Merge remote-tracking branch 'upstream/release/6.0' into merge-internal/release/6.0

Author: mmitche

NuGet.config

@@ -5,7 +5,6 @@
     <clear />
     <!--Begin: Package sources managed by Dependency Flow automation. Do not edit the sources below.-->
     <!--  Begin: Package sources from dotnet-runtime -->
-    <add key="darc-int-dotnet-runtime-be98e88" value="https://pkgs.dev.azure.com/dnceng/internal/_packaging/darc-int-dotnet-runtime-be98e88c/nuget/v3/index.json" />
     <!--  End: Package sources from dotnet-runtime -->
     <!--End: Package sources managed by Dependency Flow automation. Do not edit the sources above.-->
     <add key="dotnet-eng" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json" />
@@ -19,7 +18,6 @@
   <disabledPackageSources>
     <!--Begin: Package sources managed by Dependency Flow automation. Do not edit the sources below.-->
     <!--  Begin: Package sources from dotnet-runtime -->
-    <add key="darc-int-dotnet-runtime-be98e88" value="true" />
     <!--  End: Package sources from dotnet-runtime -->
     <!--End: Package sources managed by Dependency Flow automation. Do not edit the sources above.-->
   </disabledPackageSources>

eng/Version.Details.xml

@@ -49,7 +49,7 @@
       <Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-runtime</Uri>
       <Sha>be98e88c760526452df94ef452fff4602fb5bded</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.Wpf.DncEng" Version="6.0.0-rtm.22161.2">
+    <Dependency Name="Microsoft.DotNet.Wpf.DncEng" Version="6.0.0-rtm.22212.1">
       <Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-wpf-int</Uri>
       <Sha>c8d46e6b93f648dd15d27210af19b62f98205daa</Sha>
     </Dependency>
@@ -83,25 +83,25 @@
     </Dependency>
   </ProductDependencies>
   <ToolsetDependencies>
-    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="6.0.0-beta.22122.7">
+    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="6.0.0-beta.22212.5">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>7215d8265a7fbcd022eb72ff7a6e2048444c985f</Sha>
+      <Sha>1a6b24397e50146d0fece9cfb9c0b87275691e6f</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.CodeAnalysis" Version="6.0.0-beta.22122.7">
+    <Dependency Name="Microsoft.DotNet.CodeAnalysis" Version="6.0.0-beta.22212.5">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>7215d8265a7fbcd022eb72ff7a6e2048444c985f</Sha>
+      <Sha>1a6b24397e50146d0fece9cfb9c0b87275691e6f</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.Helix.Sdk" Version="6.0.0-beta.22122.7">
+    <Dependency Name="Microsoft.DotNet.Helix.Sdk" Version="6.0.0-beta.22212.5">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>7215d8265a7fbcd022eb72ff7a6e2048444c985f</Sha>
+      <Sha>1a6b24397e50146d0fece9cfb9c0b87275691e6f</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.ApiCompat" Version="6.0.0-beta.22122.7">
+    <Dependency Name="Microsoft.DotNet.ApiCompat" Version="6.0.0-beta.22212.5">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>7215d8265a7fbcd022eb72ff7a6e2048444c985f</Sha>
+      <Sha>1a6b24397e50146d0fece9cfb9c0b87275691e6f</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.GenAPI" Version="6.0.0-beta.22122.7">
+    <Dependency Name="Microsoft.DotNet.GenAPI" Version="6.0.0-beta.22212.5">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>7215d8265a7fbcd022eb72ff7a6e2048444c985f</Sha>
+      <Sha>1a6b24397e50146d0fece9cfb9c0b87275691e6f</Sha>
     </Dependency>
   </ToolsetDependencies>
 </Dependencies>

eng/Versions.props

@@ -3,7 +3,7 @@
   <PropertyGroup>
     <MajorVersion>6</MajorVersion>
     <MinorVersion>0</MinorVersion>
-    <PatchVersion>4</PatchVersion>
+    <PatchVersion>5</PatchVersion>
     <VersionPrefix>$(MajorVersion).$(MinorVersion).$(PatchVersion)</VersionPrefix>
     <!--
       Set assembly version to align with major and minor version, as for the patches and revisions should be manually
@@ -56,9 +56,9 @@
   </PropertyGroup>
   <!-- Packages that come from https://github.com/dotnet/arcade -->
   <PropertyGroup>
-    <MicrosoftDotNetApiCompatVersion>6.0.0-beta.22122.7</MicrosoftDotNetApiCompatVersion>
-    <MicrosoftDotNetCodeAnalysisPackageVersion>6.0.0-beta.22122.7</MicrosoftDotNetCodeAnalysisPackageVersion>
-    <MicrosoftDotNetGenAPIVersion>6.0.0-beta.22122.7</MicrosoftDotNetGenAPIVersion>
+    <MicrosoftDotNetApiCompatVersion>6.0.0-beta.22212.5</MicrosoftDotNetApiCompatVersion>
+    <MicrosoftDotNetCodeAnalysisPackageVersion>6.0.0-beta.22212.5</MicrosoftDotNetCodeAnalysisPackageVersion>
+    <MicrosoftDotNetGenAPIVersion>6.0.0-beta.22212.5</MicrosoftDotNetGenAPIVersion>
   </PropertyGroup>
   <!-- Maintain System.CodeDom PackageVersion at 4.4.0. See https://github.com/Microsoft/msbuild/issues/3627 -->
   <!-- Pin specific versions of S.Memory so that it would supply AssemblyVersion=4.0.1.0. See https://github.com/dotnet/runtime/issues/31672 -->
@@ -97,6 +97,6 @@
     <SystemReflectionMetadataLoadContextPackage>System.Reflection.MetadataLoadContext</SystemReflectionMetadataLoadContextPackage>
   </PropertyGroup>
   <PropertyGroup>
-    <MicrosoftDotNetWpfDncEngVersion>6.0.0-rtm.22161.2</MicrosoftDotNetWpfDncEngVersion>
+    <MicrosoftDotNetWpfDncEngVersion>6.0.0-rtm.22212.1</MicrosoftDotNetWpfDncEngVersion>
   </PropertyGroup>
 </Project>

eng/common/templates/job/execute-sdl.yml

@@ -43,14 +43,9 @@ jobs:
       value: ${{ parameters.AzDOPipelineId }}
     - name: AzDOBuildId
       value: ${{ parameters.AzDOBuildId }}
-    # The Guardian version specified in 'eng/common/sdl/packages.config'. This value must be kept in
-    # sync with the packages.config file.
-    - name: DefaultGuardianVersion
-      value: 0.110.1
+    - template: /eng/common/templates/variables/sdl-variables.yml
     - name: GuardianVersion
       value: ${{ coalesce(parameters.overrideGuardianVersion, '$(DefaultGuardianVersion)') }}
-    - name: GuardianPackagesConfigFile
-      value: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
   pool:
     # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
     ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
@@ -126,57 +121,11 @@ jobs:
       displayName: Extract Archive Artifacts
       continueOnError: ${{ parameters.sdlContinueOnError }}
 
-  - ${{ if ne(parameters.overrideGuardianVersion, '') }}:
-    - powershell: |
-        $content = Get-Content $(GuardianPackagesConfigFile)
-
-        Write-Host "packages.config content was:`n$content"
-
-        $content = $content.Replace('$(DefaultGuardianVersion)', '$(GuardianVersion)')
-        $content | Set-Content $(GuardianPackagesConfigFile)
-
-        Write-Host "packages.config content updated to:`n$content"
-      displayName: Use overridden Guardian version ${{ parameters.overrideGuardianVersion }}
-
-  - task: NuGetToolInstaller@1
-    displayName: 'Install NuGet.exe'
-  - task: NuGetCommand@2
-    displayName: 'Install Guardian'
-    inputs:
-      restoreSolution: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
-      feedsToUse: config
-      nugetConfigPath: $(Build.SourcesDirectory)\eng\common\sdl\NuGet.config
-      externalFeedCredentials: GuardianConnect
-      restoreDirectory: $(Build.SourcesDirectory)\.packages
-
-  - ${{ if ne(parameters.overrideParameters, '') }}:
-    - powershell: ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }}
-      displayName: Execute SDL
-      continueOnError: ${{ parameters.sdlContinueOnError }}
-  - ${{ if eq(parameters.overrideParameters, '') }}:
-    - powershell: ${{ parameters.executeAllSdlToolsScript }}
-        -GuardianPackageName Microsoft.Guardian.Cli.$(GuardianVersion)
-        -NugetPackageDirectory $(Build.SourcesDirectory)\.packages
-        -AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
-        ${{ parameters.additionalParameters }}
-      displayName: Execute SDL
-      continueOnError: ${{ parameters.sdlContinueOnError }}
-
-  - ${{ if ne(parameters.publishGuardianDirectoryToPipeline, 'false') }}:
-    # We want to publish the Guardian results and configuration for easy diagnosis. However, the
-    # '.gdn' dir is a mix of configuration, results, extracted dependencies, and Guardian default
-    # tooling files. Some of these files are large and aren't useful during an investigation, so
-    # exclude them by simply deleting them before publishing. (As of writing, there is no documented
-    # way to selectively exclude a dir from the pipeline artifact publish task.)
-    - task: DeleteFiles@1
-      displayName: Delete Guardian dependencies to avoid uploading
-      inputs:
-        SourceFolder: $(Agent.BuildDirectory)/.gdn
-        Contents: |
-          c
-          i
-      condition: succeededOrFailed()
-    - publish: $(Agent.BuildDirectory)/.gdn
-      artifact: GuardianConfiguration
-      displayName: Publish GuardianConfiguration
-      condition: succeededOrFailed()
+  - template: /eng/common/templates/steps/execute-sdl.yml
+    parameters:
+      overrideGuardianVersion: ${{ parameters.overrideGuardianVersion }}
+      executeAllSdlToolsScript: ${{ parameters.executeAllSdlToolsScript }}
+      overrideParameters: ${{ parameters.overrideParameters }}
+      additionalParameters: ${{ parameters.additionalParameters }}
+      publishGuardianDirectoryToPipeline: ${{ parameters.publishGuardianDirectoryToPipeline }}
+      sdlContinueOnError: ${{ parameters.sdlContinueOnError }}

eng/common/templates/jobs/codeql-build.yml

@@ -21,7 +21,7 @@ jobs:
       # The Guardian version specified in 'eng/common/sdl/packages.config'. This value must be kept in
       # sync with the packages.config file.
       - name: DefaultGuardianVersion
-        value: 0.109.0
+        value: 0.110.1
       - name: GuardianPackagesConfigFile
         value: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
       - name: GuardianVersion

eng/common/templates/steps/execute-sdl.yml

@@ -0,0 +1,68 @@
+parameters:
+  overrideGuardianVersion: ''
+  executeAllSdlToolsScript: ''
+  overrideParameters: ''
+  additionalParameters: ''
+  publishGuardianDirectoryToPipeline: false
+  sdlContinueOnError: false
+  condition: ''
+
+steps:
+- ${{ if ne(parameters.overrideGuardianVersion, '') }}:
+  - powershell: |
+      $content = Get-Content $(GuardianPackagesConfigFile)
+
+      Write-Host "packages.config content was:`n$content"
+
+      $content = $content.Replace('$(DefaultGuardianVersion)', '$(GuardianVersion)')
+      $content | Set-Content $(GuardianPackagesConfigFile)
+
+      Write-Host "packages.config content updated to:`n$content"
+    displayName: Use overridden Guardian version ${{ parameters.overrideGuardianVersion }}
+
+- task: NuGetToolInstaller@1
+  displayName: 'Install NuGet.exe'
+  
+- task: NuGetCommand@2
+  displayName: 'Install Guardian'
+  inputs:
+    restoreSolution: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
+    feedsToUse: config
+    nugetConfigPath: $(Build.SourcesDirectory)\eng\common\sdl\NuGet.config
+    externalFeedCredentials: GuardianConnect
+    restoreDirectory: $(Build.SourcesDirectory)\.packages
+
+- ${{ if ne(parameters.overrideParameters, '') }}:
+  - powershell: ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }}
+    displayName: Execute SDL
+    continueOnError: ${{ parameters.sdlContinueOnError }}
+    condition: ${{ parameters.condition }}
+
+- ${{ if eq(parameters.overrideParameters, '') }}:
+  - powershell: ${{ parameters.executeAllSdlToolsScript }}
+      -GuardianPackageName Microsoft.Guardian.Cli.$(GuardianVersion)
+      -NugetPackageDirectory $(Build.SourcesDirectory)\.packages
+      -AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
+      ${{ parameters.additionalParameters }}
+    displayName: Execute SDL
+    continueOnError: ${{ parameters.sdlContinueOnError }}
+    condition: ${{ parameters.condition }}
+
+- ${{ if ne(parameters.publishGuardianDirectoryToPipeline, 'false') }}:
+  # We want to publish the Guardian results and configuration for easy diagnosis. However, the
+  # '.gdn' dir is a mix of configuration, results, extracted dependencies, and Guardian default
+  # tooling files. Some of these files are large and aren't useful during an investigation, so
+  # exclude them by simply deleting them before publishing. (As of writing, there is no documented
+  # way to selectively exclude a dir from the pipeline artifact publish task.)
+  - task: DeleteFiles@1
+    displayName: Delete Guardian dependencies to avoid uploading
+    inputs:
+      SourceFolder: $(Agent.BuildDirectory)/.gdn
+      Contents: |
+        c
+        i
+    condition: succeededOrFailed()
+  - publish: $(Agent.BuildDirectory)/.gdn
+    artifact: GuardianConfiguration
+    displayName: Publish GuardianConfiguration
+    condition: succeededOrFailed()

eng/common/templates/steps/source-build.yml

@@ -43,8 +43,8 @@ steps:
     # In that case, add variables to allow the download of internal runtimes if the specified versions are not found
     # in the default public locations.
     internalRuntimeDownloadArgs=
-    if [ '$(dotnetclimsrc-read-sas-token-base64)' != '$''(dotnetclimsrc-read-sas-token-base64)' ]; then
-      internalRuntimeDownloadArgs='/p:DotNetRuntimeSourceFeed=https://dotnetclimsrc.blob.core.windows.net/dotnet /p:DotNetRuntimeSourceFeedKey=$(dotnetclimsrc-read-sas-token-base64) --runtimesourcefeed https://dotnetclimsrc.blob.core.windows.net/dotnet --runtimesourcefeedkey $(dotnetclimsrc-read-sas-token-base64)'
+    if [ '$(dotnetbuilds-internal-container-read-token-base64)' != '$''(dotnetbuilds-internal-container-read-token-base64)' ]; then
+      internalRuntimeDownloadArgs='/p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) --runtimesourcefeed https://dotnetbuilds.blob.core.windows.net/internal --runtimesourcefeedkey $(dotnetbuilds-internal-container-read-token-base64)'
     fi
 
     buildConfig=Release

eng/common/templates/variables/sdl-variables.yml

@@ -0,0 +1,7 @@
+variables:
+# The Guardian version specified in 'eng/common/sdl/packages.config'. This value must be kept in
+# sync with the packages.config file.
+- name: DefaultGuardianVersion
+  value: 0.110.1
+- name: GuardianPackagesConfigFile
+  value: $(Build.SourcesDirectory)\eng\common\sdl\packages.config

global.json

@@ -1,6 +1,6 @@
 {
   "tools": {
-    "dotnet": "6.0.101",
+    "dotnet": "6.0.104",
     "runtimes": {
       "dotnet": [
         "2.1.7",
@@ -12,11 +12,11 @@
     }
   },
   "msbuild-sdks": {
-    "Microsoft.DotNet.Arcade.Sdk": "6.0.0-beta.22122.7",
-    "Microsoft.DotNet.Helix.Sdk": "6.0.0-beta.22122.7"
+    "Microsoft.DotNet.Arcade.Sdk": "6.0.0-beta.22212.5",
+    "Microsoft.DotNet.Helix.Sdk": "6.0.0-beta.22212.5"
   },
   "sdk": {
-    "version": "6.0.101"
+    "version": "6.0.104"
   },
   "native-tools": {
     "strawberry-perl": "5.28.1.1-1",