[release/6.0.4xx] Switch to dSAS for internal runtimes (#19939)
This commit is contained in:
parent
c6c1747abb
commit
37e3da1524
21 changed files with 295 additions and 36 deletions
|
@ -19,7 +19,6 @@ variables:
|
||||||
- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||||
- name: Codeql.Enabled
|
- name: Codeql.Enabled
|
||||||
value: true
|
value: true
|
||||||
- group: DotNet-DotNetCli-Storage
|
|
||||||
- group: DotNet-Installer-SDLValidation-Params
|
- group: DotNet-Installer-SDLValidation-Params
|
||||||
- name: _PublishUsingPipelines
|
- name: _PublishUsingPipelines
|
||||||
value: true
|
value: true
|
||||||
|
@ -36,7 +35,6 @@ variables:
|
||||||
- name: _InternalRuntimeDownloadArgs
|
- name: _InternalRuntimeDownloadArgs
|
||||||
value: ''
|
value: ''
|
||||||
- ${{ if eq(variables['System.TeamProject'], 'internal') }}:
|
- ${{ if eq(variables['System.TeamProject'], 'internal') }}:
|
||||||
- group: DotNetBuilds storage account read tokens
|
|
||||||
- name: _InternalRuntimeDownloadArgs
|
- name: _InternalRuntimeDownloadArgs
|
||||||
value: /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal
|
value: /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal
|
||||||
/p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64)
|
/p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64)
|
||||||
|
@ -412,6 +410,8 @@ extends:
|
||||||
_TestArg: ''
|
_TestArg: ''
|
||||||
|
|
||||||
- template: /eng/common/templates-official/jobs/source-build.yml@self
|
- template: /eng/common/templates-official/jobs/source-build.yml@self
|
||||||
|
parameters:
|
||||||
|
enableInternalSources: true
|
||||||
|
|
||||||
- template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball.yml@self
|
- template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball.yml@self
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,6 @@ variables:
|
||||||
- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||||
- name: Codeql.Enabled
|
- name: Codeql.Enabled
|
||||||
value: true
|
value: true
|
||||||
- group: DotNet-DotNetCli-Storage
|
|
||||||
- group: DotNet-Installer-SDLValidation-Params
|
- group: DotNet-Installer-SDLValidation-Params
|
||||||
- name: _PublishUsingPipelines
|
- name: _PublishUsingPipelines
|
||||||
value: true
|
value: true
|
||||||
|
@ -34,7 +33,6 @@ variables:
|
||||||
- name: _InternalRuntimeDownloadArgs
|
- name: _InternalRuntimeDownloadArgs
|
||||||
value: ''
|
value: ''
|
||||||
- ${{ if eq(variables['System.TeamProject'], 'internal') }}:
|
- ${{ if eq(variables['System.TeamProject'], 'internal') }}:
|
||||||
- group: DotNetBuilds storage account read tokens
|
|
||||||
- name: _InternalRuntimeDownloadArgs
|
- name: _InternalRuntimeDownloadArgs
|
||||||
value: /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal
|
value: /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal
|
||||||
/p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64)
|
/p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64)
|
||||||
|
@ -364,6 +362,8 @@ stages:
|
||||||
_TestArg: ''
|
_TestArg: ''
|
||||||
|
|
||||||
- template: /eng/common/templates/jobs/source-build.yml
|
- template: /eng/common/templates/jobs/source-build.yml
|
||||||
|
parameters:
|
||||||
|
enableInternalSources: true
|
||||||
|
|
||||||
- template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball-pr.yml
|
- template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball-pr.yml
|
||||||
|
|
||||||
|
|
|
@ -197,19 +197,19 @@
|
||||||
</Dependency>
|
</Dependency>
|
||||||
</ProductDependencies>
|
</ProductDependencies>
|
||||||
<ToolsetDependencies>
|
<ToolsetDependencies>
|
||||||
<Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="6.0.0-beta.24266.4">
|
<Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="6.0.0-beta.24326.2">
|
||||||
<Uri>https://github.com/dotnet/arcade</Uri>
|
<Uri>https://github.com/dotnet/arcade</Uri>
|
||||||
<Sha>2eab07c3d7b78219d10099b19fafeef2ecae1779</Sha>
|
<Sha>1844d819e6f33f1106083c5066ea01e0310eefa3</Sha>
|
||||||
<SourceBuild RepoName="arcade" ManagedOnly="true" />
|
<SourceBuild RepoName="arcade" ManagedOnly="true" />
|
||||||
</Dependency>
|
</Dependency>
|
||||||
<Dependency Name="Microsoft.DotNet.CMake.Sdk" Version="6.0.0-beta.24266.4">
|
<Dependency Name="Microsoft.DotNet.CMake.Sdk" Version="6.0.0-beta.24326.2">
|
||||||
<Uri>https://github.com/dotnet/arcade</Uri>
|
<Uri>https://github.com/dotnet/arcade</Uri>
|
||||||
<Sha>2eab07c3d7b78219d10099b19fafeef2ecae1779</Sha>
|
<Sha>1844d819e6f33f1106083c5066ea01e0310eefa3</Sha>
|
||||||
<SourceBuild RepoName="arcade" ManagedOnly="true" />
|
<SourceBuild RepoName="arcade" ManagedOnly="true" />
|
||||||
</Dependency>
|
</Dependency>
|
||||||
<Dependency Name="Microsoft.DotNet.Build.Tasks.Installers" Version="6.0.0-beta.24266.4">
|
<Dependency Name="Microsoft.DotNet.Build.Tasks.Installers" Version="6.0.0-beta.24326.2">
|
||||||
<Uri>https://github.com/dotnet/arcade</Uri>
|
<Uri>https://github.com/dotnet/arcade</Uri>
|
||||||
<Sha>2eab07c3d7b78219d10099b19fafeef2ecae1779</Sha>
|
<Sha>1844d819e6f33f1106083c5066ea01e0310eefa3</Sha>
|
||||||
</Dependency>
|
</Dependency>
|
||||||
<Dependency Name="Microsoft.SourceBuild.Intermediate.source-build-reference-packages" Version="6.0.0-servicing.24266.3">
|
<Dependency Name="Microsoft.SourceBuild.Intermediate.source-build-reference-packages" Version="6.0.0-servicing.24266.3">
|
||||||
<Uri>https://github.com/dotnet/source-build-reference-packages</Uri>
|
<Uri>https://github.com/dotnet/source-build-reference-packages</Uri>
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<!-- Dependency from https://github.com/dotnet/arcade -->
|
<!-- Dependency from https://github.com/dotnet/arcade -->
|
||||||
<MicrosoftDotNetBuildTasksInstallersPackageVersion>6.0.0-beta.24266.4</MicrosoftDotNetBuildTasksInstallersPackageVersion>
|
<MicrosoftDotNetBuildTasksInstallersPackageVersion>6.0.0-beta.24326.2</MicrosoftDotNetBuildTasksInstallersPackageVersion>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<!-- Dependency from https://github.com/dotnet/winforms -->
|
<!-- Dependency from https://github.com/dotnet/winforms -->
|
||||||
|
|
|
@ -66,6 +66,7 @@ phases:
|
||||||
steps:
|
steps:
|
||||||
- checkout: self
|
- checkout: self
|
||||||
clean: true
|
clean: true
|
||||||
|
- template: /eng/common/templates/steps/enable-internal-runtimes.yml
|
||||||
- ${{ if eq(parameters.agentOs, 'Windows_NT') }}:
|
- ${{ if eq(parameters.agentOs, 'Windows_NT') }}:
|
||||||
- ${{ if ne(variables['System.TeamProject'], 'public') }}:
|
- ${{ if ne(variables['System.TeamProject'], 'public') }}:
|
||||||
- task: PowerShell@2
|
- task: PowerShell@2
|
||||||
|
@ -96,7 +97,6 @@ phases:
|
||||||
arguments: $(Build.SourcesDirectory)/NuGet.config $Token
|
arguments: $(Build.SourcesDirectory)/NuGet.config $Token
|
||||||
env:
|
env:
|
||||||
Token: $(dn-bot-dnceng-artifact-feeds-rw)
|
Token: $(dn-bot-dnceng-artifact-feeds-rw)
|
||||||
|
|
||||||
- ${{ if eq(parameters.agentOs, 'Linux') }}:
|
- ${{ if eq(parameters.agentOs, 'Linux') }}:
|
||||||
- script: ./build.sh
|
- script: ./build.sh
|
||||||
$(_TestArg) $(_PackArg)
|
$(_TestArg) $(_PackArg)
|
||||||
|
|
|
@ -66,6 +66,7 @@ phases:
|
||||||
steps:
|
steps:
|
||||||
- checkout: self
|
- checkout: self
|
||||||
clean: true
|
clean: true
|
||||||
|
- template: /eng/common/templates/steps/enable-internal-runtimes.yml
|
||||||
- ${{ if eq(parameters.agentOs, 'Windows_NT') }}:
|
- ${{ if eq(parameters.agentOs, 'Windows_NT') }}:
|
||||||
- ${{ if ne(variables['System.TeamProject'], 'public') }}:
|
- ${{ if ne(variables['System.TeamProject'], 'public') }}:
|
||||||
- task: PowerShell@2
|
- task: PowerShell@2
|
||||||
|
|
|
@ -31,6 +31,12 @@ parameters:
|
||||||
# container and pool.
|
# container and pool.
|
||||||
platform: {}
|
platform: {}
|
||||||
|
|
||||||
|
# If set to true and running on a non-public project,
|
||||||
|
# Internal blob storage locations will be enabled.
|
||||||
|
# This is not enabled by default because many repositories do not need internal sources
|
||||||
|
# and do not need to have the required service connections approved in the pipeline.
|
||||||
|
enableInternalSources: false
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
- job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }}
|
- job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }}
|
||||||
displayName: Source-Build (${{ parameters.platform.name }})
|
displayName: Source-Build (${{ parameters.platform.name }})
|
||||||
|
@ -59,6 +65,8 @@ jobs:
|
||||||
clean: all
|
clean: all
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
- ${{ if eq(parameters.enableInternalSources, true) }}:
|
||||||
|
- template: /eng/common/templates-official/steps/enable-internal-runtimes.yml
|
||||||
- template: /eng/common/templates-official/steps/source-build.yml
|
- template: /eng/common/templates-official/steps/source-build.yml
|
||||||
parameters:
|
parameters:
|
||||||
platform: ${{ parameters.platform }}
|
platform: ${{ parameters.platform }}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
parameters:
|
parameters:
|
||||||
runAsPublic: false
|
runAsPublic: false
|
||||||
sourceIndexPackageVersion: 1.0.1-20240320.1
|
sourceIndexUploadPackageVersion: 2.0.0-20240502.12
|
||||||
|
sourceIndexProcessBinlogPackageVersion: 1.0.1-20240129.2
|
||||||
sourceIndexPackageSource: https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json
|
sourceIndexPackageSource: https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json
|
||||||
sourceIndexBuildCommand: powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "eng/common/build.ps1 -restore -build -binarylog -ci"
|
sourceIndexBuildCommand: powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "eng/common/build.ps1 -restore -build -binarylog -ci"
|
||||||
preSteps: []
|
preSteps: []
|
||||||
|
@ -17,14 +18,14 @@ jobs:
|
||||||
dependsOn: ${{ parameters.dependsOn }}
|
dependsOn: ${{ parameters.dependsOn }}
|
||||||
condition: ${{ parameters.condition }}
|
condition: ${{ parameters.condition }}
|
||||||
variables:
|
variables:
|
||||||
- name: SourceIndexPackageVersion
|
- name: SourceIndexUploadPackageVersion
|
||||||
value: ${{ parameters.sourceIndexPackageVersion }}
|
value: ${{ parameters.sourceIndexUploadPackageVersion }}
|
||||||
|
- name: SourceIndexProcessBinlogPackageVersion
|
||||||
|
value: ${{ parameters.sourceIndexProcessBinlogPackageVersion }}
|
||||||
- name: SourceIndexPackageSource
|
- name: SourceIndexPackageSource
|
||||||
value: ${{ parameters.sourceIndexPackageSource }}
|
value: ${{ parameters.sourceIndexPackageSource }}
|
||||||
- name: BinlogPath
|
- name: BinlogPath
|
||||||
value: ${{ parameters.binlogPath }}
|
value: ${{ parameters.binlogPath }}
|
||||||
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
|
||||||
- group: source-dot-net stage1 variables
|
|
||||||
|
|
||||||
pool: ${{ parameters.pool }}
|
pool: ${{ parameters.pool }}
|
||||||
steps:
|
steps:
|
||||||
|
@ -40,8 +41,8 @@ jobs:
|
||||||
workingDirectory: $(Agent.TempDirectory)
|
workingDirectory: $(Agent.TempDirectory)
|
||||||
|
|
||||||
- script: |
|
- script: |
|
||||||
$(Agent.TempDirectory)/dotnet/dotnet tool install BinLogToSln --version $(SourceIndexPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
|
$(Agent.TempDirectory)/dotnet/dotnet tool install BinLogToSln --version $(sourceIndexProcessBinlogPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
|
||||||
$(Agent.TempDirectory)/dotnet/dotnet tool install UploadIndexStage1 --version $(SourceIndexPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
|
$(Agent.TempDirectory)/dotnet/dotnet tool install UploadIndexStage1 --version $(sourceIndexUploadPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
|
||||||
displayName: Download Tools
|
displayName: Download Tools
|
||||||
# Set working directory to temp directory so 'dotnet' doesn't try to use global.json and use the repo's sdk.
|
# Set working directory to temp directory so 'dotnet' doesn't try to use global.json and use the repo's sdk.
|
||||||
workingDirectory: $(Agent.TempDirectory)
|
workingDirectory: $(Agent.TempDirectory)
|
||||||
|
@ -53,7 +54,21 @@ jobs:
|
||||||
displayName: Process Binlog into indexable sln
|
displayName: Process Binlog into indexable sln
|
||||||
|
|
||||||
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||||
- script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name)
|
- task: AzureCLI@2
|
||||||
|
displayName: Get stage 1 auth token
|
||||||
|
inputs:
|
||||||
|
azureSubscription: 'SourceDotNet Stage1 Publish'
|
||||||
|
addSpnToEnvironment: true
|
||||||
|
scriptType: 'ps'
|
||||||
|
scriptLocation: 'inlineScript'
|
||||||
|
inlineScript: |
|
||||||
|
echo "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$env:servicePrincipalId"
|
||||||
|
echo "##vso[task.setvariable variable=ARM_ID_TOKEN;issecret=true]$env:idToken"
|
||||||
|
echo "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$env:tenantId"
|
||||||
|
|
||||||
|
- script: |
|
||||||
|
az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)
|
||||||
|
displayName: "Login to Azure"
|
||||||
|
|
||||||
|
- script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) -s netsourceindexstage1 -b stage1
|
||||||
displayName: Upload stage1 artifacts to source index
|
displayName: Upload stage1 artifacts to source index
|
||||||
env:
|
|
||||||
BLOB_CONTAINER_URL: $(source-dot-net-stage1-blob-container-url)
|
|
||||||
|
|
|
@ -21,6 +21,12 @@ parameters:
|
||||||
# one job runs on 'defaultManagedPlatform'.
|
# one job runs on 'defaultManagedPlatform'.
|
||||||
platforms: []
|
platforms: []
|
||||||
|
|
||||||
|
# If set to true and running on a non-public project,
|
||||||
|
# Internal nuget and blob storage locations will be enabled.
|
||||||
|
# This is not enabled by default because many repositories do not need internal sources
|
||||||
|
# and do not need to have the required service connections approved in the pipeline.
|
||||||
|
enableInternalSources: false
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
|
||||||
- ${{ if ne(parameters.allCompletedJobId, '') }}:
|
- ${{ if ne(parameters.allCompletedJobId, '') }}:
|
||||||
|
@ -38,9 +44,11 @@ jobs:
|
||||||
parameters:
|
parameters:
|
||||||
jobNamePrefix: ${{ parameters.jobNamePrefix }}
|
jobNamePrefix: ${{ parameters.jobNamePrefix }}
|
||||||
platform: ${{ platform }}
|
platform: ${{ platform }}
|
||||||
|
enableInternalSources: ${{ parameters.enableInternalSources }}
|
||||||
|
|
||||||
- ${{ if eq(length(parameters.platforms), 0) }}:
|
- ${{ if eq(length(parameters.platforms), 0) }}:
|
||||||
- template: /eng/common/templates-official/job/source-build.yml
|
- template: /eng/common/templates-official/job/source-build.yml
|
||||||
parameters:
|
parameters:
|
||||||
jobNamePrefix: ${{ parameters.jobNamePrefix }}
|
jobNamePrefix: ${{ parameters.jobNamePrefix }}
|
||||||
platform: ${{ parameters.defaultManagedPlatform }}
|
platform: ${{ parameters.defaultManagedPlatform }}
|
||||||
|
enableInternalSources: ${{ parameters.enableInternalSources }}
|
||||||
|
|
|
@ -2,7 +2,6 @@ variables:
|
||||||
- group: AzureDevOps-Artifact-Feeds-Pats
|
- group: AzureDevOps-Artifact-Feeds-Pats
|
||||||
- group: DotNet-Blob-Feed
|
- group: DotNet-Blob-Feed
|
||||||
- group: DotNet-DotNetCli-Storage
|
- group: DotNet-DotNetCli-Storage
|
||||||
- group: DotNet-MSRC-Storage
|
|
||||||
- group: Publish-Build-Assets
|
- group: Publish-Build-Assets
|
||||||
|
|
||||||
# Whether the build is internal or not
|
# Whether the build is internal or not
|
||||||
|
|
|
@ -0,0 +1,28 @@
|
||||||
|
# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64'
|
||||||
|
# variable with the base64-encoded SAS token, by default
|
||||||
|
|
||||||
|
parameters:
|
||||||
|
- name: federatedServiceConnection
|
||||||
|
type: string
|
||||||
|
default: 'dotnetbuilds-internal-read'
|
||||||
|
- name: outputVariableName
|
||||||
|
type: string
|
||||||
|
default: 'dotnetbuilds-internal-container-read-token-base64'
|
||||||
|
- name: expiryInHours
|
||||||
|
type: number
|
||||||
|
default: 1
|
||||||
|
- name: base64Encode
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- ${{ if ne(variables['System.TeamProject'], 'public') }}:
|
||||||
|
- template: /eng/common/templates-official/steps/get-delegation-sas.yml
|
||||||
|
parameters:
|
||||||
|
federatedServiceConnection: ${{ parameters.federatedServiceConnection }}
|
||||||
|
outputVariableName: ${{ parameters.outputVariableName }}
|
||||||
|
expiryInHours: ${{ parameters.expiryInHours }}
|
||||||
|
base64Encode: ${{ parameters.base64Encode }}
|
||||||
|
storageAccount: dotnetbuilds
|
||||||
|
container: internal
|
||||||
|
permissions: rl
|
43
eng/common/templates-official/steps/get-delegation-sas.yml
Normal file
43
eng/common/templates-official/steps/get-delegation-sas.yml
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
parameters:
|
||||||
|
- name: federatedServiceConnection
|
||||||
|
type: string
|
||||||
|
- name: outputVariableName
|
||||||
|
type: string
|
||||||
|
- name: expiryInHours
|
||||||
|
type: number
|
||||||
|
default: 1
|
||||||
|
- name: base64Encode
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- name: storageAccount
|
||||||
|
type: string
|
||||||
|
- name: container
|
||||||
|
type: string
|
||||||
|
- name: permissions
|
||||||
|
type: string
|
||||||
|
default: 'rl'
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- task: AzureCLI@2
|
||||||
|
displayName: 'Generate delegation SAS Token for ${{ parameters.storageAccount }}/${{ parameters.container }}'
|
||||||
|
inputs:
|
||||||
|
azureSubscription: ${{ parameters.federatedServiceConnection }}
|
||||||
|
scriptType: 'pscore'
|
||||||
|
scriptLocation: 'inlineScript'
|
||||||
|
inlineScript: |
|
||||||
|
# Calculate the expiration of the SAS token and convert to UTC
|
||||||
|
$expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
|
||||||
|
|
||||||
|
$sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv
|
||||||
|
|
||||||
|
if ($LASTEXITCODE -ne 0) {
|
||||||
|
Write-Error "Failed to generate SAS token."
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
if ('${{ parameters.base64Encode }}' -eq 'true') {
|
||||||
|
$sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas))
|
||||||
|
}
|
||||||
|
|
||||||
|
Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
|
||||||
|
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$sas"
|
|
@ -0,0 +1,28 @@
|
||||||
|
parameters:
|
||||||
|
- name: federatedServiceConnection
|
||||||
|
type: string
|
||||||
|
- name: outputVariableName
|
||||||
|
type: string
|
||||||
|
# Resource to get a token for. Common values include:
|
||||||
|
# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps
|
||||||
|
# - 'https://storage.azure.com/' for storage
|
||||||
|
# Defaults to Azure DevOps
|
||||||
|
- name: resource
|
||||||
|
type: string
|
||||||
|
default: '499b84ac-1321-427f-aa17-267ca6975798'
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- task: AzureCLI@2
|
||||||
|
displayName: 'Getting federated access token for feeds'
|
||||||
|
inputs:
|
||||||
|
azureSubscription: ${{ parameters.federatedServiceConnection }}
|
||||||
|
scriptType: 'pscore'
|
||||||
|
scriptLocation: 'inlineScript'
|
||||||
|
inlineScript: |
|
||||||
|
$accessToken = az account get-access-token --query accessToken --resource ${{ parameters.resource }} --output tsv
|
||||||
|
if ($LASTEXITCODE -ne 0) {
|
||||||
|
Write-Error "Failed to get access token for resource '${{ parameters.resource }}'"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
|
||||||
|
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken"
|
|
@ -31,6 +31,12 @@ parameters:
|
||||||
# container and pool.
|
# container and pool.
|
||||||
platform: {}
|
platform: {}
|
||||||
|
|
||||||
|
# If set to true and running on a non-public project,
|
||||||
|
# Internal blob storage locations will be enabled.
|
||||||
|
# This is not enabled by default because many repositories do not need internal sources
|
||||||
|
# and do not need to have the required service connections approved in the pipeline.
|
||||||
|
enableInternalSources: false
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
- job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }}
|
- job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }}
|
||||||
displayName: Source-Build (${{ parameters.platform.name }})
|
displayName: Source-Build (${{ parameters.platform.name }})
|
||||||
|
@ -58,6 +64,8 @@ jobs:
|
||||||
clean: all
|
clean: all
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
- ${{ if eq(parameters.enableInternalSources, true) }}:
|
||||||
|
- template: /eng/common/templates/steps/enable-internal-runtimes.yml
|
||||||
- template: /eng/common/templates/steps/source-build.yml
|
- template: /eng/common/templates/steps/source-build.yml
|
||||||
parameters:
|
parameters:
|
||||||
platform: ${{ parameters.platform }}
|
platform: ${{ parameters.platform }}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
parameters:
|
parameters:
|
||||||
runAsPublic: false
|
runAsPublic: false
|
||||||
sourceIndexPackageVersion: 1.0.1-20240320.1
|
sourceIndexUploadPackageVersion: 2.0.0-20240502.12
|
||||||
|
sourceIndexProcessBinlogPackageVersion: 1.0.1-20240129.2
|
||||||
sourceIndexPackageSource: https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json
|
sourceIndexPackageSource: https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json
|
||||||
sourceIndexBuildCommand: powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "eng/common/build.ps1 -restore -build -binarylog -ci"
|
sourceIndexBuildCommand: powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "eng/common/build.ps1 -restore -build -binarylog -ci"
|
||||||
preSteps: []
|
preSteps: []
|
||||||
|
@ -15,14 +16,14 @@ jobs:
|
||||||
dependsOn: ${{ parameters.dependsOn }}
|
dependsOn: ${{ parameters.dependsOn }}
|
||||||
condition: ${{ parameters.condition }}
|
condition: ${{ parameters.condition }}
|
||||||
variables:
|
variables:
|
||||||
- name: SourceIndexPackageVersion
|
- name: SourceIndexUploadPackageVersion
|
||||||
value: ${{ parameters.sourceIndexPackageVersion }}
|
value: ${{ parameters.sourceIndexUploadPackageVersion }}
|
||||||
|
- name: SourceIndexProcessBinlogPackageVersion
|
||||||
|
value: ${{ parameters.sourceIndexProcessBinlogPackageVersion }}
|
||||||
- name: SourceIndexPackageSource
|
- name: SourceIndexPackageSource
|
||||||
value: ${{ parameters.sourceIndexPackageSource }}
|
value: ${{ parameters.sourceIndexPackageSource }}
|
||||||
- name: BinlogPath
|
- name: BinlogPath
|
||||||
value: ${{ parameters.binlogPath }}
|
value: ${{ parameters.binlogPath }}
|
||||||
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
|
||||||
- group: source-dot-net stage1 variables
|
|
||||||
|
|
||||||
pool: ${{ parameters.pool }}
|
pool: ${{ parameters.pool }}
|
||||||
steps:
|
steps:
|
||||||
|
@ -38,8 +39,8 @@ jobs:
|
||||||
workingDirectory: $(Agent.TempDirectory)
|
workingDirectory: $(Agent.TempDirectory)
|
||||||
|
|
||||||
- script: |
|
- script: |
|
||||||
$(Agent.TempDirectory)/dotnet/dotnet tool install BinLogToSln --version $(SourceIndexPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
|
$(Agent.TempDirectory)/dotnet/dotnet tool install BinLogToSln --version $(sourceIndexProcessBinlogPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
|
||||||
$(Agent.TempDirectory)/dotnet/dotnet tool install UploadIndexStage1 --version $(SourceIndexPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
|
$(Agent.TempDirectory)/dotnet/dotnet tool install UploadIndexStage1 --version $(sourceIndexUploadPackageVersion) --add-source $(SourceIndexPackageSource) --tool-path $(Agent.TempDirectory)/.source-index/tools
|
||||||
displayName: Download Tools
|
displayName: Download Tools
|
||||||
# Set working directory to temp directory so 'dotnet' doesn't try to use global.json and use the repo's sdk.
|
# Set working directory to temp directory so 'dotnet' doesn't try to use global.json and use the repo's sdk.
|
||||||
workingDirectory: $(Agent.TempDirectory)
|
workingDirectory: $(Agent.TempDirectory)
|
||||||
|
@ -51,7 +52,21 @@ jobs:
|
||||||
displayName: Process Binlog into indexable sln
|
displayName: Process Binlog into indexable sln
|
||||||
|
|
||||||
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
|
||||||
- script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name)
|
- task: AzureCLI@2
|
||||||
|
displayName: Get stage 1 auth token
|
||||||
|
inputs:
|
||||||
|
azureSubscription: 'SourceDotNet Stage1 Publish'
|
||||||
|
addSpnToEnvironment: true
|
||||||
|
scriptType: 'ps'
|
||||||
|
scriptLocation: 'inlineScript'
|
||||||
|
inlineScript: |
|
||||||
|
echo "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$env:servicePrincipalId"
|
||||||
|
echo "##vso[task.setvariable variable=ARM_ID_TOKEN;issecret=true]$env:idToken"
|
||||||
|
echo "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$env:tenantId"
|
||||||
|
|
||||||
|
- script: |
|
||||||
|
az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)
|
||||||
|
displayName: "Login to Azure"
|
||||||
|
|
||||||
|
- script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) -s netsourceindexstage1 -b stage1
|
||||||
displayName: Upload stage1 artifacts to source index
|
displayName: Upload stage1 artifacts to source index
|
||||||
env:
|
|
||||||
BLOB_CONTAINER_URL: $(source-dot-net-stage1-blob-container-url)
|
|
||||||
|
|
|
@ -21,6 +21,12 @@ parameters:
|
||||||
# one job runs on 'defaultManagedPlatform'.
|
# one job runs on 'defaultManagedPlatform'.
|
||||||
platforms: []
|
platforms: []
|
||||||
|
|
||||||
|
# If set to true and running on a non-public project,
|
||||||
|
# Internal nuget and blob storage locations will be enabled.
|
||||||
|
# This is not enabled by default because many repositories do not need internal sources
|
||||||
|
# and do not need to have the required service connections approved in the pipeline.
|
||||||
|
enableInternalSources: false
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
|
||||||
- ${{ if ne(parameters.allCompletedJobId, '') }}:
|
- ${{ if ne(parameters.allCompletedJobId, '') }}:
|
||||||
|
@ -38,9 +44,11 @@ jobs:
|
||||||
parameters:
|
parameters:
|
||||||
jobNamePrefix: ${{ parameters.jobNamePrefix }}
|
jobNamePrefix: ${{ parameters.jobNamePrefix }}
|
||||||
platform: ${{ platform }}
|
platform: ${{ platform }}
|
||||||
|
enableInternalSources: ${{ parameters.enableInternalSources }}
|
||||||
|
|
||||||
- ${{ if eq(length(parameters.platforms), 0) }}:
|
- ${{ if eq(length(parameters.platforms), 0) }}:
|
||||||
- template: /eng/common/templates/job/source-build.yml
|
- template: /eng/common/templates/job/source-build.yml
|
||||||
parameters:
|
parameters:
|
||||||
jobNamePrefix: ${{ parameters.jobNamePrefix }}
|
jobNamePrefix: ${{ parameters.jobNamePrefix }}
|
||||||
platform: ${{ parameters.defaultManagedPlatform }}
|
platform: ${{ parameters.defaultManagedPlatform }}
|
||||||
|
enableInternalSources: ${{ parameters.enableInternalSources }}
|
||||||
|
|
|
@ -2,7 +2,6 @@ variables:
|
||||||
- group: AzureDevOps-Artifact-Feeds-Pats
|
- group: AzureDevOps-Artifact-Feeds-Pats
|
||||||
- group: DotNet-Blob-Feed
|
- group: DotNet-Blob-Feed
|
||||||
- group: DotNet-DotNetCli-Storage
|
- group: DotNet-DotNetCli-Storage
|
||||||
- group: DotNet-MSRC-Storage
|
|
||||||
- group: Publish-Build-Assets
|
- group: Publish-Build-Assets
|
||||||
|
|
||||||
# Whether the build is internal or not
|
# Whether the build is internal or not
|
||||||
|
|
28
eng/common/templates/steps/enable-internal-runtimes.yml
Normal file
28
eng/common/templates/steps/enable-internal-runtimes.yml
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64'
|
||||||
|
# variable with the base64-encoded SAS token, by default
|
||||||
|
|
||||||
|
parameters:
|
||||||
|
- name: federatedServiceConnection
|
||||||
|
type: string
|
||||||
|
default: 'dotnetbuilds-internal-read'
|
||||||
|
- name: outputVariableName
|
||||||
|
type: string
|
||||||
|
default: 'dotnetbuilds-internal-container-read-token-base64'
|
||||||
|
- name: expiryInHours
|
||||||
|
type: number
|
||||||
|
default: 1
|
||||||
|
- name: base64Encode
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- ${{ if ne(variables['System.TeamProject'], 'public') }}:
|
||||||
|
- template: /eng/common/templates/steps/get-delegation-sas.yml
|
||||||
|
parameters:
|
||||||
|
federatedServiceConnection: ${{ parameters.federatedServiceConnection }}
|
||||||
|
outputVariableName: ${{ parameters.outputVariableName }}
|
||||||
|
expiryInHours: ${{ parameters.expiryInHours }}
|
||||||
|
base64Encode: ${{ parameters.base64Encode }}
|
||||||
|
storageAccount: dotnetbuilds
|
||||||
|
container: internal
|
||||||
|
permissions: rl
|
43
eng/common/templates/steps/get-delegation-sas.yml
Normal file
43
eng/common/templates/steps/get-delegation-sas.yml
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
parameters:
|
||||||
|
- name: federatedServiceConnection
|
||||||
|
type: string
|
||||||
|
- name: outputVariableName
|
||||||
|
type: string
|
||||||
|
- name: expiryInHours
|
||||||
|
type: number
|
||||||
|
default: 1
|
||||||
|
- name: base64Encode
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- name: storageAccount
|
||||||
|
type: string
|
||||||
|
- name: container
|
||||||
|
type: string
|
||||||
|
- name: permissions
|
||||||
|
type: string
|
||||||
|
default: 'rl'
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- task: AzureCLI@2
|
||||||
|
displayName: 'Generate delegation SAS Token for ${{ parameters.storageAccount }}/${{ parameters.container }}'
|
||||||
|
inputs:
|
||||||
|
azureSubscription: ${{ parameters.federatedServiceConnection }}
|
||||||
|
scriptType: 'pscore'
|
||||||
|
scriptLocation: 'inlineScript'
|
||||||
|
inlineScript: |
|
||||||
|
# Calculate the expiration of the SAS token and convert to UTC
|
||||||
|
$expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
|
||||||
|
|
||||||
|
$sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv
|
||||||
|
|
||||||
|
if ($LASTEXITCODE -ne 0) {
|
||||||
|
Write-Error "Failed to generate SAS token."
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
if ('${{ parameters.base64Encode }}' -eq 'true') {
|
||||||
|
$sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas))
|
||||||
|
}
|
||||||
|
|
||||||
|
Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
|
||||||
|
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$sas"
|
28
eng/common/templates/steps/get-federated-access-token.yml
Normal file
28
eng/common/templates/steps/get-federated-access-token.yml
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
parameters:
|
||||||
|
- name: federatedServiceConnection
|
||||||
|
type: string
|
||||||
|
- name: outputVariableName
|
||||||
|
type: string
|
||||||
|
# Resource to get a token for. Common values include:
|
||||||
|
# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps
|
||||||
|
# - 'https://storage.azure.com/' for storage
|
||||||
|
# Defaults to Azure DevOps
|
||||||
|
- name: resource
|
||||||
|
type: string
|
||||||
|
default: '499b84ac-1321-427f-aa17-267ca6975798'
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- task: AzureCLI@2
|
||||||
|
displayName: 'Getting federated access token for feeds'
|
||||||
|
inputs:
|
||||||
|
azureSubscription: ${{ parameters.federatedServiceConnection }}
|
||||||
|
scriptType: 'pscore'
|
||||||
|
scriptLocation: 'inlineScript'
|
||||||
|
inlineScript: |
|
||||||
|
$accessToken = az account get-access-token --query accessToken --resource ${{ parameters.resource }} --output tsv
|
||||||
|
if ($LASTEXITCODE -ne 0) {
|
||||||
|
Write-Error "Failed to get access token for resource '${{ parameters.resource }}'"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
|
||||||
|
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken"
|
|
@ -11,7 +11,7 @@
|
||||||
"cmake": "3.16.4"
|
"cmake": "3.16.4"
|
||||||
},
|
},
|
||||||
"msbuild-sdks": {
|
"msbuild-sdks": {
|
||||||
"Microsoft.DotNet.Arcade.Sdk": "6.0.0-beta.24266.4",
|
"Microsoft.DotNet.Arcade.Sdk": "6.0.0-beta.24326.2",
|
||||||
"Microsoft.DotNet.CMake.Sdk": "6.0.0-beta.24266.4"
|
"Microsoft.DotNet.CMake.Sdk": "6.0.0-beta.24326.2"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue