From d4daa387126770ed9b1a8cec1c1c81aad5cb0443 Mon Sep 17 00:00:00 2001 From: Noah Gilson Date: Wed, 22 Oct 2025 15:38:39 -0700 Subject: [PATCH 1/6] Copy the logic for sdk CI to dnup CI --- .vsts-dnup-ci.yml | 265 ++++++++++++++++++ .../templates/jobs/dnup-library-package.yml | 0 2 files changed, 265 insertions(+) create mode 100644 .vsts-dnup-ci.yml create mode 100644 eng/pipelines/templates/jobs/dnup-library-package.yml diff --git a/.vsts-dnup-ci.yml b/.vsts-dnup-ci.yml new file mode 100644 index 000000000000..203f25858867 --- /dev/null +++ b/.vsts-dnup-ci.yml @@ -0,0 +1,265 @@ +# Pipeline: https://dev.azure.com/dnceng/internal/_build?definitionId= + +trigger: + batch: true + branches: + include: + - dnup + +pr: + branches: + include: + - dnup + +parameters: +# When true, runs the pipeline in the same way as the PR pipeline. +- name: runTestBuild + displayName: Run A Test Build + type: boolean + default: false +- name: enableArm64Job + displayName: Enables the ARM64 job + type: boolean + default: false + +variables: +- template: /eng/pipelines/templates/variables/sdk-defaults.yml +# Variables used: DncEngInternalBuildPool +- template: /eng/common/templates-official/variables/pool-providers.yml +# Helix testing requires a token when internally run. +# Variables used: HelixApiAccessToken +- group: DotNet-HelixApi-Access +- group: AzureDevOps-Artifact-Feeds-Pats +# Allows Arcade to run a signed build by disabling post-build signing for release-branch builds or manual builds that are not running tests. +- ${{ if and(eq(parameters.runTestBuild, false), or(startswith(variables['Build.SourceBranch'], 'refs/heads/release/'), startswith(variables['Build.SourceBranch'], 'refs/heads/internal/release/'), eq(variables['Build.Reason'], 'Manual'))) }}: + - name: PostBuildSign + value: false +# Provides TSA variables for automatic bug reporting. +- ${{ if ne(variables['Build.Reason'], 'PullRequest') }}: + - group: DotNet-CLI-SDLValidation-Params +### LOCAL ONLY ### +- name: _publishArgument + value: -publish +- name: _signArgument + value: -sign /p:SignCoreSdk=true +- name: _officialBuildProperties + # The OfficialBuilder property is set to Microsoft for the official build only. + # This property is checked in Directory.Build.props and adds the MICROSOFT_ENABLE_TELEMETRY constant. + # This constant is used in CompileOptions.cs to set both TelemetryOptOutDefault and TelemetryOptOutDefaultString. + value: /p:DotNetPublishUsingPipelines=true /p:OfficialBuilder=Microsoft /p:OfficialBuildId=$(Build.BuildNumber) + +resources: + repositories: + - repository: 1esPipelines + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release + +extends: + ${{ if ne(variables['Build.Reason'], 'PullRequest') }}: + template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines + ${{ else }}: + template: v1/1ES.Unofficial.PipelineTemplate.yml@1esPipelines + parameters: + containers: + azureLinux30Amd64: + image: mcr.microsoft.com/dotnet-buildtools/prereqs:azurelinux-3.0-net10.0-build-amd64 + + sdl: + sourceAnalysisPool: + name: $(DncEngInternalBuildPool) + image: 1es-windows-2022 + os: windows + policheck: + enabled: true + tsa: + enabled: true + binskim: + enabled: true + ${{ if or(eq(parameters.runTestBuild, true), eq(variables['Build.Reason'], 'PullRequest')) }}: + componentgovernance: + # Refdoc: https://docs.opensource.microsoft.com/tools/cg/component-detection/variables/ + ignoreDirectories: artifacts, .packages + + stages: + ############### BUILD STAGE ############### + - stage: build + displayName: Build + jobs: + ############### WINDOWS ############### + - template: /eng/pipelines/templates/jobs/sdk-job-matrix.yml@self + parameters: + pool: + name: $(DncEngInternalBuildPool) + image: windows.vs2022.amd64 + os: windows + helixTargetQueue: windows.amd64.vs2022.pre + oneESCompat: + templateFolderName: templates-official + publishTaskPrefix: 1ES. + runtimeSourceProperties: /p:DotNetRuntimeSourceFeed=https://ci.dot.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) + locBranch: release/10.0.1xx + # WORKAROUND: BinSkim requires the folder exist prior to scanning. + preSteps: + - powershell: New-Item -ItemType Directory -Path $(Build.SourcesDirectory)/artifacts/bin -Force + displayName: Create artifacts/bin directory + ${{ if and(eq(parameters.runTestBuild, false), ne(variables['Build.Reason'], 'PullRequest')) }}: + timeoutInMinutes: 180 + windowsJobParameterSets: + ### OFFICIAL ### + - categoryName: Official + publishArgument: $(_publishArgument) + signArgument: $(_signArgument) + officialBuildProperties: $(_officialBuildProperties) /p:BuildWorkloads=true + enableDefaultArtifacts: true + runTests: false + publishRetryConfig: true + variables: + _SignType: real + - categoryName: Official + targetArchitecture: x86 + publishArgument: $(_publishArgument) + signArgument: $(_signArgument) + officialBuildProperties: $(_officialBuildProperties) + runTests: false + variables: + _SignType: real + dependsOn: Official_windows_x64 + downloadManifestMsiPackages: true + - categoryName: Official + targetArchitecture: arm64 + publishArgument: $(_publishArgument) + signArgument: $(_signArgument) + officialBuildProperties: $(_officialBuildProperties) + runTests: false + variables: + _SignType: real + dependsOn: Official_windows_x64 + downloadManifestMsiPackages: true + + ############### LINUX ############### + - template: /eng/pipelines/templates/jobs/sdk-job-matrix.yml@self + parameters: + pool: + name: $(DncEngInternalBuildPool) + image: 1es-ubuntu-2204 + os: linux + helixTargetQueue: ubuntu.2204.amd64 + oneESCompat: + templateFolderName: templates-official + publishTaskPrefix: 1ES. + runtimeSourceProperties: /p:DotNetRuntimeSourceFeed=https://ci.dot.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) + ${{ if and(eq(parameters.runTestBuild, false), ne(variables['Build.Reason'], 'PullRequest')) }}: + timeoutInMinutes: 90 + linuxJobParameterSets: + ### OFFICIAL ### + # Note: These builds are also glibc like the glibc category, but that category uses containers, and doesn't publish zips and tarballs. + - categoryName: Official + publishArgument: $(_publishArgument) + officialBuildProperties: $(_officialBuildProperties) + osProperties: $(linuxOsglibcProperties) + runTests: false + - categoryName: Official + targetArchitecture: arm + runtimeIdentifier: linux-arm + publishArgument: $(_publishArgument) + officialBuildProperties: $(_officialBuildProperties) + osProperties: $(linuxOsglibcProperties) + runTests: false + - categoryName: Official + targetArchitecture: arm64 + runtimeIdentifier: linux-arm64 + publishArgument: $(_publishArgument) + officialBuildProperties: $(_officialBuildProperties) + osProperties: $(linuxOsglibcProperties) + runTests: false + ### glibc ### + - categoryName: glibc + # Do not publish zips and tarballs. The linux-x64 binaries are already published by Official. + publishArgument: $(_publishArgument) /p:PublishBinariesAndBadge=false + officialBuildProperties: $(_officialBuildProperties) + osProperties: $(linuxOsglibcProperties) /p:BuildSdkDeb=true + runTests: false + - categoryName: glibc + targetArchitecture: arm64 + runtimeIdentifier: linux-arm64 + # Do not publish zips and tarballs. The linux-arm64 binaries are already published by Official. + publishArgument: $(_publishArgument) /p:PublishBinariesAndBadge=false + officialBuildProperties: $(_officialBuildProperties) + osProperties: $(linuxOsglibcProperties) /p:BuildSdkDeb=true + runTests: false + ### musl ### + - categoryName: musl + container: azureLinux30Amd64 + runtimeIdentifier: linux-musl-x64 + publishArgument: $(_publishArgument) + officialBuildProperties: $(_officialBuildProperties) + # Use HostOSName when running on alpine. + osProperties: /p:HostOSName=linux-musl + # SBOM generation is not supported for alpine. + enableSbom: false + runTests: false + # Helix is hanging on this job using the container. See: https://github.com/dotnet/dnceng/issues/6000 + disableJob: true + - categoryName: musl + container: azureLinux30Amd64 + targetArchitecture: arm + runtimeIdentifier: linux-musl-arm + publishArgument: $(_publishArgument) + officialBuildProperties: $(_officialBuildProperties) + osProperties: /p:OSName=linux-musl + runTests: false + # Helix is hanging on this job using the container. See: https://github.com/dotnet/dnceng/issues/6000 + disableJob: true + - categoryName: musl + targetArchitecture: arm64 + runtimeIdentifier: linux-musl-arm64 + publishArgument: $(_publishArgument) + officialBuildProperties: $(_officialBuildProperties) + osProperties: /p:OSName=linux-musl + runTests: false + + ############### MACOS ############### + - template: /eng/pipelines/templates/jobs/sdk-job-matrix.yml@self + parameters: + pool: + name: Azure Pipelines + image: macOS-latest + os: macOS + helixTargetQueue: osx.15.amd64 + oneESCompat: + templateFolderName: templates-official + publishTaskPrefix: 1ES. + runtimeSourceProperties: /p:DotNetRuntimeSourceFeed=https://ci.dot.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) + ${{ if and(eq(parameters.runTestBuild, false), ne(variables['Build.Reason'], 'PullRequest')) }}: + timeoutInMinutes: 90 + macOSJobParameterSets: + ### OFFICIAL ### + - categoryName: Official + runtimeIdentifier: osx-x64 + publishArgument: $(_publishArgument) + officialBuildProperties: $(_officialBuildProperties) + runTests: false + - categoryName: Official + targetArchitecture: arm64 + runtimeIdentifier: osx-arm64 + publishArgument: $(_publishArgument) + officialBuildProperties: $(_officialBuildProperties) + runTests: false + + ############### PUBLISH STAGE ############### + - ${{ if ne(variables['Build.Reason'], 'PullRequest') }}: + - stage: publish + displayName: Publish + dependsOn: [] + jobs: + - template: /eng/common/templates-official/job/publish-build-assets.yml@self + parameters: + publishUsingPipelines: true + publishAssetsImmediately: true + isAssetlessBuild: true + repositoryAlias: self + pool: + name: $(DncEngInternalBuildPool) + image: 1es-windows-2022 + os: windows diff --git a/eng/pipelines/templates/jobs/dnup-library-package.yml b/eng/pipelines/templates/jobs/dnup-library-package.yml new file mode 100644 index 000000000000..e69de29bb2d1 From fd0d9eecc3dcc2a5367e883870155a07d7df5cd3 Mon Sep 17 00:00:00 2001 From: Noah Gilson Date: Wed, 22 Oct 2025 15:38:50 -0700 Subject: [PATCH 2/6] Produce a package from the library on build --- .../Microsoft.Dotnet.Installation.csproj | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/Installer/Microsoft.Dotnet.Installation/Microsoft.Dotnet.Installation.csproj b/src/Installer/Microsoft.Dotnet.Installation/Microsoft.Dotnet.Installation.csproj index a5b18eda75df..49a69132ae20 100644 --- a/src/Installer/Microsoft.Dotnet.Installation/Microsoft.Dotnet.Installation.csproj +++ b/src/Installer/Microsoft.Dotnet.Installation/Microsoft.Dotnet.Installation.csproj @@ -8,11 +8,13 @@ $(NoWarn);CS8002 + Microsoft.Dotnet.Installation + true - + From 67a61aba0c55c402b7d9a35b890284d32f7398fc Mon Sep 17 00:00:00 2001 From: Noah Gilson Date: Wed, 22 Oct 2025 16:08:17 -0700 Subject: [PATCH 3/6] enable package creation --- .../Microsoft.Dotnet.Installation.csproj | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/Installer/Microsoft.Dotnet.Installation/Microsoft.Dotnet.Installation.csproj b/src/Installer/Microsoft.Dotnet.Installation/Microsoft.Dotnet.Installation.csproj index 49a69132ae20..e1609c39b30c 100644 --- a/src/Installer/Microsoft.Dotnet.Installation/Microsoft.Dotnet.Installation.csproj +++ b/src/Installer/Microsoft.Dotnet.Installation/Microsoft.Dotnet.Installation.csproj @@ -8,8 +8,12 @@ $(NoWarn);CS8002 + true + true Microsoft.Dotnet.Installation - true + false + .NET Installation Library + 1.0.0-alpha From 4003434c6193a9b47e682a3834e2ddb0f1724335 Mon Sep 17 00:00:00 2001 From: Noah Gilson Date: Wed, 22 Oct 2025 16:19:41 -0700 Subject: [PATCH 4/6] Package version correctly created at D:\sdk\artifacts\packages\Release\NonShipping --- .../Microsoft.Dotnet.Installation.csproj | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Installer/Microsoft.Dotnet.Installation/Microsoft.Dotnet.Installation.csproj b/src/Installer/Microsoft.Dotnet.Installation/Microsoft.Dotnet.Installation.csproj index e1609c39b30c..ec1119864671 100644 --- a/src/Installer/Microsoft.Dotnet.Installation/Microsoft.Dotnet.Installation.csproj +++ b/src/Installer/Microsoft.Dotnet.Installation/Microsoft.Dotnet.Installation.csproj @@ -14,6 +14,7 @@ false .NET Installation Library 1.0.0-alpha + $(Version) From 8cdbcf4f3ead962fd12f9ba378d1396a37a33e68 Mon Sep 17 00:00:00 2001 From: Noah Gilson Date: Wed, 22 Oct 2025 16:32:41 -0700 Subject: [PATCH 5/6] Simplify package creation for now to only run win tests / pkg --- .vsts-dnup-ci.yml | 145 +++------------------------------------------- 1 file changed, 7 insertions(+), 138 deletions(-) diff --git a/.vsts-dnup-ci.yml b/.vsts-dnup-ci.yml index 203f25858867..2ae6f87cf649 100644 --- a/.vsts-dnup-ci.yml +++ b/.vsts-dnup-ci.yml @@ -5,11 +5,13 @@ trigger: branches: include: - dnup + - release/dnup pr: branches: include: - dnup + - release/dnup parameters: # When true, runs the pipeline in the same way as the PR pipeline. @@ -83,22 +85,19 @@ extends: stages: ############### BUILD STAGE ############### - - stage: build - displayName: Build - jobs: ############### WINDOWS ############### - - template: /eng/pipelines/templates/jobs/sdk-job-matrix.yml@self + - template: /eng/pipelines/templates/jobs/dnup-tests.yml@self parameters: pool: - name: $(DncEngInternalBuildPool) + name: $($(DncEngInternalBuildPool)) image: windows.vs2022.amd64 os: windows + emoji: 🪟 helixTargetQueue: windows.amd64.vs2022.pre oneESCompat: templateFolderName: templates-official publishTaskPrefix: 1ES. runtimeSourceProperties: /p:DotNetRuntimeSourceFeed=https://ci.dot.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) - locBranch: release/10.0.1xx # WORKAROUND: BinSkim requires the folder exist prior to scanning. preSteps: - powershell: New-Item -ItemType Directory -Path $(Build.SourcesDirectory)/artifacts/bin -Force @@ -116,144 +115,14 @@ extends: publishRetryConfig: true variables: _SignType: real - - categoryName: Official - targetArchitecture: x86 - publishArgument: $(_publishArgument) - signArgument: $(_signArgument) - officialBuildProperties: $(_officialBuildProperties) - runTests: false - variables: - _SignType: real - dependsOn: Official_windows_x64 - downloadManifestMsiPackages: true - - categoryName: Official - targetArchitecture: arm64 - publishArgument: $(_publishArgument) - signArgument: $(_signArgument) - officialBuildProperties: $(_officialBuildProperties) - runTests: false - variables: - _SignType: real - dependsOn: Official_windows_x64 - downloadManifestMsiPackages: true - - ############### LINUX ############### - - template: /eng/pipelines/templates/jobs/sdk-job-matrix.yml@self - parameters: - pool: - name: $(DncEngInternalBuildPool) - image: 1es-ubuntu-2204 - os: linux - helixTargetQueue: ubuntu.2204.amd64 - oneESCompat: - templateFolderName: templates-official - publishTaskPrefix: 1ES. - runtimeSourceProperties: /p:DotNetRuntimeSourceFeed=https://ci.dot.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) - ${{ if and(eq(parameters.runTestBuild, false), ne(variables['Build.Reason'], 'PullRequest')) }}: - timeoutInMinutes: 90 - linuxJobParameterSets: - ### OFFICIAL ### - # Note: These builds are also glibc like the glibc category, but that category uses containers, and doesn't publish zips and tarballs. - - categoryName: Official - publishArgument: $(_publishArgument) - officialBuildProperties: $(_officialBuildProperties) - osProperties: $(linuxOsglibcProperties) - runTests: false - - categoryName: Official - targetArchitecture: arm - runtimeIdentifier: linux-arm - publishArgument: $(_publishArgument) - officialBuildProperties: $(_officialBuildProperties) - osProperties: $(linuxOsglibcProperties) - runTests: false - - categoryName: Official - targetArchitecture: arm64 - runtimeIdentifier: linux-arm64 - publishArgument: $(_publishArgument) - officialBuildProperties: $(_officialBuildProperties) - osProperties: $(linuxOsglibcProperties) - runTests: false - ### glibc ### - - categoryName: glibc - # Do not publish zips and tarballs. The linux-x64 binaries are already published by Official. - publishArgument: $(_publishArgument) /p:PublishBinariesAndBadge=false - officialBuildProperties: $(_officialBuildProperties) - osProperties: $(linuxOsglibcProperties) /p:BuildSdkDeb=true - runTests: false - - categoryName: glibc - targetArchitecture: arm64 - runtimeIdentifier: linux-arm64 - # Do not publish zips and tarballs. The linux-arm64 binaries are already published by Official. - publishArgument: $(_publishArgument) /p:PublishBinariesAndBadge=false - officialBuildProperties: $(_officialBuildProperties) - osProperties: $(linuxOsglibcProperties) /p:BuildSdkDeb=true - runTests: false - ### musl ### - - categoryName: musl - container: azureLinux30Amd64 - runtimeIdentifier: linux-musl-x64 - publishArgument: $(_publishArgument) - officialBuildProperties: $(_officialBuildProperties) - # Use HostOSName when running on alpine. - osProperties: /p:HostOSName=linux-musl - # SBOM generation is not supported for alpine. - enableSbom: false - runTests: false - # Helix is hanging on this job using the container. See: https://github.com/dotnet/dnceng/issues/6000 - disableJob: true - - categoryName: musl - container: azureLinux30Amd64 - targetArchitecture: arm - runtimeIdentifier: linux-musl-arm - publishArgument: $(_publishArgument) - officialBuildProperties: $(_officialBuildProperties) - osProperties: /p:OSName=linux-musl - runTests: false - # Helix is hanging on this job using the container. See: https://github.com/dotnet/dnceng/issues/6000 - disableJob: true - - categoryName: musl - targetArchitecture: arm64 - runtimeIdentifier: linux-musl-arm64 - publishArgument: $(_publishArgument) - officialBuildProperties: $(_officialBuildProperties) - osProperties: /p:OSName=linux-musl - runTests: false - ############### MACOS ############### - - template: /eng/pipelines/templates/jobs/sdk-job-matrix.yml@self - parameters: - pool: - name: Azure Pipelines - image: macOS-latest - os: macOS - helixTargetQueue: osx.15.amd64 - oneESCompat: - templateFolderName: templates-official - publishTaskPrefix: 1ES. - runtimeSourceProperties: /p:DotNetRuntimeSourceFeed=https://ci.dot.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) - ${{ if and(eq(parameters.runTestBuild, false), ne(variables['Build.Reason'], 'PullRequest')) }}: - timeoutInMinutes: 90 - macOSJobParameterSets: - ### OFFICIAL ### - - categoryName: Official - runtimeIdentifier: osx-x64 - publishArgument: $(_publishArgument) - officialBuildProperties: $(_officialBuildProperties) - runTests: false - - categoryName: Official - targetArchitecture: arm64 - runtimeIdentifier: osx-arm64 - publishArgument: $(_publishArgument) - officialBuildProperties: $(_officialBuildProperties) - runTests: false - - ############### PUBLISH STAGE ############### + ############### PACKAGE STAGE ############### - ${{ if ne(variables['Build.Reason'], 'PullRequest') }}: - stage: publish displayName: Publish dependsOn: [] jobs: - - template: /eng/common/templates-official/job/publish-build-assets.yml@self + - template: /eng/pipelines/templates/jobs/dnup-library-package.yml@self parameters: publishUsingPipelines: true publishAssetsImmediately: true From ae2f079718aa147e73f6781d94756b4e2c89f989 Mon Sep 17 00:00:00 2001 From: Noah Gilson Date: Wed, 22 Oct 2025 16:48:48 -0700 Subject: [PATCH 6/6] remove unused publish properties --- .vsts-dnup-ci.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.vsts-dnup-ci.yml b/.vsts-dnup-ci.yml index 2ae6f87cf649..f0523037a8d6 100644 --- a/.vsts-dnup-ci.yml +++ b/.vsts-dnup-ci.yml @@ -124,10 +124,6 @@ extends: jobs: - template: /eng/pipelines/templates/jobs/dnup-library-package.yml@self parameters: - publishUsingPipelines: true - publishAssetsImmediately: true - isAssetlessBuild: true - repositoryAlias: self pool: name: $(DncEngInternalBuildPool) image: 1es-windows-2022