diff --git a/build2.proj b/build2.proj index b9b08f9a4a..e2f760af75 100644 --- a/build2.proj +++ b/build2.proj @@ -25,6 +25,25 @@ -p:BuildNumber=$(BuildNumber) + + + + -p:BuildSuffix=$(BuildSuffix) + + nuget + + + true + BuildMds + $(BuildNumberArgument) - $(PacakgeVersionMdsArgument) + $(BuildSuffixArgument) + $(PackageVersionMdsArgument) $(ReferenceTypeArgument) @@ -316,7 +357,8 @@ $(BuildNumberArgument) - $(PacakgeVersionMdsArgument) + $(BuildSuffixArgument) + $(PackageVersionMdsArgument) $(ReferenceTypeArgument) @@ -341,6 +383,7 @@ $(BuildNumberArgument) + $(BuildSuffixArgument) $(PackageVersionMdsArgument) @@ -367,6 +410,7 @@ $(BuildNumberArgument) + $(BuildSuffixArgument) $(PackageVersionMdsArgument) @@ -388,13 +432,11 @@ automatically build before packaging. Instead, we rely on target dependency to handle building the same binaries that will be packaged. --> - + - @@ -408,13 +450,37 @@ + + + + "$(DotnetPath)dotnet" msbuild "$(MdsProjectPath)" + -nologo + -verbosity:quiet + -getProperty:MdsPackageVersion + + + $(BuildNumberArgument) + $(BuildSuffixArgument) + $(PackageVersionMdsArgument) + + + $([System.Text.RegularExpressions.Regex]::Replace($(GetMdsPackageVersionCommand), "\s+", " ")) + + + + + + + + <_EvaluatedMdsPackageVersion>$([System.Text.RegularExpressions.Regex]::Replace($(_EvaluatedMdsPackageVersion), "\s", "")) $([System.Text.RegularExpressions.Regex]::Replace($(CommitId), "\s", "")) "$(NugetPath)" pack "$(MdsNuspecPath)" -Symbols -SymbolPackageFormat snupkg - -Version "$(PackageVersionMds)" + -Version "$(_EvaluatedMdsPackageVersion)" -OutputDirectory "$(MdsArtifactRoot)/$(ReferenceType)-$(Configuration)" -properties "COMMITID=$(CommitId);Configuration=$(Configuration);ReferenceType=$(ReferenceType);AbstractionsPackageVersion=$(PackageVersionAbstractions);LoggingPackageVersion=$(PackageVersionLogging)" diff --git a/eng/pipelines/common/templates/steps/ci-project-build-step.yml b/eng/pipelines/common/templates/steps/ci-project-build-step.yml index d43222bfd1..d2604e0b3d 100644 --- a/eng/pipelines/common/templates/steps/ci-project-build-step.yml +++ b/eng/pipelines/common/templates/steps/ci-project-build-step.yml @@ -60,7 +60,9 @@ parameters: type: string default: $(loggingPackageVersion) - # Necessary to build AKV Provider when referenceType is Package. Ignored when referenceType is Project. + # Package version to use for MDS package. Because we explicitly provide this version, the + # assembly version will be generated based on this package version and the build number. + # See MdsVersions.props for details on how this works. - name: mdsPackageVersion type: string default: $(mdsPackageVersion) @@ -84,7 +86,7 @@ steps: msbuildArguments: -t:BuildMds -p:ReferenceType=${{ parameters.referenceType }} - -p:BuildNumber=${{ parameters.buildNumber }} + -p:BuildNumber=${{ parameters.assemblyBuildNumber }} -p:PackageVersionAbstractions=${{ parameters.abstractionsPackageVersion }} -p:PackageVersionLogging=${{ parameters.loggingPackageVersion }} -p:PackageVersionMds=${{ parameters.mdsPackageVersion }} diff --git a/eng/pipelines/libraries/ci-build-variables.yml b/eng/pipelines/libraries/ci-build-variables.yml index 2779277678..027501df0f 100644 --- a/eng/pipelines/libraries/ci-build-variables.yml +++ b/eng/pipelines/libraries/ci-build-variables.yml @@ -54,13 +54,13 @@ variables: - name: loggingPackageVersion value: 1.0.0.$(Build.BuildNumber)-ci - # MDS library assembly file version - - name: mdsAssemblyFileVersion - value: 7.0.0.$(assemblyBuildNumber) - # MDS library NuGet package version + # NOTE: This differs from the other structures! MdsVersions.props will deconstruct a provided + # package version and build an assembly version from it. If the build number is included + # before the "-" the build number will be appended again, generating an invalid file version. + # @TODO: This is a band-aid to ensure that CI builds until we can centralize versioning. - name: mdsPackageVersion - value: 7.0.0.$(Build.BuildNumber)-ci + value: 7.0.0-ci$(AssemblyBuildNumber) # Local NuGet feed directory where downloaded pipeline artifacts are placed. # NuGet.config references this as a local package source for restore. diff --git a/eng/pipelines/onebranch/jobs/build-signed-csproj-package-job.yml b/eng/pipelines/onebranch/jobs/build-signed-csproj-package-job.yml index e257386918..653d9419bc 100644 --- a/eng/pipelines/onebranch/jobs/build-signed-csproj-package-job.yml +++ b/eng/pipelines/onebranch/jobs/build-signed-csproj-package-job.yml @@ -134,7 +134,7 @@ jobs: - template: /eng/pipelines/steps/install-dotnet.yml@self # Perform Roslyn analysis before building, since this step will clobber build output. - - template: /eng/pipelines/onebranch/steps/code-analyze-step.yml@self + - template: /eng/pipelines/onebranch/steps/roslyn-analyzers-csproj-step.yml@self parameters: msBuildArguments: >- -t:$(buildTarget) @@ -143,7 +143,7 @@ jobs: ${{ parameters.versionProperties }} # Build the package, producing DLLs only (no NuGet package yet). - - template: /eng/pipelines/onebranch/steps/compound-build-csproj-step.yml@self + - template: /eng/pipelines/onebranch/steps/build-csproj-step.yml@self parameters: buildTarget: $(buildTarget) buildConfiguration: ${{ parameters.buildConfiguration }} @@ -151,7 +151,7 @@ jobs: - ${{ if eq(parameters.isOfficial, true) }}: # ESRP sign the DLLs. - - template: /eng/pipelines/onebranch/steps/compound-esrp-dll-signing-step.yml@self + - template: /eng/pipelines/onebranch/steps/esrp-dll-signing-step.yml@self parameters: appRegistrationClientId: ${{ parameters.appRegistrationClientId }} appRegistrationTenantId: ${{ parameters.appRegistrationTenantId }} @@ -182,7 +182,7 @@ jobs: flattenFolders: false # Pack the signed DLLs into NuGet package (NoBuild=true). - - template: /eng/pipelines/onebranch/steps/compound-pack-csproj-step.yml@self + - template: /eng/pipelines/onebranch/steps/pack-csproj-step.yml@self parameters: packTarget: $(packTarget) buildConfiguration: ${{ parameters.buildConfiguration }} @@ -190,7 +190,7 @@ jobs: - ${{ if eq(parameters.isOfficial, true) }}: # ESRP sign the NuGet package. - - template: /eng/pipelines/onebranch/steps/compound-esrp-nuget-signing-step.yml@self + - template: /eng/pipelines/onebranch/steps/esrp-nuget-signing-step.yml@self parameters: appRegistrationClientId: ${{ parameters.appRegistrationClientId }} appRegistrationTenantId: ${{ parameters.appRegistrationTenantId }} @@ -198,11 +198,22 @@ jobs: authSignCertName: ${{ parameters.authSignCertName }} esrpClientId: ${{ parameters.esrpClientId }} esrpConnectedServiceName: ${{ parameters.esrpConnectedServiceName }} - pattern: ${{ parameters.packageFullName }}.*nupkg + searchPath: $(PACK_OUTPUT) + searchPattern: '${{ parameters.packageFullName }}.*nupkg' # Publish symbols to servers + # @TODO: Get these parameters from variables/libraries - ${{ if eq(parameters.publishSymbols, true) }}: - template: /eng/pipelines/onebranch/steps/publish-symbols-step.yml@self parameters: - packageFullName: ${{ parameters.packageFullName }} - packageVersion: ${{ parameters.packageVersion }} + artifactName: '${{ parameters.packageFullName }}_symbols_$(System.TeamProject)_$(Build.Repository.Name)_$(Build.SourceBranchName)_${{ parameters.packageVersion }}_$(System.TimelineId)' + azureSubscription: 'Symbols publishing Workload Identity federation service-ADO.Net' + packageName: '${{ parameters.packageFullName }}' + publishProjectName: 'Microsoft.Data.SqlClient.SNI' # This is used for all SqlClient packages. Don't know why, but it is. + publishServer: '$(SymbolServer)' + publishToInternal: 'true' + publishToPublic: 'true' + publishTokenUri: '$(SymbolTokenUri)' + searchPattern: '**/${{ parameters.packageFullName }}*.pdb' + uploadAccount: 'SqlClientDrivers' + version: '${{ parameters.packageVersion }}' diff --git a/eng/pipelines/onebranch/jobs/build-signed-mds-package-job.yml b/eng/pipelines/onebranch/jobs/build-signed-mds-package-job.yml new file mode 100644 index 0000000000..4464a3a9f1 --- /dev/null +++ b/eng/pipelines/onebranch/jobs/build-signed-mds-package-job.yml @@ -0,0 +1,182 @@ +################################################################################# +# Licensed to the .NET Foundation under one or more agreements. # +# The .NET Foundation licenses this file to you under the MIT license. # +# See the LICENSE file in the project root for more information. # +################################################################################# + +# Job that performs a build of Microsoft.Data.SqlClient using the build2.proj file. + +parameters: + - name: apiScanDllPath + type: string + + - name: apiScanPdbPath + type: string + + # Whether this build is for an "official" OneBranch pipeline. This is used to enable ESRP signing + # on the artifacts of this job. + - name: isOfficial + type: boolean + + - name: publishSymbols + type: boolean + + - name: signingAppRegistrationClientId + type: string + + - name: signingAppRegistrationTenantId + type: string + + - name: signingAuthAkvName + type: string + + - name: signingAuthSignCertName + type: string + + - name: signingEsrpClientId + type: string + + - name: signingEsrpConnectedServiceName + type: string + + - name: symbolsAzureSubscription + type: string + + - name: symbolsPublishProjectName + type: string + + - name: symbolsPublishServer + type: string + + - name: symbolsPublishTokenUri + type: string + + - name: symbolsUploadAccount + type: string + + # Package Parameters + - name: abstractionsArtifactName + type: string + + - name: abstractionsPackageVersion + type: string + + - name: loggingArtifactName + type: string + + - name: loggingPackageVersion + type: string + + - name: mdsAssemblyFileVersion + type: string + + - name: mdsPackageVersion + type: string + +jobs: + - job: build_package_Mds + displayName: 'Build Microsoft.Data.SqlClient' + pool: + type: windows + + variables: + ob_outputDirectory: '$(PACK_OUTPUT)' + ob_sdl_apiscan_softwareFolder: ${{ parameters.apiScanDllPath }} + ob_sdl_apiscan_symbolsFolder: ${{ parameters.apiScanPdbPath }} + ob_sdl_apiscan_softwarename: 'Microsoft.Data.SqlClient' + ob_sdl_apiscan_versionNumber: ${{ parameters.mdsAssemblyFileVersion }} + + steps: + # Dump environment and parameters + - template: /eng/pipelines/onebranch/steps/script-output-environment-variables-step.yml@self + + - powershell: | + $jsonParams = '${{ convertToJson(parameters) }}' -replace '\\', '\\' + $jsonParams | ConvertFrom-Json | Format-List + displayName: 'Output Job Parameters' + + # Download Abstractions and Logging packages from previous stages into /packages/ so they + # are available via the local NuGet feed when restoring. + # @TODO: With the new build2.proj pack targets, this technically is not necessary. + - task: DownloadPipelineArtifact@2 + displayName: Download Microsoft.Data.SqlClient.Extensions.Abstractions Artifact + inputs: + artifactName: '${{ parameters.abstractionsArtifactName }}' + targetPath: '$(REPO_ROOT)/packages' + + - task: DownloadPipelineArtifact@2 + displayName: Download Microsoft.Data.SqlClient.Extensions.Logging Artifact + inputs: + artifactName: '${{ parameters.loggingArtifactName }}' + targetPath: '$(REPO_ROOT)/packages' + + # Install the .NET SDK + - template: /eng/pipelines/steps/install-dotnet.yml@self + + # Perform analysis before building, since this step will clobber build output + - template: /eng/pipelines/onebranch/steps/roslyn-analyzers-mds-step.yml@self + parameters: + abstractionsPackageVersion: '${{ parameters.abstractionsPackageVersion }}' + loggingPackageVersion: '${{ parameters.loggingPackageVersion }}' + mdsPackageVersion: '${{ parameters.mdsPackageVersion }}' + + # Perform the actual build + - template: /eng/pipelines/onebranch/steps/build-mds-step.yml@self + parameters: + abstractionsPackageVersion: '${{ parameters.abstractionsPackageVersion }}' + loggingPackageVersion: '${{ parameters.loggingPackageVersion }}' + mdsPackageVersion: '${{ parameters.mdsPackageVersion }}' + + # Copy the built DLLs and PDBs to the APIScan output folder for APIScanning post-build + - template: /eng/pipelines/onebranch/steps/copy-apiscan-files-mds-step.yml@self + parameters: + dllPath: '${{ parameters.apiScanDllPath }}' + pdbPath: '${{ parameters.apiScanPdbPath }}' + referenceType: 'Package' + + # Sign the DLLs + - ${{ if parameters.isOfficial }}: + - template: /eng/pipelines/onebranch/steps/esrp-dll-signing-step.yml@self + parameters: + appRegistrationClientId: '${{ parameters.signingAppRegistrationClientId }}' + appRegistrationTenantId: '${{ parameters.signingAppRegistrationTenantId }}' + authAkvName: '${{ parameters.signingAuthAkvName }}' + authSignCertName: '${{ parameters.signingAuthSignCertName }}' + esrpClientId: '${{ parameters.signingEsrpClientId }}' + esrpConnectedServiceName: '${{ parameters.signingEsrpConnectedServiceName }}' + pattern: 'Microsoft.Data.SqlClient*.dll' + + # Package the build output into a NuGet package + - template: /eng/pipelines/onebranch/steps/pack-mds-step.yml + parameters: + abstractionsPackageVersion: '${{ parameters.abstractionsPackageVersion }}' + loggingPackageVersion: '${{ parameters.loggingPackageVersion }}' + mdsPackageVersion: '${{ parameters.mdsPackageVersion }}' + + # Sign the NuGet packages + - ${{ if parameters.isOfficial }}: + - template: /eng/pipelines/onebranch/steps/esrp-nuget-signing-step.yml@self + parameters: + appRegistrationClientId: '${{ parameters.signingAppRegistrationClientId }}' + appRegistrationTenantId: '${{ parameters.signingAppRegistrationTenantId }}' + authAkvName: '${{ parameters.signingAuthAkvName }}' + authSignCertName: '${{ parameters.signingAuthSignCertName }}' + esrpClientId: '${{ parameters.signingEsrpClientId }}' + esrpConnectedServiceName: '${{ parameters.signingEsrpConnectedServiceName }}' + searchPath: '$(PACK_OUTPUT)' + searchPattern: 'Microsoft.Data.SqlClient.*nupkg' + + - ${{ if parameters.publishSymbols }}: + - template: /eng/pipelines/onebranch/steps/publish-symbols-step.yml@self + parameters: + artifactName: 'Microsoft.Data.SqlClient_symbols_$(System.TeamProject)_$(Build.Repository.Name)_$(Build.SourceBranchName)_${{ parameters.mdsPackageVersion }}_$(System.TimelineId)' + azureSubscription: '${{ parameters.symbolsAzureSubscription }}' + packageName: 'Microsoft.Data.SqlClient' + publishProjectName: '${{ parameters.symbolsPublishProjectName }}' + publishServer: '${{ parameters.symbolsPublishServer }}' + publishToInternal: true + publishToPublic: true + publishTokenUri: '${{ parameters.symbolsPublishTokenUri }}' + searchPattern: '**/Microsoft.Data.SqlClient*.pdb' # @TODO: This seems very heavy + uploadAccount: '${{ parameters.symbolsUploadAccount }}' + version: '${{ parameters.mdsPackageVersion }}' diff --git a/eng/pipelines/onebranch/jobs/build-signed-sqlclient-package-job.yml b/eng/pipelines/onebranch/jobs/build-signed-sqlclient-package-job.yml deleted file mode 100644 index f3033b07f0..0000000000 --- a/eng/pipelines/onebranch/jobs/build-signed-sqlclient-package-job.yml +++ /dev/null @@ -1,145 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -# This file is only included in MDS OneBranch Official pipelines. - -parameters: - # True to publish symbols to public and private feeds after the build completes. - - name: publishSymbols - type: boolean - - # True if this is a preview build, which uses the preview version numbers from - # common-variables.yml. - - name: isPreview - type: boolean - - # True to enable ESRP malware scanning and code signing steps, which should not - # be run on non-official pipelines as they access production resources. - - name: isOfficial - type: boolean - -jobs: - - job: build_package_SqlClient - displayName: "Build Microsoft.Data.SqlClient" - pool: - type: windows # read more about custom job pool types at https://aka.ms/obpipelines/yaml/jobs - - variables: - ob_outputDirectory: $(PACK_OUTPUT) - # APIScan configuration for this Extension package - ob_sdl_apiscan_enabled: true - ob_sdl_apiscan_softwareFolder: $(Build.SourcesDirectory)/apiScan/SqlClient/dlls - ob_sdl_apiscan_symbolsFolder: $(Build.SourcesDirectory)/apiScan/SqlClient/pdbs - ob_sdl_apiscan_softwarename: Microsoft.Data.SqlClient - ob_sdl_apiscan_versionNumber: $(assemblyBuildNumber) - - ${{ if parameters.isPreview }}: - abstractionsPackageVersion: $(abstractionsPackagePreviewVersion) - loggingPackageVersion: $(loggingPackagePreviewVersion) - mdsPackageVersion: $(mdsPackagePreviewVersion) - - steps: - - script: SET - displayName: "Print Environment Variables" - - # Download the Abstractions and Logging packages from the previous stage into - # packages/ so that they're available via the local NuGet feed when restoring MDS. - # MDS depends on both Extensions.Abstractions and Internal.Logging. - - task: DownloadPipelineArtifact@2 - displayName: Download Abstractions Package - inputs: - artifactName: $(abstractionsArtifactsName) - targetPath: $(Build.SourcesDirectory)/packages - - - task: DownloadPipelineArtifact@2 - displayName: Download Logging Package - inputs: - artifactName: $(loggingArtifactsName) - targetPath: $(Build.SourcesDirectory)/packages - - # Install the .NET SDK. - - template: /eng/pipelines/steps/install-dotnet.yml@self - - # Build our tooling, which is required by the analysis step below, but - # shouldn't be analyzed itself. - - task: MSBuild@1 - displayName: "Build Tooling" - inputs: - solution: "**/build.proj" - configuration: Release - msbuildArguments: -t:BuildTools - - # Perform analysis before building, since this step will clobber build output. - - template: /eng/pipelines/onebranch/steps/code-analyze-step.yml@self - - # Build MDS, producing signed DLLs. - - template: /eng/pipelines/onebranch/steps/build-all-configurations-signed-dlls-step.yml@self - parameters: - # These variables are sourced from common-variables.yml. - abstractionsAssemblyFileVersion: $(abstractionsAssemblyFileVersion) - abstractionsPackageVersion: $(abstractionsPackageVersion) - loggingAssemblyFileVersion: $(loggingAssemblyFileVersion) - loggingPackageVersion: $(loggingPackageVersion) - mdsAssemblyFileVersion: $(mdsAssemblyFileVersion) - mdsPackageVersion: $(mdsPackageVersion) - - - ${{ if eq(parameters.isOfficial, true) }}: - - template: /eng/pipelines/onebranch/steps/esrp-code-signing-step.yml@self - parameters: - artifactType: dll - sourceRoot: $(BUILD_OUTPUT) - dllPattern: "Microsoft.Data.SqlClient.dll" - - - template: /eng/pipelines/onebranch/steps/esrp-code-signing-step.yml@self - parameters: - artifactType: dll - sourceRoot: $(BUILD_OUTPUT) - dllPattern: "Microsoft.Data.SqlClient.resources.dll" - - - template: /eng/pipelines/common/templates/steps/generate-nuget-package-step.yml@self - parameters: - buildConfiguration: Release - displayName: "Create MDS NuGet Package" - generateSymbolsPackage: true - installNuget: false - nuspecPath: $(nuspecPath) - outputDirectory: $(PACK_OUTPUT) - packageVersion: $(mdsPackageVersion) - properties: "AbstractionsPackageVersion=$(abstractionsPackageVersion);LoggingPackageVersion=$(loggingPackageVersion)" - referenceType: Package - - - ${{ if eq(parameters.isOfficial, true) }}: - - template: /eng/pipelines/onebranch/steps/esrp-code-signing-step.yml@self - parameters: - artifactType: pkg - nupkgPattern: "Microsoft.Data.SqlClient.$(mdsPackageVersion).*nupkg" - - # Copy signed DLLs and PDBs to APIScan folders. - - task: CopyFiles@2 - displayName: Copy DLLs for APIScan - inputs: - SourceFolder: $(BUILD_OUTPUT)/Package/bin - Contents: "**/Microsoft.Data.SqlClient.dll" - TargetFolder: $(ob_sdl_apiscan_softwareFolder) - # We must preserve the folder structure since our C# projects may produce multiple - # identically named DLLs for different target frameworks (e.g. netstandard2.0, net5.0, - # etc.), and we need to keep those separate for APIScan to work correctly. - flattenFolders: false - - - task: CopyFiles@2 - displayName: Copy PDBs for APIScan - inputs: - SourceFolder: $(BUILD_OUTPUT)/Package/bin - Contents: "**/Microsoft.Data.SqlClient.pdb" - TargetFolder: $(ob_sdl_apiscan_symbolsFolder) - flattenFolders: false - - # Publish symbols to servers - - ${{ if eq(parameters.publishSymbols, true) }}: - - template: /eng/pipelines/onebranch/steps/publish-symbols-step.yml@self - parameters: - packageFullName: Microsoft.Data.SqlClient - packageVersion: $(mdsPackageVersion) diff --git a/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml b/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml index 3b463d0b81..2a4bf08e97 100644 --- a/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml +++ b/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml @@ -12,7 +12,7 @@ parameters: - name: isPreview type: boolean - # True if this build is an official build. This will be used to gate some checks + # True if this build is an official build. This will be used to gate some checks # that only apply to official builds, such as signature verification. - name: isOfficial type: boolean @@ -210,7 +210,7 @@ jobs: } } displayName: 'Verify all DLLs unzipped match "expected" hierarchy' - + - ${{ if eq(parameters.isOfficial, true) }}: - powershell: | # Verify all dlls status are Valid @@ -235,6 +235,7 @@ jobs: # This will check each DLL's ProductVersion and FileVersion against # expected values. $failed = 0 + $expectedFileVersion = "$(mdsPackageVersion)".Split('-')[0] + ".$(assemblyBuildNumber)" foreach ( $pVersion in Get-ChildItem *.dll -Path $(extractedNugetPath) -Recurse | ForEach-Object versioninfo ) { @@ -248,13 +249,13 @@ jobs: $failed = 1 } - if ($pVersion.FileVersion -eq '$(mdsAssemblyFileVersion)') + if ($pVersion.FileVersion -eq $expectedFileVersion) { Write-Host -ForegroundColor Green "Correct FileVersion detected for $($pVersion.FileName): $($pVersion.FileVersion)" } else { - Write-Host -ForegroundColor Red "Wrong FileVersion detected for $($pVersion.FileName); expected $(mdsAssemblyFileVersion); found: $($pVersion.FileVersion)" + Write-Host -ForegroundColor Red "Wrong FileVersion detected for $($pVersion.FileName); expected $expectedFileVersion; found: $($pVersion.FileVersion)" $failed = 1 } } @@ -266,23 +267,3 @@ jobs: Get-ChildItem *.dll -Path $(extractedNugetPath) -Recurse | ForEach-Object VersionInfo | Format-List displayName: 'Verify "File Version" matches expected values for DLLs' - - - powershell: | - # Check assembly versions. - # - # GOTCHA: This expects the Versions.props file having XML elements in a - # certain order. If the order changes, this check will fail! - # - # TODO: This also isn't checking the versions of the actual assemblies in - # the package, so it isn't terribly useful. - - [Xml] $versionprops = Get-Content -Path "tools/props/Versions.props" - $AssemblyFileVersion = $versionprops.Project.PropertyGroup[2].AssemblyFileVersion - $AssemblyVersion = $versionprops.Project.PropertyGroup[2].AssemblyVersion - - if($AssemblyFileVersion -eq $AssemblyVersion) - { - Write-Host AssemblyFileVersion: $AssemblyFileVersion should not be equal to: $AssemblyVersion - Exit -1 - } - displayName: 'Check "AssemblyFileVersion" is not same as "AssemblyVersion" in version.props' diff --git a/eng/pipelines/onebranch/stages/build-stages.yml b/eng/pipelines/onebranch/stages/build-stages.yml index fad5c9a699..738e91d26f 100644 --- a/eng/pipelines/onebranch/stages/build-stages.yml +++ b/eng/pipelines/onebranch/stages/build-stages.yml @@ -146,13 +146,30 @@ stages: dependsOn: build_abstractions jobs: - - template: /eng/pipelines/onebranch/jobs/build-signed-sqlclient-package-job.yml@self + - template: /eng/pipelines/onebranch/jobs/build-signed-mds-package-job.yml@self parameters: - publishSymbols: ${{ parameters.publishSymbols }} - isPreview: ${{ parameters.isPreview }} + apiScanDllPath: '$(REPO_ROOT)/apiScan/Microsoft.Data.SqlClient/dlls' + apiScanPdbPath: '$(REPO_ROOT)/apiScan/Microsoft.Data.SqlClient/pdbs' isOfficial: ${{ parameters.isOfficial }} - # TODO: This job should use the effective versions for Abstractions, Logging, - # SqlServer, and SqlClient. + publishSymbols: ${{ parameters.publishSymbols }} + signingAppRegistrationClientId: '$(AppRegistrationClientId)' + signingAppRegistrationTenantId: '$(AppRegistrationTenantId)' + signingAuthAkvName: '$(AuthAKVName)' + signingAuthSignCertName: '$(AuthSignCertName)' + signingEsrpClientId: '$(ESRPClientId)' + signingEsrpConnectedServiceName: '$(ESRPConnectedServiceName)' + symbolsAzureSubscription: 'Symbols publishing Workload Identity federation service-ADO.Net' + symbolsPublishProjectName: 'Microsoft.Data.SqlClient.SNI' + symbolsPublishServer: '$(SymbolServer)' + symbolsPublishTokenUri: '$(SymbolTokenUri)' + symbolsUploadAccount: 'SqlClientDrivers' + + abstractionsArtifactName: '$(abstractionsArtifactsName)' + abstractionsPackageVersion: '$(effectiveAbstractionsVersion)' + loggingArtifactName: '$(loggingArtifactsName)' + loggingPackageVersion: '$(effectiveLoggingVersion)' + mdsAssemblyFileVersion: '$(mdsAssemblyFileVersion)' + mdsPackageVersion: '$(effectiveSqlClientVersion)' - template: /eng/pipelines/onebranch/jobs/build-signed-csproj-package-job.yml@self parameters: diff --git a/eng/pipelines/onebranch/stages/release-stages.yml b/eng/pipelines/onebranch/stages/release-stages.yml index 51eea6e5f0..a9810f1251 100644 --- a/eng/pipelines/onebranch/stages/release-stages.yml +++ b/eng/pipelines/onebranch/stages/release-stages.yml @@ -153,7 +153,7 @@ stages: - template: /eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml@self parameters: packageName: Microsoft.SqlServer.Server - artifactName: drop_build_independent_build_package_SqlServer + artifactName: $(sqlServerArtifactsName) packagePath: Microsoft.SqlServer.Server.$(effectiveSqlServerVersion).nupkg nugetServiceConnection: ${{ variables.nugetServiceConnection }} isProduction: ${{ parameters.isOfficial }} @@ -163,7 +163,7 @@ stages: - template: /eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml@self parameters: packageName: Microsoft.Data.SqlClient.Internal.Logging - artifactName: drop_build_independent_build_package_Logging + artifactName: $(loggingArtifactsName) packagePath: Microsoft.Data.SqlClient.Internal.Logging.$(effectiveLoggingVersion).nupkg nugetServiceConnection: ${{ variables.nugetServiceConnection }} isProduction: ${{ parameters.isOfficial }} @@ -173,7 +173,7 @@ stages: - template: /eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml@self parameters: packageName: Microsoft.Data.SqlClient.Extensions.Abstractions - artifactName: drop_build_abstractions_build_package_Abstractions + artifactName: $(abstractionsArtifactsName) packagePath: Microsoft.Data.SqlClient.Extensions.Abstractions.$(effectiveAbstractionsVersion).nupkg nugetServiceConnection: ${{ variables.nugetServiceConnection }} isProduction: ${{ parameters.isOfficial }} @@ -183,7 +183,7 @@ stages: - template: /eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml@self parameters: packageName: Microsoft.Data.SqlClient - artifactName: drop_build_dependent_build_package_SqlClient + artifactName: $(sqlClientArtifactsName) packagePath: Microsoft.Data.SqlClient.$(effectiveSqlClientVersion).nupkg nugetServiceConnection: ${{ variables.nugetServiceConnection }} isProduction: ${{ parameters.isOfficial }} @@ -193,7 +193,7 @@ stages: - template: /eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml@self parameters: packageName: Microsoft.Data.SqlClient.Extensions.Azure - artifactName: drop_build_dependent_build_package_Azure + artifactName: $(azureArtifactsName) packagePath: Microsoft.Data.SqlClient.Extensions.Azure.$(effectiveAzureVersion).nupkg nugetServiceConnection: ${{ variables.nugetServiceConnection }} isProduction: ${{ parameters.isOfficial }} @@ -203,7 +203,7 @@ stages: - template: /eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml@self parameters: packageName: Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider - artifactName: drop_build_addons_build_package_AkvProvider + artifactName: $(akvArtifactsName) packagePath: Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.$(effectiveAkvProviderVersion).nupkg nugetServiceConnection: ${{ variables.nugetServiceConnection }} isProduction: ${{ parameters.isOfficial }} diff --git a/eng/pipelines/onebranch/steps/build-all-configurations-signed-dlls-step.yml b/eng/pipelines/onebranch/steps/build-all-configurations-signed-dlls-step.yml deleted file mode 100644 index b1429e1fd3..0000000000 --- a/eng/pipelines/onebranch/steps/build-all-configurations-signed-dlls-step.yml +++ /dev/null @@ -1,58 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# -parameters: - - # The assembly file version to apply to the Abstractions package. - - name: abstractionsAssemblyFileVersion - type: string - - # The version to apply to the Abstractions package. - - name: abstractionsPackageVersion - type: string - - # The assembly file version to apply to the Logging package. - - name: loggingAssemblyFileVersion - type: string - - # The version to apply to the Logging package. - - name: loggingPackageVersion - type: string - - # The assembly file version to apply to the Mds package. - - name: mdsAssemblyFileVersion - type: string - - # The version to apply to the Mds package. - - name: mdsPackageVersion - type: string - -steps: - # Download our signing key. - - task: DownloadSecureFile@1 - displayName: 'Download Key Pair' - inputs: - secureFile: netfxKeypair.snk - name: keyFile - - # Install the .NET SDK. - - template: /eng/pipelines/steps/install-dotnet.yml@self - - - task: MSBuild@1 - displayName: 'BuildAllConfigurations using build.proj' - inputs: - solution: '**/build.proj' - configuration: Release - msbuildArguments: >- - -t:BuildAllConfigurations - -p:ReferenceType=Package - -p:GenerateNuget=false - -p:SigningKeyPath=$(keyFile.secureFilePath) - -p:AssemblyFileVersion=${{ parameters.mdsAssemblyFileVersion }} - -p:MdsPackageVersion=${{ parameters.mdsPackageVersion }} - -p:AbstractionsPackageVersion=${{ parameters.abstractionsPackageVersion }} - -p:AbstractionsAssemblyFileVersion=${{ parameters.abstractionsAssemblyFileVersion }} - -p:LoggingPackageVersion=${{ parameters.loggingPackageVersion }} - -p:LoggingAssemblyFileVersion=${{ parameters.loggingAssemblyFileVersion }} diff --git a/eng/pipelines/onebranch/steps/compound-build-csproj-step.yml b/eng/pipelines/onebranch/steps/build-csproj-step.yml similarity index 95% rename from eng/pipelines/onebranch/steps/compound-build-csproj-step.yml rename to eng/pipelines/onebranch/steps/build-csproj-step.yml index 1f1fee00c4..d1cea7c190 100644 --- a/eng/pipelines/onebranch/steps/compound-build-csproj-step.yml +++ b/eng/pipelines/onebranch/steps/build-csproj-step.yml @@ -7,7 +7,7 @@ # Generic build step for csproj-based packages. Each project uses a build.proj target that runs # Build only and produces assemblies within $(BUILD_OUTPUT). Downstream ESRP DLL signing must # locate the assemblies within $(BUILD_OUTPUT) for all target frameworks that the csproj targets. -# NuGet packaging is done separately via compound-pack-csproj-step.yml after DLL signing. +# NuGet packaging is done separately via pack-csproj-step.yml after DLL signing. parameters: # The MSBuild build target in build.proj (e.g. BuildLogging, BuildAbstractions, diff --git a/eng/pipelines/onebranch/steps/build-mds-step.yml b/eng/pipelines/onebranch/steps/build-mds-step.yml new file mode 100644 index 0000000000..4d5058f261 --- /dev/null +++ b/eng/pipelines/onebranch/steps/build-mds-step.yml @@ -0,0 +1,41 @@ +################################################################################# +# Licensed to the .NET Foundation under one or more agreements. # +# The .NET Foundation licenses this file to you under the MIT license. # +# See the LICENSE file in the project root for more information. # +################################################################################# + +# This collection of steps builds Microsoft.Data.SqlClient via build2.proj + +parameters: + - name: abstractionsPackageVersion + type: string + + - name: loggingPackageVersion + type: string + + - name: mdsPackageVersion + type: string + +steps: + - task: DownloadSecureFile@1 + displayName: 'Download Signing Key' + inputs: + secureFile: 'netfxKeypair.snk' + name: keyFile + + - task: MSBuild@1 + displayName: 'Build2.proj - BuildMds' + inputs: + solution: '$(REPO_ROOT)/build2.proj' + configuration: 'Release' + msbuildArguments: >- + -t:BuildMds + -p:BuildNumber="$(Build.BuildNumber)" + -p:PackageVersionAbstractions="${{ parameters.abstractionsPackageVersion }}" + -p:PackageVersionLogging="${{ parameters.loggingPackageVersion }}" + -p:PackageVersionMds="${{ parameters.mdsPackageVersion }}" + -p:ReferenceType=Package + -p:SigningKeyPath="$(keyFile.secureFilePath)" + + - script: tree /a /f $(BUILD_OUTPUT) + displayName: Output Build Output Tree diff --git a/eng/pipelines/onebranch/steps/compound-nuget-pack-step.yml b/eng/pipelines/onebranch/steps/compound-nuget-pack-step.yml deleted file mode 100644 index ef1f3b946a..0000000000 --- a/eng/pipelines/onebranch/steps/compound-nuget-pack-step.yml +++ /dev/null @@ -1,86 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -parameters: - # The C# build configuration to use (e.g. Debug or Release). - - name: buildConfiguration - type: string - values: - - Debug - - Release - - - name: generateSymbolsPackage - type: boolean - - - name: packageVersion - type: string - - - name: nuspecPath - type: string - - - name: outputDirectory - type: string - - # The C# project reference type to use when building and packing the packages. - - name: referenceType - type: string - values: - # Reference sibling packages as NuGet packages. - - Package - # Reference sibling packages as C# projects. - - Project - - # Semi-colon separated properties to pass to nuget via the -properties argument. - - name: properties - type: string - default: '' - -steps: - # This tool is failing on OneBranch pipelines, possibly due to new - # network isolation rules: - # - # ERR:Client network socket disconnected before secure TLS connection was established - # - # Our AKV Official build uses this 1ES image: - # - # Image: 1ES-OB-2022-D8-Netlock-V2_westus2_1_image - # - # An ICM for this issue exists: - # - # https://portal.microsofticm.com/imp/v5/incidents/details/690355343/summary - # - # Recommendation is to remove this step since NuGet is already present on - # the 1ES images. - # - # - task: NuGetToolInstaller@1 - # displayName: 'Install Latest Nuget' - # inputs: - # checkLatest: true - - - ${{ if parameters.generateSymbolsPackage }}: - - task: NuGetCommand@2 - displayName: 'Generate NuGet Package and Symbols Package' - inputs: - command: custom - arguments: >- - pack - ${{ parameters.nuspecPath }} - -Symbols - -SymbolPackageFormat snupkg - -Version ${{ parameters.packageVersion }} - -OutputDirectory ${{ parameters.outputDirectory }} - -Properties "COMMITID=$(Build.SourceVersion);Configuration=${{ parameters.buildConfiguration }};ReferenceType=${{ parameters.referenceType }};${{ parameters.properties }}" - - ${{ else }}: - - task: NuGetCommand@2 - displayName: 'Generate NuGet Package' - inputs: - command: custom - arguments: >- - pack - ${{ parameters.nuspecPath }} - -Version ${{ parameters.packageVersion }} - -OutputDirectory ${{ parameters.outputDirectory }} - -Properties "COMMITID=$(Build.SourceVersion);Configuration=${{ parameters.buildConfiguration }};ReferenceType=${{ parameters.referenceType }};${{ parameters.properties }}" diff --git a/eng/pipelines/onebranch/steps/compound-publish-symbols-step.yml b/eng/pipelines/onebranch/steps/compound-publish-symbols-step.yml deleted file mode 100644 index 1b2e3cb3b9..0000000000 --- a/eng/pipelines/onebranch/steps/compound-publish-symbols-step.yml +++ /dev/null @@ -1,162 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -# For more details, see https://www.osgwiki.com/wiki/Symbols_Publishing_Pipeline_to_SymWeb_and_MSDL - -parameters: - # Name of the symbols artifact that will be published - - name: artifactName - type: string - - # Azure subscription where the publishing task will execute - - name: azureSubscription - type: string - - # Package name, typically the name of the nuget package being built - - name: packageName - type: string - - # Project that symbols will belong to (decided during symbols onboarding) - - name: publishProjectName - type: string - - # Where symbols publishing service is hosted, will be prepended to trafficmanager.net - - name: publishServer - type: string - - # Whether to publish the uploaded symbols to the internal symbols servers - - name: publishToInternal - type: boolean - - # Whether to publish the uploaded symbols to the public symbols servers - - name: publishToPublic - type: boolean - - # URI to use for requesting a bearer-token for publishing the symbols - - name: publishTokenUri - type: string - - # The C# project reference type to use when building and packing the packages. - - name: referenceType - type: string - values: - # Reference sibling packages as NuGet packages. - - Package - # Reference sibling packages as C# projects. - - Project - - # Pattern to use to search for pdb symbols files to upload/publish - - name: searchPattern - type: string - - # Account/org where the symbols will be uploaded - - name: uploadAccount - type: string - - # Version of the symbols to publish, typically the same as the NuGet package version - - name: version - type: string - -steps: - # Set variable for downstream tasks (allegedly). - # - # Note: Because variables cannot be set in top-level of template, this has to be done during - # runtime. - # - - script: 'echo ##vso[task.setvariable variable=ArtifactServices.Symbol.AccountName;]${{ parameters.uploadAccount }}' - displayName: 'Set ArtifactServices.Symbol.AccountName to ${{ parameters.uploadAccount }}' - - - task: PublishSymbols@2 - displayName: 'Upload symbols to ${{ parameters.uploadAccount }} org' - inputs: - IndexSources: false - Pat: '$(System.AccessToken)' - SearchPattern: '${{ parameters.searchPattern }}' - SymbolExpirationInDays: 1825 # 5 years - SymbolServerType: 'TeamServices' - SymbolsArtifactName: '${{ parameters.artifactName }}' - SymbolsFolder: '$(BUILD_OUTPUT)/${{ parameters.referenceType }}/bin' - SymbolsMaximumWaitTime: 60 - SymbolsProduct: '${{ parameters.packageName }}' - SymbolsVersion: '${{ parameters.version }}' - - - task: AzureCLI@2 - displayName: 'Publish Symbols' - inputs: - azureSubscription: '${{ parameters.azureSubscription }}' - scriptLocation: inlineScript - scriptType: ps - inlineScript: | - # Propagate parameters to PS variables ################################################ - $artifactName = "${{ parameters.artifactName }}" - echo "artifactName= $artifactName" - - $publishProjectName = "${{ parameters.publishProjectName }}" - echo "publishProjectName= $publishProjectName" - - $publishToInternal = "${{ parameters.publishToInternal }}".ToLower() - echo "publishToInternal= $publishToInternal" - - $publishToPublic = "${{ parameters.publishToPublic }}".ToLower() - echo "publishToPublic= $publishToPublic" - - $publishServer = "${{ parameters.publishServer }}" - echo "publishServer= $publishServer" - - $publishTokenUri = "${{ parameters.publishTokenUri }}" - echo "publishTokenUri= $publishTokenUri" - - # Publish symbols ##################################################################### - # 1) Get the access token for the symbol publishing service - echo "> 1.Acquiring symbol publishing token..." - $symbolPublishingToken = az account get-access-token --resource $publishTokenUri --query accessToken -o tsv - echo "> 1.Symbol publishing token acquired." - - # 2) Register the request name - echo "> 2.Registering request name..." - $requestNameRegistrationBody = "{'requestName': '$artifactName'}" - Invoke-RestMethod ` - -Method POST ` - -Uri "https://$publishServer.trafficmanager.net/projects/$publishProjectName/requests" ` - -Headers @{ Authorization = "Bearer $symbolPublishingToken" } ` - -ContentType "application/json" ` - -Body $requestNameRegistrationBody - echo "> 2.Request name registered successfully." - - # 3) Publish the symbols - echo "> 3.Submitting request to publish symbols..." - $publishSymbolsBody = "{'publishToInternalServer': $publishToInternal, 'publishToPublicServer': $publishToPublic}" - Invoke-RestMethod ` - -Method POST ` - -Uri "https://$publishServer.trafficmanager.net/projects/$publishProjectName/requests/$artifactName" ` - -Headers @{ Authorization = "Bearer $symbolPublishingToken" } ` - -ContentType "application/json" ` - -Body $publishSymbolsBody - echo "> 3.Request to publish symbols submitted successfully." - - # The following REST calls are used to check publishing status. - echo "> 4.Checking the status of the request ..." - Invoke-RestMethod ` - -Method GET ` - -Uri "https://$publishServer.trafficmanager.net/projects/$publishProjectName/requests/$artifactName" ` - -Headers @{ Authorization = "Bearer $symbolPublishingToken" } ` - -ContentType "application/json" - - echo "Use below tables to interpret the values of xxxServerStatus and xxxServerResult fields from the response." - - echo "PublishingStatus" - echo "-----------------" - echo "0 NotRequested; The request has not been requested to publish." - echo "1 Submitted; The request is submitted to be published" - echo "2 Processing; The request is still being processed" - echo "3 Completed; The request has been completed processing. It can be failed or successful. Check PublishingResult to get more details" - - echo "PublishingResult" - echo "-----------------" - echo "0 Pending; The request has not completed or has not been requested." - echo "1 Succeeded; The request has published successfully" - echo "2 Failed; The request has failed to publish" - echo "3 Cancelled; The request was cancelled" diff --git a/eng/pipelines/onebranch/steps/copy-apiscan-files-mds-step.yml b/eng/pipelines/onebranch/steps/copy-apiscan-files-mds-step.yml new file mode 100644 index 0000000000..653eb40f5d --- /dev/null +++ b/eng/pipelines/onebranch/steps/copy-apiscan-files-mds-step.yml @@ -0,0 +1,39 @@ +################################################################################# +# Licensed to the .NET Foundation under one or more agreements. # +# The .NET Foundation licenses this file to you under the MIT license. # +# See the LICENSE file in the project root for more information. # +################################################################################# + +# @TODO: This can be made more generic + +parameters: + # Path where dll files should be copied to for APIScan + - name: dllPath + type: string + + # Path where pdb files should be copied to for APIScan + - name: pdbPath + type: string + + - name: referenceType + type: string + values: + - Package + - Project + +steps: + - task: CopyFiles@2 + displayName: 'Copy DLLs for APIScan' + inputs: + contents: '**/Microsoft.Data.SqlClient.dll' + flattenFolders: false # Disabled to keep different frameworks and OS builds separate in the target + sourceFolder: '$(BUILD_OUTPUT)/Microsoft.Data.SqlClient/${{ parameters.referenceType }}-Release/' + targetFolder: '${{ parameters.dllPath }}/' + + - task: CopyFiles@2 + displayName: 'Copy PDBs for APIScan' + inputs: + contents: '**/Microsoft.Data.SqlClient.pdb' + flattenFolders: false # Disabled to keep different frameworks and OS builds separate in the target + sourceFolder: '$(BUILD_OUTPUT)/Microsoft.Data.SqlClient/${{ parameters.referenceType }}-Release/' + targetFolder: '${{ parameters.pdbPath }}/' diff --git a/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml b/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml deleted file mode 100644 index 09f7715145..0000000000 --- a/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml +++ /dev/null @@ -1,168 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -parameters: - - name: artifactType - values: - - dll - - pkg - - - name: sourceRoot - type: string - default: $(REPO_ROOT) - - - name: dllPattern - type: string - default: "Microsoft.Data.SqlClient*.dll" - - - name: nupkgPattern - type: string - default: "*.*nupkg" - - - name: artifactDirectory - type: string - default: $(PACK_OUTPUT) - - - name: ESRPConnectedServiceName - type: string - default: $(ESRPConnectedServiceName) - - - name: appRegistrationClientId - type: string - default: $(appRegistrationClientId) - - - name: appRegistrationTenantId - type: string - default: $(appRegistrationTenantId) - - - name: AuthAKVName - type: string - default: $(AuthAKVName) - - - name: AuthSignCertName - type: string - default: $(AuthSignCertName) - - - name: EsrpClientId - type: string - default: $(EsrpClientId) - -steps: - # ESRP scan and sign the DLLs or NuGet packages, depending on the artifact type. - - ${{ if eq(parameters.artifactType, 'dll') }}: - # See: https://aka.ms/esrp.scantask - - task: EsrpMalwareScanning@6 - displayName: "ESRP MalwareScanning" - inputs: - ConnectedServiceName: "${{parameters.ESRPConnectedServiceName }}" - AppRegistrationClientId: "${{parameters.appRegistrationClientId }}" - AppRegistrationTenantId: "${{parameters.appRegistrationTenantId }}" - EsrpClientId: "${{parameters.EsrpClientId }}" - UseMSIAuthentication: true - FolderPath: "${{parameters.sourceRoot }}" - Pattern: "${{ parameters.dllPattern }}" - CleanupTempStorage: 1 - VerboseLogin: 1 - - # See: https://aka.ms/esrp.signtask - - task: EsrpCodeSigning@6 - displayName: "ESRP CodeSigning" - inputs: - ConnectedServiceName: "${{parameters.ESRPConnectedServiceName }}" - AppRegistrationClientId: "${{parameters.appRegistrationClientId }}" - AppRegistrationTenantId: "${{parameters.appRegistrationTenantId }}" - EsrpClientId: "${{parameters.EsrpClientId }}" - UseMSIAuthentication: true - AuthAKVName: "${{parameters.AuthAKVName }}" - AuthSignCertName: "${{parameters.AuthSignCertName }}" - FolderPath: "${{parameters.sourceRoot }}" - Pattern: "${{ parameters.dllPattern }}" - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft Data SqlClient Data Provider for SQL Server" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd \"SHA256\"" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - } - ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - - - ${{ if eq(parameters.artifactType, 'pkg') }}: - # See: https://aka.ms/esrp.scantask - - task: EsrpMalwareScanning@6 - displayName: "ESRP MalwareScanning Nuget Package" - inputs: - ConnectedServiceName: "${{parameters.ESRPConnectedServiceName }}" - AppRegistrationClientId: "${{parameters.appRegistrationClientId }}" - AppRegistrationTenantId: "${{parameters.appRegistrationTenantId }}" - EsrpClientId: "${{parameters.EsrpClientId }}" - UseMSIAuthentication: true - FolderPath: "${{parameters.artifactDirectory }}" - Pattern: "${{ parameters.nupkgPattern }}" - CleanupTempStorage: 1 - VerboseLogin: 1 - - # See: https://aka.ms/esrp.signtask - - task: EsrpCodeSigning@6 - displayName: "ESRP CodeSigning Nuget Package" - inputs: - ConnectedServiceName: "${{parameters.ESRPConnectedServiceName }}" - AppRegistrationClientId: "${{parameters.appRegistrationClientId }}" - AppRegistrationTenantId: "${{parameters.appRegistrationTenantId }}" - EsrpClientId: "${{parameters.EsrpClientId }}" - UseMSIAuthentication: true - AuthAKVName: "${{parameters.AuthAKVName }}" - AuthSignCertName: "${{parameters.AuthSignCertName }}" - FolderPath: "${{parameters.artifactDirectory }}" - Pattern: "${{ parameters.nupkgPattern }}" - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetSign", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] diff --git a/eng/pipelines/onebranch/steps/compound-esrp-dll-signing-step.yml b/eng/pipelines/onebranch/steps/esrp-dll-signing-step.yml similarity index 78% rename from eng/pipelines/onebranch/steps/compound-esrp-dll-signing-step.yml rename to eng/pipelines/onebranch/steps/esrp-dll-signing-step.yml index 44649f94aa..073911e5fe 100644 --- a/eng/pipelines/onebranch/steps/compound-esrp-dll-signing-step.yml +++ b/eng/pipelines/onebranch/steps/esrp-dll-signing-step.yml @@ -30,7 +30,7 @@ parameters: - name: esrpClientId type: string - # Globbing pattern for the files to sign. All files in $(BUILD_OUTPUT)/Package/bin + # Globbing pattern for the files to sign. All files in $(BUILD_OUTPUT) # that match this pattern will be scanned and signed. This should end with ".dll". - name: pattern type: string @@ -40,13 +40,13 @@ steps: - task: EsrpMalwareScanning@6 displayName: ESRP DLL Malware Scanning inputs: - AppRegistrationClientId: ${{ parameters.appRegistrationClientId }} - AppRegistrationTenantId: ${{ parameters.appRegistrationTenantId }} + AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' + AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' CleanupTempStorage: 1 - ConnectedServiceName: ${{ parameters.esrpConnectedServiceName }} - EsrpClientId: ${{ parameters.esrpClientId }} - FolderPath: $(BUILD_OUTPUT)/Package/bin - Pattern: ${{ parameters.pattern }} + ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' + EsrpClientId: '${{ parameters.esrpClientId }}' + FolderPath: '$(BUILD_OUTPUT)' + Pattern: '${{ parameters.pattern }}' UseMSIAuthentication: true VerboseLogin: 1 @@ -54,14 +54,14 @@ steps: - task: EsrpCodeSigning@6 displayName: ESRP DLL Signing inputs: - AppRegistrationClientId: ${{ parameters.appRegistrationClientId }} - AppRegistrationTenantId: ${{ parameters.appRegistrationTenantId }} - AuthAKVName: ${{ parameters.authAkvName }} - AuthSignCertName: ${{ parameters.authSignCertName }} - ConnectedServiceName: ${{ parameters.esrpConnectedServiceName }} - EsrpClientId: ${{ parameters.esrpClientId }} - FolderPath: $(BUILD_OUTPUT)/Package/bin - Pattern: ${{ parameters.pattern }} + AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' + AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' + AuthAKVName: '${{ parameters.authAkvName }}' + AuthSignCertName: '${{ parameters.authSignCertName }}' + ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' + EsrpClientId: '${{ parameters.esrpClientId }}' + FolderPath: '$(BUILD_OUTPUT)' + Pattern: '${{ parameters.pattern }}' signConfigType: inlineSignParams UseMSIAuthentication: true inlineOperation: | diff --git a/eng/pipelines/onebranch/steps/compound-esrp-nuget-signing-step.yml b/eng/pipelines/onebranch/steps/esrp-nuget-signing-step.yml similarity index 59% rename from eng/pipelines/onebranch/steps/compound-esrp-nuget-signing-step.yml rename to eng/pipelines/onebranch/steps/esrp-nuget-signing-step.yml index 824b3fab65..bddbac517c 100644 --- a/eng/pipelines/onebranch/steps/compound-esrp-nuget-signing-step.yml +++ b/eng/pipelines/onebranch/steps/esrp-nuget-signing-step.yml @@ -30,39 +30,43 @@ parameters: - name: esrpClientId type: string - # Glob pattern to match NuGet packages for scanning and signing. - - name: pattern + # Folder path to search for NuGet packages to sign + - name: searchPath type: string - default: "*.*nupkg" + + # Globbing pattern to use to search for NuGet packages. If not provided, defaults to '*.*nupkg' + - name: searchPattern + type: string + default: '*.*nupkg' steps: # See: https://aka.ms/esrp.scantask - task: EsrpMalwareScanning@6 - displayName: "ESRP Nuget Malware Scanning" + displayName: 'ESRP Nuget Malware Scanning' inputs: - AppRegistrationClientId: "${{ parameters.appRegistrationClientId }}" - AppRegistrationTenantId: "${{ parameters.appRegistrationTenantId }}" + AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' + AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' CleanupTempStorage: 1 - ConnectedServiceName: "${{ parameters.esrpConnectedServiceName }}" - EsrpClientId: "${{ parameters.esrpClientId }}" - FolderPath: "$(PACK_OUTPUT)" - Pattern: "${{ parameters.pattern }}" + ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' + EsrpClientId: '${{ parameters.esrpClientId }}' + FolderPath: '${{ parameters.searchPath }}' + Pattern: '${{ parameters.searchPattern }}' UseMSIAuthentication: true VerboseLogin: 1 # See: https://aka.ms/esrp.signtask - task: EsrpCodeSigning@6 - displayName: "ESRP Signing NuGet Package" + displayName: 'ESRP Signing NuGet Package' inputs: - AppRegistrationClientId: "${{ parameters.appRegistrationClientId }}" - AppRegistrationTenantId: "${{ parameters.appRegistrationTenantId }}" - ConnectedServiceName: "${{ parameters.esrpConnectedServiceName }}" - EsrpClientId: "${{ parameters.esrpClientId }}" - AuthAKVName: "${{ parameters.authAkvName }}" - AuthSignCertName: "${{ parameters.authSignCertName }}" - FolderPath: "$(PACK_OUTPUT)" - Pattern: "${{ parameters.pattern }}" - signConfigType: "inlineSignParams" + AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' + AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' + ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' + EsrpClientId: '${{ parameters.esrpClientId }}' + AuthAKVName: '${{ parameters.authAkvName }}' + AuthSignCertName: '${{ parameters.authSignCertName }}' + FolderPath: '${{ parameters.searchPath }}' + Pattern: '${{ parameters.searchPattern }}' + signConfigType: 'inlineSignParams' UseMSIAuthentication: true inlineOperation: | [ diff --git a/eng/pipelines/onebranch/steps/compound-pack-csproj-step.yml b/eng/pipelines/onebranch/steps/pack-csproj-step.yml similarity index 100% rename from eng/pipelines/onebranch/steps/compound-pack-csproj-step.yml rename to eng/pipelines/onebranch/steps/pack-csproj-step.yml diff --git a/eng/pipelines/onebranch/steps/pack-mds-step.yml b/eng/pipelines/onebranch/steps/pack-mds-step.yml new file mode 100644 index 0000000000..f1277280ae --- /dev/null +++ b/eng/pipelines/onebranch/steps/pack-mds-step.yml @@ -0,0 +1,42 @@ +################################################################################# +# Licensed to the .NET Foundation under one or more agreements. # +# The .NET Foundation licenses this file to you under the MIT license. # +# See the LICENSE file in the project root for more information. # +################################################################################# + +parameters: + # Package version parameters ---- + - name: abstractionsPackageVersion + type: string + + - name: loggingPackageVersion + type: string + + - name: mdsPackageVersion + type: string + +steps: + - task: MSBuild@1 + displayName: 'Build2.proj - PackMds' + inputs: + solution: '$(REPO_ROOT)/build2.proj' + configuration: 'Release' + msbuildArguments: >- + -t:PackMds + -p:BuildNumber="$(Build.BuildNumber)" + -p:PackBuild=false + -p:PackageVersionAbstractions="${{ parameters.abstractionsPackageVersion }}" + -p:PackageVersionLogging="${{ parameters.loggingPackageVersion }}" + -p:PackageVersionMds="${{ parameters.mdsPackageVersion }}" + -p:ReferenceType=Package + + - script: tree /a /f $(BUILD_OUTPUT) + displayName: Output Build Output Tree + + - task: CopyFiles@2 + displayName: 'Copy NuGet Packages to PACK_OUTPUT' + inputs: + contents: '**/Microsoft.Data.SqlClient*.*nupkg' + flattenFolders: true + sourceFolder: '$(BUILD_OUTPUT)/Microsoft.Data.SqlClient/' + targetFolder: '$(PACK_OUTPUT)' diff --git a/eng/pipelines/onebranch/steps/publish-symbols-step.yml b/eng/pipelines/onebranch/steps/publish-symbols-step.yml index a23dbf4556..48ee30b9c2 100644 --- a/eng/pipelines/onebranch/steps/publish-symbols-step.yml +++ b/eng/pipelines/onebranch/steps/publish-symbols-step.yml @@ -1,119 +1,153 @@ -#################################################################################### -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -# # -# doc: https://www.osgwiki.com/wiki/Symbols_Publishing_Pipeline_to_SymWeb_and_MSDL # -#################################################################################### +################################################################################# +# Licensed to the .NET Foundation under one or more agreements. # +# The .NET Foundation licenses this file to you under the MIT license. # +# See the LICENSE file in the project root for more information. # +################################################################################# + +# For more details, see https://www.osgwiki.com/wiki/Symbols_Publishing_Pipeline_to_SymWeb_and_MSDL + parameters: + # Name of the symbols artifact that will be published + - name: artifactName + type: string + + # Azure subscription where the publishing task will execute + - name: azureSubscription + type: string + + # Package name, typically the name of the nuget package being built + - name: packageName + type: string + + # Project that symbols will belong to (decided during symbols onboarding) + - name: publishProjectName + type: string + + # Where symbols publishing service is hosted, will be prepended to trafficmanager.net + - name: publishServer + type: string + + # Whether to publish the uploaded symbols to the internal symbols servers + - name: publishToInternal + type: boolean + + # Whether to publish the uploaded symbols to the public symbols servers + - name: publishToPublic + type: boolean + + # URI to use for requesting a bearer-token for publishing the symbols + - name: publishTokenUri + type: string + + # Pattern to use to search for pdb symbols files to upload/publish + - name: searchPattern + type: string + + # Account/org where the symbols will be uploaded + - name: uploadAccount + type: string - # The full name of the package whose symbols are being published. - - name: packageFullName - type: string - - # The version of the package whose symbols are being published. - - name: packageVersion - type: string - - # Our symbols account name. - - name: symbolsAccount - type: string - default: SqlClientDrivers - - # The symbols server to publish to. - - name: symbolServer - type: string - default: $(SymbolServer) - - # The token URI for the symbol publishing service. - - name: symbolTokenUri - type: string - default: $(SymbolTokenUri) - - # A pair of flags indicating whether to publish to the internal and public symbol servers. Both - # default to true. - - name: publishToServers - type: object - default: - internal: true - public: true + # Version of the symbols to publish, typically the same as the NuGet package version + - name: version + type: string steps: -- pwsh: 'Write-Host "##vso[task.setvariable variable=ArtifactServices.Symbol.AccountName;]${{parameters.symbolsAccount}}"' - displayName: 'Set ArtifactServices.Symbol.AccountName to ${{parameters.symbolsAccount}}' - -- pwsh: 'Write-Host "##vso[task.setvariable variable=symbolsArtifactName;]${{ parameters.packageFullName }}_symbols_$(System.TeamProject)_$(Build.Repository.Name)_$(Build.SourceBranchName)_${{ parameters.packageVersion }}_$(System.TimelineId)"' - displayName: 'Set symbolsArtifactName variable' - -- task: PublishSymbols@2 - displayName: 'Upload symbols to ${{parameters.symbolsAccount }} org' - inputs: - SymbolsFolder: '$(Build.SourcesDirectory)\artifacts\Package\bin' - SearchPattern: '**/*.pdb' - IndexSources: false - SymbolServerType: TeamServices - SymbolsMaximumWaitTime: 60 - SymbolExpirationInDays: 1825 # 5 years - SymbolsProduct: ${{ parameters.packageFullName }} - SymbolsVersion: ${{ parameters.packageVersion }} - SymbolsArtifactName: $(symbolsArtifactName) - Pat: $(System.AccessToken) - -- task: AzureCLI@2 - displayName: 'Publish symbols' - inputs: - azureSubscription: 'Symbols publishing Workload Identity federation service-ADO.Net' - scriptType: ps - scriptLocation: inlineScript - inlineScript: | - $publishToInternalServer = "${{parameters.publishToServers.internal }}".ToLower() - $publishToPublicServer = "${{parameters.publishToServers.public }}".ToLower() - - echo "Publishing request name: $(symbolsArtifactName)" - echo "Publish to internal server: $publishToInternalServer" - echo "Publish to public server: $publishToPublicServer" - - $symbolServer = "${{parameters.symbolServer }}" - $tokenUri = "${{parameters.symbolTokenUri }}" - # Registered project name in the symbol publishing pipeline: https://portal.microsofticm.com/imp/v3/incidents/incident/520844254/summary - $projectName = "Microsoft.Data.SqlClient.SNI" - - # Get the access token for the symbol publishing service - $symbolPublishingToken = az account get-access-token --resource $tokenUri --query accessToken -o tsv - - echo "> 1.Symbol publishing token acquired." - - echo "Registering the request name ..." - $requestName = "$(symbolsArtifactName)" - $requestNameRegistrationBody = "{'requestName': '$requestName'}" - Invoke-RestMethod -Method POST -Uri "https://$symbolServer.trafficmanager.net/projects/$projectName/requests" -Headers @{ Authorization = "Bearer $symbolPublishingToken" } -ContentType "application/json" -Body $requestNameRegistrationBody - - echo "> 2.Registration of request name succeeded." - - echo "Publishing the symbols ..." - $publishSymbolsBody = "{'publishToInternalServer': $publishToInternalServer, 'publishToPublicServer': $publishToPublicServer}" - echo "Publishing symbols request body: $publishSymbolsBody" - Invoke-RestMethod -Method POST -Uri "https://$symbolServer.trafficmanager.net/projects/$projectName/requests/$requestName" -Headers @{ Authorization = "Bearer $symbolPublishingToken" } -ContentType "application/json" -Body $publishSymbolsBody - - echo "> 3.Request to publish symbols succeeded." - - # The following REST calls are used to check publishing status. - echo "> 4.Checking the status of the request ..." - - Invoke-RestMethod -Method GET -Uri "https://$symbolServer.trafficmanager.net/projects/$projectName/requests/$requestName" -Headers @{ Authorization = "Bearer $symbolPublishingToken" } -ContentType "application/json" - - echo "Use below tables to interpret the values of xxxServerStatus and xxxServerResult fields from the response." - - echo "PublishingStatus" - echo "-----------------" - echo "0 NotRequested; The request has not been requested to publish." - echo "1 Submitted; The request is submitted to be published" - echo "2 Processing; The request is still being processed" - echo "3 Completed; The request has been completed processing. It can be failed or successful. Check PublishingResult to get more details" - - echo "PublishingResult" - echo "-----------------" - echo "0 Pending; The request has not completed or has not been requested." - echo "1 Succeeded; The request has published successfully" - echo "2 Failed; The request has failed to publish" - echo "3 Cancelled; The request was cancelled" + # Set variable for downstream tasks (allegedly). + # + # Note: Because variables cannot be set in top-level of template, this has to be done during + # runtime. + # + - script: 'echo ##vso[task.setvariable variable=ArtifactServices.Symbol.AccountName;]${{ parameters.uploadAccount }}' + displayName: 'Set ArtifactServices.Symbol.AccountName to ${{ parameters.uploadAccount }}' + + - task: PublishSymbols@2 + displayName: 'Upload symbols to ${{ parameters.uploadAccount }} org' + inputs: + IndexSources: false + Pat: '$(System.AccessToken)' + SearchPattern: '${{ parameters.searchPattern }}' + SymbolExpirationInDays: 1825 # 5 years + SymbolServerType: 'TeamServices' + SymbolsArtifactName: '${{ parameters.artifactName }}' + SymbolsFolder: '$(BUILD_OUTPUT)' + SymbolsMaximumWaitTime: 60 + SymbolsProduct: '${{ parameters.packageName }}' + SymbolsVersion: '${{ parameters.version }}' + + - task: AzureCLI@2 + displayName: 'Publish Symbols' + inputs: + azureSubscription: '${{ parameters.azureSubscription }}' + scriptLocation: inlineScript + scriptType: ps + inlineScript: | + # Propagate parameters to PS variables ################################################ + $artifactName = "${{ parameters.artifactName }}" + echo "artifactName= $artifactName" + + $publishProjectName = "${{ parameters.publishProjectName }}" + echo "publishProjectName= $publishProjectName" + + $publishToInternal = "${{ parameters.publishToInternal }}".ToLower() + echo "publishToInternal= $publishToInternal" + + $publishToPublic = "${{ parameters.publishToPublic }}".ToLower() + echo "publishToPublic= $publishToPublic" + + $publishServer = "${{ parameters.publishServer }}" + echo "publishServer= $publishServer" + + $publishTokenUri = "${{ parameters.publishTokenUri }}" + echo "publishTokenUri= $publishTokenUri" + + # Publish symbols ##################################################################### + # 1) Get the access token for the symbol publishing service + echo "> 1.Acquiring symbol publishing token..." + $symbolPublishingToken = az account get-access-token --resource $publishTokenUri --query accessToken -o tsv + echo "> 1.Symbol publishing token acquired." + + # 2) Register the request name + echo "> 2.Registering request name..." + $requestNameRegistrationBody = "{'requestName': '$artifactName'}" + Invoke-RestMethod ` + -Method POST ` + -Uri "https://$publishServer.trafficmanager.net/projects/$publishProjectName/requests" ` + -Headers @{ Authorization = "Bearer $symbolPublishingToken" } ` + -ContentType "application/json" ` + -Body $requestNameRegistrationBody + echo "> 2.Request name registered successfully." + + # 3) Publish the symbols + echo "> 3.Submitting request to publish symbols..." + $publishSymbolsBody = "{'publishToInternalServer': $publishToInternal, 'publishToPublicServer': $publishToPublic}" + Invoke-RestMethod ` + -Method POST ` + -Uri "https://$publishServer.trafficmanager.net/projects/$publishProjectName/requests/$artifactName" ` + -Headers @{ Authorization = "Bearer $symbolPublishingToken" } ` + -ContentType "application/json" ` + -Body $publishSymbolsBody + echo "> 3.Request to publish symbols submitted successfully." + + # The following REST calls are used to check publishing status. + echo "> 4.Checking the status of the request ..." + Invoke-RestMethod ` + -Method GET ` + -Uri "https://$publishServer.trafficmanager.net/projects/$publishProjectName/requests/$artifactName" ` + -Headers @{ Authorization = "Bearer $symbolPublishingToken" } ` + -ContentType "application/json" + + echo "Use below tables to interpret the values of xxxServerStatus and xxxServerResult fields from the response." + + echo "PublishingStatus" + echo "-----------------" + echo "0 NotRequested; The request has not been requested to publish." + echo "1 Submitted; The request is submitted to be published" + echo "2 Processing; The request is still being processed" + echo "3 Completed; The request has been completed processing. It can be failed or successful. Check PublishingResult to get more details" + + echo "PublishingResult" + echo "-----------------" + echo "0 Pending; The request has not completed or has not been requested." + echo "1 Succeeded; The request has published successfully" + echo "2 Failed; The request has failed to publish" + echo "3 Cancelled; The request was cancelled" diff --git a/eng/pipelines/onebranch/steps/code-analyze-step.yml b/eng/pipelines/onebranch/steps/roslyn-analyzers-csproj-step.yml similarity index 100% rename from eng/pipelines/onebranch/steps/code-analyze-step.yml rename to eng/pipelines/onebranch/steps/roslyn-analyzers-csproj-step.yml diff --git a/eng/pipelines/onebranch/steps/roslyn-analyzers-mds-step.yml b/eng/pipelines/onebranch/steps/roslyn-analyzers-mds-step.yml new file mode 100644 index 0000000000..5fe8009078 --- /dev/null +++ b/eng/pipelines/onebranch/steps/roslyn-analyzers-mds-step.yml @@ -0,0 +1,40 @@ +################################################################################# +# Licensed to the .NET Foundation under one or more agreements. # +# The .NET Foundation licenses this file to you under the MIT license. # +# See the LICENSE file in the project root for more information. # +################################################################################# + +# This template defines a step to run Roslyn Analyzers on the MDS build. It uses the +# RoslynAnalyzers@3 task from the Secure Development Team's SDL extension: +# +# https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-mohanb/security-integration/guardian-wiki/sdl-azdo-extension/roslyn-analyzers-build-task +# +# GOTCHA: This step will clobber any existing build output. It should be run _before_ any build +# steps that perform versioning or signing. + +parameters: + - name: abstractionsPackageVersion + type: string + + - name: loggingPackageVersion + type: string + + - name: mdsPackageVersion + type: string + +steps: + - task: securedevelopmentteam.vss-secure-development-tools.build-task-roslynanalyzers.RoslynAnalyzers@3 + displayName: 'Roslyn Analyzers: Build2.proj BuildMds' + inputs: + msBuildArchitecture: x64 + msBuildCommandLine: >- + msbuild + $(REPO_ROOT)/build2.proj + -t:BuildMds + -p:Configuration=Release + -p:PackageVersionAbstractions="${{ parameters.abstractionsPackageVersion }}" + -p:PackageVersionLogging="${{ parameters.loggingPackageVersion }}" + -p:PackageVersionMds="${{ parameters.mdsPackageVersion }}" + -p:ReferenceType=Package + msBuildVersion: 17.0 + setupCommandLinePicker: vs2022 diff --git a/eng/pipelines/onebranch/variables/common-variables.yml b/eng/pipelines/onebranch/variables/common-variables.yml index feddd2c6ce..dbbddefc51 100644 --- a/eng/pipelines/onebranch/variables/common-variables.yml +++ b/eng/pipelines/onebranch/variables/common-variables.yml @@ -28,8 +28,7 @@ variables: - name: CommitHead value: '' # the value will be extracted from the repo's head - # Aliases required by compound step templates (compound-esrp-dll-signing-step, - # compound-esrp-nuget-signing-step, compound-nuget-pack-step, etc.). + # "Well-Known" Variables that are ok to use directly, anywhere in the pipeline. # The root of our repo. - name: REPO_ROOT diff --git a/eng/pipelines/onebranch/variables/onebranch-variables.yml b/eng/pipelines/onebranch/variables/onebranch-variables.yml index 9c60ff4cf0..004786e25f 100644 --- a/eng/pipelines/onebranch/variables/onebranch-variables.yml +++ b/eng/pipelines/onebranch/variables/onebranch-variables.yml @@ -52,4 +52,4 @@ variables: # The SqlClient package artifacts. - name: sqlClientArtifactsName - value: drop_build_dependent_build_package_SqlClient + value: drop_build_dependent_build_package_Mds diff --git a/src/Microsoft.Data.SqlClient/MdsVersions.props b/src/Microsoft.Data.SqlClient/MdsVersions.props index e50e813f66..a9f8d1cc83 100644 --- a/src/Microsoft.Data.SqlClient/MdsVersions.props +++ b/src/Microsoft.Data.SqlClient/MdsVersions.props @@ -1,35 +1,89 @@ - + + + + + 7.0.0 - 0 - - $(MdsVersionDefault).$(BuildNumber.Split('.')[0]) - $(MdsPackageVersion.Split('-')[0]) + - + + + + + $(MdsPackageVersion.Split('-')[0]).$(AssemblyBuildNumber) + + - NOTE: NuGet versioning can handle arbitrary version strings, so we do not need to trim the - build number like we do for the assembly version. + + - $(MdsVersionDefault).$(BuildNumber)-dev + If a build suffix is provided, this is appended to the package version. This is meant to be + used by automated pre-release systems to indicate the source of the build. + + If a build suffix is not provided, no pre-release tag will be added to package version. If + the default version already has a pre-release tag added to it (eg, "7.0.0-preview1") this + will be retained for the package version, but will be stripped off for the file version + (letters are not allowed in file/assembly versions). This is meant to be used by official + build pipelines to generate production-ready builds. + --> + + $(MdsVersionDefault)-$(BuildSuffix)$(AssemblyBuildNumber) + $(MdsVersionDefault) + + $(MdsVersionDefault.Split('-')[0]).$(AssemblyBuildNumber) + + + + + + + dev + + $(MdsVersionDefault)-$(BuildSuffix) + $(MdsVersionDefault.Split('-')[0]).$(AssemblyBuildNumber) + + + + + + + $(MdsFileVersion.Split('.')[0]).0.0.0 + + diff --git a/src/Microsoft.Data.SqlClient/notsupported/Microsoft.Data.SqlClient.csproj b/src/Microsoft.Data.SqlClient/notsupported/Microsoft.Data.SqlClient.csproj index 6f5fc44f59..4099207511 100644 --- a/src/Microsoft.Data.SqlClient/notsupported/Microsoft.Data.SqlClient.csproj +++ b/src/Microsoft.Data.SqlClient/notsupported/Microsoft.Data.SqlClient.csproj @@ -71,7 +71,7 @@ $(MdsAssemblyVersion) - $(MdsAssemblyVersion) + $(MdsFileVersion) $(MdsPackageVersion) diff --git a/src/Microsoft.Data.SqlClient/ref/Microsoft.Data.SqlClient.csproj b/src/Microsoft.Data.SqlClient/ref/Microsoft.Data.SqlClient.csproj index dbdf7e9338..dfad9e601c 100644 --- a/src/Microsoft.Data.SqlClient/ref/Microsoft.Data.SqlClient.csproj +++ b/src/Microsoft.Data.SqlClient/ref/Microsoft.Data.SqlClient.csproj @@ -9,7 +9,7 @@ $(MdsAssemblyVersion) - $(MdsAssemblyVersion) + $(MdsFileVersion) $(MdsPackageVersion) diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft.Data.SqlClient.csproj b/src/Microsoft.Data.SqlClient/src/Microsoft.Data.SqlClient.csproj index 0f1c3c2d40..2f7c726500 100644 --- a/src/Microsoft.Data.SqlClient/src/Microsoft.Data.SqlClient.csproj +++ b/src/Microsoft.Data.SqlClient/src/Microsoft.Data.SqlClient.csproj @@ -13,7 +13,7 @@ $(MdsAssemblyVersion) - $(MdsAssemblyVersion) + $(MdsFileVersion) $(MdsPackageVersion) diff --git a/tools/targets/GenerateThisAssemblyCs.targets b/tools/targets/GenerateThisAssemblyCs.targets index 6dfd670c5c..8632d80dc4 100644 --- a/tools/targets/GenerateThisAssemblyCs.targets +++ b/tools/targets/GenerateThisAssemblyCs.targets @@ -8,8 +8,8 @@ - - $(AssemblyVersion) + + $(FileVersion) System