--- /dev/null
+;; Exclusions for SignCheck. Corresponds to info in Signing.props.
+;; Format: https://github.com/dotnet/arcade/blob/397316e195639450b6c76bfeb9823b40bee72d6d/src/SignCheck/Microsoft.SignCheck/Verification/Exclusion.cs#L23-L35
+;;
+;; This issue tracks a way to implement exclusions via Signing.props and avoid this extra file: https://github.com/dotnet/arcade/issues/2888
+
+;; The apphost and comhost are template files, modified by the SDK to produce the executable for FDE
+;; and SCD apps. If they are signed, the file that the SDK produces has an invalid signature and
+;; can't be signed again. More info at https://github.com/dotnet/core-setup/pull/7549.
+*apphost.exe;;Template, https://github.com/dotnet/core-setup/pull/7549
+*comhost.dll;;Template, https://github.com/dotnet/core-setup/pull/7549
+*apphosttemplateapphostexe.exe;;Template, https://github.com/dotnet/core-setup/pull/7549
+*comhosttemplatecomhostdll.dll;;Template, https://github.com/dotnet/core-setup/pull/7549
<Project>
- <!-- TODO: Consolidate the Signing.props files into here. -->
-</Project>
\ No newline at end of file
+
+ <PropertyGroup>
+ <!--
+ Windows arm/arm64 jobs don't have MSIs to sign. Keep it simple: allow not finding any matches
+ here and rely on overall signing validation.
+ -->
+ <AllowEmptySignList>true</AllowEmptySignList>
+ </PropertyGroup>
+
+ <!-- Get artifact locations to sign. -->
+ <Import Project="$(RepositoryEngineeringDir)/liveBuilds.targets" />
+
+ <ItemGroup>
+ <!--
+ Replace the default items to sign with the specific set we want. This allows the build to call
+ Arcade's Sign.proj multiple times for different sets of files as the build progresses.
+ -->
+ <ItemsToSign Remove="@(ItemsToSign)" />
+
+ <!-- Find bundle artifacts, which need multiple stages to fully sign. -->
+ <BundleInstallerEngineArtifact Include="$(ArtifactsPackagesDir)**/*engine.exe" />
+ <BundleInstallerExeArtifact Include="$(ArtifactsPackagesDir)**/*.exe" />
+
+ <!-- apphost and comhost template files are not signed, by design. -->
+ <FileSignInfo Include="apphost.exe;comhost.dll" CertificateName="None" />
+ </ItemGroup>
+
+ <ItemGroup Condition="'$(CrossTargetComponentFolder)' != ''">
+ <CoreCLRCrossTargetItemsToSign Include="$(CoreCLRArtifactsPath)$(CrossTargetComponentFolder)/sharedFramework/*.dll" />
+ <CoreCLRCrossTargetItemsToSign Include="$(CoreCLRArtifactsPath)$(CrossTargetComponentFolder)/sharedFramework/*.exe" />
+ </ItemGroup>
+
+ <ItemGroup Condition="'$(SignBinaries)' == 'true'">
+ <!-- Sign CoreCLR. -->
+ <ItemsToSign Include="$(CoreCLRSharedFrameworkDir)*.dll" />
+ <ItemsToSign Include="$(CoreCLRSharedFrameworkDir)*.exe" />
+
+ <ItemsToSign Include="$(CoreCLRArtifactsPath)System.Private.CoreLib.dll" />
+
+ <ItemsToSign Include="$(CoreCLRArtifactsPath)crossgen2/crossgen2.exe" />
+ <ItemsToSign Include="$(CoreCLRArtifactsPath)crossgen2/crossgen2.dll" />
+ <ItemsToSign Include="$(CoreCLRArtifactsPath)crossgen2/ILCompiler.DependencyAnalysisFramework.dll" />
+ <ItemsToSign Include="$(CoreCLRArtifactsPath)crossgen2/ILCompiler.ReadyToRun.dll" />
+ <ItemsToSign Include="$(CoreCLRArtifactsPath)crossgen2/ILCompiler.TypeSystem.ReadyToRun.dll" />
+ <ItemsToSign Include="$(CoreCLRArtifactsPath)crossgen2/clrjitilc.dll" />
+ <ItemsToSign Include="$(CoreCLRArtifactsPath)crossgen2/jitinterface.dll" />
+
+ <ItemsToSign Include="@(CoreCLRCrossTargetItemsToSign)" />
+
+ <FileSignInfo Include="mscordaccore.dll" CertificateName="MicrosoftSHA2" />
+
+ <!-- Sign api-ms-win-core-xstate-l2-1-0 binary as it is only catalog signed in the current SDK. -->
+ <ItemsToSign
+ Condition="'$(ConfigurationGroup)' == 'Release' and '$(TargetArchitecture)' == 'x86'"
+ Include="$(CoreCLRArtifactsPath)Redist\ucrt\DLLs\$(TargetArchitecture)\api-ms-win-core-xstate-l2-1-0.dll" />
+
+ <!-- Sign libraries. -->
+ <ItemsToSign Include="$(LibrariesNativeArtifactsPath)*.dll" />
+ <ItemsToSign Include="$(LibrariesSharedFrameworkRefArtifactsPath)*.dll" />
+ <!-- Most runtime artifacts will be crossgenned, so sign them post-crossgen. mscorlib isn't. -->
+ <ItemsToSign Include="$(LibrariesSharedFrameworkBinArtifactsPath)mscorlib.dll" />
+
+ <!-- Sign the host. -->
+ <ItemsToSign Include="$(BaseOutputRootPath)corehost/**/hostfxr.dll" />
+ <ItemsToSign Include="$(BaseOutputRootPath)corehost/**/hostpolicy.dll" />
+ <ItemsToSign Include="$(BaseOutputRootPath)corehost/**/dotnet.exe" />
+ <ItemsToSign Include="$(BaseOutputRootPath)corehost/**/ijwhost.dll" />
+ <ItemsToSign Include="$(BaseOutputRootPath)corehost/**/winrthost.dll" />
+ <ItemsToSign Include="$(BaseOutputRootPath)corehost/**/nethost.dll" />
+
+ <!-- Sign managed libraries in installer subset. -->
+ <ItemsToSign Include="$(ArtifactsBinDir)Microsoft.DotNet.PlatformAbstractions/**/*.dll" />
+ <ItemsToSign Include="$(ArtifactsBinDir)Microsoft.Extensions.DependencyModel/**/*.dll" />
+ <ItemsToSign Include="$(ArtifactsBinDir)Microsoft.NET.HostModel/**/*.dll" />
+ </ItemGroup>
+
+ <!-- Sign ready-to-run binaries after crossgen is applied. -->
+ <ItemGroup Condition="'$(SignR2RBinaries)' == 'true'">
+ <ItemsToSign Include="$(CrossGenRootPath)**/*.dll" />
+ </ItemGroup>
+
+ <ItemGroup Condition="'$(SignMsiFiles)' == 'true'">
+ <ItemsToSign Include="$(ArtifactsPackagesDir)**/*.msi" />
+ <ItemsToSign Include="$(ArtifactsPackagesDir)**/*.cab" />
+ </ItemGroup>
+
+ <ItemGroup Condition="'$(SignBurnEngineFiles)' == 'true'">
+ <ItemsToSign Include="@(BundleInstallerEngineArtifact)" />
+ </ItemGroup>
+
+ <ItemGroup Condition="'$(SignBurnBundleFiles)' == 'true'">
+ <!-- Sign the bundles, now that the engine is reattached. Avoid re-signing the engine. -->
+ <ItemsToSign
+ Include="@(BundleInstallerExeArtifact)"
+ Exclude="@(BundleInstallerEngineArtifact)" />
+ <!-- Note: wixstdba is internal to the engine bundle and does not get signed. -->
+ </ItemGroup>
+
+ <ItemGroup Condition="'$(SignFinalPackages)' == 'true'">
+ <DownloadedSymbolPackages Include="$(DownloadDirectory)**\*.symbols.nupkg" />
+ <ItemsToSign Include="$(DownloadDirectory)**\*.nupkg" Exclude="@(DownloadedSymbolPackages)" />
+
+ <ItemsToSign Include="$(DownloadDirectory)**\*.deb" />
+ <ItemsToSign Include="$(DownloadDirectory)**\*.rpm" />
+ </ItemGroup>
+
+ <ItemGroup>
+ <!-- External files -->
+ <ItemsToSign Remove="@(ItemsToSign->WithMetadataValue('Filename', 'Newtonsoft.Json'))" />
+ </ItemGroup>
+
+ <ItemGroup>
+ <ItemsToSign Update="@(ItemsToSign)" Authenticode="$(CertificateId)" />
+ </ItemGroup>
+
+ <ItemGroup>
+ <FileExtensionSignInfo Include=".msi" CertificateName="Microsoft400" />
+ <FileExtensionSignInfo Include=".pkg" CertificateName="8003" />
+ <FileExtensionSignInfo Include=".deb;.rpm" CertificateName="LinuxSign" />
+ </ItemGroup>
+
+</Project>
</ItemGroup>
<ItemGroup Condition="$(_subsetCategory.Contains('installer')) and $(_subset.Contains('depproj'))">
- <DepprojProjectToBuild Include="$(InstallerProjectRoot)pkg\projects\**\*.depproj" SignPhase="Binaries" BuildInParallel="false" />
+ <DepprojProjectToBuild Include="$(InstallerProjectRoot)pkg\projects\**\*.depproj" SignPhase="R2RBinaries" BuildInParallel="false" />
<ProjectToBuild Include="@(DepprojProjectToBuild)" />
</ItemGroup>
<DotNetFinalVersionKind Condition="'$(StabilizePackageVersion)' == 'true'">release</DotNetFinalVersionKind>
<!-- Opt-in/out repo features -->
<UsingToolMicrosoftNetCompilers>true</UsingToolMicrosoftNetCompilers>
- <UsingToolIbcOptimization>true</UsingToolIbcOptimization>
+ <!-- TODO: (Consolidation) Fix internal tool restore and re-enable. https://github.com/dotnet/runtime/issues/1024 -->
+ <!-- <UsingToolIbcOptimization>true</UsingToolIbcOptimization> -->
<UsingToolXliff>false</UsingToolXliff>
<!-- Paths used during restore -->
<EnableNgenOptimization Condition="'$(EnableNgenOptimization)' == '' and '$(ConfigurationGroup)' == 'Release'">true</EnableNgenOptimization>
<CoreCLRConfiguration Condition="'$(CoreCLRConfiguration)' == ''">$(Configuration)</CoreCLRConfiguration>
<LibrariesOSGroup Condition="'$(LibrariesOSGroup)' == ''">$(OSGroup)</LibrariesOSGroup>
<LibrariesConfiguration Condition="'$(LibrariesConfiguration)' == ''">$(Configuration)</LibrariesConfiguration>
+
+ <CoreCLRArtifactsPath Condition="'$(CoreCLROverridePath)' != ''">$([MSBuild]::NormalizeDirectory('$(CoreCLROverridePath)'))</CoreCLRArtifactsPath>
<CoreCLRArtifactsPath Condition="'$(CoreCLRArtifactsPath)' == ''">$([MSBuild]::NormalizeDirectory('$(RepoRoot)', 'artifacts', 'bin', 'coreclr', '$(CoreCLROSGroup).$(TargetArchitecture).$(CoreCLRConfiguration)'))</CoreCLRArtifactsPath>
- <LibrariesSharedFrameworkRefArtifactsPath Condition="'$(LibrariesSharedFrameworkRefArtifactsPath)' == ''">$([MSBuild]::NormalizeDirectory('$(RepoRoot)', 'artifacts', 'bin', 'ref', 'microsoft.netcore.app', '$(LibrariesConfiguration)'))</LibrariesSharedFrameworkRefArtifactsPath>
- <LibrariesAllRefArtifactsPath Condition="'$(LibrariesAllRefArtifactsPath)' == ''">$([MSBuild]::NormalizeDirectory('$(RepoRoot)', 'artifacts', 'bin', 'ref', '$(NetCoreAppCurrent)'))</LibrariesAllRefArtifactsPath>
- <LibrariesSharedFrameworkBinArtifactsPath Condition="'$(LibrariesSharedFrameworkBinArtifactsPath)' == ''">$([MSBuild]::NormalizeDirectory('$(RepoRoot)', 'artifacts', 'bin', 'pkg', '$(NetCoreAppCurrent)', 'runtime', '$(LibrariesOSGroup)-$(LibrariesConfiguration)-$(TargetArchitecture)'))</LibrariesSharedFrameworkBinArtifactsPath>
- <LibrariesAllBinArtifactsPath Condition="'$(LibrariesAllBinArtifactsPath)' == ''">$([MSBuild]::NormalizeDirectory('$(RepoRoot)', 'artifacts', 'bin', 'runtime', '$(NetCoreAppCurrent)-$(LibrariesOSGroup)-$(LibrariesConfiguration)-$(TargetArchitecture)'))</LibrariesAllBinArtifactsPath>
- <LibrariesNativeArtifactsPath Condition="'$(LibrariesNativeArtifactsPath)' == ''">$([MSBuild]::NormalizeDirectory('$(RepoRoot)', 'artifacts', 'bin', 'native', '$(NetCoreAppCurrent)-$(LibrariesOSGroup)-$(LibrariesConfiguration)-$(TargetArchitecture)'))</LibrariesNativeArtifactsPath>
+
+ <CoreCLRSharedFrameworkDir>$([MSBuild]::NormalizeDirectory('$(CoreCLRArtifactsPath)', 'sharedFramework'))</CoreCLRSharedFrameworkDir>
+
+ <LibrariesArtifactsPath Condition="'$(LibrariesArtifactsPath)' == ''">$([MSBuild]::NormalizeDirectory('$(RepoRoot)', 'artifacts'))</LibrariesArtifactsPath>
+
+ <LibrariesPackagesDir>$([MSBuild]::NormalizeDirectory('$(LibrariesArtifactsPath)', 'packages', '$(LibrariesConfiguration)'))</LibrariesPackagesDir>
+ <LibrariesShippingPackagesDir>$([MSBuild]::NormalizeDirectory('$(LibrariesPackagesDir)', 'Shipping'))</LibrariesShippingPackagesDir>
+ <LibrariesNonShippingPackagesDir>$([MSBuild]::NormalizeDirectory('$(LibrariesPackagesDir)', 'NonShipping'))</LibrariesNonShippingPackagesDir>
+
+ <LibrariesAllConfigurationsArtifactsPath Condition="'$(LibrariesAllConfigurationsArtifactsPath)' == ''">$([MSBuild]::NormalizeDirectory('$(RepoRoot)', 'artifacts'))</LibrariesAllConfigurationsArtifactsPath>
+
+ <LibrariesAllConfigPackagesDir>$([MSBuild]::NormalizeDirectory('$(LibrariesAllConfigurationsArtifactsPath)', 'packages', '$(LibrariesConfiguration)'))</LibrariesAllConfigPackagesDir>
+ <LibrariesAllConfigShippingPackagesDir>$([MSBuild]::NormalizeDirectory('$(LibrariesAllConfigPackagesDir)', 'Shipping'))</LibrariesAllConfigShippingPackagesDir>
+ <LibrariesAllConfigNonShippingPackagesDir>$([MSBuild]::NormalizeDirectory('$(LibrariesAllConfigPackagesDir)', 'NonShipping'))</LibrariesAllConfigNonShippingPackagesDir>
+
+ <LibrariesSharedFrameworkRefArtifactsPath Condition="'$(LibrariesSharedFrameworkRefArtifactsPath)' == ''">$([MSBuild]::NormalizeDirectory('$(LibrariesArtifactsPath)', 'bin', 'ref', 'microsoft.netcore.app', '$(LibrariesConfiguration)'))</LibrariesSharedFrameworkRefArtifactsPath>
+ <LibrariesAllRefArtifactsPath Condition="'$(LibrariesAllRefArtifactsPath)' == ''">$([MSBuild]::NormalizeDirectory('$(LibrariesArtifactsPath)', 'bin', 'ref', '$(NetCoreAppCurrent)'))</LibrariesAllRefArtifactsPath>
+ <LibrariesSharedFrameworkBinArtifactsPath Condition="'$(LibrariesSharedFrameworkBinArtifactsPath)' == ''">$([MSBuild]::NormalizeDirectory('$(LibrariesArtifactsPath)', 'bin', 'pkg', '$(NetCoreAppCurrent)', 'runtime', '$(LibrariesOSGroup)-$(LibrariesConfiguration)-$(TargetArchitecture)'))</LibrariesSharedFrameworkBinArtifactsPath>
+ <LibrariesAllBinArtifactsPath Condition="'$(LibrariesAllBinArtifactsPath)' == ''">$([MSBuild]::NormalizeDirectory('$(LibrariesArtifactsPath)', 'bin', 'runtime', '$(NetCoreAppCurrent)-$(LibrariesOSGroup)-$(LibrariesConfiguration)-$(TargetArchitecture)'))</LibrariesAllBinArtifactsPath>
+ <LibrariesNativeArtifactsPath Condition="'$(LibrariesNativeArtifactsPath)' == ''">$([MSBuild]::NormalizeDirectory('$(LibrariesArtifactsPath)', 'bin', 'native', '$(NetCoreAppCurrent)-$(LibrariesOSGroup)-$(LibrariesConfiguration)-$(TargetArchitecture)'))</LibrariesNativeArtifactsPath>
<CoreCLRCrossTargetComponentDirName Condition="'$(TargetArchitecture)' == 'arm64' and '$(BuildArchitecture)' != 'arm64'">x64</CoreCLRCrossTargetComponentDirName>
<CoreCLRCrossTargetComponentDirName Condition="'$(TargetArchitecture)' == 'arm' and '$(BuildArchitecture)' != 'arm' and '$(TargetsWindows)' == 'true'">x86</CoreCLRCrossTargetComponentDirName>
<CoreCLRCrossTargetComponentDirName Condition="'$(TargetArchitecture)' == 'arm' and '$(BuildArchitecture)' != 'arm' and '$(TargetsLinux)' == 'true'">x64</CoreCLRCrossTargetComponentDirName>
<PropertyGroup>
<CoreCLRArtifactsPath>$([MSBuild]::NormalizeDirectory('$(CoreCLRArtifactsPath)'))</CoreCLRArtifactsPath>
+ <!--
+ Even though CoreCLRSharedFrameworkDir is statically initialized, set it again in case the
+ value is different after CoreCLRArtifactsPath is normalized.
+ -->
<CoreCLRSharedFrameworkDir>$([MSBuild]::NormalizeDirectory('$(CoreCLRArtifactsPath)','sharedFramework'))</CoreCLRSharedFrameworkDir>
<CoreCLRCrossTargetComponentDir
Condition="'$(CoreCLRCrossTargetComponentDirName)' != ''">$([MSBuild]::NormalizeDirectory('$(CoreCLRArtifactsPath)','$(CoreCLRCrossTargetComponentDirName)','sharedFramework'))</CoreCLRCrossTargetComponentDir>
$(CoreCLRCrossTargetComponentDir)PDB/*.pdb;
$(CoreCLRCrossTargetComponentDir)PDB/*.dbg;
$(CoreCLRCrossTargetComponentDir)PDB/*.dwarf" />
+
+ <CoreCLRCrossTargetFiles>
+ <TargetPath>runtime/$(CoreCLRCrossTargetComponentDirName)_$(TargetArchitecture)/native</TargetPath>
+ </CoreCLRCrossTargetFiles>
</ItemGroup>
<Error Condition="'@(CoreCLRFiles)' == ''" Text="The CoreCLR subset category must be built before building this project." />
--- /dev/null
+parameters:
+ name: ''
+
+steps:
+- task: CopyFiles@2
+ displayName: Prepare job-specific intermediate unsigned artifacts subdirectory
+ inputs:
+ SourceFolder: '$(Build.SourcesDirectory)/artifacts/packages/$(_BuildConfig)'
+ Contents: |
+ Shipping/**/*
+ NonShipping/**/*
+ TargetFolder: '$(Build.StagingDirectory)/UnsignedArtifacts/${{ parameters.name }}'
+ CleanTargetFolder: true
+
+- task: PublishBuildArtifacts@1
+ displayName: Publish intermediate unsigned artifacts
+ inputs:
+ pathToPublish: '$(Build.StagingDirectory)/UnsignedArtifacts'
+ artifactName: IntermediateUnsignedArtifacts
+ artifactType: container
- ${{ if and(eq(variables['System.TeamProject'], 'internal'), ne(variables['Build.Reason'], 'PullRequest')) }}:
- name: officialBuildIdArg
value: '-officialbuildid=$(Build.BuildNumber)'
- # IBCMerge is currently Windows-only and x86/x64-only
- - ${{ if and(eq(parameters.osGroup, 'Windows_NT'), or(eq(parameters.archType, 'x64'), eq(parameters.archType, 'x86'))) }}:
- - name: ibcOptimizeArg
- value: '-ibcoptimize'
+ # TODO: (Consolidation) Fix internal tool restore and re-enable. https://github.com/dotnet/runtime/issues/1024
+ # # IBCMerge is currently Windows-only and x86/x64-only
+ # - ${{ if and(eq(parameters.osGroup, 'Windows_NT'), or(eq(parameters.archType, 'x64'), eq(parameters.archType, 'x86'))) }}:
+ # - name: ibcOptimizeArg
+ # value: '-ibcoptimize'
- name: enforcePgoArg
value: ''
# The EnforcePGO script is only supported on Windows and is not supported on arm or arm64.
- script: $(Build.SourcesDirectory)\eng\common\init-tools-native.cmd -InstallDirectory $(Build.SourcesDirectory)\native-tools -Force
displayName: Install native dependencies
- # Install internal tools on official builds
- # Since our internal tools are behind an authenticated feed,
- # we need to use the DotNetCli AzDO task to restore from the feed using a service connection.
- # We can't do this from within the build, so we need to do this as a separate step.
- - ${{ if and(and(eq(variables['System.TeamProject'], 'internal'), ne(variables['Build.Reason'], 'PullRequest')), eq(parameters.osGroup, 'Windows_NT')) }}:
- - task: DotNetCoreInstaller@0
- inputs:
- packageType: 'sdk'
- version: '2.1.503'
- - task: DotNetCoreCLI@2
- displayName: Restore internal tools
- inputs:
- command: restore
- feedsToUse: config
- projects: '$(Build.SourcesDirectory)/eng/common/internal/Tools.csproj'
- nugetConfigPath: 'eng/internal/NuGet.config'
- restoreDirectory: '$(Build.SourcesDirectory)\.packages'
- verbosityRestore: 'normal'
- externalFeedCredentials: 'dotnet-core-internal-tooling'
+ # TODO: (Consolidation) Fix internal tool restore and re-enable. https://github.com/dotnet/runtime/issues/1024
+ # # Install internal tools on official builds
+ # # Since our internal tools are behind an authenticated feed,
+ # # we need to use the DotNetCli AzDO task to restore from the feed using a service connection.
+ # # We can't do this from within the build, so we need to do this as a separate step.
+ # - ${{ if and(and(eq(variables['System.TeamProject'], 'internal'), ne(variables['Build.Reason'], 'PullRequest')), eq(parameters.osGroup, 'Windows_NT')) }}:
+ # - task: DotNetCoreInstaller@0
+ # inputs:
+ # packageType: 'sdk'
+ # version: '2.1.503'
+ # - task: DotNetCoreCLI@2
+ # displayName: Restore internal tools
+ # inputs:
+ # command: restore
+ # feedsToUse: config
+ # projects: '$(Build.SourcesDirectory)/eng/common/internal/Tools.csproj'
+ # nugetConfigPath: 'eng/internal/NuGet.config'
+ # restoreDirectory: '$(Build.SourcesDirectory)\.packages'
+ # verbosityRestore: 'normal'
+ # externalFeedCredentials: 'dotnet-core-internal-tooling'
# Build
- ${{ if ne(parameters.osGroup, 'Windows_NT') }}:
- Windows_NT_arm64
jobParameters:
${{ insert }}: ${{ parameters }}
- skipTests: true
+ crossBuild: true
- template: /eng/pipelines/common/platform-matrix.yml
parameters:
jobParameters:
${{ insert }}: ${{ parameters }}
portableBuild: true
- skipTests: true
crossBuild: true
- template: /eng/pipelines/common/platform-matrix.yml
additionalMSBuildArgs: /p:OutputRid=linux-musl-arm64
portableBuild: false
crossBuild: true
- skipTests: true
- template: /eng/pipelines/common/platform-matrix.yml
parameters:
osGroup: ''
archType: ''
osSubgroup: ''
+ platform: ''
timeoutInMinutes: 120
condition: true
container: ''
buildCommandSourcesDirectory: '$(Build.SourcesDirectory)/'
+ isOfficialBuild: false
+ useOfficialAllConfigurations: false
+
liveCoreClrBuildConfig: ''
liveLibrariesBuildConfig: ''
- name: ${{ variable.key }}
value: ${{ variable.value }}
+ - name: SkipTests
+ value: ${{ or(parameters.isOfficialBuild, parameters.crossBuild) }}
+
- name: OfficialBuildArg
value: ''
- # Produce test-signed build for PR and Public builds
- - ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}:
- - name: SignType
- value: test
+ # TODO: (Consolidation) Enable test signing during PR validation. https://github.com/dotnet/runtime/issues/1026
+ #
+ # CoreCLR only produces the UCRT redist file in Release config. When the redist file isn't
+ # present, signing fails. For now, only sign in official builds which only run Release mode.
+ - name: SignType
+ value: ''
# Set up non-PR build from internal project
- - ${{ if eq(variables.isOfficialBuild, true) }}:
+ - ${{ if eq(parameters.isOfficialBuild, true) }}:
- name: SignType
value: $[ coalesce(variables.OfficialSignType, 'real') ]
- name: OfficialBuildArg
value: >-
$(CoreCLRArtifactsPathArg)
$(LibrariesConfigurationArg)
+ $(LibrariesAllConfigurationsArtifactsPathArg)
- name: CoreCLRArtifactsPathArg
value: ''
- name: LibrariesConfigurationArg
value: ''
+ - name: LibrariesAllConfigurationsArtifactsPathArg
+ value: ''
- name: CoreClrDownloadPath
value: ''
- name: LibrariesDownloadPath
value: ''
+ - name: LibrariesDownloadPathAllConfigurations
+ value: ''
- ${{ if ne(parameters.liveCoreClrBuildConfig, '') }}:
- name: liveCoreClrLegName
- name: CoreClrDownloadPath
value: 'artifacts/transport/coreclr'
- name: CoreCLRArtifactsPathArg
- value: /p:CoreCLRArtifactsPath=${{ parameters.buildCommandSourcesDirectory }}$(CoreClrDownloadPath)
+ value: /p:CoreCLROverridePath=${{ parameters.buildCommandSourcesDirectory }}$(CoreClrDownloadPath)
- name: CoreClrArtifactName
value: CoreCLRProduct_$(liveCoreClrLegName)
- name: LibrariesConfigurationArg
value: ' /p:LibrariesConfiguration=${{ parameters.liveLibrariesBuildConfig }}'
+ # Download allconfigurations bits to a separate location. It overlaps with the live libraries
+ # download and causes conflict when unzipping to the same location.
+ - ${{ if eq(parameters.useOfficialAllConfigurations, true) }}:
+ - name: LibrariesDownloadPathAllConfigurations
+ value: 'artifacts/transport/librariesallconfigurations'
+ - name: LibrariesAllConfigurationsArtifactsPathArg
+ value: /p:LibrariesAllConfigurationsArtifactsPath=${{ parameters.buildCommandSourcesDirectory }}$(LibrariesDownloadPathAllConfigurations)
+ - name: LibrariesArtifactNameAllConfigurations
+ value: libraries_bin_official_allconfigurations
+
dependsOn:
- checkout
- ${{ parameters.dependsOn }}
parameters.osSubgroup,
parameters.archType,
parameters.liveLibrariesBuildConfig) }}
+ - ${{ if eq(parameters.useOfficialAllConfigurations, true) }}:
+ - libraries_build_allconfigurations_Windows_NT_x64_Release
steps:
displayName: 'Libraries artifacts'
cleanUnpackFolder: false
+ - ${{ if eq(parameters.useOfficialAllConfigurations, true) }}:
+ - template: /eng/pipelines/common/download-artifact-step.yml
+ parameters:
+ unpackFolder: $(Build.SourcesDirectory)/$(LibrariesDownloadPathAllConfigurations)
+ # Always use '.zip' because AllConfigurations is built on Windows but used everywhere.
+ artifactFileName: '$(LibrariesArtifactNameAllConfigurations).zip'
+ artifactName: '$(LibrariesArtifactNameAllConfigurations)'
+ displayName: 'Libraries artifacts (AllConfigurations)'
+ cleanUnpackFolder: false
+
- ${{ parameters.buildSteps }}
- template: steps/upload-job-artifacts.yml
parameters:
name: ${{ coalesce(parameters.name, parameters.platform) }}
skipTests: ${{ parameters.skipTests }}
+ isOfficialBuild: ${{ parameters.isOfficialBuild }}
- ${{ if ne(parameters.osGroup, 'Windows_NT') }}:
- script: set -x && df -h
disableCrossgen: false
container: ''
packageDistroList: null
- skipTests: false
archType: x64
timeoutInMinutes: 120
pool: ''
parameters:
${{ insert }}: ${{ parameters }}
+ skipTests: ${{ or(parameters.isOfficialBuild, parameters.crossBuild) }}
+
# Do not attempt to clean workspace: the agent might not be able to remove the files because
# they may be owned by "root" due to the way this job uses Docker. This job does its own cleanup
# as a prepare step.
# This causes a newline in the arg string that causes failure.
BuildArguments: >-
--restore --build --ci --test
+ -configuration $(_BuildConfig)
/p:CrossBuild=${{ parameters.crossBuild }}
/p:DisableCrossgen=${{ parameters.disableCrossgen }}
/p:PortableBuild=${{ parameters.portableBuild }}
- /p:SkipTests=${{ parameters.skipTests }}
+ /p:SkipTests=$(SkipTests)
$(LiveOverridePathArgs)
$(CommonMSBuildArgs)
${{ parameters.additionalMSBuildArgs }}
parameters:
${{ insert }}: ${{ parameters }}
+ skipTests: ${{ parameters.isOfficialBuild }}
+
buildVariables:
CommonMSBuildArgs: >-
- /p:Configuration=$(_BuildConfig)
/p:PortableBuild=true
+ /p:SkipTests=$(SkipTests)
buildSteps:
- script: >-
$(Build.SourcesDirectory)/installer.sh --restore --build --ci --test
+ -configuration $(_BuildConfig)
/p:StripSymbols=true
$(LiveOverridePathArgs)
$(CommonMSBuildArgs)
$(OfficialBuildArg)
displayName: Build
- condition: succeeded()
+++ /dev/null
-parameters:
- projectName: ''
- dependency: null
-
-jobs:
-
-- template: /eng/common/templates/post-build/setup-maestro-vars.yml
-
-- job: CustomPublish
- displayName: Custom Publish
- dependsOn: setupMaestroVars
- # Only run this job if setup-maestro-vars says the current branch publishes to this channel.
- # Logic copied from ../common/templates/post-build/channels/netcore-dev-5.yml
- condition: contains(
- dependencies.setupMaestroVars.outputs['setReleaseVars.InitialChannels'],
- format('[{0}]', variables['${{ parameters.dependency.channel.bar }}']))
- pool:
- name: Hosted VS2017
- # Double the default timeout.
- timeoutInMinutes: 120
- workspace:
- clean: all
-
- variables:
- # Only get the secret variable groups if the def has the official name. Reduce dev build def risk.
- - ${{ if eq(variables['Build.DefinitionName'], 'dotnet-core-setup') }}:
- # Used for publishing individual leg assets to azure blob storage
- - ${{ if eq(parameters.dependency.channel.public, 'true') }}:
- - group: DotNet-DotNetCli-Storage
- - ${{ if ne(parameters.dependency.channel.public, 'true') }}:
- - group: DotNet-MSRC-Storage
- # Used for dotnet/versions update
- - group: DotNet-Versions-Publish
-
- - name: _DefaultContainerName
- value: dotnet
- - name: _DefaultChecksumsContainerName
- value: dotnet
-
- - ${{ if eq(parameters.dependency.channel.public, 'true') }}:
- - name: _DefaultAzureAccountName
- value: dotnetcli
- - name: _DefaultAzureAccessToken
- value: $(dotnetcli-storage-key)
- - name: _DefaultChecksumAzureAccountName
- value: dotnetclichecksums
- - name: _DefaultChecksumAzureAccessToken
- value: $(dotnetclichecksums-storage-key)
- # dotnet/versions update
- - name: _GitHubUser
- value: $[ coalesce(variables.GitHubUser, 'dotnet-build-bot') ]
- - name: _GitHubEmail
- value: $[ coalesce(variables.GitHubEmail, 'dotnet-build-bot@microsoft.com') ]
- - name: _GitHubAuthToken
- value: $[ coalesce(variables.GitHubAuthToken, '$(AccessToken-dotnet-build-bot-public-repo)') ]
- - name: _VersionsRepoOwner
- value: $[ coalesce(variables.VersionsRepoOwner, 'dotnet') ]
- - name: _VersionsRepo
- value: $[ coalesce(variables.VersionsRepo, 'versions') ]
- - name: _DotNetVersionsArgs
- value: >-
- /p:GitHubUser=$(_GitHubUser)
- /p:GitHubEmail=$(_GitHubEmail)
- /p:GitHubAuthToken=$(_GitHubAuthToken)
- /p:VersionsRepoOwner=$(_VersionsRepoOwner)
- /p:VersionsRepo=$(_VersionsRepo)
- /p:VersionsRepoPath=build-info/dotnet/core-setup/$(FullBranchName)
-
- - ${{ if ne(parameters.dependency.channel.public, 'true') }}:
- - name: _DefaultAzureAccountName
- value: dotnetclimsrc
- - name: _DefaultAzureAccessToken
- value: $(dotnetclimsrc-access-key)
- - name: _DefaultChecksumAzureAccountName
- value: dotnetclimsrc
- - name: _DefaultChecksumsContainerName
- value: dotnet-checksums
- - name: _DefaultChecksumAzureAccessToken
- value: $(dotnetclimsrc-access-key)
- # dotnet/versions update (disabled)
- - name: _DotNetVersionsArgs
- value: ''
-
- # Blob storage publish (installers and checksums)
- - name: _AzureAccountName
- value: $[ coalesce(variables.AzureAccountName, '$(_DefaultAzureAccountName)') ]
- - name: _ContainerName
- value: $[ coalesce(variables.ContainerName, '$(_DefaultContainerName)') ]
- - name: _AzureAccessToken
- value: $[ coalesce(variables.AzureAccessToken, '$(_DefaultAzureAccessToken)') ]
- - name: _ChecksumAzureAccountName
- value: $[ coalesce(variables.ChecksumAzureAccountName, '$(_DefaultChecksumAzureAccountName)') ]
- - name: _ChecksumContainerName
- value: $[ coalesce(variables.ChecksumContainerName, '$(_DefaultChecksumsContainerName)') ]
- - name: _ChecksumAzureAccessToken
- value: $[ coalesce(variables.ChecksumAzureAccessToken, '$(_DefaultChecksumAzureAccessToken)') ]
-
- - name: _CommonPublishArgs
- value: >-
- /p:AzureAccountName=$(_AzureAccountName)
- /p:ContainerName=$(_ContainerName)
- /p:AzureAccessToken=$(_AzureAccessToken)
- /p:ChecksumAzureAccountName=$(_ChecksumAzureAccountName)
- /p:ChecksumContainerName=$(_ChecksumContainerName)
- /p:ChecksumAzureAccessToken=$(_ChecksumAzureAccessToken)
-
- steps:
-
- - ${{ if eq(variables.isOfficialBuild, true) }}:
- - task: NuGetAuthenticate@0
-
- - task: DownloadBuildArtifacts@0
- displayName: Download Artifacts
- inputs:
- artifactName: PreparedArtifacts
- downloadPath: $(Build.SourcesDirectory)\artifacts\PackageDownload
-
- - powershell: |
- $prefix = "refs/heads/"
- $branch = "$(Build.SourceBranch)"
- $branchName = $branch
- if ($branchName.StartsWith($prefix))
- {
- $branchName = $branchName.Substring($prefix.Length)
- }
- Write-Host "For Build.SourceBranch $branch, FullBranchName is $branchName"
- Write-Host "##vso[task.setvariable variable=FullBranchName;]$branchName"
- displayName: Find true SourceBranchName
-
- - script: >-
- build.cmd -ci
- -projects $(Build.SourcesDirectory)\src\publish\${{ parameters.projectName }}.proj
- /p:Channel=${{ parameters.dependency.channel.storage }}
- /p:Configuration=Release
- $(_CommonPublishArgs)
- $(_DotNetVersionsArgs)
- /bl:$(Build.SourcesDirectory)\${{ parameters.projectName }}.binlog
- displayName: Publish to custom locations
-
- - task: CopyFiles@2
- displayName: Copy Files to $(Build.StagingDirectory)\BuildLogs
- inputs:
- SourceFolder: '$(Build.SourcesDirectory)'
- Contents: |
- **/*.log
- **/*.binlog
- TargetFolder: '$(Build.StagingDirectory)\BuildLogs'
- continueOnError: true
- condition: succeededOrFailed()
-
- - task: PublishBuildArtifacts@1
- displayName: Publish Artifact BuildLogs
- inputs:
- PathtoPublish: '$(Build.StagingDirectory)\BuildLogs'
- ArtifactName: Logs-CustomPublish-${{ parameters.dependency.dependsOn }}-${{ parameters.projectName }}
- condition: succeededOrFailed()
parameters:
name: ''
- skipTests: false
-steps:
-# Upload build outputs as build artifacts only if internal and not PR, to save storage space.
-- ${{ if eq(variables.isOfficialBuild, true) }}:
- - task: CopyFiles@2
- displayName: Prepare job-specific Artifacts subdirectory
- inputs:
- SourceFolder: '$(Build.SourcesDirectory)/artifacts/packages/$(_BuildConfig)'
- Contents: |
- Shipping/**/*
- NonShipping/**/*
- TargetFolder: '$(Build.StagingDirectory)/Artifacts/${{ parameters.name }}'
- CleanTargetFolder: true
- condition: and(succeeded(), eq(variables._BuildConfig, 'Release'))
+ isOfficialBuild: false
- - task: PublishBuildArtifacts@1
- displayName: Publish Artifacts
- inputs:
- pathToPublish: '$(Build.StagingDirectory)/Artifacts'
- artifactName: IntermediateUnsignedArtifacts
- artifactType: container
- condition: and(succeeded(), eq(variables._BuildConfig, 'Release'))
+steps:
+# Upload build artifacts (packages) to pipeline only if official, to save storage space.
+- ${{ if eq(parameters.isOfficialBuild, true) }}:
+ - template: /eng/pipelines/common/upload-unsigned-artifacts-step.yml
+ parameters:
+ name: ${{ parameters.name }}
-- ${{ if eq(parameters.skipTests, false) }}:
- - task: PublishTestResults@2
- displayName: Publish Test Results
- inputs:
- testResultsFormat: 'xUnit'
- testResultsFiles: '*.xml'
- searchFolder: '$(Build.SourcesDirectory)/artifacts/TestResults/$(_BuildConfig)'
- mergeTestResults: true
- testRunTitle: Installer-${{ parameters.name }}-$(_BuildConfig)
- continueOnError: true
- condition: always()
+- task: PublishTestResults@2
+ displayName: Publish Test Results
+ inputs:
+ testResultsFormat: 'xUnit'
+ testResultsFiles: '*.xml'
+ searchFolder: '$(Build.SourcesDirectory)/artifacts/TestResults/$(_BuildConfig)'
+ mergeTestResults: true
+ testRunTitle: Installer-${{ parameters.name }}-$(_BuildConfig)
+ continueOnError: true
+ condition: eq(variables.SkipTests, false)
- task: CopyFiles@2
displayName: Prepare BuildLogs staging directory
parameters:
additionalMSBuildArguments: ''
+ crossBuild: false
publishRidAgnosticPackages: false
- skipTests: false
archType: null
timeoutInMinutes: 120
platform: ''
buildVariables:
CommonMSBuildArgs: >-
- /p:Configuration=$(_BuildConfig)
/p:TargetArchitecture=${{ parameters.archType }}
/p:PortableBuild=true
- /p:SkipTests=${{ parameters.skipTests }}
+ /p:SkipTests=$(SkipTests)
$(OfficialBuildArg)
MsbuildSigningArguments: >-
/p:CertificateId=400
- script: >-
installer.cmd -restore -build -ci -test
+ -configuration $(_BuildConfig)
$(LiveOverridePathArgs)
$(CommonMSBuildArgs)
$(MsbuildSigningArguments)
displayName: Build
- - ${{ if eq(variables.isOfficialBuild, true) }}:
+ - ${{ if eq(parameters.isOfficialBuild, true) }}:
- task: NuGetCommand@2
displayName: Push Visual Studio NuPkgs
inputs:
publishFeedCredentials: 'DevDiv - VS package feed'
condition: and(
succeeded(),
- eq(variables['_BuildConfig'], 'Release'),
ne(variables['DisableVSPublish'], 'true'))
osSubgroup: ''
framework: ''
isOfficialBuild: false
+ isOfficialAllConfigurations: false
liveCoreClrBuildConfig: ''
timeoutInMinutes: 150
condition: true
- _warnAsErrorArg: ''
- _testScopeArg: ''
+ - librariesBuildArtifactName: ${{ format('libraries_bin_{0}{1}_{2}_{3}', parameters.osGroup, parameters.osSubgroup, parameters.archType, parameters.buildConfig) }}
+ - librariesTestsArtifactName: ${{ format('libraries_test_assets_{0}{1}_{2}_{3}', parameters.osGroup, parameters.osSubgroup, parameters.archType, parameters.buildConfig) }}
+
- ${{ if ne(parameters.testScope, '') }}:
- _testScopeArg: -testscope ${{ parameters.testScope }}
- ${{ if eq(parameters.osGroup, 'WebAssembly') }}:
- _runtimeOSArg: -os ${{ parameters.osGroup }}
- - ${{ if eq(parameters.framework, 'allConfigurations' ) }}:
+ - ${{ if eq(parameters.framework, 'allConfigurations') }}:
- _finalFrameworkArg: -allConfigurations
+ - ${{ if eq(parameters.isOfficialAllConfigurations, true) }}:
+ - _skipTestHostCopy: true
+ - librariesBuildArtifactName: 'libraries_bin_official_allconfigurations'
+
- ${{ if eq(parameters.isOfficialBuild, 'true') }}:
- _msbuildCommonParameters: /p:OfficialBuildId=$(Build.BuildNumber)
- - librariesBuildArtifactName: ${{ format('libraries_bin_{0}{1}_{2}_{3}', parameters.osGroup, parameters.osSubgroup, parameters.archType, parameters.buildConfig) }}
- - librariesTestsArtifactName: ${{ format('libraries_test_assets_{0}{1}_{2}_{3}', parameters.osGroup, parameters.osSubgroup, parameters.archType, parameters.buildConfig) }}
-
- _coreClrArtifactName: ''
- _coreClrDownloadPath: ''
- _coreClrArtifactsPathArg: ''
archType: ''
framework: netcoreapp
isOfficialBuild: false
+ isOfficialAllConfigurations: false
# When set to a non-empty value (Debug / Release), it determines CoreCLR
# build configuration to use for building libraries and tests. Setting this
archType: ${{ parameters.archType }}
framework: ${{ parameters.framework }}
isOfficialBuild: ${{ parameters.isOfficialBuild }}
+ isOfficialAllConfigurations: ${{ parameters.isOfficialAllConfigurations }}
liveCoreClrBuildConfig: ${{ parameters.liveCoreClrBuildConfig }}
timeoutInMinutes: ${{ parameters.timeoutInMinutes }}
preBuildSteps: ${{ parameters.preBuildSteps }}
- script: $(_buildScript) -restore $(_buildArguments) $(_skipTestRestoreArg)
displayName: Restore
- - ${{ if eq(parameters.isOfficialBuild, true) }}:
- - task: DotNetCoreCLI@2
- displayName: Restore internal tools
- condition: and(succeeded(), ne(variables['_skipRestoreInternalTools'], 'true'))
- inputs:
- command: restore
- feedsToUse: config
- projects: 'eng/common/internal/Tools.csproj'
- nugetConfigPath: 'eng/internal/NuGet.config'
- restoreDirectory: '$(Build.SourcesDirectory)\.packages'
- verbosityRestore: 'normal'
- externalFeedCredentials: 'dotnet-core-internal-tooling'
+ # TODO: (Consolidation) Fix internal tool restore and re-enable. https://github.com/dotnet/runtime/issues/1024
+ # - ${{ if eq(parameters.isOfficialBuild, true) }}:
+ # - task: DotNetCoreCLI@2
+ # displayName: Restore internal tools
+ # condition: and(succeeded(), ne(variables['_skipRestoreInternalTools'], 'true'))
+ # inputs:
+ # command: restore
+ # feedsToUse: config
+ # projects: 'eng/common/internal/Tools.csproj'
+ # nugetConfigPath: 'eng/internal/NuGet.config'
+ # restoreDirectory: '$(Build.SourcesDirectory)\.packages'
+ # verbosityRestore: 'normal'
+ # externalFeedCredentials: 'dotnet-core-internal-tooling'
- ${{ if eq(parameters.osGroup, 'OSX') }}:
- script: |
inputs:
sourceFolder: $(Build.SourcesDirectory)/artifacts/bin/testhost
targetFolder: $(Build.ArtifactStagingDirectory)/artifacts/bin/testhost
+ condition: ne(variables['_skipTestHostCopy'], 'true')
- task: CopyFiles@2
displayName: Prepare artifacts toolset folder to publish
artifactName: $(librariesBuildArtifactName)
displayName: Build Assets
+ # Save AllConfigurations artifacts using the prepare-signed-artifacts format. The
+ # platform-specific jobs' nupkgs automatically flow through the matching platform-specific
+ # Installer build, but AllConfigurations should only be uploaded once, here.
+ - ${{ if eq(parameters.isOfficialAllConfigurations, true) }}:
+ - template: /eng/pipelines/common/upload-unsigned-artifacts-step.yml
+ parameters:
+ name: Libraries_AllConfigurations
+
- ${{ if eq(parameters.runTests, true) }}:
- template: /eng/pipelines/libraries/helix.yml
parameters:
parameters:
dependsOn: []
- PublishRidAgnosticPackagesFromJobName: ''
+ PublishRidAgnosticPackagesFromPlatform: ''
+ isOfficialBuild: false
jobs:
- job: PrepareSignedArtifacts
workspace:
clean: all
+ variables:
+ - name: SignType
+ value: $[ coalesce(variables.OfficialSignType, 'real') ]
+
steps:
+ - template: /eng/pipelines/common/clone-checkout-bundle-step.yml
- - ${{ if eq(variables.isOfficialBuild, true) }}:
+ - ${{ if eq(parameters.isOfficialBuild, true) }}:
- task: NuGetAuthenticate@0
- task: MicroBuildSigningPlugin@2
- script: >-
build.cmd -ci
- -projects $(Build.SourcesDirectory)\src\publish\prepare-artifacts.proj
- /p:Configuration=Release
- /p:PublishRidAgnosticPackagesFromJobName=${{ parameters.PublishRidAgnosticPackagesFromJobName }}
+ -configuration Release
+ -projects $(Build.SourcesDirectory)\src\installer\publish\prepare-artifacts.proj
+ /p:PublishRidAgnosticPackagesFromPlatform=${{ parameters.PublishRidAgnosticPackagesFromPlatform }}
+ /p:OfficialBuildId=$(Build.BuildNumber)
/p:SignType=$(SignType)
/p:DotNetSignType=$(SignType)
/bl:$(Build.SourcesDirectory)\prepare-artifacts.binlog
parameters:
- dependsOnPublishStages: []
- pipelinesPath: ''
+ PublishRidAgnosticPackagesFromPlatform: Windows_NT_x64
stages:
-# Create extra stage per BAR channel that needs extra publish steps.
-- ${{ each dependency in parameters.dependsOnPublishStages }}:
- - stage: PublishBlob_${{ dependency.dependsOn }}
- displayName: '${{ dependency.channel.name }} Blob Publish'
- dependsOn: PrepareForPublish
- variables:
- - template: /eng/common/templates/post-build/common-variables.yml
- jobs:
- - template: /eng/pipelines/jobs/run-publish-project.yml
- parameters:
- projectName: publish-blobs
- dependency: ${{ dependency }}
+- stage: PrepareForPublish
+ displayName: Prepare for Publish
+ jobs:
+
+ # Prep artifacts: sign them and upload pipeline artifacts expected by stages-based publishing.
+ - template: /eng/pipelines/official/jobs/prepare-signed-artifacts.yml
+ parameters:
+ PublishRidAgnosticPackagesFromPlatform: ${{ parameters.PublishRidAgnosticPackagesFromPlatform }}
+
+ # Publish to Build Asset Registry in order to generate the ReleaseConfigs artifact.
+ - template: /eng/common/templates/job/publish-build-assets.yml
+ parameters:
+ publishUsingPipelines: true
+ dependsOn: PrepareSignedArtifacts
+ pool:
+ name: NetCoreInternal-Pool
+ queue: buildpool.windows.10.amd64.vs2017
# Stages-based publishing entry point
- template: /eng/common/templates/post-build/post-build.yml
parameters:
validateDependsOn:
- - ${{ each dependency in parameters.dependsOnPublishStages }}:
- - PublishBlob_${{ dependency.dependsOn }}
+ - PrepareForPublish
# Symbol validation is not ready yet. https://github.com/dotnet/arcade/issues/2871
enableSymbolValidation: false
# SourceLink validation doesn't work in dev builds: tries to pull from GitHub. https://github.com/dotnet/arcade/issues/3604
symbolPublishingAdditionalParameters: "'-warnAsError:$false'"
# Enable SDL validation, passing through values from the 'core-setup-sdl-validation' group.
SDLValidationParameters:
- enable: true
+ enable: false # TODO: (Consolidation) Decide who owns SDL validation errors and enable. https://github.com/dotnet/runtime/issues/1027
artifactNames:
- PackageArtifacts
- BlobArtifacts
-TsaRepositoryName "$(TsaRepositoryName)"
-TsaCodebaseName "$(TsaCodebaseName)"
-TsaPublish $True
-
-# Create extra stage per BAR channel that needs extra publish steps. These run after the Arcade
-# stages because they depend on Arcade's NuGet package publish being complete.
-- ${{ each dependency in parameters.dependsOnPublishStages }}:
- - stage: PublishFinal_${{ dependency.dependsOn }}
- displayName: '${{ dependency.channel.name }} Finalize'
- dependsOn:
- - ${{ dependency.dependsOn }}
- variables:
- - template: /eng/common/templates/post-build/common-variables.yml
- jobs:
- - template: ${{ parameters.pipelinesPath }}/jobs/run-publish-project.yml
- parameters:
- projectName: publish-final
- dependency: ${{ dependency }}
--- /dev/null
+trigger:
+ batch: true
+ branches:
+ include:
+ - master
+ - release/*
+ paths:
+ include:
+ - '*'
+ - docs/manpages/*
+ exclude:
+ - docs/*
+ - CODE-OF-CONDUCT.md
+ - CONTRIBUTING.md
+ - LICENSE.TXT
+ - PATENTS.TXT
+ - README.md
+ - SECURITY.md
+ - THIRD-PARTY-NOTICES.TXT
+
+pr: none
+
+variables:
+- template: /eng/pipelines/common/variables.yml
+# TODO: (Consolidation) Switch away from old signing/validation variables from former Core-Setup. https://github.com/dotnet/runtime/issues/1027
+- name: TeamName
+ value: dotnet-core-acquisition
+# Set the target blob feed for package publish during official and validation builds.
+- name: _DotNetArtifactsCategory
+ value: .NETCore
+- name: _DotNetValidationArtifactsCategory
+ value: .NETCoreValidation
+
+stages:
+- stage: Build
+ jobs:
+ #
+ # Checkout repository
+ #
+ - template: /eng/pipelines/common/checkout-job.yml
+
+ #
+ # Build CoreCLR
+ #
+ - template: /eng/pipelines/common/platform-matrix.yml
+ parameters:
+ jobTemplate: /eng/pipelines/coreclr/templates/build-job.yml
+ buildConfig: release
+ platforms:
+ - OSX_x64
+ - Linux_x64
+ - Linux_arm
+ - Linux_arm64
+ - Linux_musl_x64
+ - Linux_musl_arm64
+ - Windows_NT_x86
+ - Windows_NT_x64
+ - Windows_NT_arm
+ - Windows_NT_arm64
+
+ #
+ # Build libraries using live CoreLib from CoreCLR
+ #
+ - template: /eng/pipelines/common/platform-matrix.yml
+ parameters:
+ jobTemplate: /eng/pipelines/libraries/build-job.yml
+ buildConfig: Release
+ platforms:
+ - OSX_x64
+ - Linux_x64
+ - Linux_arm
+ - Linux_arm64
+ - Linux_musl_x64
+ - Linux_musl_arm64
+ - Windows_NT_x86
+ - Windows_NT_x64
+ - Windows_NT_arm
+ - Windows_NT_arm64
+ jobParameters:
+ isOfficialBuild: ${{ variables.isOfficialBuild }}
+ liveCoreClrBuildConfig: release
+
+ #
+ # Build libraries AllConfigurations for packages
+ #
+ - template: /eng/pipelines/common/platform-matrix.yml
+ parameters:
+ jobTemplate: /eng/pipelines/libraries/build-job.yml
+ buildConfig: Release
+ platforms:
+ - Windows_NT_x64
+ jobParameters:
+ framework: allConfigurations
+ isOfficialBuild: ${{ variables.isOfficialBuild }}
+ isOfficialAllConfigurations: true
+ liveCoreClrBuildConfig: release
+
+ #
+ # Installer Build
+ #
+ - template: /eng/pipelines/installer/installer-matrix.yml
+ parameters:
+ liveCoreClrBuildConfig: release
+ liveLibrariesBuildConfig: Release
+ isOfficialBuild: ${{ variables.isOfficialBuild }}
+ useOfficialAllConfigurations: true
+
+- ${{ if eq(variables.isOfficialBuild, true) }}:
+ - template: /eng/pipelines/official/stages/publish.yml
+ parameters:
+ isOfficialBuild: ${{ variables.isOfficialBuild }}
<Import Project="$(RepositoryEngineeringDir)DisableSourceControlManagement.targets" Condition="'$(EnableSourceLink)' == 'false'" />
- <!-- Define properties based on live-live information for locating packages. -->
- <PropertyGroup>
- <LibrariesPackagesDir>$([MSBuild]::NormalizeDirectory('$(ArtifactsDir)', 'packages', '$(LibrariesConfiguration)'))</LibrariesPackagesDir>
- <LibrariesShippingPackagesDir>$([MSBuild]::NormalizeDirectory('$(LibrariesPackagesDir)', 'Shipping'))</LibrariesShippingPackagesDir>
- <LibrariesNonShippingPackagesDir>$([MSBuild]::NormalizeDirectory('$(LibrariesPackagesDir)', 'NonShipping'))</LibrariesNonShippingPackagesDir>
- </PropertyGroup>
-
<!-- Provide default targets which can be hooked onto or overridden as necessary -->
<Target Name="Pack" />
<Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory).., Directory.Build.targets))\Directory.Build.targets" />
<!--
+ Add hook for depproj build to respect OrderProjectReferences like pkgproj does. "BeforeTargets"
+ runs after "DependsOnTargets", so hook each crossgen target individually to ensure this happens
+ before any of them.
+
+ TODO: (Consolidation) Add this target properly to the sharedfx tooling. https://github.com/dotnet/runtime/issues/749
+ -->
+ <Target Name="EnsureOrderProjectReferencesBuilt"
+ BeforeTargets="
+ CrossGen;
+ CreateCrossGenImages;
+ CreateCrossGenSymbols">
+ <MSBuild Projects="@(OrderProjectReference)" Targets="Build" />
+ </Target>
+
+ <!--
Get branding names for the installers.
-->
<Target Name="GetInstallerBrandingNames"
<Target Name="BuildInstallers"
DependsOnTargets="
- EnsureSignedBinaries;
+ EnsureSignedR2RBinaries;
$(PackageTargets)"
Condition="'$(DOTNET_BUILD_SKIP_PACKAGING)' != 'true'" />
Targets="Build" />
</Target>
- <Target Name="EnsureSignedBinaries" Condition="'$(OSGroup)' == 'Windows_NT'" >
- <MSBuild Projects="$(SigningToolsDir)\SignBinaries.proj" Targets="Build" />
+ <Target Name="EnsureSignedR2RBinaries" Condition="'$(OSGroup)' == 'Windows_NT'" >
+ <MSBuild Projects="$(SigningToolsDir)\SignR2RBinaries.proj" Targets="Build" />
</Target>
<Target Name="EnsureSignedMsiFiles" Condition="'$(OSGroup)' == 'Windows_NT'" >
<!-- Most packages need the host to be built first. -->
<ItemGroup Condition="'$(DisableOrderDependencies)' != 'true'">
<OrderProjectReference Include="@(CorehostProjectToBuild)" />
- <!-- Pkgproj requires its depproj crossgen outputs to be signed.-->
+ <!-- NETCoreApp depproj requires binaries (CoreCLR, Libraries, Host) to be signed. -->
<OrderProjectReference
- Condition="'$(MSBuildProjectExtension)' == '.pkgproj'"
+ Condition="'$(MSBuildProjectExtension)' == '.depproj'"
Include="$(SigningToolsDir)\SignBinaries.proj" />
+ <!-- Pkgproj requires its depproj crossgen outputs to be signed. -->
+ <OrderProjectReference
+ Condition="'$(MSBuildProjectExtension)' == '.pkgproj'"
+ Include="$(SigningToolsDir)\SignR2RBinaries.proj" />
</ItemGroup>
<!-- In *.builds projects, the current phase's name is the same as the project name. -->
<RestoreSources Condition="Exists('$(LibrariesShippingPackagesDir)')">$(RestoreSources);$(LibrariesShippingPackagesDir)</RestoreSources>
<RestoreSources Condition="Exists('$(LibrariesNonShippingPackagesDir)')">$(RestoreSources);$(LibrariesNonShippingPackagesDir)</RestoreSources>
</PropertyGroup>
+
+ <PropertyGroup Condition="'$(LibrariesPackagesDir)' != '$(LibrariesAllConfigPackagesDir)'">
+ <RestoreSources Condition="Exists('$(LibrariesAllConfigShippingPackagesDir)')">$(RestoreSources);$(LibrariesAllConfigShippingPackagesDir)</RestoreSources>
+ <RestoreSources Condition="Exists('$(LibrariesAllConfigNonShippingPackagesDir)')">$(RestoreSources);$(LibrariesAllConfigNonShippingPackagesDir)</RestoreSources>
+ </PropertyGroup>
</Project>
$(DownloadDirectory)**\VS.Redist.Common.*.nupkg"
Exclude="@(DownloadedSymbolNupkgFile)" />
+ <!--
+ Packages that aren't matched above as RID-specific are considered RID-agnostic. Also include
+ the AllConfigurations packages from the Libraries build.
+ -->
<RidAgnosticNupkgToPublishFile
- Include="$(DownloadDirectory)*\$(PublishRidAgnosticPackagesFromJobName)\**\*.nupkg"
+ Include="
+ $(DownloadDirectory)*\$(PublishRidAgnosticPackagesFromPlatform)\**\*.nupkg;
+ $(DownloadDirectory)*\Libraries_AllConfigurations\**\*.nupkg"
Exclude="@(RuntimeNupkgFile);@(DownloadedSymbolNupkgFile)" />
<NupkgToPublishFile Include="@(RuntimeNupkgFile);@(RidAgnosticNupkgToPublishFile)" />
<PropertyGroup>
<TargetFramework>$(NETCoreAppFramework)</TargetFramework>
- <!-- Skip signing steps by default for non-official builds. Skip signing in the runtime repository until we onboard unified signing scripts. -->
- <SkipSigning>true</SkipSigning>
+ <!-- TODO: (Consolidation) Skip signing steps by default for non-official builds. https://github.com/dotnet/runtime/issues/1026 -->
+ <SkipSigning Condition="'$(DotNetSignType)' == ''">true</SkipSigning>
</PropertyGroup>
</Project>
if '$(<StageName>)' == 'true' and points Arcade to the correct files.
-->
<Target Name="RunArcadeSigning">
+ <PropertyGroup>
+ <SignStartTime>$([System.DateTime]::UtcNow)</SignStartTime>
+ </PropertyGroup>
+
+ <!--
+ Run the Arcade signing project. Carry over some specific properties for Signing.props: the
+ signing project project doesn't import the heavyweight Directory.Build.props/targets.
+ -->
<MSBuild
Projects="$(ArcadeSdkSignProject)"
Targets="Sign"
BaseOutputRootPath=$(BaseOutputRootPath);
CrossGenRootPath=$(CrossGenRootPath);
ArtifactsBinDir=$(ArtifactsBinDir);
- ArtifactsPackagesDir=$(ArtifactsPackagesDir)" />
+ ArtifactsPackagesDir=$(ArtifactsPackagesDir);
+ OSGroup=$(OSGroup);
+ TargetArchitecture=$(TargetArchitecture);
+ NetCoreAppCurrent=$(NetCoreAppCurrent)" />
+
+ <PropertyGroup>
+ <SignDuration>$([System.DateTime]::UtcNow.Subtract($([System.DateTime]::Parse('$(SignStartTime)'))))</SignDuration>
+ </PropertyGroup>
+
+ <Message Importance="High" Text="$(MSBuildProjectName) -> completed in $(SignDuration)" />
</Target>
<Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory).., Directory.Build.targets))\Directory.Build.targets" />
--- /dev/null
+<Project Sdk="Microsoft.NET.Sdk">
+
+ <ItemGroup>
+ <StageProject Include="@(ProjectToBuild -> WithMetadataValue('SignPhase', 'R2RBinaries'))" />
+ </ItemGroup>
+
+</Project>
<RestoreTestSource Include="$(ArtifactsNonShippingPackagesDir)" Key="artifacts-nonshipping-packages" />
<RestoreTestSource Include="$(LibrariesShippingPackagesDir)" Condition="Exists('$(LibrariesShippingPackagesDir)')" Key="libraries-shipping-packages" />
<RestoreTestSource Include="$(LibrariesNonShippingPackagesDir)" Condition="Exists('$(LibrariesNonShippingPackagesDir)')" Key="libraries-nonshipping-packages" />
+ </ItemGroup>
+
+ <ItemGroup Condition="'$(LibrariesPackagesDir)' != '$(LibrariesAllConfigPackagesDir)'">
+ <RestoreTestSource Include="$(LibrariesAllConfigShippingPackagesDir)" Condition="Exists('$(LibrariesAllConfigShippingPackagesDir)')" Key="libraries-allconfig-shipping-packages" />
+ <RestoreTestSource Include="$(LibrariesAllConfigNonShippingPackagesDir)" Condition="Exists('$(LibrariesAllConfigNonShippingPackagesDir)')" Key="libraries-allconfig-nonshipping-packages" />
+ </ItemGroup>
+
+ <ItemGroup>
<RestoreTestSource Include="$(TestStabilizedLegacyPackagesDir)" Key="stabilized-legacy-packages" />
<RestoreTestSource