Merge pull request #10705 from NuGet/dev

[ReleasePrep][2026.02.06]RI of dev into main

Author: agr

.pipelines/Release-trigger.yml

@@ -12,14 +12,14 @@ parameters:
 - name: TargetPipelines
   type: object
   default:
-  - id: 21120 # gallery web app
-    paramName: NuGetGallerySubmoduleBranch
-  - id: 21280 # gallery packages
-    paramName: Branch
-  - id: 21128 # jobs
-    paramName: Branch
-  - id: 21269 # common
-    paramName: Branch
+  - id: 21120
+    name: Gallery Web App
+  - id: 21280
+    name: Gallery Packages
+  - id: 21128
+    name: Jobs
+  - id: 21269
+    name: Common
 
 variables:
 - name: NugetMultifeedWarnLevel
@@ -28,16 +28,25 @@ variables:
 pool:
   vmImage: 'windows-latest'
 
-steps:
-- ${{ each pipeline in parameters.TargetPipelines }}:
-  - powershell: |-
-      $body = @{
-        "templateParameters" = @{
-          "${{ pipeline.paramName }}" = "$(Build.SourceBranchName)"
-        }
-      }
-      $headers = @{ "Authorization" = "Bearer $env:ACCESS_TOKEN" };
-      $url = "$(System.CollectionUri)$(System.TeamProject)/_apis/pipelines/${{ pipeline.id }}/runs?api-version=7.0"
-      Invoke-RestMethod -Uri $url -Method POST -Headers $headers -Body ($body | ConvertTo-Json) -ContentType "application/json"
-    env:
-      ACCESS_TOKEN: $(System.AccessToken)
+stages:
+- stage: Trigger
+  displayName: "Trigger"
+  jobs:
+  - job: TriggerTargetPipelines
+    displayName: "Trigger target pipelines"
+    steps:
+    - ${{ each pipeline in parameters.TargetPipelines }}:
+      - powershell: |
+          $body = @{
+            resources = @{
+              repositories = @{
+                "NuGetGallery" = @{
+                  refName = "$(Build.SourceBranch)"
+                }
+              }
+            }
+          }
+          $headers = @{ "Authorization" = "Bearer $(System.AccessToken)" };
+          $url = "$(System.CollectionUri)$(System.TeamProject)/_apis/pipelines/${{ pipeline.id }}/runs?api-version=7.1"
+          Invoke-RestMethod -Uri $url -Method POST -Headers $headers -Body ($body | ConvertTo-Json -Depth 10) -ContentType "application/json"
+        displayName: "Trigger ${{ pipeline.name }}"

Directory.Packages.props

@@ -28,7 +28,7 @@
     <PackageVersion Include="EntityFramework" Version="6.5.1" />
     <PackageVersion Include="FluentAssertions" Version="5.5.0" />
     <PackageVersion Include="FluentLinkChecker" Version="1.0.0.10" />
-    <PackageVersion Include="HtmlSanitizer" Version="8.1.870" />
+    <PackageVersion Include="HtmlSanitizer" Version="9.0.892" />
     <PackageVersion Include="Knapcode.MiniZip" Version="0.20.0" />
     <PackageVersion Include="LibGit2Sharp" Version="0.26.0" />
     <PackageVersion Include="Lucene.Net.Contrib" Version="3.0.3" />

NuGetGallery.FunctionalTests.sln

@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 18
-VisualStudioVersion = 18.3.11322.18 main
+VisualStudioVersion = 18.3.11322.18
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{37E5C8A5-C7A6-400E-A0EA-6C2C6F9B160D}"
 	ProjectSection(SolutionItems) = preProject
@@ -12,6 +12,14 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NuGetGallery.FunctionalTest
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NuGetGallery.FunctionalTests.Core", "tests\NuGetGallery.FunctionalTests.Core\NuGetGallery.FunctionalTests.Core.csproj", "{8496C7FE-8A93-4D2E-A9DC-5DE44017187C}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NuGet.Services.KeyVault", "src\NuGet.Services.KeyVault\NuGet.Services.KeyVault.csproj", "{62CBCFA4-FD1F-5454-7934-0220E9A6651C}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{975E68D2-957C-4C58-84EB-75E900CE17E0}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NuGet.Services.Configuration", "src\NuGet.Services.Configuration\NuGet.Services.Configuration.csproj", "{2A118C67-FC6D-5A6F-035B-D41A64046CBA}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{C28C993D-C81E-4406-B711-34CF72C41C39}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -26,10 +34,24 @@ Global
 		{8496C7FE-8A93-4D2E-A9DC-5DE44017187C}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{8496C7FE-8A93-4D2E-A9DC-5DE44017187C}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{8496C7FE-8A93-4D2E-A9DC-5DE44017187C}.Release|Any CPU.Build.0 = Release|Any CPU
+		{62CBCFA4-FD1F-5454-7934-0220E9A6651C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{62CBCFA4-FD1F-5454-7934-0220E9A6651C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{62CBCFA4-FD1F-5454-7934-0220E9A6651C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{62CBCFA4-FD1F-5454-7934-0220E9A6651C}.Release|Any CPU.Build.0 = Release|Any CPU
+		{2A118C67-FC6D-5A6F-035B-D41A64046CBA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{2A118C67-FC6D-5A6F-035B-D41A64046CBA}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{2A118C67-FC6D-5A6F-035B-D41A64046CBA}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{2A118C67-FC6D-5A6F-035B-D41A64046CBA}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
+	GlobalSection(NestedProjects) = preSolution
+		{073797B8-8D6C-4A82-9788-C38848D4CC59} = {C28C993D-C81E-4406-B711-34CF72C41C39}
+		{8496C7FE-8A93-4D2E-A9DC-5DE44017187C} = {C28C993D-C81E-4406-B711-34CF72C41C39}
+		{62CBCFA4-FD1F-5454-7934-0220E9A6651C} = {975E68D2-957C-4C58-84EB-75E900CE17E0}
+		{2A118C67-FC6D-5A6F-035B-D41A64046CBA} = {975E68D2-957C-4C58-84EB-75E900CE17E0}
+	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {7A4EF1D3-E31D-4FE0-A407-79B054848111}
 	EndGlobalSection

build/FindDuplicateFiles.cs

@@ -6,6 +6,7 @@
 using System.IO;
 using System.Linq;
 using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
 using Microsoft.Build.Framework;
 
 namespace NuGet.Services.Build
@@ -21,6 +22,8 @@ public class FindDuplicateFiles : Microsoft.Build.Utilities.Task
         [Output]
         public ITaskItem[] DuplicateFiles { get; set; }
 
+        public string SkipAuthenticodeSubjects { get; set; }
+
         public override bool Execute()
         {
             var infos = GetUniqueTaskItemInfo();
@@ -123,6 +126,57 @@ private Dictionary<string, List<TaskItemInfo>> FindDuplicates(List<TaskItemInfo>
                 BreakTiesWithLeadingHash(filePathToDuplicates, buffer, fileSizePair);
             }
 
+            if (!string.IsNullOrWhiteSpace(SkipAuthenticodeSubjects))
+            {
+                Log.LogMessage("Skipping files with the following Authenticode subjects: {0}", SkipAuthenticodeSubjects);
+
+                var skipSubjects = SkipAuthenticodeSubjects
+                    .Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries)
+                    .Select(s => s.Trim())
+                    .ToHashSet(StringComparer.Ordinal);
+
+                foreach (var pair in filePathToDuplicates.ToList())
+                {
+                    var path = pair.Key;
+                    try
+                    {
+                        var cert = X509Certificate.CreateFromSignedFile(path);
+                        var subject = cert.Subject;
+
+                        if (skipSubjects.Contains(subject))
+                        {
+                            Log.LogMessage(
+                                "Skipping file '{0}' with Authenticode subject '{1}'.",
+                                path,
+                                subject);
+
+                            filePathToDuplicates.Remove(path);
+                        }
+                        else
+                        {
+                            Log.LogMessage(
+                                "Not skipping file '{0}' with Authenticode subject '{1}'.",
+                                path,
+                                subject);
+                        }
+                    }
+                    catch (Exception ex)
+                    {
+                        if (ex is CryptographicException)
+                        {
+                            // The file is not signed, proceed as normal.
+                            continue;
+                        }
+
+                        throw;
+                    }
+                }
+            }
+            else
+            {
+                Log.LogMessage("No Authenticode subjects to skip were provided.");
+            }
+
             return filePathToDuplicates;
         }
 

build/FindDuplicateFiles.targets

@@ -7,6 +7,15 @@
       <Files ParameterType="Microsoft.Build.Framework.ITaskItem[]" Required="true" />
       <UniqueFiles ParameterType="Microsoft.Build.Framework.ITaskItem[]" Output="true" />
       <DuplicateFiles ParameterType="Microsoft.Build.Framework.ITaskItem[]" Output="true" />
+
+      <!--
+      MicroBuild test signing fails signing a file that is already signed with the target strong name key.
+      Because of this, when doing test signing we skip files that are already fully signed.
+      We use the Authenticode subject to identify files that are signed with the real Microsoft key, since those will also have a complete strong name.
+      Ideally we would have an option to filter out fully signed files directly, but this is not as simple (requires sn.exe to check).
+      This is obviously not a full proof check, but it's sufficient for test signing (non-production scenarios).
+      -->
+      <SkipAuthenticodeSubjects ParameterType="System.String" />
     </ParameterGroup>
     <Task>
       <Code Type="Class" Language="cs" Source="$(MSBuildThisFileDirectory)FindDuplicateFiles.cs" />