelix.binlog"' + displayName: ${{ parameters.DisplayNamePrefix }} (Windows) + env: + BuildConfig: $(_BuildConfig) + HelixSource: ${{ parameters.HelixSource }} + HelixType: ${{ parameters.HelixType }} + HelixBuild: ${{ parameters.HelixBuild }} + HelixConfiguration: ${{ parameters.HelixConfiguration }} + HelixTargetQueues: ${{ parameters.HelixTargetQueues }} + HelixAccessToken: ${{ parameters.HelixAccessToken }} + HelixPreCommands: ${{ parameters.HelixPreCommands }} + HelixPostCommands: ${{ parameters.HelixPostCommands }} + WorkItemDirectory: ${{ parameters.WorkItemDirectory }} + WorkItemCommand: ${{ parameters.WorkItemCommand }} + WorkItemTimeout: ${{ parameters.WorkItemTimeout }} + CorrelationPayloadDirectory: ${{ parameters.CorrelationPayloadDirectory }} + XUnitProjects: ${{ parameters.XUnitProjects }} + XUnitWorkItemTimeout: ${{ parameters.XUnitWorkItemTimeout }} + XUnitPublishTargetFramework: ${{ parameters.XUnitPublishTargetFramework }} + XUnitRuntimeTargetFramework: ${{ parameters.XUnitRuntimeTargetFramework }} + XUnitRunnerVersion: ${{ parameters.XUnitRunnerVersion }} + IncludeDotNetCli: ${{ parameters.IncludeDotNetCli }} + DotNetCliPackageType: ${{ parameters.DotNetCliPackageType }} + DotNetCliVersion: ${{ parameters.DotNetCliVersion }} + WaitForWorkItemCompletion: ${{ parameters.WaitForWorkItemCompletion }} + HelixBaseUri: ${{ parameters.HelixBaseUri }} + Creator: ${{ parameters.Creator }} + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + condition: and(${{ parameters.condition }}, eq(variables['Agent.Os'], 'Windows_NT')) + continueOnError: ${{ parameters.continueOnError }} + - script: $BUILD_SOURCESDIRECTORY/eng/common/msbuild.sh $BUILD_SOURCESDIRECTORY/eng/common/helixpublish.proj /restore /p:TreatWarningsAsErrors=false /t:Test /bl:$BUILD_SOURCESDIRECTORY/artifacts/log/$BuildConfig/SendToHelix.binlog + displayName: ${{ parameters.DisplayNamePrefix }} (Unix) + env: + BuildConfig: $(_BuildConfig) + HelixSource: ${{ parameters.HelixSource }} + HelixType: ${{ parameters.HelixType }} + HelixBuild: ${{ parameters.HelixBuild }} + HelixConfiguration: ${{ parameters.HelixConfiguration }} + HelixTargetQueues: ${{ parameters.HelixTargetQueues }} + HelixAccessToken: ${{ parameters.HelixAccessToken }} + HelixPreCommands: ${{ parameters.HelixPreCommands }} + HelixPostCommands: ${{ parameters.HelixPostCommands }} + WorkItemDirectory: ${{ parameters.WorkItemDirectory }} + WorkItemCommand: ${{ parameters.WorkItemCommand }} + WorkItemTimeout: ${{ parameters.WorkItemTimeout }} + CorrelationPayloadDirectory: ${{ parameters.CorrelationPayloadDirectory }} + XUnitProjects: ${{ parameters.XUnitProjects }} + XUnitWorkItemTimeout: ${{ parameters.XUnitWorkItemTimeout }} + XUnitPublishTargetFramework: ${{ parameters.XUnitPublishTargetFramework }} + XUnitRuntimeTargetFramework: ${{ parameters.XUnitRuntimeTargetFramework }} + XUnitRunnerVersion: ${{ parameters.XUnitRunnerVersion }} + IncludeDotNetCli: ${{ parameters.IncludeDotNetCli }} + DotNetCliPackageType: ${{ parameters.DotNetCliPackageType }} + DotNetCliVersion: ${{ parameters.DotNetCliVersion }} + WaitForWorkItemCompletion: ${{ parameters.WaitForWorkItemCompletion }} + HelixBaseUri: ${{ parameters.HelixBaseUri }} + Creator: ${{ parameters.Creator }} + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + condition: and(${{ parameters.condition }}, ne(variables['Agent.Os'], 'Windows_NT')) + continueOnError: ${{ parameters.continueOnError }} \ No newline at end of file diff --git a/eng/common/templates-official/steps/source-build.yml b/eng/common/templates-official/steps/source-build.yml new file mode 100644 index 000000000000..a7f27ce8ef14 --- /dev/null +++ b/eng/common/templates-official/steps/source-build.yml @@ -0,0 +1,108 @@ +parameters: + # This template adds arcade-powered source-build to CI. + + # This is a 'steps' template, and is intended for advanced scenarios where the existing build + # infra has a careful build methodology that must be followed. For example, a repo + # (dotnet/runtime) might choose to clone the GitHub repo only once and store it as a pipeline + # artifact for all subsequent jobs to use, to reduce dependence on a strong network connection to + # GitHub. Using this steps template leaves room for that infra to be included. + + # Defines the platform on which to run the steps. See 'eng/common/templates-official/job/source-build.yml' + # for details. The entire object is described in the 'job' template for simplicity, even though + # the usage of the properties on this object is split between the 'job' and 'steps' templates. + platform: {} + +steps: +# Build. Keep it self-contained for simple reusability. (No source-build-specific job variables.) +- script: | + set -x + df -h + + # If building on the internal project, the artifact feeds variable may be available (usually only if needed) + # In that case, call the feed setup script to add internal feeds corresponding to public ones. + # In addition, add an msbuild argument to copy the WIP from the repo to the target build location. + # This is because SetupNuGetSources.sh will alter the current NuGet.config file, and we need to preserve those + # changes. + internalRestoreArgs= + if [ '$(dn-bot-dnceng-artifact-feeds-rw)' != '$''(dn-bot-dnceng-artifact-feeds-rw)' ]; then + # Temporarily work around https://github.com/dotnet/arcade/issues/7709 + chmod +x $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh + $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh $(Build.SourcesDirectory)/NuGet.config $(dn-bot-dnceng-artifact-feeds-rw) + internalRestoreArgs='/p:CopyWipIntoInnerSourceBuildRepo=true' + + # The 'Copy WIP' feature of source build uses git stash to apply changes from the original repo. + # This only works if there is a username/email configured, which won't be the case in most CI runs. + git config --get user.email + if [ $? -ne 0 ]; then + git config user.email dn-bot@microsoft.com + git config user.name dn-bot + fi + fi + + # If building on the internal project, the internal storage variable may be available (usually only if needed) + # In that case, add variables to allow the download of internal runtimes if the specified versions are not found + # in the default public locations. + internalRuntimeDownloadArgs= + if [ '$(dotnetbuilds-internal-container-read-token-base64)' != '$''(dotnetbuilds-internal-container-read-token-base64)' ]; then + internalRuntimeDownloadArgs='/p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) --runtimesourcefeed https://dotnetbuilds.blob.core.windows.net/internal --runtimesourcefeedkey $(dotnetbuilds-internal-container-read-token-base64)' + fi + + buildConfig=Release + # Check if AzDO substitutes in a build config from a variable, and use it if so. + if [ '$(_BuildConfig)' != '$''(_BuildConfig)' ]; then + buildConfig='$(_BuildConfig)' + fi + + officialBuildArgs= + if [ '${{ and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}' = 'True' ]; then + officialBuildArgs='/p:DotNetPublishUsingPipelines=true /p:OfficialBuildId=$(BUILD.BUILDNUMBER)' + fi + + targetRidArgs= + if [ '${{ parameters.platform.targetRID }}' != '' ]; then + targetRidArgs='/p:TargetRid=${{ parameters.platform.targetRID }}' + fi + + runtimeOsArgs= + if [ '${{ parameters.platform.runtimeOS }}' != '' ]; then + runtimeOsArgs='/p:RuntimeOS=${{ parameters.platform.runtimeOS }}' + fi + + publishArgs= + if [ '${{ parameters.platform.skipPublishValidation }}' != 'true' ]; then + publishArgs='--publish' + fi + + ${{ coalesce(parameters.platform.buildScript, './build.sh') }} --ci \ + --configuration $buildConfig \ + --restore --build --pack $publishArgs -bl \ + $officialBuildArgs \ + $internalRuntimeDownloadArgs \ + $internalRestoreArgs \ + $targetRidArgs \ + $runtimeOsArgs \ + /p:SourceBuildNonPortable=${{ parameters.platform.nonPortable }} \ + /p:ArcadeBuildFromSource=true + displayName: Build + +# Upload build logs for diagnosis. +- task: CopyFiles@2 + displayName: Prepare BuildLogs staging directory + inputs: + SourceFolder: '$(Build.SourcesDirectory)' + Contents: | + **/*.log + **/*.binlog + artifacts/source-build/self/prebuilt-report/** + TargetFolder: '$(Build.StagingDirectory)/BuildLogs' + CleanTargetFolder: true + continueOnError: true + condition: succeededOrFailed() + +- task: 1ES.PublishPipelineArtifact@1 + displayName: Publish BuildLogs + inputs: + targetPath: '$(Build.StagingDirectory)/BuildLogs' + artifactName: BuildLogs_SourceBuild_${{ parameters.platform.name }}_Attempt$(System.JobAttempt) + continueOnError: true + condition: succeededOrFailed() diff --git a/eng/common/templates-official/variables/sdl-variables.yml b/eng/common/templates-official/variables/sdl-variables.yml new file mode 100644 index 000000000000..dbdd66d4a4b3 --- /dev/null +++ b/eng/common/templates-official/variables/sdl-variables.yml @@ -0,0 +1,7 @@ +variables: +# The Guardian version specified in 'eng/common/sdl/packages.config'. This value must be kept in +# sync with the packages.config file. +- name: DefaultGuardianVersion + value: 0.109.0 +- name: GuardianPackagesConfigFile + value: $(Build.SourcesDirectory)\eng\common\sdl\packages.config \ No newline at end of file diff --git a/global.json b/global.json index f6f1f44a5de3..c79633e8a23b 100644 --- a/global.json +++ b/global.json @@ -11,7 +11,7 @@ "cmake": "3.16.4" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "7.0.0-beta.24163.12", - "Microsoft.DotNet.CMake.Sdk": "7.0.0-beta.24163.12" + "Microsoft.DotNet.Arcade.Sdk": "7.0.0-beta.24171.2", + "Microsoft.DotNet.CMake.Sdk": "7.0.0-beta.24171.2" } } From 25bc12bceac2851cd7dce459fc0ec485a31809a3 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Thu, 21 Mar 2024 22:42:35 +0000 Subject: [PATCH 2/8] Update dependencies from https://github.com/dotnet/arcade build Microsoft.DotNet.Arcade.Sdk , Microsoft.DotNet.Build.Tasks.Installers , Microsoft.DotNet.CMake.Sdk From Version 7.0.0-beta.24163.12 -> To Version 7.0.0-beta.24171.2 From ae48308ac54859c94d4c5335770c099f62cddbe4 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Fri, 22 Mar 2024 03:40:43 +0000 Subject: [PATCH 3/8] Update dependencies from https://github.com/dotnet/arcade build Microsoft.DotNet.Arcade.Sdk , Microsoft.DotNet.Build.Tasks.Installers , Microsoft.DotNet.CMake.Sdk From Version 7.0.0-beta.24163.12 -> To Version 7.0.0-beta.24171.6 --- eng/Version.Details.xml | 12 ++--- eng/Versions.props | 2 +- .../variables/pool-providers.yml | 45 +++++++++++++++++++ global.json | 4 +- 4 files changed, 54 insertions(+), 9 deletions(-) create mode 100644 eng/common/templates-official/variables/pool-providers.yml diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index f623ff164617..99043cbdfdc3 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -192,18 +192,18 @@ - + https://github.com/dotnet/arcade - bc35747acd136d5aca170df4ec527c346db76c8e + 834d09f0c963da37c88aed7ba3a83acafe582948 - + https://github.com/dotnet/arcade - bc35747acd136d5aca170df4ec527c346db76c8e + 834d09f0c963da37c88aed7ba3a83acafe582948 - + https://github.com/dotnet/arcade - bc35747acd136d5aca170df4ec527c346db76c8e + 834d09f0c963da37c88aed7ba3a83acafe582948 https://github.com/dotnet/source-build-reference-packages diff --git a/eng/Versions.props b/eng/Versions.props index f330e20571b2..a573984c856a 100644 --- a/eng/Versions.props +++ b/eng/Versions.props @@ -33,7 +33,7 @@ - 7.0.0-beta.24171.2 + 7.0.0-beta.24171.6 diff --git a/eng/common/templates-official/variables/pool-providers.yml b/eng/common/templates-official/variables/pool-providers.yml new file mode 100644 index 000000000000..beab7d1bfba0 --- /dev/null +++ b/eng/common/templates-official/variables/pool-providers.yml @@ -0,0 +1,45 @@ +# Select a pool provider based off branch name. Anything with branch name containing 'release' must go into an -Svc pool, +# otherwise it should go into the "normal" pools. This separates out the queueing and billing of released branches. + +# Motivation: +# Once a given branch of a repository's output has been officially "shipped" once, it is then considered to be COGS +# (Cost of goods sold) and should be moved to a servicing pool provider. This allows both separation of queueing +# (allowing release builds and main PR builds to not intefere with each other) and billing (required for COGS. +# Additionally, the pool provider name itself may be subject to change when the .NET Core Engineering Services +# team needs to move resources around and create new and potentially differently-named pools. Using this template +# file from an Arcade-ified repo helps guard against both having to update one's release/* branches and renaming. + +# How to use: +# This yaml assumes your shipped product branches use the naming convention "release/..." (which many do). +# If we find alternate naming conventions in broad usage it can be added to the condition below. +# +# First, import the template in an arcade-ified repo to pick up the variables, e.g.: +# +# variables: +# - template: /eng/common/templates-official/variables/pool-providers.yml +# +# ... then anywhere specifying the pool provider use the runtime variables, +# $(DncEngInternalBuildPool) +# +# pool: +# name: $(DncEngInternalBuildPool) +# image: 1es-windows-2022-pt + +variables: + # Coalesce the target and source branches so we know when a PR targets a release branch + # If these variables are somehow missing, fall back to main (tends to have more capacity) + + # Any new -Svc alternative pools should have variables added here to allow for splitting work + + - name: DncEngInternalBuildPool + value: $[ + replace( + replace( + eq(contains(coalesce(variables['System.PullRequest.TargetBranch'], variables['Build.SourceBranch'], 'refs/heads/main'), 'release'), 'true'), + True, + 'NetCore1ESPool-Svc-Internal' + ), + False, + 'NetCore1ESPool-Internal' + ) + ] \ No newline at end of file diff --git a/global.json b/global.json index c79633e8a23b..6eb1898569b3 100644 --- a/global.json +++ b/global.json @@ -11,7 +11,7 @@ "cmake": "3.16.4" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "7.0.0-beta.24171.2", - "Microsoft.DotNet.CMake.Sdk": "7.0.0-beta.24171.2" + "Microsoft.DotNet.Arcade.Sdk": "7.0.0-beta.24171.6", + "Microsoft.DotNet.CMake.Sdk": "7.0.0-beta.24171.6" } } From 9921f6d0da6955934d6e1c2ce3fa3366a1750101 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Fri, 22 Mar 2024 03:46:51 +0000 Subject: [PATCH 4/8] Update dependencies from https://github.com/dotnet/arcade build Microsoft.DotNet.Arcade.Sdk , Microsoft.DotNet.Build.Tasks.Installers , Microsoft.DotNet.CMake.Sdk From Version 7.0.0-beta.24163.12 -> To Version 7.0.0-beta.24171.6 From a37cd044ef9440367ad9a2d6d72573e20d307200 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Mon, 25 Mar 2024 12:31:55 +0000 Subject: [PATCH 5/8] Update dependencies from https://github.com/dotnet/arcade build Microsoft.DotNet.Arcade.Sdk , Microsoft.DotNet.Build.Tasks.Installers , Microsoft.DotNet.CMake.Sdk From Version 7.0.0-beta.24163.12 -> To Version 7.0.0-beta.24172.6 --- eng/Version.Details.xml | 12 ++++++------ eng/Versions.props | 2 +- eng/common/templates-official/job/job.yml | 2 +- global.json | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 99043cbdfdc3..96738143e1e8 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -192,18 +192,18 @@ - + https://github.com/dotnet/arcade - 834d09f0c963da37c88aed7ba3a83acafe582948 + a14feb9f4edafbe99fc870b306615b639af6ae43 - + https://github.com/dotnet/arcade - 834d09f0c963da37c88aed7ba3a83acafe582948 + a14feb9f4edafbe99fc870b306615b639af6ae43 - + https://github.com/dotnet/arcade - 834d09f0c963da37c88aed7ba3a83acafe582948 + a14feb9f4edafbe99fc870b306615b639af6ae43 https://github.com/dotnet/source-build-reference-packages diff --git a/eng/Versions.props b/eng/Versions.props index a573984c856a..06975b7c1fc9 100644 --- a/eng/Versions.props +++ b/eng/Versions.props @@ -33,7 +33,7 @@ - 7.0.0-beta.24171.6 + 7.0.0-beta.24172.6 diff --git a/eng/common/templates-official/job/job.yml b/eng/common/templates-official/job/job.yml index a1bb79c43a7c..cd21848f4aa4 100644 --- a/eng/common/templates-official/job/job.yml +++ b/eng/common/templates-official/job/job.yml @@ -116,7 +116,7 @@ jobs: - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - ${{ if eq(parameters.enableMicrobuild, 'true') }}: - - task: MicroBuildSigningPlugin@3 + - task: MicroBuildSigningPlugin@4 displayName: Install MicroBuild plugin inputs: signType: $(_SignType) diff --git a/global.json b/global.json index 6eb1898569b3..9d1d642403ef 100644 --- a/global.json +++ b/global.json @@ -11,7 +11,7 @@ "cmake": "3.16.4" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "7.0.0-beta.24171.6", - "Microsoft.DotNet.CMake.Sdk": "7.0.0-beta.24171.6" + "Microsoft.DotNet.Arcade.Sdk": "7.0.0-beta.24172.6", + "Microsoft.DotNet.CMake.Sdk": "7.0.0-beta.24172.6" } } From d194cf6d67a7bb37b4e160a9e35643a69f2be545 Mon Sep 17 00:00:00 2001 From: Michael Yanni Date: Tue, 26 Mar 2024 11:43:31 -0700 Subject: [PATCH 6/8] Changes to support 1ES templates for internal build. --- .vsts-ci.yml | 687 +++++++++--------- .vsts-pr.yml | 35 +- eng/build-pr.yml | 156 ++++ eng/build.yml | 14 +- .../job/source-build-build-tarball-pr.yml | 252 +++++++ .../job/source-build-build-tarball.yml | 14 +- .../job/source-build-create-tarball-pr.yml | 85 +++ .../job/source-build-create-tarball.yml | 20 +- .../job/source-build-run-tarball-build-pr.yml | 147 ++++ .../job/source-build-run-tarball-build.yml | 14 +- 10 files changed, 1034 insertions(+), 390 deletions(-) create mode 100644 eng/build-pr.yml create mode 100644 src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball-pr.yml create mode 100644 src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball-pr.yml create mode 100644 src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build-pr.yml diff --git a/.vsts-ci.yml b/.vsts-ci.yml index 5e2cdc74578e..498d4e2aeaa7 100644 --- a/.vsts-ci.yml +++ b/.vsts-ci.yml @@ -1,3 +1,5 @@ +# Pipeline: https://dnceng.visualstudio.com/internal/_build?definitionId=286 + trigger: batch: true branches: @@ -26,7 +28,6 @@ variables: - group: DotNet-Installer-SDLValidation-Params - name: _PublishUsingPipelines value: true - # Default to running tests in PRs and public CI, but not in official builds - name: _WindowsTestArg value: '-test' @@ -37,358 +38,372 @@ variables: value: '' - name: _NonWindowsTestArg value: '' - - name: _InternalRuntimeDownloadArgs value: '' - - ${{ if eq(variables['System.TeamProject'], 'internal') }}: - group: DotNetBuilds storage account read tokens - name: _InternalRuntimeDownloadArgs value: /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) /p:dotnetbuilds-internal-container-read-token-base64=$(dotnetbuilds-internal-container-read-token-base64) +- name: DncEngPublicBuildPool + value: NetCore-Svc-Public +- name: DncEngInternalBuildPool + value: NetCore1ESPool-Svc-Internal -stages: -- stage: build - jobs: - - job: Publish_Build_Configuration - pool: - ${{ if eq(variables['System.TeamProject'], 'public') }}: - name: NetCore-Svc-Public - demands: ImageOverride -equals windows.vs2019.amd64.open - ${{ if eq(variables['System.TeamProject'], 'internal') }}: - name: NetCore1ESPool-Svc-Internal - demands: ImageOverride -equals windows.vs2019.amd64 - steps: - - publish: $(Build.SourcesDirectory)\eng\BuildConfiguration - artifact: BuildConfiguration - displayName: Publish Build Config - - template: /eng/build.yml - parameters: - agentOs: Windows_NT - pool: - ${{ if eq(variables['System.TeamProject'], 'public') }}: - name: NetCore-Svc-Public - demands: ImageOverride -equals windows.vs2019.amd64.open - ${{ if eq(variables['System.TeamProject'], 'internal') }}: - name: NetCore1ESPool-Svc-Internal - demands: ImageOverride -equals windows.vs2019.amd64 - timeoutInMinutes: 180 - strategy: - matrix: - # Public-only builds - ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}: - Build_Release_x64: - _BuildConfig: Debug - _BuildArchitecture: x64 - _DOTNET_CLI_UI_LANGUAGE: '' - _AdditionalBuildParameters: '/p:PublishInternalAsset=true' - _TestArg: $(_WindowsTestArg) - # Internal-only builds - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - Build_Release_x64: - _BuildConfig: Release - _BuildArchitecture: x64 - _DOTNET_CLI_UI_LANGUAGE: '' - _AdditionalBuildParameters: '/p:PublishInternalAsset=true' - _TestArg: $(_WindowsTestArg) - Build_Release_x86: - _BuildConfig: Release - _BuildArchitecture: x86 - _DOTNET_CLI_UI_LANGUAGE: '' - _AdditionalBuildParameters: '' - _TestArg: $(_WindowsTestArg) - Build_Release_arm64: - _BuildConfig: Release - _BuildArchitecture: arm64 - _DOTNET_CLI_UI_LANGUAGE: '' - _AdditionalBuildParameters: '' - # Never run tests on arm64 - _TestArg: '' +resources: + repositories: + - repository: 1esPipelines + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release - - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - - template: /eng/build.yml - parameters: - agentOs: Windows_NT +extends: + ${{ if notin(variables['Build.Reason'], 'PullRequest') }}: + template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines + ${{ else }}: + template: v1/1ES.Unofficial.PipelineTemplate.yml@1esPipelines + parameters: + containers: + fedora38: + image: mcr.microsoft.com/dotnet-buildtools/prereqs:fedora-38 + sdl: + sourceAnalysisPool: + name: $(DncEngInternalBuildPool) + image: 1es-windows-2019 + os: windows + stages: + - stage: build + jobs: + # Build Retry Configuration + - job: Publish_Build_Configuration pool: + ${{ if eq(variables['System.TeamProject'], 'public') }}: + name: $(DncEngPublicBuildPool) + image: 1es-windows-2019-open + os: windows ${{ if eq(variables['System.TeamProject'], 'internal') }}: - name: NetCore1ESPool-Svc-Internal - demands: ImageOverride -equals windows.vs2019.amd64 - timeoutInMinutes: 180 - strategy: - matrix: - Build_Release_x64: - _BuildConfig: Release - _BuildArchitecture: x64 - _DOTNET_CLI_UI_LANGUAGE: '' - _AdditionalBuildParameters: '/p:PublishInternalAsset=true' - # Never run tests on PGO bits - _TestArg: '' - Build_Release_x86: - _BuildConfig: Release - _BuildArchitecture: x86 - _DOTNET_CLI_UI_LANGUAGE: '' - _AdditionalBuildParameters: '' - _TestArg: '' - Build_Release_arm64: - _BuildConfig: Release - _BuildArchitecture: arm64 - _DOTNET_CLI_UI_LANGUAGE: '' - _AdditionalBuildParameters: '' - # Never run tests on arm64 - _TestArg: '' - pgoInstrument: true + name: $(DncEngInternalBuildPool) + image: 1es-windows-2019 + os: windows + steps: + - task: 1ES.PublishPipelineArtifact@1 + displayName: Publish Build Config + inputs: + targetPath: $(Build.SourcesDirectory)\eng\BuildConfiguration + artifactName: BuildConfiguration + - template: /eng/build.yml@self + parameters: + agentOs: Windows_NT + pool: + ${{ if eq(variables['System.TeamProject'], 'public') }}: + name: $(DncEngPublicBuildPool) + image: 1es-windows-2019-open + os: windows + ${{ if eq(variables['System.TeamProject'], 'internal') }}: + name: $(DncEngInternalBuildPool) + image: 1es-windows-2019 + os: windows + timeoutInMinutes: 180 + strategy: + matrix: + # Public-only builds + ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}: + Build_Release_x64: + _BuildConfig: Debug + _BuildArchitecture: x64 + _DOTNET_CLI_UI_LANGUAGE: '' + _AdditionalBuildParameters: '/p:PublishInternalAsset=true' + _TestArg: $(_WindowsTestArg) + # Internal-only builds + ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + Build_Release_x64: + _BuildConfig: Release + _BuildArchitecture: x64 + _DOTNET_CLI_UI_LANGUAGE: '' + _AdditionalBuildParameters: '/p:PublishInternalAsset=true' + _TestArg: $(_WindowsTestArg) + Build_Release_x86: + _BuildConfig: Release + _BuildArchitecture: x86 + _DOTNET_CLI_UI_LANGUAGE: '' + _AdditionalBuildParameters: '' + _TestArg: $(_WindowsTestArg) + Build_Release_arm64: + _BuildConfig: Release + _BuildArchitecture: arm64 + _DOTNET_CLI_UI_LANGUAGE: '' + _AdditionalBuildParameters: '' + # Never run tests on arm64 + _TestArg: '' - - template: /eng/build.yml - parameters: - agentOs: Linux - pool: - ${{ if eq(variables['System.TeamProject'], 'public') }}: - name: NetCore-Svc-Public - demands: ImageOverride -equals Build.Ubuntu.1804.Amd64.Open - ${{ if eq(variables['System.TeamProject'], 'internal') }}: - name: NetCore1ESPool-Svc-Internal - demands: ImageOverride -equals Build.Ubuntu.1804.Amd64 - timeoutInMinutes: 180 - strategy: - matrix: - ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}: - Build_Ubuntu_18_04_Debug_x64: - _BuildConfig: Debug - _DockerParameter: '--docker ubuntu.18.04' - _LinuxPortable: '--linux-portable' - _RuntimeIdentifier: '' - _BuildArchitecture: 'x64' - _TestArg: $(_NonWindowsTestArg) - Build_Fedora_36_Debug_x64: - _BuildConfig: Debug - _DockerParameter: '--docker fedora.36' - _LinuxPortable: '--linux-portable' - _RuntimeIdentifier: '' - _BuildArchitecture: 'x64' - _TestArg: $(_NonWindowsTestArg) - Build_CentOS_7_Debug_x64: - _BuildConfig: Debug - _DockerParameter: '--docker centos' - _LinuxPortable: '' - _RuntimeIdentifier: '' - _BuildArchitecture: 'x64' - _TestArg: $(_NonWindowsTestArg) - Build_Debian_11_Debug_x64: - _BuildConfig: Debug - _DockerParameter: '--docker debian' - _LinuxPortable: '' - _RuntimeIdentifier: '' - _BuildArchitecture: 'x64' - _AdditionalBuildParameters: '/p:BuildSdkDeb=true' - _TestArg: $(_NonWindowsTestArg) - Build_Arm64_Debug: - _BuildConfig: Debug - _DockerParameter: '' - _LinuxPortable: '--linux-portable' - _RuntimeIdentifier: '--runtime-id linux-arm64' - _BuildArchitecture: 'arm64' - # Never run tests on arm64 - _TestArg: '' - Build_Linux_musl_Debug_x64: - _BuildConfig: Debug - _DockerParameter: '--docker alpine.3.15' - _LinuxPortable: '' - _RuntimeIdentifier: '--runtime-id linux-musl-x64' - _BuildArchitecture: 'x64' - # Pass in HostOSName when running on alpine - _AdditionalBuildParameters: '/p:HostOSName="linux-musl"' - _TestArg: $(_NonWindowsTestArg) - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - Build_Arm_Release: - _BuildConfig: Release - _DockerParameter: '' - _LinuxPortable: '--linux-portable' - _RuntimeIdentifier: '--runtime-id linux-arm' - _BuildArchitecture: 'arm' - # Never run tests on arm - _TestArg: '' - Build_Arm64_Release: - _BuildConfig: Release - _DockerParameter: '' - _LinuxPortable: '--linux-portable' - _RuntimeIdentifier: '--runtime-id linux-arm64' - _BuildArchitecture: 'arm64' - # Never run tests on arm64 - _TestArg: '' - Build_Linux_musl_Release_arm: - _BuildConfig: Release - # linux-musl-arm cross gen depends on glibc 2.27 (this OS has it) - _DockerParameter: '--docker ubuntu.18.04' - _LinuxPortable: '' - _RuntimeIdentifier: '--runtime-id linux-musl-arm' - _BuildArchitecture: 'arm' - _AdditionalBuildParameters: '/p:OSName="linux-musl"' - # Never run tests on arm - _TestArg: '' - Build_Linux_musl_Release_arm64: - _BuildConfig: Release - _DockerParameter: '' - _LinuxPortable: '' - _RuntimeIdentifier: '--runtime-id linux-musl-arm64' - _BuildArchitecture: 'arm64' - _AdditionalBuildParameters: '/p:OSName="linux-musl"' - # Never run tests on arm64 - _TestArg: '' - Build_Linux_musl_Release_x64: - _BuildConfig: Release - _DockerParameter: '--docker alpine.3.15' - _LinuxPortable: '' - _RuntimeIdentifier: '--runtime-id linux-musl-x64' - _BuildArchitecture: 'x64' - # Pass in HostOSName when running on alpine - _AdditionalBuildParameters: '/p:HostOSName="linux-musl"' - Build_Linux_Portable_Deb_Release_x64: - _BuildConfig: Release - _DockerParameter: '--docker ubuntu.18.04' - _LinuxPortable: '--linux-portable' - _RuntimeIdentifier: '' - _BuildArchitecture: 'x64' - # Do not publish zips and tarballs. The linux-x64 binaries are - # already published by Build_LinuxPortable_Release_x64 - _AdditionalBuildParameters: '/p:PublishBinariesAndBadge=false /p:BuildSdkDeb=true' - _TestArg: $(_NonWindowsTestArg) - Build_Linux_Portable_Rpm_Release_x64: - _BuildConfig: Release - _DockerParameter: '--docker centos' - _LinuxPortable: '--linux-portable' - _RuntimeIdentifier: '' - _BuildArchitecture: 'x64' - # Do not publish zips and tarballs. The linux-x64 binaries are - # already published by Build_LinuxPortable_Release_x64 - _AdditionalBuildParameters: '/p:PublishBinariesAndBadge=false' - _TestArg: $(_NonWindowsTestArg) - Build_Linux_Portable_Rpm_Release_Arm64: - _BuildConfig: Release - _DockerParameter: '--docker centos' - _LinuxPortable: '--linux-portable' - _RuntimeIdentifier: '--runtime-id linux-arm64' - _BuildArchitecture: 'arm64' - # Do not publish zips and tarballs. The linux-x64 binaries are - # already published by Build_LinuxPortable_Release_x64 - _AdditionalBuildParameters: '/p:PublishBinariesAndBadge=false /p:CLIBUILD_SKIP_TESTS=true' - # Never run tests on arm64 - _TestArg: '' - Build_LinuxPortable_Release_x64: - _BuildConfig: Release - _DockerParameter: '' - _LinuxPortable: '--linux-portable' - _RuntimeIdentifier: '' - _BuildArchitecture: 'x64' - _TestArg: $(_NonWindowsTestArg) + - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - template: /eng/build.yml@self + parameters: + agentOs: Windows_NT + pool: + name: $(DncEngInternalBuildPool) + image: 1es-windows-2019 + os: windows + timeoutInMinutes: 180 + strategy: + matrix: + Build_Release_x64: + _BuildConfig: Release + _BuildArchitecture: x64 + _DOTNET_CLI_UI_LANGUAGE: '' + _AdditionalBuildParameters: '/p:PublishInternalAsset=true' + # Never run tests on PGO bits + _TestArg: '' + Build_Release_x86: + _BuildConfig: Release + _BuildArchitecture: x86 + _DOTNET_CLI_UI_LANGUAGE: '' + _AdditionalBuildParameters: '' + _TestArg: '' + Build_Release_arm64: + _BuildConfig: Release + _BuildArchitecture: arm64 + _DOTNET_CLI_UI_LANGUAGE: '' + _AdditionalBuildParameters: '' + # Never run tests on arm64 + _TestArg: '' + pgoInstrument: true - - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - - template: /eng/build.yml - parameters: - agentOs: Linux - pool: - ${{ if eq(variables['System.TeamProject'], 'internal') }}: - name: NetCore1ESPool-Svc-Internal - demands: ImageOverride -equals Build.Ubuntu.1804.Amd64 - timeoutInMinutes: 180 - strategy: - matrix: - Build_LinuxPortable_Release_x64: - _BuildConfig: Release - _DockerParameter: '' - _LinuxPortable: '--linux-portable' - _RuntimeIdentifier: '' - _BuildArchitecture: 'x64' - _TestArg: '' - Build_Release_arm64: - _BuildConfig: Release - _BuildArchitecture: arm64 - _DOTNET_CLI_UI_LANGUAGE: '' - _AdditionalBuildParameters: '' - # Never run tests on arm64 - _TestArg: '' - pgoInstrument: true + - template: /eng/build.yml@self + parameters: + agentOs: Linux + pool: + ${{ if eq(variables['System.TeamProject'], 'public') }}: + name: $(DncEngPublicBuildPool) + image: 1es-ubuntu-2004-open + os: linux + ${{ if eq(variables['System.TeamProject'], 'internal') }}: + name: $(DncEngInternalBuildPool) + image: 1es-ubuntu-2004 + os: linux + timeoutInMinutes: 180 + strategy: + matrix: + ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}: + Build_Ubuntu_18_04_Debug_x64: + _BuildConfig: Debug + _DockerParameter: '--docker ubuntu.18.04' + _LinuxPortable: '--linux-portable' + _RuntimeIdentifier: '' + _BuildArchitecture: 'x64' + _TestArg: $(_NonWindowsTestArg) + Build_Fedora_36_Debug_x64: + _BuildConfig: Debug + _DockerParameter: '--docker fedora.36' + _LinuxPortable: '--linux-portable' + _RuntimeIdentifier: '' + _BuildArchitecture: 'x64' + _TestArg: $(_NonWindowsTestArg) + Build_CentOS_7_Debug_x64: + _BuildConfig: Debug + _DockerParameter: '--docker centos' + _LinuxPortable: '' + _RuntimeIdentifier: '' + _BuildArchitecture: 'x64' + _TestArg: $(_NonWindowsTestArg) + Build_Debian_11_Debug_x64: + _BuildConfig: Debug + _DockerParameter: '--docker debian' + _LinuxPortable: '' + _RuntimeIdentifier: '' + _BuildArchitecture: 'x64' + _AdditionalBuildParameters: '/p:BuildSdkDeb=true' + _TestArg: $(_NonWindowsTestArg) + Build_Arm64_Debug: + _BuildConfig: Debug + _DockerParameter: '' + _LinuxPortable: '--linux-portable' + _RuntimeIdentifier: '--runtime-id linux-arm64' + _BuildArchitecture: 'arm64' + # Never run tests on arm64 + _TestArg: '' + Build_Linux_musl_Debug_x64: + _BuildConfig: Debug + _DockerParameter: '--docker alpine.3.15' + _LinuxPortable: '' + _RuntimeIdentifier: '--runtime-id linux-musl-x64' + _BuildArchitecture: 'x64' + # Pass in HostOSName when running on alpine + _AdditionalBuildParameters: '/p:HostOSName="linux-musl"' + _TestArg: $(_NonWindowsTestArg) + ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + Build_Arm_Release: + _BuildConfig: Release + _DockerParameter: '' + _LinuxPortable: '--linux-portable' + _RuntimeIdentifier: '--runtime-id linux-arm' + _BuildArchitecture: 'arm' + # Never run tests on arm + _TestArg: '' + Build_Arm64_Release: + _BuildConfig: Release + _DockerParameter: '' + _LinuxPortable: '--linux-portable' + _RuntimeIdentifier: '--runtime-id linux-arm64' + _BuildArchitecture: 'arm64' + # Never run tests on arm64 + _TestArg: '' + Build_Linux_musl_Release_arm: + _BuildConfig: Release + # linux-musl-arm cross gen depends on glibc 2.27 (this OS has it) + _DockerParameter: '--docker ubuntu.18.04' + _LinuxPortable: '' + _RuntimeIdentifier: '--runtime-id linux-musl-arm' + _BuildArchitecture: 'arm' + _AdditionalBuildParameters: '/p:OSName="linux-musl"' + # Never run tests on arm + _TestArg: '' + Build_Linux_musl_Release_arm64: + _BuildConfig: Release + _DockerParameter: '' + _LinuxPortable: '' + _RuntimeIdentifier: '--runtime-id linux-musl-arm64' + _BuildArchitecture: 'arm64' + _AdditionalBuildParameters: '/p:OSName="linux-musl"' + # Never run tests on arm64 + _TestArg: '' + Build_Linux_musl_Release_x64: + _BuildConfig: Release + _DockerParameter: '--docker alpine.3.15' + _LinuxPortable: '' + _RuntimeIdentifier: '--runtime-id linux-musl-x64' + _BuildArchitecture: 'x64' + # Pass in HostOSName when running on alpine + _AdditionalBuildParameters: '/p:HostOSName="linux-musl"' + Build_Linux_Portable_Deb_Release_x64: + _BuildConfig: Release + _DockerParameter: '--docker ubuntu.18.04' + _LinuxPortable: '--linux-portable' + _RuntimeIdentifier: '' + _BuildArchitecture: 'x64' + # Do not publish zips and tarballs. The linux-x64 binaries are + # already published by Build_LinuxPortable_Release_x64 + _AdditionalBuildParameters: '/p:PublishBinariesAndBadge=false /p:BuildSdkDeb=true' + _TestArg: $(_NonWindowsTestArg) + Build_Linux_Portable_Rpm_Release_x64: + _BuildConfig: Release + _DockerParameter: '--docker centos' + _LinuxPortable: '--linux-portable' + _RuntimeIdentifier: '' + _BuildArchitecture: 'x64' + # Do not publish zips and tarballs. The linux-x64 binaries are + # already published by Build_LinuxPortable_Release_x64 + _AdditionalBuildParameters: '/p:PublishBinariesAndBadge=false' + _TestArg: $(_NonWindowsTestArg) + Build_Linux_Portable_Rpm_Release_Arm64: + _BuildConfig: Release + _DockerParameter: '--docker centos' + _LinuxPortable: '--linux-portable' + _RuntimeIdentifier: '--runtime-id linux-arm64' + _BuildArchitecture: 'arm64' + # Do not publish zips and tarballs. The linux-x64 binaries are + # already published by Build_LinuxPortable_Release_x64 + _AdditionalBuildParameters: '/p:PublishBinariesAndBadge=false /p:CLIBUILD_SKIP_TESTS=true' + # Never run tests on arm64 + _TestArg: '' + Build_LinuxPortable_Release_x64: + _BuildConfig: Release + _DockerParameter: '' + _LinuxPortable: '--linux-portable' + _RuntimeIdentifier: '' + _BuildArchitecture: 'x64' + _TestArg: $(_NonWindowsTestArg) - - template: /eng/build.yml - parameters: - agentOs: Darwin - pool: - vmImage: 'macOS-latest' - timeoutInMinutes: 180 - strategy: - matrix: - Build_Release_x64: - _BuildConfig: Release - _RuntimeIdentifier: '' - _BuildArchitecture: 'x64' - _TestArg: $(_NonWindowsTestArg) - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - Build_Release_arm64: - _BuildConfig: Release - _RuntimeIdentifier: '--runtime-id osx-arm64' - _BuildArchitecture: 'arm64' - # Never run tests on arm64 - _TestArg: '' + - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - template: /eng/build.yml@self + parameters: + agentOs: Linux + pool: + name: $(DncEngInternalBuildPool) + image: 1es-ubuntu-2004 + os: linux + timeoutInMinutes: 180 + strategy: + matrix: + Build_LinuxPortable_Release_x64: + _BuildConfig: Release + _DockerParameter: '' + _LinuxPortable: '--linux-portable' + _RuntimeIdentifier: '' + _BuildArchitecture: 'x64' + _TestArg: '' + Build_Release_arm64: + _BuildConfig: Release + _BuildArchitecture: arm64 + _DOTNET_CLI_UI_LANGUAGE: '' + _AdditionalBuildParameters: '' + # Never run tests on arm64 + _TestArg: '' + pgoInstrument: true - - template: /eng/common/templates/jobs/source-build.yml + - template: /eng/build.yml@self + parameters: + agentOs: Darwin + pool: + name: Azure Pipelines + image: macOS-latest + os: macOS + timeoutInMinutes: 180 + strategy: + matrix: + Build_Release_x64: + _BuildConfig: Release + _RuntimeIdentifier: '' + _BuildArchitecture: 'x64' + _TestArg: $(_NonWindowsTestArg) + ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + Build_Release_arm64: + _BuildConfig: Release + _RuntimeIdentifier: '--runtime-id osx-arm64' + _BuildArchitecture: 'arm64' + # Never run tests on arm64 + _TestArg: '' - - template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball.yml + - template: /eng/common/templates-official/jobs/source-build.yml@self - # For .NET 7.0, source-build currently supports 7.0.1xx. Disable tarball build validation in all other branches. - # - ${{ if in(variables['Build.Reason'], 'PullRequest') }}: - # - template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml - # parameters: - # dependsOn: Source_Build_Create_Tarball + - template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball.yml@self - # https://github.com/dotnet/core-sdk/issues/248 - # - template: /eng/build.yml - # parameters: - # agentOs: FreeBSD - # queue: - # name: dnceng-freebsd-internal - # timeoutInMinutes: 180 - # matrix: - # Build_Release: - # _BuildConfig: Release - # _BuildArchitecture: 'x64' - # _AdditionalBuildParameters: '/p:DisableSourceLink=true /p:DISABLE_CROSSGEN=true' + - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - template: /eng/common/templates-official/job/publish-build-assets.yml@self + parameters: + dependsOn: + - Windows_NT + - Linux + - Darwin + - Source_Build_Managed + - Source_Build_Create_Tarball + - PGO_Linux + - PGO_Windows_NT + publishUsingPipelines: true + pool: + name: $(DncEngInternalBuildPool) + image: 1es-windows-2019 + os: windows - - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - - template: /eng/common/templates/job/publish-build-assets.yml - parameters: - dependsOn: - - Windows_NT - - Linux - - Darwin - - Source_Build_Managed - - Source_Build_Create_Tarball - - PGO_Linux - - PGO_Windows_NT - publishUsingPipelines: true - pool: - ${{ if eq(variables['System.TeamProject'], 'internal') }}: - name: NetCore1ESPool-Svc-Internal - demands: ImageOverride -equals windows.vs2017.amd64 - - -- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - - template: eng\common\templates\post-build\post-build.yml - parameters: - publishingInfraVersion: 3 - enableSymbolValidation: false - enableSigningValidation: false - enableNugetValidation: false - enableSourceLinkValidation: false - publishInstallersAndChecksums: true - SDLValidationParameters: - enable: false - params: ' -SourceToolsList @("policheck","credscan") - -TsaInstanceURL $(_TsaInstanceURL) - -TsaProjectName $(_TsaProjectName) - -TsaNotificationEmail $(_TsaNotificationEmail) - -TsaCodebaseAdmin $(_TsaCodebaseAdmin) - -TsaBugAreaPath $(_TsaBugAreaPath) - -TsaIterationPath $(_TsaIterationPath) - -TsaRepositoryName "dotnet-installer" - -TsaCodebaseName "dotnet-installer" - -TsaPublish $True' + - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - template: /eng/common/templates-official/post-build/post-build.yml@self + parameters: + publishingInfraVersion: 3 + enableSymbolValidation: false + enableSigningValidation: false + enableNugetValidation: false + enableSourceLinkValidation: false + publishInstallersAndChecksums: true + SDLValidationParameters: + enable: false + params: ' -SourceToolsList @("policheck","credscan") + -TsaInstanceURL $(_TsaInstanceURL) + -TsaProjectName $(_TsaProjectName) + -TsaNotificationEmail $(_TsaNotificationEmail) + -TsaCodebaseAdmin $(_TsaCodebaseAdmin) + -TsaBugAreaPath $(_TsaBugAreaPath) + -TsaIterationPath $(_TsaIterationPath) + -TsaRepositoryName "dotnet-installer" + -TsaCodebaseName "dotnet-installer" + -TsaPublish $True' diff --git a/.vsts-pr.yml b/.vsts-pr.yml index 5e2cdc74578e..2f14d2054ae0 100644 --- a/.vsts-pr.yml +++ b/.vsts-pr.yml @@ -26,7 +26,6 @@ variables: - group: DotNet-Installer-SDLValidation-Params - name: _PublishUsingPipelines value: true - # Default to running tests in PRs and public CI, but not in official builds - name: _WindowsTestArg value: '-test' @@ -37,10 +36,8 @@ variables: value: '' - name: _NonWindowsTestArg value: '' - - name: _InternalRuntimeDownloadArgs value: '' - - ${{ if eq(variables['System.TeamProject'], 'internal') }}: - group: DotNetBuilds storage account read tokens - name: _InternalRuntimeDownloadArgs @@ -63,7 +60,7 @@ stages: - publish: $(Build.SourcesDirectory)\eng\BuildConfiguration artifact: BuildConfiguration displayName: Publish Build Config - - template: /eng/build.yml + - template: /eng/build-pr.yml parameters: agentOs: Windows_NT pool: @@ -107,7 +104,7 @@ stages: _TestArg: '' - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - - template: /eng/build.yml + - template: /eng/build-pr.yml parameters: agentOs: Windows_NT pool: @@ -139,7 +136,7 @@ stages: _TestArg: '' pgoInstrument: true - - template: /eng/build.yml + - template: /eng/build-pr.yml parameters: agentOs: Linux pool: @@ -283,7 +280,7 @@ stages: _TestArg: $(_NonWindowsTestArg) - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - - template: /eng/build.yml + - template: /eng/build-pr.yml parameters: agentOs: Linux pool: @@ -309,7 +306,7 @@ stages: _TestArg: '' pgoInstrument: true - - template: /eng/build.yml + - template: /eng/build-pr.yml parameters: agentOs: Darwin pool: @@ -332,26 +329,7 @@ stages: - template: /eng/common/templates/jobs/source-build.yml - - template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball.yml - - # For .NET 7.0, source-build currently supports 7.0.1xx. Disable tarball build validation in all other branches. - # - ${{ if in(variables['Build.Reason'], 'PullRequest') }}: - # - template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml - # parameters: - # dependsOn: Source_Build_Create_Tarball - - # https://github.com/dotnet/core-sdk/issues/248 - # - template: /eng/build.yml - # parameters: - # agentOs: FreeBSD - # queue: - # name: dnceng-freebsd-internal - # timeoutInMinutes: 180 - # matrix: - # Build_Release: - # _BuildConfig: Release - # _BuildArchitecture: 'x64' - # _AdditionalBuildParameters: '/p:DisableSourceLink=true /p:DISABLE_CROSSGEN=true' + - template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball-pr.yml - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - template: /eng/common/templates/job/publish-build-assets.yml @@ -370,7 +348,6 @@ stages: name: NetCore1ESPool-Svc-Internal demands: ImageOverride -equals windows.vs2017.amd64 - - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - template: eng\common\templates\post-build\post-build.yml parameters: diff --git a/eng/build-pr.yml b/eng/build-pr.yml new file mode 100644 index 000000000000..69d1e3f0f887 --- /dev/null +++ b/eng/build-pr.yml @@ -0,0 +1,156 @@ +parameters: + # Agent OS identifier and used as job name + agentOs: '' + + # Agent pool + pool: {} + + # Additional variables + variables: {} + + # Build strategy - matrix + strategy: {} + + # Job timeout + timeoutInMinutes: 180 + + # Publish using pipelines + enablePublishUsingPipelines: true + +phases: +- template: /eng/common/templates/job/job.yml + parameters: + ${{ if parameters.pgoInstrument }}: + name: PGO_${{ parameters.agentOs }} + ${{ if not(parameters.pgoInstrument) }}: + name: ${{ parameters.agentOs }} + timeoutInMinutes: ${{ parameters.timeoutInMinutes }} + ${{ if eq(parameters.agentOs, 'Windows_NT') }}: + enableMicrobuild: true + enablePublishBuildAssets: true + enablePublishUsingPipelines: ${{parameters.enablePublishUsingPipelines}} + enableTelemetry: true + helixRepo: dotnet/installer + pool: ${{ parameters.pool }} + ${{ if ne(parameters.strategy, '') }}: + strategy: ${{ parameters.strategy }} + workspace: + clean: all + + variables: + - _PgoInstrument: '' + - ${{ if eq(parameters.agentOs, 'Windows_NT') }}: + - _PackArg: '-pack' + - ${{ if ne(parameters.agentOs, 'Windows_NT') }}: + - _PackArg: '--pack' + - ${{ if parameters.pgoInstrument }}: + - _PgoInstrument: '/p:PgoInstrument=true' + - _PackArg: '' + - _AgentOSName: ${{ parameters.agentOs }} + - _TeamName: Roslyn-Project-System + - _SignType: test + - _BuildArgs: '/p:DotNetSignType=$(_SignType) $(_PgoInstrument)' + - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - group: DotNet-Symbol-Server-PATs + - group: DotNet-HelixApi-Access + - group: DotNet-Blob-Feed + - _DotNetPublishToBlobFeed: true + - _PushToVSFeed: true + - _SignType: real + - _BuildArgs: /p:OfficialBuildId=$(BUILD.BUILDNUMBER) + /p:DotNetSignType=$(_SignType) + /p:TeamName=$(_TeamName) + /p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines) + $(_PgoInstrument) + + steps: + - checkout: self + clean: true + - ${{ if eq(parameters.agentOs, 'Windows_NT') }}: + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - task: PowerShell@2 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.ps1 + arguments: -ConfigFile $(Build.SourcesDirectory)/NuGet.config -Password $Env:Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + - script: build.cmd + $(_TestArg) $(_PackArg) + -publish -ci -sign + -Configuration $(_BuildConfig) + -Architecture $(_BuildArchitecture) + $(_BuildArgs) + $(_AdditionalBuildParameters) + $(_InternalRuntimeDownloadArgs) + displayName: Build + env: + DOTNET_CLI_UI_LANGUAGE: $(_DOTNET_CLI_UI_LANGUAGE) + + - ${{ if ne(parameters.agentOs, 'Windows_NT') }}: + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - task: Bash@3 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh + arguments: $(Build.SourcesDirectory)/NuGet.config $Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + + - ${{ if eq(parameters.agentOs, 'Linux') }}: + - script: ./build.sh + $(_TestArg) $(_PackArg) + --publish --ci + --noprettyprint + --configuration $(_BuildConfig) + $(_DockerParameter) + --architecture $(_BuildArchitecture) + $(_LinuxPortable) + $(_RuntimeIdentifier) + $(_BuildArgs) + $(_AdditionalBuildParameters) + $(_InternalRuntimeDownloadArgs) + displayName: Build + + - ${{ if or(eq(parameters.agentOs, 'Darwin'), eq(parameters.agentOs, 'FreeBSD')) }}: + - script: ./build.sh + $(_TestArg) + --pack --publish --ci + --noprettyprint + --configuration $(_BuildConfig) + --architecture $(_BuildArchitecture) + $(_RuntimeIdentifier) + $(_BuildArgs) + $(_AdditionalBuildParameters) + $(_InternalRuntimeDownloadArgs) + displayName: Build + + - task: PublishTestResults@2 + displayName: Publish Test Results + inputs: + testRunner: XUnit + testResultsFiles: 'artifacts/TestResults/$(_BuildConfig)/*.xml' + testRunTitle: '$(_AgentOSName)_$(Agent.JobName)' + platform: '$(BuildPlatform)' + configuration: '$(_BuildConfig)' + condition: ne(variables['_TestArg'], '') + + - task: CopyFiles@2 + displayName: Gather Logs + inputs: + SourceFolder: '$(Build.SourcesDirectory)/artifacts' + Contents: | + log/$(_BuildConfig)/**/* + TestResults/$(_BuildConfig)/**/* + TargetFolder: '$(Build.ArtifactStagingDirectory)' + continueOnError: true + condition: always() + + - task: PublishBuildArtifacts@1 + displayName: Publish Logs to VSTS + inputs: + PathtoPublish: '$(Build.ArtifactStagingDirectory)' + ArtifactName: '$(_AgentOSName)_$(Agent.JobName)_$(Build.BuildNumber)' + publishLocation: Container + continueOnError: true + condition: always() diff --git a/eng/build.yml b/eng/build.yml index 35c829867f23..d486c47ec8fb 100644 --- a/eng/build.yml +++ b/eng/build.yml @@ -18,7 +18,7 @@ parameters: enablePublishUsingPipelines: true phases: -- template: /eng/common/templates/job/job.yml +- template: /eng/common/templates-official/job/job.yml parameters: ${{ if parameters.pgoInstrument }}: name: PGO_${{ parameters.agentOs }} @@ -28,9 +28,6 @@ phases: ${{ if eq(parameters.agentOs, 'Windows_NT') }}: enableMicrobuild: true enablePublishBuildAssets: true - # Don't use built-in arcade logic for publishing artifacts and test results, as we manually do this and give better names - #enablePublishBuildArtifacts: true - #enablePublishTestResults: true enablePublishUsingPipelines: ${{parameters.enablePublishUsingPipelines}} enableTelemetry: true helixRepo: dotnet/installer @@ -49,12 +46,10 @@ phases: - ${{ if parameters.pgoInstrument }}: - _PgoInstrument: '/p:PgoInstrument=true' - _PackArg: '' - - _AgentOSName: ${{ parameters.agentOs }} - _TeamName: Roslyn-Project-System - _SignType: test - _BuildArgs: '/p:DotNetSignType=$(_SignType) $(_PgoInstrument)' - - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - group: DotNet-Symbol-Server-PATs - group: DotNet-HelixApi-Access @@ -101,6 +96,7 @@ phases: arguments: $(Build.SourcesDirectory)/NuGet.config $Token env: Token: $(dn-bot-dnceng-artifact-feeds-rw) + - ${{ if eq(parameters.agentOs, 'Linux') }}: - script: ./build.sh $(_TestArg) $(_PackArg) @@ -144,13 +140,13 @@ phases: inputs: SourceFolder: '$(Build.SourcesDirectory)/artifacts' Contents: | - log/$(_BuildConfig)/**/* - TestResults/$(_BuildConfig)/**/* + log/$(_BuildConfig)/**/* + TestResults/$(_BuildConfig)/**/* TargetFolder: '$(Build.ArtifactStagingDirectory)' continueOnError: true condition: always() - - task: PublishBuildArtifacts@1 + - task: 1ES.PublishBuildArtifacts@1 displayName: Publish Logs to VSTS inputs: PathtoPublish: '$(Build.ArtifactStagingDirectory)' diff --git a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball-pr.yml b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball-pr.yml new file mode 100644 index 000000000000..abb9035fd522 --- /dev/null +++ b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball-pr.yml @@ -0,0 +1,252 @@ +# Builds a source-build tarball + +parameters: + # Architecture to build + architecture: + + # Custom condition to apply to the job + condition: + + # Dependent jobs that must be completed before this job will run + dependsOn: + + # Skip running the SDK content smoke-tests + excludeSdkContentTests: false + + # Resource id of the installer build to retrieve source/product tarball's from + installerBuildResourceId: + + # Matrix to run jobs over + matrix: + + # Job name + name: + + # Agent pool to use + pool: + + # Build using the previous source-build artifacts + usePreviousArtifacts: false + +jobs: +- job: ${{ parameters.name }} + condition: ${{ parameters.condition }} + dependsOn: ${{ parameters.dependsOn }} + pool: ${{ parameters.pool }} + strategy: + matrix: ${{ parameters.matrix }} + timeoutInMinutes: 300 + variables: + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - group: AzureDevOps-Artifact-Feeds-Pats + - ${{ if eq(parameters.usePreviousArtifacts, 'true') }}: + - name: additionalBuildArgs + value: --with-sdk /tarball/.dotnet + - name: tarballDir + ${{ if eq(parameters.installerBuildResourceId, '') }}: + value: $(Build.SourcesDirectory) + ${{ else }}: + value: $(Build.StagingDirectory)/tarball + - name: installerSrcDir + ${{ if eq(parameters.installerBuildResourceId, '') }}: + value: $(Build.SourcesDirectory)/src/installer + ${{ else }}: + value: $(Build.SourcesDirectory) + workspace: + clean: all + + steps: + - checkout: self + clean: true + + - ${{ if ne(parameters.installerBuildResourceId, '') }}: + - download: ${{ parameters.installerBuildResourceId }} + artifact: BlobArtifacts + patterns: '**/dotnet-sdk-source*.tar.gz' + displayName: Download Source Tarball + + - script: | + set -x + + resourceIdPathSegment= + if [[ '${{ parameters.installerBuildResourceId }}' != 'current' ]]; then + resourceIdPathSegment='${{ parameters.installerBuildResourceId }}/' + fi + + mkdir -p "$(tarballDir)" + tarballFilePath="$(PIPELINE.WORKSPACE)/${resourceIdPathSegment}BlobArtifacts/dotnet-sdk-source*.tar.gz" + eval tar -ozxf "$tarballFilePath" -C "$(tarballDir)" + eval rm -f "$tarballFilePath" + displayName: Extract Tarball + + - script: cp $(installerSrcDir)/NuGet.config $(tarballDir)/test/Microsoft.DotNet.SourceBuild.SmokeTests/assets/online.NuGet.Config + displayName: Copy Test NuGet Config + + - ${{ if ne(parameters.excludeSdkContentTests, 'true') }}: + - download: ${{ parameters.installerBuildResourceId }} + artifact: BlobArtifacts + patterns: '**/dotnet-sdk-+([0-9]).+([0-9]).+([0-9])?(-@(preview|rc|rtm)*)-linux*-${{ parameters.architecture }}.tar.gz' + displayName: Download MSFT sdk Tarball + + - ${{ if eq(parameters.usePreviousArtifacts, 'true') }}: + - download: current + artifact: $(_PreviousSourceBuildArtifact) + patterns: '*.tar.gz' + displayName: Download Previous Source Build Artifacts + + - task: CopyFiles@2 + displayName: Copy Previous Source Build Artifacts + inputs: + SourceFolder: $(PIPELINE.WORKSPACE)/$(_PreviousSourceBuildArtifact) + Contents: '*.tar.gz' + TargetFolder: $(tarballDir)/packages/archive/ + + - script: | + set -euo pipefail + + sourceBuiltSDKUrl="https://dotnetcli.azureedge.net/source-built-artifacts/sdks/" + packageVersionsPath="$(Build.SourcesDirectory)/eng/Versions.props" + notFoundMessage="No source-built SDK found to download..." + + echo "Looking for source-built SDK to download..." + archiveVersionLine=`grep -m 1 "" "$packageVersionsPath" || :` + versionPattern="(.*)" + + if [[ $archiveVersionLine =~ $versionPattern ]]; then + filename="dotnet-sdk-${BASH_REMATCH[1]}-centos.8-x64.tar.gz" + archiveUrl="${sourceBuiltSDKUrl}${filename}" + downloadDir=$(mktemp -d) + (cd $downloadDir && curl --retry 5 -O $archiveUrl) + + mkdir $(tarballDir)/.dotnet + tar -xzf $downloadDir/$filename -C $(tarballDir)/.dotnet + rm -rf $downloadDir + else + echo "$notFoundMessage" + exit 1 + fi + + echo "##vso[task.setvariable variable=additionalBuildArgs]--with-sdk /tarball/.dotnet" + displayName: Setup Previously Source-Built SDK + condition: eq(variables._WithPreviousSDK, 'true') + + - script: | + set -x + + if [[ '${{ parameters.usePreviousArtifacts }}' != 'true' ]]; then + customPrepArgs= + if [[ '$(_BootstrapPrep)' == 'true' ]]; then + customPrepArgs='--bootstrap' + fi + + docker run --rm -v $(tarballDir):/tarball -w /tarball $(_Container) ./prep.sh ${customPrepArgs} + else + mkdir $(tarballDir)/.dotnet + tarballFilePath="$(tarballDir)/packages/archive/dotnet-sdk-*.tar.gz" + eval tar -ozxf "$tarballFilePath" -C "$(tarballDir)/.dotnet" + eval rm -f "$tarballFilePath" + fi + displayName: Prep Tarball + + - script: | + set -x + df -h + + customRunArgs= + customBuildArgs= + if [[ '$(_RunOnline)' == 'true' ]]; then + customBuildArgs='--online' + else + customRunArgs='--network none' + fi + + # See https://github.com/dotnet/source-build/issues/3712 + if [[ '$(_OverrideDistroDisablingSha1)' == 'true' ]]; then + customRunArgs="$customRunArgs -e OPENSSL_ENABLE_SHA1_SIGNATURES=1" + fi + + if [[ '$(_EnablePoison)' == 'true' ]]; then + customBuildArgs="$customBuildArgs --poison" + fi + + docker run --rm -v $(tarballDir):/tarball -w /tarball ${customRunArgs} $(_Container) ./build.sh --clean-while-building ${customBuildArgs} $(additionalBuildArgs) + displayName: Build Tarball + + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - task: Bash@3 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(installerSrcDir)/eng/common/SetupNugetSources.sh + arguments: $(tarballDir)/test/Microsoft.DotNet.SourceBuild.SmokeTests/assets/online.NuGet.Config $Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + + - script: | + set -x + + dockerVolumeArgs="-v $(tarballDir):/tarball" + dockerEnvArgs="-e SMOKE_TESTS_EXCLUDE_OMNISHARP=$(_ExcludeOmniSharpTests) -e SMOKE_TESTS_WARN_SDK_CONTENT_DIFFS=true" + poisonArg='' + + if [[ '${{ parameters.excludeSdkContentTests}}' != 'true' ]]; then + dockerVolumeArgs+=" -v $(PIPELINE.WORKSPACE)/${{ parameters.installerBuildResourceId }}/BlobArtifacts/:/BlobArtifacts" + platform="linux" + docker run --rm $(_Container) /bin/sh -c "cat /etc/os-release | grep -q alpine" + if [[ $? == 0 ]]; then + platform="$platform-musl" + fi + msftSdkTarballName=$(find "$(PIPELINE.WORKSPACE)/${{ parameters.installerBuildResourceId }}/BlobArtifacts/" -name "dotnet-sdk-*-$platform-${{ parameters.architecture }}.tar.gz" -exec basename {} \;) + dockerEnvArgs+=" -e SMOKE_TESTS_MSFT_SDK_TARBALL_PATH=/BlobArtifacts/$msftSdkTarballName" + fi + + if [[ '$(_EnablePoison)' == 'true' ]]; then + poisonArg='--poison' + dockerEnvArgs+=" -e SMOKE_TESTS_WARN_POISON_DIFFS=true" + fi + + docker run --rm $dockerVolumeArgs -w /tarball $dockerEnvArgs $(_Container) ./build.sh $poisonArg --run-smoke-test $(additionalBuildArgs) -- /p:SmokeTestConsoleVerbosity=detailed + displayName: Run Tests + + # Don't use CopyFiles@2 as it encounters permissions issues because it indexes all files in the source directory graph. + - script: | + set -x + + targetFolder=$(Build.StagingDirectory)/BuildLogs/ + mkdir -p ${targetFolder} + + cd "$(tarballDir)" + find artifacts/ -type f -name "*.binlog" -exec cp {} --parents -t ${targetFolder} \; + find artifacts/ -type f -name "*.log" -exec cp {} --parents -t ${targetFolder} \; + find artifacts/prebuilt-report/ -exec cp {} --parents -t ${targetFolder} \; + find src/ -type f -name "*.binlog" -exec cp {} --parents -t ${targetFolder} \; + find src/ -type f -name "*.log" -exec cp {} --parents -t ${targetFolder} \; + find test/ -type f -name "*.binlog" -exec cp {} --parents -t ${targetFolder} \; + find test/ -type f -name "Updated*.diff" -exec cp {} --parents -t ${targetFolder} \; + find test/ -type f -name "Updated*.txt" -exec cp {} --parents -t ${targetFolder} \; + displayName: Prepare BuildLogs staging directory + continueOnError: true + condition: succeededOrFailed() + + - publish: '$(Build.StagingDirectory)/BuildLogs' + artifact: $(Agent.JobName)_BuildLogs_Attempt$(System.JobAttempt) + displayName: Publish BuildLogs + continueOnError: true + condition: succeededOrFailed() + + - task: PublishTestResults@2 + displayName: Publish Test Results + condition: succeededOrFailed() + continueOnError: true + inputs: + testRunner: vSTest + testResultsFiles: 'test/**/*.trx' + searchFolder: $(tarballDir) + mergeTestResults: true + publishRunAttachments: true + testRunTitle: SourceBuild_SmokeTests_$(Agent.JobName) + + - publish: '$(tarballDir)/artifacts/${{ parameters.architecture}}/Release/' + artifact: $(Agent.JobName)_Artifacts + displayName: Publish Artifacts + condition: succeededOrFailed() + continueOnError: true diff --git a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball.yml b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball.yml index abb9035fd522..aa3cf6b964cd 100644 --- a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball.yml +++ b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball.yml @@ -227,9 +227,11 @@ jobs: continueOnError: true condition: succeededOrFailed() - - publish: '$(Build.StagingDirectory)/BuildLogs' - artifact: $(Agent.JobName)_BuildLogs_Attempt$(System.JobAttempt) + - task: 1ES.PublishPipelineArtifact@1 displayName: Publish BuildLogs + inputs: + targetPath: $(Build.StagingDirectory)/BuildLogs + artifactName: $(Agent.JobName)_BuildLogs_Attempt$(System.JobAttempt) continueOnError: true condition: succeededOrFailed() @@ -245,8 +247,10 @@ jobs: publishRunAttachments: true testRunTitle: SourceBuild_SmokeTests_$(Agent.JobName) - - publish: '$(tarballDir)/artifacts/${{ parameters.architecture}}/Release/' - artifact: $(Agent.JobName)_Artifacts + - task: 1ES.PublishPipelineArtifact@1 displayName: Publish Artifacts - condition: succeededOrFailed() + inputs: + targetPath: $(tarballDir)/artifacts/${{ parameters.architecture}}/Release/ + artifactName: $(Agent.JobName)_Artifacts continueOnError: true + condition: succeededOrFailed() diff --git a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball-pr.yml b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball-pr.yml new file mode 100644 index 000000000000..347f61cf86b9 --- /dev/null +++ b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball-pr.yml @@ -0,0 +1,85 @@ +# Creates a source-build tarball + +jobs: +- job: Source_Build_Create_Tarball + container: mcr.microsoft.com/dotnet-buildtools/prereqs:fedora-38 + displayName: Source-Build Create Tarball + pool: + ${{ if eq(variables['System.TeamProject'], 'public') }}: + ${{ if in(variables['Build.Reason'], 'PullRequest') }}: + name: NetCore-Public-XL + demands: ImageOverride -equals Build.Ubuntu.1804.Amd64.Open + ${{ else }}: + name: NetCore-Svc-Public + demands: ImageOverride -equals Build.Ubuntu.1804.Amd64.Open + ${{ if eq(variables['System.TeamProject'], 'internal') }}: + ${{ if in(variables['Build.Reason'], 'PullRequest') }}: + name: NetCore1ESPool-Internal-XL + demands: ImageOverride -equals Build.Ubuntu.1804.Amd64 + ${{ else }}: + name: NetCore1ESPool-Svc-Internal + demands: ImageOverride -equals Build.Ubuntu.1804.Amd64 + + variables: + - name: _BuildConfig + value: Release + + - ${{ if eq(variables['System.TeamProject'], 'internal') }}: + - group: DotNet-Source-Build-All-Orgs-Source-Access + workspace: + clean: all + + steps: + - ${{ if ne(variables['System.TeamProject'], 'public') }}: + - task: Bash@3 + displayName: Setup Private Feeds Credentials + inputs: + filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh + arguments: $(Build.SourcesDirectory)/NuGet.config $Token + env: + Token: $(dn-bot-dnceng-artifact-feeds-rw) + - script: | + set -x + df -h + + officialBuildArgs= + if [ '${{ and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}' = 'True' ]; then + officialBuildArgs='/p:OfficialBuildId=$(BUILD.BUILDNUMBER)' + fi + + # If building on the internal project, the internal storage variable may be available (usually only if needed) + # In that case, add variables to allow the download of internal runtimes if the specified versions are not found + # in the default public locations. + internalRuntimeDownloadArgs= + if [ '$(dotnetbuilds-internal-container-read-token-base64)' != '$''(dotnetbuilds-internal-container-read-token-base64)' ]; then + internalRuntimeDownloadArgs='/p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) --runtimesourcefeed https://dotnetbuilds.blob.core.windows.net/internal --runtimesourcefeedkey $(dotnetbuilds-internal-container-read-token-base64)' + fi + + ./build.sh \ + --ci \ + --configuration $(_BuildConfig) \ + --publish \ + -bl \ + $officialBuildArgs \ + $internalRuntimeDownloadArgs \ + /p:DotNetPublishUsingPipelines=true \ + /p:ArcadeBuildTarball=true \ + /p:AzDoPat=$(dn-bot-all-orgs-build-rw-code-rw) + displayName: Create Tarball + + - task: CopyFiles@2 + displayName: Prepare BuildLogs staging directory + inputs: + Contents: | + **/*.log + **/*.binlog + TargetFolder: '$(Build.StagingDirectory)/BuildLogs' + CleanTargetFolder: true + continueOnError: true + condition: succeededOrFailed() + + - publish: '$(Build.StagingDirectory)/BuildLogs' + artifact: $(Agent.JobName)_BuildLogs_Attempt$(System.JobAttempt) + displayName: Publish BuildLogs + continueOnError: true + condition: succeededOrFailed() diff --git a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball.yml b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball.yml index 347f61cf86b9..7cba0c4eaf67 100644 --- a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball.yml +++ b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball.yml @@ -2,23 +2,27 @@ jobs: - job: Source_Build_Create_Tarball - container: mcr.microsoft.com/dotnet-buildtools/prereqs:fedora-38 + container: fedora38 displayName: Source-Build Create Tarball pool: ${{ if eq(variables['System.TeamProject'], 'public') }}: ${{ if in(variables['Build.Reason'], 'PullRequest') }}: name: NetCore-Public-XL - demands: ImageOverride -equals Build.Ubuntu.1804.Amd64.Open + image: 1es-ubuntu-2004-open + os: linux ${{ else }}: name: NetCore-Svc-Public - demands: ImageOverride -equals Build.Ubuntu.1804.Amd64.Open + image: 1es-ubuntu-2004-open + os: linux ${{ if eq(variables['System.TeamProject'], 'internal') }}: ${{ if in(variables['Build.Reason'], 'PullRequest') }}: name: NetCore1ESPool-Internal-XL - demands: ImageOverride -equals Build.Ubuntu.1804.Amd64 + image: 1es-ubuntu-2004 + os: linux ${{ else }}: name: NetCore1ESPool-Svc-Internal - demands: ImageOverride -equals Build.Ubuntu.1804.Amd64 + image: 1es-ubuntu-2004 + os: linux variables: - name: _BuildConfig @@ -78,8 +82,10 @@ jobs: continueOnError: true condition: succeededOrFailed() - - publish: '$(Build.StagingDirectory)/BuildLogs' - artifact: $(Agent.JobName)_BuildLogs_Attempt$(System.JobAttempt) + - task: 1ES.PublishPipelineArtifact@1 displayName: Publish BuildLogs + inputs: + targetPath: $(Build.StagingDirectory)/BuildLogs + artifactName: $(Agent.JobName)_BuildLogs_Attempt$(System.JobAttempt) continueOnError: true condition: succeededOrFailed() diff --git a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build-pr.yml b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build-pr.yml new file mode 100644 index 000000000000..6e9c404c53d3 --- /dev/null +++ b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build-pr.yml @@ -0,0 +1,147 @@ +# Builds a source-build tarball + +parameters: + # Dependent jobs that must be completed before this job will run + dependsOn: + + # Resource id of the installer build to retrieve source/product tarball's from + installerBuildResourceId: current + + # The following parameters aren't expected to be passed in rather they are used for encapsulation + # ----------------------------------------------------------------------------------------------- + alpine317Container: mcr.microsoft.com/dotnet-buildtools/prereqs:alpine-3.17 + centOSStream8Container: mcr.microsoft.com/dotnet-buildtools/prereqs:centos-stream8 + centOSStream9Container: mcr.microsoft.com/dotnet-buildtools/prereqs:centos-stream9 + debian11Arm64Container: mcr.microsoft.com/dotnet-buildtools/prereqs:debian-11-arm64v8 + fedora38Container: mcr.microsoft.com/dotnet-buildtools/prereqs:fedora-38 + ubuntu2004Container: mcr.microsoft.com/dotnet-buildtools/prereqs:ubuntu-20.04 + poolInternalAmd64: + name: NetCore1ESPool-Svc-Internal + demands: ImageOverride -equals Build.Ubuntu.1804.Amd64 + poolInternalAmd64PR: + name: NetCore1ESPool-Internal-XL + demands: ImageOverride -equals Build.Ubuntu.1804.Amd64 + poolInternalArm64: + name: Docker-Linux-Arm-Internal + poolPublicAmd64: + name: NetCore-Public-XL + demands: ImageOverride -equals Build.Ubuntu.1804.Amd64.Open + +jobs: +- template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball-pr.yml + parameters: + architecture: x64 + dependsOn: ${{ parameters.dependsOn }} + ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}: + excludeSdkContentTests: true + installerBuildResourceId: ${{ parameters.installerBuildResourceId }} + matrix: + CentOSStream8-Online: + _BootstrapPrep: true + _Container: ${{ parameters.centOSStream8Container }} + _EnablePoison: false + _ExcludeOmniSharpTests: true + _OverrideDistroDisablingSha1: false + _RunOnline: true + _WithPreviousSDK: false + CentOSStream8-Offline: + _BootstrapPrep: true + _Container: ${{ parameters.centOSStream8Container }} + _EnablePoison: false + _ExcludeOmniSharpTests: true + _RunOnline: false + _WithPreviousSDK: false + ${{ if ne(variables['Build.Reason'], 'PullRequest') }}: + Alpine317-Offline: + _BootstrapPrep: true + _Container: ${{ parameters.alpine317Container }} + _EnablePoison: false + _ExcludeOmniSharpTests: true + _OverrideDistroDisablingSha1: false + _RunOnline: false + _WithPreviousSDK: false + CentOSStream8-WithPreviousSDK: + _BootstrapPrep: false + _Container: ${{ parameters.centOSStream8Container }} + _EnablePoison: false + _ExcludeOmniSharpTests: true + _RunOnline: false + _WithPreviousSDK: true + CentOSStream9-Offline: + _BootstrapPrep: true + _Container: ${{ parameters.centOSStream9Container }} + _EnablePoison: false + _ExcludeOmniSharpTests: false + _OverrideDistroDisablingSha1: true + _RunOnline: false + _WithPreviousSDK: false + Fedora38-Offline: + _BootstrapPrep: true + _Container: ${{ parameters.fedora38Container }} + _EnablePoison: true + _ExcludeOmniSharpTests: false + _OverrideDistroDisablingSha1: false + _RunOnline: false + _WithPreviousSDK: false + Ubuntu2004-Offline: + _BootstrapPrep: true + _Container: ${{ parameters.ubuntu2004Container }} + _EnablePoison: false + _ExcludeOmniSharpTests: false + _OverrideDistroDisablingSha1: false + _RunOnline: false + _WithPreviousSDK: false + name: Build_Tarball_x64 + pool: + ${{ if eq(variables['System.TeamProject'], 'public') }}: + ${{ parameters.poolPublicAmd64 }} + ${{ if eq(variables['System.TeamProject'], 'internal') }}: + ${{ if in(variables['Build.Reason'], 'PullRequest') }}: + ${{ parameters.poolInternalAmd64PR }} + ${{ else }}: + ${{ parameters.poolInternalAmd64 }} + +- ${{ if and(eq(variables['System.TeamProject'], 'internal'), ne(variables['Build.Reason'], 'PullRequest')) }}: + - template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball-pr.yml + parameters: + architecture: arm64 + dependsOn: ${{ parameters.dependsOn }} + installerBuildResourceId: ${{ parameters.installerBuildResourceId }} + matrix: + Debian11-Offline: + _BootstrapPrep: true + _Container: ${{ parameters.debian11Arm64Container }} + _EnablePoison: false + _ExcludeOmniSharpTests: false + _OverrideDistroDisablingSha1: false + _RunOnline: false + _WithPreviousSDK: false + name: Build_Tarball_arm64 + pool: ${{ parameters.poolInternalArm64 }} + +- ${{ if ne(variables['Build.Reason'], 'PullRequest') }}: + - template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball-pr.yml + parameters: + architecture: x64 + # Always attempt to run the bootstrap leg (e.g. even when stage 1 tests fail) in order to get a complete assessment of the build status. + # The bootstrap build will shortcut if the stage 1 build failed. + condition: succeededOrFailed() + dependsOn: Build_Tarball_x64 + excludeSdkContentTests: true + installerBuildResourceId: ${{ parameters.installerBuildResourceId }} + matrix: + Fedora38-Offline: + _PreviousSourceBuildArtifact: Build_Tarball_x64 Fedora38-Offline_Artifacts + _Container: ${{ parameters.fedora38Container }} + _EnablePoison: false + _ExcludeOmniSharpTests: false + _OverrideDistroDisablingSha1: false + _RunOnline: false + _WithPreviousSDK: false + name: Build_Tarball_x64_Using_Previous + pool: + ${{ if eq(variables['System.TeamProject'], 'public') }}: + ${{ parameters.poolPublicAmd64 }} + ${{ if eq(variables['System.TeamProject'], 'internal') }}: + ${{ parameters.poolInternalAmd64 }} + usePreviousArtifacts: true diff --git a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml index 307cb73072b6..f7f9cdb4881f 100644 --- a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml +++ b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml @@ -17,15 +17,21 @@ parameters: ubuntu2004Container: mcr.microsoft.com/dotnet-buildtools/prereqs:ubuntu-20.04 poolInternalAmd64: name: NetCore1ESPool-Svc-Internal - demands: ImageOverride -equals Build.Ubuntu.1804.Amd64 + image: 1es-ubuntu-2004 + os: linux poolInternalAmd64PR: name: NetCore1ESPool-Internal-XL - demands: ImageOverride -equals Build.Ubuntu.1804.Amd64 + image: 1es-ubuntu-2004 + os: linux poolInternalArm64: name: Docker-Linux-Arm-Internal + image: Mariner-2-Docker-ARM64 + os: linux + hostArchitecture: Arm64 poolPublicAmd64: name: NetCore-Public-XL - demands: ImageOverride -equals Build.Ubuntu.1804.Amd64.Open + image: 1es-ubuntu-2004-open + os: linux jobs: - template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball.yml @@ -123,7 +129,7 @@ jobs: - template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball.yml parameters: architecture: x64 - # Always attempt to run the bootstrap leg (e.g. even when stage 1 tests fail) in order to get a complete accessment of the build status. + # Always attempt to run the bootstrap leg (e.g. even when stage 1 tests fail) in order to get a complete assessment of the build status. # The bootstrap build will shortcut if the stage 1 build failed. condition: succeededOrFailed() dependsOn: Build_Tarball_x64 From 2bb7203d8b4a11a90518a61ba36c6bc2a8a9a216 Mon Sep 17 00:00:00 2001 From: Michael Yanni Date: Tue, 26 Mar 2024 12:08:20 -0700 Subject: [PATCH 7/8] Migrate source-build-tarball-build-official --- eng/source-build-tarball-build-official.yml | 26 ++++++++++++++++----- eng/source-build-tarball-build.yml | 14 ----------- 2 files changed, 20 insertions(+), 20 deletions(-) delete mode 100644 eng/source-build-tarball-build.yml diff --git a/eng/source-build-tarball-build-official.yml b/eng/source-build-tarball-build-official.yml index aa1de43eba64..f93d87fef172 100644 --- a/eng/source-build-tarball-build-official.yml +++ b/eng/source-build-tarball-build-official.yml @@ -1,5 +1,6 @@ trigger: none pr: none + resources: pipelines: - pipeline: installer-build-resource @@ -19,10 +20,23 @@ resources: - internal/release/7.0.4xx stages: - build + repositories: + - repository: 1ESPipelineTemplates + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release -stages: -- stage: build - jobs: - - template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml - parameters: - installerBuildResourceId: installer-build-resource +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates + parameters: + sdl: + sourceAnalysisPool: + name: NetCore1ESPool-Svc-Internal + image: 1es-windows-2022 + os: windows + stages: + - stage: build + jobs: + - template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml@self + parameters: + installerBuildResourceId: installer-build-resource diff --git a/eng/source-build-tarball-build.yml b/eng/source-build-tarball-build.yml deleted file mode 100644 index da87d93cf801..000000000000 --- a/eng/source-build-tarball-build.yml +++ /dev/null @@ -1,14 +0,0 @@ -trigger: none -pr: none -resources: - pipelines: - - pipeline: installer-build-resource - source: installer - trigger: none - -stages: -- stage: build - jobs: - - template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml - parameters: - installerBuildResourceId: installer-build-resource From ade6309cc34124abf5d34cefad6f0d238e83a3a1 Mon Sep 17 00:00:00 2001 From: Michael Yanni Date: Tue, 26 Mar 2024 14:25:12 -0700 Subject: [PATCH 8/8] Using MicroBuildOutputFolderOverride to move the MicroBuild plugin install directory. --- .vsts-ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.vsts-ci.yml b/.vsts-ci.yml index 498d4e2aeaa7..d53d48105ad7 100644 --- a/.vsts-ci.yml +++ b/.vsts-ci.yml @@ -50,6 +50,9 @@ variables: value: NetCore-Svc-Public - name: DncEngInternalBuildPool value: NetCore1ESPool-Svc-Internal +# Set the MicroBuild plugin installation directory to the agent temp directory to avoid SDL tool scanning. +- name: MicroBuildOutputFolderOverride + value: $(Agent.TempDirectory) resources: repositories: