[release-5.11.x] Use 1ES Templates in CI Pipelines & Configure SBOM (#6698)

Author: donnie-msft

build/OptProfV2.props

@@ -23,7 +23,6 @@
       <Technology>IBC</Technology>
       <InstallationPath>Common7\IDE\CommonExtensions\Microsoft\NuGet\$(AssemblyName).dll</InstallationPath>
       <InstrumentationArguments>/ExeConfig:"%VisualStudio.InstallationUnderTest.Path%\Common7\IDE\vsn.exe"</InstrumentationArguments>
-      <OptimizationArguments>-PartialNGEN</OptimizationArguments>
       <Scenarios>
         <TestContainer Name="NuGet.OptProf">
           <TestCase Weight="100" FullyQualifiedName="NuGet.OptProfV2Tests.IVsPackageSourceProvider_GetSources" />
@@ -41,12 +40,11 @@
       <Technology>IBC</Technology>
       <InstallationPath>Common7\IDE\CommonExtensions\Microsoft\NuGet\$(AssemblyName).dll</InstallationPath>
       <InstrumentationArguments>/ExeConfig:"%VisualStudio.InstallationUnderTest.Path%\Common7\IDE\vsn.exe"</InstrumentationArguments>
-      <OptimizationArguments>-PartialNGEN</OptimizationArguments>
       <Scenarios>
         <TestContainer Name="NuGet.OptProf">
           <TestCase Weight="100" FullyQualifiedName="NuGet.OptProfV2Tests.IVsPackageSourceProvider_GetSources" />
         </TestContainer>
       </Scenarios>
     </OptProf>
   </ItemGroup>
-</Project>
+</Project>

eng/common/README.md

@@ -0,0 +1,28 @@
+# Don't touch this folder
+
+                uuuuuuuuuuuuuuuuuuuu
+              u" uuuuuuuuuuuuuuuuuu "u
+            u" u$$$$$$$$$$$$$$$$$$$$u "u
+          u" u$$$$$$$$$$$$$$$$$$$$$$$$u "u
+        u" u$$$$$$$$$$$$$$$$$$$$$$$$$$$$u "u
+      u" u$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$u "u
+    u" u$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$u "u
+    $ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $
+    $ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $
+    $ $$$" ... "$...  ...$" ... "$$$  ... "$$$ $
+    $ $$$u `"$$$$$$$  $$$  $$$$$  $$  $$$  $$$ $
+    $ $$$$$$uu "$$$$  $$$  $$$$$  $$  """ u$$$ $
+    $ $$$""$$$  $$$$  $$$u "$$$" u$$  $$$$$$$$ $
+    $ $$$$....,$$$$$..$$$$$....,$$$$..$$$$$$$$ $
+    $ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $
+    "u "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" u"
+      "u "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" u"
+        "u "$$$$$$$$$$$$$$$$$$$$$$$$$$$$" u"
+          "u "$$$$$$$$$$$$$$$$$$$$$$$$" u"
+            "u "$$$$$$$$$$$$$$$$$$$$" u"
+              "u """""""""""""""""" u"
+                """"""""""""""""""""
+
+!!! Changes made in this directory are subject to being overwritten by automation !!!
+
+The files in this directory are shared by all Arcade repos and managed by automation. If you need to make changes to these files, open an issue or submit a pull request to https://github.com/dotnet/arcade first.

eng/common/generate-sbom-prep.ps1

@@ -0,0 +1,16 @@
+Param(
+    [Parameter(Mandatory=$true)][string] $ManifestDirPath    # Manifest directory where sbom will be placed
+)
+
+# create directory for sbom manifest to be placed
+if (!(Test-Path -path $ManifestDirPath))
+{
+  Write-Host "Creating dir $ManifestDirPath"
+  New-Item -ItemType Directory -path $ManifestDirPath
+  Write-Host "Successfully created directory $ManifestDirPath"
+}
+
+Write-Host "Updating artifact name"
+$artifact_name = "${env:SYSTEM_STAGENAME}_${env:AGENT_JOBNAME}_SBOM" -replace '["/:<>\\|?@*"() ]', '_'
+Write-Host "Artifact name $artifact_name"
+Write-Host "##vso[task.setvariable variable=ARTIFACT_NAME]$artifact_name"

eng/common/generate-sbom-prep.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+source="${BASH_SOURCE[0]}"
+
+manifest_dir=$1
+
+if [ ! -d "$manifest_dir" ] ; then
+  mkdir -p "$manifest_dir"
+  echo "Sbom directory created." $manifest_dir
+else
+  Write-PipelineTelemetryError -category 'Build'  "Unable to create sbom folder."
+fi
+
+artifact_name=$SYSTEM_STAGENAME"_"$AGENT_JOBNAME"_SBOM"
+echo "Artifact name before : "$artifact_name
+# replace all special characters with _, some builds use special characters like : in Agent.Jobname, that is not a permissible name while uploading artifacts.
+safe_artifact_name="${artifact_name//["/:<>\\|?@*$" ]/_}"
+echo "Artifact name after : "$safe_artifact_name
+export ARTIFACT_NAME=$safe_artifact_name
+echo "##vso[task.setvariable variable=ARTIFACT_NAME]$safe_artifact_name"
+
+exit 0

eng/common/templates/steps/generate-sbom.yml

@@ -0,0 +1,36 @@
+# BuildDropPath - The root folder of the drop directory for which the manifest file will be generated.
+# PackageName - The name of the package this SBOM represents.
+# PackageVersion - The version of the package this SBOM represents.
+# ManifestDirPath - The path of the directory where the generated manifest files will be placed
+
+parameters:
+  PackageVersion: 7.0.0
+  BuildDropPath: '$(Build.SourcesDirectory)\artifacts'
+  PackageName: '.NET'
+  ManifestDirPath: '$(Build.SourcesDirectory)\artifacts'
+  sbomContinueOnError: true
+
+steps:
+- task: PowerShell@2
+  displayName: Prep for SBOM generation in (Non-linux)
+  condition: or(eq(variables['Agent.Os'], 'Windows_NT'), eq(variables['Agent.Os'], 'Darwin'))
+  inputs:
+    filePath: ./eng/common/generate-sbom-prep.ps1
+    arguments: ${{parameters.manifestDirPath}}
+
+# Chmodding is a workaround for https://github.com/dotnet/arcade/issues/8461
+- script: |
+    chmod +x ./eng/common/generate-sbom-prep.sh
+    ./eng/common/generate-sbom-prep.sh ${{parameters.manifestDirPath}}
+  displayName: Prep for SBOM generation in (Linux)
+  condition: eq(variables['Agent.Os'], 'Linux')
+  continueOnError: ${{ parameters.sbomContinueOnError }}
+
+- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
+  displayName: 'Generate SBOM manifest'
+  continueOnError: ${{ parameters.sbomContinueOnError }}
+  inputs:
+      PackageName: ${{ parameters.packageName }}
+      BuildDropPath: ${{ parameters.buildDropPath }}
+      PackageVersion: ${{ parameters.packageVersion }}
+      ManifestDirPath: ${{ parameters.manifestDirPath }}

eng/pipelines/official.yml

@@ -1,38 +1,93 @@
 parameters:
-- name: DartLabEnvironment
-  displayName: DartLab Environment
+- name: RunBuildForPublishing
+  displayName: Build bits for publishing
+  type: boolean
+  default: true
+# Disable on this branch.
+# - name: RunCrossFrameworkTestsOnWindows
+#   displayName: Run cross framweork tests on Windows
+#   type: boolean
+#   default: true
+- name: RunFunctionalTestsOnWindows
+  displayName: Run functional tests on Windows
+  type: boolean
+  default: true
+- name: RunSourceBuild
+  displayName: Run source build
+  type: boolean
+  default: true
+- name: RunTestsOnLinux
+  displayName: Run tests on Linux
+  type: boolean
+  default: true
+- name: RunTestsOnMac
+  displayName: Run tests on Mac
+  type: boolean
+  default: true
+- name: RunMonoTestsOnMac
+  displayName: Run Mono tests on Mac
+  type: boolean
+  default: true
+- name: SigningType
+  displayName: Type of signing to use
   type: string
-  default: Production
+  default: Real
   values:
-  - Production
-  - Staging
-- name: E2EPart1AgentCleanup
-  displayName: Delete or keep E2E Part 1 machine for debugging
-  type: string
-  default: delete
-  values:
-  - delete
-  - stop
-- name: E2EPart2AgentCleanup
-  displayName: Delete or keep E2E Part 2 machine for debugging
-  type: string
-  default: delete
-  values:
-  - delete
-  - stop
-- name: ApexAgentCleanup
-  displayName: Delete or keep VS Apex test machine for debugging
-  type: string
-  default: delete
-  values:
-  - delete
-  - stop
+  - Real
+  - Test
+
+resources:
+  repositories:
+  - repository: MicroBuildTemplate
+    type: git
+    name: 1ESPipelineTemplates/MicroBuildTemplate
+    ref: refs/tags/release
+
+variables:
+  BINLOG_DIRECTORY: $(Build.StagingDirectory)/binlog
+  DOTNET_NOLOGO: 1
+  NUGET_EXPERIMENTAL_CHAIN_BUILD_RETRY_POLICY: 3,1000
+  Codeql.Enabled: false
+  Codeql.TSAEnabled: false
+  RunBuildForPublishing: ${{ parameters.RunBuildForPublishing }}
+  # Disable on this branch. RunCrossFrameworkTestsOnWindows: ${{ parameters.RunCrossFrameworkTestsOnWindows }}
+  RunFunctionalTestsOnWindows: ${{ parameters.RunFunctionalTestsOnWindows }}
+  RunSourceBuild: ${{ parameters.RunSourceBuild }}
+  RunTestsOnLinux: ${{ parameters.RunTestsOnLinux }}
+  RunTestsOnMac: ${{ parameters.RunTestsOnMac }}
+  RunMonoTestsOnMac: ${{ parameters.RunMonoTestsOnMac }}
 
 extends:
-  template: templates/pipeline.yml
+  template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
   parameters:
-    isOfficialBuild: true
-    DartLabEnvironment: ${{parameters.DartLabEnvironment}}
-    E2EPart1AgentCleanup: ${{parameters.E2EPart1AgentCleanup}}
-    E2EPart2AgentCleanup: ${{parameters.E2EPart2AgentCleanup}}
-    ApexAgentCleanup: ${{parameters.ApexAgentCleanup}}
+    sdl:
+      sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES
+      binskim:
+        enabled: true
+        scanOutputDirectoryOnly: true
+      sbom:
+        enabled: true
+      credscan:
+        enabled: false
+    pool:
+      name: VSEngSS-MicroBuild2019-1ES
+      os: windows
+      demands:
+      - ImageOverride -equals server2022-microbuildVS2019-1es
+    featureFlags:
+      enablePrepareFilesForSbom: true
+    customBuildTags:
+    - ES365AIMigrationTooling
+    stages:
+    - template: /eng/pipelines/templates/pipeline.yml@self
+      parameters:
+        isOfficialBuild: true
+        NuGetLocalizationType: Full
+        RunBuildForPublishing: ${{parameters.RunBuildForPublishing}}
+        # Disable on this branch. RunCrossFrameworkTestsOnWindows: ${{parameters.RunCrossFrameworkTestsOnWindows}}
+        RunFunctionalTestsOnWindows: ${{parameters.RunFunctionalTestsOnWindows}}
+        RunSourceBuild: ${{parameters.RunSourceBuild}}
+        RunTestsOnLinux: ${{parameters.RunTestsOnLinux}}
+        RunTestsOnMac: ${{parameters.RunTestsOnMac}}
+        RunMonoTestsOnMac: ${{parameters.RunMonoTestsOnMac}}
+        SigningType: ${{ parameters.SigningType }}

eng/pipelines/pull_request.yml

@@ -1,37 +1,93 @@
 parameters:
-- name: DartLabEnvironment
-  displayName: DartLab Environment
-  type: string
-  default: Production
-  values:
-  - Production
-  - Staging
-- name: E2EPart1AgentCleanup
-  displayName: Delete or keep E2E Part 1 machine for debugging
-  type: string
-  default: delete
-  values:
-  - delete
-  - stop
-- name: E2EPart2AgentCleanup
-  displayName: Delete or keep E2E Part 2 machine for debugging
-  type: string
-  default: delete
-  values:
-  - delete
-  - stop
-- name: ApexAgentCleanup
-  displayName: Delete or keep VS Apex test machine for debugging
-  type: string
-  default: delete
-  values:
-  - delete
-  - stop
-
+  - name: NuGetLocalizationType
+    displayName: Whether to do production-ready localization (Full), or pseudo-localization, aka PLOC, (Pseudo) for testing.
+    type: string
+    default: Full
+    values:
+      - Full
+      - Pseudo
+  - name: RunBuildForPublishing
+    displayName: Build bits for publishing
+    type: boolean
+    default: true
+  # Disable on this branch.
+  # - name: RunCrossFrameworkTestsOnWindows
+  #   displayName: Run cross framweork tests on Windows
+  #   type: boolean
+  #   default: true
+  - name: RunFunctionalTestsOnWindows
+    displayName: Run functional tests on Windows
+    type: boolean
+    default: true
+  - name: RunSourceBuild
+    displayName: Run source build
+    type: boolean
+    default: true
+  - name: RunTestsOnLinux
+    displayName: Run tests on Linux
+    type: boolean
+    default: true
+  - name: RunTestsOnMac
+    displayName: Run tests on Mac
+    type: boolean
+    default: true
+  - name: RunMonoTestsOnMac
+    displayName: Run Mono tests on Mac
+    type: boolean
+    default: true
+  - name: SigningType
+    displayName: Type of signing to use
+    type: string
+    default: Test
+resources:
+  repositories:
+    - repository: MicroBuildTemplate
+      type: git
+      name: 1ESPipelineTemplates/MicroBuildTemplate
+      ref: refs/tags/release
+variables:
+  BINLOG_DIRECTORY: $(Build.StagingDirectory)/binlog
+  DOTNET_NOLOGO: 1
+  NUGET_EXPERIMENTAL_CHAIN_BUILD_RETRY_POLICY: 3,1000
+  Codeql.Enabled: false
+  Codeql.TSAEnabled: false
+  RunBuildForPublishing: ${{ parameters.RunBuildForPublishing }}
+  # Disable on this branch. RunCrossFrameworkTestsOnWindows: ${{ parameters.RunCrossFrameworkTestsOnWindows }}
+  RunFunctionalTestsOnWindows: ${{ parameters.RunFunctionalTestsOnWindows }}
+  RunSourceBuild: ${{ parameters.RunSourceBuild }}
+  RunTestsOnLinux: ${{ parameters.RunTestsOnLinux }}
+  RunTestsOnMac: ${{ parameters.RunTestsOnMac }}
+  RunMonoTestsOnMac: ${{ parameters.RunMonoTestsOnMac }}
 extends:
-  template: templates/pipeline.yml
+  template: azure-pipelines/MicroBuild.1ES.Unofficial.yml@MicroBuildTemplate
   parameters:
-    DartLabEnvironment: ${{parameters.DartLabEnvironment}}
-    E2EPart1AgentCleanup: ${{parameters.E2EPart1AgentCleanup}}
-    E2EPart2AgentCleanup: ${{parameters.E2EPart2AgentCleanup}}
-    ApexAgentCleanup: ${{parameters.ApexAgentCleanup}}
+    sdl:
+      sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES
+      binskim:
+        enabled: true
+        scanOutputDirectoryOnly: true
+      sbom:
+        enabled: true
+      credscan:
+        enabled: false
+    pool:
+      name: VSEngSS-MicroBuild2019-1ES
+      os: windows
+      demands:
+        - ImageOverride -equals server2022-microbuildVS2019-1es
+    featureFlags:
+      enablePrepareFilesForSbom: true
+    customBuildTags:
+      - ES365AIMigrationTooling
+    stages:
+      - template: /eng/pipelines/templates/pipeline.yml@self
+        parameters:
+          NuGetLocalizationType: ${{parameters.NuGetLocalizationType}}
+          RunBuildForPublishing: ${{parameters.RunBuildForPublishing}}
+          # Disable on this branch. RunCrossFrameworkTestsOnWindows: ${{parameters.RunCrossFrameworkTestsOnWindows}}
+          RunFunctionalTestsOnWindows: ${{parameters.RunFunctionalTestsOnWindows}}
+          RunSourceBuild: ${{parameters.RunSourceBuild}}
+          RunTestsOnLinux: ${{parameters.RunTestsOnLinux}}
+          RunTestsOnMac: ${{parameters.RunTestsOnMac}}
+          RunMonoTestsOnMac: ${{parameters.RunMonoTestsOnMac}}
+          SigningType: ${{ parameters.SigningType }}

eng/pipelines/templates/Apex_Tests_On_Windows.yml

@@ -56,8 +56,8 @@ stages:
             inlineScript: |
               Get-ChildItem Env: | Sort-Object Name | Format-Table -Wrap -AutoSize
 
-        - task: DownloadBuildArtifacts@0
-          displayName: "Download Build artifacts"
+        - task: DownloadPipelineArtifact@0
+          displayName: "Download Pipeline artifacts"
           inputs:
             artifactName: "VS15"
             downloadPath: "$(Build.Repository.LocalPath)/artifacts"