From ad5f5420098f7e1628f4f11e5057b9846067c226 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Tue, 25 Jun 2024 12:38:34 +0000 Subject: [PATCH 01/29] Update dependencies from https://github.com/dotnet/arcade build 20240624.7 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24324.7 --- eng/Version.Details.xml | 4 +- eng/common/post-build/publish-using-darc.ps1 | 15 +++---- .../job/publish-build-assets.yml | 12 +++--- .../templates-official/job/source-build.yml | 8 ++++ .../templates-official/jobs/source-build.yml | 8 ++++ .../post-build/post-build.yml | 8 ++-- .../steps/enable-internal-runtimes.yml | 28 ++++++++++++ .../steps/get-delegation-sas.yml | 43 +++++++++++++++++++ .../steps/get-federated-access-token.yml | 28 ++++++++++++ .../templates/job/publish-build-assets.yml | 12 +++--- eng/common/templates/job/source-build.yml | 8 ++++ eng/common/templates/jobs/source-build.yml | 8 ++++ .../templates/post-build/post-build.yml | 8 ++-- .../post-build/setup-maestro-vars.yml | 28 ++++++------ .../steps/enable-internal-runtimes.yml | 28 ++++++++++++ .../templates/steps/get-delegation-sas.yml | 43 +++++++++++++++++++ .../steps/get-federated-access-token.yml | 28 ++++++++++++ global.json | 2 +- 18 files changed, 278 insertions(+), 41 deletions(-) create mode 100644 eng/common/templates-official/steps/enable-internal-runtimes.yml create mode 100644 eng/common/templates-official/steps/get-delegation-sas.yml create mode 100644 eng/common/templates-official/steps/get-federated-access-token.yml create mode 100644 eng/common/templates/steps/enable-internal-runtimes.yml create mode 100644 eng/common/templates/steps/get-delegation-sas.yml create mode 100644 eng/common/templates/steps/get-federated-access-token.yml diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index ff6b85afaaa..68b7b91d641 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -30,9 +30,9 @@ - + https://github.com/dotnet/arcade - c214b6ad17aedca4fa48294d80f6c52ef2463081 + 3fe41d9e97519a4e9b48293906dbf58714ea9a0d diff --git a/eng/common/post-build/publish-using-darc.ps1 b/eng/common/post-build/publish-using-darc.ps1 index 5a3a32ea8d7..238945cb5ab 100644 --- a/eng/common/post-build/publish-using-darc.ps1 +++ b/eng/common/post-build/publish-using-darc.ps1 @@ -2,7 +2,6 @@ param( [Parameter(Mandatory=$true)][int] $BuildId, [Parameter(Mandatory=$true)][int] $PublishingInfraVersion, [Parameter(Mandatory=$true)][string] $AzdoToken, - [Parameter(Mandatory=$true)][string] $MaestroToken, [Parameter(Mandatory=$false)][string] $MaestroApiEndPoint = 'https://maestro.dot.net', [Parameter(Mandatory=$true)][string] $WaitPublishingFinish, [Parameter(Mandatory=$false)][string] $ArtifactsPublishingAdditionalParameters, @@ -31,13 +30,13 @@ try { } & $darc add-build-to-channel ` - --id $buildId ` - --publishing-infra-version $PublishingInfraVersion ` - --default-channels ` - --source-branch main ` - --azdev-pat $AzdoToken ` - --bar-uri $MaestroApiEndPoint ` - --password $MaestroToken ` + --id $buildId ` + --publishing-infra-version $PublishingInfraVersion ` + --default-channels ` + --source-branch main ` + --azdev-pat "$AzdoToken" ` + --bar-uri "$MaestroApiEndPoint" ` + --ci ` @optionalParams if ($LastExitCode -ne 0) { diff --git a/eng/common/templates-official/job/publish-build-assets.yml b/eng/common/templates-official/job/publish-build-assets.yml index 589ac80a18b..d01739c1285 100644 --- a/eng/common/templates-official/job/publish-build-assets.yml +++ b/eng/common/templates-official/job/publish-build-assets.yml @@ -76,13 +76,16 @@ jobs: - task: NuGetAuthenticate@1 - - task: PowerShell@2 + - task: AzureCLI@2 displayName: Publish Build Assets inputs: - filePath: eng\common\sdk-task.ps1 - arguments: -task PublishBuildAssets -restore -msbuildEngine dotnet + azureSubscription: "Darc: Maestro Production" + scriptType: ps + scriptLocation: scriptPath + scriptPath: $(Build.SourcesDirectory)/eng/common/sdk-task.ps1 + arguments: > + -task PublishBuildAssets -restore -msbuildEngine dotnet /p:ManifestsPath='$(Build.StagingDirectory)/Download/AssetManifests' - /p:BuildAssetRegistryToken=$(MaestroAccessToken) /p:MaestroApiEndpoint=https://maestro-prod.westus2.cloudapp.azure.com /p:PublishUsingPipelines=${{ parameters.publishUsingPipelines }} /p:OfficialBuildId=$(Build.BuildNumber) @@ -144,7 +147,6 @@ jobs: arguments: -BuildId $(BARBuildId) -PublishingInfraVersion 3 -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' - -MaestroToken '$(MaestroApiAccessToken)' -WaitPublishingFinish true -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}' -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}' diff --git a/eng/common/templates-official/job/source-build.yml b/eng/common/templates-official/job/source-build.yml index f193dfbe236..f983033bb02 100644 --- a/eng/common/templates-official/job/source-build.yml +++ b/eng/common/templates-official/job/source-build.yml @@ -31,6 +31,12 @@ parameters: # container and pool. platform: {} + # If set to true and running on a non-public project, + # Internal blob storage locations will be enabled. + # This is not enabled by default because many repositories do not need internal sources + # and do not need to have the required service connections approved in the pipeline. + enableInternalSources: false + jobs: - job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }} displayName: Source-Build (${{ parameters.platform.name }}) @@ -62,6 +68,8 @@ jobs: clean: all steps: + - ${{ if eq(parameters.enableInternalSources, true) }}: + - template: /eng/common/templates-official/steps/enable-internal-runtimes.yml - template: /eng/common/templates-official/steps/source-build.yml parameters: platform: ${{ parameters.platform }} diff --git a/eng/common/templates-official/jobs/source-build.yml b/eng/common/templates-official/jobs/source-build.yml index 08e5db9bb11..5cf6a269c0b 100644 --- a/eng/common/templates-official/jobs/source-build.yml +++ b/eng/common/templates-official/jobs/source-build.yml @@ -21,6 +21,12 @@ parameters: # one job runs on 'defaultManagedPlatform'. platforms: [] + # If set to true and running on a non-public project, + # Internal nuget and blob storage locations will be enabled. + # This is not enabled by default because many repositories do not need internal sources + # and do not need to have the required service connections approved in the pipeline. + enableInternalSources: false + jobs: - ${{ if ne(parameters.allCompletedJobId, '') }}: @@ -38,9 +44,11 @@ jobs: parameters: jobNamePrefix: ${{ parameters.jobNamePrefix }} platform: ${{ platform }} + enableInternalSources: ${{ parameters.enableInternalSources }} - ${{ if eq(length(parameters.platforms), 0) }}: - template: /eng/common/templates-official/job/source-build.yml parameters: jobNamePrefix: ${{ parameters.jobNamePrefix }} platform: ${{ parameters.defaultManagedPlatform }} + enableInternalSources: ${{ parameters.enableInternalSources }} diff --git a/eng/common/templates-official/post-build/post-build.yml b/eng/common/templates-official/post-build/post-build.yml index da1f40958b4..0dfa387e7b7 100644 --- a/eng/common/templates-official/post-build/post-build.yml +++ b/eng/common/templates-official/post-build/post-build.yml @@ -272,14 +272,16 @@ stages: - task: NuGetAuthenticate@1 - - task: PowerShell@2 + - task: AzureCLI@2 displayName: Publish Using Darc inputs: - filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 + azureSubscription: "Darc: Maestro Production" + scriptType: ps + scriptLocation: scriptPath + scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 arguments: -BuildId $(BARBuildId) -PublishingInfraVersion ${{ parameters.publishingInfraVersion }} -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' - -MaestroToken '$(MaestroApiAccessToken)' -WaitPublishingFinish true -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}' -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}' diff --git a/eng/common/templates-official/steps/enable-internal-runtimes.yml b/eng/common/templates-official/steps/enable-internal-runtimes.yml new file mode 100644 index 00000000000..93a8394a666 --- /dev/null +++ b/eng/common/templates-official/steps/enable-internal-runtimes.yml @@ -0,0 +1,28 @@ +# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64' +# variable with the base64-encoded SAS token, by default + +parameters: +- name: federatedServiceConnection + type: string + default: 'dotnetbuilds-internal-read' +- name: outputVariableName + type: string + default: 'dotnetbuilds-internal-container-read-token-base64' +- name: expiryInHours + type: number + default: 1 +- name: base64Encode + type: boolean + default: true + +steps: +- ${{ if ne(variables['System.TeamProject'], 'public') }}: + - template: /eng/common/templates-official/steps/get-delegation-sas.yml + parameters: + federatedServiceConnection: ${{ parameters.federatedServiceConnection }} + outputVariableName: ${{ parameters.outputVariableName }} + expiryInHours: ${{ parameters.expiryInHours }} + base64Encode: ${{ parameters.base64Encode }} + storageAccount: dotnetbuilds + container: internal + permissions: rl diff --git a/eng/common/templates-official/steps/get-delegation-sas.yml b/eng/common/templates-official/steps/get-delegation-sas.yml new file mode 100644 index 00000000000..c0e8f91317f --- /dev/null +++ b/eng/common/templates-official/steps/get-delegation-sas.yml @@ -0,0 +1,43 @@ +parameters: +- name: federatedServiceConnection + type: string +- name: outputVariableName + type: string +- name: expiryInHours + type: number + default: 1 +- name: base64Encode + type: boolean + default: false +- name: storageAccount + type: string +- name: container + type: string +- name: permissions + type: string + default: 'rl' + +steps: +- task: AzureCLI@2 + displayName: 'Generate delegation SAS Token for ${{ parameters.storageAccount }}/${{ parameters.container }}' + inputs: + azureSubscription: ${{ parameters.federatedServiceConnection }} + scriptType: 'pscore' + scriptLocation: 'inlineScript' + inlineScript: | + # Calculate the expiration of the SAS token and convert to UTC + $expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ") + + $sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv + + if ($LASTEXITCODE -ne 0) { + Write-Error "Failed to generate SAS token." + exit 1 + } + + if ('${{ parameters.base64Encode }}' -eq 'true') { + $sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas)) + } + + Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value" + Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$sas" diff --git a/eng/common/templates-official/steps/get-federated-access-token.yml b/eng/common/templates-official/steps/get-federated-access-token.yml new file mode 100644 index 00000000000..e3786cef6df --- /dev/null +++ b/eng/common/templates-official/steps/get-federated-access-token.yml @@ -0,0 +1,28 @@ +parameters: +- name: federatedServiceConnection + type: string +- name: outputVariableName + type: string +# Resource to get a token for. Common values include: +# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps +# - 'https://storage.azure.com/' for storage +# Defaults to Azure DevOps +- name: resource + type: string + default: '499b84ac-1321-427f-aa17-267ca6975798' + +steps: +- task: AzureCLI@2 + displayName: 'Getting federated access token for feeds' + inputs: + azureSubscription: ${{ parameters.federatedServiceConnection }} + scriptType: 'pscore' + scriptLocation: 'inlineScript' + inlineScript: | + $accessToken = az account get-access-token --query accessToken --resource ${{ parameters.resource }} --output tsv + if ($LASTEXITCODE -ne 0) { + Write-Error "Failed to get access token for resource '${{ parameters.resource }}'" + exit 1 + } + Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value" + Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken" diff --git a/eng/common/templates/job/publish-build-assets.yml b/eng/common/templates/job/publish-build-assets.yml index 8ec0151def2..9fd69fa7c9b 100644 --- a/eng/common/templates/job/publish-build-assets.yml +++ b/eng/common/templates/job/publish-build-assets.yml @@ -74,13 +74,16 @@ jobs: - task: NuGetAuthenticate@1 - - task: PowerShell@2 + - task: AzureCLI@2 displayName: Publish Build Assets inputs: - filePath: eng\common\sdk-task.ps1 - arguments: -task PublishBuildAssets -restore -msbuildEngine dotnet + azureSubscription: "Darc: Maestro Production" + scriptType: ps + scriptLocation: scriptPath + scriptPath: $(Build.SourcesDirectory)/eng/common/sdk-task.ps1 + arguments: > + -task PublishBuildAssets -restore -msbuildEngine dotnet /p:ManifestsPath='$(Build.StagingDirectory)/Download/AssetManifests' - /p:BuildAssetRegistryToken=$(MaestroAccessToken) /p:MaestroApiEndpoint=https://maestro.dot.net /p:PublishUsingPipelines=${{ parameters.publishUsingPipelines }} /p:OfficialBuildId=$(Build.BuildNumber) @@ -140,7 +143,6 @@ jobs: arguments: -BuildId $(BARBuildId) -PublishingInfraVersion 3 -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' - -MaestroToken '$(MaestroApiAccessToken)' -WaitPublishingFinish true -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}' -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}' diff --git a/eng/common/templates/job/source-build.yml b/eng/common/templates/job/source-build.yml index 8a3deef2b72..c0ff472b697 100644 --- a/eng/common/templates/job/source-build.yml +++ b/eng/common/templates/job/source-build.yml @@ -31,6 +31,12 @@ parameters: # container and pool. platform: {} + # If set to true and running on a non-public project, + # Internal blob storage locations will be enabled. + # This is not enabled by default because many repositories do not need internal sources + # and do not need to have the required service connections approved in the pipeline. + enableInternalSources: false + jobs: - job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }} displayName: Source-Build (${{ parameters.platform.name }}) @@ -61,6 +67,8 @@ jobs: clean: all steps: + - ${{ if eq(parameters.enableInternalSources, true) }}: + - template: /eng/common/templates/steps/enable-internal-runtimes.yml - template: /eng/common/templates/steps/source-build.yml parameters: platform: ${{ parameters.platform }} diff --git a/eng/common/templates/jobs/source-build.yml b/eng/common/templates/jobs/source-build.yml index a15b07eb51d..5f46bfa895c 100644 --- a/eng/common/templates/jobs/source-build.yml +++ b/eng/common/templates/jobs/source-build.yml @@ -21,6 +21,12 @@ parameters: # one job runs on 'defaultManagedPlatform'. platforms: [] + # If set to true and running on a non-public project, + # Internal nuget and blob storage locations will be enabled. + # This is not enabled by default because many repositories do not need internal sources + # and do not need to have the required service connections approved in the pipeline. + enableInternalSources: false + jobs: - ${{ if ne(parameters.allCompletedJobId, '') }}: @@ -38,9 +44,11 @@ jobs: parameters: jobNamePrefix: ${{ parameters.jobNamePrefix }} platform: ${{ platform }} + enableInternalSources: ${{ parameters.enableInternalSources }} - ${{ if eq(length(parameters.platforms), 0) }}: - template: /eng/common/templates/job/source-build.yml parameters: jobNamePrefix: ${{ parameters.jobNamePrefix }} platform: ${{ parameters.defaultManagedPlatform }} + enableInternalSources: ${{ parameters.enableInternalSources }} diff --git a/eng/common/templates/post-build/post-build.yml b/eng/common/templates/post-build/post-build.yml index aba44a25a33..2db4933468f 100644 --- a/eng/common/templates/post-build/post-build.yml +++ b/eng/common/templates/post-build/post-build.yml @@ -268,14 +268,16 @@ stages: - task: NuGetAuthenticate@1 - - task: PowerShell@2 + - task: AzureCLI@2 displayName: Publish Using Darc inputs: - filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 + azureSubscription: "Darc: Maestro Production" + scriptType: ps + scriptLocation: scriptPath + scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 arguments: -BuildId $(BARBuildId) -PublishingInfraVersion ${{ parameters.publishingInfraVersion }} -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' - -MaestroToken '$(MaestroApiAccessToken)' -WaitPublishingFinish true -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}' -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}' diff --git a/eng/common/templates/post-build/setup-maestro-vars.yml b/eng/common/templates/post-build/setup-maestro-vars.yml index 0c87f149a4a..64b9abc6850 100644 --- a/eng/common/templates/post-build/setup-maestro-vars.yml +++ b/eng/common/templates/post-build/setup-maestro-vars.yml @@ -11,13 +11,14 @@ steps: artifactName: ReleaseConfigs checkDownloadedFiles: true - - task: PowerShell@2 + - task: AzureCLI@2 name: setReleaseVars displayName: Set Release Configs Vars inputs: - targetType: inline - pwsh: true - script: | + azureSubscription: "Darc: Maestro Production" + scriptType: pscore + scriptLocation: inlineScript + inlineScript: | try { if (!$Env:PromoteToMaestroChannels -or $Env:PromoteToMaestroChannels.Trim() -eq '') { $Content = Get-Content $(Build.StagingDirectory)/ReleaseConfigs/ReleaseConfigs.txt @@ -31,15 +32,16 @@ steps: $AzureDevOpsBuildId = $Env:Build_BuildId } else { - $buildApiEndpoint = "${Env:MaestroApiEndPoint}/api/builds/${Env:BARBuildId}?api-version=${Env:MaestroApiVersion}" + . $(Build.SourcesDirectory)\eng\common\tools.ps1 + $darc = Get-Darc + $buildInfo = & $darc get-build ` + --id ${{ parameters.BARBuildId }} ` + --extended ` + --output-format json ` + --ci ` + | convertFrom-Json - $apiHeaders = New-Object 'System.Collections.Generic.Dictionary[[String],[String]]' - $apiHeaders.Add('Accept', 'application/json') - $apiHeaders.Add('Authorization',"Bearer ${Env:MAESTRO_API_TOKEN}") - - $buildInfo = try { Invoke-WebRequest -Method Get -Uri $buildApiEndpoint -Headers $apiHeaders | ConvertFrom-Json } catch { Write-Host "Error: $_" } - - $BarId = $Env:BARBuildId + $BarId = ${{ parameters.BARBuildId }} $Channels = $Env:PromoteToMaestroChannels -split "," $Channels = $Channels -join "][" $Channels = "[$Channels]" @@ -65,6 +67,4 @@ steps: exit 1 } env: - MAESTRO_API_TOKEN: $(MaestroApiAccessToken) - BARBuildId: ${{ parameters.BARBuildId }} PromoteToMaestroChannels: ${{ parameters.PromoteToChannelIds }} diff --git a/eng/common/templates/steps/enable-internal-runtimes.yml b/eng/common/templates/steps/enable-internal-runtimes.yml new file mode 100644 index 00000000000..54dc9416c51 --- /dev/null +++ b/eng/common/templates/steps/enable-internal-runtimes.yml @@ -0,0 +1,28 @@ +# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64' +# variable with the base64-encoded SAS token, by default + +parameters: +- name: federatedServiceConnection + type: string + default: 'dotnetbuilds-internal-read' +- name: outputVariableName + type: string + default: 'dotnetbuilds-internal-container-read-token-base64' +- name: expiryInHours + type: number + default: 1 +- name: base64Encode + type: boolean + default: true + +steps: +- ${{ if ne(variables['System.TeamProject'], 'public') }}: + - template: /eng/common/templates/steps/get-delegation-sas.yml + parameters: + federatedServiceConnection: ${{ parameters.federatedServiceConnection }} + outputVariableName: ${{ parameters.outputVariableName }} + expiryInHours: ${{ parameters.expiryInHours }} + base64Encode: ${{ parameters.base64Encode }} + storageAccount: dotnetbuilds + container: internal + permissions: rl diff --git a/eng/common/templates/steps/get-delegation-sas.yml b/eng/common/templates/steps/get-delegation-sas.yml new file mode 100644 index 00000000000..c0e8f91317f --- /dev/null +++ b/eng/common/templates/steps/get-delegation-sas.yml @@ -0,0 +1,43 @@ +parameters: +- name: federatedServiceConnection + type: string +- name: outputVariableName + type: string +- name: expiryInHours + type: number + default: 1 +- name: base64Encode + type: boolean + default: false +- name: storageAccount + type: string +- name: container + type: string +- name: permissions + type: string + default: 'rl' + +steps: +- task: AzureCLI@2 + displayName: 'Generate delegation SAS Token for ${{ parameters.storageAccount }}/${{ parameters.container }}' + inputs: + azureSubscription: ${{ parameters.federatedServiceConnection }} + scriptType: 'pscore' + scriptLocation: 'inlineScript' + inlineScript: | + # Calculate the expiration of the SAS token and convert to UTC + $expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ") + + $sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv + + if ($LASTEXITCODE -ne 0) { + Write-Error "Failed to generate SAS token." + exit 1 + } + + if ('${{ parameters.base64Encode }}' -eq 'true') { + $sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas)) + } + + Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value" + Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$sas" diff --git a/eng/common/templates/steps/get-federated-access-token.yml b/eng/common/templates/steps/get-federated-access-token.yml new file mode 100644 index 00000000000..c8c49cc0e8f --- /dev/null +++ b/eng/common/templates/steps/get-federated-access-token.yml @@ -0,0 +1,28 @@ +parameters: +- name: federatedServiceConnection + type: string +- name: outputVariableName + type: string +# Resource to get a token for. Common values include: +# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps +# - 'https://storage.azure.com/' for storage +# Defaults to Azure DevOps +- name: resource + type: string + default: '499b84ac-1321-427f-aa17-267ca6975798' + +steps: +- task: AzureCLI@2 + displayName: 'Getting federated access token for feeds' + inputs: + azureSubscription: ${{ parameters.federatedServiceConnection }} + scriptType: 'pscore' + scriptLocation: 'inlineScript' + inlineScript: | + $accessToken = az account get-access-token --query accessToken --resource ${{ parameters.resource }} --output tsv + if ($LASTEXITCODE -ne 0) { + Write-Error "Failed to get access token for resource '${{ parameters.resource }}'" + exit 1 + } + Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value" + Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken" \ No newline at end of file diff --git a/global.json b/global.json index ac61062b1c7..7b1a769bc43 100644 --- a/global.json +++ b/global.json @@ -17,7 +17,7 @@ "perl": "5.38.2.2" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24311.3", + "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24324.7", "Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.23255.2" } } From 7bd31020093ffbd9bc8356b91e523913980027f3 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Wed, 26 Jun 2024 12:39:29 +0000 Subject: [PATCH 02/29] Update dependencies from https://github.com/dotnet/arcade build 20240624.7 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24324.7 From 1b60170f885f8e18cbffe0dd5bd4b12f30c80872 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Thu, 27 Jun 2024 12:46:03 +0000 Subject: [PATCH 03/29] Update dependencies from https://github.com/dotnet/arcade build 20240624.7 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24324.7 From 06cf1a2e58549fa8c9adfee7f86e8d9c01a322a0 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Fri, 28 Jun 2024 12:41:36 +0000 Subject: [PATCH 04/29] Update dependencies from https://github.com/dotnet/arcade build 20240624.7 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24324.7 From 46c8f7f1280cd42139914332db67b32d856d0e95 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Sat, 29 Jun 2024 12:24:39 +0000 Subject: [PATCH 05/29] Update dependencies from https://github.com/dotnet/arcade build 20240626.4 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24326.4 --- eng/Version.Details.xml | 4 ++-- global.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 68b7b91d641..e2f0f883776 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -30,9 +30,9 @@ - + https://github.com/dotnet/arcade - 3fe41d9e97519a4e9b48293906dbf58714ea9a0d + bee35f3044609d08c40566f8a008baa4d0451a9e diff --git a/global.json b/global.json index 7b1a769bc43..30e65614b26 100644 --- a/global.json +++ b/global.json @@ -17,7 +17,7 @@ "perl": "5.38.2.2" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24324.7", + "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24326.4", "Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.23255.2" } } From cf7878470abb63cac28769ccad786fa1be86255b Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Sun, 30 Jun 2024 12:23:10 +0000 Subject: [PATCH 06/29] Update dependencies from https://github.com/dotnet/arcade build 20240626.4 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24326.4 From 3bb740f1782840a3063f5f3d832573fd34e14154 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Mon, 1 Jul 2024 12:22:58 +0000 Subject: [PATCH 07/29] Update dependencies from https://github.com/dotnet/arcade build 20240628.2 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24328.2 --- eng/Version.Details.xml | 4 ++-- global.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index e2f0f883776..cef13a1c190 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -30,9 +30,9 @@ - + https://github.com/dotnet/arcade - bee35f3044609d08c40566f8a008baa4d0451a9e + 761c516b64fee3941d8909d24205ced835eed83e diff --git a/global.json b/global.json index 30e65614b26..6cfd0ca47bd 100644 --- a/global.json +++ b/global.json @@ -17,7 +17,7 @@ "perl": "5.38.2.2" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24326.4", + "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24328.2", "Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.23255.2" } } From 2ce9305b7c5ad454efb6ffb663c9c251499b4488 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Tue, 2 Jul 2024 12:40:35 +0000 Subject: [PATCH 08/29] Update dependencies from https://github.com/dotnet/arcade build 20240628.2 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24328.2 From 8b5be61cddc872bd786cc145e75db39e674df9ac Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Wed, 3 Jul 2024 12:42:20 +0000 Subject: [PATCH 09/29] Update dependencies from https://github.com/dotnet/arcade build 20240702.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24352.1 --- eng/Version.Details.xml | 4 ++-- global.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index cef13a1c190..544cec508d9 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -30,9 +30,9 @@ - + https://github.com/dotnet/arcade - 761c516b64fee3941d8909d24205ced835eed83e + 8b879da4e449c48d99f3f642fc429379a64e8fe8 diff --git a/global.json b/global.json index 9eefe415eaf..f4fed072353 100644 --- a/global.json +++ b/global.json @@ -17,7 +17,7 @@ "perl": "5.38.2.2" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24328.2", + "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24352.1", "Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.23255.2" } } From c1e1c84952b785013099e806698b6b7e2cd3d2d3 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Thu, 4 Jul 2024 12:28:39 +0000 Subject: [PATCH 10/29] Update dependencies from https://github.com/dotnet/arcade build 20240702.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24352.1 From 5e2005b420f8ebb7043887ab471b0e325be987d8 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Fri, 5 Jul 2024 12:30:02 +0000 Subject: [PATCH 11/29] Update dependencies from https://github.com/dotnet/arcade build 20240702.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24352.1 From d94ab77ec6dbc09a863814bd1dc9f59f203f5ae9 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Sat, 6 Jul 2024 12:27:24 +0000 Subject: [PATCH 12/29] Update dependencies from https://github.com/dotnet/arcade build 20240702.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24352.1 From 6604da50623f4e62e4d141dd969c05dadc8a0497 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Sun, 7 Jul 2024 12:25:38 +0000 Subject: [PATCH 13/29] Update dependencies from https://github.com/dotnet/arcade build 20240702.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24352.1 From ac46438fe74fe505735b0856fddbfa4097bc1587 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Mon, 8 Jul 2024 12:28:51 +0000 Subject: [PATCH 14/29] Update dependencies from https://github.com/dotnet/arcade build 20240702.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24352.1 From 3c60d533707e6c9e97e4a73e41f4e86c858618a7 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Tue, 9 Jul 2024 12:24:22 +0000 Subject: [PATCH 15/29] Update dependencies from https://github.com/dotnet/arcade build 20240702.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24352.1 From 5375139b8d74bcfed16a3da10bcaedd7065df945 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Wed, 10 Jul 2024 12:40:45 +0000 Subject: [PATCH 16/29] Update dependencies from https://github.com/dotnet/arcade build 20240709.3 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24359.3 --- eng/Version.Details.xml | 4 ++-- .../templates-official/job/publish-build-assets.yml | 9 ++++++--- eng/common/templates/job/publish-build-assets.yml | 9 ++++++--- global.json | 2 +- 4 files changed, 15 insertions(+), 9 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 544cec508d9..b7fd6cf0b4c 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -30,9 +30,9 @@ - + https://github.com/dotnet/arcade - 8b879da4e449c48d99f3f642fc429379a64e8fe8 + db87887481d4110c09a1004191002482fdd7e4f2 diff --git a/eng/common/templates-official/job/publish-build-assets.yml b/eng/common/templates-official/job/publish-build-assets.yml index d01739c1285..ba3e7df8158 100644 --- a/eng/common/templates-official/job/publish-build-assets.yml +++ b/eng/common/templates-official/job/publish-build-assets.yml @@ -140,11 +140,14 @@ jobs: BARBuildId: ${{ parameters.BARBuildId }} PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }} - - task: PowerShell@2 + - task: AzureCLI@2 displayName: Publish Using Darc inputs: - filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 - arguments: -BuildId $(BARBuildId) + azureSubscription: "Darc: Maestro Production" + scriptType: ps + scriptLocation: scriptPath + scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 + arguments: -BuildId $(BARBuildId) -PublishingInfraVersion 3 -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' -WaitPublishingFinish true diff --git a/eng/common/templates/job/publish-build-assets.yml b/eng/common/templates/job/publish-build-assets.yml index 9fd69fa7c9b..57a41f0a3e1 100644 --- a/eng/common/templates/job/publish-build-assets.yml +++ b/eng/common/templates/job/publish-build-assets.yml @@ -136,11 +136,14 @@ jobs: BARBuildId: ${{ parameters.BARBuildId }} PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }} - - task: PowerShell@2 + - task: AzureCLI@2 displayName: Publish Using Darc inputs: - filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 - arguments: -BuildId $(BARBuildId) + azureSubscription: "Darc: Maestro Production" + scriptType: ps + scriptLocation: scriptPath + scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1 + arguments: -BuildId $(BARBuildId) -PublishingInfraVersion 3 -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)' -WaitPublishingFinish true diff --git a/global.json b/global.json index f4fed072353..de212f2fe1a 100644 --- a/global.json +++ b/global.json @@ -17,7 +17,7 @@ "perl": "5.38.2.2" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24352.1", + "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24359.3", "Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.23255.2" } } From 7b612b1c71bf30bbe4af667bdc400c77b1eafa43 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Thu, 11 Jul 2024 12:39:53 +0000 Subject: [PATCH 17/29] Update dependencies from https://github.com/dotnet/arcade build 20240710.5 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24360.5 --- eng/Version.Details.xml | 4 ++-- global.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index b7fd6cf0b4c..41d89305af2 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -30,9 +30,9 @@ - + https://github.com/dotnet/arcade - db87887481d4110c09a1004191002482fdd7e4f2 + c9efa535175049eb9cba06cae1f8c3d5dbe768a9 diff --git a/global.json b/global.json index de212f2fe1a..42fcd65fa48 100644 --- a/global.json +++ b/global.json @@ -17,7 +17,7 @@ "perl": "5.38.2.2" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24359.3", + "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24360.5", "Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.23255.2" } } From 679963dcd502b2f49a2237c198fd8f89bc22cb36 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Thu, 11 Jul 2024 16:42:51 +0000 Subject: [PATCH 18/29] Update dependencies from https://github.com/dotnet/arcade build 20240710.5 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24360.5 From 67301fc47417d051ec19e15ded01d5aaa126101b Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Fri, 12 Jul 2024 12:21:09 +0000 Subject: [PATCH 19/29] Update dependencies from https://github.com/dotnet/arcade build 20240710.5 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24360.5 From b67c6b4ea032043e9f81425ff28bc768fe8cf4ea Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Sat, 13 Jul 2024 12:23:51 +0000 Subject: [PATCH 20/29] Update dependencies from https://github.com/dotnet/arcade build 20240710.5 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24360.5 From 6d27c2afd51c52619aa40320fb6fc7a06d574290 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Sun, 14 Jul 2024 12:22:45 +0000 Subject: [PATCH 21/29] Update dependencies from https://github.com/dotnet/arcade build 20240710.5 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24360.5 From 5a256504b8ba9a7b796594675942d7b2dc766d4b Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Mon, 15 Jul 2024 12:21:29 +0000 Subject: [PATCH 22/29] Update dependencies from https://github.com/dotnet/arcade build 20240710.5 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24360.5 From 7f22324a44aced8f194e3e3aaf653d5ef1021892 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Tue, 16 Jul 2024 12:23:27 +0000 Subject: [PATCH 23/29] Update dependencies from https://github.com/dotnet/arcade build 20240710.5 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24360.5 From 3e8fb630d8046da03b7afa24e8b0ef9154cec3a3 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Wed, 17 Jul 2024 12:23:31 +0000 Subject: [PATCH 24/29] Update dependencies from https://github.com/dotnet/arcade build 20240716.7 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24366.7 --- eng/Version.Details.xml | 4 ++-- eng/common/sdl/NuGet.config | 4 ++-- eng/common/sdl/sdl.ps1 | 4 +++- .../templates-official/steps/execute-sdl.yml | 2 -- .../steps/get-federated-access-token.yml | 14 +++++++++++++- eng/common/templates/steps/execute-sdl.yml | 2 -- .../templates/steps/get-federated-access-token.yml | 14 +++++++++++++- global.json | 2 +- 8 files changed, 34 insertions(+), 12 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 41d89305af2..8e70f7ca355 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -30,9 +30,9 @@ - + https://github.com/dotnet/arcade - c9efa535175049eb9cba06cae1f8c3d5dbe768a9 + 94d461b3cffed34241b7be548b6983ec8506bfc3 diff --git a/eng/common/sdl/NuGet.config b/eng/common/sdl/NuGet.config index 3849bdb3cf5..5bfbb02ef04 100644 --- a/eng/common/sdl/NuGet.config +++ b/eng/common/sdl/NuGet.config @@ -5,11 +5,11 @@ - + - + diff --git a/eng/common/sdl/sdl.ps1 b/eng/common/sdl/sdl.ps1 index 648c5068d7d..7fe603fe995 100644 --- a/eng/common/sdl/sdl.ps1 +++ b/eng/common/sdl/sdl.ps1 @@ -4,6 +4,8 @@ function Install-Gdn { [Parameter(Mandatory=$true)] [string]$Path, + [string]$Source = "https://pkgs.dev.azure.com/dnceng/_packaging/Guardian1ESPTUpstreamOrgFeed/nuget/v3/index.json", + # If omitted, install the latest version of Guardian, otherwise install that specific version. [string]$Version ) @@ -19,7 +21,7 @@ function Install-Gdn { $ci = $true . $PSScriptRoot\..\tools.ps1 - $argumentList = @("install", "Microsoft.Guardian.Cli", "-Source https://securitytools.pkgs.visualstudio.com/_packaging/Guardian/nuget/v3/index.json", "-OutputDirectory $Path", "-NonInteractive", "-NoCache") + $argumentList = @("install", "Microsoft.Guardian.Cli.win-x64", "-Source $Source", "-OutputDirectory $Path", "-NonInteractive", "-NoCache") if ($Version) { $argumentList += "-Version $Version" diff --git a/eng/common/templates-official/steps/execute-sdl.yml b/eng/common/templates-official/steps/execute-sdl.yml index 07426fde05d..301d5c591eb 100644 --- a/eng/common/templates-official/steps/execute-sdl.yml +++ b/eng/common/templates-official/steps/execute-sdl.yml @@ -9,8 +9,6 @@ parameters: steps: - task: NuGetAuthenticate@1 - inputs: - nuGetServiceConnections: GuardianConnect - task: NuGetToolInstaller@1 displayName: 'Install NuGet.exe' diff --git a/eng/common/templates-official/steps/get-federated-access-token.yml b/eng/common/templates-official/steps/get-federated-access-token.yml index e3786cef6df..55e33bd38f7 100644 --- a/eng/common/templates-official/steps/get-federated-access-token.yml +++ b/eng/common/templates-official/steps/get-federated-access-token.yml @@ -3,6 +3,12 @@ parameters: type: string - name: outputVariableName type: string +- name: stepName + type: string + default: 'getFederatedAccessToken' +- name: condition + type: string + default: '' # Resource to get a token for. Common values include: # - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps # - 'https://storage.azure.com/' for storage @@ -10,10 +16,16 @@ parameters: - name: resource type: string default: '499b84ac-1321-427f-aa17-267ca6975798' +- name: isStepOutputVariable + type: boolean + default: false steps: - task: AzureCLI@2 displayName: 'Getting federated access token for feeds' + name: ${{ parameters.stepName }} + ${{ if ne(parameters.condition, '') }}: + condition: ${{ parameters.condition }} inputs: azureSubscription: ${{ parameters.federatedServiceConnection }} scriptType: 'pscore' @@ -25,4 +37,4 @@ steps: exit 1 } Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value" - Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken" + Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true;isOutput=${{ parameters.isStepOutputVariable }}]$accessToken" \ No newline at end of file diff --git a/eng/common/templates/steps/execute-sdl.yml b/eng/common/templates/steps/execute-sdl.yml index 07426fde05d..301d5c591eb 100644 --- a/eng/common/templates/steps/execute-sdl.yml +++ b/eng/common/templates/steps/execute-sdl.yml @@ -9,8 +9,6 @@ parameters: steps: - task: NuGetAuthenticate@1 - inputs: - nuGetServiceConnections: GuardianConnect - task: NuGetToolInstaller@1 displayName: 'Install NuGet.exe' diff --git a/eng/common/templates/steps/get-federated-access-token.yml b/eng/common/templates/steps/get-federated-access-token.yml index c8c49cc0e8f..55e33bd38f7 100644 --- a/eng/common/templates/steps/get-federated-access-token.yml +++ b/eng/common/templates/steps/get-federated-access-token.yml @@ -3,6 +3,12 @@ parameters: type: string - name: outputVariableName type: string +- name: stepName + type: string + default: 'getFederatedAccessToken' +- name: condition + type: string + default: '' # Resource to get a token for. Common values include: # - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps # - 'https://storage.azure.com/' for storage @@ -10,10 +16,16 @@ parameters: - name: resource type: string default: '499b84ac-1321-427f-aa17-267ca6975798' +- name: isStepOutputVariable + type: boolean + default: false steps: - task: AzureCLI@2 displayName: 'Getting federated access token for feeds' + name: ${{ parameters.stepName }} + ${{ if ne(parameters.condition, '') }}: + condition: ${{ parameters.condition }} inputs: azureSubscription: ${{ parameters.federatedServiceConnection }} scriptType: 'pscore' @@ -25,4 +37,4 @@ steps: exit 1 } Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value" - Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken" \ No newline at end of file + Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true;isOutput=${{ parameters.isStepOutputVariable }}]$accessToken" \ No newline at end of file diff --git a/global.json b/global.json index 42fcd65fa48..0e1451569a3 100644 --- a/global.json +++ b/global.json @@ -17,7 +17,7 @@ "perl": "5.38.2.2" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24360.5", + "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24366.7", "Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.23255.2" } } From 56c7d9aeed968cb899f0a3457ceeeadb07861513 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Thu, 18 Jul 2024 12:29:56 +0000 Subject: [PATCH 25/29] Update dependencies from https://github.com/dotnet/arcade build 20240717.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24367.1 --- eng/Version.Details.xml | 4 ++-- eng/common/sdl/execute-all-sdl-tools.ps1 | 4 +--- eng/common/sdl/init-sdl.ps1 | 8 -------- eng/common/templates/steps/execute-sdl.yml | 5 ++++- global.json | 2 +- 5 files changed, 8 insertions(+), 15 deletions(-) diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index 8e70f7ca355..063c06a00de 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -30,9 +30,9 @@ - + https://github.com/dotnet/arcade - 94d461b3cffed34241b7be548b6983ec8506bfc3 + fa3d544b066661522f1ec5d5e8cfd461a29b0f8a diff --git a/eng/common/sdl/execute-all-sdl-tools.ps1 b/eng/common/sdl/execute-all-sdl-tools.ps1 index 4715d75e974..81ded5b7f47 100644 --- a/eng/common/sdl/execute-all-sdl-tools.ps1 +++ b/eng/common/sdl/execute-all-sdl-tools.ps1 @@ -6,7 +6,6 @@ Param( [string] $BranchName=$env:BUILD_SOURCEBRANCH, # Optional: name of branch or version of gdn settings; defaults to master [string] $SourceDirectory=$env:BUILD_SOURCESDIRECTORY, # Required: the directory where source files are located [string] $ArtifactsDirectory = (Join-Path $env:BUILD_ARTIFACTSTAGINGDIRECTORY ('artifacts')), # Required: the directory where build artifacts are located - [string] $AzureDevOpsAccessToken, # Required: access token for dnceng; should be provided via KeyVault # Optional: list of SDL tools to run on source code. See 'configure-sdl-tool.ps1' for tools list # format. @@ -75,7 +74,7 @@ try { } Exec-BlockVerbosely { - & $(Join-Path $PSScriptRoot 'init-sdl.ps1') -GuardianCliLocation $guardianCliLocation -Repository $RepoName -BranchName $BranchName -WorkingDirectory $workingDirectory -AzureDevOpsAccessToken $AzureDevOpsAccessToken -GuardianLoggerLevel $GuardianLoggerLevel + & $(Join-Path $PSScriptRoot 'init-sdl.ps1') -GuardianCliLocation $guardianCliLocation -Repository $RepoName -BranchName $BranchName -WorkingDirectory $workingDirectory -GuardianLoggerLevel $GuardianLoggerLevel } $gdnFolder = Join-Path $workingDirectory '.gdn' @@ -104,7 +103,6 @@ try { -TargetDirectory $targetDirectory ` -GdnFolder $gdnFolder ` -ToolsList $tools ` - -AzureDevOpsAccessToken $AzureDevOpsAccessToken ` -GuardianLoggerLevel $GuardianLoggerLevel ` -CrScanAdditionalRunConfigParams $CrScanAdditionalRunConfigParams ` -PoliCheckAdditionalRunConfigParams $PoliCheckAdditionalRunConfigParams ` diff --git a/eng/common/sdl/init-sdl.ps1 b/eng/common/sdl/init-sdl.ps1 index 3ac1d92b370..588ff8e22fb 100644 --- a/eng/common/sdl/init-sdl.ps1 +++ b/eng/common/sdl/init-sdl.ps1 @@ -3,7 +3,6 @@ Param( [string] $Repository, [string] $BranchName='master', [string] $WorkingDirectory, - [string] $AzureDevOpsAccessToken, [string] $GuardianLoggerLevel='Standard' ) @@ -21,14 +20,7 @@ $ci = $true # Don't display the console progress UI - it's a huge perf hit $ProgressPreference = 'SilentlyContinue' -# Construct basic auth from AzDO access token; construct URI to the repository's gdn folder stored in that repository; construct location of zip file -$encodedPat = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$AzureDevOpsAccessToken")) -$escapedRepository = [Uri]::EscapeDataString("/$Repository/$BranchName/.gdn") -$uri = "https://dev.azure.com/dnceng/internal/_apis/git/repositories/sdl-tool-cfg/Items?path=$escapedRepository&versionDescriptor[versionOptions]=0&`$format=zip&api-version=5.0" -$zipFile = "$WorkingDirectory/gdn.zip" - Add-Type -AssemblyName System.IO.Compression.FileSystem -$gdnFolder = (Join-Path $WorkingDirectory '.gdn') try { # if the folder does not exist, we'll do a guardian init and push it to the remote repository diff --git a/eng/common/templates/steps/execute-sdl.yml b/eng/common/templates/steps/execute-sdl.yml index 301d5c591eb..fe0ebf8c904 100644 --- a/eng/common/templates/steps/execute-sdl.yml +++ b/eng/common/templates/steps/execute-sdl.yml @@ -34,16 +34,19 @@ steps: displayName: Execute SDL (Overridden) continueOnError: ${{ parameters.sdlContinueOnError }} condition: ${{ parameters.condition }} + env: + GUARDIAN_DEFAULT_PACKAGE_SOURCE_SECRET: $(System.AccessToken) - ${{ if eq(parameters.overrideParameters, '') }}: - powershell: ${{ parameters.executeAllSdlToolsScript }} -GuardianCliLocation $(GuardianCliLocation) -NugetPackageDirectory $(Build.SourcesDirectory)\.packages - -AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw) ${{ parameters.additionalParameters }} displayName: Execute SDL continueOnError: ${{ parameters.sdlContinueOnError }} condition: ${{ parameters.condition }} + env: + GUARDIAN_DEFAULT_PACKAGE_SOURCE_SECRET: $(System.AccessToken) - ${{ if ne(parameters.publishGuardianDirectoryToPipeline, 'false') }}: # We want to publish the Guardian results and configuration for easy diagnosis. However, the diff --git a/global.json b/global.json index 0e1451569a3..f6fd4963636 100644 --- a/global.json +++ b/global.json @@ -17,7 +17,7 @@ "perl": "5.38.2.2" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24366.7", + "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24367.1", "Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.23255.2" } } From 9f1276dec8eb4b61bbceaa776a0c74076d72d50b Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Fri, 19 Jul 2024 12:48:38 +0000 Subject: [PATCH 26/29] Update dependencies from https://github.com/dotnet/arcade build 20240717.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24367.1 From 321fc15203877bacde3e8bdb0d422a3549a28cc8 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Sat, 20 Jul 2024 12:37:16 +0000 Subject: [PATCH 27/29] Update dependencies from https://github.com/dotnet/arcade build 20240717.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24367.1 From 9bf6e54bc187c46508e3dc205c618b8026227be0 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Sun, 21 Jul 2024 12:31:45 +0000 Subject: [PATCH 28/29] Update dependencies from https://github.com/dotnet/arcade build 20240717.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24367.1 From 523584d385b63bf265c6d7ebb131a4ca77a80f61 Mon Sep 17 00:00:00 2001 From: "dotnet-maestro[bot]" Date: Mon, 22 Jul 2024 12:31:01 +0000 Subject: [PATCH 29/29] Update dependencies from https://github.com/dotnet/arcade build 20240717.1 Microsoft.DotNet.Arcade.Sdk From Version 8.0.0-beta.24311.3 -> To Version 8.0.0-beta.24367.1