[xcode16.1] Merge main into xcode16.1

builds/Makefile

@@ -6,6 +6,8 @@ include $(TOP)/Make.config
 
 ifeq ($(shell arch),arm64)
 DOTNET_ARCH=arm64
+else ifeq ($(shell sysctl -n sysctl.proc_translated 2>/dev/null),1)
+DOTNET_ARCH=arm64
 else
 DOTNET_ARCH=x64
 endif
@@ -70,7 +72,7 @@ downloads/%: downloads/%.nupkg
 	$(Q) echo "Unzipped $*."
 
 downloads/$(DOTNET_INSTALL_NAME): dotnet-install.sh
-	$(Q) echo "Downloading and installing .NET $(DOTNET_VERSION) into $@..."
+	$(Q) echo "Downloading and installing .NET $(DOTNET_VERSION) ($(DOTNET_ARCH)) into $@..."
 	$(Q) ./dotnet-install.sh --install-dir "$@.tmp" --version "$(DOTNET_VERSION)" --architecture $(DOTNET_ARCH) --no-path $$DOTNET_INSTALL_EXTRA_ARGS
 	$(Q) rm -Rf "$@"
 	$(Q) mv "$@.tmp" "$@"

tests/packaged-macos-tests.mk

@@ -7,7 +7,7 @@ include $(TOP)/Make.config
 export TargetFrameworkFallbackSearchPaths:=$(MAC_DESTDIR)/Library/Frameworks/Mono.framework/External/xbuild-frameworks
 export MSBuildExtensionsPathFallbackPathsOverride:=$(MAC_DESTDIR)/Library/Frameworks/Mono.framework/External/xbuild
 
-ifeq ($(shell uname -a),"arm64")
+ifeq ($(shell arch),"arm64")
 IS_ARM64=1
 IS_APPLE_SILICON=1
 endif

tools/devops/automation/run-post-ci-build-vs-insertion.yml

@@ -0,0 +1,87 @@
+# YAML pipeline for post build operations. 
+# This pipeline will sign the nugets and will prepare them for a release.
+
+trigger: none
+pr: none
+
+parameters:
+
+  - name: stageDisplayNamePrefix
+    type: string
+    default: ''
+
+  - name: repositoryAlias
+    type: string
+    default: self
+
+  - name: commit
+    type: string
+    default: HEAD
+
+  - name: pushNugets
+    type: boolean
+    default: true # default to true until otherwhise
+
+  - name: pushNugetsToMaestro
+    type: boolean
+    default: true
+
+# we cannot use a template in a pipeline context
+resources:
+  pipelines:
+    - pipeline: macios
+      source: \Xamarin\Mac-iOS\ci pipelines\xamarin-macios-ci
+      trigger:
+        branches:
+          include:
+            - main
+            - release-test/*
+            - release/*
+            - net7.0
+            - net8.0
+            - net9.0
+            - net10.0
+            - xcode??
+        stages:
+          - build_packages
+
+extends:
+  template: azure-pipelines/MicroBuild.1ES.Official.yml@CustomPipelineTemplates
+  parameters:
+    pool:  # default pool to be used for validation jobs
+      name: AzurePipelines-EO
+      image: 1ESPT-Windows2022
+      os: windows
+    sdl:
+      baseline:
+        baselineFile: '$(System.DefaultWorkingDirectory)\\xamarin-macios\\tools\\devops\\governance\\baselines.gdnbaselines'
+      suppression:
+        suppressionFile: '$(System.DefaultWorkingDirectory)\\xamarin-macios\\tools\\devops\\governance\\suppress.gdnsuppress'
+      sourceAnalysisPool:
+        name: AzurePipelines-EO
+        image: 1ESPT-Windows2022
+        os: windows
+      tsa:
+        configFile: '$(System.DefaultWorkingDirectory)\\xamarin-macios\\tools\\devops\\governance\\tsa_config.gdntsa'
+      sbom:
+        enabled: false  # we run our on sbom generation
+      credscan:
+        suppressionsFile: '$(System.DefaultWorkingDirectory)\\xamarin-macios\\tools\\devops\\governance\\CredScanSuppressions.json'
+      policheck:
+        exclusionsFile: '$(System.DefaultWorkingDirectory)\\xamarin-macios\\tools\\devops\\governance\\PoliCheckExclusions.xml'
+      sourceRepositoriesToScan:
+        runInSingleJob: true  # run both maccore and macios in the same job
+        include:
+          - repository: maccore
+        exclude:
+          - repository: yaml-templates
+          - repository: sdk-insertions
+    stages:
+      - template: templates/release/vs-insertion-prep.yml
+        parameters:
+          stageDisplayNamePrefix: ${{ parameters.stageDisplayNamePrefix }}
+          isPR: false
+          repositoryAlias: ${{ parameters.repositoryAlias }}
+          commit: ${{ parameters.commit }}
+          pushNugets: ${{ parameters.pushNugets }}
+          pushNugetsToMaestro: ${{ parameters.pushNugetsToMaestro }}

tools/devops/automation/run-post-pr-build-api-scan.yml

@@ -12,7 +12,7 @@ resources:
           - build_packages
 
 extends:
-  template: templates/pipelines/run-tests-pipeline.yml
+  template: templates/pipelines/run-api-scan.yml
   parameters:
     isPR: true
 

tools/devops/automation/templates/governance/apiscan.yml

@@ -15,6 +15,10 @@ parameters:
   type: string
   default: '$(MaciosUploadPrefix)'
 
+- name: use1ES
+  type: boolean
+  default: true
+
 steps:
 
 - template: ../common/checkout.yml
@@ -88,9 +92,17 @@ steps:
     GdnBreakOutputSuppressionFile: $(Build.ArtifactStagingDirectory)\GuardianSuppressions\falsepositives.gdnsuppress
     GdnBreakOutputSuppressionSet: falsepositives
 
-- task: 1ES.PublishPipelineArtifact@1
-  displayName: Publish Artifact for Guardian Supressions
-  inputs:
-    path: $(Build.ArtifactStagingDirectory)\GuardianSuppressions
-    artifact: Guardian Suppressions APIScan $(PLATFORM) $(VERSION)
-  condition: failed()
+- ${{ if eq(parameters.use1ES, true) }}:
+  - task: 1ES.PublishPipelineArtifact@1
+    displayName: Publish Artifact for Guardian Supressions
+    inputs:
+      path: $(Build.ArtifactStagingDirectory)\GuardianSuppressions
+      artifact: Guardian Suppressions APIScan $(PLATFORM) $(VERSION)
+    condition: failed()
+- ${{ else }}:
+  - task: PublishPipelineArtifact@1
+    displayName: Publish Artifact for Guardian Supressions
+    inputs:
+      targetPath: $(Build.ArtifactStagingDirectory)\GuardianSuppressions
+      artifactName: Guardian Suppressions APIScan $(PLATFORM) $(VERSION)
+    condition: failed()

tools/devops/automation/templates/governance/stage.yml

@@ -20,6 +20,10 @@ parameters:
   type: object
   default: [configure_build, build_packages]
 
+- name: use1ES
+  type: boolean
+  default: true
+
 stages:
 - stage: governance_checks
   displayName: '${{ parameters.stageDisplayNamePrefix }}API Scan'
@@ -43,3 +47,4 @@ stages:
         isPR: ${{ parameters.isPR }}
         repositoryAlias: ${{ parameters.repositoryAlias }}
         commit: ${{ parameters.commit }}
+        use1ES: ${{ parameters.use1ES }}

tools/devops/automation/templates/pipelines/run-api-scan.yml

@@ -7,6 +7,47 @@ parameters:
     type: boolean
     default: false
 
+  - name: pool
+    type: string
+    displayName: Bot pool to use
+    default: automatic
+    values:
+      - pr
+      - ci
+      - automatic
+
+  - name: testConfigurations
+    displayName: Test configurations to run
+    type: object
+    default: []
+
+  - name: supportedPlatforms
+    type: object
+    default: [
+      {
+        platform: iOS,
+        isDotNetPlatform: true,
+      },
+      {
+        platform: macOS,
+        isDotNetPlatform: true,
+      },
+      {
+        platform: tvOS,
+        isDotNetPlatform: true,
+      },
+      {
+        platform: MacCatalyst,
+        isDotNetPlatform: true,
+      },
+      {
+        # when running platform-specific test runs, we also need a special test run that executes tests that only runs when multiple platforms are enabled
+        platform: Multiple,
+        isDotNetPlatform: true,
+      }
+    ]
+
+
 resources:
   repositories:
     - repository: self
@@ -34,15 +75,16 @@ resources:
 variables:
   - template: ../variables/common.yml
   - template: ../variables/api-scan.yml
-  - name: DisablePipelineConfigDetector
-    ${{ if eq(parameters.isPR, false) }}:
-    value: true
-    ${{ else }}:
-    value: false
+  - ${{ if eq(parameters.isPR, false) }}:
+      - name: DisablePipelineConfigDetector
+        value: true
+  - ${{ else }}:
+      - name: DisablePipelineConfigDetector
+        value: false
 
 stages:
   - stage: configure_build
-    displayName: '${{ parameters.stageDisplayNamePrefix }}Configure'
+    displayName: 'Configure'
     jobs:
 
       - ${{ if eq(parameters.pool, 'automatic') }}:
@@ -71,10 +113,10 @@ stages:
           BRANCH_NAME: $[ replace(variables['Build.SourceBranch'], 'refs/heads/', '') ]
 
         steps:
-          - template: ../common/configuration.yml
+          - template: ../common/configure.yml
             parameters: 
-              repositoryAlias: ${{ parameters.repositoryAlias }}
-              commit: ${{ parameters.commit }}
+              repositoryAlias: self
+              commit: HEAD
               testConfigurations: ${{ parameters.testConfigurations }}
               supportedPlatforms: ${{ parameters.supportedPlatforms }}
               testsLabels: '--label=skip-all-tests,run-ios-tests,run-ios-simulator-tests,run-tvos-tests,run-watchos-tests,run-mac-tests,run-maccatalyst-tests,run-dotnet-tests,run-system-permission-tests,run-legacy-xamarin-tests'
@@ -84,7 +126,7 @@ stages:
   - template: ../governance/stage.yml
     parameters:
       isPR: ${{ parameters.isPR }}
-      repositoryAlias: ${{ parameters.repositoryAlias }}
-      commit: ${{ parameters.commit }}
-      stageDisplayNamePrefix: ${{ parameters.stageDisplayNamePrefix }}
+      repositoryAlias: self
+      commit: HEAD
       dependsOn: configure_build
+      use1ES: false