diff --git a/.github/workflows/inter-branch-merge-flow.yml b/.github/workflows/inter-branch-merge-flow.yml
new file mode 100644
index 000000000000..20246c14fc58
--- /dev/null
+++ b/.github/workflows/inter-branch-merge-flow.yml
@@ -0,0 +1,13 @@
+name: Inter-branch merge workflow
+on:
+ push:
+ branches:
+ - release/**
+
+permissions:
+ contents: write
+ pull-requests: write
+
+jobs:
+ Merge:
+ uses: dotnet/arcade/.github/workflows/inter-branch-merge-base.yml@main
\ No newline at end of file
diff --git a/.vsts-ci-richnav.yml b/.vsts-ci-richnav.yml
index 2b254e9b8f72..1995db108e1d 100644
--- a/.vsts-ci-richnav.yml
+++ b/.vsts-ci-richnav.yml
@@ -26,7 +26,7 @@ stages:
richCodeNavigationEnvironment: 'production'
pool:
name: $(DncEngPublicBuildPool)
- demands: ImageOverride -equals windows.vs2019.amd64.open
+ demands: ImageOverride -equals windows.vs2019.amd64.open
timeoutInMinutes: 180
strategy:
matrix:
@@ -45,6 +45,7 @@ stages:
- _SignArgs: ''
- _InternalRuntimeDownloadArgs: ''
steps:
+ - template: /eng/common/templates/steps/enable-internal-runtimes.yml
- powershell: eng\common\build.ps1
-restore
-ci
@@ -65,23 +66,23 @@ stages:
TestFullMSBuild: 'true'
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
- - task: CopyFiles@2
- displayName: Gather Logs
- inputs:
- SourceFolder: '$(Build.SourcesDirectory)/artifacts'
- Contents: |
- log/$(_BuildConfig)/**/*
- TestResults/$(_BuildConfig)/**/*
- SymStore/$(_BuildConfig)/**/*
- TargetFolder: '$(Build.ArtifactStagingDirectory)'
- continueOnError: true
+ - task: CopyFiles@2
+ displayName: Gather Logs
+ inputs:
+ SourceFolder: '$(Build.SourcesDirectory)/artifacts'
+ Contents: |
+ log/$(_BuildConfig)/**/*
+ TestResults/$(_BuildConfig)/**/*
+ SymStore/$(_BuildConfig)/**/*
+ TargetFolder: '$(Build.ArtifactStagingDirectory)'
+ continueOnError: true
condition: always()
- - task: PublishBuildArtifacts@1
- displayName: Publish Logs to VSTS
- inputs:
- PathtoPublish: '$(Build.ArtifactStagingDirectory)'
- ArtifactName: '$(_AgentOSName)_$(Agent.JobName)_$(Build.BuildNumber)'
- publishLocation: Container
- continueOnError: true
+ - task: PublishBuildArtifacts@1
+ displayName: Publish Logs to VSTS
+ inputs:
+ PathtoPublish: '$(Build.ArtifactStagingDirectory)'
+ ArtifactName: '$(_AgentOSName)_$(Agent.JobName)_$(Build.BuildNumber)'
+ publishLocation: Container
+ continueOnError: true
condition: always()
diff --git a/.vsts-ci.yml b/.vsts-ci.yml
index 9362f9e0be4e..2aebe7dd3b36 100644
--- a/.vsts-ci.yml
+++ b/.vsts-ci.yml
@@ -36,10 +36,9 @@ variables:
value: /p:OfficialBuilder=Microsoft
- name: Codeql.Enabled
value: true
- - group: DotNetBuilds storage account read tokens
- name: _InternalRuntimeDownloadArgs
- value: /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal
- /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64)
+ value: /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal
+ /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64)
- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
- group: DotNet-CLI-SDLValidation-Params
- template: /eng/common/templates-official/variables/pool-providers.yml
@@ -115,6 +114,7 @@ extends:
value: ''
- template: /eng/common/templates-official/job/source-build.yml@self
parameters:
+ enableInternalSources: true
platform:
name: 'Managed'
container: 'mcr.microsoft.com/dotnet-buildtools/prereqs:centos-stream8'
diff --git a/.vsts-pr.yml b/.vsts-pr.yml
index a7e6ce5a0de7..3736c5a7885b 100644
--- a/.vsts-pr.yml
+++ b/.vsts-pr.yml
@@ -18,14 +18,8 @@ pr:
variables:
- name: teamName
value: Roslyn-Project-System
- - name: _DotNetPublishToBlobFeed
- value: false
- name: _CIBuild
value: -restore -build -sign -pack -ci
- - name: _DotNetArtifactsCategory
- value: .NETCore
- - name: _DotNetValidationArtifactsCategory
- value: .NETCore
- ${{ if or(startswith(variables['Build.SourceBranch'], 'refs/heads/release/'), startswith(variables['Build.SourceBranch'], 'refs/heads/internal/release/'), eq(variables['Build.Reason'], 'Manual')) }}:
- name: PostBuildSign
value: false
@@ -44,10 +38,9 @@ variables:
value: /p:OfficialBuilder=Microsoft
- name: Codeql.Enabled
value: true
- - group: DotNetBuilds storage account read tokens
- name: _InternalRuntimeDownloadArgs
- value: /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal
- /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64)
+ value: /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal
+ /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64)
- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
- group: DotNet-CLI-SDLValidation-Params
- template: /eng/common/templates/variables/pool-providers.yml
@@ -64,9 +57,9 @@ stages:
name: $(DncEngInternalBuildPool)
demands: ImageOverride -equals windows.vs2019.amd64
steps:
- - publish: $(Build.SourcesDirectory)\eng\BuildConfiguration
- artifact: BuildConfiguration
- displayName: Publish Build Config
+ - publish: $(Build.SourcesDirectory)\eng\BuildConfiguration
+ artifact: BuildConfiguration
+ displayName: Publish Build Config
- template: /eng/build-pr.yml
parameters:
agentOs: Windows_NT
@@ -94,6 +87,7 @@ stages:
_Test: ''
- template: /eng/common/templates/job/source-build.yml
parameters:
+ enableInternalSources: true
platform:
name: 'Managed'
container: 'mcr.microsoft.com/dotnet-buildtools/prereqs:centos-stream8'
diff --git a/NuGet.config b/NuGet.config
index fc5e64092a4c..70962b57c453 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -18,7 +18,7 @@
-
+
diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml
index e9bd517ce15e..5e87481bfd0d 100644
--- a/eng/Version.Details.xml
+++ b/eng/Version.Details.xml
@@ -1,17 +1,17 @@
-
+
https://github.com/dotnet/templating
- 224824ff7d90e091d7ed93bf056ff70c9d0d6ab9
+ 5cab53780897ef7a8e212e10732af54c0a7e597f
-
+
https://github.com/dotnet/templating
- 224824ff7d90e091d7ed93bf056ff70c9d0d6ab9
+ 5cab53780897ef7a8e212e10732af54c0a7e597f
-
+
https://github.com/dotnet/templating
- 224824ff7d90e091d7ed93bf056ff70c9d0d6ab9
+ 5cab53780897ef7a8e212e10732af54c0a7e597f
@@ -82,34 +82,34 @@
551db7f100a4a8222cb2f6a3fc9036113ff7de42
-
+
https://github.com/dotnet/roslyn
- de75b3c77d41c21562fc2e9dbcc26b2268c80b26
+ 4f7be70476bfc539fcef6633c2e9d3a9dc530443
-
+
https://github.com/dotnet/roslyn
- de75b3c77d41c21562fc2e9dbcc26b2268c80b26
+ 4f7be70476bfc539fcef6633c2e9d3a9dc530443
-
+
https://github.com/dotnet/roslyn
- de75b3c77d41c21562fc2e9dbcc26b2268c80b26
+ 4f7be70476bfc539fcef6633c2e9d3a9dc530443
-
+
https://github.com/dotnet/roslyn
- de75b3c77d41c21562fc2e9dbcc26b2268c80b26
+ 4f7be70476bfc539fcef6633c2e9d3a9dc530443
-
+
https://github.com/dotnet/roslyn
- de75b3c77d41c21562fc2e9dbcc26b2268c80b26
+ 4f7be70476bfc539fcef6633c2e9d3a9dc530443
-
+
https://github.com/dotnet/roslyn
- de75b3c77d41c21562fc2e9dbcc26b2268c80b26
+ 4f7be70476bfc539fcef6633c2e9d3a9dc530443
-
+
https://github.com/dotnet/roslyn
- de75b3c77d41c21562fc2e9dbcc26b2268c80b26
+ 4f7be70476bfc539fcef6633c2e9d3a9dc530443
https://dev.azure.com/dnceng/internal/_git/dotnet-aspnetcore
@@ -483,22 +483,22 @@
-
+
https://github.com/dotnet/arcade
- e6f70c7dd528f05cd28cec2a179d58c22e91d9ac
+ 8b879da4e449c48d99f3f642fc429379a64e8fe8
-
+
https://github.com/dotnet/arcade
- e6f70c7dd528f05cd28cec2a179d58c22e91d9ac
+ 8b879da4e449c48d99f3f642fc429379a64e8fe8
-
+
https://github.com/dotnet/arcade
- e6f70c7dd528f05cd28cec2a179d58c22e91d9ac
+ 8b879da4e449c48d99f3f642fc429379a64e8fe8
-
+
https://github.com/dotnet/arcade
- e6f70c7dd528f05cd28cec2a179d58c22e91d9ac
+ 8b879da4e449c48d99f3f642fc429379a64e8fe8
https://dev.azure.com/dnceng/internal/_git/dotnet-runtime
diff --git a/eng/Versions.props b/eng/Versions.props
index 49691b65d459..9967c964b6ff 100644
--- a/eng/Versions.props
+++ b/eng/Versions.props
@@ -11,7 +11,7 @@
- 8.0.107
+ 8.0.108
true
release
@@ -33,7 +33,7 @@
7.0.0
4.0.0
7.0.0
- 8.0.0-beta.24266.3
+ 8.0.0-beta.24352.1
7.0.0-preview.22423.2
8.0.0
4.3.0
@@ -134,13 +134,13 @@
- 8.0.107
+ 8.0.108
$(MicrosoftTemplateEngineAbstractionsPackageVersion)
$(MicrosoftTemplateEngineAbstractionsPackageVersion)
$(MicrosoftTemplateEngineAbstractionsPackageVersion)
$(MicrosoftTemplateEngineAbstractionsPackageVersion)
- 8.0.107-servicing.24270.5
+ 8.0.108-servicing.24353.3
$(MicrosoftTemplateEngineMocksPackageVersion)
$(MicrosoftTemplateEngineAbstractionsPackageVersion)
$(MicrosoftTemplateEngineMocksPackageVersion)
@@ -151,13 +151,13 @@
- 4.8.0-7.24225.6
- 4.8.0-7.24225.6
- 4.8.0-7.24225.6
- 4.8.0-7.24225.6
- 4.8.0-7.24225.6
- 4.8.0-7.24225.6
- 4.8.0-7.24225.6
+ 4.8.0-7.24318.1
+ 4.8.0-7.24318.1
+ 4.8.0-7.24318.1
+ 4.8.0-7.24318.1
+ 4.8.0-7.24318.1
+ 4.8.0-7.24318.1
+ 4.8.0-7.24318.1
$(MicrosoftNetCompilersToolsetPackageVersion)
@@ -206,7 +206,7 @@
6.12.0
6.1.0
- 8.0.0-beta.24266.3
+ 8.0.0-beta.24352.1
4.18.4
1.3.2
8.0.0-beta.23607.1
diff --git a/eng/build-pr.yml b/eng/build-pr.yml
index 4a73ead09a65..8cc01a363611 100644
--- a/eng/build-pr.yml
+++ b/eng/build-pr.yml
@@ -56,7 +56,7 @@ jobs:
- _OfficialBuildIdArgs: /p:OfficialBuildId=$(BUILD.BUILDNUMBER)
- _SignArgs: /p:DotNetSignType=$(_SignType) /p:TeamName=$(_TeamName)
- _PerfIterations: 25
-
+
steps:
- ${{ if ne(variables['System.TeamProject'], 'public') }}:
- task: PowerShell@2
@@ -66,6 +66,7 @@ jobs:
arguments: -ConfigFile $(Build.SourcesDirectory)/NuGet.config -Password $Env:Token
env:
Token: $(dn-bot-dnceng-artifact-feeds-rw)
+ - template: /eng/common/templates/steps/enable-internal-runtimes.yml
- ${{ if eq(parameters.agentOs, 'Windows_NT') }}:
- powershell: eng\common\build.ps1
$(_CIBuild)
@@ -98,7 +99,7 @@ jobs:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
HelixAccessToken: $(_HelixApiToken)
RunAoTTests: 'false'
-
+
- ${{ if eq(parameters.agentOs, 'Windows_NT_FullFramework') }}:
- powershell: eng\common\build.ps1
$(_CIBuild)
@@ -130,7 +131,7 @@ jobs:
TestFullMSBuild: 'true'
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
HelixAccessToken: $(_HelixApiToken)
-
+
- ${{ if eq(parameters.agentOs, 'Windows_NT_TestAsTools') }}:
- powershell: eng\common\build.ps1
$(_CIBuild)
@@ -142,7 +143,7 @@ jobs:
displayName: Build
env:
BuildConfig: $(_BuildConfig)
-
+
- ${{ if notIn(parameters.agentOs, 'Windows_NT', 'Windows_NT_FullFramework', 'Windows_NT_TestAsTools') }}:
- script: eng/common/build.sh
$(_CIBuild)
@@ -173,34 +174,34 @@ jobs:
RunAoTTests: 'false'
- task: PublishTestResults@2
- displayName: Publish Test Results
- inputs:
- testResultsFormat: xUnit
- testResultsFiles: 'artifacts/TestResults/$(_BuildConfig)/*.xml'
- testRunTitle: '$(_AgentOSName)_$(Agent.JobName)'
- buildPlatform: '$(BuildPlatform)'
- buildConfiguration: '$(_BuildConfig)'
+ displayName: Publish Test Results
+ inputs:
+ testResultsFormat: xUnit
+ testResultsFiles: 'artifacts/TestResults/$(_BuildConfig)/*.xml'
+ testRunTitle: '$(_AgentOSName)_$(Agent.JobName)'
+ buildPlatform: '$(BuildPlatform)'
+ buildConfiguration: '$(_BuildConfig)'
condition: always()
- - task: CopyFiles@2
- displayName: Gather Logs
- inputs:
- SourceFolder: '$(Build.SourcesDirectory)/artifacts'
- Contents: |
- log/$(_BuildConfig)/**/*
- TestResults/$(_BuildConfig)/**/*
+ - task: CopyFiles@2
+ displayName: Gather Logs
+ inputs:
+ SourceFolder: '$(Build.SourcesDirectory)/artifacts'
+ Contents: |
+ log/$(_BuildConfig)/**/*
+ TestResults/$(_BuildConfig)/**/*
SymStore/$(_BuildConfig)/**/*
- TargetFolder: '$(Build.ArtifactStagingDirectory)'
- continueOnError: true
+ TargetFolder: '$(Build.ArtifactStagingDirectory)'
+ continueOnError: true
condition: always()
-
- - task: PublishBuildArtifacts@1
- displayName: Publish Logs to VSTS
- inputs:
- PathtoPublish: '$(Build.ArtifactStagingDirectory)'
- ArtifactName: '$(_AgentOSName)_$(Agent.JobName)_$(Build.BuildNumber)'
- publishLocation: Container
- continueOnError: true
+
+ - task: PublishBuildArtifacts@1
+ displayName: Publish Logs to VSTS
+ inputs:
+ PathtoPublish: '$(Build.ArtifactStagingDirectory)'
+ ArtifactName: '$(_AgentOSName)_$(Agent.JobName)_$(Build.BuildNumber)'
+ publishLocation: Container
+ continueOnError: true
condition: always()
# AoT Jobs
@@ -246,6 +247,7 @@ jobs:
arguments: -ConfigFile $(Build.SourcesDirectory)/NuGet.config -Password $Env:Token
env:
Token: $(dn-bot-dnceng-artifact-feeds-rw)
+ - template: /eng/common/templates/steps/enable-internal-runtimes.yml
- ${{ if eq(parameters.agentOs, 'Windows_NT') }}:
- powershell: eng\common\build.ps1
$(_CIBuild)
@@ -313,25 +315,25 @@ jobs:
RunAoTTests: 'true'
- ${{ if in(parameters.agentOs, 'Windows_NT', 'Darwin') }}:
- - task: CopyFiles@2
- displayName: Gather Logs
- inputs:
- SourceFolder: '$(Build.SourcesDirectory)/artifacts'
- Contents: |
- log/$(_BuildConfig)/**/*
- TestResults/$(_BuildConfig)/**/*
+ - task: CopyFiles@2
+ displayName: Gather Logs
+ inputs:
+ SourceFolder: '$(Build.SourcesDirectory)/artifacts'
+ Contents: |
+ log/$(_BuildConfig)/**/*
+ TestResults/$(_BuildConfig)/**/*
SymStore/$(_BuildConfig)/**/*
- TargetFolder: '$(Build.ArtifactStagingDirectory)'
- continueOnError: true
+ TargetFolder: '$(Build.ArtifactStagingDirectory)'
+ continueOnError: true
condition: always()
- - task: PublishBuildArtifacts@1
- displayName: Publish Logs to VSTS
- inputs:
- PathtoPublish: '$(Build.ArtifactStagingDirectory)'
- ArtifactName: '$(_AgentOSName)_$(Agent.JobName)_$(Build.BuildNumber)'
- publishLocation: Container
- continueOnError: true
+ - task: PublishBuildArtifacts@1
+ displayName: Publish Logs to VSTS
+ inputs:
+ PathtoPublish: '$(Build.ArtifactStagingDirectory)'
+ ArtifactName: '$(_AgentOSName)_$(Agent.JobName)_$(Build.BuildNumber)'
+ publishLocation: Container
+ continueOnError: true
condition: always()
# TemplateEngine Jobs
@@ -377,6 +379,7 @@ jobs:
arguments: -ConfigFile $(Build.SourcesDirectory)/NuGet.config -Password $Env:Token
env:
Token: $(dn-bot-dnceng-artifact-feeds-rw)
+ - template: /eng/common/templates/steps/enable-internal-runtimes.yml
- ${{ if contains(parameters.agentOs, 'Windows_NT') }}:
- powershell: eng\common\build.ps1
$(_CIBuild)
@@ -444,34 +447,34 @@ jobs:
/bl:$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)/dotnet-new.IntegrationTests.binlog
$(_InternalRuntimeDownloadArgs)
displayName: Run dotnet new Integration Tests
-
+
- task: PublishTestResults@2
- displayName: Publish Test Results
- inputs:
- testResultsFormat: xUnit
- testResultsFiles: 'artifacts/TestResults/$(_BuildConfig)/*.xml'
- testRunTitle: '$(_AgentOSName)_$(Agent.JobName)'
- buildPlatform: '$(BuildPlatform)'
- buildConfiguration: '$(_BuildConfig)'
+ displayName: Publish Test Results
+ inputs:
+ testResultsFormat: xUnit
+ testResultsFiles: 'artifacts/TestResults/$(_BuildConfig)/*.xml'
+ testRunTitle: '$(_AgentOSName)_$(Agent.JobName)'
+ buildPlatform: '$(BuildPlatform)'
+ buildConfiguration: '$(_BuildConfig)'
condition: always()
-
- - task: CopyFiles@2
- displayName: Gather Logs
- inputs:
- SourceFolder: '$(Build.SourcesDirectory)/artifacts'
- Contents: |
- log/$(_BuildConfig)/**/*
- TestResults/$(_BuildConfig)/**/*
+
+ - task: CopyFiles@2
+ displayName: Gather Logs
+ inputs:
+ SourceFolder: '$(Build.SourcesDirectory)/artifacts'
+ Contents: |
+ log/$(_BuildConfig)/**/*
+ TestResults/$(_BuildConfig)/**/*
SymStore/$(_BuildConfig)/**/*
- TargetFolder: '$(Build.ArtifactStagingDirectory)'
- continueOnError: true
+ TargetFolder: '$(Build.ArtifactStagingDirectory)'
+ continueOnError: true
+ condition: always()
+
+ - task: PublishBuildArtifacts@1
+ displayName: Publish Logs to VSTS
+ inputs:
+ PathtoPublish: '$(Build.ArtifactStagingDirectory)'
+ ArtifactName: '$(_AgentOSName)_$(Agent.JobName)_$(Build.BuildNumber)'
+ publishLocation: Container
+ continueOnError: true
condition: always()
-
- - task: PublishBuildArtifacts@1
- displayName: Publish Logs to VSTS
- inputs:
- PathtoPublish: '$(Build.ArtifactStagingDirectory)'
- ArtifactName: '$(_AgentOSName)_$(Agent.JobName)_$(Build.BuildNumber)'
- publishLocation: Container
- continueOnError: true
- condition: always()
\ No newline at end of file
diff --git a/eng/build.yml b/eng/build.yml
index 8bef6707871a..89002d024451 100644
--- a/eng/build.yml
+++ b/eng/build.yml
@@ -67,7 +67,7 @@ jobs:
value: /p:DotNetSignType=$(_SignType) /p:TeamName=$(_TeamName)
- name: _PerfIterations
value: 25
-
+
steps:
- ${{ if ne(variables['System.TeamProject'], 'public') }}:
- task: PowerShell@2
@@ -77,6 +77,7 @@ jobs:
arguments: -ConfigFile $(Build.SourcesDirectory)/NuGet.config -Password $Env:Token
env:
Token: $(dn-bot-dnceng-artifact-feeds-rw)
+ - template: /eng/common/templates-official/steps/enable-internal-runtimes.yml
- ${{ if eq(parameters.agentOs, 'Windows_NT') }}:
- powershell: eng\common\build.ps1
$(_CIBuild)
@@ -109,7 +110,7 @@ jobs:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
HelixAccessToken: $(_HelixApiToken)
RunAoTTests: 'false'
-
+
- ${{ if eq(parameters.agentOs, 'Windows_NT_FullFramework') }}:
- powershell: eng\common\build.ps1
$(_CIBuild)
@@ -141,7 +142,7 @@ jobs:
TestFullMSBuild: 'true'
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
HelixAccessToken: $(_HelixApiToken)
-
+
- ${{ if eq(parameters.agentOs, 'Windows_NT_TestAsTools') }}:
- powershell: eng\common\build.ps1
$(_CIBuild)
@@ -153,7 +154,7 @@ jobs:
displayName: Build
env:
BuildConfig: $(_BuildConfig)
-
+
- ${{ if notIn(parameters.agentOs, 'Windows_NT', 'Windows_NT_FullFramework', 'Windows_NT_TestAsTools') }}:
- script: eng/common/build.sh
$(_CIBuild)
@@ -184,34 +185,34 @@ jobs:
RunAoTTests: 'false'
- task: PublishTestResults@2
- displayName: Publish Test Results
- inputs:
- testResultsFormat: xUnit
- testResultsFiles: 'artifacts/TestResults/$(_BuildConfig)/*.xml'
- testRunTitle: '$(_AgentOSName)_$(Agent.JobName)'
- buildPlatform: '$(BuildPlatform)'
- buildConfiguration: '$(_BuildConfig)'
+ displayName: Publish Test Results
+ inputs:
+ testResultsFormat: xUnit
+ testResultsFiles: 'artifacts/TestResults/$(_BuildConfig)/*.xml'
+ testRunTitle: '$(_AgentOSName)_$(Agent.JobName)'
+ buildPlatform: '$(BuildPlatform)'
+ buildConfiguration: '$(_BuildConfig)'
condition: always()
- - task: CopyFiles@2
- displayName: Gather Logs
- inputs:
- SourceFolder: '$(Build.SourcesDirectory)/artifacts'
- Contents: |
- log/$(_BuildConfig)/**/*
- TestResults/$(_BuildConfig)/**/*
+ - task: CopyFiles@2
+ displayName: Gather Logs
+ inputs:
+ SourceFolder: '$(Build.SourcesDirectory)/artifacts'
+ Contents: |
+ log/$(_BuildConfig)/**/*
+ TestResults/$(_BuildConfig)/**/*
SymStore/$(_BuildConfig)/**/*
- TargetFolder: '$(Build.ArtifactStagingDirectory)'
- continueOnError: true
+ TargetFolder: '$(Build.ArtifactStagingDirectory)'
+ continueOnError: true
condition: always()
-
- - task: 1ES.PublishBuildArtifacts@1
- displayName: Publish Logs to VSTS
- inputs:
- PathtoPublish: '$(Build.ArtifactStagingDirectory)'
- ArtifactName: '$(_AgentOSName)_$(Agent.JobName)_$(Build.BuildNumber)'
- publishLocation: Container
- continueOnError: true
+
+ - task: 1ES.PublishBuildArtifacts@1
+ displayName: Publish Logs to VSTS
+ inputs:
+ PathtoPublish: '$(Build.ArtifactStagingDirectory)'
+ ArtifactName: '$(_AgentOSName)_$(Agent.JobName)_$(Build.BuildNumber)'
+ publishLocation: Container
+ continueOnError: true
condition: always()
# AoT Jobs
@@ -270,6 +271,7 @@ jobs:
arguments: -ConfigFile $(Build.SourcesDirectory)/NuGet.config -Password $Env:Token
env:
Token: $(dn-bot-dnceng-artifact-feeds-rw)
+ - template: /eng/common/templates-official/steps/enable-internal-runtimes.yml
- ${{ if eq(parameters.agentOs, 'Windows_NT') }}:
- powershell: eng\common\build.ps1
$(_CIBuild)
@@ -337,25 +339,25 @@ jobs:
RunAoTTests: 'true'
- ${{ if in(parameters.agentOs, 'Windows_NT', 'Darwin') }}:
- - task: CopyFiles@2
- displayName: Gather Logs
- inputs:
- SourceFolder: '$(Build.SourcesDirectory)/artifacts'
- Contents: |
- log/$(_BuildConfig)/**/*
- TestResults/$(_BuildConfig)/**/*
+ - task: CopyFiles@2
+ displayName: Gather Logs
+ inputs:
+ SourceFolder: '$(Build.SourcesDirectory)/artifacts'
+ Contents: |
+ log/$(_BuildConfig)/**/*
+ TestResults/$(_BuildConfig)/**/*
SymStore/$(_BuildConfig)/**/*
- TargetFolder: '$(Build.ArtifactStagingDirectory)'
- continueOnError: true
+ TargetFolder: '$(Build.ArtifactStagingDirectory)'
+ continueOnError: true
condition: always()
- - task: 1ES.PublishBuildArtifacts@1
- displayName: Publish Logs to VSTS
- inputs:
- PathtoPublish: '$(Build.ArtifactStagingDirectory)'
- ArtifactName: '$(_AgentOSName)_$(Agent.JobName)_$(Build.BuildNumber)'
- publishLocation: Container
- continueOnError: true
+ - task: 1ES.PublishBuildArtifacts@1
+ displayName: Publish Logs to VSTS
+ inputs:
+ PathtoPublish: '$(Build.ArtifactStagingDirectory)'
+ ArtifactName: '$(_AgentOSName)_$(Agent.JobName)_$(Build.BuildNumber)'
+ publishLocation: Container
+ continueOnError: true
condition: always()
# TemplateEngine Jobs
@@ -414,6 +416,7 @@ jobs:
arguments: -ConfigFile $(Build.SourcesDirectory)/NuGet.config -Password $Env:Token
env:
Token: $(dn-bot-dnceng-artifact-feeds-rw)
+ - template: /eng/common/templates-official/steps/enable-internal-runtimes.yml
- ${{ if contains(parameters.agentOs, 'Windows_NT') }}:
- powershell: eng\common\build.ps1
$(_CIBuild)
@@ -481,34 +484,34 @@ jobs:
/bl:$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)/dotnet-new.IntegrationTests.binlog
$(_InternalRuntimeDownloadArgs)
displayName: Run dotnet new Integration Tests
-
+
- task: PublishTestResults@2
- displayName: Publish Test Results
- inputs:
- testResultsFormat: xUnit
- testResultsFiles: 'artifacts/TestResults/$(_BuildConfig)/*.xml'
- testRunTitle: '$(_AgentOSName)_$(Agent.JobName)'
- buildPlatform: '$(BuildPlatform)'
- buildConfiguration: '$(_BuildConfig)'
+ displayName: Publish Test Results
+ inputs:
+ testResultsFormat: xUnit
+ testResultsFiles: 'artifacts/TestResults/$(_BuildConfig)/*.xml'
+ testRunTitle: '$(_AgentOSName)_$(Agent.JobName)'
+ buildPlatform: '$(BuildPlatform)'
+ buildConfiguration: '$(_BuildConfig)'
condition: always()
-
- - task: CopyFiles@2
- displayName: Gather Logs
- inputs:
- SourceFolder: '$(Build.SourcesDirectory)/artifacts'
- Contents: |
- log/$(_BuildConfig)/**/*
- TestResults/$(_BuildConfig)/**/*
+
+ - task: CopyFiles@2
+ displayName: Gather Logs
+ inputs:
+ SourceFolder: '$(Build.SourcesDirectory)/artifacts'
+ Contents: |
+ log/$(_BuildConfig)/**/*
+ TestResults/$(_BuildConfig)/**/*
SymStore/$(_BuildConfig)/**/*
- TargetFolder: '$(Build.ArtifactStagingDirectory)'
- continueOnError: true
+ TargetFolder: '$(Build.ArtifactStagingDirectory)'
+ continueOnError: true
condition: always()
-
- - task: 1ES.PublishBuildArtifacts@1
- displayName: Publish Logs to VSTS
- inputs:
- PathtoPublish: '$(Build.ArtifactStagingDirectory)'
- ArtifactName: '$(_AgentOSName)_$(Agent.JobName)_$(Build.BuildNumber)'
- publishLocation: Container
- continueOnError: true
+
+ - task: 1ES.PublishBuildArtifacts@1
+ displayName: Publish Logs to VSTS
+ inputs:
+ PathtoPublish: '$(Build.ArtifactStagingDirectory)'
+ ArtifactName: '$(_AgentOSName)_$(Agent.JobName)_$(Build.BuildNumber)'
+ publishLocation: Container
+ continueOnError: true
condition: always()
diff --git a/eng/common/post-build/publish-using-darc.ps1 b/eng/common/post-build/publish-using-darc.ps1
index 5a3a32ea8d75..238945cb5ab4 100644
--- a/eng/common/post-build/publish-using-darc.ps1
+++ b/eng/common/post-build/publish-using-darc.ps1
@@ -2,7 +2,6 @@ param(
[Parameter(Mandatory=$true)][int] $BuildId,
[Parameter(Mandatory=$true)][int] $PublishingInfraVersion,
[Parameter(Mandatory=$true)][string] $AzdoToken,
- [Parameter(Mandatory=$true)][string] $MaestroToken,
[Parameter(Mandatory=$false)][string] $MaestroApiEndPoint = 'https://maestro.dot.net',
[Parameter(Mandatory=$true)][string] $WaitPublishingFinish,
[Parameter(Mandatory=$false)][string] $ArtifactsPublishingAdditionalParameters,
@@ -31,13 +30,13 @@ try {
}
& $darc add-build-to-channel `
- --id $buildId `
- --publishing-infra-version $PublishingInfraVersion `
- --default-channels `
- --source-branch main `
- --azdev-pat $AzdoToken `
- --bar-uri $MaestroApiEndPoint `
- --password $MaestroToken `
+ --id $buildId `
+ --publishing-infra-version $PublishingInfraVersion `
+ --default-channels `
+ --source-branch main `
+ --azdev-pat "$AzdoToken" `
+ --bar-uri "$MaestroApiEndPoint" `
+ --ci `
@optionalParams
if ($LastExitCode -ne 0) {
diff --git a/eng/common/templates-official/job/publish-build-assets.yml b/eng/common/templates-official/job/publish-build-assets.yml
index 589ac80a18b7..d01739c12857 100644
--- a/eng/common/templates-official/job/publish-build-assets.yml
+++ b/eng/common/templates-official/job/publish-build-assets.yml
@@ -76,13 +76,16 @@ jobs:
- task: NuGetAuthenticate@1
- - task: PowerShell@2
+ - task: AzureCLI@2
displayName: Publish Build Assets
inputs:
- filePath: eng\common\sdk-task.ps1
- arguments: -task PublishBuildAssets -restore -msbuildEngine dotnet
+ azureSubscription: "Darc: Maestro Production"
+ scriptType: ps
+ scriptLocation: scriptPath
+ scriptPath: $(Build.SourcesDirectory)/eng/common/sdk-task.ps1
+ arguments: >
+ -task PublishBuildAssets -restore -msbuildEngine dotnet
/p:ManifestsPath='$(Build.StagingDirectory)/Download/AssetManifests'
- /p:BuildAssetRegistryToken=$(MaestroAccessToken)
/p:MaestroApiEndpoint=https://maestro-prod.westus2.cloudapp.azure.com
/p:PublishUsingPipelines=${{ parameters.publishUsingPipelines }}
/p:OfficialBuildId=$(Build.BuildNumber)
@@ -144,7 +147,6 @@ jobs:
arguments: -BuildId $(BARBuildId)
-PublishingInfraVersion 3
-AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
- -MaestroToken '$(MaestroApiAccessToken)'
-WaitPublishingFinish true
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
diff --git a/eng/common/templates-official/job/source-build.yml b/eng/common/templates-official/job/source-build.yml
index f193dfbe2366..f983033bb028 100644
--- a/eng/common/templates-official/job/source-build.yml
+++ b/eng/common/templates-official/job/source-build.yml
@@ -31,6 +31,12 @@ parameters:
# container and pool.
platform: {}
+ # If set to true and running on a non-public project,
+ # Internal blob storage locations will be enabled.
+ # This is not enabled by default because many repositories do not need internal sources
+ # and do not need to have the required service connections approved in the pipeline.
+ enableInternalSources: false
+
jobs:
- job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }}
displayName: Source-Build (${{ parameters.platform.name }})
@@ -62,6 +68,8 @@ jobs:
clean: all
steps:
+ - ${{ if eq(parameters.enableInternalSources, true) }}:
+ - template: /eng/common/templates-official/steps/enable-internal-runtimes.yml
- template: /eng/common/templates-official/steps/source-build.yml
parameters:
platform: ${{ parameters.platform }}
diff --git a/eng/common/templates-official/job/source-index-stage1.yml b/eng/common/templates-official/job/source-index-stage1.yml
index 43ee0c202fc7..60dfb6b2d1c0 100644
--- a/eng/common/templates-official/job/source-index-stage1.yml
+++ b/eng/common/templates-official/job/source-index-stage1.yml
@@ -23,7 +23,7 @@ jobs:
value: ${{ parameters.sourceIndexPackageSource }}
- name: BinlogPath
value: ${{ parameters.binlogPath }}
- - template: /eng/common/templates/variables/pool-providers.yml
+ - template: /eng/common/templates-official/variables/pool-providers.yml
${{ if ne(parameters.pool, '') }}:
pool: ${{ parameters.pool }}
@@ -34,7 +34,8 @@ jobs:
demands: ImageOverride -equals windows.vs2019.amd64.open
${{ if eq(variables['System.TeamProject'], 'internal') }}:
name: $(DncEngInternalBuildPool)
- demands: ImageOverride -equals windows.vs2019.amd64
+ image: windows.vs2022.amd64
+ os: windows
steps:
- ${{ each preStep in parameters.preSteps }}:
@@ -70,16 +71,13 @@ jobs:
scriptType: 'ps'
scriptLocation: 'inlineScript'
inlineScript: |
- echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$env:servicePrincipalId"
- echo "##vso[task.setvariable variable=ARM_ID_TOKEN]$env:idToken"
- echo "##vso[task.setvariable variable=ARM_TENANT_ID]$env:tenantId"
+ echo "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$env:servicePrincipalId"
+ echo "##vso[task.setvariable variable=ARM_ID_TOKEN;issecret=true]$env:idToken"
+ echo "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$env:tenantId"
- script: |
- echo "Client ID: $(ARM_CLIENT_ID)"
- echo "ID Token: $(ARM_ID_TOKEN)"
- echo "Tenant ID: $(ARM_TENANT_ID)"
az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)
displayName: "Login to Azure"
- script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) -s netsourceindexstage1 -b stage1
- displayName: Upload stage1 artifacts to source index
\ No newline at end of file
+ displayName: Upload stage1 artifacts to source index
diff --git a/eng/common/templates-official/jobs/source-build.yml b/eng/common/templates-official/jobs/source-build.yml
index 08e5db9bb116..5cf6a269c0b6 100644
--- a/eng/common/templates-official/jobs/source-build.yml
+++ b/eng/common/templates-official/jobs/source-build.yml
@@ -21,6 +21,12 @@ parameters:
# one job runs on 'defaultManagedPlatform'.
platforms: []
+ # If set to true and running on a non-public project,
+ # Internal nuget and blob storage locations will be enabled.
+ # This is not enabled by default because many repositories do not need internal sources
+ # and do not need to have the required service connections approved in the pipeline.
+ enableInternalSources: false
+
jobs:
- ${{ if ne(parameters.allCompletedJobId, '') }}:
@@ -38,9 +44,11 @@ jobs:
parameters:
jobNamePrefix: ${{ parameters.jobNamePrefix }}
platform: ${{ platform }}
+ enableInternalSources: ${{ parameters.enableInternalSources }}
- ${{ if eq(length(parameters.platforms), 0) }}:
- template: /eng/common/templates-official/job/source-build.yml
parameters:
jobNamePrefix: ${{ parameters.jobNamePrefix }}
platform: ${{ parameters.defaultManagedPlatform }}
+ enableInternalSources: ${{ parameters.enableInternalSources }}
diff --git a/eng/common/templates-official/post-build/post-build.yml b/eng/common/templates-official/post-build/post-build.yml
index da1f40958b45..0dfa387e7b78 100644
--- a/eng/common/templates-official/post-build/post-build.yml
+++ b/eng/common/templates-official/post-build/post-build.yml
@@ -272,14 +272,16 @@ stages:
- task: NuGetAuthenticate@1
- - task: PowerShell@2
+ - task: AzureCLI@2
displayName: Publish Using Darc
inputs:
- filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
+ azureSubscription: "Darc: Maestro Production"
+ scriptType: ps
+ scriptLocation: scriptPath
+ scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
arguments: -BuildId $(BARBuildId)
-PublishingInfraVersion ${{ parameters.publishingInfraVersion }}
-AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
- -MaestroToken '$(MaestroApiAccessToken)'
-WaitPublishingFinish true
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
diff --git a/eng/common/templates-official/steps/enable-internal-runtimes.yml b/eng/common/templates-official/steps/enable-internal-runtimes.yml
new file mode 100644
index 000000000000..93a8394a666b
--- /dev/null
+++ b/eng/common/templates-official/steps/enable-internal-runtimes.yml
@@ -0,0 +1,28 @@
+# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64'
+# variable with the base64-encoded SAS token, by default
+
+parameters:
+- name: federatedServiceConnection
+ type: string
+ default: 'dotnetbuilds-internal-read'
+- name: outputVariableName
+ type: string
+ default: 'dotnetbuilds-internal-container-read-token-base64'
+- name: expiryInHours
+ type: number
+ default: 1
+- name: base64Encode
+ type: boolean
+ default: true
+
+steps:
+- ${{ if ne(variables['System.TeamProject'], 'public') }}:
+ - template: /eng/common/templates-official/steps/get-delegation-sas.yml
+ parameters:
+ federatedServiceConnection: ${{ parameters.federatedServiceConnection }}
+ outputVariableName: ${{ parameters.outputVariableName }}
+ expiryInHours: ${{ parameters.expiryInHours }}
+ base64Encode: ${{ parameters.base64Encode }}
+ storageAccount: dotnetbuilds
+ container: internal
+ permissions: rl
diff --git a/eng/common/templates-official/steps/get-delegation-sas.yml b/eng/common/templates-official/steps/get-delegation-sas.yml
new file mode 100644
index 000000000000..c0e8f91317f0
--- /dev/null
+++ b/eng/common/templates-official/steps/get-delegation-sas.yml
@@ -0,0 +1,43 @@
+parameters:
+- name: federatedServiceConnection
+ type: string
+- name: outputVariableName
+ type: string
+- name: expiryInHours
+ type: number
+ default: 1
+- name: base64Encode
+ type: boolean
+ default: false
+- name: storageAccount
+ type: string
+- name: container
+ type: string
+- name: permissions
+ type: string
+ default: 'rl'
+
+steps:
+- task: AzureCLI@2
+ displayName: 'Generate delegation SAS Token for ${{ parameters.storageAccount }}/${{ parameters.container }}'
+ inputs:
+ azureSubscription: ${{ parameters.federatedServiceConnection }}
+ scriptType: 'pscore'
+ scriptLocation: 'inlineScript'
+ inlineScript: |
+ # Calculate the expiration of the SAS token and convert to UTC
+ $expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
+
+ $sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv
+
+ if ($LASTEXITCODE -ne 0) {
+ Write-Error "Failed to generate SAS token."
+ exit 1
+ }
+
+ if ('${{ parameters.base64Encode }}' -eq 'true') {
+ $sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas))
+ }
+
+ Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
+ Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$sas"
diff --git a/eng/common/templates-official/steps/get-federated-access-token.yml b/eng/common/templates-official/steps/get-federated-access-token.yml
new file mode 100644
index 000000000000..e3786cef6dfd
--- /dev/null
+++ b/eng/common/templates-official/steps/get-federated-access-token.yml
@@ -0,0 +1,28 @@
+parameters:
+- name: federatedServiceConnection
+ type: string
+- name: outputVariableName
+ type: string
+# Resource to get a token for. Common values include:
+# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps
+# - 'https://storage.azure.com/' for storage
+# Defaults to Azure DevOps
+- name: resource
+ type: string
+ default: '499b84ac-1321-427f-aa17-267ca6975798'
+
+steps:
+- task: AzureCLI@2
+ displayName: 'Getting federated access token for feeds'
+ inputs:
+ azureSubscription: ${{ parameters.federatedServiceConnection }}
+ scriptType: 'pscore'
+ scriptLocation: 'inlineScript'
+ inlineScript: |
+ $accessToken = az account get-access-token --query accessToken --resource ${{ parameters.resource }} --output tsv
+ if ($LASTEXITCODE -ne 0) {
+ Write-Error "Failed to get access token for resource '${{ parameters.resource }}'"
+ exit 1
+ }
+ Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
+ Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken"
diff --git a/eng/common/templates/job/publish-build-assets.yml b/eng/common/templates/job/publish-build-assets.yml
index 8ec0151def21..9fd69fa7c9b7 100644
--- a/eng/common/templates/job/publish-build-assets.yml
+++ b/eng/common/templates/job/publish-build-assets.yml
@@ -74,13 +74,16 @@ jobs:
- task: NuGetAuthenticate@1
- - task: PowerShell@2
+ - task: AzureCLI@2
displayName: Publish Build Assets
inputs:
- filePath: eng\common\sdk-task.ps1
- arguments: -task PublishBuildAssets -restore -msbuildEngine dotnet
+ azureSubscription: "Darc: Maestro Production"
+ scriptType: ps
+ scriptLocation: scriptPath
+ scriptPath: $(Build.SourcesDirectory)/eng/common/sdk-task.ps1
+ arguments: >
+ -task PublishBuildAssets -restore -msbuildEngine dotnet
/p:ManifestsPath='$(Build.StagingDirectory)/Download/AssetManifests'
- /p:BuildAssetRegistryToken=$(MaestroAccessToken)
/p:MaestroApiEndpoint=https://maestro.dot.net
/p:PublishUsingPipelines=${{ parameters.publishUsingPipelines }}
/p:OfficialBuildId=$(Build.BuildNumber)
@@ -140,7 +143,6 @@ jobs:
arguments: -BuildId $(BARBuildId)
-PublishingInfraVersion 3
-AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
- -MaestroToken '$(MaestroApiAccessToken)'
-WaitPublishingFinish true
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
diff --git a/eng/common/templates/job/source-build.yml b/eng/common/templates/job/source-build.yml
index 8a3deef2b727..c0ff472b697b 100644
--- a/eng/common/templates/job/source-build.yml
+++ b/eng/common/templates/job/source-build.yml
@@ -31,6 +31,12 @@ parameters:
# container and pool.
platform: {}
+ # If set to true and running on a non-public project,
+ # Internal blob storage locations will be enabled.
+ # This is not enabled by default because many repositories do not need internal sources
+ # and do not need to have the required service connections approved in the pipeline.
+ enableInternalSources: false
+
jobs:
- job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }}
displayName: Source-Build (${{ parameters.platform.name }})
@@ -61,6 +67,8 @@ jobs:
clean: all
steps:
+ - ${{ if eq(parameters.enableInternalSources, true) }}:
+ - template: /eng/common/templates/steps/enable-internal-runtimes.yml
- template: /eng/common/templates/steps/source-build.yml
parameters:
platform: ${{ parameters.platform }}
diff --git a/eng/common/templates/job/source-index-stage1.yml b/eng/common/templates/job/source-index-stage1.yml
index 43ee0c202fc7..0b6bb89dc78a 100644
--- a/eng/common/templates/job/source-index-stage1.yml
+++ b/eng/common/templates/job/source-index-stage1.yml
@@ -70,16 +70,13 @@ jobs:
scriptType: 'ps'
scriptLocation: 'inlineScript'
inlineScript: |
- echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$env:servicePrincipalId"
- echo "##vso[task.setvariable variable=ARM_ID_TOKEN]$env:idToken"
- echo "##vso[task.setvariable variable=ARM_TENANT_ID]$env:tenantId"
+ echo "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$env:servicePrincipalId"
+ echo "##vso[task.setvariable variable=ARM_ID_TOKEN;issecret=true]$env:idToken"
+ echo "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$env:tenantId"
- script: |
- echo "Client ID: $(ARM_CLIENT_ID)"
- echo "ID Token: $(ARM_ID_TOKEN)"
- echo "Tenant ID: $(ARM_TENANT_ID)"
az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)
displayName: "Login to Azure"
- script: $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) -s netsourceindexstage1 -b stage1
- displayName: Upload stage1 artifacts to source index
\ No newline at end of file
+ displayName: Upload stage1 artifacts to source index
diff --git a/eng/common/templates/jobs/source-build.yml b/eng/common/templates/jobs/source-build.yml
index a15b07eb51d9..5f46bfa895c1 100644
--- a/eng/common/templates/jobs/source-build.yml
+++ b/eng/common/templates/jobs/source-build.yml
@@ -21,6 +21,12 @@ parameters:
# one job runs on 'defaultManagedPlatform'.
platforms: []
+ # If set to true and running on a non-public project,
+ # Internal nuget and blob storage locations will be enabled.
+ # This is not enabled by default because many repositories do not need internal sources
+ # and do not need to have the required service connections approved in the pipeline.
+ enableInternalSources: false
+
jobs:
- ${{ if ne(parameters.allCompletedJobId, '') }}:
@@ -38,9 +44,11 @@ jobs:
parameters:
jobNamePrefix: ${{ parameters.jobNamePrefix }}
platform: ${{ platform }}
+ enableInternalSources: ${{ parameters.enableInternalSources }}
- ${{ if eq(length(parameters.platforms), 0) }}:
- template: /eng/common/templates/job/source-build.yml
parameters:
jobNamePrefix: ${{ parameters.jobNamePrefix }}
platform: ${{ parameters.defaultManagedPlatform }}
+ enableInternalSources: ${{ parameters.enableInternalSources }}
diff --git a/eng/common/templates/post-build/post-build.yml b/eng/common/templates/post-build/post-build.yml
index aba44a25a338..2db4933468fd 100644
--- a/eng/common/templates/post-build/post-build.yml
+++ b/eng/common/templates/post-build/post-build.yml
@@ -268,14 +268,16 @@ stages:
- task: NuGetAuthenticate@1
- - task: PowerShell@2
+ - task: AzureCLI@2
displayName: Publish Using Darc
inputs:
- filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
+ azureSubscription: "Darc: Maestro Production"
+ scriptType: ps
+ scriptLocation: scriptPath
+ scriptPath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
arguments: -BuildId $(BARBuildId)
-PublishingInfraVersion ${{ parameters.publishingInfraVersion }}
-AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
- -MaestroToken '$(MaestroApiAccessToken)'
-WaitPublishingFinish true
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
diff --git a/eng/common/templates/post-build/setup-maestro-vars.yml b/eng/common/templates/post-build/setup-maestro-vars.yml
index 0c87f149a4ad..64b9abc68504 100644
--- a/eng/common/templates/post-build/setup-maestro-vars.yml
+++ b/eng/common/templates/post-build/setup-maestro-vars.yml
@@ -11,13 +11,14 @@ steps:
artifactName: ReleaseConfigs
checkDownloadedFiles: true
- - task: PowerShell@2
+ - task: AzureCLI@2
name: setReleaseVars
displayName: Set Release Configs Vars
inputs:
- targetType: inline
- pwsh: true
- script: |
+ azureSubscription: "Darc: Maestro Production"
+ scriptType: pscore
+ scriptLocation: inlineScript
+ inlineScript: |
try {
if (!$Env:PromoteToMaestroChannels -or $Env:PromoteToMaestroChannels.Trim() -eq '') {
$Content = Get-Content $(Build.StagingDirectory)/ReleaseConfigs/ReleaseConfigs.txt
@@ -31,15 +32,16 @@ steps:
$AzureDevOpsBuildId = $Env:Build_BuildId
}
else {
- $buildApiEndpoint = "${Env:MaestroApiEndPoint}/api/builds/${Env:BARBuildId}?api-version=${Env:MaestroApiVersion}"
+ . $(Build.SourcesDirectory)\eng\common\tools.ps1
+ $darc = Get-Darc
+ $buildInfo = & $darc get-build `
+ --id ${{ parameters.BARBuildId }} `
+ --extended `
+ --output-format json `
+ --ci `
+ | convertFrom-Json
- $apiHeaders = New-Object 'System.Collections.Generic.Dictionary[[String],[String]]'
- $apiHeaders.Add('Accept', 'application/json')
- $apiHeaders.Add('Authorization',"Bearer ${Env:MAESTRO_API_TOKEN}")
-
- $buildInfo = try { Invoke-WebRequest -Method Get -Uri $buildApiEndpoint -Headers $apiHeaders | ConvertFrom-Json } catch { Write-Host "Error: $_" }
-
- $BarId = $Env:BARBuildId
+ $BarId = ${{ parameters.BARBuildId }}
$Channels = $Env:PromoteToMaestroChannels -split ","
$Channels = $Channels -join "]["
$Channels = "[$Channels]"
@@ -65,6 +67,4 @@ steps:
exit 1
}
env:
- MAESTRO_API_TOKEN: $(MaestroApiAccessToken)
- BARBuildId: ${{ parameters.BARBuildId }}
PromoteToMaestroChannels: ${{ parameters.PromoteToChannelIds }}
diff --git a/eng/common/templates/steps/enable-internal-runtimes.yml b/eng/common/templates/steps/enable-internal-runtimes.yml
new file mode 100644
index 000000000000..54dc9416c519
--- /dev/null
+++ b/eng/common/templates/steps/enable-internal-runtimes.yml
@@ -0,0 +1,28 @@
+# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64'
+# variable with the base64-encoded SAS token, by default
+
+parameters:
+- name: federatedServiceConnection
+ type: string
+ default: 'dotnetbuilds-internal-read'
+- name: outputVariableName
+ type: string
+ default: 'dotnetbuilds-internal-container-read-token-base64'
+- name: expiryInHours
+ type: number
+ default: 1
+- name: base64Encode
+ type: boolean
+ default: true
+
+steps:
+- ${{ if ne(variables['System.TeamProject'], 'public') }}:
+ - template: /eng/common/templates/steps/get-delegation-sas.yml
+ parameters:
+ federatedServiceConnection: ${{ parameters.federatedServiceConnection }}
+ outputVariableName: ${{ parameters.outputVariableName }}
+ expiryInHours: ${{ parameters.expiryInHours }}
+ base64Encode: ${{ parameters.base64Encode }}
+ storageAccount: dotnetbuilds
+ container: internal
+ permissions: rl
diff --git a/eng/common/templates/steps/get-delegation-sas.yml b/eng/common/templates/steps/get-delegation-sas.yml
new file mode 100644
index 000000000000..c0e8f91317f0
--- /dev/null
+++ b/eng/common/templates/steps/get-delegation-sas.yml
@@ -0,0 +1,43 @@
+parameters:
+- name: federatedServiceConnection
+ type: string
+- name: outputVariableName
+ type: string
+- name: expiryInHours
+ type: number
+ default: 1
+- name: base64Encode
+ type: boolean
+ default: false
+- name: storageAccount
+ type: string
+- name: container
+ type: string
+- name: permissions
+ type: string
+ default: 'rl'
+
+steps:
+- task: AzureCLI@2
+ displayName: 'Generate delegation SAS Token for ${{ parameters.storageAccount }}/${{ parameters.container }}'
+ inputs:
+ azureSubscription: ${{ parameters.federatedServiceConnection }}
+ scriptType: 'pscore'
+ scriptLocation: 'inlineScript'
+ inlineScript: |
+ # Calculate the expiration of the SAS token and convert to UTC
+ $expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
+
+ $sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv
+
+ if ($LASTEXITCODE -ne 0) {
+ Write-Error "Failed to generate SAS token."
+ exit 1
+ }
+
+ if ('${{ parameters.base64Encode }}' -eq 'true') {
+ $sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas))
+ }
+
+ Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
+ Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$sas"
diff --git a/eng/common/templates/steps/get-federated-access-token.yml b/eng/common/templates/steps/get-federated-access-token.yml
new file mode 100644
index 000000000000..c8c49cc0e8f0
--- /dev/null
+++ b/eng/common/templates/steps/get-federated-access-token.yml
@@ -0,0 +1,28 @@
+parameters:
+- name: federatedServiceConnection
+ type: string
+- name: outputVariableName
+ type: string
+# Resource to get a token for. Common values include:
+# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps
+# - 'https://storage.azure.com/' for storage
+# Defaults to Azure DevOps
+- name: resource
+ type: string
+ default: '499b84ac-1321-427f-aa17-267ca6975798'
+
+steps:
+- task: AzureCLI@2
+ displayName: 'Getting federated access token for feeds'
+ inputs:
+ azureSubscription: ${{ parameters.federatedServiceConnection }}
+ scriptType: 'pscore'
+ scriptLocation: 'inlineScript'
+ inlineScript: |
+ $accessToken = az account get-access-token --query accessToken --resource ${{ parameters.resource }} --output tsv
+ if ($LASTEXITCODE -ne 0) {
+ Write-Error "Failed to get access token for resource '${{ parameters.resource }}'"
+ exit 1
+ }
+ Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
+ Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken"
\ No newline at end of file
diff --git a/global.json b/global.json
index 482d5fb11895..ddd87ad0324e 100644
--- a/global.json
+++ b/global.json
@@ -14,7 +14,7 @@
}
},
"msbuild-sdks": {
- "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24266.3",
- "Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.24266.3"
+ "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24352.1",
+ "Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.24352.1"
}
}
diff --git a/src/Layout/redist/trustedroots/codesignctl.pem b/src/Layout/redist/trustedroots/codesignctl.pem
index 11978a9a649f..021bd8997f77 100644
--- a/src/Layout/redist/trustedroots/codesignctl.pem
+++ b/src/Layout/redist/trustedroots/codesignctl.pem
@@ -8620,3 +8620,51 @@ e0G4FBVWdtOW4xWFZAIwJOT2+L0Tbjq3P9y/zXjfJoBXEq9oZ0//8iuxoqGZtMOT
G456y3y/FI7r6rj+4QNf
-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFeDCCA2CgAwIBAgIQSyw7AQGLrSq8jHtbPu2QVzANBgkqhkiG9w0BAQwFADBW
+MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMS0wKwYDVQQD
+EyRTZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgUm9vdCBSNDYwHhcNMjEwMzIy
+MDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBWMQswCQYDVQQGEwJHQjEYMBYGA1UEChMP
+U2VjdGlnbyBMaW1pdGVkMS0wKwYDVQQDEyRTZWN0aWdvIFB1YmxpYyBDb2RlIFNp
+Z25pbmcgUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCN
+55QSIgQkdC7/FiMCkoq2rjaFrEfUI5ErPtx94jGgUW+shJHjUoq14pbe0IdjJImK
+/+8Skzt9u7aKvb0Ffyeba2XTpQxpsbxJOZrxbW6q5KCDJ9qaDStQ6Utbs7hkNqR+
+Sj2pcaths3OzPAsM79szV+W+NDfjlxtd/R8SPYIDdub7P2bSlDFp+m2zNKzBenjc
+klDyZMeqLQSrw2rq4C+np9xu1+j/2iGrQL+57g2extmeme/G3h+pDHazJyCh1rr9
+gOcB0u/rgimVcI3/uxXP/tEPNqIuTzKQdEZrRzUTdwUzT2MuuC3hv2WnBGsY2HH6
+zAjybYmZELGt2z4s5KoYsMYHAXVn3m3pY2MeNn9pib6qRT5uWl+PoVvLnTCGMOgD
+s0DGDQ84zWeoU4j6uDBl+m/H5x2xg3RpPqzEaDux5mczmrYI4IAFSEDu9oJkRqj1
+c7AGlfJsZZ+/VVscnFcax3hGfHCqlBuCF6yH6bbJDoEcQNYWFyn8XJwYK+pF9e+9
+1WdPKF4F7pBMeufG9ND8+s0+MkYTIDaKBOq3qgdGnA2TOglmmVhcKaO5DKYwODzQ
+RjY1fJy67sPV+Qp2+n4FG0DKkjXp1XrRtX8ArqmQqsV/AZwQsRb8zG4Y3G9i/qZQ
+p7h7uJ0VP/4gDHXIIloTlRmQAOka1cKG8eOO7F/05QIDAQABo0IwQDAdBgNVHQ4E
+FgQUMuuSmv81lkgvKEBCcCA2kVwXheYwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAHZlwuPXIkrXHYle/2lexhQCTXOm
+zc0oyrA36r+nySGqql/av/aDbNCA0QpcAKTL88w5D55BcYjVPOiKe4wXI/fKNHSR
+bAauUD8AWbImPDwXg1cDPi3RGj3UzwdUskMLUnKoiPXEF/Jv0Vil0WjkPZgIGO42
+9EhImvpUcPCI1HAWMEJJ0Nk/dUtFcdiuorthDoiFUFe5uhErNikfjyBynlyeidGC
+2kWNapnahHFrM6UQu3nwl/Z0gaA/V8eGjDCMDjiVrgHGHqvcqB9vL9f/dh6uF3Nt
+5bl1s2EGqJUzwk5vsjfylb6FVBK5yL1iQnb3Kvz1NzEDJlf+0ebb8BYCcoOMCLOE
+rKnkB/ihiMQTWlBHVEKm7dBBNCyYsT6iNKEMXb2s9395p79tDFYyhRtLl7jhrOSk
+PHHxo+FOY9b0Rrr1CwjhYzztolkvCtQsayOinqFN7tESzRgzUO1Bbst/PUFgC2ML
+ePV170MVtzYLEK/cXBipmNk22R3YhLMGioLjexskp0LO7g8+VlwyfexL3lYrOzu6
++XpY0FG2bNb2WKJSJHpEhqEcYD9J0/z6+YQcBcI0v+Lm8RkqmS9WVzWctfUHw0Yv
+3jg9GQ37o/HfE57nqXJYMa+96trX1m13MzOO9Kz9wb9Jh9JwBWd0Bqb2eEAtFgSR
+Dx/TFsS4ehcNJMmy
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIICKDCCAa+gAwIBAgIQUCSbou+Opr9sLB8aY4XUwzAKBggqhkjOPQQDAzBWMQsw
+CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMS0wKwYDVQQDEyRT
+ZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgUm9vdCBFNDYwHhcNMjEwMzIyMDAw
+MDAwWhcNNDYwMzIxMjM1OTU5WjBWMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2Vj
+dGlnbyBMaW1pdGVkMS0wKwYDVQQDEyRTZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25p
+bmcgUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQIMoEDH487om+BR4zl
+e7m6wWmyW0nAKLkUWG8kM85Qm3PZO8FoOZx6Yc5c0iJHRKuAhanllayqrmZYhlan
+uIODzLTRDqlR+EtnOX+MubY5aDSPGUq6jiHrQrisVp0J3AejQjBAMB0GA1UdDgQW
+BBTPfSygkHqYHd22XoXC4NoVcdLlXjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/
+BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjACd++zAerlV83j8HflRwwwlLmgchbs
+aGX/4g44dv/oG8KfzCVTRg6sZHMobtK0IqYCMGk5W6+oBFyZMtOebrSwXs8lGjll
+/zHz43Zy8DMXO+iiqzSEwWGneZ6KupkGGqfVKw==
+-----END CERTIFICATE-----
+
diff --git a/src/Layout/redist/trustedroots/timestampctl.pem b/src/Layout/redist/trustedroots/timestampctl.pem
index 592079fa33ae..e11dc73a8817 100644
--- a/src/Layout/redist/trustedroots/timestampctl.pem
+++ b/src/Layout/redist/trustedroots/timestampctl.pem
@@ -9257,3 +9257,51 @@ sEn9loiN7TPb5cHvtvLTRX9Dvr82zadlqpFiHzd/7Uvv7nMXbi8LgNW1asp98aib
oTM3VxKKcl+Yqg==
-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICNjCCAb2gAwIBAgIUNdzqqPFud6Xd/BatNpw0vRVFzikwCgYIKoZIzj0EAwMw
+WzELMAkGA1UEBhMCTkwxIDAeBgNVBAoMF1F1b1ZhZGlzIFRydXN0bGluayBCLlYu
+MSowKAYDVQQDDCFRdW9WYWRpcyBTaWduaW5nIEVDQyBQMzg0IFJvb3QgRzQwHhcN
+MjMwMzE2MTUzNjAyWhcNNDgwMzA5MTUzNjAxWjBbMQswCQYDVQQGEwJOTDEgMB4G
+A1UECgwXUXVvVmFkaXMgVHJ1c3RsaW5rIEIuVi4xKjAoBgNVBAMMIVF1b1ZhZGlz
+IFNpZ25pbmcgRUNDIFAzODQgUm9vdCBHNDB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BFI7CA12eXWd/JJ/J6R9xlocD5E82+Q5+IKq2PzmYohXxrVz2z72REWsGaRBYykL
+liyHxKYC012KoqjnXjbs38WhRVVKDFRRkBCcHpoM+PM0sJSy54NIx1jKetHHJGgF
+LKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWRZsDiAtkUp02ppPs/4p
+UbnpynwwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2cAMGQCMBZ8eADXpJ2W
+4XVLDPFJMoABShYkMQVq5PHCRA1/t5l5Lgkw15p6O0DmoSYM500L/QIwRmBoIwwu
+shW7GPd4iqd4bGvn1U+4UL+binQ0f4vyuAw62hoABxh7IH+mdNN+g6gT
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIFhjCCA26gAwIBAgIUDx0XQGkARJQ7rWtetIcEV1mwgI0wDQYJKoZIhvcNAQEM
+BQAwWzELMAkGA1UEBhMCTkwxIDAeBgNVBAoMF1F1b1ZhZGlzIFRydXN0bGluayBC
+LlYuMSowKAYDVQQDDCFRdW9WYWRpcyBTaWduaW5nIFJTQSA0MDk2IFJvb3QgRzQw
+HhcNMjMwMzE2MTUzMjQ4WhcNNDgwMzA5MTUzMjQ3WjBbMQswCQYDVQQGEwJOTDEg
+MB4GA1UECgwXUXVvVmFkaXMgVHJ1c3RsaW5rIEIuVi4xKjAoBgNVBAMMIVF1b1Zh
+ZGlzIFNpZ25pbmcgUlNBIDQwOTYgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBANCMA/gAIDZZWuEcZP0bo8ss5R5zIRDr5DYOLLh2vyg6HsEK
+lEXzWuk7wBrF/Od8OMzpHCy3eWGse+BO9i63oTIVG5Usix1Q9qWzsBtj8kbCw1ah
+ydO8E87y24Yapmjr/e+jY6++44IZ/dcSBK5vmJsUr6j353+z1npzUQNo5JeB01o8
+M73Gwf3kfkkc4xQNj8FluJcrYVr88zQ27Gcpe9JMkCrSpkKpxsgByVy/XDcx/gZZ
+V+5urRyeovFq3IjllYTV1h4BnVAW4y9xraGRIKayq/4IKAI2L0OYjDucphkEmrWx
+fP6wDX+kMCPCbw8jAWv/2fOFgq0Fq2xAp4FQbQF/xgTcDsm5zq9p8QOsw8wV4B7q
++2N+NGtSU/CYTPydg13Dik8/k71zWkWhuQ9S8LChI4MKh+lsKaLEN574U5UABwyo
+OSDDRurBPRQZrEtzebgE7lwMo3WWWrVuAp5e8rtyLNrxaSVcIDjqRydWbNLF+BB2
+3iKUaZ3tV6RspDUpmsp9Gl9VRErEVJ+/O5kS0M1oMyK9LB3GGTOkW4SGhEMJQiW5
+4pcs8ZQHrF6QjAEib6Ur9DcEB6vI10xQh/I+Qb8mKiyjZpHO/h5i5sbppaG+mMPv
+5GbN/dvvii+WTHuuM/g6zvyF+GOvyfLA/bRmez3zYyO9W29RPWnDQFTw1q43AgMB
+AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFNw9E+5WtshFimqEnp6
+WQvW/EXtMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQwFAAOCAgEABdc9SCeg
+Xz5mkfFh+wZoILbKSVY9qoP3Hp4WLAFpeQZiLSOoxvNLVIX4ENWYrM+wzVb+S32X
+VA9kvl3QK/QJirECmvyyfMprJvKkzYF0ZjNUo0fWUGwJzja4lQjeExGte0dcsQYL
+vCkqRRnt0v019E5kVDVkXgNBUipl06AULYmUAjJ9xAukbzZcIfr7XuGtpWRZzIGP
+XA/R55Bn/KkJtWW7ALvB74auDpnnPT6PkJXTdgIlUOqJvtISRy0bLjv3r01ZkZvZ
+aAEzmMswZpCSiFJCX0evKp4BvOBrc/e63FZC4WfU7pqtAS43PzA9h/gdcWug6I9g
+R0tl50viFBfXmgYbyLcxeEJKDmHnfnWDwMENqAmsvLNroHNwdALkSdipcyA/pnYA
+aR/8fXg5dYPlpuVy4F6mQhyQ4R4aASXG6NxsR7O+1Y6Q4FL4oE2IHV5kkwkUXJad
+UHqicmqUZTynAe2cj+d28fmV4066TjbYiSfTRH/Ji6gJnpG9ySiYRCCHtMecjsfZ
+Y+wj87Hgonlo4ek+S05aqdOPaUX5v1K6KrchPNN2GE6Tdz5OO2v2ACWyinbBn12X
+dnnmQphmiOAQhu+wodWXUMTpoURWz+57cSnrKAvNbTz6DPvb1mU5UwNTfSQn09h4
+h31GcJwT1UuEv1xp188BqF4OvBPFXkjrhyE=
+-----END CERTIFICATE-----
+
diff --git a/src/Tests/trustedroots.Tests/GivenCodeSigningCtlFile.cs b/src/Tests/trustedroots.Tests/GivenCodeSigningCtlFile.cs
index 8304576ffa48..41483b5c8e9c 100644
--- a/src/Tests/trustedroots.Tests/GivenCodeSigningCtlFile.cs
+++ b/src/Tests/trustedroots.Tests/GivenCodeSigningCtlFile.cs
@@ -23,11 +23,13 @@ public GivenCodeSigningCtlFile()
[InlineData("45140b3247eb9cc8c5b4f0d7b53091f73292089e6e5a63e2749dd3aca9198eda")] // CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
[InlineData("4b03f45807ad70f21bfc2cae71c9fde4604c064cf5ffb686bae5dbaad7fdd34c")] // CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[InlineData("52f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234")] // CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
+ [InlineData("5367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270")] // CN=Microsoft Identity Verification Root Certificate Authority 2020, O=Microsoft Corporation, C=US
[InlineData("552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988")] // CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US
[InlineData("5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e")] // CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
[InlineData("7353b6d6c2d6da4247773f3f07d075decb5134212bead0928ef1f46115260941")] // CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US
[InlineData("7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf")] // CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
[InlineData("7b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df86")] // CN=GlobalSign Code Signing Root R45, O=GlobalSign nv-sa, C=BE
+ [InlineData("7e76260ae69a55d3f060b0fd18b2a8c01443c87b60791030c9fa0b0585101a38")] // CN=Sectigo Public Code Signing Root R46, O=Sectigo Limited, C=GB
[InlineData("85666a562ee0be5ce925c1d8890a6f76a87ec16d4d7d5f29ea7419cf20123b69")] // CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, S=Texas, C=US
[InlineData("85a0dd7dd720adb7ff05f83d542b209dc7ff4528f7d677b18389fea5e5c49e86")] // CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
[InlineData("8d722f81a9c113c0791df136a2966db26c950a971db46b4199f4ea54b78bfb9f")] // CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
diff --git a/src/Tests/trustedroots.Tests/GivenTimestampingCtlFile.cs b/src/Tests/trustedroots.Tests/GivenTimestampingCtlFile.cs
index 8096fe3a1d9e..7d2f255c9479 100644
--- a/src/Tests/trustedroots.Tests/GivenTimestampingCtlFile.cs
+++ b/src/Tests/trustedroots.Tests/GivenTimestampingCtlFile.cs
@@ -25,10 +25,10 @@ public GivenTimestampingCtlFile()
[InlineData("5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e")] // CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
[InlineData("6dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb177")] // CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
[InlineData("6fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f")] // CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US
+ [InlineData("85666a562ee0be5ce925c1d8890a6f76a87ec16d4d7d5f29ea7419cf20123b69")] // CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, S=Texas, C=US
[InlineData("8a866fd1b276b57e578e921c65828a2bed58e9f2f288054134b7f1f4bfc9cc74")] // CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM
[InlineData("a45ede3bbbf09c8ae15c72efc07268d693a21c996fd51e67ca079460fd6d8873")] // CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
[InlineData("cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b")] // CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
- [InlineData("d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4")] // CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, S=Greater Manchester, C=GB
[InlineData("e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd2")] // CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
public void File_contains_certificates_used_in_NuGet_org_package_signatures(string expectedFingerprint)
{