CodeQL is a static analysis tool that is able to scan source code to help detect security vulnerabilities. In mono/mono.posix, there already exists auto-injection of CodeQL's init and finalize tasks within the official default pipeline.
We enable CodeQL directly on the main pipeline as there are relatively few jobs, and because commits are relatively infrequent, there is no need for a separate pipeline to specify a cadence (periods between commits and therefore pipeline builds can be over a weeklong, so if there is no change, there is no need for a new codeql scan)
This PR does the following:
Enables CodeQL
Enable TSA with CodeQL
It doesn't reference the vulnerable Newtonsoft.Json that gets flagged by Component Governance.
Also fix the `test` stage dependency so it only runs if `build_artifacts` succeeds.
We never actually used the MACOS_MIN_VERSION variable anywhere so it was defaulting to the version of the macOS build host.
The macos-10.15 Azure DevOps image is getting deprecated so bump to macos-12 and fix the build so it still compiles with a min version of 10.15
The configure checks need -Werror=unguarded-availability otherwise they'll erreanously detect presence of symbols
Microsoft.DotNet.Arcade.Sdk
From Version 7.0.0-beta.21569.2 -> To Version 7.0.0-beta.22068.3
Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com>
Since the managed libraries are built on Windows when packaging, the
released nuget would get a Mono.Unix.dll which would attempt to look
up `libc` symbols in `msvcrt`, which would break. Since we currently
don't support Windows at all, remove support for `msvcrt`
Bump version to 7.1.0
Rebuilding the managed code on Windows causes it to want to use
`msvcrt` instead of `c` when resolving `libc` p/invokes, which
will cause the libc calls to fail on Unix.
Download and extract the `Managed` artifact on packaging time, so
that the assemblies built on Unix are properly packaged and not
rebuilt.
Due to how version numbers are sorted, the previous commit (producing
`7.0.0-beta.2` would be considered older than `7.0.0-beta1` previously
published). So to cleanly switch to a supported "valid" version ordering
scheme, this commit changes the tag to `gamma` and iteration to `1`
which will produce `7.0.0-gamma.1`, thus making it newer than all the
previous releases.
Context: df88c3c756
`aux` is a reserved device file name on Windows and, thus, cannot be
used as a name of a directory. Rename the directory to `auxiliary`
For RIDs that *don't* support shared libraries, we want to put the static
library into `runtimes/<rid>/native/`.
For RIDs that *do* support shared libraries, we want to instead put the
shared library into `runtimes/<rid>/native/` and the static library into
`aux/<rid>/native/`.
Debug symbols, if available, always go into `aux/<rid>/native/`.
The idea is to avoid putting files into `runtimes/<rid>/native/` if they
aren't actually needed by `dotnet publish` for that `<rid>`. This is because
the publish logic isn't smart enough to figure out that it should exclude
e.g. static libraries when publishing for a RID that supports shared
libraries.
It appears Mono.Unix is not where this code should live but rather in a
dotnet "host", if need be (e.g. in Xamarin.Android MSBuild tasks or in
any other framework that happens to use Mono.Unix)
`dotnet` needs this in order to be able to locate the shared library in
the `runtimes` subdirectory of the directory where `Mono.Unix.dll`
lives. The code is enabled only for `netcoreapp` builds.
RPATH/RUNPATH would be removed on install time, but since we don't
really install anthing, the rpath entry stays in the binary, which is
not something we rally want.
Add a `Mono.Unix.targets` file which copies all the native libraries
into the referencing project's output directory, putting each native
library in respective `runtimes/RID` directory where `RID` is the
runtime ID of the native library.
Add a `dllmap` configuration for Mono so that it can find native
libraries in the above directories.
Alexander Köplinger
dotnet-maestro[bot]
Mitchell Hwang
Jon Fortescue
Marek Habersack
Alex Rønne Petersen