diff --git a/.editorconfig b/.editorconfig index efe9133c8ff..72707109516 100644 --- a/.editorconfig +++ b/.editorconfig @@ -103,6 +103,8 @@ dotnet_naming_style.camel_case_underscore_style.capitalization = camel_case # Suggest more modern language features when available dotnet_style_object_initializer = true:suggestion dotnet_style_collection_initializer = true:suggestion +# Background Info: https://github.com/dotnet/runtime/pull/100250 +dotnet_style_prefer_collection_expression = when_types_exactly_match dotnet_style_coalesce_expression = true:suggestion dotnet_style_null_propagation = true:suggestion dotnet_style_explicit_tuple_names = true:suggestion @@ -117,6 +119,13 @@ csharp_prefer_simple_default_expression = true:suggestion dotnet_code_quality_unused_parameters = non_public:suggestion +# Dotnet diagnostic settings: +[*.cs] + +# CA1859: Use concrete types when possible for improved performance +# https://learn.microsoft.com/en-gb/dotnet/fundamentals/code-analysis/quality-rules/ca1859 +dotnet_diagnostic.CA1859.severity = suggestion + # CSharp code style settings: [*.cs] diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 7996891b5f7..fdb18f82c9d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,57 +1,6 @@ version: 2 updates: - - package-ecosystem: "nuget" - directory: "/" - schedule: - interval: "daily" - labels: - - "CL-BuildPackaging" - ignore: - - dependency-name: "System.*" - - dependency-name: "Microsoft.Win32.Registry.AccessControl" - - dependency-name: "Microsoft.Windows.Compatibility" - - - package-ecosystem: "nuget" - directory: "/tools/packaging/projects/reference/Microsoft.PowerShell.Commands.Utility" - schedule: - interval: "daily" - labels: - - "CL-BuildPackaging" - ignore: - - dependency-name: "System.*" - - dependency-name: "Microsoft.Win32.Registry.AccessControl" - - dependency-name: "Microsoft.Windows.Compatibility" - - - package-ecosystem: "nuget" - directory: "/tools/packaging/projects/reference/System.Management.Automation" - schedule: - interval: "daily" - labels: - - "CL-BuildPackaging" - ignore: - - dependency-name: "System.*" - - dependency-name: "Microsoft.Win32.Registry.AccessControl" - - dependency-name: "Microsoft.Windows.Compatibility" - - - package-ecosystem: "nuget" - directory: "/test/tools/Modules" - schedule: - interval: "daily" - labels: - - "CL-BuildPackaging" - ignore: - - dependency-name: "System.*" - - dependency-name: "Microsoft.Win32.Registry.AccessControl" - - dependency-name: "Microsoft.Windows.Compatibility" - - - package-ecosystem: "nuget" - directory: "/src/Modules" - schedule: - interval: "daily" - labels: - - "CL-BuildPackaging" - - package-ecosystem: "github-actions" directory: "/" schedule: diff --git a/.github/workflows/AssignPrs.yml b/.github/workflows/AssignPrs.yml index d398cd7cffe..a01c0bb0950 100644 --- a/.github/workflows/AssignPrs.yml +++ b/.github/workflows/AssignPrs.yml @@ -7,6 +7,7 @@ permissions: jobs: run: + if: github.repository_owner == 'PowerShell' runs-on: ubuntu-latest permissions: issues: write diff --git a/.github/workflows/createReminders.yml b/.github/workflows/createReminders.yml index 3e8c0180b3d..d9c4da0efb7 100644 --- a/.github/workflows/createReminders.yml +++ b/.github/workflows/createReminders.yml @@ -9,6 +9,8 @@ permissions: jobs: reminder: + if: github.repository_owner == 'PowerShell' + permissions: issues: write # for agrc/create-reminder-action to set reminders on issues pull-requests: write # for agrc/create-reminder-action to set reminders on PRs @@ -16,4 +18,4 @@ jobs: steps: - name: check for reminder - uses: agrc/create-reminder-action@1bc8a409a8b377b781b2be426be54067b7a2dcab # v1.1.16 + uses: agrc/create-reminder-action@9ff30cde74284045941af16a04362938957253b1 # v1.1.17 diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml new file mode 100644 index 00000000000..a580c1f5185 --- /dev/null +++ b/.github/workflows/labels.yml @@ -0,0 +1,31 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +name: Verify PR Labels + +on: + pull_request: + types: [opened, reopened, edited, labeled, unlabeled, synchronize] + +permissions: + contents: read + pull-requests: read + +jobs: + verify-labels: + if: startsWith(github.repository_owner, 'azure') || github.repository_owner == 'PowerShell' + runs-on: ubuntu-latest + + steps: + - name: Check out the repository + uses: actions/checkout@v4 + + - name: Verify PR has label starting with 'cl-' + id: verify-labels + uses: actions/github-script@v7 + with: + script: | + const labels = context.payload.pull_request.labels.map(label => label.name.toLowerCase()); + if (!labels.some(label => label.startsWith('cl-'))) { + core.setFailed("Every PR must have at least one label starting with 'cl-'."); + } diff --git a/.github/workflows/linux-ci.yml b/.github/workflows/linux-ci.yml index 68b651c7e46..54282fc62f6 100644 --- a/.github/workflows/linux-ci.yml +++ b/.github/workflows/linux-ci.yml @@ -37,6 +37,7 @@ env: system_debug: 'false' jobs: changes: + if: startsWith(github.repository_owner, 'azure') || github.repository_owner == 'PowerShell' name: Change Detection runs-on: ubuntu-latest # Required permissions @@ -47,10 +48,10 @@ jobs: source: ${{ steps.filter.outputs.source }} steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 # For pull requests it's not necessary to checkout the code - - uses: dorny/paths-filter@v3 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.2.0 id: filter with: list-files: json @@ -69,12 +70,12 @@ jobs: ci_build: name: Build PowerShell - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest needs: changes if: ${{ needs.changes.outputs.source == 'true' }} steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 @@ -86,10 +87,10 @@ jobs: - ci_build - changes if: ${{ needs.changes.outputs.source == 'true' }} - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: Linux Unelevated CI @@ -103,10 +104,10 @@ jobs: - ci_build - changes if: ${{ needs.changes.outputs.source == 'true' }} - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: Linux Elevated CI @@ -120,10 +121,10 @@ jobs: - ci_build - changes if: ${{ needs.changes.outputs.source == 'true' }} - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: Linux Unelevated Others @@ -137,10 +138,10 @@ jobs: - ci_build - changes if: ${{ needs.changes.outputs.source == 'true' }} - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: Linux Elevated Others @@ -157,7 +158,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: Verify xUnit test results @@ -194,7 +195,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -220,7 +221,7 @@ jobs: shell: pwsh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 ready_to_merge: name: Linux ready to merge @@ -232,7 +233,7 @@ jobs: - linux_test_unelevated_others - analyze if: always() - uses: PowerShell/compliance/.github/workflows/ready-to-merge.yml@master + uses: PowerShell/compliance/.github/workflows/ready-to-merge.yml@v1.0.0 with: needs_context: ${{ toJson(needs) }} # TODO: Enable this when we have a Linux packaging workflow @@ -247,7 +248,7 @@ jobs: # runs-on: ubuntu-20.04 # steps: # - name: checkout - # uses: actions/checkout@v4.1.0 + # uses: actions/checkout@v4 # with: # fetch-depth: 1000 # - name: Verify xUnit test results diff --git a/.github/workflows/macos-ci.yml b/.github/workflows/macos-ci.yml index b414afebfc9..fcb69332740 100644 --- a/.github/workflows/macos-ci.yml +++ b/.github/workflows/macos-ci.yml @@ -38,6 +38,7 @@ jobs: changes: name: Change Detection runs-on: ubuntu-latest + if: startsWith(github.repository_owner, 'azure') || github.repository_owner == 'PowerShell' # Required permissions permissions: pull-requests: read @@ -46,10 +47,10 @@ jobs: source: ${{ steps.filter.outputs.source }} steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 # For pull requests it's not necessary to checkout the code - - uses: dorny/paths-filter@v3 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.2.0 id: filter with: list-files: json @@ -73,7 +74,7 @@ jobs: if: ${{ needs.changes.outputs.source == 'true' }} steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: Build @@ -87,7 +88,7 @@ jobs: runs-on: macos-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: macOS Unelevated CI @@ -104,7 +105,7 @@ jobs: runs-on: macos-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: macOS Elevated CI @@ -121,7 +122,7 @@ jobs: runs-on: macos-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: macOS Unelevated Others @@ -138,7 +139,7 @@ jobs: runs-on: macos-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: macOS Elevated Others @@ -155,7 +156,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: Verify xUnit test results @@ -169,7 +170,7 @@ jobs: - macos-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 - name: Bootstrap packaging if: success() || failure() run: |- @@ -186,6 +187,6 @@ jobs: - macos_test_unelevated_ci - macos_test_unelevated_others if: always() - uses: PowerShell/compliance/.github/workflows/ready-to-merge.yml@master + uses: PowerShell/compliance/.github/workflows/ready-to-merge.yml@v1.0.0 with: needs_context: ${{ toJson(needs) }} diff --git a/.github/workflows/markdownLink.yml b/.github/workflows/markdownLink.yml index b451885acea..27e0f9eff5d 100644 --- a/.github/workflows/markdownLink.yml +++ b/.github/workflows/markdownLink.yml @@ -10,6 +10,8 @@ permissions: jobs: markdown-link-check: runs-on: ubuntu-latest + if: github.repository_owner == 'PowerShell' + steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1 @@ -31,7 +33,7 @@ jobs: # list of changed files within `super-linter` fetch-depth: 0 - name: Lint Markdown - uses: super-linter/super-linter@85f7611e0f7b53c8573cca84aa0ed4344f6f6a4d # v7.2.1 + uses: super-linter/super-linter@4e8a7c2bf106c4c766c816b35ec612638dc9b6b2 # v7.3.0 env: VALIDATE_ALL_CODEBASE: false DEFAULT_BRANCH: master diff --git a/.github/workflows/processReminders.yml b/.github/workflows/processReminders.yml index 82734c829d6..339234a3c56 100644 --- a/.github/workflows/processReminders.yml +++ b/.github/workflows/processReminders.yml @@ -10,6 +10,7 @@ permissions: jobs: reminder: + if: github.repository_owner == 'PowerShell' permissions: issues: write # for agrc/reminder-action to set reminders on issues pull-requests: write # for agrc/reminder-action to set reminders on PRs @@ -17,4 +18,4 @@ jobs: steps: - name: check reminders and notify - uses: agrc/reminder-action@45201302ec0071cce809a483111bda4cdc7d10f2 # v1.0.15 + uses: agrc/reminder-action@96f2ec2e1a7a53ead156504922e9bc36d64f49ee # v1.0.16 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 7651d3f1959..a8e136cc63f 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -20,6 +20,7 @@ permissions: read-all jobs: analysis: name: Scorecard analysis + if: github.repository_owner == 'PowerShell' runs-on: ubuntu-latest permissions: # Needed to upload the results to code-scanning dashboard. @@ -36,7 +37,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 with: results_file: results.sarif results_format: sarif @@ -58,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: SARIF file path: results.sarif @@ -66,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 with: sarif_file: results.sarif diff --git a/.github/workflows/windows-ci.yml b/.github/workflows/windows-ci.yml index c93983a765f..a18029bfbe0 100644 --- a/.github/workflows/windows-ci.yml +++ b/.github/workflows/windows-ci.yml @@ -39,6 +39,7 @@ jobs: changes: name: Change Detection runs-on: ubuntu-latest + if: startsWith(github.repository_owner, 'azure') || github.repository_owner == 'PowerShell' # Required permissions permissions: pull-requests: read @@ -47,10 +48,10 @@ jobs: source: ${{ steps.filter.outputs.source }} steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 # For pull requests it's not necessary to checkout the code - - uses: dorny/paths-filter@v3 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.2.0 id: filter with: list-files: json @@ -74,7 +75,7 @@ jobs: runs-on: windows-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: Build @@ -88,7 +89,7 @@ jobs: runs-on: windows-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: Windows Unelevated CI @@ -105,7 +106,7 @@ jobs: runs-on: windows-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: Windows Elevated CI @@ -122,7 +123,7 @@ jobs: runs-on: windows-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: Windows Unelevated Others @@ -139,7 +140,7 @@ jobs: runs-on: windows-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: Windows Elevated Others @@ -156,7 +157,7 @@ jobs: runs-on: windows-latest steps: - name: checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4 with: fetch-depth: 1000 - name: Verify xUnit test results @@ -170,6 +171,6 @@ jobs: - windows_test_unelevated_ci - windows_test_unelevated_others if: always() - uses: PowerShell/compliance/.github/workflows/ready-to-merge.yml@master + uses: PowerShell/compliance/.github/workflows/ready-to-merge.yml@v1.0.0 with: needs_context: ${{ toJson(needs) }} diff --git a/.pipelines/PowerShell-Coordinated_Packages-Official.yml b/.pipelines/PowerShell-Coordinated_Packages-Official.yml index 6c84067ce47..902c31f8a96 100644 --- a/.pipelines/PowerShell-Coordinated_Packages-Official.yml +++ b/.pipelines/PowerShell-Coordinated_Packages-Official.yml @@ -151,6 +151,8 @@ extends: value: $(Build.SourcesDirectory)\PowerShell\.config\tsaoptions.json - name: ob_signing_setup_enabled value: false + - name: ob_sdl_sbom_enabled + value: false steps: - checkout: self diff --git a/.pipelines/PowerShell-Packages-Official.yml b/.pipelines/PowerShell-Packages-Official.yml index 7fce394ca19..30b9e415215 100644 --- a/.pipelines/PowerShell-Packages-Official.yml +++ b/.pipelines/PowerShell-Packages-Official.yml @@ -51,7 +51,7 @@ variables: - name: ob_outputDirectory value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' - name: WindowsContainerImage - value: 'onebranch.azurecr.io/windows/ltsc2019/vse2022:latest' # Docker image which is used to build the project + value: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest' # Docker image which is used to build the project - name: LinuxContainerImage value: mcr.microsoft.com/onebranch/cbl-mariner/build:2.0 - group: mscodehub-feed-read-general @@ -64,7 +64,7 @@ variables: resources: pipelines: - pipeline: CoOrdinatedBuildPipeline - source: 'PowerShell-Coordinated Packages-Official' + source: 'PowerShell-Coordinated Binaries-Official' trigger: branches: include: @@ -83,6 +83,9 @@ extends: cloudvault: enabled: false featureFlags: + WindowsHostVersion: + Version: 2022 + Network: KS3 linuxEsrpSigning: true globalSdl: disableLegacyManifest: true diff --git a/.pipelines/PowerShell-Release-Official-Azure.yml b/.pipelines/PowerShell-Release-Official-Azure.yml index acba669ffa3..2d644c7a5dd 100644 --- a/.pipelines/PowerShell-Release-Official-Azure.yml +++ b/.pipelines/PowerShell-Release-Official-Azure.yml @@ -56,7 +56,7 @@ resources: pipelines: - pipeline: CoOrdinatedBuildPipeline - source: 'PowerShell-Coordinated Packages-Official' + source: 'PowerShell-Coordinated Binaries-Official' - pipeline: PSPackagesOfficial source: 'PowerShell-Packages-Official' diff --git a/.pipelines/PowerShell-Release-Official.yml b/.pipelines/PowerShell-Release-Official.yml index 335ef4f71d3..bb83c98ae81 100644 --- a/.pipelines/PowerShell-Release-Official.yml +++ b/.pipelines/PowerShell-Release-Official.yml @@ -72,7 +72,7 @@ resources: pipelines: - pipeline: CoOrdinatedBuildPipeline - source: 'PowerShell-Coordinated Packages-Official' + source: 'PowerShell-Coordinated Binaries-Official' - pipeline: PSPackagesOfficial source: 'PowerShell-Packages-Official' diff --git a/.pipelines/PowerShell-vPack-Official.yml b/.pipelines/PowerShell-vPack-Official.yml index c2dcfc49735..8a3679d1210 100644 --- a/.pipelines/PowerShell-vPack-Official.yml +++ b/.pipelines/PowerShell-vPack-Official.yml @@ -142,18 +142,27 @@ extends: $vstsCommandString = "vso[task.setvariable variable=PackageArtifactName]$packageArtifactName" Write-Host "sending " + $vstsCommandString Write-Host "##$vstsCommandString" - displayName: 'Set package artifact name' + + $packageArtifactPath = '$(Pipeline.Workspace)\PSPackagesOfficial' + $vstsCommandString = "vso[task.setvariable variable=PackageArtifactPath]$packageArtifactPath" + Write-Host "sending " + $vstsCommandString + Write-Host "##$vstsCommandString" + displayName: 'Set package artifact variables' - download: PSPackagesOfficial artifact: $(PackageArtifactName) displayName: Download package - - pwsh: 'Get-ChildItem $(System.ArtifactsDirectory)\* -recurse | Select-Object -ExpandProperty Name' + - pwsh: 'Get-ChildItem $(PackageArtifactPath)\* -recurse | Select-Object -ExpandProperty Name' displayName: 'Capture Artifact Listing' - pwsh: | $message = @() - Get-ChildItem $(System.ArtifactsDirectory)\* -recurse -include *.zip, *.msi | ForEach-Object { + $packages = Get-ChildItem $(PackageArtifactPath)\* -recurse -include *.zip, *.msi + + if($packages.count -eq 0) {throw "No packages found in $(PackageArtifactPath)"} + + $packages | ForEach-Object { if($_.Name -notmatch 'PowerShell-\d+\.\d+\.\d+\-([a-z]*.\d+\-)?win\-(fxdependent|x64|arm64|x86|fxdependentWinDesktop)\.(msi|zip){1}') { $messageInstance = "$($_.Name) is not a valid package name" @@ -166,7 +175,7 @@ extends: displayName: 'Validate Zip and MSI Package Names' - pwsh: | - Get-ChildItem $(System.ArtifactsDirectory)\* -recurse -include *.zip, *.msi | ForEach-Object { + Get-ChildItem $(PackageArtifactPath)\* -recurse -include *.zip | ForEach-Object { if($_.Name -match 'PowerShell-\d+\.\d+\.\d+\-([a-z]*.\d+\-)?win\-(${{ parameters.architecture }})\.(zip){1}') { Expand-Archive -Path $_.FullName -DestinationPath $(ob_outputDirectory) @@ -197,7 +206,11 @@ extends: - pwsh: | Write-Verbose "VPack Version: $(ob_createvpack_version)" -Verbose - Get-ChildItem -Path $(ob_outputDirectory)\* -Recurse + $vpackFiles = Get-ChildItem -Path $(ob_outputDirectory)\* -Recurse + if($vpackFiles.Count -eq 0) { + throw "No files found in $(ob_outputDirectory)" + } + $vpackFiles displayName: Debug Output Directory and Version condition: succeededOrFailed() @@ -207,5 +220,5 @@ extends: command: 'sign' signing_environment: 'azure-ado' cp_code: $(windows_build_tools_cert_id) - files_to_sign: '**/*.exe;**/*.dll;**/*.ps1;**/*.psm1' + files_to_sign: '**/*.exe;**/System.Management.Automation.dll' search_root: $(ob_outputDirectory) diff --git a/.pipelines/templates/checkAzureContainer.yml b/.pipelines/templates/checkAzureContainer.yml index a5ce2b1c666..a6a86214d07 100644 --- a/.pipelines/templates/checkAzureContainer.yml +++ b/.pipelines/templates/checkAzureContainer.yml @@ -51,22 +51,13 @@ jobs: } displayName: 'Check suppress.json' - # Needed as per FAQ here: https://eng.ms/docs/products/onebranch/build/troubleshootingfaqs - - task: PowerShell@2 - displayName: 'Update Az.Storage Module' - inputs: - targetType: 'inline' - script: | - Get-PackageProvider -Name NuGet -ForceBootstrap - Install-Module -Name Az.Storage -Verbose -Force -AllowClobber - Uninstall-AzureRm -Verbose - - task: AzurePowerShell@5 displayName: Check if blob exists and delete if specified inputs: azureSubscription: az-blob-cicd-infra scriptType: inlineScript - azurePowerShellVersion: latestVersion + azurePowerShellVersion: LatestVersion + pwsh: true inline: | $containersToDelete = @('$(AzureVersion)', '$(AzureVersion)-private', '$(AzureVersion)-nuget', '$(AzureVersion)-gc') diff --git a/.pipelines/templates/compliance/apiscan.yml b/.pipelines/templates/compliance/apiscan.yml index bfe97827801..4e945b40349 100644 --- a/.pipelines/templates/compliance/apiscan.yml +++ b/.pipelines/templates/compliance/apiscan.yml @@ -78,19 +78,6 @@ jobs: workingDirectory: '$(repoRoot)' retryCountOnTaskFailure: 2 - - pwsh: | - $modules = 'Az.Accounts', 'Az.Storage' - foreach($module in $modules) { - if(!(get-module $module -listavailable)) { - Write-Verbose "installing $module..." -verbose - Install-Module $module -force -AllowClobber - } else { - Write-Verbose "$module already installed." -verbose - } - } - displayName: Install PowerShell modules - workingDirectory: '$(repoRoot)' - - task: AzurePowerShell@5 displayName: Download winverify-private Artifacts inputs: diff --git a/.pipelines/templates/compliance/generateNotice.yml b/.pipelines/templates/compliance/generateNotice.yml index 9a00ed6f01d..b9d489795b1 100644 --- a/.pipelines/templates/compliance/generateNotice.yml +++ b/.pipelines/templates/compliance/generateNotice.yml @@ -95,29 +95,6 @@ jobs: Get-PackageProvider -Name NuGet -ForceBootstrap displayName: Initalize PowerShellGet - - powershell: | - $modules = 'Az.Accounts', 'Az.Storage' - foreach($module in $modules) { - if(!(get-module $module -listavailable)) { - Write-Verbose "installing $module..." -verbose - Install-Module $module -force -AllowClobber - } else { - Write-Verbose "$module already installed." -verbose - #Update-Module $module -verbose - } - } - displayName: Install PowerShell modules - - - powershell: | - if(Get-Command -Name Uninstall-AzureRm -ErrorAction Ignore){ - Write-Verbose "running Uninstall-AzureRm" -verbose - Uninstall-AzureRm - } else { - Write-Verbose "Uninstall-AzureRm not present" -verbose - } - displayName: Uninstall Uninstall-AzureRm - continueOnError: true - - task: AzurePowerShell@5 displayName: Upload Notice inputs: diff --git a/.pipelines/templates/nupkg.yml b/.pipelines/templates/nupkg.yml index c1f7616110c..dc43e841332 100644 --- a/.pipelines/templates/nupkg.yml +++ b/.pipelines/templates/nupkg.yml @@ -128,13 +128,13 @@ jobs: Start-PSBuild -Clean -Runtime linux-x64 -Configuration Release -ReleaseTag $(ReleaseTagVar) $sharedModules | Foreach-Object { - $refFile = Get-ChildItem -Path "$(PowerShellRoot)\src\$_\obj\Release\net9.0\refint\$_.dll" + $refFile = Get-ChildItem -Path "$(PowerShellRoot)\src\$_\obj\Release\net10.0\refint\$_.dll" Write-Verbose -Verbose "RefAssembly: $refFile" Copy-Item -Path $refFile -Destination "$refAssemblyFolder\$_.dll" -Verbose - $refDoc = "$(PowerShellRoot)\src\$_\bin\Release\net9.0\$_.xml" + $refDoc = "$(PowerShellRoot)\src\$_\bin\Release\net10.0\$_.xml" if (-not (Test-Path $refDoc)) { Write-Warning "$refDoc not found" - Get-ChildItem -Path "$(PowerShellRoot)\src\$_\bin\Release\net9.0\" | Out-String | Write-Verbose -Verbose + Get-ChildItem -Path "$(PowerShellRoot)\src\$_\bin\Release\net10.0\" | Out-String | Write-Verbose -Verbose } else { Copy-Item -Path $refDoc -Destination "$refAssemblyFolder\$_.xml" -Verbose @@ -144,13 +144,13 @@ jobs: Start-PSBuild -Clean -Runtime win7-x64 -Configuration Release -ReleaseTag $(ReleaseTagVar) $winOnlyModules | Foreach-Object { - $refFile = Get-ChildItem -Path "$(PowerShellRoot)\src\$_\obj\Release\net9.0\refint\*.dll" + $refFile = Get-ChildItem -Path "$(PowerShellRoot)\src\$_\obj\Release\net10.0\refint\*.dll" Write-Verbose -Verbose 'RefAssembly: $refFile' Copy-Item -Path $refFile -Destination "$refAssemblyFolder\$_.dll" -Verbose - $refDoc = "$(PowerShellRoot)\src\$_\bin\Release\net9.0\$_.xml" + $refDoc = "$(PowerShellRoot)\src\$_\bin\Release\net10.0\$_.xml" if (-not (Test-Path $refDoc)) { Write-Warning "$refDoc not found" - Get-ChildItem -Path "$(PowerShellRoot)\src\$_\bin\Release\net9.0" | Out-String | Write-Verbose -Verbose + Get-ChildItem -Path "$(PowerShellRoot)\src\$_\bin\Release\net10.0" | Out-String | Write-Verbose -Verbose } else { Copy-Item -Path $refDoc -Destination "$refAssemblyFolder\$_.xml" -Verbose diff --git a/.pipelines/templates/release-MakeBlobPublic.yml b/.pipelines/templates/release-MakeBlobPublic.yml index f11a0839e47..c8f12938d25 100644 --- a/.pipelines/templates/release-MakeBlobPublic.yml +++ b/.pipelines/templates/release-MakeBlobPublic.yml @@ -52,17 +52,6 @@ jobs: Get-ChildItem Env: displayName: 'Capture Environment Variables' - - pwsh: | - $azureRmModule = Get-InstalledModule AzureRM -ErrorAction SilentlyContinue -Verbose - if ($azureRmModule) { - Write-Host 'AzureRM module exists. Removing it' - Uninstall-AzureRm - Write-Host 'AzureRM module removed' - } - - Install-Module -Name Az.Storage -Force -AllowClobber -Scope CurrentUser -Verbose - displayName: Remove AzRM modules - - task: AzurePowerShell@5 displayName: Copy blobs to PSInfra storage inputs: @@ -150,17 +139,6 @@ jobs: Get-ChildItem Env: | Out-String -width 9999 -Stream | write-Verbose -Verbose displayName: 'Capture Environment Variables' - - pwsh: | - $azureRmModule = Get-InstalledModule AzureRM -ErrorAction SilentlyContinue -Verbose - if ($azureRmModule) { - Write-Host 'AzureRM module exists. Removing it' - Uninstall-AzureRm - Write-Host 'AzureRM module removed' - } - - Install-Module -Name Az.Storage -Force -AllowClobber -Scope CurrentUser -Verbose - displayName: Remove AzRM modules - - task: AzurePowerShell@5 displayName: Copy blobs to PSInfra storage inputs: diff --git a/.pipelines/templates/release-create-msix.yml b/.pipelines/templates/release-create-msix.yml index cdb86544baf..3714e623b5e 100644 --- a/.pipelines/templates/release-create-msix.yml +++ b/.pipelines/templates/release-create-msix.yml @@ -27,18 +27,6 @@ jobs: artifact: drop_windows_package_package_win_x86 displayName: Download x86 msix patterns: '**/*.msix' - - - pwsh: | - $azureRmModule = Get-InstalledModule AzureRM -ErrorAction SilentlyContinue -Verbose - if ($azureRmModule) { - Write-Host 'AzureRM module exists. Removing it' - Uninstall-AzureRm - Write-Host 'AzureRM module removed' - } - - Install-Module -Name Az.Storage -Force -AllowClobber -Scope CurrentUser -Verbose - displayName: Remove AzRM modules and install Az.Storage - # Finds the makeappx tool on the machine with image: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest' - pwsh: | diff --git a/.pipelines/templates/release-upload-buildinfo.yml b/.pipelines/templates/release-upload-buildinfo.yml index 27af6c87b64..8d59078b905 100644 --- a/.pipelines/templates/release-upload-buildinfo.yml +++ b/.pipelines/templates/release-upload-buildinfo.yml @@ -104,17 +104,6 @@ jobs: } displayName: Create json files - - pwsh: | - $azureRmModule = Get-InstalledModule AzureRM -ErrorAction SilentlyContinue -Verbose - if ($azureRmModule) { - Write-Host 'AzureRM module exists. Removing it' - Uninstall-AzureRm - Write-Host 'AzureRM module removed' - } - - Install-Module -Name Az.Storage -Force -AllowClobber -Scope CurrentUser -Verbose - displayName: Remove AzRM modules - - task: AzurePowerShell@5 displayName: Upload buildjson to blob inputs: diff --git a/.pipelines/templates/release-validate-packagenames.yml b/.pipelines/templates/release-validate-packagenames.yml index df467eacc28..983d6690036 100644 --- a/.pipelines/templates/release-validate-packagenames.yml +++ b/.pipelines/templates/release-validate-packagenames.yml @@ -28,18 +28,6 @@ jobs: Write-Host "##vso[build.updatebuildnumber]$name" displayName: Set Release Name - - pwsh: | - $azureRmModule = Get-InstalledModule AzureRM -ErrorAction SilentlyContinue -Verbose - if ($azureRmModule) { - Write-Host 'AzureRM module exists. Removing it' - Uninstall-AzureRm - Write-Host 'AzureRM module removed' - } - - Install-Module -Name Az.Storage -Force -AllowClobber -Scope CurrentUser -Verbose - - displayName: Remove AzRM modules and install Az.Storage - - task: AzurePowerShell@5 displayName: Upload packages to blob inputs: diff --git a/.pipelines/templates/uploadToAzure.yml b/.pipelines/templates/uploadToAzure.yml index cd6f7d6739c..3bcceeb1af7 100644 --- a/.pipelines/templates/uploadToAzure.yml +++ b/.pipelines/templates/uploadToAzure.yml @@ -256,18 +256,6 @@ jobs: New-Item -Path $(Build.ArtifactStagingDirectory)/uploaded -ItemType Directory -Force displayName: Create output directory for packages - - pwsh: | - $azureRmModule = Get-InstalledModule AzureRM -ErrorAction SilentlyContinue -Verbose - if ($azureRmModule) { - Write-Host 'AzureRM module exists. Removing it' - Uninstall-AzureRm - Write-Host 'AzureRM module removed' - } - - Install-Module -Name Az.Storage -Force -AllowClobber -Scope CurrentUser -Verbose - - displayName: Remove AzRM modules - - task: AzurePowerShell@5 displayName: Upload packages to blob inputs: diff --git a/.pipelines/templates/windows-hosted-build.yml b/.pipelines/templates/windows-hosted-build.yml index f5cebac1316..929aa54b8a7 100644 --- a/.pipelines/templates/windows-hosted-build.yml +++ b/.pipelines/templates/windows-hosted-build.yml @@ -275,7 +275,7 @@ jobs: ) $sourceModulePath = Join-Path '$(GlobalToolArtifactPath)' 'publish' 'PowerShell.Windows.x64' 'release' 'Modules' - $destModulesPath = Join-Path "$outputPath" 'temp' 'tools' 'net9.0' 'any' 'modules' + $destModulesPath = Join-Path "$outputPath" 'temp' 'tools' 'net10.0' 'any' 'modules' $modulesToCopy | ForEach-Object { $modulePath = Join-Path $sourceModulePath $_ @@ -283,7 +283,7 @@ jobs: } # Copy ref assemblies - Copy-Item '$(Pipeline.Workspace)/Symbols_$(Architecture)/ref' "$outputPath\temp\tools\net9.0\any\ref" -Recurse -Force + Copy-Item '$(Pipeline.Workspace)/Symbols_$(Architecture)/ref' "$outputPath\temp\tools\net10.0\any\ref" -Recurse -Force $contentPath = Join-Path "$outputPath\temp" 'content' $contentFilesPath = Join-Path "$outputPath\temp" 'contentFiles' @@ -291,14 +291,14 @@ jobs: Remove-Item -Path $contentPath,$contentFilesPath -Recurse -Force # remove PDBs to reduce the size of the nupkg - Remove-Item -Path "$outputPath\temp\tools\net9.0\any\*.pdb" -Recurse -Force + Remove-Item -Path "$outputPath\temp\tools\net10.0\any\*.pdb" -Recurse -Force # create powershell.config.json $config = [ordered]@{} $config.Add("Microsoft.PowerShell:ExecutionPolicy", "RemoteSigned") $config.Add("WindowsPowerShellCompatibilityModuleDenyList", @("PSScheduledJob", "BestPractices", "UpdateServices")) - $configPublishPath = Join-Path "$outputPath" 'temp' 'tools' 'net9.0' 'any' "powershell.config.json" + $configPublishPath = Join-Path "$outputPath" 'temp' 'tools' 'net10.0' 'any' "powershell.config.json" Set-Content -Path $configPublishPath -Value ($config | ConvertTo-Json) -Force -ErrorAction Stop Compress-Archive -Path "$outputPath\temp\*" -DestinationPath "$outputPath\$nupkgName" -Force diff --git a/.vsts-ci/linux-internal.yml b/.vsts-ci/linux-internal.yml new file mode 100644 index 00000000000..6286a03fb52 --- /dev/null +++ b/.vsts-ci/linux-internal.yml @@ -0,0 +1,116 @@ +# Pipeline to run Linux CI internally +name: PR-$(System.PullRequest.PullRequestNumber)-$(Date:yyyyMMdd)$(Rev:.rr) +trigger: + # Batch merge builds together while a merge build is running + batch: true + branches: + include: + - master + - release* + - feature* + paths: + include: + - '*' + exclude: + - .vsts-ci/misc-analysis.yml + - .github/ISSUE_TEMPLATE/* + - .github/workflows/* + - .dependabot/config.yml + - .pipelines/* + - test/perf/* +pr: + branches: + include: + - master + - release* + - feature* + paths: + include: + - '*' + exclude: + - .dependabot/config.yml + - .github/ISSUE_TEMPLATE/* + - .github/workflows/* + - .vsts-ci/misc-analysis.yml + - .vsts-ci/windows.yml + - .vsts-ci/windows/* + - tools/cgmanifest.json + - LICENSE.txt + - test/common/markdown/* + - test/perf/* + - tools/releaseBuild/* + - tools/install* + - tools/releaseBuild/azureDevOps/templates/* + - README.md + - .spelling + - .pipelines/* + +variables: + DOTNET_CLI_TELEMETRY_OPTOUT: 1 + POWERSHELL_TELEMETRY_OPTOUT: 1 + # Avoid expensive initialization of dotnet cli, see: https://donovanbrown.com/post/Stop-wasting-time-during-NET-Core-builds + DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1 + __SuppressAnsiEscapeSequences: 1 + nugetMultiFeedWarnLevel: none + +resources: + repositories: + - repository: Docker + type: github + endpoint: PowerShell + name: PowerShell/PowerShell-Docker + ref: master + +stages: +- stage: BuildLinuxStage + displayName: Build for Linux + jobs: + - template: templates/ci-build.yml + parameters: + pool: ubuntu-20.04 + jobName: linux_build + displayName: linux Build + +- stage: TestUbuntu + displayName: Test for Ubuntu + dependsOn: [BuildLinuxStage] + jobs: + - template: templates/nix-test.yml + parameters: + name: Ubuntu + pool: ubuntu-20.04 + purpose: UnelevatedPesterTests + tagSet: CI + + - template: templates/nix-test.yml + parameters: + name: Ubuntu + pool: ubuntu-20.04 + purpose: ElevatedPesterTests + tagSet: CI + + - template: templates/nix-test.yml + parameters: + name: Ubuntu + pool: ubuntu-20.04 + purpose: UnelevatedPesterTests + tagSet: Others + + - template: templates/nix-test.yml + parameters: + name: Ubuntu + pool: ubuntu-20.04 + purpose: ElevatedPesterTests + tagSet: Others + + - template: templates/verify-xunit.yml + parameters: + pool: ubuntu-20.04 + +- stage: PackageLinux + displayName: Package Linux + dependsOn: ["BuildLinuxStage"] + jobs: + - template: linux/templates/packaging.yml + parameters: + pool: ubuntu-20.04 diff --git a/.vsts-ci/linux.yml b/.vsts-ci/linux.yml index b1bb74197a0..338821e37dd 100644 --- a/.vsts-ci/linux.yml +++ b/.vsts-ci/linux.yml @@ -34,24 +34,16 @@ pr: - feature* paths: include: - - '*' - exclude: - - .dependabot/config.yml - - .github/ISSUE_TEMPLATE/* - - .github/workflows/* - - .vsts-ci/misc-analysis.yml - - .vsts-ci/windows.yml - - .vsts-ci/windows/* - - tools/cgmanifest.json - - LICENSE.txt - - test/common/markdown/* - - test/perf/* - - tools/releaseBuild/* - - tools/install* - - tools/releaseBuild/azureDevOps/templates/* - - README.md - - .spelling - - .pipelines/* + - .vsts-ci/linux.yml + - .vsts-ci/linux/templates/packaging.yml + - assets/manpage/* + - build.psm1 + - global.json + - nuget.config + - PowerShell.Common.props + - src/*.csproj + - tools/ci.psm1 + - tools/packaging/* variables: DOTNET_CLI_TELEMETRY_OPTOUT: 1 diff --git a/.vsts-ci/windows/templates/windows-packaging.yml b/.vsts-ci/windows/templates/windows-packaging.yml index 02dbf1bf892..d23b745c30f 100644 --- a/.vsts-ci/windows/templates/windows-packaging.yml +++ b/.vsts-ci/windows/templates/windows-packaging.yml @@ -47,9 +47,6 @@ jobs: displayName: Capture PowerShell Version Table condition: succeededOrFailed() - - - template: /tools/releaseBuild/azureDevOps/templates/insert-nuget-config-azfeed.yml - - pwsh: | Import-Module .\tools\ci.psm1 Switch-PSNugetConfig -Source Public diff --git a/CHANGELOG/7.4.md b/CHANGELOG/7.4.md index a269b1abf98..1a7d64868d0 100644 --- a/CHANGELOG/7.4.md +++ b/CHANGELOG/7.4.md @@ -1,5 +1,81 @@ # 7.4 Changelog +## [7.4.9] + +### Notes + +_This release is internal only. It is not available for download._ + +### Tools + +- Check GH token availability for `Get-Changelog` (#25156) + +### Build and Packaging Improvements + +
+ + + +

Update .NET SDK to 8.0.407

+ + + + + +
+ +[7.4.9]: https://github.com/PowerShell/PowerShell/compare/v7.4.8...v7.4.9 + +## [7.4.8] + +### Notes + +_This release is internal only. It is not available for download._ + +### Build and Packaging Improvements + +
+ + + +

Update .NET SDK to 8.0.406

+ + + + + +
+ +[7.4.8]: https://github.com/PowerShell/PowerShell/compare/v7.4.7...v7.4.8 + ## [7.4.7] ### Build and Packaging Improvements @@ -13,8 +89,8 @@