From c8fa88850cc7bf314a2f07bdf217cb60dafc3ec1 Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Mon, 17 Nov 2025 11:07:53 -0700 Subject: [PATCH 01/15] Drop `auto-insertion` tag handling Now that official and unofficial pipelines are distinct, there's no real reason to avoid triggering an insertion with every official build. --- azure-pipelines/build.yml | 3 --- azure-pipelines/schedule-only-steps.yml | 3 --- azure-pipelines/vs-insertion.yml | 1 - 3 files changed, 7 deletions(-) delete mode 100644 azure-pipelines/schedule-only-steps.yml diff --git a/azure-pipelines/build.yml b/azure-pipelines/build.yml index 078cb8396..86d11fe16 100644 --- a/azure-pipelines/build.yml +++ b/azure-pipelines/build.yml @@ -194,9 +194,6 @@ jobs: - powershell: Write-Host "##vso[task.setvariable variable=PROFILINGINPUTSDROPNAME]$(tools/variables/ProfilingInputsDropName.ps1)" displayName: โš™ Set ProfilingInputsDropName for optprof - - ${{ if eq(variables['Build.Reason'], 'Schedule') }}: - - template: schedule-only-steps.yml - - template: install-dependencies.yml - script: dotnet nbgv cloud -ca diff --git a/azure-pipelines/schedule-only-steps.yml b/azure-pipelines/schedule-only-steps.yml deleted file mode 100644 index ad07a341b..000000000 --- a/azure-pipelines/schedule-only-steps.yml +++ /dev/null @@ -1,3 +0,0 @@ -steps: -- powershell: echo "##vso[build.addbuildtag]auto-insertion" - displayName: Tag for auto-insertion diff --git a/azure-pipelines/vs-insertion.yml b/azure-pipelines/vs-insertion.yml index 2899a6a08..bb5332ec9 100644 --- a/azure-pipelines/vs-insertion.yml +++ b/azure-pipelines/vs-insertion.yml @@ -15,7 +15,6 @@ resources: trigger: tags: - Real signed - - auto-insertion variables: - template: GlobalVariables.yml From e95eb88acf602a6c46a2720650f0e2509cf542f3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 17 Nov 2025 12:28:49 -0700 Subject: [PATCH 02/15] Update actions/checkout digest to 93cb6ef Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 4 ++-- .github/workflows/copilot-setup-steps.yml | 2 +- .github/workflows/docs.yml | 2 +- .github/workflows/libtemplate-update.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 717342eb6..f290509be 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -29,7 +29,7 @@ jobs: - windows-2022 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. - name: โš™ Install prerequisites @@ -74,7 +74,7 @@ jobs: name: ๐Ÿ“ƒ Docs runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: ๐Ÿ”— Markup Link Checker (mlc) uses: becheran/mlc@18a06b3aa2901ca197de59c8b0b1f54fdba6b3fa # v1.0.0 with: diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index eb69d92e8..52dfafa0a 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -26,7 +26,7 @@ jobs: # You can define any steps you want, and they will run before the agent starts. # If you do not check out your code, Copilot will do this for you. steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. - name: โš™ Install prerequisites diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index a7155c4cf..d78426362 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -24,7 +24,7 @@ jobs: url: ${{ steps.deployment.outputs.page_url }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. - name: โš™ Install prerequisites diff --git a/.github/workflows/libtemplate-update.yml b/.github/workflows/libtemplate-update.yml index f5cf8666f..1f64e09d2 100644 --- a/.github/workflows/libtemplate-update.yml +++ b/.github/workflows/libtemplate-update.yml @@ -17,7 +17,7 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. From 91ee72eba1eed6090d83d93f0dcba4bd53ac655f Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Mon, 17 Nov 2025 14:40:18 -0700 Subject: [PATCH 03/15] Replace hard-coded codecov_token with secrets/variables --- .github/workflows/build.yml | 7 ++++--- Expand-Template.ps1 | 10 ---------- azure-pipelines.yml | 1 - azure-pipelines/dotnet.yml | 7 +++++-- 4 files changed, 9 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f290509be..5c06d5de0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,7 +12,6 @@ on: env: DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true BUILDCONFIGURATION: Release - # codecov_token: 4dc9e7e2-6b01-4932-a180-847b52b43d35 # Get a new one from https://codecov.io/ NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages/ jobs: @@ -64,11 +63,13 @@ jobs: uses: ./.github/actions/publish-artifacts if: cancelled() == false - name: ๐Ÿ“ข Publish code coverage results to codecov.io - run: ./tools/publish-CodeCov.ps1 -CodeCovToken "${{ env.codecov_token }}" -PathToCodeCoverage "${{ runner.temp }}/_artifacts/coverageResults" -Name "${{ runner.os }} Coverage Results" -Flags "${{ runner.os }}" + run: | + if ('${{ secrets.CODECOV_TOKEN }}') { + ./tools/publish-CodeCov.ps1 -CodeCovToken '${{ secrets.CODECOV_TOKEN }}' -PathToCodeCoverage "${{ runner.temp }}/_artifacts/coverageResults" -Name "${{ runner.os }} Coverage Results" -Flags "${{ runner.os }}" + } shell: pwsh timeout-minutes: 3 continue-on-error: true - if: env.codecov_token != '' docs: name: ๐Ÿ“ƒ Docs diff --git a/Expand-Template.ps1 b/Expand-Template.ps1 index 5b08d843f..39bbd2cf0 100755 --- a/Expand-Template.ps1 +++ b/Expand-Template.ps1 @@ -7,9 +7,6 @@ Expands this template into an actual project, taking values for placeholders The name of the library. Should consist only of alphanumeric characters and periods. .PARAMETER Author The name to use in copyright and owner notices. -.PARAMETER CodeCovToken -A token obtained from codecov.io for your repo. If not specified, code coverage results will not be published to codecov.io, -but can be added later by editing the Azure Pipelines YAML file. .PARAMETER CIFeed The `/{guid}` path to the Azure Pipelines artifact feed to push your nuget package to as part of your CI. .PARAMETER Squash @@ -22,8 +19,6 @@ Param( [Parameter(Mandatory=$true)] [string]$Author, [Parameter()] - [string]$CodeCovToken, - [Parameter()] [string]$CIFeed, [Parameter()] [switch]$Squash @@ -179,11 +174,6 @@ try { } $YmlReplacements = @{} - if ($CodeCovToken) { - $YmlReplacements['(codecov_token: ).*(#.*)'] = "`$1$CodeCovToken" - } else { - $YmlReplacements['(codecov_token: ).*(#.*)'] = "#`$1`$2" - } if ($CIFeed) { $YmlReplacements['(ci_feed: ).*(#.*)'] = "`$1$CIFeed" } else { diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 4d372fe0c..8c2ddec93 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -26,7 +26,6 @@ parameters: variables: DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true BuildConfiguration: Release - codecov_token: 4dc9e7e2-6b01-4932-a180-847b52b43d35 # Get a new one from https://codecov.io/ ci_feed: https://pkgs.dev.azure.com/andrewarnott/_packaging/CI/nuget/v3/index.json # Azure Artifacts feed URL NUGET_PACKAGES: $(Agent.TempDirectory)/.nuget/packages/ diff --git a/azure-pipelines/dotnet.yml b/azure-pipelines/dotnet.yml index 30bb4107d..9a572afe1 100644 --- a/azure-pipelines/dotnet.yml +++ b/azure-pipelines/dotnet.yml @@ -20,11 +20,14 @@ steps: displayName: ๐Ÿ“ข Publish artifacts condition: succeededOrFailed() -- ${{ if and(ne(variables['codecov_token'], ''), parameters.RunTests) }}: +- ${{ if parameters.RunTests }}: - powershell: | $ArtifactStagingFolder = & "tools/Get-ArtifactsStagingDirectory.ps1" $CoverageResultsFolder = Join-Path $ArtifactStagingFolder "coverageResults-$(Agent.JobName)" - tools/publish-CodeCov.ps1 -CodeCovToken "$(codecov_token)" -PathToCodeCoverage "$CoverageResultsFolder" -Name "$(Agent.JobName) Coverage Results" -Flags "$(Agent.JobName)" + tools/publish-CodeCov.ps1 -CodeCovToken "$(CODECOV_TOKEN)" -PathToCodeCoverage "$CoverageResultsFolder" -Name "$(Agent.JobName) Coverage Results" -Flags "$(Agent.JobName)" displayName: ๐Ÿ“ข Publish code coverage results to codecov.io timeoutInMinutes: 3 continueOnError: true + # Set the CODECOV_TOKEN variable in your Azure Pipeline to enable code coverage reporting + # Get a token from https://codecov.io/ + condition: and(succeeded(), ne(variables['CODECOV_TOKEN'], '')) From 32a3cdd0dbc5773b67517f9b97b86c42198f4cbb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 20 Nov 2025 21:13:36 +0000 Subject: [PATCH 04/15] Update actions/checkout action to v6 (443) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 4 ++-- .github/workflows/copilot-setup-steps.yml | 2 +- .github/workflows/docs.yml | 2 +- .github/workflows/libtemplate-update.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5c06d5de0..376a52ff9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,7 +28,7 @@ jobs: - windows-2022 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. - name: โš™ Install prerequisites @@ -75,7 +75,7 @@ jobs: name: ๐Ÿ“ƒ Docs runs-on: ubuntu-latest steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 - name: ๐Ÿ”— Markup Link Checker (mlc) uses: becheran/mlc@18a06b3aa2901ca197de59c8b0b1f54fdba6b3fa # v1.0.0 with: diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index 52dfafa0a..8bbf7b077 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -26,7 +26,7 @@ jobs: # You can define any steps you want, and they will run before the agent starts. # If you do not check out your code, Copilot will do this for you. steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. - name: โš™ Install prerequisites diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index d78426362..28313d12a 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -24,7 +24,7 @@ jobs: url: ${{ steps.deployment.outputs.page_url }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. - name: โš™ Install prerequisites diff --git a/.github/workflows/libtemplate-update.yml b/.github/workflows/libtemplate-update.yml index 1f64e09d2..f7d0b54e4 100644 --- a/.github/workflows/libtemplate-update.yml +++ b/.github/workflows/libtemplate-update.yml @@ -17,7 +17,7 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. From 585a2dfec55c77a7fa62afe086ac131ad93187fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20K=C3=B6plinger?= Date: Fri, 21 Nov 2025 15:44:28 +0100 Subject: [PATCH 05/15] Use official URLs in Install-DotNetSdk.ps1 The blob storage URLs will stop working, see https://github.com/dotnet/announcements/issues/336 --- tools/Install-DotNetSdk.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/Install-DotNetSdk.ps1 b/tools/Install-DotNetSdk.ps1 index 3d13e817d..590581e26 100644 --- a/tools/Install-DotNetSdk.ps1 +++ b/tools/Install-DotNetSdk.ps1 @@ -125,14 +125,14 @@ Function Get-InstallerExe( } if ($TypedVersion.Build -eq -1) { - $versionInfo = -Split (Invoke-WebRequest -Uri "https://dotnetcli.blob.core.windows.net/dotnet/$sku/$Version/latest.version" -UseBasicParsing) + $versionInfo = -Split (Invoke-WebRequest -Uri "https://builds.dotnet.microsoft.com/dotnet/$sku/$Version/latest.version" -UseBasicParsing) $Version = $versionInfo[-1] } $majorMinor = "$($TypedVersion.Major).$($TypedVersion.Minor)" $ReleasesFile = Join-Path $DotNetInstallScriptRoot "$majorMinor\releases.json" if (!(Test-Path $ReleasesFile)) { - Get-FileFromWeb -Uri "https://dotnetcli.blob.core.windows.net/dotnet/release-metadata/$majorMinor/releases.json" -OutDir (Split-Path $ReleasesFile) | Out-Null + Get-FileFromWeb -Uri "https://builds.dotnet.microsoft.com/dotnet/release-metadata/$majorMinor/releases.json" -OutDir (Split-Path $ReleasesFile) | Out-Null } $releases = Get-Content $ReleasesFile | ConvertFrom-Json From 1439223d98460542839efa8c8c9c19a011c72e98 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 28 Nov 2025 18:34:34 -0700 Subject: [PATCH 06/15] Update dependency xunit.v3 to 3.2.1 (445) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Directory.Packages.props | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Directory.Packages.props b/Directory.Packages.props index c0924a538..d4cbbbb1c 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -11,7 +11,7 @@ - + From 5a412a0c542cd02716f3c9e1460e6b98c63cdb69 Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Mon, 1 Dec 2025 18:25:17 -0700 Subject: [PATCH 07/15] Switch out our own OptProf profiling pipeline for the VS one --- azure-pipelines/OptProf.yml | 125 -------- azure-pipelines/OptProf_part2.yml | 91 ------ azure-pipelines/build.yml | 269 +++++++++--------- azure-pipelines/dotnet.yml | 14 +- azure-pipelines/microbuild.after.yml | 21 -- azure-pipelines/microbuild.before.yml | 28 +- azure-pipelines/vs-insertion-script.ps1 | 17 ++ azure-pipelines/vs-insertion.yml | 1 + azure-pipelines/vs-validation.yml | 2 +- src/OptProf.targets | 8 +- .../Library.VSInsertionMetadata.proj | 11 - src/VSInsertionMetadata/ProfilingInputs.props | 5 - .../VSInsertionMetadata.targets | 71 ----- tools/artifacts/VSInsertion.ps1 | 12 +- tools/variables/ProfilingInputsPropsName.ps1 | 6 + 15 files changed, 176 insertions(+), 505 deletions(-) delete mode 100644 azure-pipelines/OptProf.yml delete mode 100644 azure-pipelines/OptProf_part2.yml create mode 100644 azure-pipelines/vs-insertion-script.ps1 delete mode 100644 src/VSInsertionMetadata/Library.VSInsertionMetadata.proj delete mode 100644 src/VSInsertionMetadata/ProfilingInputs.props delete mode 100644 src/VSInsertionMetadata/VSInsertionMetadata.targets create mode 100644 tools/variables/ProfilingInputsPropsName.ps1 diff --git a/azure-pipelines/OptProf.yml b/azure-pipelines/OptProf.yml deleted file mode 100644 index 515e72a3e..000000000 --- a/azure-pipelines/OptProf.yml +++ /dev/null @@ -1,125 +0,0 @@ -trigger: none -pr: none -schedules: -- cron: "0 3 * * Fri" # Thu @ 8 or 9 PM Mountain Time (depending on DST) - displayName: Weekly OptProf run - branches: - include: - - 'v*.*' - - main - always: true # we must keep data fresh since optimizationdata drops are purged after 30 days - -# Avoid errant CI builds: https://developercommunity.visualstudio.com/content/problem/1154409/azure-pipeline-is-triggering-due-to-events-that-ne.html -#resources: -# repositories: -# - repository: scripts -# type: git -# name: DeploymentScripts -# ref: refs/heads/test - -parameters: - - name: ShouldSkipOptimize - displayName: Skip OptProf optimization - type: boolean - default: false # Should usually be false so that optprof LKG can apply when tests fail, but may need to be set to true in a manually queued pipeline run if all drops have expired. - -variables: -- template: GlobalVariables.yml -- name: PublicRelease - value: false # avoid using nice version since we're building a preliminary/unoptimized package -- name: IsOptProf - value: true -- name: MicroBuild_NuPkgSigningEnabled - value: false # test-signed nuget packages fail to restore in the VS insertion PR validations. Just don't sign them *at all*. - -stages: -- stage: Library - variables: - - name: OptProf - value: true - - template: BuildStageVariables.yml - jobs: - - template: build.yml - parameters: - Is1ESPT: false - RealSign: false - windowsPool: VSEngSS-MicroBuild2022-1ES - EnableMacOSBuild: false - ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }} - IsOptProf: true - RunTests: false - SkipCodesignVerify: true -- stage: QueueVSBuild - jobs: - - job: QueueOptProf - pool: VSEngSS-MicroBuild2022-1ES - variables: - InsertPayloadName: LibraryName - InsertTopicBranch: team/VS-IDE/LibraryName-OptProf-run-$(Build.BuildId) - steps: - - checkout: none # We don't need source from our own repo - clean: true - - # Pipeline YAML does not yet support checking out other repos. So we'll do it by hand. -# - checkout: scripts # We DO need source from the DeploymentScripts repo -# clean: true -# path: $(Agent.TempDirectory)/DeploymentScripts -# fetchDepth: 1 - - script: 'git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" clone https://devdiv.visualstudio.com/DevDiv/_git/DeploymentScripts --depth 1 --branch test "$(Agent.TempDirectory)/DeploymentScripts"' - displayName: Download DeploymentScripts repo - - - task: DownloadBuildArtifacts@0 - displayName: Download insertion artifacts - inputs: - artifactName: VSInsertion-Windows - downloadPath: $(Agent.TempDirectory) - - task: DownloadBuildArtifacts@0 - displayName: Download variables artifacts - inputs: - artifactName: Variables-Windows - downloadPath: $(Agent.TempDirectory) - - task: PowerShell@2 - displayName: Set pipeline variables based on artifacts - inputs: - targetType: filePath - filePath: $(Agent.TempDirectory)/Variables-Windows/_define.ps1 - - task: NuGetCommand@2 - displayName: Push VS-repo packages to VS feed - inputs: - command: push - packagesToPush: $(Agent.TempDirectory)/VSInsertion-Windows/*.nupkg - publishVstsFeed: 97a41293-2972-4f48-8c0e-05493ae82010 # VS feed - allowPackageConflicts: true - - task: MicroBuildInsertVsPayload@5 - displayName: Insert VS Payload - inputs: - TeamName: $(TeamName) - TeamEmail: $(TeamEmail) - SkipCreatePR: true - CustomScriptExecutionCommand: src\VSSDK\NuGet\AllowUnstablePackages.ps1 - ${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}: - ConnectedVSDropServiceName: 'VSEng-VSDrop-MI' - env: - SYSTEM_ACCESSTOKEN: $(System.AccessToken) - - task: benjhuser.tfs-extensions-build-tasks.trigger-build-task.TriggerBuild@3 - displayName: Trigger a new build of DD-CB-TestSignVS-devCI - inputs: - buildDefinition: DD-CB-TestSignVS-devCI - useSameBranch: false - branchToUse: $(InsertTopicBranch) - storeInEnvironmentVariable: true - queueBuildForUserThatTriggeredBuild: false - authenticationMethod: OAuth Token - password: $(System.AccessToken) - - task: PowerShell@2 - displayName: Associate InsertionOutputs artifacts with CloudBuild - inputs: - targetType: filePath - filePath: $(Agent.TempDirectory)/DeploymentScripts/Scripts/Insertion/WriteArtifact.ps1 - arguments: '-oldBuildID $(Build.BuildId) -newBuildID $(TriggeredBuildIds) -artifactName "InsertionOutputs" -accessToken $(System.AccessToken)' - - task: PowerShell@2 - displayName: Tag the build with LibraryName-insertion - inputs: - targetType: filePath - filePath: $(Agent.TempDirectory)/DeploymentScripts/Scripts/Insertion/TagBuild.ps1 - arguments: '-buildID $(TriggeredBuildIds) -tagName "LibraryName-insertion" -accessToken $(System.AccessToken)' diff --git a/azure-pipelines/OptProf_part2.yml b/azure-pipelines/OptProf_part2.yml deleted file mode 100644 index c59d69996..000000000 --- a/azure-pipelines/OptProf_part2.yml +++ /dev/null @@ -1,91 +0,0 @@ -trigger: none -pr: none - -resources: - pipelines: - - pipeline: VisualStudioBuildUnderTest - source: DD-CB-TestSignVS-devCI - trigger: - tags: - - LibraryName-insertion - - pipeline: DartLab - source: DartLab - branch: main - - pipeline: DartLab.OptProf - source: DartLab.OptProf - branch: main - tags: - - production - repositories: - - repository: DartLabTemplates - type: git - name: DartLab.Templates - ref: refs/heads/main - - repository: DartLabOptProfTemplates - type: git - name: DartLab.OptProf - ref: refs/tags/Production - -parameters: - -# The prefix naming of the OptimizationInputs drop -- name: optimizationDropPrefix - type: string - default: OptimizationInputs/$(System.TeamProject)/$(Build.Repository.Name) - -stages: -- template: \templates\stages\visual-studio\single-runsettings.yml@DartLabOptProfTemplates - parameters: - ##### Required ##### - runSettingsURI: $(Pipeline.Workspace)\VisualStudioBuildUnderTest\BuildArtifacts\runsettings\LibraryName.OptProf.runsettings - visualStudioBootstrapperURI: https://vsdrop.corp.microsoft.com/file/v1/$(VisualStudio.BuildUnderTest.ProductsDropName);bootstrappers/Enterprise/vs_enterprise.exe - ##### Optional ##### - name: OptProfProfilingWorkflow - displayName: OptProf Profiling Workflow - optOptimizationInputsDropName: $(OptimizationInputsDropName) - previousOptimizationInputsDropName: $(PreviousOptimizationInputsDropName) - testLabPoolName: VS-Platform - ##### Step Hooks ##### - preTestMachineConfigurationStepList: - - download: VisualStudioBuildUnderTest - - task: PowerShell@2 - name: SetProductsDropName - displayName: Set 'VisualStudio.BuildUnderTest.ProductsDropName' - inputs: - filePath: $(DartLab.Path)\Scripts\VisualStudio\Build\Get-VisualStudioDropName.ps1 - arguments: -DropNamePrefix 'Products' -VstsDropUrlsJson '$(Pipeline.Workspace)\VisualStudioBuildUnderTest\BuildArtifacts\VstsDropUrls.json' -OutVariableName 'VisualStudio.BuildUnderTest.ProductsDropName' - preDeployAndRunTestsStepList: - - download: VisualStudioBuildUnderTest - prePublishOptimizationInputsDropStepList: - # Set parameter for PreviousOptimizationInputsDropName, MicroBuildCommitID, and OptimizationInputsDropName - - powershell: | - try { - $artifactName = 'InsertionOutputs' - $BuildID = $(resources.pipeline.VisualStudioBuildUnderTest.runID) - $artifact = Get-BuildArtifact -InstanceURL 'https://dev.azure.com/devdiv' -ProjectName 'DevDiv' -BuildID $BuildID -ArtifactName $artifactName -OAuthAccessToken (ConvertTo-SecureString '$(System.AccessToken)' -AsPlainText -Force) - $containerName = $artifact.Resource.Data -Split '/' | Select-Object -Last 1 - $fileName = Join-Path $containerName 'Metadata.json' - $jsonString = Read-BuildArtifactFile -InstanceURL 'https://dev.azure.com/devdiv' -ProjectName 'DevDiv' -BuildID $BuildID -ArtifactName $artifactName -FileName $fileName -OAuthAccessToken (ConvertTo-SecureString '$(System.AccessToken)' -AsPlainText -Force) - $json = $jsonString | ConvertFrom-Json - - Write-Host "The content of the metadata.json file was $json" - - $dropname = $json.OptimizationData - $commitID = $json.CommitID - $OptimizationInputsDropName = "${{parameters.optimizationDropPrefix}}/$($commitID)/$(Build.BuildId)/$(System.StageId)/$(System.StageAttempt)" - - Write-Host "PreviousOptimizationInputsDropName: $dropname" - Set-AzurePipelinesVariable 'PreviousOptimizationInputsDropName' $dropname - - Write-Host "MicroBuildCommitID: $commitID" - Set-AzurePipelinesVariable 'MicroBuildCommitID' $commitID - - Write-Host "OptimizationInputsDropName: $OptimizationInputsDropName" - Set-AzurePipelinesVariable 'OptimizationInputsDropName' $OptimizationInputsDropName - } - catch { - Write-Host $_ - Write-Error "Failed to set OptimizationInputsDropName pipeline variable" - throw - } - displayName: Set MicroBuildCommitID, PreviousOptimizationInputsDropName, and OptimizationInputsDropName diff --git a/azure-pipelines/build.yml b/azure-pipelines/build.yml index 86d11fe16..a1f64b869 100644 --- a/azure-pipelines/build.yml +++ b/azure-pipelines/build.yml @@ -69,12 +69,6 @@ parameters: type: boolean default: false -# Whether this particular run is an OptProf profiling run. -# This is used to skip unit tests and other non-essential work to improve reliability of the OptProf pipeline. -- name: IsOptProf - type: boolean - default: false - - name: RunTests type: boolean default: true @@ -139,8 +133,11 @@ jobs: optprof: enabled: ${{ parameters.EnableOptProf }} ProfilingInputsDropName: $(ProfilingInputsDropName) - OptimizationInputsLookupMethod: DropPrefix - DropNamePrefix: OptimizationInputs/$(System.TeamProject)/$(Build.Repository.Name) + GeneratePropsFile: true + PropsPath: $(Build.ArtifactStagingDirectory)/InsertionOutputs/$(ProfilingInputsPropsName) + OptimizationInputsLookupMethod: GitTagRepo + GitTagProject: DevDiv + GitTagRepo: VS ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }} AccessToken: $(System.AccessToken) mbpresteps: @@ -148,8 +145,10 @@ jobs: fetchDepth: 0 # avoid shallow clone so nbgv can do its work. clean: true - ${{ if parameters.EnableOptProf }}: - - powershell: Write-Host "##vso[task.setvariable variable=PROFILINGINPUTSDROPNAME]$(tools/variables/ProfilingInputsDropName.ps1)" - displayName: โš™ Set ProfilingInputsDropName for optprof + - powershell: | + Write-Host "##vso[task.setvariable variable=PROFILINGINPUTSDROPNAME]$(tools/variables/ProfilingInputsDropName.ps1)" + Write-Host "##vso[task.setvariable variable=PROFILINGINPUTSPROPSNAME]$(tools/variables/ProfilingInputsPropsName.ps1)" + displayName: โš™ Setting variables for optprof sdl: binskim: analyzeTargetGlob: $(Build.ArtifactStagingDirectory)\symbols-Windows\** @@ -185,6 +184,15 @@ jobs: displayName: ๐Ÿ“ข Publish APIScanInputs targetPath: $(Build.ArtifactStagingDirectory)/APIScanInputs-Windows artifactName: APIScanInputs + - ${{ if parameters.EnableOptProf }}: + - output: artifactsDrop + displayName: ๐Ÿ“ข Publish to Artifact Services - ProfilingInputs + dropServiceURI: https://devdiv.artifacts.visualstudio.com + buildNumber: $(ProfilingInputsDropName) + sourcePath: $(Build.ArtifactStagingDirectory)\OptProf\ProfilingInputs + toLowerCase: false + retentionDays: 500 + condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest')) steps: - ${{ if not(parameters.Is1ESPT) }}: - checkout: self @@ -204,7 +212,6 @@ jobs: - template: microbuild.before.yml parameters: EnableLocalization: ${{ parameters.EnableLocalization }} - IsOptProf: ${{ parameters.IsOptProf }} ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }} RealSign: ${{ parameters.RealSign }} @@ -212,7 +219,6 @@ jobs: parameters: Is1ESPT: ${{ parameters.Is1ESPT }} RunTests: ${{ parameters.RunTests }} - IsOptProf: ${{ parameters.IsOptProf }} - ${{ if and(parameters.EnableDotNetFormatCheck, not(parameters.EnableLinuxBuild)) }}: - script: dotnet format --verify-no-changes @@ -223,142 +229,139 @@ jobs: - ${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}: - template: microbuild.after.yml parameters: - IsOptProf: ${{ parameters.IsOptProf }} SkipCodesignVerify: ${{ parameters.SkipCodesignVerify }} - template: expand-template.yml +- ${{ if parameters.EnableLinuxBuild }}: + - job: Linux + pool: ${{ parameters.linuxPool }} + ${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}: + templateContext: + mb: + ${{ if parameters.RealSign }}: + signing: + enabled: false # enable when building unique artifacts on this agent that must be signed + signType: real + signWithProd: true + outputParentDirectory: $(Build.ArtifactStagingDirectory) + outputs: + - ${{ each artifact in parameters.artifact_names }}: + - ${{ if or(ne(artifact.testOnly, 'true'), parameters.RunTests) }}: + - output: pipelineArtifact + displayName: ๐Ÿ“ข Publish ${{ artifact.name }}-Linux + targetPath: $(Build.ArtifactStagingDirectory)/${{ artifact.name }}-Linux + artifactName: ${{ artifact.name }}-Linux + ${{ if and(parameters.Is1ESPTOfficial, eq(artifact.sbomEnabled, 'true')) }}: + sbomEnabled: true + - output: pipelineArtifact + displayName: ๐Ÿ“ข Publish ${{ artifact.name }}-Linux (for failed attempts) + targetPath: $(Build.ArtifactStagingDirectory)/${{ artifact.name }}-Linux + artifactName: ${{ artifact.name }}-Linux-$(System.PhaseAttempt) + ${{ if and(parameters.Is1ESPTOfficial, eq(artifact.sbomEnabled, 'true')) }}: + sbomEnabled: true + condition: failed() + steps: + - checkout: self + fetchDepth: 0 # avoid shallow clone so nbgv can do its work. + clean: true + - template: install-dependencies.yml + - template: dotnet.yml + parameters: + Is1ESPT: ${{ parameters.Is1ESPT }} + RunTests: ${{ parameters.RunTests }} + BuildRequiresAccessToken: ${{ parameters.RealSign }} # Real signing on non-Windows machines requires passing through access token to build steps that sign + - ${{ if parameters.EnableDotNetFormatCheck }}: + - script: dotnet format --verify-no-changes + displayName: ๐Ÿ’… Verify formatted code + env: + dotnetformat: true # part of a workaround for https://github.com/dotnet/sdk/issues/44951 + - template: expand-template.yml -- ${{ if not(parameters.IsOptProf) }}: - - ${{ if parameters.EnableLinuxBuild }}: - - job: Linux - pool: ${{ parameters.linuxPool }} - ${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}: - templateContext: - mb: - ${{ if parameters.RealSign }}: - signing: - enabled: false # enable when building unique artifacts on this agent that must be signed - signType: real - signWithProd: true - outputParentDirectory: $(Build.ArtifactStagingDirectory) - outputs: - - ${{ each artifact in parameters.artifact_names }}: - - ${{ if or(ne(artifact.testOnly, 'true'), parameters.RunTests) }}: - - output: pipelineArtifact - displayName: ๐Ÿ“ข Publish ${{ artifact.name }}-Linux - targetPath: $(Build.ArtifactStagingDirectory)/${{ artifact.name }}-Linux - artifactName: ${{ artifact.name }}-Linux - ${{ if and(parameters.Is1ESPTOfficial, eq(artifact.sbomEnabled, 'true')) }}: - sbomEnabled: true - - output: pipelineArtifact - displayName: ๐Ÿ“ข Publish ${{ artifact.name }}-Linux (for failed attempts) - targetPath: $(Build.ArtifactStagingDirectory)/${{ artifact.name }}-Linux - artifactName: ${{ artifact.name }}-Linux-$(System.PhaseAttempt) - ${{ if and(parameters.Is1ESPTOfficial, eq(artifact.sbomEnabled, 'true')) }}: - sbomEnabled: true - condition: failed() - steps: - - checkout: self - fetchDepth: 0 # avoid shallow clone so nbgv can do its work. - clean: true - - template: install-dependencies.yml - - template: dotnet.yml - parameters: - Is1ESPT: ${{ parameters.Is1ESPT }} - RunTests: ${{ parameters.RunTests }} - BuildRequiresAccessToken: ${{ parameters.RealSign }} # Real signing on non-Windows machines requires passing through access token to build steps that sign - - ${{ if parameters.EnableDotNetFormatCheck }}: - - script: dotnet format --verify-no-changes - displayName: ๐Ÿ’… Verify formatted code - env: - dotnetformat: true # part of a workaround for https://github.com/dotnet/sdk/issues/44951 - - template: expand-template.yml - - - ${{ if parameters.EnableMacOSBuild }}: - - job: macOS - pool: ${{ parameters.macOSPool }} - ${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}: - templateContext: - mb: - ${{ if parameters.RealSign }}: - signing: - enabled: false # enable when building unique artifacts on this agent that must be signed - signType: real - signWithProd: true - outputParentDirectory: $(Build.ArtifactStagingDirectory) - outputs: - - ${{ each artifact in parameters.artifact_names }}: - - ${{ if or(ne(artifact.testOnly, 'true'), parameters.RunTests) }}: - - output: pipelineArtifact - displayName: ๐Ÿ“ข Publish ${{ artifact.name }}-macOS - targetPath: $(Build.ArtifactStagingDirectory)/${{ artifact.name }}-macOS - artifactName: ${{ artifact.name }}-macOS - ${{ if and(parameters.Is1ESPTOfficial, eq(artifact.sbomEnabled, 'true')) }}: - sbomEnabled: true - - output: pipelineArtifact - displayName: ๐Ÿ“ข Publish ${{ artifact.name }}-macOS (for failed attempts) - targetPath: $(Build.ArtifactStagingDirectory)/${{ artifact.name }}-macOS - artifactName: ${{ artifact.name }}-macOS-$(System.PhaseAttempt) - ${{ if and(parameters.Is1ESPTOfficial, eq(artifact.sbomEnabled, 'true')) }}: - sbomEnabled: true - condition: failed() - steps: - - checkout: self - fetchDepth: 0 # avoid shallow clone so nbgv can do its work. - clean: true - - template: install-dependencies.yml - - template: dotnet.yml - parameters: - Is1ESPT: ${{ parameters.Is1ESPT }} - RunTests: ${{ parameters.RunTests }} - BuildRequiresAccessToken: ${{ parameters.RealSign }} # Real signing on non-Windows machines requires passing through access token to build steps that sign - - template: expand-template.yml - - - job: WrapUp - dependsOn: - - Windows - - ${{ if parameters.EnableLinuxBuild }}: - - Linux - - ${{ if parameters.EnableMacOSBuild }}: - - macOS - pool: ${{ parameters.windowsPool }} # Use Windows agent because PublishSymbols task requires it (https://github.com/microsoft/azure-pipelines-tasks/issues/13821). - condition: succeededOrFailed() - variables: - ONEES_ENFORCED_CODEQL_ENABLED: false # CodeQL runs on build jobs, we don't need it here +- ${{ if parameters.EnableMacOSBuild }}: + - job: macOS + pool: ${{ parameters.macOSPool }} ${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}: templateContext: - ${{ if not(parameters.RealSign) }}: - mb: - signing: # if the build is test-signed, install the signing plugin so that CSVTestSignPolicy.xml is available - enabled: true - zipSources: false - signType: test + mb: + ${{ if parameters.RealSign }}: + signing: + enabled: false # enable when building unique artifacts on this agent that must be signed + signType: real + signWithProd: true outputParentDirectory: $(Build.ArtifactStagingDirectory) outputs: - - output: pipelineArtifact - displayName: ๐Ÿ“ข Publish symbols-legacy - targetPath: $(Build.ArtifactStagingDirectory)/symbols-legacy - artifactName: symbols-legacy - condition: succeededOrFailed() + - ${{ each artifact in parameters.artifact_names }}: + - ${{ if or(ne(artifact.testOnly, 'true'), parameters.RunTests) }}: + - output: pipelineArtifact + displayName: ๐Ÿ“ข Publish ${{ artifact.name }}-macOS + targetPath: $(Build.ArtifactStagingDirectory)/${{ artifact.name }}-macOS + artifactName: ${{ artifact.name }}-macOS + ${{ if and(parameters.Is1ESPTOfficial, eq(artifact.sbomEnabled, 'true')) }}: + sbomEnabled: true + - output: pipelineArtifact + displayName: ๐Ÿ“ข Publish ${{ artifact.name }}-macOS (for failed attempts) + targetPath: $(Build.ArtifactStagingDirectory)/${{ artifact.name }}-macOS + artifactName: ${{ artifact.name }}-macOS-$(System.PhaseAttempt) + ${{ if and(parameters.Is1ESPTOfficial, eq(artifact.sbomEnabled, 'true')) }}: + sbomEnabled: true + condition: failed() steps: - checkout: self fetchDepth: 0 # avoid shallow clone so nbgv can do its work. clean: true - template: install-dependencies.yml + - template: dotnet.yml parameters: - initArgs: -NoRestore - - template: publish-symbols.yml + Is1ESPT: ${{ parameters.Is1ESPT }} + RunTests: ${{ parameters.RunTests }} + BuildRequiresAccessToken: ${{ parameters.RealSign }} # Real signing on non-Windows machines requires passing through access token to build steps that sign + - template: expand-template.yml + +- job: WrapUp + dependsOn: + - Windows + - ${{ if parameters.EnableLinuxBuild }}: + - Linux + - ${{ if parameters.EnableMacOSBuild }}: + - macOS + pool: ${{ parameters.windowsPool }} # Use Windows agent because PublishSymbols task requires it (https://github.com/microsoft/azure-pipelines-tasks/issues/13821). + condition: succeededOrFailed() + variables: + ONEES_ENFORCED_CODEQL_ENABLED: false # CodeQL runs on build jobs, we don't need it here + ${{ if eq(variables['system.collectionId'], '011b8bdf-6d56-4f87-be0d-0092136884d9') }}: + templateContext: + ${{ if not(parameters.RealSign) }}: + mb: + signing: # if the build is test-signed, install the signing plugin so that CSVTestSignPolicy.xml is available + enabled: true + zipSources: false + signType: test + outputParentDirectory: $(Build.ArtifactStagingDirectory) + outputs: + - output: pipelineArtifact + displayName: ๐Ÿ“ข Publish symbols-legacy + targetPath: $(Build.ArtifactStagingDirectory)/symbols-legacy + artifactName: symbols-legacy + condition: succeededOrFailed() + steps: + - checkout: self + fetchDepth: 0 # avoid shallow clone so nbgv can do its work. + clean: true + - template: install-dependencies.yml + parameters: + initArgs: -NoRestore + - template: publish-symbols.yml + parameters: + EnableLinuxBuild: ${{ parameters.EnableLinuxBuild }} + EnableMacOSBuild: ${{ parameters.EnableMacOSBuild }} + - ${{ if and(parameters.RunTests, parameters.PublishCodeCoverage) }}: + - template: publish-codecoverage.yml parameters: EnableLinuxBuild: ${{ parameters.EnableLinuxBuild }} EnableMacOSBuild: ${{ parameters.EnableMacOSBuild }} - - ${{ if and(parameters.RunTests, parameters.PublishCodeCoverage) }}: - - template: publish-codecoverage.yml - parameters: - EnableLinuxBuild: ${{ parameters.EnableLinuxBuild }} - EnableMacOSBuild: ${{ parameters.EnableMacOSBuild }} - - ${{ if parameters.EnableAPIScan }}: - - template: apiscan.yml - parameters: - windowsPool: ${{ parameters.windowsPool }} - RealSign: ${{ parameters.RealSign }} +- ${{ if parameters.EnableAPIScan }}: + - template: apiscan.yml + parameters: + windowsPool: ${{ parameters.windowsPool }} + RealSign: ${{ parameters.RealSign }} diff --git a/azure-pipelines/dotnet.yml b/azure-pipelines/dotnet.yml index b1f7625d6..b67b4a62a 100644 --- a/azure-pipelines/dotnet.yml +++ b/azure-pipelines/dotnet.yml @@ -1,8 +1,5 @@ parameters: - name: RunTests -- name: IsOptProf - type: boolean - default: false - name: Is1ESPT type: boolean - name: BuildRequiresAccessToken @@ -17,14 +14,9 @@ steps: env: SYSTEM_ACCESSTOKEN: $(System.AccessToken) -- ${{ if not(parameters.IsOptProf) }}: - - powershell: tools/dotnet-test-cloud.ps1 -Configuration $(BuildConfiguration) -Agent $(Agent.JobName) -PublishResults - displayName: ๐Ÿงช dotnet test - condition: and(succeeded(), ${{ parameters.RunTests }}) - -- ${{ if parameters.IsOptProf }}: - - script: dotnet pack src\VSInsertionMetadata -c $(BuildConfiguration) -warnaserror /bl:"$(Build.ArtifactStagingDirectory)/build_logs/VSInsertion-Pack.binlog" - displayName: ๐Ÿ”ง dotnet pack VSInsertionMetadata +- powershell: tools/dotnet-test-cloud.ps1 -Configuration $(BuildConfiguration) -Agent $(Agent.JobName) -PublishResults + displayName: ๐Ÿงช dotnet test + condition: and(succeeded(), ${{ parameters.RunTests }}) - powershell: tools/variables/_define.ps1 failOnStderr: true diff --git a/azure-pipelines/microbuild.after.yml b/azure-pipelines/microbuild.after.yml index 67ba90080..c0e1e7bd0 100644 --- a/azure-pipelines/microbuild.after.yml +++ b/azure-pipelines/microbuild.after.yml @@ -1,7 +1,4 @@ parameters: -- name: IsOptProf - type: boolean - default: false - name: SkipCodesignVerify type: boolean @@ -15,21 +12,3 @@ steps: TargetFolders: | $(Build.SourcesDirectory)/bin/Packages/$(BuildConfiguration) condition: and(succeeded(), eq(variables['Agent.OS'], 'Windows_NT')) - -- ${{ if parameters.IsOptProf }}: - - task: ms-vscs-artifact.build-tasks.artifactDropTask-1.artifactDropTask@0 - inputs: - dropServiceURI: https://devdiv.artifacts.visualstudio.com - buildNumber: $(ProfilingInputsDropName) - sourcePath: $(Build.ArtifactStagingDirectory)\OptProf\ProfilingInputs - toLowerCase: false - usePat: true - displayName: ๐Ÿ“ข Publish to Artifact Services - ProfilingInputs - condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest')) - - - task: PublishBuildArtifacts@1 - inputs: - PathtoPublish: $(Build.ArtifactStagingDirectory)/InsertionOutputs - ArtifactName: InsertionOutputs - ArtifactType: Container - displayName: ๐Ÿ“ข Publish InsertionOutputs as Azure DevOps artifacts diff --git a/azure-pipelines/microbuild.before.yml b/azure-pipelines/microbuild.before.yml index fd47d1bb9..298235321 100644 --- a/azure-pipelines/microbuild.before.yml +++ b/azure-pipelines/microbuild.before.yml @@ -2,9 +2,6 @@ parameters: - name: EnableLocalization type: boolean default: false -- name: IsOptProf - type: boolean - default: false - name: ShouldSkipOptimize type: boolean default: false @@ -12,7 +9,7 @@ parameters: type: boolean steps: -- ${{ if and(not(parameters.IsOptProf), ne(variables['Build.Reason'], 'PullRequest')) }}: +- ${{ if ne(variables['Build.Reason'], 'PullRequest') }}: # notice@0 requires CG detection to run first, and non-default branches don't inject it automatically. # default branch injection (main) is happening too late for notice@0 to run successfully. Adding this as a workaround. - task: ComponentGovernanceComponentDetection@0 @@ -25,26 +22,3 @@ steps: outputformat: text retryCountOnTaskFailure: 10 # fails when the cloud service is overloaded continueOnError: ${{ not(parameters.RealSign) }} # Tolerate failures when we're not building something that may ship. - -- ${{ if parameters.IsOptProf }}: - # We have to install these plugins ourselves for Optprof runs because those pipelines haven't migrated to 1ES PT yet. - - task: MicroBuildOptProfPlugin@6 - inputs: - ProfilingInputsDropName: $(ProfilingInputsDropName) - OptimizationInputsLookupMethod: DropPrefix - DropNamePrefix: OptimizationInputs/$(System.TeamProject)/$(Build.Repository.Name) - ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }} - AccessToken: $(System.AccessToken) - displayName: ๐Ÿ”ง Install OptProf Plugin - - - task: MicroBuildSigningPlugin@4 - inputs: - signType: Test - zipSources: false - displayName: ๐Ÿ”ง Install MicroBuild Signing Plugin - - - ${{ if parameters.EnableLocalization }}: - - task: MicroBuildLocalizationPlugin@4 - inputs: - languages: $(LocLanguages) - displayName: ๐Ÿ”ง Install MicroBuild Localization Plugin diff --git a/azure-pipelines/vs-insertion-script.ps1 b/azure-pipelines/vs-insertion-script.ps1 new file mode 100644 index 000000000..53076254f --- /dev/null +++ b/azure-pipelines/vs-insertion-script.ps1 @@ -0,0 +1,17 @@ +# List of build artifact files [Source => Destination] to be committed into the VS repo. +$FilesToCommit = @{ + "$env:PROFILINGINPUTSPROPSNAME" = "src/Tests/config/runsettings/Official/OptProf/External/$env:PROFILINGINPUTSPROPSNAME"; +} + +foreach ($File in $FilesToCommit.GetEnumerator()) { + $SourcePath = Join-Path $PSScriptRoot $File.Key + if (Test-Path $SourcePath) { + $DestinationPath = Join-Path (Get-Location) $File.Value + Write-Host "Copying $SourcePath to $DestinationPath" + Copy-Item -Path $SourcePath -Destination $DestinationPath + git add $DestinationPath + } + else { + Write-Host "$SourcePath is not present, skipping" + } +} diff --git a/azure-pipelines/vs-insertion.yml b/azure-pipelines/vs-insertion.yml index bb5332ec9..e9cb17814 100644 --- a/azure-pipelines/vs-insertion.yml +++ b/azure-pipelines/vs-insertion.yml @@ -65,6 +65,7 @@ extends: InsertionPayloadName: $(Build.Repository.Name) $(Build.BuildNumber) InsertionBuildPolicies: Request Perf DDRITs InsertionReviewers: $(Build.RequestedFor) # Append `,Your team name` (without quotes) + CustomScriptExecutionCommand: $(Pipeline.Workspace)\CI\VSInsertion-Windows\vs-insertion-script.ps1 AutoCompletePR: true AutoCompleteMergeStrategy: Squash ShallowClone: true diff --git a/azure-pipelines/vs-validation.yml b/azure-pipelines/vs-validation.yml index bd6a0aaf5..c03fdaa00 100644 --- a/azure-pipelines/vs-validation.yml +++ b/azure-pipelines/vs-validation.yml @@ -105,7 +105,7 @@ extends: InsertionPayloadName: $(Build.Repository.Name) VALIDATION BUILD $(Build.BuildNumber) ($(Build.SourceBranch)) [Skip-SymbolCheck] [Skip-HashCheck] [Skip-SignCheck] InsertionDescription: | This PR is for **validation purposes only** for !$(System.PullRequest.PullRequestId). **Do not complete**. - CustomScriptExecutionCommand: src/VSSDK/NuGet/AllowUnstablePackages.ps1 + CustomScriptExecutionCommand: $(Pipeline.Workspace)\VSInsertion-Windows\vs-insertion-script.ps1; src\VSSDK\NuGet\AllowUnstablePackages.ps1 InsertionBuildPolicies: Request Perf DDRITs InsertionReviewers: $(Build.RequestedFor) DraftPR: false # set to true and update InsertionBuildPolicy when we can specify all the validations we want to run (https://dev.azure.com/devdiv/DevDiv/_workitems/edit/2224288) diff --git a/src/OptProf.targets b/src/OptProf.targets index d0167d7c1..0757df215 100644 --- a/src/OptProf.targets +++ b/src/OptProf.targets @@ -2,14 +2,12 @@ IBC - Common7\IDE\PrivateAssemblies\$(TargetFileName) + Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Threading.17.x\$(TargetFileName) /ExeConfig:"%VisualStudio.InstallationUnderTest.Path%\Common7\IDE\vsn.exe" - - - + + - diff --git a/src/VSInsertionMetadata/Library.VSInsertionMetadata.proj b/src/VSInsertionMetadata/Library.VSInsertionMetadata.proj deleted file mode 100644 index 0caaedb94..000000000 --- a/src/VSInsertionMetadata/Library.VSInsertionMetadata.proj +++ /dev/null @@ -1,11 +0,0 @@ - - - netstandard2.0 - true - $(RepoRootPath)bin\Packages\$(Configuration)\VSRepo\ - false - false - Contains metadata for insertion into VS. - - - diff --git a/src/VSInsertionMetadata/ProfilingInputs.props b/src/VSInsertionMetadata/ProfilingInputs.props deleted file mode 100644 index fb19d6048..000000000 --- a/src/VSInsertionMetadata/ProfilingInputs.props +++ /dev/null @@ -1,5 +0,0 @@ - - - - - diff --git a/src/VSInsertionMetadata/VSInsertionMetadata.targets b/src/VSInsertionMetadata/VSInsertionMetadata.targets deleted file mode 100644 index 84ebb5a88..000000000 --- a/src/VSInsertionMetadata/VSInsertionMetadata.targets +++ /dev/null @@ -1,71 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - $(TargetsForTfmSpecificContentInPackage); - SubstituteProfilingInputsMacro; - - - - - - - - - - - - - - - - - - - - - - $(PackageVersion).$(Build_BuildId) - - - - - - diff --git a/tools/artifacts/VSInsertion.ps1 b/tools/artifacts/VSInsertion.ps1 index a5b940b5d..700b24f69 100644 --- a/tools/artifacts/VSInsertion.ps1 +++ b/tools/artifacts/VSInsertion.ps1 @@ -19,6 +19,10 @@ if (!$BuildConfiguration) { $PackagesRoot = "$RepoRoot/bin/Packages/$BuildConfiguration" $NuGetPackages = "$PackagesRoot/NuGet" $VsixPackages = "$PackagesRoot/Vsix" +$AzurePipelinesPath = "$RepoRoot/azure-pipelines" +if ($env:BUILD_ARTIFACTSTAGINGDIRECTORY) { + $InsertionOutputs = "$env:BUILD_ARTIFACTSTAGINGDIRECTORY/InsertionOutputs" +} if (!(Test-Path $NuGetPackages) -and !(Test-Path $VsixPackages)) { Write-Warning "Skipping because NuGet and VSIX packages haven't been built yet." @@ -26,16 +30,16 @@ if (!(Test-Path $NuGetPackages) -and !(Test-Path $VsixPackages)) { } $result = @{ - "$NuGetPackages" = (Get-ChildItem $NuGetPackages -Recurse) + "$AzurePipelinesPath" = (Get-ChildItem "$AzurePipelinesPath/vs-insertion-script.ps1"); + "$NuGetPackages" = (Get-ChildItem $NuGetPackages -Recurse); } if (Test-Path $VsixPackages) { $result["$PackagesRoot"] += Get-ChildItem $VsixPackages -Recurse } -if ($env:IsOptProf) { - $VSRepoPackages = "$PackagesRoot/VSRepo" - $result["$VSRepoPackages"] = (Get-ChildItem "$VSRepoPackages\*.VSInsertionMetadata.*.nupkg"); +if ($InsertionOutputs -and $env:PROFILINGINPUTSPROPSNAME -and (Test-Path "$InsertionOutputs/$env:PROFILINGINPUTSPROPSNAME")) { + $result[$InsertionOutputs] = (Get-ChildItem "$InsertionOutputs/$env:PROFILINGINPUTSPROPSNAME"); # OptProf ProfilingInputs } $result diff --git a/tools/variables/ProfilingInputsPropsName.ps1 b/tools/variables/ProfilingInputsPropsName.ps1 new file mode 100644 index 000000000..e66cce0ca --- /dev/null +++ b/tools/variables/ProfilingInputsPropsName.ps1 @@ -0,0 +1,6 @@ +if ($env:SYSTEM_TEAMPROJECT) { + $repoName = $env:BUILD_REPOSITORY_NAME.Replace('/', '.') + "$env:SYSTEM_TEAMPROJECT.$repoName.props" +} else { + Write-Warning "No Azure Pipelines build detected. No Azure Pipelines drop name will be computed." +} From a23eb8db15455b3dd935f85bca1eb71a86aef416 Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Tue, 2 Dec 2025 10:38:04 -0700 Subject: [PATCH 08/15] Merge pull request 447 to Build on newer agents --- .github/workflows/build.yml | 6 +++--- Expand-Template.ps1 | 2 +- azure-pipelines/build.yml | 6 +++--- azure-pipelines/expand-template.yml | 12 ++++++++++++ 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 376a52ff9..b37961005 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -23,9 +23,9 @@ jobs: fail-fast: false matrix: os: - - ubuntu-22.04 - - macos-14 - - windows-2022 + - ubuntu-24.04 + - macOS-15 + - windows-2025 steps: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 diff --git a/Expand-Template.ps1 b/Expand-Template.ps1 index 39bbd2cf0..568ee7999 100755 --- a/Expand-Template.ps1 +++ b/Expand-Template.ps1 @@ -52,7 +52,7 @@ function Replace-Placeholders { $sn = Get-Command sn -ErrorAction SilentlyContinue if (-not $sn) { if ($IsMacOS -or $IsLinux) { - Write-Error "sn command not found on PATH. Install mono and/or vote up this issue: https://github.com/dotnet/sdk/issues/13560" + Write-Error 'sn command not found on PATH. Install mono, use "sudo apt-get install strong-name-tool" and/or vote up this issue: https://github.com/dotnet/sdk/issues/13560' exit(1) } $snExes = Get-ChildItem -Recurse "${env:ProgramFiles(x86)}\Microsoft SDKs\Windows\sn.exe" diff --git a/azure-pipelines/build.yml b/azure-pipelines/build.yml index 5c106ade4..7d808edeb 100644 --- a/azure-pipelines/build.yml +++ b/azure-pipelines/build.yml @@ -2,7 +2,7 @@ parameters: - name: windowsPool type: object default: - vmImage: windows-2022 + vmImage: windows-2025 - name: includeMacOS type: boolean - name: RunTests @@ -28,7 +28,7 @@ jobs: - job: Linux pool: - vmImage: Ubuntu-22.04 + vmImage: ubuntu-24.04 steps: - checkout: self fetchDepth: 0 # avoid shallow clone so nbgv can do its work. @@ -46,7 +46,7 @@ jobs: - job: macOS condition: ${{ parameters.includeMacOS }} pool: - vmImage: macOS-14 + vmImage: macOS-15 steps: - checkout: self fetchDepth: 0 # avoid shallow clone so nbgv can do its work. diff --git a/azure-pipelines/expand-template.yml b/azure-pipelines/expand-template.yml index d843f1eac..3f4897b8d 100644 --- a/azure-pipelines/expand-template.yml +++ b/azure-pipelines/expand-template.yml @@ -6,6 +6,18 @@ steps: - powershell: | git config user.name "test user" git config user.email "andrewarnott@gmail.com" + if ($IsLinux) { + Write-Host "##[group]strong-name-tool installation" + Write-Host "##[command]sudo apt-get install strong-name-tool" + sudo apt-get install strong-name-tool 2>&1 + Write-Host "##[endgroup]" + } + if ($IsMacOS) { + Write-Host "##[group]mono installation" + Write-Host "##[command]brew install mono" + brew install mono 2>&1 + Write-Host "##[endgroup]" + } ./Expand-Template.ps1 -LibraryName Calc -Author "Andrew Arnott" displayName: ๐Ÿงช Expanding template failOnStderr: true From 064bff7e1380cbfab683d3d424b3360b4d6c2395 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 17:45:23 +0000 Subject: [PATCH 09/15] Update actions/checkout digest to 8e8c483 (448) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 4 ++-- .github/workflows/copilot-setup-steps.yml | 2 +- .github/workflows/docs.yml | 2 +- .github/workflows/libtemplate-update.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b37961005..11a8eb3b5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,7 +28,7 @@ jobs: - windows-2025 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. - name: โš™ Install prerequisites @@ -75,7 +75,7 @@ jobs: name: ๐Ÿ“ƒ Docs runs-on: ubuntu-latest steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - name: ๐Ÿ”— Markup Link Checker (mlc) uses: becheran/mlc@18a06b3aa2901ca197de59c8b0b1f54fdba6b3fa # v1.0.0 with: diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index 8bbf7b077..6a88e0c5d 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -26,7 +26,7 @@ jobs: # You can define any steps you want, and they will run before the agent starts. # If you do not check out your code, Copilot will do this for you. steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. - name: โš™ Install prerequisites diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 28313d12a..adeffee4a 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -24,7 +24,7 @@ jobs: url: ${{ steps.deployment.outputs.page_url }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. - name: โš™ Install prerequisites diff --git a/.github/workflows/libtemplate-update.yml b/.github/workflows/libtemplate-update.yml index f7d0b54e4..800279bb5 100644 --- a/.github/workflows/libtemplate-update.yml +++ b/.github/workflows/libtemplate-update.yml @@ -17,7 +17,7 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. From 35aa4d135f4050acec3a35cab0cf57a1512faad5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 17:50:00 +0000 Subject: [PATCH 10/15] Update actions/checkout digest --- .github/workflows/copilot-setup-steps.yml | 2 +- .github/workflows/docs.yml | 2 +- .github/workflows/docs_validate.yml | 2 +- .github/workflows/libtemplate-update.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index 8bbf7b077..6a88e0c5d 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -26,7 +26,7 @@ jobs: # You can define any steps you want, and they will run before the agent starts. # If you do not check out your code, Copilot will do this for you. steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. - name: โš™ Install prerequisites diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 28313d12a..adeffee4a 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -24,7 +24,7 @@ jobs: url: ${{ steps.deployment.outputs.page_url }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. - name: โš™ Install prerequisites diff --git a/.github/workflows/docs_validate.yml b/.github/workflows/docs_validate.yml index c3e76e550..ad00d50a3 100644 --- a/.github/workflows/docs_validate.yml +++ b/.github/workflows/docs_validate.yml @@ -13,7 +13,7 @@ jobs: name: ๐Ÿ“š Doc validation runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. - name: ๐Ÿ”— Markup Link Checker (mlc) diff --git a/.github/workflows/libtemplate-update.yml b/.github/workflows/libtemplate-update.yml index f7d0b54e4..800279bb5 100644 --- a/.github/workflows/libtemplate-update.yml +++ b/.github/workflows/libtemplate-update.yml @@ -17,7 +17,7 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. From 498462f89919dfd07cfad1ab6f1edbdc39d2ccc2 Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Tue, 2 Dec 2025 12:48:51 -0700 Subject: [PATCH 11/15] Build on VS2026 agents --- azure-pipelines/OptProf.yml | 4 ++-- azure-pipelines/archive-sourcecode.yml | 2 +- azure-pipelines/official.yml | 4 ++-- azure-pipelines/prepare-insertion-stages.yml | 2 +- azure-pipelines/release.yml | 2 +- azure-pipelines/unofficial.yml | 4 ++-- azure-pipelines/vs-insertion.yml | 4 ++-- azure-pipelines/vs-validation.yml | 6 +++--- 8 files changed, 14 insertions(+), 14 deletions(-) diff --git a/azure-pipelines/OptProf.yml b/azure-pipelines/OptProf.yml index 515e72a3e..cc3df69e9 100644 --- a/azure-pipelines/OptProf.yml +++ b/azure-pipelines/OptProf.yml @@ -43,7 +43,7 @@ stages: parameters: Is1ESPT: false RealSign: false - windowsPool: VSEngSS-MicroBuild2022-1ES + windowsPool: VSEng-MicroBuildVSStable EnableMacOSBuild: false ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }} IsOptProf: true @@ -52,7 +52,7 @@ stages: - stage: QueueVSBuild jobs: - job: QueueOptProf - pool: VSEngSS-MicroBuild2022-1ES + pool: VSEng-MicroBuildVSStable variables: InsertPayloadName: LibraryName InsertTopicBranch: team/VS-IDE/LibraryName-OptProf-run-$(Build.BuildId) diff --git a/azure-pipelines/archive-sourcecode.yml b/azure-pipelines/archive-sourcecode.yml index 7f35de40c..ee349e5b0 100644 --- a/azure-pipelines/archive-sourcecode.yml +++ b/azure-pipelines/archive-sourcecode.yml @@ -38,7 +38,7 @@ extends: settings: networkIsolationPolicy: Permissive,CFSClean sdl: - sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES + sourceAnalysisPool: VSEng-MicroBuildVSStable stages: - stage: archive diff --git a/azure-pipelines/official.yml b/azure-pipelines/official.yml index d5571b0df..11718380f 100644 --- a/azure-pipelines/official.yml +++ b/azure-pipelines/official.yml @@ -48,7 +48,7 @@ extends: settings: networkIsolationPolicy: Permissive,CFSClean sdl: - sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES + sourceAnalysisPool: VSEng-MicroBuildVSStable codeSignValidation: enabled: true break: true @@ -72,7 +72,7 @@ extends: RealSign: true # ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }} EnableAPIScan: ${{ parameters.EnableAPIScan }} - windowsPool: VSEngSS-MicroBuild2022-1ES + windowsPool: VSEng-MicroBuildVSStable linuxPool: name: AzurePipelines-EO demands: diff --git a/azure-pipelines/prepare-insertion-stages.yml b/azure-pipelines/prepare-insertion-stages.yml index fdce906aa..9f934f92c 100644 --- a/azure-pipelines/prepare-insertion-stages.yml +++ b/azure-pipelines/prepare-insertion-stages.yml @@ -17,7 +17,7 @@ stages: - ${{ if parameters.ArchiveSymbols }}: - job: symbol_archive displayName: Archive symbols - pool: VSEngSS-MicroBuild2022-1ES + pool: VSEng-MicroBuildVSStable variables: ONEES_ENFORCED_CODEQL_ENABLED: false # CodeQL runs on build stages, we don't need it here steps: diff --git a/azure-pipelines/release.yml b/azure-pipelines/release.yml index aea1a2d9b..38e9a3bad 100644 --- a/azure-pipelines/release.yml +++ b/azure-pipelines/release.yml @@ -23,7 +23,7 @@ extends: settings: networkIsolationPolicy: Permissive,CFSClean sdl: - sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES + sourceAnalysisPool: VSEng-MicroBuildVSStable stages: - stage: release diff --git a/azure-pipelines/unofficial.yml b/azure-pipelines/unofficial.yml index 5796f7821..64905a855 100644 --- a/azure-pipelines/unofficial.yml +++ b/azure-pipelines/unofficial.yml @@ -58,7 +58,7 @@ extends: settings: networkIsolationPolicy: Permissive,CFSClean sdl: - sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES + sourceAnalysisPool: VSEng-MicroBuildVSStable credscan: enabled: false suppression: @@ -85,7 +85,7 @@ extends: RealSign: false # ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }} EnableAPIScan: ${{ parameters.EnableAPIScan }} - windowsPool: VSEngSS-MicroBuild2022-1ES + windowsPool: VSEng-MicroBuildVSStable linuxPool: name: AzurePipelines-EO demands: diff --git a/azure-pipelines/vs-insertion.yml b/azure-pipelines/vs-insertion.yml index bb5332ec9..e4a4424b8 100644 --- a/azure-pipelines/vs-insertion.yml +++ b/azure-pipelines/vs-insertion.yml @@ -25,14 +25,14 @@ extends: settings: networkIsolationPolicy: Permissive,CFSClean sdl: - sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES + sourceAnalysisPool: VSEng-MicroBuildVSStable stages: - stage: insertion jobs: - job: insertion displayName: VS insertion - pool: VSEngSS-MicroBuild2022-1ES + pool: VSEng-MicroBuildVSStable templateContext: outputParentDirectory: $(Pipeline.Workspace)/CI steps: diff --git a/azure-pipelines/vs-validation.yml b/azure-pipelines/vs-validation.yml index 92f84cc08..a553455c0 100644 --- a/azure-pipelines/vs-validation.yml +++ b/azure-pipelines/vs-validation.yml @@ -29,7 +29,7 @@ extends: settings: networkIsolationPolicy: Permissive,CFSClean sdl: - sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES + sourceAnalysisPool: VSEng-MicroBuildVSStable credscan: enabled: false @@ -46,7 +46,7 @@ extends: Is1ESPT: true RealSign: false # ShouldSkipOptimize: ${{ parameters.ShouldSkipOptimize }} - windowsPool: VSEngSS-MicroBuild2022-1ES + windowsPool: VSEng-MicroBuildVSStable linuxPool: name: AzurePipelines-EO demands: @@ -70,7 +70,7 @@ extends: jobs: - job: insertion displayName: VS insertion - pool: VSEngSS-MicroBuild2022-1ES + pool: VSEng-MicroBuildVSStable steps: - checkout: self clean: true From 26355f20e7a52cbe38e81f7d98e3cf040df04275 Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Tue, 2 Dec 2025 15:21:37 -0700 Subject: [PATCH 12/15] Better pinning of GitHub Actions --- .github/renovate.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/renovate.json b/.github/renovate.json index c8b723c8c..c97d97791 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -1,6 +1,6 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": ["config:best-practices"], + "extends": ["config:best-practices","helpers:pinGitHubActionDigestsToSemver"], "labels": ["dependencies"], "packageRules": [ { From 4548135503611f9115cc961e4ec643cfafc8ba0c Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Tue, 2 Dec 2025 13:28:02 -0700 Subject: [PATCH 13/15] Exclude `vs-insertion-script.ps1` from signing requirement --- azure-pipelines/official.yml | 2 +- azure-pipelines/unofficial.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/azure-pipelines/official.yml b/azure-pipelines/official.yml index 54049629a..5c14d1423 100644 --- a/azure-pipelines/official.yml +++ b/azure-pipelines/official.yml @@ -52,7 +52,7 @@ extends: codeSignValidation: enabled: true break: true - additionalTargetsGlobPattern: -|Variables-*\*.ps1;-|LocBin-*\**;-|APIScanInputs-*\**;-|test_symbols-*\**;-|MicroBuild\** + additionalTargetsGlobPattern: -|Variables-*\*.ps1;-|LocBin-*\**;-|APIScanInputs-*\**;-|test_symbols-*\**;-|MicroBuild\**;-|$(Build.ArtifactStagingDirectory)\VSInsertion-Windows\vs-insertion-script.ps1 policheck: enabled: true exclusionsFile: $(System.DefaultWorkingDirectory)\azure-pipelines\PoliCheckExclusions.xml diff --git a/azure-pipelines/unofficial.yml b/azure-pipelines/unofficial.yml index bc2e88e0f..6097512c7 100644 --- a/azure-pipelines/unofficial.yml +++ b/azure-pipelines/unofficial.yml @@ -67,7 +67,7 @@ extends: codeSignValidation: enabled: ${{ parameters.EnableProductionSDL }} break: true - additionalTargetsGlobPattern: -|Variables-*\*.ps1;-|APIScanInputs-*\**;-|test_symbols-*\**;-|MicroBuild\** + additionalTargetsGlobPattern: -|Variables-*\*.ps1;-|APIScanInputs-*\**;-|test_symbols-*\**;-|MicroBuild\**;-|$(Build.ArtifactStagingDirectory)\VSInsertion-Windows\vs-insertion-script.ps1 policyFile: $(MBSIGN_APPFOLDER)\CSVTestSignPolicy.xml policheck: enabled: ${{ parameters.EnableProductionSDL }} From 5beff9213afc4fda78fb7189fdb2d1d46d7b9f5c Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Tue, 2 Dec 2025 18:21:32 -0700 Subject: [PATCH 14/15] Skip SBOM generation for the vs-insertion pipeline --- azure-pipelines/vs-insertion.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/azure-pipelines/vs-insertion.yml b/azure-pipelines/vs-insertion.yml index bb5332ec9..068580c24 100644 --- a/azure-pipelines/vs-insertion.yml +++ b/azure-pipelines/vs-insertion.yml @@ -26,6 +26,8 @@ extends: networkIsolationPolicy: Permissive,CFSClean sdl: sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES + sbom: + enabled: false stages: - stage: insertion From b09c6e5524c0767461d10daa5b077d22db4033c9 Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Wed, 3 Dec 2025 17:02:42 -0700 Subject: [PATCH 15/15] Remove vs-threading specific change --- src/OptProf.targets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OptProf.targets b/src/OptProf.targets index 0757df215..b99753b4b 100644 --- a/src/OptProf.targets +++ b/src/OptProf.targets @@ -2,7 +2,7 @@ IBC - Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Threading.17.x\$(TargetFileName) + Common7\IDE\PrivateAssemblies\$(TargetFileName) /ExeConfig:"%VisualStudio.InstallationUnderTest.Path%\Common7\IDE\vsn.exe"