diff --git a/.vsts-ci.yml b/.vsts-ci.yml index 7eca85c35..2a9e08d43 100644 --- a/.vsts-ci.yml +++ b/.vsts-ci.yml @@ -15,6 +15,8 @@ variables: - name: PostBuildSign value: true - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - name: Codeql.Enabled + value: true - group: DotNet-DotNetCli-Storage - group: DotNet-Installer-SDLValidation-Params - name: _PublishUsingPipelines diff --git a/NuGet.config b/NuGet.config index 9ee0fa704..dd632b04b 100644 --- a/NuGet.config +++ b/NuGet.config @@ -37,6 +37,8 @@ + + diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml index fd794e276..dd141b67b 100644 --- a/eng/Version.Details.xml +++ b/eng/Version.Details.xml @@ -197,19 +197,19 @@ - + https://github.com/dotnet/arcade - bb1e72113a7eaf8bebda940beba8cf8bee1b453f + 0967701e5527a1be21d9473821077c3f4be7f9dc - + https://github.com/dotnet/arcade - bb1e72113a7eaf8bebda940beba8cf8bee1b453f + 0967701e5527a1be21d9473821077c3f4be7f9dc - + https://github.com/dotnet/arcade - bb1e72113a7eaf8bebda940beba8cf8bee1b453f + 0967701e5527a1be21d9473821077c3f4be7f9dc https://github.com/dotnet/source-build-reference-packages diff --git a/eng/Versions.props b/eng/Versions.props index 93534bf6e..e0a69a6f8 100644 --- a/eng/Versions.props +++ b/eng/Versions.props @@ -8,7 +8,7 @@ 6 0 1 - 11 + 12 $(VersionMajor).$(VersionMinor).$(VersionSDKMinor)$(VersionFeature) servicing $(VersionMajor).$(VersionMinor) @@ -19,7 +19,7 @@ - 6.0.0-beta.22512.3 + 6.0.0-beta.22561.1 @@ -131,7 +131,7 @@ 3.1.15 $(MicrosoftDotNetCommonItemTemplates31PackageVersion) $(MicrosoftDotNetTestProjectTemplates50PackageVersion) - 3.1.30 + 3.1.31 3.2.1 4.8.0-rc2.19462.10 @@ -174,7 +174,7 @@ or minor release, prebuilts may be needed. When the release is mature, prebuilts are not necessary, and this property is removed from the file. --> - 6.0.110 + 6.0.111 diff --git a/eng/common/dotnet-install.sh b/eng/common/dotnet-install.sh index fdfeea66e..b09ea669f 100755 --- a/eng/common/dotnet-install.sh +++ b/eng/common/dotnet-install.sh @@ -52,7 +52,7 @@ done # Use uname to determine what the CPU is, see https://en.wikipedia.org/wiki/Uname#Examples cpuname=$(uname -m) case $cpuname in - aarch64) + arm64|aarch64) buildarch=arm64 ;; amd64|x86_64) @@ -61,7 +61,7 @@ case $cpuname in armv*l) buildarch=arm ;; - i686) + i[3-6]86) buildarch=x86 ;; *) diff --git a/eng/common/sdl/sdl.ps1 b/eng/common/sdl/sdl.ps1 new file mode 100644 index 000000000..648c5068d --- /dev/null +++ b/eng/common/sdl/sdl.ps1 @@ -0,0 +1,38 @@ + +function Install-Gdn { + param( + [Parameter(Mandatory=$true)] + [string]$Path, + + # If omitted, install the latest version of Guardian, otherwise install that specific version. + [string]$Version + ) + + $ErrorActionPreference = 'Stop' + Set-StrictMode -Version 2.0 + $disableConfigureToolsetImport = $true + $global:LASTEXITCODE = 0 + + # `tools.ps1` checks $ci to perform some actions. Since the SDL + # scripts don't necessarily execute in the same agent that run the + # build.ps1/sh script this variable isn't automatically set. + $ci = $true + . $PSScriptRoot\..\tools.ps1 + + $argumentList = @("install", "Microsoft.Guardian.Cli", "-Source https://securitytools.pkgs.visualstudio.com/_packaging/Guardian/nuget/v3/index.json", "-OutputDirectory $Path", "-NonInteractive", "-NoCache") + + if ($Version) { + $argumentList += "-Version $Version" + } + + Start-Process nuget -Verbose -ArgumentList $argumentList -NoNewWindow -Wait + + $gdnCliPath = Get-ChildItem -Filter guardian.cmd -Recurse -Path $Path + + if (!$gdnCliPath) + { + Write-PipelineTelemetryError -Category 'Sdl' -Message 'Failure installing Guardian' + } + + return $gdnCliPath.FullName +} \ No newline at end of file diff --git a/eng/common/templates/steps/execute-sdl.yml b/eng/common/templates/steps/execute-sdl.yml index 7b8ee18a2..9dd5709f6 100644 --- a/eng/common/templates/steps/execute-sdl.yml +++ b/eng/common/templates/steps/execute-sdl.yml @@ -8,29 +8,28 @@ parameters: condition: '' steps: -- ${{ if ne(parameters.overrideGuardianVersion, '') }}: - - powershell: | - $content = Get-Content $(GuardianPackagesConfigFile) - - Write-Host "packages.config content was:`n$content" - - $content = $content.Replace('$(DefaultGuardianVersion)', '$(GuardianVersion)') - $content | Set-Content $(GuardianPackagesConfigFile) - - Write-Host "packages.config content updated to:`n$content" - displayName: Use overridden Guardian version ${{ parameters.overrideGuardianVersion }} +- task: NuGetAuthenticate@1 + inputs: + nuGetServiceConnections: GuardianConnect - task: NuGetToolInstaller@1 displayName: 'Install NuGet.exe' -- task: NuGetCommand@2 - displayName: 'Install Guardian' - inputs: - restoreSolution: $(Build.SourcesDirectory)\eng\common\sdl\packages.config - feedsToUse: config - nugetConfigPath: $(Build.SourcesDirectory)\eng\common\sdl\NuGet.config - externalFeedCredentials: GuardianConnect - restoreDirectory: $(Build.SourcesDirectory)\.packages +- ${{ if ne(parameters.overrideGuardianVersion, '') }}: + - pwsh: | + Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl + . .\sdl.ps1 + $guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts -Version ${{ parameters.overrideGuardianVersion }} + Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation" + displayName: Install Guardian (Overridden) + +- ${{ if eq(parameters.overrideGuardianVersion, '') }}: + - pwsh: | + Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl + . .\sdl.ps1 + $guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts + Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation" + displayName: Install Guardian - ${{ if ne(parameters.overrideParameters, '') }}: - powershell: ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }} @@ -40,7 +39,7 @@ steps: - ${{ if eq(parameters.overrideParameters, '') }}: - powershell: ${{ parameters.executeAllSdlToolsScript }} - -GuardianPackageName Microsoft.Guardian.Cli.$(GuardianVersion) + -GuardianCliLocation $(GuardianCliLocation) -NugetPackageDirectory $(Build.SourcesDirectory)\.packages -AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw) ${{ parameters.additionalParameters }} @@ -62,7 +61,28 @@ steps: c i condition: succeededOrFailed() + - publish: $(Agent.BuildDirectory)/.gdn artifact: GuardianConfiguration displayName: Publish GuardianConfiguration + condition: succeededOrFailed() + + # Publish the SARIF files in a container named CodeAnalysisLogs to enable integration + # with the "SARIF SAST Scans Tab" Azure DevOps extension + - task: CopyFiles@2 + displayName: Copy SARIF files + inputs: + flattenFolders: true + sourceFolder: $(Agent.BuildDirectory)/.gdn/rc/ + contents: '**/*.sarif' + targetFolder: $(Build.SourcesDirectory)/CodeAnalysisLogs + condition: succeededOrFailed() + + # Use PublishBuildArtifacts because the SARIF extension only checks this case + # see microsoft/sarif-azuredevops-extension#4 + - task: PublishBuildArtifacts@1 + displayName: Publish SARIF files to CodeAnalysisLogs container + inputs: + pathToPublish: $(Build.SourcesDirectory)/CodeAnalysisLogs + artifactName: CodeAnalysisLogs condition: succeededOrFailed() \ No newline at end of file diff --git a/eng/source-build-tarball-build-official.yml b/eng/source-build-tarball-build-official.yml index a230a4d7c..38753d24d 100644 --- a/eng/source-build-tarball-build-official.yml +++ b/eng/source-build-tarball-build-official.yml @@ -4,7 +4,14 @@ resources: pipelines: - pipeline: installer-build-resource source: dotnet-installer-official-ci - trigger: true + trigger: + branches: + include: + - main + - release/* + - internal/release/* + stages: + - build stages: - stage: build diff --git a/global.json b/global.json index 20ae9a5af..30864f9a7 100644 --- a/global.json +++ b/global.json @@ -1,6 +1,6 @@ { "tools": { - "dotnet": "6.0.110", + "dotnet": "6.0.111", "runtimes": { "dotnet": [ "$(VSRedistCommonNetCoreSharedFrameworkx6460PackageVersion)" @@ -11,7 +11,7 @@ "cmake": "3.16.4" }, "msbuild-sdks": { - "Microsoft.DotNet.Arcade.Sdk": "6.0.0-beta.22512.3", - "Microsoft.DotNet.CMake.Sdk": "6.0.0-beta.22512.3" + "Microsoft.DotNet.Arcade.Sdk": "6.0.0-beta.22561.1", + "Microsoft.DotNet.CMake.Sdk": "6.0.0-beta.22561.1" } } diff --git a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball.yml b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball.yml index cffdf6bdb..ac6d73016 100644 --- a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball.yml +++ b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-create-tarball.yml @@ -6,11 +6,20 @@ jobs: displayName: Source-Build Create Tarball pool: ${{ if eq(variables['System.TeamProject'], 'public') }}: - name: NetCore-Svc-Public - demands: ImageOverride -equals Build.Ubuntu.1804.Amd64.Open + ${{ if in(variables['Build.Reason'], 'PullRequest') }}: + name: NetCore-Public-XL + demands: ImageOverride -equals Build.Ubuntu.1804.Amd64.Open + ${{ else }}: + name: NetCore-Svc-Public + demands: ImageOverride -equals Build.Ubuntu.1804.Amd64.Open ${{ if eq(variables['System.TeamProject'], 'internal') }}: - name: NetCore1ESPool-Svc-Internal - demands: ImageOverride -equals Build.Ubuntu.1804.Amd64 + ${{ if in(variables['Build.Reason'], 'PullRequest') }}: + name: NetCore1ESPool-Internal-XL + demands: ImageOverride -equals Build.Ubuntu.1804.Amd64 + ${{ else }}: + name: NetCore1ESPool-Svc-Internal + demands: ImageOverride -equals Build.Ubuntu.1804.Amd64 + variables: - name: _BuildConfig value: Release diff --git a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml index 59982eb2b..c3c5a5fca 100644 --- a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml +++ b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml @@ -19,10 +19,13 @@ parameters: poolInternalAmd64: name: NetCore1ESPool-Svc-Internal demands: ImageOverride -equals Build.Ubuntu.1804.Amd64 + poolInternalAmd64PR: + name: NetCore1ESPool-Internal-XL + demands: ImageOverride -equals Build.Ubuntu.1804.Amd64 poolInternalArm64: name: Docker-Linux-Arm-Internal poolPublicAmd64: - name: NetCore-Svc-Public + name: NetCore-Public-XL demands: ImageOverride -equals Build.Ubuntu.1804.Amd64.Open jobs: @@ -76,7 +79,10 @@ jobs: ${{ if eq(variables['System.TeamProject'], 'public') }}: ${{ parameters.poolPublicAmd64 }} ${{ if eq(variables['System.TeamProject'], 'internal') }}: - ${{ parameters.poolInternalAmd64 }} + ${{ if in(variables['Build.Reason'], 'PullRequest') }}: + ${{ parameters.poolInternalAmd64PR }} + ${{ else }}: + ${{ parameters.poolInternalAmd64 }} - ${{ if and(eq(variables['System.TeamProject'], 'internal'), ne(variables['Build.Reason'], 'PullRequest')) }}: - template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball.yml diff --git a/src/SourceBuild/Arcade/src/SourceBuild.Tasks.csproj b/src/SourceBuild/Arcade/src/SourceBuild.Tasks.csproj index 735289e70..bd43b568b 100644 --- a/src/SourceBuild/Arcade/src/SourceBuild.Tasks.csproj +++ b/src/SourceBuild/Arcade/src/SourceBuild.Tasks.csproj @@ -1,6 +1,6 @@ - net5.0 + net6.0 false false disable diff --git a/src/SourceBuild/Arcade/tools/BuildTasks.props b/src/SourceBuild/Arcade/tools/BuildTasks.props index 4014b87ad..57c4a4b0a 100644 --- a/src/SourceBuild/Arcade/tools/BuildTasks.props +++ b/src/SourceBuild/Arcade/tools/BuildTasks.props @@ -2,6 +2,6 @@ - $(RepoRoot)\artifacts\bin\SourceBuild.Tasks\$(Configuration)\net5.0\SourceBuild.Tasks.dll + $(RepoRoot)\artifacts\bin\SourceBuild.Tasks\$(Configuration)\net6.0\SourceBuild.Tasks.dll \ No newline at end of file diff --git a/src/SourceBuild/tarball/content/global.json b/src/SourceBuild/tarball/content/global.json index 89a95cd0f..d211a6fa7 100644 --- a/src/SourceBuild/tarball/content/global.json +++ b/src/SourceBuild/tarball/content/global.json @@ -1,6 +1,6 @@ { "tools": { - "dotnet": "6.0.110" + "dotnet": "6.0.111" }, "msbuild-sdks": { "Microsoft.Build.CentralPackageVersions": "2.0.1", diff --git a/src/redist/targets/GenerateBundledVersions.targets b/src/redist/targets/GenerateBundledVersions.targets index f98379cb9..580dd9423 100644 --- a/src/redist/targets/GenerateBundledVersions.targets +++ b/src/redist/targets/GenerateBundledVersions.targets @@ -26,7 +26,7 @@ 30 - $([MSBuild]::Add($(VersionFeature), 20)) + 32 17 diff --git a/test/EndToEnd/EndToEnd.Tests.csproj b/test/EndToEnd/EndToEnd.Tests.csproj index 56776d61d..278ac08fd 100644 --- a/test/EndToEnd/EndToEnd.Tests.csproj +++ b/test/EndToEnd/EndToEnd.Tests.csproj @@ -1,6 +1,7 @@  $(CoreSdkTargetFramework) + $(DefineConstants);LINUX_PORTABLE diff --git a/test/EndToEnd/GivenFrameworkDependentApps.cs b/test/EndToEnd/GivenFrameworkDependentApps.cs index 9e9b6c420..80a955657 100644 --- a/test/EndToEnd/GivenFrameworkDependentApps.cs +++ b/test/EndToEnd/GivenFrameworkDependentApps.cs @@ -47,39 +47,44 @@ namespace EndToEnd internal void ItDoesNotRollForwardToTheLatestVersion(string packageName, string minorVersion) { - var testProjectCreator = new TestProjectCreator() - { - PackageName = packageName, - MinorVersion = minorVersion, - }; - - var _testInstance = testProjectCreator.Create(); - - string projectDirectory = _testInstance.Root.FullName; - - string projectPath = Path.Combine(projectDirectory, "TestAppSimple.csproj"); - - // Get the resolved version of .NET Core - new RestoreCommand() - .WithWorkingDirectory(projectDirectory) - .Execute() - .Should().Pass(); - - string assetsFilePath = Path.Combine(projectDirectory, "obj", "project.assets.json"); - var assetsFile = new LockFileFormat().Read(assetsFilePath); - - var versionInAssertsJson = GetPackageVersion(assetsFile, packageName); - versionInAssertsJson.Should().NotBeNull(); - - if (versionInAssertsJson.IsPrerelease && versionInAssertsJson.Patch == 0) - { - // if the bundled version is, for example, a prerelease of - // .NET Core 2.1.1, that we don't roll forward to that prerelease - // version for framework-dependent deployments. + // https://github.com/NuGet/Home/issues/8571 + #if LINUX_PORTABLE return; - } + #else + var testProjectCreator = new TestProjectCreator() + { + PackageName = packageName, + MinorVersion = minorVersion, + }; - versionInAssertsJson.ToNormalizedString().Should().BeEquivalentTo(GetExpectedVersion(packageName, minorVersion)); + var _testInstance = testProjectCreator.Create(); + + string projectDirectory = _testInstance.Root.FullName; + + string projectPath = Path.Combine(projectDirectory, "TestAppSimple.csproj"); + + // Get the resolved version of .NET Core + new RestoreCommand() + .WithWorkingDirectory(projectDirectory) + .Execute() + .Should().Pass(); + + string assetsFilePath = Path.Combine(projectDirectory, "obj", "project.assets.json"); + var assetsFile = new LockFileFormat().Read(assetsFilePath); + + var versionInAssertsJson = GetPackageVersion(assetsFile, packageName); + versionInAssertsJson.Should().NotBeNull(); + + if (versionInAssertsJson.IsPrerelease && versionInAssertsJson.Patch == 0) + { + // if the bundled version is, for example, a prerelease of + // .NET Core 2.1.1, that we don't roll forward to that prerelease + // version for framework-dependent deployments. + return; + } + + versionInAssertsJson.ToNormalizedString().Should().BeEquivalentTo(GetExpectedVersion(packageName, minorVersion)); + #endif } private static NuGetVersion GetPackageVersion(LockFile lockFile, string packageName)