From e639f77ccbed1360bd688d7290bdeddc82686df1 Mon Sep 17 00:00:00 2001
From: "dotnet-maestro[bot]"
<42748379+dotnet-maestro[bot]@users.noreply.github.com>
Date: Fri, 12 Sep 2025 22:14:43 +0000
Subject: [PATCH 1/3] Update dependencies from https://github.com/dotnet/arcade
build 20250911.1 (#36765)
[release/8.0] Update dependencies from dotnet/arcade
---
NuGet.config | 8 ++++++++
eng/Version.Details.xml | 12 ++++++------
eng/Versions.props | 2 +-
eng/common/SetupNugetSources.ps1 | 4 ++--
eng/common/SetupNugetSources.sh | 4 ++--
eng/common/templates-official/job/job.yml | 12 ++++++------
eng/common/templates-official/job/onelocbuild.yml | 6 +++---
.../job/publish-build-assets.yml | 13 +++++++++----
eng/common/templates-official/job/source-build.yml | 4 ++++
.../templates-official/job/source-index-stage1.yml | 2 +-
.../templates-official/jobs/codeql-build.yml | 2 +-
eng/common/templates-official/jobs/jobs.yml | 2 ++
.../templates-official/jobs/source-build.yml | 5 +++++
.../templates-official/post-build/post-build.yml | 8 ++++----
.../post-build/trigger-subscription.yml | 2 +-
.../steps/add-build-to-channel.yml | 2 +-
.../templates-official/steps/execute-sdl.yml | 14 +++++++-------
.../templates-official/steps/generate-sbom.yml | 2 +-
.../templates-official/steps/publish-logs.yml | 6 +++---
.../templates-official/steps/source-build.yml | 14 ++++++++++----
.../templates-official/variables/sdl-variables.yml | 2 +-
eng/common/templates/job/job.yml | 12 ++++++------
eng/common/templates/job/onelocbuild.yml | 6 +++---
eng/common/templates/job/publish-build-assets.yml | 13 +++++++++----
eng/common/templates/job/source-build.yml | 4 ++++
eng/common/templates/job/source-index-stage1.yml | 2 +-
eng/common/templates/jobs/codeql-build.yml | 2 +-
eng/common/templates/jobs/jobs.yml | 2 ++
eng/common/templates/jobs/source-build.yml | 5 +++++
eng/common/templates/post-build/post-build.yml | 8 ++++----
.../templates/post-build/setup-maestro-vars.yml | 2 +-
.../templates/post-build/trigger-subscription.yml | 2 +-
.../templates/steps/add-build-to-channel.yml | 2 +-
eng/common/templates/steps/execute-sdl.yml | 14 +++++++-------
eng/common/templates/steps/generate-sbom.yml | 2 +-
eng/common/templates/steps/publish-logs.yml | 6 +++---
eng/common/templates/steps/source-build.yml | 14 ++++++++++----
eng/common/templates/variables/sdl-variables.yml | 2 +-
global.json | 8 ++++----
39 files changed, 142 insertions(+), 90 deletions(-)
diff --git a/NuGet.config b/NuGet.config
index feba8cfa5c3..d5910b9f5fe 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -5,6 +5,10 @@
+
+
+
+
@@ -19,6 +23,10 @@
+
+
+
+
diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml
index 36952c5c00c..5c75ca80844 100644
--- a/eng/Version.Details.xml
+++ b/eng/Version.Details.xml
@@ -60,17 +60,17 @@
-
+
https://github.com/dotnet/arcade
- a5ec3fab69ac440afe6764b2e046af6e8fcafa74
+ 958612453c58fd32328461580b19ce5ecf4aedd2
-
+
https://github.com/dotnet/arcade
- a5ec3fab69ac440afe6764b2e046af6e8fcafa74
+ 958612453c58fd32328461580b19ce5ecf4aedd2
-
+
https://github.com/dotnet/arcade
- a5ec3fab69ac440afe6764b2e046af6e8fcafa74
+ 958612453c58fd32328461580b19ce5ecf4aedd2
diff --git a/eng/Versions.props b/eng/Versions.props
index be62c7d0709..f65abbb9b13 100644
--- a/eng/Versions.props
+++ b/eng/Versions.props
@@ -33,7 +33,7 @@
8.0.20-servicing.25419.14
- 8.0.0-beta.25407.1
+ 8.0.0-beta.25461.1
diff --git a/eng/common/SetupNugetSources.ps1 b/eng/common/SetupNugetSources.ps1
index efa2fd72bfa..59b2d55e1a3 100644
--- a/eng/common/SetupNugetSources.ps1
+++ b/eng/common/SetupNugetSources.ps1
@@ -17,8 +17,8 @@
# displayName: Setup Private Feeds Credentials
# condition: eq(variables['Agent.OS'], 'Windows_NT')
# inputs:
-# filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.ps1
-# arguments: -ConfigFile $(Build.SourcesDirectory)/NuGet.config -Password $Env:Token
+# filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
+# arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -Password $Env:Token
# env:
# Token: $(dn-bot-dnceng-artifact-feeds-rw)
diff --git a/eng/common/SetupNugetSources.sh b/eng/common/SetupNugetSources.sh
index d387c7eac95..c0e7bbef21c 100644
--- a/eng/common/SetupNugetSources.sh
+++ b/eng/common/SetupNugetSources.sh
@@ -18,8 +18,8 @@
# - task: Bash@3
# displayName: Setup Private Feeds Credentials
# inputs:
-# filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh
-# arguments: $(Build.SourcesDirectory)/NuGet.config $Token
+# filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh
+# arguments: $(System.DefaultWorkingDirectory)/NuGet.config $Token
# condition: ne(variables['Agent.OS'], 'Windows_NT')
# env:
# Token: $(dn-bot-dnceng-artifact-feeds-rw)
diff --git a/eng/common/templates-official/job/job.yml b/eng/common/templates-official/job/job.yml
index b98f6a6505d..4cca1114fcc 100644
--- a/eng/common/templates-official/job/job.yml
+++ b/eng/common/templates-official/job/job.yml
@@ -38,7 +38,7 @@ parameters:
# Sbom related params
enableSbom: true
PackageVersion: 7.0.0
- BuildDropPath: '$(Build.SourcesDirectory)/artifacts'
+ BuildDropPath: '$(System.DefaultWorkingDirectory)/artifacts'
ManifestDirPath: $(Build.ArtifactStagingDirectory)/sbom
jobs:
@@ -167,7 +167,7 @@ jobs:
inputs:
languages: ${{ coalesce(parameters.richCodeNavigationLanguage, 'csharp') }}
environment: ${{ coalesce(parameters.richCodeNavigationEnvironment, 'production') }}
- richNavLogOutputDirectory: $(Build.SourcesDirectory)/artifacts/bin
+ richNavLogOutputDirectory: $(System.DefaultWorkingDirectory)/artifacts/bin
uploadRichNavArtifacts: ${{ coalesce(parameters.richCodeNavigationUploadArtifacts, false) }}
continueOnError: true
@@ -226,7 +226,7 @@ jobs:
- task: 1ES.PublishBuildArtifacts@1
displayName: Publish Logs
inputs:
- PathtoPublish: '$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)'
+ PathtoPublish: '$(System.DefaultWorkingDirectory)/artifacts/log/$(_BuildConfig)'
PublishLocation: Container
ArtifactName: ${{ coalesce(parameters.enablePublishBuildArtifacts.artifactName, '$(Agent.Os)_$(Agent.JobName)' ) }}
continueOnError: true
@@ -238,7 +238,7 @@ jobs:
inputs:
testResultsFormat: 'xUnit'
testResultsFiles: '*.xml'
- searchFolder: '$(Build.SourcesDirectory)/artifacts/TestResults/$(_BuildConfig)'
+ searchFolder: '$(System.DefaultWorkingDirectory)/artifacts/TestResults/$(_BuildConfig)'
testRunTitle: ${{ coalesce(parameters.testRunTitle, parameters.name, '$(System.JobName)') }}-xunit
mergeTestResults: ${{ parameters.mergeTestResults }}
continueOnError: true
@@ -249,7 +249,7 @@ jobs:
inputs:
testResultsFormat: 'VSTest'
testResultsFiles: '*.trx'
- searchFolder: '$(Build.SourcesDirectory)/artifacts/TestResults/$(_BuildConfig)'
+ searchFolder: '$(System.DefaultWorkingDirectory)/artifacts/TestResults/$(_BuildConfig)'
testRunTitle: ${{ coalesce(parameters.testRunTitle, parameters.name, '$(System.JobName)') }}-trx
mergeTestResults: ${{ parameters.mergeTestResults }}
continueOnError: true
@@ -265,7 +265,7 @@ jobs:
- ${{ if eq(parameters.enableBuildRetry, 'true') }}:
- task: 1ES.PublishPipelineArtifact@1
inputs:
- targetPath: '$(Build.SourcesDirectory)\eng\common\BuildConfiguration'
+ targetPath: '$(System.DefaultWorkingDirectory)\eng\common\BuildConfiguration'
artifactName: 'BuildConfiguration'
displayName: 'Publish build retry configuration'
continueOnError: true
diff --git a/eng/common/templates-official/job/onelocbuild.yml b/eng/common/templates-official/job/onelocbuild.yml
index 52b4d05d3f8..68e7a65605c 100644
--- a/eng/common/templates-official/job/onelocbuild.yml
+++ b/eng/common/templates-official/job/onelocbuild.yml
@@ -8,7 +8,7 @@ parameters:
CeapexPat: $(dn-bot-ceapex-package-r) # PAT for the loc AzDO instance https://dev.azure.com/ceapex
GithubPat: $(BotAccount-dotnet-bot-repo-PAT)
- SourcesDirectory: $(Build.SourcesDirectory)
+ SourcesDirectory: $(System.DefaultWorkingDirectory)
CreatePr: true
AutoCompletePr: false
ReusePr: true
@@ -63,7 +63,7 @@ jobs:
- ${{ if ne(parameters.SkipLocProjectJsonGeneration, 'true') }}:
- task: Powershell@2
inputs:
- filePath: $(Build.SourcesDirectory)/eng/common/generate-locproject.ps1
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/generate-locproject.ps1
arguments: $(_GenerateLocProjectArguments)
displayName: Generate LocProject.json
condition: ${{ parameters.condition }}
@@ -106,7 +106,7 @@ jobs:
- task: 1ES.PublishBuildArtifacts@1
displayName: Publish LocProject.json
inputs:
- PathtoPublish: '$(Build.SourcesDirectory)/eng/Localize/'
+ PathtoPublish: '$(System.DefaultWorkingDirectory)/eng/Localize/'
PublishLocation: Container
ArtifactName: Loc
condition: ${{ parameters.condition }}
\ No newline at end of file
diff --git a/eng/common/templates-official/job/publish-build-assets.yml b/eng/common/templates-official/job/publish-build-assets.yml
index b2ccd9df680..7a320e9bab2 100644
--- a/eng/common/templates-official/job/publish-build-assets.yml
+++ b/eng/common/templates-official/job/publish-build-assets.yml
@@ -30,6 +30,8 @@ parameters:
signingValidationAdditionalParameters: ''
+ repositoryAlias: self
+
jobs:
- job: Asset_Registry_Publish
@@ -65,6 +67,9 @@ jobs:
os: windows
steps:
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
+ - checkout: ${{ parameters.repositoryAlias }}
+ fetchDepth: 3
+ clean: true
- task: DownloadBuildArtifacts@0
displayName: Download artifact
inputs:
@@ -82,7 +87,7 @@ jobs:
azureSubscription: "Darc: Maestro Production"
scriptType: ps
scriptLocation: scriptPath
- scriptPath: $(Build.SourcesDirectory)/eng/common/sdk-task.ps1
+ scriptPath: $(System.DefaultWorkingDirectory)/eng/common/sdk-task.ps1
arguments: >
-task PublishBuildAssets -restore -msbuildEngine dotnet
/p:ManifestsPath='$(Build.StagingDirectory)/Download/AssetManifests'
@@ -115,7 +120,7 @@ jobs:
inputs:
targetType: inline
script: |
- $symbolExclusionfile = "$(Build.SourcesDirectory)/eng/SymbolPublishingExclusionsFile.txt"
+ $symbolExclusionfile = "$(System.DefaultWorkingDirectory)/eng/SymbolPublishingExclusionsFile.txt"
if(Test-Path -Path $symbolExclusionfile)
{
Write-Host "SymbolExclusionFile exists"
@@ -130,7 +135,7 @@ jobs:
displayName: Publish SymbolPublishingExclusionsFile Artifact
condition: eq(variables['SymbolExclusionFile'], 'true')
inputs:
- PathtoPublish: '$(Build.SourcesDirectory)/eng/SymbolPublishingExclusionsFile.txt'
+ PathtoPublish: '$(System.DefaultWorkingDirectory)/eng/SymbolPublishingExclusionsFile.txt'
PublishLocation: Container
ArtifactName: ReleaseConfigs
@@ -146,7 +151,7 @@ jobs:
azureSubscription: "Darc: Maestro Production"
scriptType: ps
scriptLocation: scriptPath
- scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
+ scriptPath: $(System.DefaultWorkingDirectory)/eng/common/post-build/publish-using-darc.ps1
arguments: -BuildId $(BARBuildId)
-PublishingInfraVersion 3
-AzdoToken '$(System.AccessToken)'
diff --git a/eng/common/templates-official/job/source-build.yml b/eng/common/templates-official/job/source-build.yml
index 4217d6d8b14..7b9c58a90c5 100644
--- a/eng/common/templates-official/job/source-build.yml
+++ b/eng/common/templates-official/job/source-build.yml
@@ -31,6 +31,9 @@ parameters:
# container and pool.
platform: {}
+ # Optional list of directories to ignore for component governance scans.
+ cgIgnoreDirectories: []
+
# If set to true and running on a non-public project,
# Internal blob storage locations will be enabled.
# This is not enabled by default because many repositories do not need internal sources
@@ -73,3 +76,4 @@ jobs:
- template: /eng/common/templates-official/steps/source-build.yml
parameters:
platform: ${{ parameters.platform }}
+ cgIgnoreDirectories: ${{ parameters.cgIgnoreDirectories }}
diff --git a/eng/common/templates-official/job/source-index-stage1.yml b/eng/common/templates-official/job/source-index-stage1.yml
index fb632b71a25..0579e692fc8 100644
--- a/eng/common/templates-official/job/source-index-stage1.yml
+++ b/eng/common/templates-official/job/source-index-stage1.yml
@@ -59,7 +59,7 @@ jobs:
- script: ${{ parameters.sourceIndexBuildCommand }}
displayName: Build Repository
- - script: $(Agent.TempDirectory)/.source-index/tools/BinLogToSln -i $(BinlogPath) -r $(Build.SourcesDirectory) -n $(Build.Repository.Name) -o .source-index/stage1output
+ - script: $(Agent.TempDirectory)/.source-index/tools/BinLogToSln -i $(BinlogPath) -r $(System.DefaultWorkingDirectory) -n $(Build.Repository.Name) -o .source-index/stage1output
displayName: Process Binlog into indexable sln
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
diff --git a/eng/common/templates-official/jobs/codeql-build.yml b/eng/common/templates-official/jobs/codeql-build.yml
index b68d3c2f319..f6476912a86 100644
--- a/eng/common/templates-official/jobs/codeql-build.yml
+++ b/eng/common/templates-official/jobs/codeql-build.yml
@@ -23,7 +23,7 @@ jobs:
- name: DefaultGuardianVersion
value: 0.109.0
- name: GuardianPackagesConfigFile
- value: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
+ value: $(System.DefaultWorkingDirectory)\eng\common\sdl\packages.config
- name: GuardianVersion
value: ${{ coalesce(parameters.overrideGuardianVersion, '$(DefaultGuardianVersion)') }}
diff --git a/eng/common/templates-official/jobs/jobs.yml b/eng/common/templates-official/jobs/jobs.yml
index 857a0f8ba43..803a95aacf4 100644
--- a/eng/common/templates-official/jobs/jobs.yml
+++ b/eng/common/templates-official/jobs/jobs.yml
@@ -40,6 +40,7 @@ parameters:
enableSourceIndex: false
sourceIndexParams: {}
+ repositoryAlias: self
# Internal resources (telemetry, microbuild) can only be accessed from non-public projects,
# and some (Microbuild) should only be applied to non-PR cases for internal builds.
@@ -95,3 +96,4 @@ jobs:
enablePublishBuildArtifacts: ${{ parameters.enablePublishBuildArtifacts }}
artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
signingValidationAdditionalParameters: ${{ parameters.signingValidationAdditionalParameters }}
+ repositoryAlias: ${{ parameters.repositoryAlias }}
diff --git a/eng/common/templates-official/jobs/source-build.yml b/eng/common/templates-official/jobs/source-build.yml
index b9247be1547..21a346fbd6c 100644
--- a/eng/common/templates-official/jobs/source-build.yml
+++ b/eng/common/templates-official/jobs/source-build.yml
@@ -21,6 +21,9 @@ parameters:
# one job runs on 'defaultManagedPlatform'.
platforms: []
+ # Optional list of directories to ignore for component governance scans.
+ cgIgnoreDirectories: []
+
# If set to true and running on a non-public project,
# Internal nuget and blob storage locations will be enabled.
# This is not enabled by default because many repositories do not need internal sources
@@ -44,6 +47,7 @@ jobs:
parameters:
jobNamePrefix: ${{ parameters.jobNamePrefix }}
platform: ${{ platform }}
+ cgIgnoreDirectories: ${{ parameters.cgIgnoreDirectories }}
enableInternalSources: ${{ parameters.enableInternalSources }}
- ${{ if eq(length(parameters.platforms), 0) }}:
@@ -51,4 +55,5 @@ jobs:
parameters:
jobNamePrefix: ${{ parameters.jobNamePrefix }}
platform: ${{ parameters.defaultManagedPlatform }}
+ cgIgnoreDirectories: ${{ parameters.cgIgnoreDirectories }}
enableInternalSources: ${{ parameters.enableInternalSources }}
diff --git a/eng/common/templates-official/post-build/post-build.yml b/eng/common/templates-official/post-build/post-build.yml
index b81b8770b34..9fef8103991 100644
--- a/eng/common/templates-official/post-build/post-build.yml
+++ b/eng/common/templates-official/post-build/post-build.yml
@@ -133,7 +133,7 @@ stages:
- task: PowerShell@2
displayName: Validate
inputs:
- filePath: $(Build.SourcesDirectory)/eng/common/post-build/nuget-validation.ps1
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/post-build/nuget-validation.ps1
arguments: -PackagesPath $(Build.ArtifactStagingDirectory)/PackageArtifacts/
-ToolDestinationPath $(Agent.BuildDirectory)/Extract/
@@ -186,7 +186,7 @@ stages:
filePath: eng\common\sdk-task.ps1
arguments: -task SigningValidation -restore -msbuildEngine vs
/p:PackageBasePath='$(Build.ArtifactStagingDirectory)/PackageArtifacts'
- /p:SignCheckExclusionsFile='$(Build.SourcesDirectory)/eng/SignCheckExclusionsFile.txt'
+ /p:SignCheckExclusionsFile='$(System.DefaultWorkingDirectory)/eng/SignCheckExclusionsFile.txt'
${{ parameters.signingValidationAdditionalParameters }}
- template: ../steps/publish-logs.yml
@@ -230,7 +230,7 @@ stages:
- task: PowerShell@2
displayName: Validate
inputs:
- filePath: $(Build.SourcesDirectory)/eng/common/post-build/sourcelink-validation.ps1
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/post-build/sourcelink-validation.ps1
arguments: -InputPath $(Build.ArtifactStagingDirectory)/BlobArtifacts/
-ExtractPath $(Agent.BuildDirectory)/Extract/
-GHRepoName $(Build.Repository.Name)
@@ -278,7 +278,7 @@ stages:
azureSubscription: "Darc: Maestro Production"
scriptType: ps
scriptLocation: scriptPath
- scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
+ scriptPath: $(System.DefaultWorkingDirectory)/eng/common/post-build/publish-using-darc.ps1
arguments: -BuildId $(BARBuildId)
-PublishingInfraVersion ${{ parameters.publishingInfraVersion }}
-AzdoToken '$(System.AccessToken)'
diff --git a/eng/common/templates-official/post-build/trigger-subscription.yml b/eng/common/templates-official/post-build/trigger-subscription.yml
index da669030daf..52df7077482 100644
--- a/eng/common/templates-official/post-build/trigger-subscription.yml
+++ b/eng/common/templates-official/post-build/trigger-subscription.yml
@@ -5,7 +5,7 @@ steps:
- task: PowerShell@2
displayName: Triggering subscriptions
inputs:
- filePath: $(Build.SourcesDirectory)/eng/common/post-build/trigger-subscriptions.ps1
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/post-build/trigger-subscriptions.ps1
arguments: -SourceRepo $(Build.Repository.Uri)
-ChannelId ${{ parameters.ChannelId }}
-MaestroApiAccessToken $(MaestroAccessToken)
diff --git a/eng/common/templates-official/steps/add-build-to-channel.yml b/eng/common/templates-official/steps/add-build-to-channel.yml
index f67a210d62f..5b6fec257ea 100644
--- a/eng/common/templates-official/steps/add-build-to-channel.yml
+++ b/eng/common/templates-official/steps/add-build-to-channel.yml
@@ -5,7 +5,7 @@ steps:
- task: PowerShell@2
displayName: Add Build to Channel
inputs:
- filePath: $(Build.SourcesDirectory)/eng/common/post-build/add-build-to-channel.ps1
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/post-build/add-build-to-channel.ps1
arguments: -BuildId $(BARBuildId)
-ChannelId ${{ parameters.ChannelId }}
-MaestroApiAccessToken $(MaestroApiAccessToken)
diff --git a/eng/common/templates-official/steps/execute-sdl.yml b/eng/common/templates-official/steps/execute-sdl.yml
index 301d5c591eb..d9dcd1e1cde 100644
--- a/eng/common/templates-official/steps/execute-sdl.yml
+++ b/eng/common/templates-official/steps/execute-sdl.yml
@@ -15,17 +15,17 @@ steps:
- ${{ if ne(parameters.overrideGuardianVersion, '') }}:
- pwsh: |
- Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
+ Set-Location -Path $(System.DefaultWorkingDirectory)\eng\common\sdl
. .\sdl.ps1
- $guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts -Version ${{ parameters.overrideGuardianVersion }}
+ $guardianCliLocation = Install-Gdn -Path $(System.DefaultWorkingDirectory)\.artifacts -Version ${{ parameters.overrideGuardianVersion }}
Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
displayName: Install Guardian (Overridden)
- ${{ if eq(parameters.overrideGuardianVersion, '') }}:
- pwsh: |
- Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
+ Set-Location -Path $(System.DefaultWorkingDirectory)\eng\common\sdl
. .\sdl.ps1
- $guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts
+ $guardianCliLocation = Install-Gdn -Path $(System.DefaultWorkingDirectory)\.artifacts
Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
displayName: Install Guardian
@@ -38,7 +38,7 @@ steps:
- ${{ if eq(parameters.overrideParameters, '') }}:
- powershell: ${{ parameters.executeAllSdlToolsScript }}
-GuardianCliLocation $(GuardianCliLocation)
- -NugetPackageDirectory $(Build.SourcesDirectory)\.packages
+ -NugetPackageDirectory $(System.DefaultWorkingDirectory)\.packages
-AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
${{ parameters.additionalParameters }}
displayName: Execute SDL
@@ -73,7 +73,7 @@ steps:
flattenFolders: true
sourceFolder: $(Agent.BuildDirectory)/.gdn/rc/
contents: '**/*.sarif'
- targetFolder: $(Build.SourcesDirectory)/CodeAnalysisLogs
+ targetFolder: $(System.DefaultWorkingDirectory)/CodeAnalysisLogs
condition: succeededOrFailed()
# Use PublishBuildArtifacts because the SARIF extension only checks this case
@@ -81,6 +81,6 @@ steps:
- task: PublishBuildArtifacts@1
displayName: Publish SARIF files to CodeAnalysisLogs container
inputs:
- pathToPublish: $(Build.SourcesDirectory)/CodeAnalysisLogs
+ pathToPublish: $(System.DefaultWorkingDirectory)/CodeAnalysisLogs
artifactName: CodeAnalysisLogs
condition: succeededOrFailed()
\ No newline at end of file
diff --git a/eng/common/templates-official/steps/generate-sbom.yml b/eng/common/templates-official/steps/generate-sbom.yml
index daf0957b68d..1536353566c 100644
--- a/eng/common/templates-official/steps/generate-sbom.yml
+++ b/eng/common/templates-official/steps/generate-sbom.yml
@@ -6,7 +6,7 @@
parameters:
PackageVersion: 8.0.0
- BuildDropPath: '$(Build.SourcesDirectory)/artifacts'
+ BuildDropPath: '$(System.DefaultWorkingDirectory)/artifacts'
PackageName: '.NET'
ManifestDirPath: $(Build.ArtifactStagingDirectory)/sbom
IgnoreDirectories: ''
diff --git a/eng/common/templates-official/steps/publish-logs.yml b/eng/common/templates-official/steps/publish-logs.yml
index 04012fed182..af5a40b64c4 100644
--- a/eng/common/templates-official/steps/publish-logs.yml
+++ b/eng/common/templates-official/steps/publish-logs.yml
@@ -8,15 +8,15 @@ steps:
inputs:
targetType: inline
script: |
- New-Item -ItemType Directory $(Build.SourcesDirectory)/PostBuildLogs/${{parameters.StageLabel}}/${{parameters.JobLabel}}/
- Move-Item -Path $(Build.SourcesDirectory)/artifacts/log/Debug/* $(Build.SourcesDirectory)/PostBuildLogs/${{parameters.StageLabel}}/${{parameters.JobLabel}}/
+ New-Item -ItemType Directory $(System.DefaultWorkingDirectory)/PostBuildLogs/${{parameters.StageLabel}}/${{parameters.JobLabel}}/
+ Move-Item -Path $(System.DefaultWorkingDirectory)/artifacts/log/Debug/* $(System.DefaultWorkingDirectory)/PostBuildLogs/${{parameters.StageLabel}}/${{parameters.JobLabel}}/
continueOnError: true
condition: always()
- task: 1ES.PublishBuildArtifacts@1
displayName: Publish Logs
inputs:
- PathtoPublish: '$(Build.SourcesDirectory)/PostBuildLogs'
+ PathtoPublish: '$(System.DefaultWorkingDirectory)/PostBuildLogs'
PublishLocation: Container
ArtifactName: PostBuildLogs
continueOnError: true
diff --git a/eng/common/templates-official/steps/source-build.yml b/eng/common/templates-official/steps/source-build.yml
index 829f17c34d1..b63043da4b9 100644
--- a/eng/common/templates-official/steps/source-build.yml
+++ b/eng/common/templates-official/steps/source-build.yml
@@ -12,6 +12,9 @@ parameters:
# the usage of the properties on this object is split between the 'job' and 'steps' templates.
platform: {}
+ # Optional list of directories to ignore for component governance scans.
+ cgIgnoreDirectories: []
+
steps:
# Build. Keep it self-contained for simple reusability. (No source-build-specific job variables.)
- script: |
@@ -26,8 +29,8 @@ steps:
internalRestoreArgs=
if [ '$(dn-bot-dnceng-artifact-feeds-rw)' != '$''(dn-bot-dnceng-artifact-feeds-rw)' ]; then
# Temporarily work around https://github.com/dotnet/arcade/issues/7709
- chmod +x $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh
- $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh $(Build.SourcesDirectory)/NuGet.config $(dn-bot-dnceng-artifact-feeds-rw)
+ chmod +x $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh
+ $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh $(System.DefaultWorkingDirectory)/NuGet.config $(dn-bot-dnceng-artifact-feeds-rw)
internalRestoreArgs='/p:CopyWipIntoInnerSourceBuildRepo=true'
# The 'Copy WIP' feature of source build uses git stash to apply changes from the original repo.
@@ -101,7 +104,7 @@ steps:
- task: CopyFiles@2
displayName: Prepare BuildLogs staging directory
inputs:
- SourceFolder: '$(Build.SourcesDirectory)'
+ SourceFolder: '$(System.DefaultWorkingDirectory)'
Contents: |
**/*.log
**/*.binlog
@@ -126,4 +129,7 @@ steps:
- task: ComponentGovernanceComponentDetection@0
displayName: Component Detection (Exclude upstream cache)
inputs:
- ignoreDirectories: '$(Build.SourcesDirectory)/artifacts/source-build/self/src/artifacts/obj/source-built-upstream-cache'
+ ${{ if eq(length(parameters.cgIgnoreDirectories), 0) }}:
+ ignoreDirectories: '$(System.DefaultWorkingDirectory)/artifacts/source-build/self/src/artifacts/obj/source-built-upstream-cache'
+ ${{ else }}:
+ ignoreDirectories: ${{ join(',', parameters.cgIgnoreDirectories) }}
diff --git a/eng/common/templates-official/variables/sdl-variables.yml b/eng/common/templates-official/variables/sdl-variables.yml
index dbdd66d4a4b..f1311bbb1b3 100644
--- a/eng/common/templates-official/variables/sdl-variables.yml
+++ b/eng/common/templates-official/variables/sdl-variables.yml
@@ -4,4 +4,4 @@ variables:
- name: DefaultGuardianVersion
value: 0.109.0
- name: GuardianPackagesConfigFile
- value: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
\ No newline at end of file
+ value: $(System.DefaultWorkingDirectory)\eng\common\sdl\packages.config
\ No newline at end of file
diff --git a/eng/common/templates/job/job.yml b/eng/common/templates/job/job.yml
index 2856f7de106..80454d5a558 100644
--- a/eng/common/templates/job/job.yml
+++ b/eng/common/templates/job/job.yml
@@ -37,7 +37,7 @@ parameters:
# Sbom related params
enableSbom: true
PackageVersion: 7.0.0
- BuildDropPath: '$(Build.SourcesDirectory)/artifacts'
+ BuildDropPath: '$(System.DefaultWorkingDirectory)/artifacts'
jobs:
- job: ${{ parameters.name }}
@@ -163,7 +163,7 @@ jobs:
inputs:
languages: ${{ coalesce(parameters.richCodeNavigationLanguage, 'csharp') }}
environment: ${{ coalesce(parameters.richCodeNavigationEnvironment, 'production') }}
- richNavLogOutputDirectory: $(Build.SourcesDirectory)/artifacts/bin
+ richNavLogOutputDirectory: $(System.DefaultWorkingDirectory)/artifacts/bin
uploadRichNavArtifacts: ${{ coalesce(parameters.richCodeNavigationUploadArtifacts, false) }}
continueOnError: true
@@ -220,7 +220,7 @@ jobs:
- task: PublishBuildArtifacts@1
displayName: Publish Logs
inputs:
- PathtoPublish: '$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)'
+ PathtoPublish: '$(System.DefaultWorkingDirectory)/artifacts/log/$(_BuildConfig)'
PublishLocation: Container
ArtifactName: ${{ coalesce(parameters.enablePublishBuildArtifacts.artifactName, '$(Agent.Os)_$(Agent.JobName)' ) }}
continueOnError: true
@@ -232,7 +232,7 @@ jobs:
inputs:
testResultsFormat: 'xUnit'
testResultsFiles: '*.xml'
- searchFolder: '$(Build.SourcesDirectory)/artifacts/TestResults/$(_BuildConfig)'
+ searchFolder: '$(System.DefaultWorkingDirectory)/artifacts/TestResults/$(_BuildConfig)'
testRunTitle: ${{ coalesce(parameters.testRunTitle, parameters.name, '$(System.JobName)') }}-xunit
mergeTestResults: ${{ parameters.mergeTestResults }}
continueOnError: true
@@ -243,7 +243,7 @@ jobs:
inputs:
testResultsFormat: 'VSTest'
testResultsFiles: '*.trx'
- searchFolder: '$(Build.SourcesDirectory)/artifacts/TestResults/$(_BuildConfig)'
+ searchFolder: '$(System.DefaultWorkingDirectory)/artifacts/TestResults/$(_BuildConfig)'
testRunTitle: ${{ coalesce(parameters.testRunTitle, parameters.name, '$(System.JobName)') }}-trx
mergeTestResults: ${{ parameters.mergeTestResults }}
continueOnError: true
@@ -257,7 +257,7 @@ jobs:
IgnoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }}
- ${{ if eq(parameters.enableBuildRetry, 'true') }}:
- - publish: $(Build.SourcesDirectory)\eng\common\BuildConfiguration
+ - publish: $(System.DefaultWorkingDirectory)\eng\common\BuildConfiguration
artifact: BuildConfiguration
displayName: Publish build retry configuration
continueOnError: true
diff --git a/eng/common/templates/job/onelocbuild.yml b/eng/common/templates/job/onelocbuild.yml
index 60ab00c4de3..2cd3840c992 100644
--- a/eng/common/templates/job/onelocbuild.yml
+++ b/eng/common/templates/job/onelocbuild.yml
@@ -8,7 +8,7 @@ parameters:
CeapexPat: $(dn-bot-ceapex-package-r) # PAT for the loc AzDO instance https://dev.azure.com/ceapex
GithubPat: $(BotAccount-dotnet-bot-repo-PAT)
- SourcesDirectory: $(Build.SourcesDirectory)
+ SourcesDirectory: $(System.DefaultWorkingDirectory)
CreatePr: true
AutoCompletePr: false
ReusePr: true
@@ -60,7 +60,7 @@ jobs:
- ${{ if ne(parameters.SkipLocProjectJsonGeneration, 'true') }}:
- task: Powershell@2
inputs:
- filePath: $(Build.SourcesDirectory)/eng/common/generate-locproject.ps1
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/generate-locproject.ps1
arguments: $(_GenerateLocProjectArguments)
displayName: Generate LocProject.json
condition: ${{ parameters.condition }}
@@ -103,7 +103,7 @@ jobs:
- task: PublishBuildArtifacts@1
displayName: Publish LocProject.json
inputs:
- PathtoPublish: '$(Build.SourcesDirectory)/eng/Localize/'
+ PathtoPublish: '$(System.DefaultWorkingDirectory)/eng/Localize/'
PublishLocation: Container
ArtifactName: Loc
condition: ${{ parameters.condition }}
\ No newline at end of file
diff --git a/eng/common/templates/job/publish-build-assets.yml b/eng/common/templates/job/publish-build-assets.yml
index cc2b346ba8b..2956d8117f7 100644
--- a/eng/common/templates/job/publish-build-assets.yml
+++ b/eng/common/templates/job/publish-build-assets.yml
@@ -30,6 +30,8 @@ parameters:
signingValidationAdditionalParameters: ''
+ repositoryAlias: self
+
jobs:
- job: Asset_Registry_Publish
@@ -63,6 +65,9 @@ jobs:
steps:
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
+ - checkout: ${{ parameters.repositoryAlias }}
+ fetchDepth: 3
+ clean: true
- task: DownloadBuildArtifacts@0
displayName: Download artifact
inputs:
@@ -80,7 +85,7 @@ jobs:
azureSubscription: "Darc: Maestro Production"
scriptType: ps
scriptLocation: scriptPath
- scriptPath: $(Build.SourcesDirectory)/eng/common/sdk-task.ps1
+ scriptPath: $(System.DefaultWorkingDirectory)/eng/common/sdk-task.ps1
arguments: >
-task PublishBuildAssets -restore -msbuildEngine dotnet
/p:ManifestsPath='$(Build.StagingDirectory)/Download/AssetManifests'
@@ -111,7 +116,7 @@ jobs:
inputs:
targetType: inline
script: |
- $symbolExclusionfile = "$(Build.SourcesDirectory)/eng/SymbolPublishingExclusionsFile.txt"
+ $symbolExclusionfile = "$(System.DefaultWorkingDirectory)/eng/SymbolPublishingExclusionsFile.txt"
if(Test-Path -Path $symbolExclusionfile)
{
Write-Host "SymbolExclusionFile exists"
@@ -126,7 +131,7 @@ jobs:
displayName: Publish SymbolPublishingExclusionsFile Artifact
condition: eq(variables['SymbolExclusionFile'], 'true')
inputs:
- PathtoPublish: '$(Build.SourcesDirectory)/eng/SymbolPublishingExclusionsFile.txt'
+ PathtoPublish: '$(System.DefaultWorkingDirectory)/eng/SymbolPublishingExclusionsFile.txt'
PublishLocation: Container
ArtifactName: ReleaseConfigs
@@ -142,7 +147,7 @@ jobs:
azureSubscription: "Darc: Maestro Production"
scriptType: ps
scriptLocation: scriptPath
- scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
+ scriptPath: $(System.DefaultWorkingDirectory)/eng/common/post-build/publish-using-darc.ps1
arguments: -BuildId $(BARBuildId)
-PublishingInfraVersion 3
-AzdoToken '$(System.AccessToken)'
diff --git a/eng/common/templates/job/source-build.yml b/eng/common/templates/job/source-build.yml
index c48f95d93d9..97021335cfc 100644
--- a/eng/common/templates/job/source-build.yml
+++ b/eng/common/templates/job/source-build.yml
@@ -31,6 +31,9 @@ parameters:
# container and pool.
platform: {}
+ # Optional list of directories to ignore for component governance scans.
+ cgIgnoreDirectories: []
+
# If set to true and running on a non-public project,
# Internal blob storage locations will be enabled.
# This is not enabled by default because many repositories do not need internal sources
@@ -72,3 +75,4 @@ jobs:
- template: /eng/common/templates/steps/source-build.yml
parameters:
platform: ${{ parameters.platform }}
+ cgIgnoreDirectories: ${{ parameters.cgIgnoreDirectories }}
diff --git a/eng/common/templates/job/source-index-stage1.yml b/eng/common/templates/job/source-index-stage1.yml
index 8538f44bab2..81606fd9a54 100644
--- a/eng/common/templates/job/source-index-stage1.yml
+++ b/eng/common/templates/job/source-index-stage1.yml
@@ -58,7 +58,7 @@ jobs:
- script: ${{ parameters.sourceIndexBuildCommand }}
displayName: Build Repository
- - script: $(Agent.TempDirectory)/.source-index/tools/BinLogToSln -i $(BinlogPath) -r $(Build.SourcesDirectory) -n $(Build.Repository.Name) -o .source-index/stage1output
+ - script: $(Agent.TempDirectory)/.source-index/tools/BinLogToSln -i $(BinlogPath) -r $(System.DefaultWorkingDirectory) -n $(Build.Repository.Name) -o .source-index/stage1output
displayName: Process Binlog into indexable sln
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
diff --git a/eng/common/templates/jobs/codeql-build.yml b/eng/common/templates/jobs/codeql-build.yml
index f7dc5ea4aaa..e8b43e3b4cb 100644
--- a/eng/common/templates/jobs/codeql-build.yml
+++ b/eng/common/templates/jobs/codeql-build.yml
@@ -23,7 +23,7 @@ jobs:
- name: DefaultGuardianVersion
value: 0.109.0
- name: GuardianPackagesConfigFile
- value: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
+ value: $(System.DefaultWorkingDirectory)\eng\common\sdl\packages.config
- name: GuardianVersion
value: ${{ coalesce(parameters.overrideGuardianVersion, '$(DefaultGuardianVersion)') }}
diff --git a/eng/common/templates/jobs/jobs.yml b/eng/common/templates/jobs/jobs.yml
index 289bb2396ce..34387a8c7ac 100644
--- a/eng/common/templates/jobs/jobs.yml
+++ b/eng/common/templates/jobs/jobs.yml
@@ -40,6 +40,7 @@ parameters:
enableSourceIndex: false
sourceIndexParams: {}
+ repositoryAlias: self
# Internal resources (telemetry, microbuild) can only be accessed from non-public projects,
# and some (Microbuild) should only be applied to non-PR cases for internal builds.
@@ -95,3 +96,4 @@ jobs:
enablePublishBuildArtifacts: ${{ parameters.enablePublishBuildArtifacts }}
artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
signingValidationAdditionalParameters: ${{ parameters.signingValidationAdditionalParameters }}
+ repositoryAlias: ${{ parameters.repositoryAlias }}
diff --git a/eng/common/templates/jobs/source-build.yml b/eng/common/templates/jobs/source-build.yml
index 3ec99710810..4dde599add9 100644
--- a/eng/common/templates/jobs/source-build.yml
+++ b/eng/common/templates/jobs/source-build.yml
@@ -21,6 +21,9 @@ parameters:
# one job runs on 'defaultManagedPlatform'.
platforms: []
+ # Optional list of directories to ignore for component governance scans.
+ cgIgnoreDirectories: []
+
# If set to true and running on a non-public project,
# Internal nuget and blob storage locations will be enabled.
# This is not enabled by default because many repositories do not need internal sources
@@ -44,6 +47,7 @@ jobs:
parameters:
jobNamePrefix: ${{ parameters.jobNamePrefix }}
platform: ${{ platform }}
+ cgIgnoreDirectories: ${{ parameters.cgIgnoreDirectories }}
enableInternalSources: ${{ parameters.enableInternalSources }}
- ${{ if eq(length(parameters.platforms), 0) }}:
@@ -51,4 +55,5 @@ jobs:
parameters:
jobNamePrefix: ${{ parameters.jobNamePrefix }}
platform: ${{ parameters.defaultManagedPlatform }}
+ cgIgnoreDirectories: ${{ parameters.cgIgnoreDirectories }}
enableInternalSources: ${{ parameters.enableInternalSources }}
diff --git a/eng/common/templates/post-build/post-build.yml b/eng/common/templates/post-build/post-build.yml
index c3b6a3012fe..6e5722dc2e1 100644
--- a/eng/common/templates/post-build/post-build.yml
+++ b/eng/common/templates/post-build/post-build.yml
@@ -130,7 +130,7 @@ stages:
- task: PowerShell@2
displayName: Validate
inputs:
- filePath: $(Build.SourcesDirectory)/eng/common/post-build/nuget-validation.ps1
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/post-build/nuget-validation.ps1
arguments: -PackagesPath $(Build.ArtifactStagingDirectory)/PackageArtifacts/
-ToolDestinationPath $(Agent.BuildDirectory)/Extract/
@@ -180,7 +180,7 @@ stages:
filePath: eng\common\sdk-task.ps1
arguments: -task SigningValidation -restore -msbuildEngine vs
/p:PackageBasePath='$(Build.ArtifactStagingDirectory)/PackageArtifacts'
- /p:SignCheckExclusionsFile='$(Build.SourcesDirectory)/eng/SignCheckExclusionsFile.txt'
+ /p:SignCheckExclusionsFile='$(System.DefaultWorkingDirectory)/eng/SignCheckExclusionsFile.txt'
${{ parameters.signingValidationAdditionalParameters }}
- template: ../steps/publish-logs.yml
@@ -220,7 +220,7 @@ stages:
- task: PowerShell@2
displayName: Validate
inputs:
- filePath: $(Build.SourcesDirectory)/eng/common/post-build/sourcelink-validation.ps1
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/post-build/sourcelink-validation.ps1
arguments: -InputPath $(Build.ArtifactStagingDirectory)/BlobArtifacts/
-ExtractPath $(Agent.BuildDirectory)/Extract/
-GHRepoName $(Build.Repository.Name)
@@ -274,7 +274,7 @@ stages:
azureSubscription: "Darc: Maestro Production"
scriptType: ps
scriptLocation: scriptPath
- scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
+ scriptPath: $(System.DefaultWorkingDirectory)/eng/common/post-build/publish-using-darc.ps1
arguments: -BuildId $(BARBuildId)
-PublishingInfraVersion ${{ parameters.publishingInfraVersion }}
-AzdoToken '$(System.AccessToken)'
diff --git a/eng/common/templates/post-build/setup-maestro-vars.yml b/eng/common/templates/post-build/setup-maestro-vars.yml
index 64b9abc6850..4347fa80b68 100644
--- a/eng/common/templates/post-build/setup-maestro-vars.yml
+++ b/eng/common/templates/post-build/setup-maestro-vars.yml
@@ -32,7 +32,7 @@ steps:
$AzureDevOpsBuildId = $Env:Build_BuildId
}
else {
- . $(Build.SourcesDirectory)\eng\common\tools.ps1
+ . $(System.DefaultWorkingDirectory)\eng\common\tools.ps1
$darc = Get-Darc
$buildInfo = & $darc get-build `
--id ${{ parameters.BARBuildId }} `
diff --git a/eng/common/templates/post-build/trigger-subscription.yml b/eng/common/templates/post-build/trigger-subscription.yml
index da669030daf..52df7077482 100644
--- a/eng/common/templates/post-build/trigger-subscription.yml
+++ b/eng/common/templates/post-build/trigger-subscription.yml
@@ -5,7 +5,7 @@ steps:
- task: PowerShell@2
displayName: Triggering subscriptions
inputs:
- filePath: $(Build.SourcesDirectory)/eng/common/post-build/trigger-subscriptions.ps1
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/post-build/trigger-subscriptions.ps1
arguments: -SourceRepo $(Build.Repository.Uri)
-ChannelId ${{ parameters.ChannelId }}
-MaestroApiAccessToken $(MaestroAccessToken)
diff --git a/eng/common/templates/steps/add-build-to-channel.yml b/eng/common/templates/steps/add-build-to-channel.yml
index f67a210d62f..5b6fec257ea 100644
--- a/eng/common/templates/steps/add-build-to-channel.yml
+++ b/eng/common/templates/steps/add-build-to-channel.yml
@@ -5,7 +5,7 @@ steps:
- task: PowerShell@2
displayName: Add Build to Channel
inputs:
- filePath: $(Build.SourcesDirectory)/eng/common/post-build/add-build-to-channel.ps1
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/post-build/add-build-to-channel.ps1
arguments: -BuildId $(BARBuildId)
-ChannelId ${{ parameters.ChannelId }}
-MaestroApiAccessToken $(MaestroApiAccessToken)
diff --git a/eng/common/templates/steps/execute-sdl.yml b/eng/common/templates/steps/execute-sdl.yml
index fe0ebf8c904..047e8281ebc 100644
--- a/eng/common/templates/steps/execute-sdl.yml
+++ b/eng/common/templates/steps/execute-sdl.yml
@@ -15,17 +15,17 @@ steps:
- ${{ if ne(parameters.overrideGuardianVersion, '') }}:
- pwsh: |
- Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
+ Set-Location -Path $(System.DefaultWorkingDirectory)\eng\common\sdl
. .\sdl.ps1
- $guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts -Version ${{ parameters.overrideGuardianVersion }}
+ $guardianCliLocation = Install-Gdn -Path $(System.DefaultWorkingDirectory)\.artifacts -Version ${{ parameters.overrideGuardianVersion }}
Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
displayName: Install Guardian (Overridden)
- ${{ if eq(parameters.overrideGuardianVersion, '') }}:
- pwsh: |
- Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
+ Set-Location -Path $(System.DefaultWorkingDirectory)\eng\common\sdl
. .\sdl.ps1
- $guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts
+ $guardianCliLocation = Install-Gdn -Path $(System.DefaultWorkingDirectory)\.artifacts
Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
displayName: Install Guardian
@@ -40,7 +40,7 @@ steps:
- ${{ if eq(parameters.overrideParameters, '') }}:
- powershell: ${{ parameters.executeAllSdlToolsScript }}
-GuardianCliLocation $(GuardianCliLocation)
- -NugetPackageDirectory $(Build.SourcesDirectory)\.packages
+ -NugetPackageDirectory $(System.DefaultWorkingDirectory)\.packages
${{ parameters.additionalParameters }}
displayName: Execute SDL
continueOnError: ${{ parameters.sdlContinueOnError }}
@@ -76,7 +76,7 @@ steps:
flattenFolders: true
sourceFolder: $(Agent.BuildDirectory)/.gdn/rc/
contents: '**/*.sarif'
- targetFolder: $(Build.SourcesDirectory)/CodeAnalysisLogs
+ targetFolder: $(System.DefaultWorkingDirectory)/CodeAnalysisLogs
condition: succeededOrFailed()
# Use PublishBuildArtifacts because the SARIF extension only checks this case
@@ -84,6 +84,6 @@ steps:
- task: PublishBuildArtifacts@1
displayName: Publish SARIF files to CodeAnalysisLogs container
inputs:
- pathToPublish: $(Build.SourcesDirectory)/CodeAnalysisLogs
+ pathToPublish: $(System.DefaultWorkingDirectory)/CodeAnalysisLogs
artifactName: CodeAnalysisLogs
condition: succeededOrFailed()
\ No newline at end of file
diff --git a/eng/common/templates/steps/generate-sbom.yml b/eng/common/templates/steps/generate-sbom.yml
index 2b21eae4273..b1fe8b3944b 100644
--- a/eng/common/templates/steps/generate-sbom.yml
+++ b/eng/common/templates/steps/generate-sbom.yml
@@ -6,7 +6,7 @@
parameters:
PackageVersion: 8.0.0
- BuildDropPath: '$(Build.SourcesDirectory)/artifacts'
+ BuildDropPath: '$(System.DefaultWorkingDirectory)/artifacts'
PackageName: '.NET'
ManifestDirPath: $(Build.ArtifactStagingDirectory)/sbom
IgnoreDirectories: ''
diff --git a/eng/common/templates/steps/publish-logs.yml b/eng/common/templates/steps/publish-logs.yml
index 88f238f36bf..e2f8413d8e1 100644
--- a/eng/common/templates/steps/publish-logs.yml
+++ b/eng/common/templates/steps/publish-logs.yml
@@ -8,15 +8,15 @@ steps:
inputs:
targetType: inline
script: |
- New-Item -ItemType Directory $(Build.SourcesDirectory)/PostBuildLogs/${{parameters.StageLabel}}/${{parameters.JobLabel}}/
- Move-Item -Path $(Build.SourcesDirectory)/artifacts/log/Debug/* $(Build.SourcesDirectory)/PostBuildLogs/${{parameters.StageLabel}}/${{parameters.JobLabel}}/
+ New-Item -ItemType Directory $(System.DefaultWorkingDirectory)/PostBuildLogs/${{parameters.StageLabel}}/${{parameters.JobLabel}}/
+ Move-Item -Path $(System.DefaultWorkingDirectory)/artifacts/log/Debug/* $(System.DefaultWorkingDirectory)/PostBuildLogs/${{parameters.StageLabel}}/${{parameters.JobLabel}}/
continueOnError: true
condition: always()
- task: PublishBuildArtifacts@1
displayName: Publish Logs
inputs:
- PathtoPublish: '$(Build.SourcesDirectory)/PostBuildLogs'
+ PathtoPublish: '$(System.DefaultWorkingDirectory)/PostBuildLogs'
PublishLocation: Container
ArtifactName: PostBuildLogs
continueOnError: true
diff --git a/eng/common/templates/steps/source-build.yml b/eng/common/templates/steps/source-build.yml
index 41bbb915736..ae06b26ea37 100644
--- a/eng/common/templates/steps/source-build.yml
+++ b/eng/common/templates/steps/source-build.yml
@@ -12,6 +12,9 @@ parameters:
# the usage of the properties on this object is split between the 'job' and 'steps' templates.
platform: {}
+ # Optional list of directories to ignore for component governance scans.
+ cgIgnoreDirectories: []
+
steps:
# Build. Keep it self-contained for simple reusability. (No source-build-specific job variables.)
- script: |
@@ -26,8 +29,8 @@ steps:
internalRestoreArgs=
if [ '$(dn-bot-dnceng-artifact-feeds-rw)' != '$''(dn-bot-dnceng-artifact-feeds-rw)' ]; then
# Temporarily work around https://github.com/dotnet/arcade/issues/7709
- chmod +x $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh
- $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh $(Build.SourcesDirectory)/NuGet.config $(dn-bot-dnceng-artifact-feeds-rw)
+ chmod +x $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh
+ $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh $(System.DefaultWorkingDirectory)/NuGet.config $(dn-bot-dnceng-artifact-feeds-rw)
internalRestoreArgs='/p:CopyWipIntoInnerSourceBuildRepo=true'
# The 'Copy WIP' feature of source build uses git stash to apply changes from the original repo.
@@ -101,7 +104,7 @@ steps:
- task: CopyFiles@2
displayName: Prepare BuildLogs staging directory
inputs:
- SourceFolder: '$(Build.SourcesDirectory)'
+ SourceFolder: '$(System.DefaultWorkingDirectory)'
Contents: |
**/*.log
**/*.binlog
@@ -126,4 +129,7 @@ steps:
- task: ComponentGovernanceComponentDetection@0
displayName: Component Detection (Exclude upstream cache)
inputs:
- ignoreDirectories: '$(Build.SourcesDirectory)/artifacts/source-build/self/src/artifacts/obj/source-built-upstream-cache'
+ ${{ if eq(length(parameters.cgIgnoreDirectories), 0) }}:
+ ignoreDirectories: '$(System.DefaultWorkingDirectory)/artifacts/source-build/self/src/artifacts/obj/source-built-upstream-cache'
+ ${{ else }}:
+ ignoreDirectories: ${{ join(',', parameters.cgIgnoreDirectories) }}
diff --git a/eng/common/templates/variables/sdl-variables.yml b/eng/common/templates/variables/sdl-variables.yml
index dbdd66d4a4b..f1311bbb1b3 100644
--- a/eng/common/templates/variables/sdl-variables.yml
+++ b/eng/common/templates/variables/sdl-variables.yml
@@ -4,4 +4,4 @@ variables:
- name: DefaultGuardianVersion
value: 0.109.0
- name: GuardianPackagesConfigFile
- value: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
\ No newline at end of file
+ value: $(System.DefaultWorkingDirectory)\eng\common\sdl\packages.config
\ No newline at end of file
diff --git a/global.json b/global.json
index fc7459ffcb1..5f45975b61d 100644
--- a/global.json
+++ b/global.json
@@ -1,11 +1,11 @@
{
"sdk": {
- "version": "8.0.119",
+ "version": "8.0.120",
"allowPrerelease": true,
"rollForward": "latestMajor"
},
"tools": {
- "dotnet": "8.0.119",
+ "dotnet": "8.0.120",
"runtimes": {
"dotnet": [
"$(MicrosoftNETCoreBrowserDebugHostTransportVersion)"
@@ -13,7 +13,7 @@
}
},
"msbuild-sdks": {
- "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.25407.1",
- "Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.25407.1"
+ "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.25461.1",
+ "Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.25461.1"
}
}
From 8378c070ce9f43383fa064961623897de28f04f8 Mon Sep 17 00:00:00 2001
From: Andriy Svyryd
Date: Sun, 14 Sep 2025 23:55:57 -0700
Subject: [PATCH 2/3] [release/8.0] Disable Guardian Dotnet Analyzers (#36776)
---
azure-pipelines.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index db4b1c5b43e..3b053e62b19 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -47,6 +47,7 @@ extends:
parameters:
featureFlags:
autoBaseline: false
+ autoEnableRoslynWithNewRuleset: false
sdl:
sourceAnalysisPool:
name: NetCore1ESPool-Svc-Internal
From d574040e7327b8f84a80fd5baa6e450c4658fc37 Mon Sep 17 00:00:00 2001
From: Shay Rojansky
Date: Mon, 15 Sep 2025 09:06:55 +0200
Subject: [PATCH 3/3] Resolve query logger from QueryContext in shaper
generation (#36758) (#36779)
Instead of closing over the current scoped logger, causing a leak.
Closes #36464
(cherry picked from commit b7996bea1566d1afd3f8c0fe9226b6c3c6b19d32)
---
...sitor.ShaperProcessingExpressionVisitor.cs | 26 ++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)
diff --git a/src/EFCore.Relational/Query/RelationalShapedQueryCompilingExpressionVisitor.ShaperProcessingExpressionVisitor.cs b/src/EFCore.Relational/Query/RelationalShapedQueryCompilingExpressionVisitor.ShaperProcessingExpressionVisitor.cs
index d65ceaa0269..de2e8969612 100644
--- a/src/EFCore.Relational/Query/RelationalShapedQueryCompilingExpressionVisitor.ShaperProcessingExpressionVisitor.cs
+++ b/src/EFCore.Relational/Query/RelationalShapedQueryCompilingExpressionVisitor.ShaperProcessingExpressionVisitor.cs
@@ -19,6 +19,9 @@ private sealed partial class ShaperProcessingExpressionVisitor : ExpressionVisit
public static readonly bool UseOldBehavior32310 =
AppContext.TryGetSwitch("Microsoft.EntityFrameworkCore.Issue32310", out var enabled32310) && enabled32310;
+ private static readonly bool UseOldBehavior36464 =
+ AppContext.TryGetSwitch("Microsoft.EntityFrameworkCore.Issue36464", out var enabled36464) && enabled36464;
+
///
/// Reading database values
///
@@ -80,6 +83,9 @@ private static readonly MethodInfo Utf8JsonReaderGetStringMethod
private static readonly MethodInfo EnumParseMethodInfo
= typeof(Enum).GetMethod(nameof(Enum.Parse), new[] { typeof(Type), typeof(string) })!;
+ private static readonly PropertyInfo QueryContextQueryLoggerProperty =
+ typeof(QueryContext).GetProperty(nameof(QueryContext.QueryLogger))!;
+
private readonly RelationalShapedQueryCompilingExpressionVisitor _parentVisitor;
private readonly ISet? _tags;
private readonly bool _isTracking;
@@ -1644,7 +1650,9 @@ protected override Expression VisitSwitch(SwitchExpression switchExpression)
New(
JsonReaderManagerConstructor,
_jsonReaderDataParameter,
- Constant(_queryLogger))),
+ UseOldBehavior36464
+ ? Constant(_queryLogger)
+ : MakeMemberAccess(QueryCompilationContext.QueryContextParameter, QueryContextQueryLoggerProperty))),
// tokenType = jsonReaderManager.CurrentReader.TokenType
Assign(
tokenTypeVariable,
@@ -1807,7 +1815,13 @@ void ProcessFixup(IDictionary fixupMap)
var captureState = Call(managerVariable, Utf8JsonReaderManagerCaptureStateMethod);
var assignment = Assign(propertyVariable, innerShaperMapElement.Value);
var managerRecreation = Assign(
- managerVariable, New(JsonReaderManagerConstructor, _jsonReaderDataParameter, Constant(_queryLogger)));
+ managerVariable,
+ New(
+ JsonReaderManagerConstructor,
+ _jsonReaderDataParameter,
+ UseOldBehavior36464
+ ? Constant(_queryLogger)
+ : MakeMemberAccess(QueryCompilationContext.QueryContextParameter, QueryContextQueryLoggerProperty)));
readExpressions.Add(
Block(
@@ -2170,7 +2184,13 @@ private static IList PopulateList(IList buffer, IList target)
Default(typeof(JsonReaderData))),
Block(
Assign(
- jsonReaderManagerVariable, New(JsonReaderManagerConstructor, jsonReaderDataVariable, Constant(_queryLogger))),
+ jsonReaderManagerVariable,
+ New(
+ JsonReaderManagerConstructor,
+ jsonReaderDataVariable,
+ UseOldBehavior36464
+ ? Constant(_queryLogger)
+ : MakeMemberAccess(QueryCompilationContext.QueryContextParameter, QueryContextQueryLoggerProperty))),
Call(jsonReaderManagerVariable, Utf8JsonReaderManagerMoveNextMethod),
Call(jsonReaderManagerVariable, Utf8JsonReaderManagerCaptureStateMethod)));