Merge remote-tracking branch 'libtemplate/microbuild' into libtemplateUpdate

2024-08-22 09:20:38 -06:00 · 2024-08-22 09:20:38 -06:00 · b4b4ab0b2b
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@ -5,11 +5,11 @@
    <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
    <CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>

-    <MicroBuildVersion>2.0.162</MicroBuildVersion>
+    <MicroBuildVersion>2.0.165</MicroBuildVersion>
  </PropertyGroup>
  <ItemGroup>
    <PackageVersion Include="Microsoft.CodeAnalysis.ResxSourceGenerator" Version="3.3.5-beta1.23330.2" />
-    <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
+    <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.11.0" />
    <PackageVersion Include="Microsoft.VisualStudio.Internal.MicroBuild.NonShipping" Version="$(MicroBuildVersion)" />
    <PackageVersion Include="Moq" Version="4.20.70" />
    <PackageVersion Include="xunit.runner.visualstudio" Version="2.8.2" />
--- a/azure-pipelines/build.yml
+++ b/azure-pipelines/build.yml
@ -65,6 +65,11 @@ parameters:
  type: boolean
  default: true

+# Whether this is a special one-off build for inserting into VS for a validation insertion PR (that will never be merged).
+- name: ValidationBuild
+  type: boolean
+  default: false
+
 - name: EnableAPIScan
  type: boolean
  default: false
@ -191,6 +196,7 @@ jobs:
      parameters:
        EnableOptProf: ${{ parameters.EnableOptProf }}
        IsOptProf: ${{ parameters.IsOptProf }}
+        ValidationBuild: ${{ parameters.ValidationBuild }}

 - ${{ if not(parameters.IsOptProf) }}:
  - ${{ if parameters.EnableLinuxBuild }}:
--- a/azure-pipelines/microbuild.after.yml
+++ b/azure-pipelines/microbuild.after.yml
@ -5,14 +5,17 @@ parameters:
 - name: IsOptProf
  type: boolean
  default: false
+- name: ValidationBuild
+  type: boolean

 steps:
- task: MicroBuildCodesignVerify@3
-  displayName: 🔍 Verify Signed Files
-  inputs:
-    TargetFolders: |
-      $(Build.SourcesDirectory)/bin/Packages/$(BuildConfiguration)
-  condition: and(succeeded(), eq(variables['Agent.OS'], 'Windows_NT'))
+- ${{ if not(parameters.ValidationBuild) }}: # skip CodesignVerify on validation builds because we don't even test-sign nupkg's.
+  - task: MicroBuildCodesignVerify@3
+    displayName: 🔍 Verify Signed Files
+    inputs:
+      TargetFolders: |
+        $(Build.SourcesDirectory)/bin/Packages/$(BuildConfiguration)
+    condition: and(succeeded(), eq(variables['Agent.OS'], 'Windows_NT'))

 - ${{ if parameters.IsOptProf }}:
  - task: ms-vscs-artifact.build-tasks.artifactDropTask-1.artifactDropTask@0
--- a/azure-pipelines/prepare-insertion-stages.yml
+++ b/azure-pipelines/prepare-insertion-stages.yml
@ -9,7 +9,6 @@ parameters:
 stages:
 - stage: release
  displayName: Publish
-  condition: and(succeeded(), eq('${{ parameters.RealSign }}', 'true'))
  jobs:
  - ${{ if parameters.ArchiveSymbols }}:
    - job: symbol_archive
@ -34,7 +33,10 @@ stages:

  - ${{ if true }}: # leave the condition to avoid merge conflicts later.
    - job: push
-      displayName: azure-public/vssdk feed
+      ${{ if parameters.RealSign }}:
+        displayName: azure-public/vssdk feed
+      ${{ else }}:
+        displayName: devdiv/vs-impl feed # Leave this as-is, since non-signed builds must not be pushed to public feeds.
      ${{ if parameters.ArchiveSymbols }}:
        dependsOn: symbol_archive
      pool:
@ -49,8 +51,12 @@ stages:
          packagesToPush: '$(Pipeline.Workspace)/deployables-Windows/NuGet/*.nupkg'
          packageParentPath: $(Pipeline.Workspace)/deployables-Windows/NuGet
          allowPackageConflicts: true
-          nuGetFeedType: external
-          publishFeedCredentials: azure-public/vssdk
+          ${{ if parameters.RealSign }}:
+            nuGetFeedType: external
+            publishFeedCredentials: azure-public/vssdk
+          ${{ else }}:
+            nuGetFeedType: internal
+            publishVstsFeed: vs-impl # Leave this as-is, since non-signed builds must not be pushed to public feeds.
      steps:
      - checkout: none
      - download: current
@ -61,7 +67,8 @@ stages:
      - download: current
        artifact: deployables-Windows
        displayName: 🔻 Download deployables-Windows artifact
-      - template: WIFtoPATauth.yml
-        parameters:
-          wifServiceConnectionName: azure-public/vside package push
-          deadPATServiceConnectionId: 42175e93-c771-4a4f-a132-3cca78f44b3b # azure-public/vssdk
+      - ${{ if parameters.RealSign }}:
+        - template: WIFtoPATauth.yml
+          parameters:
+            wifServiceConnectionName: azure-public/vside package push
+            deadPATServiceConnectionId: 42175e93-c771-4a4f-a132-3cca78f44b3b # azure-public/vssdk
--- a/azure-pipelines/vs-validation.yml
+++ b/azure-pipelines/vs-validation.yml
@ -14,6 +14,8 @@ resources:

 variables:
 - template: GlobalVariables.yml
+- name: MicroBuild_NuPkgSigningEnabled
+  value: false # test-signed nuget packages fail to restore in the VS insertion PR validations. Just don't sign the *at all*.

 extends:
  template: azure-pipelines/MicroBuild.1ES.Unofficial.yml@MicroBuildTemplate
@ -33,15 +35,25 @@ extends:
      - template: /azure-pipelines/build.yml@self
        parameters:
          Is1ESPT: true
-          RealSign: true
+          RealSign: false
          windowsPool: VSEngSS-MicroBuild2022-1ES
+          linuxPool:
+            name: AzurePipelines-EO
+            demands:
+            - ImageOverride -equals 1ESPT-Ubuntu22.04
+            os: Linux
+          macOSPool:
+            name: Azure Pipelines
+            vmImage: macOS-12
+            os: macOS
          EnableMacOSBuild: false
          RunTests: false
+          ValidationBuild: true

    - template: /azure-pipelines/prepare-insertion-stages.yml@self
      parameters:
        ArchiveSymbols: false
-        RealSign: true
+        RealSign: false

    - stage: insertion
      displayName: VS insertion
@ -73,12 +85,13 @@ extends:
          inputs:
            TeamName: $(TeamName)
            TeamEmail: $(TeamEmail)
-            InsertionPayloadName: $(Build.Repository.Name) VALIDATION BUILD $(Build.BuildNumber) ($(Build.SourceBranch)) [Skip-SymbolCheck]
+            InsertionPayloadName: $(Build.Repository.Name) VALIDATION BUILD $(Build.BuildNumber) ($(Build.SourceBranch)) [Skip-SymbolCheck] [Skip-HashCheck] [Skip-SignCheck]
            InsertionDescription: |
              This PR is for **validation purposes only** for !$(System.PullRequest.PullRequestId). **Do not complete**.
            CustomScriptExecutionCommand: src/VSSDK/NuGet/AllowUnstablePackages.ps1
            InsertionBuildPolicy: Request Perf DDRITs
            InsertionReviewers: $(Build.RequestedFor)
+            DraftPR: false # set to true and update InsertionBuildPolicy when we can specify all the validations we want to run (https://dev.azure.com/devdiv/DevDiv/_workitems/edit/2224288)
            AutoCompletePR: false
            ShallowClone: true
        - powershell: |