From a7d15b4f34127db05d7eed63b36dd1e38475c4ac Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Mon, 23 Jun 2025 16:11:34 -0500 Subject: [PATCH 01/49] [build] enable TSA reporting on more steps Context: https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/features/sdlanalysis/tsasupport Context: https://github.com/dotnet/android/pull/10239 PR #10239 is a nice step, in fixing our TSA reporting for Policheck. However, we need to enable it for our entire pipeline. There are other security scanning tools that need this setting. --- build-tools/automation/azure-pipelines.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 144c5aa2877..889b221ac01 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -88,6 +88,9 @@ extends: - repository: maui suppression: suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress + tsa: + enabled: true + configFile: $(Build.SourcesDirectory)\.gdn\tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true stages: From fa3028f168e19e5b52823de3c31129caeb3c7ad4 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Tue, 24 Jun 2025 09:04:38 -0500 Subject: [PATCH 02/49] Setup CredScan suppression file Context: https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/features/sdlanalysis/credscan Context: https://devdiv.visualstudio.com/DevDiv/_workitems/edit/2514776 Context: https://devdiv.visualstudio.com/DevDiv/_workitems/edit/2514777 Context: https://devdiv.visualstudio.com/DevDiv/_workitems/edit/2514778 Context: https://devdiv.visualstudio.com/DevDiv/_workitems/edit/2514779 Context: https://devdiv.visualstudio.com/DevDiv/_workitems/edit/2514780 --- .gdn/CredScanSuppressions.json | 29 +++++++++++++++++++++ build-tools/automation/azure-pipelines.yaml | 2 ++ 2 files changed, 31 insertions(+) create mode 100644 .gdn/CredScanSuppressions.json diff --git a/.gdn/CredScanSuppressions.json b/.gdn/CredScanSuppressions.json new file mode 100644 index 00000000000..e53c619ae4a --- /dev/null +++ b/.gdn/CredScanSuppressions.json @@ -0,0 +1,29 @@ +{ + "Suppressions": [ + { + "Issue": "CSCAN-GENERAL0020", + "Justification": "test.keystore is used for testing purposes only and does not contain sensitive information.", + "FilePath": "src/Xamarin.Android.Build.Tasks/Tests/Xamarin.ProjectTools/Resources/Base/test.keystore" + }, + { + "Issue": "CSCAN-GENERAL0060", + "Justification": "False positive detected in external/android-api-docs/docs/xml/Javax.Security.Auth.Callback/PasswordCallback.xml", + "FilePath": "external/android-api-docs/docs/xml/Javax.Security.Auth.Callback/PasswordCallback.xml" + }, + { + "Issue": "CSCAN-GENERAL0060", + "Justification": "False positive detected in external/android-api-docs/docs/xml/Javax.Crypto/ISecretKey.xml", + "FilePath": "external/android-api-docs/docs/xml/Javax.Crypto/ISecretKey.xml" + }, + { + "Issue": "CSCAN-GENERAL0030", + "Justification": "False positive detected in external/android-api-docs/docs/xml/Android.Service.Autofill/FillEventHistory+Event.xml", + "FilePath": "external/android-api-docs/docs/xml/Android.Service.Autofill/FillEventHistory+Event.xml" + }, + { + "Issue": "CSCAN-GENERAL0060", + "Justification": "False positive detected in external/android-api-docs/docs/xml/Android.Service.Autofill/FillEventHistory+Event.xml", + "FilePath": "external/android-api-docs/docs/xml/Android.Service.Autofill/FillEventHistory+Event.xml" + } + ] +} diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index f5a9cc860c9..3f25cc319c0 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -69,6 +69,8 @@ extends: compiled: enabled: false justificationForDisabling: CodeQL runs against the nightly build + credscan: + suppressionsFile: $(Build.SourcesDirectory)\.gdn\CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning From f08ba80dc16453c407ccd0df3df3c2f7a7a8763e Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Tue, 24 Jun 2025 12:54:35 -0500 Subject: [PATCH 03/49] Setup BinSkim exclusion paths Context: https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/features/sdlanalysis/binskim Context: https://devdiv.visualstudio.com/DevDiv/_workitems/edit/2514823 This opened 309 work items, so not going to link them all here. --- build-tools/automation/azure-pipelines.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 3f25cc319c0..ea7e3701d6a 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -64,7 +64,10 @@ extends: ${{ if eq('${{ parameters.Skip1ESComplianceTasks }}', 'true') }}: enableAllTools: false binskim: + enabled: true scanOutputDirectoryOnly: true + # Ignore all dlls and exes inside TestRelease folder + targetPathExclusionPattern: '\".*[/\\\\\\\\]TestRelease[/\\\\\\\\].*.(exe|dll)\"' codeql: compiled: enabled: false From 4baf80ff15deb2a0ba023631adf1e640a6733e1b Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Tue, 24 Jun 2025 15:00:06 -0500 Subject: [PATCH 04/49] Unix path separators Fixes: ##[error]TsaConfigFormatException: Unable to read the TsaOptions config file. Please check the format of the file: /mnt/vss/_work/1/s\.gdn\tsaoptions-v2.json ##[error]GuardianFileNotFoundException: Unable to find required file at: /mnt/vss/_work/1/s\.gdn\tsaoptions-v2.json --- build-tools/automation/azure-pipelines.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index ea7e3701d6a..006decb7753 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -73,7 +73,7 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: - suppressionsFile: $(Build.SourcesDirectory)\.gdn\CredScanSuppressions.json + suppressionsFile: $(Build.SourcesDirectory)/.gdn/CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning @@ -92,10 +92,10 @@ extends: - repository: yaml-templates - repository: maui suppression: - suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress + suppressionFile: $(Build.SourcesDirectory)/.gdn/.gdnsuppress tsa: enabled: true - configFile: $(Build.SourcesDirectory)\.gdn\tsaoptions-v2.json + configFile: $(Build.SourcesDirectory)/.gdn/tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true stages: From cab28044614854f953d9544a9d4ede6477f99436 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Tue, 24 Jun 2025 15:49:19 -0500 Subject: [PATCH 05/49] Use $(System.DefaultWorkingDirectory) --- build-tools/automation/azure-pipelines.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 006decb7753..2cedc26e070 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -73,7 +73,7 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: - suppressionsFile: $(Build.SourcesDirectory)/.gdn/CredScanSuppressions.json + suppressionsFile: $(System.DefaultWorkingDirectory)/.gdn/CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning @@ -92,10 +92,10 @@ extends: - repository: yaml-templates - repository: maui suppression: - suppressionFile: $(Build.SourcesDirectory)/.gdn/.gdnsuppress + suppressionFile: $(System.DefaultWorkingDirectory)/.gdn/.gdnsuppress tsa: enabled: true - configFile: $(Build.SourcesDirectory)/.gdn/tsaoptions-v2.json + configFile: $(System.DefaultWorkingDirectory)/.gdn/tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true stages: From cfb2014fbd2dc995ec75b6aebb655c278abebd3a Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Tue, 24 Jun 2025 16:12:07 -0500 Subject: [PATCH 06/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 2cedc26e070..926cf828295 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -73,7 +73,7 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: - suppressionsFile: $(System.DefaultWorkingDirectory)/.gdn/CredScanSuppressions.json + suppressionsFile: $(Build.SourcesDirectory)/.gdn/CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning @@ -92,10 +92,11 @@ extends: - repository: yaml-templates - repository: maui suppression: - suppressionFile: $(System.DefaultWorkingDirectory)/.gdn/.gdnsuppress - tsa: - enabled: true - configFile: $(System.DefaultWorkingDirectory)/.gdn/tsaoptions-v2.json + suppressionFile: $(Build.SourcesDirectory)/.gdn/.gdnsuppress + ${{ if ne(variables['agent.os'], 'Linux') }}: + tsa: + enabled: true + configFile: $(Build.SourcesDirectory)/.gdn/tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true stages: From 09e7f1ba3d5f5a02583622341dae9a965d975b1d Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Tue, 24 Jun 2025 16:53:45 -0500 Subject: [PATCH 07/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 926cf828295..41f8c477613 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -73,7 +73,7 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: - suppressionsFile: $(Build.SourcesDirectory)/.gdn/CredScanSuppressions.json + suppressionsFile: $(Build.SourcesDirectory)\.gdn\CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning @@ -92,11 +92,13 @@ extends: - repository: yaml-templates - repository: maui suppression: - suppressionFile: $(Build.SourcesDirectory)/.gdn/.gdnsuppress - ${{ if ne(variables['agent.os'], 'Linux') }}: + suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress tsa: - enabled: true - configFile: $(Build.SourcesDirectory)/.gdn/tsaoptions-v2.json + ${{ if eq(variables['agent.os'], 'Linux') }}: + enabled: false + ${{ else }}: + enabled: true + configFile: $(Build.SourcesDirectory)\.gdn\tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true stages: From ae6f013760493ee45af9595497929f95e3f9836c Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Tue, 24 Jun 2025 21:34:56 -0500 Subject: [PATCH 08/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 41f8c477613..01a10187584 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -67,7 +67,7 @@ extends: enabled: true scanOutputDirectoryOnly: true # Ignore all dlls and exes inside TestRelease folder - targetPathExclusionPattern: '\".*[/\\\\\\\\]TestRelease[/\\\\\\\\].*.(exe|dll)\"' + targetPathExclusionPattern: '\".*TestRelease.*\"' codeql: compiled: enabled: false From 34e406122e14e5c6a1ffc371c43ee691aae9a019 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 07:13:54 -0500 Subject: [PATCH 09/49] system.debug --- build-tools/automation/yaml-templates/variables.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/build-tools/automation/yaml-templates/variables.yaml b/build-tools/automation/yaml-templates/variables.yaml index a2822871012..e889bee7f58 100644 --- a/build-tools/automation/yaml-templates/variables.yaml +++ b/build-tools/automation/yaml-templates/variables.yaml @@ -1,6 +1,8 @@ variables: - name: RunningOnCI value: true +- name: system.debug + value: true - name: XA.Build.Configuration value: Release - name: NuGetArtifactName From a95352e0df2b7d6c7d16ca0ea7eaf8d220814f3d Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 08:57:43 -0500 Subject: [PATCH 10/49] Use `analyzeTargetGlob` Context: https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-mohanb/security-integration/guardian-wiki/sdl-azdo-extension/binskim-build-task Context: https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/features/sdlanalysis/binskim --- build-tools/automation/azure-pipelines.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 01a10187584..65751e540ad 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -66,8 +66,7 @@ extends: binskim: enabled: true scanOutputDirectoryOnly: true - # Ignore all dlls and exes inside TestRelease folder - targetPathExclusionPattern: '\".*TestRelease.*\"' + analyzeTargetGlob: '$(System.DefaultWorkingDirectory)\bin\$(XA.Build.Configuration)\dotnet\packs\Microsoft.Android*\**.dll;$(System.DefaultWorkingDirectory)\bin\$(XA.Build.Configuration)\dotnet\packs\Microsoft.Android*\**.exe' codeql: compiled: enabled: false From 3888882f8b7ed14f83a19418f158bc6871f1ffb8 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 10:25:57 -0500 Subject: [PATCH 11/49] Revert "system.debug" This reverts commit 34e406122e14e5c6a1ffc371c43ee691aae9a019. --- build-tools/automation/yaml-templates/variables.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/build-tools/automation/yaml-templates/variables.yaml b/build-tools/automation/yaml-templates/variables.yaml index e889bee7f58..a2822871012 100644 --- a/build-tools/automation/yaml-templates/variables.yaml +++ b/build-tools/automation/yaml-templates/variables.yaml @@ -1,8 +1,6 @@ variables: - name: RunningOnCI value: true -- name: system.debug - value: true - name: XA.Build.Configuration value: Release - name: NuGetArtifactName From 591863b90d0340d6eafeba1dec1166e7a7a7e022 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 11:00:03 -0500 Subject: [PATCH 12/49] Update .external REVERT ME later --- .external | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.external b/.external index c7054543a0d..b3d7fdf1eac 100644 --- a/.external +++ b/.external @@ -1 +1 @@ -DevDiv/android-platform-support:main@ba980b15c8d61f10d902602ad4e614423f39b43a +DevDiv/android-platform-support:dev/peppers/tsa-area-path@9ffe7a9f16e505fa5afad32b505307db55a4a298 From 346de5610ed3b536285eb0b99abe7826396df8bb Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 11:14:07 -0500 Subject: [PATCH 13/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 65751e540ad..32a22c06bed 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -72,7 +72,7 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: - suppressionsFile: $(Build.SourcesDirectory)\.gdn\CredScanSuppressions.json + suppressionsFile: $(System.DefaultWorkingDirectory)\.gdn\CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning From 5c5f58ddbf09123d18af55ffe18157287b5a2545 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 11:21:51 -0500 Subject: [PATCH 14/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 32a22c06bed..ae90ae0b82a 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -72,7 +72,7 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: - suppressionsFile: $(System.DefaultWorkingDirectory)\.gdn\CredScanSuppressions.json + suppressionsFile: $(Build.SourcesDirectory)\android\.gdn\CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning @@ -91,13 +91,10 @@ extends: - repository: yaml-templates - repository: maui suppression: - suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress + suppressionFile: $(Build.SourcesDirectory)\android\.gdn\.gdnsuppress tsa: - ${{ if eq(variables['agent.os'], 'Linux') }}: - enabled: false - ${{ else }}: - enabled: true - configFile: $(Build.SourcesDirectory)\.gdn\tsaoptions-v2.json + enabled: true + configFile: $(Build.SourcesDirectory)\android\.gdn\tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true stages: From 3ccd38e5b371656a4904906528ce3db7851a0d39 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 11:42:15 -0500 Subject: [PATCH 15/49] .gdn\CredScanSuppressions.csk --- .gdn/{CredScanSuppressions.json => CredScanSuppressions.csk} | 0 build-tools/automation/azure-pipelines.yaml | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename .gdn/{CredScanSuppressions.json => CredScanSuppressions.csk} (100%) diff --git a/.gdn/CredScanSuppressions.json b/.gdn/CredScanSuppressions.csk similarity index 100% rename from .gdn/CredScanSuppressions.json rename to .gdn/CredScanSuppressions.csk diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index ae90ae0b82a..983395ecd36 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -72,7 +72,7 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: - suppressionsFile: $(Build.SourcesDirectory)\android\.gdn\CredScanSuppressions.json + suppressionsFile: $(Build.SourcesDirectory)\android\.gdn\CredScanSuppressions.csk policheck: enabled: false justification: Built in task does not support multi-language scanning From cb16aa6612769b193d3c8ed506c104d0b92fdbd1 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 11:50:40 -0500 Subject: [PATCH 16/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 983395ecd36..4995bef6322 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -72,7 +72,7 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: - suppressionsFile: $(Build.SourcesDirectory)\android\.gdn\CredScanSuppressions.csk + suppressionsFile: $(Build.SourcesDirectory)\.gdn\CredScanSuppressions.csk policheck: enabled: false justification: Built in task does not support multi-language scanning @@ -91,10 +91,10 @@ extends: - repository: yaml-templates - repository: maui suppression: - suppressionFile: $(Build.SourcesDirectory)\android\.gdn\.gdnsuppress + suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress tsa: enabled: true - configFile: $(Build.SourcesDirectory)\android\.gdn\tsaoptions-v2.json + configFile: $(Build.SourcesDirectory)\.gdn\tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true stages: From a1dda2a69cecba07c8c1a6aabacb9b9101411d78 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 12:03:09 -0500 Subject: [PATCH 17/49] Revert "Update azure-pipelines.yaml" This reverts commit cb16aa6612769b193d3c8ed506c104d0b92fdbd1. --- build-tools/automation/azure-pipelines.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 4995bef6322..983395ecd36 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -72,7 +72,7 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: - suppressionsFile: $(Build.SourcesDirectory)\.gdn\CredScanSuppressions.csk + suppressionsFile: $(Build.SourcesDirectory)\android\.gdn\CredScanSuppressions.csk policheck: enabled: false justification: Built in task does not support multi-language scanning @@ -91,10 +91,10 @@ extends: - repository: yaml-templates - repository: maui suppression: - suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress + suppressionFile: $(Build.SourcesDirectory)\android\.gdn\.gdnsuppress tsa: enabled: true - configFile: $(Build.SourcesDirectory)\.gdn\tsaoptions-v2.json + configFile: $(Build.SourcesDirectory)\android\.gdn\tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true stages: From 3fd276d811d64b42165ffce2b80d4d87b773f282 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 12:03:11 -0500 Subject: [PATCH 18/49] Revert ".gdn\CredScanSuppressions.csk" This reverts commit 3ccd38e5b371656a4904906528ce3db7851a0d39. --- .gdn/{CredScanSuppressions.csk => CredScanSuppressions.json} | 0 build-tools/automation/azure-pipelines.yaml | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename .gdn/{CredScanSuppressions.csk => CredScanSuppressions.json} (100%) diff --git a/.gdn/CredScanSuppressions.csk b/.gdn/CredScanSuppressions.json similarity index 100% rename from .gdn/CredScanSuppressions.csk rename to .gdn/CredScanSuppressions.json diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 983395ecd36..ae90ae0b82a 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -72,7 +72,7 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: - suppressionsFile: $(Build.SourcesDirectory)\android\.gdn\CredScanSuppressions.csk + suppressionsFile: $(Build.SourcesDirectory)\android\.gdn\CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning From 0dc349c42b7e4baa79c245db2404c5a7d1ca4ec3 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 12:03:31 -0500 Subject: [PATCH 19/49] Revert "Update azure-pipelines.yaml" This reverts commit 5c5f58ddbf09123d18af55ffe18157287b5a2545. --- build-tools/automation/azure-pipelines.yaml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index ae90ae0b82a..32a22c06bed 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -72,7 +72,7 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: - suppressionsFile: $(Build.SourcesDirectory)\android\.gdn\CredScanSuppressions.json + suppressionsFile: $(System.DefaultWorkingDirectory)\.gdn\CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning @@ -91,10 +91,13 @@ extends: - repository: yaml-templates - repository: maui suppression: - suppressionFile: $(Build.SourcesDirectory)\android\.gdn\.gdnsuppress + suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress tsa: - enabled: true - configFile: $(Build.SourcesDirectory)\android\.gdn\tsaoptions-v2.json + ${{ if eq(variables['agent.os'], 'Linux') }}: + enabled: false + ${{ else }}: + enabled: true + configFile: $(Build.SourcesDirectory)\.gdn\tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true stages: From 331d64b2d647a6a4b7782b4c639c58d83accf8ad Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 12:03:49 -0500 Subject: [PATCH 20/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 32a22c06bed..8b5b6e21b7d 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -84,19 +84,13 @@ extends: image: $(WindowsPoolImage1ESPT) os: windows sourceRepositoriesToScan: - include: - - ${{ if ne(variables['System.PullRequest.IsFork'], 'True') }}: - - repository: android-platform-support exclude: - repository: yaml-templates - repository: maui suppression: suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress tsa: - ${{ if eq(variables['agent.os'], 'Linux') }}: - enabled: false - ${{ else }}: - enabled: true + enabled: true configFile: $(Build.SourcesDirectory)\.gdn\tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true From 86fbe048576aa68ff021cc8acb10d26b493123e0 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 12:05:05 -0500 Subject: [PATCH 21/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 8b5b6e21b7d..573445e7eab 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -85,8 +85,9 @@ extends: os: windows sourceRepositoriesToScan: exclude: - - repository: yaml-templates + - repository: android-platform-support - repository: maui + - repository: yaml-templates suppression: suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress tsa: From 3a49803f063d9d7ecb96409edbe73bd20c9de4fb Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 12:15:00 -0500 Subject: [PATCH 22/49] Revert "Update .external" This reverts commit 591863b90d0340d6eafeba1dec1166e7a7a7e022. --- .external | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.external b/.external index b3d7fdf1eac..c7054543a0d 100644 --- a/.external +++ b/.external @@ -1 +1 @@ -DevDiv/android-platform-support:dev/peppers/tsa-area-path@9ffe7a9f16e505fa5afad32b505307db55a4a298 +DevDiv/android-platform-support:main@ba980b15c8d61f10d902602ad4e614423f39b43a From 57ff353f3cd8cb4cc22d3d7c3cabac1a4692c146 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 13:06:13 -0500 Subject: [PATCH 23/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 573445e7eab..fee17d2fdde 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -91,7 +91,10 @@ extends: suppression: suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress tsa: - enabled: true + ${{ if eq(variables['agent.os'], 'Linux') }}: + enabled: false + ${{ else }}: + enabled: true configFile: $(Build.SourcesDirectory)\.gdn\tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true From aae35e99941a35c7c67be2a9da2759b055d5d8e8 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 13:39:56 -0500 Subject: [PATCH 24/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index fee17d2fdde..438d0a81222 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -72,6 +72,10 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: + ${{ if eq(variables['agent.os'], 'Linux') }}: + enabled: false + ${{ else }}: + enabled: true suppressionsFile: $(System.DefaultWorkingDirectory)\.gdn\CredScanSuppressions.json policheck: enabled: false From 7d5bc396afc8dbb8aac7c8d5996e64c60f882221 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 13:42:07 -0500 Subject: [PATCH 25/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 438d0a81222..d1211e5b946 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -94,12 +94,12 @@ extends: - repository: yaml-templates suppression: suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress - tsa: - ${{ if eq(variables['agent.os'], 'Linux') }}: - enabled: false - ${{ else }}: - enabled: true - configFile: $(Build.SourcesDirectory)\.gdn\tsaoptions-v2.json + tsa: + ${{ if eq(variables['agent.os'], 'Linux') }}: + enabled: false + ${{ else }}: + enabled: true + configFile: $(Build.SourcesDirectory)\.gdn\tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true stages: From 6ecfb7c9f821d4e92b7e1dd6493e7a975570229e Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 14:08:23 -0500 Subject: [PATCH 26/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index d1211e5b946..0099d5aed60 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -76,7 +76,7 @@ extends: enabled: false ${{ else }}: enabled: true - suppressionsFile: $(System.DefaultWorkingDirectory)\.gdn\CredScanSuppressions.json + suppressionsFile: $(System.DefaultWorkingDirectory)\.gdn\CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning @@ -99,7 +99,7 @@ extends: enabled: false ${{ else }}: enabled: true - configFile: $(Build.SourcesDirectory)\.gdn\tsaoptions-v2.json + configFile: $(Build.SourcesDirectory)\.gdn\tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true stages: From 324fa6de7d60476ff8f9fb7e6aeedee01be73a31 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 14:43:56 -0500 Subject: [PATCH 27/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 0099d5aed60..fa0f51d499d 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -76,7 +76,7 @@ extends: enabled: false ${{ else }}: enabled: true - suppressionsFile: $(System.DefaultWorkingDirectory)\.gdn\CredScanSuppressions.json + suppressionsFile: $(System.DefaultWorkingDirectory)/.gdn/CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning @@ -93,13 +93,13 @@ extends: - repository: maui - repository: yaml-templates suppression: - suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress + suppressionFile: $(Build.SourcesDirectory)/.gdn/.gdnsuppress tsa: ${{ if eq(variables['agent.os'], 'Linux') }}: enabled: false ${{ else }}: enabled: true - configFile: $(Build.SourcesDirectory)\.gdn\tsaoptions-v2.json + configFile: $(Build.SourcesDirectory)/.gdn/tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true stages: From 4469f366973cc8a7dadc5d63b43c58bc01d0f92b Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 14:45:21 -0500 Subject: [PATCH 28/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index fa0f51d499d..d207a6b2c88 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -72,7 +72,7 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: - ${{ if eq(variables['agent.os'], 'Linux') }}: + ${{ if eq(variables['Agent.OS'], 'Linux') }}: enabled: false ${{ else }}: enabled: true @@ -95,7 +95,7 @@ extends: suppression: suppressionFile: $(Build.SourcesDirectory)/.gdn/.gdnsuppress tsa: - ${{ if eq(variables['agent.os'], 'Linux') }}: + ${{ if eq(variables['Agent.OS'], 'Linux') }}: enabled: false ${{ else }}: enabled: true From fa2de22ce36d85740f957815d27939ce335efe67 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 15:20:59 -0500 Subject: [PATCH 29/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index d207a6b2c88..aff4af2ccb3 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -72,7 +72,7 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: - ${{ if eq(variables['Agent.OS'], 'Linux') }}: + ${{ if eq(runner.os, 'Linux') }}: enabled: false ${{ else }}: enabled: true @@ -95,7 +95,7 @@ extends: suppression: suppressionFile: $(Build.SourcesDirectory)/.gdn/.gdnsuppress tsa: - ${{ if eq(variables['Agent.OS'], 'Linux') }}: + ${{ if eq(runner.os, 'Linux') }}: enabled: false ${{ else }}: enabled: true From f59c84a5fe27a6542ba06e62e89c53153e0a78bb Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 15:22:59 -0500 Subject: [PATCH 30/49] Revert "Update azure-pipelines.yaml" This reverts commit fa2de22ce36d85740f957815d27939ce335efe67. --- build-tools/automation/azure-pipelines.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index aff4af2ccb3..d207a6b2c88 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -72,7 +72,7 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: - ${{ if eq(runner.os, 'Linux') }}: + ${{ if eq(variables['Agent.OS'], 'Linux') }}: enabled: false ${{ else }}: enabled: true @@ -95,7 +95,7 @@ extends: suppression: suppressionFile: $(Build.SourcesDirectory)/.gdn/.gdnsuppress tsa: - ${{ if eq(runner.os, 'Linux') }}: + ${{ if eq(variables['Agent.OS'], 'Linux') }}: enabled: false ${{ else }}: enabled: true From 60dae2c0fd75fd40a4dd0de509da6f605f504442 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 15:27:38 -0500 Subject: [PATCH 31/49] Reapply "system.debug" This reverts commit 3888882f8b7ed14f83a19418f158bc6871f1ffb8. --- build-tools/automation/yaml-templates/variables.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/build-tools/automation/yaml-templates/variables.yaml b/build-tools/automation/yaml-templates/variables.yaml index a2822871012..e889bee7f58 100644 --- a/build-tools/automation/yaml-templates/variables.yaml +++ b/build-tools/automation/yaml-templates/variables.yaml @@ -1,6 +1,8 @@ variables: - name: RunningOnCI value: true +- name: system.debug + value: true - name: XA.Build.Configuration value: Release - name: NuGetArtifactName From 3b677eab3d20c9067cc76cc15dff47e7e2b702f0 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 15:55:29 -0500 Subject: [PATCH 32/49] Revert "Reapply "system.debug"" This reverts commit 60dae2c0fd75fd40a4dd0de509da6f605f504442. --- build-tools/automation/yaml-templates/variables.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/build-tools/automation/yaml-templates/variables.yaml b/build-tools/automation/yaml-templates/variables.yaml index e889bee7f58..a2822871012 100644 --- a/build-tools/automation/yaml-templates/variables.yaml +++ b/build-tools/automation/yaml-templates/variables.yaml @@ -1,8 +1,6 @@ variables: - name: RunningOnCI value: true -- name: system.debug - value: true - name: XA.Build.Configuration value: Release - name: NuGetArtifactName From ea0a4555f6104f1cb0ff6e0829e4102e960e8bc1 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 15:58:25 -0500 Subject: [PATCH 33/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index d207a6b2c88..f707fbecf59 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -61,7 +61,7 @@ extends: template: v1/1ES.Unofficial.PipelineTemplate.yml@1esPipelines parameters: sdl: - ${{ if eq('${{ parameters.Skip1ESComplianceTasks }}', 'true') }}: + ${{ if or(eq(variables['Agent.OS'], 'Linux'), eq('${{ parameters.Skip1ESComplianceTasks }}', 'true')) }}: enableAllTools: false binskim: enabled: true @@ -72,11 +72,8 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: - ${{ if eq(variables['Agent.OS'], 'Linux') }}: - enabled: false - ${{ else }}: - enabled: true - suppressionsFile: $(System.DefaultWorkingDirectory)/.gdn/CredScanSuppressions.json + enabled: true + suppressionsFile: $(System.DefaultWorkingDirectory)/.gdn/CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning @@ -95,11 +92,8 @@ extends: suppression: suppressionFile: $(Build.SourcesDirectory)/.gdn/.gdnsuppress tsa: - ${{ if eq(variables['Agent.OS'], 'Linux') }}: - enabled: false - ${{ else }}: - enabled: true - configFile: $(Build.SourcesDirectory)/.gdn/tsaoptions-v2.json + enabled: true + configFile: $(Build.SourcesDirectory)/.gdn/tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true stages: From fd4994daa066d13a43dd324ebcdc2d0fe1e31501 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 16:31:23 -0500 Subject: [PATCH 34/49] my life right now --- build-tools/automation/azure-pipelines.yaml | 6 +++--- build-tools/automation/yaml-templates/variables.yaml | 10 ++++++++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index f707fbecf59..86b7eaffd19 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -61,7 +61,7 @@ extends: template: v1/1ES.Unofficial.PipelineTemplate.yml@1esPipelines parameters: sdl: - ${{ if or(eq(variables['Agent.OS'], 'Linux'), eq('${{ parameters.Skip1ESComplianceTasks }}', 'true')) }}: + ${{ if eq('${{ parameters.Skip1ESComplianceTasks }}', 'true') }}: enableAllTools: false binskim: enabled: true @@ -72,8 +72,8 @@ extends: enabled: false justificationForDisabling: CodeQL runs against the nightly build credscan: - enabled: true - suppressionsFile: $(System.DefaultWorkingDirectory)/.gdn/CredScanSuppressions.json + enabled: $(CredScanEnabled) + suppressionsFile: $(CredScanSuppressionFile) policheck: enabled: false justification: Built in task does not support multi-language scanning diff --git a/build-tools/automation/yaml-templates/variables.yaml b/build-tools/automation/yaml-templates/variables.yaml index a2822871012..ff37f5d244b 100644 --- a/build-tools/automation/yaml-templates/variables.yaml +++ b/build-tools/automation/yaml-templates/variables.yaml @@ -72,3 +72,13 @@ variables: value: 'cat != SystemApplication & cat != TimeZoneInfo & cat != Localization' - name: RunMAUITestJob value: true +- name: CredScanEnabled + ${{ if eq(variables['Agent.OS'], 'Linux') }}: + value: false + ${{ else }}: + value: true +- name: CredScanSuppressionFile + ${{ if eq(variables['Agent.OS'], 'Linux') }}: + value: '' + ${{ else }}: + value: $(System.DefaultWorkingDirectory)/.gdn/CredScanSuppressions.json From ac08a215b13729cf24c50260c444062929f0e697 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 17:05:32 -0500 Subject: [PATCH 35/49] living the dream --- .../automation/yaml-templates/variables.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/build-tools/automation/yaml-templates/variables.yaml b/build-tools/automation/yaml-templates/variables.yaml index ff37f5d244b..c9985c79c0c 100644 --- a/build-tools/automation/yaml-templates/variables.yaml +++ b/build-tools/automation/yaml-templates/variables.yaml @@ -72,13 +72,13 @@ variables: value: 'cat != SystemApplication & cat != TimeZoneInfo & cat != Localization' - name: RunMAUITestJob value: true -- name: CredScanEnabled - ${{ if eq(variables['Agent.OS'], 'Linux') }}: +${{ if eq(variables['Agent.OS'], 'Linux') }}: + - name: CredScanEnabled value: false - ${{ else }}: + - name: ONEES_ENFORCED_CREDSCAN_ENABLED + value: false +${{ else }}: + - name: CredScanEnabled value: true -- name: CredScanSuppressionFile - ${{ if eq(variables['Agent.OS'], 'Linux') }}: - value: '' - ${{ else }}: + - name: CredScanSuppressionFile value: $(System.DefaultWorkingDirectory)/.gdn/CredScanSuppressions.json From fdcb531f9659881fceaaf11b24940213e9dfd667 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 25 Jun 2025 17:09:31 -0500 Subject: [PATCH 36/49] walking on a cloud --- build-tools/automation/azure-pipelines.yaml | 2 +- .../automation/yaml-templates/variables.yaml | 14 ++++---------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 86b7eaffd19..599f389db67 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -73,7 +73,7 @@ extends: justificationForDisabling: CodeQL runs against the nightly build credscan: enabled: $(CredScanEnabled) - suppressionsFile: $(CredScanSuppressionFile) + suppressionsFile: $(System.DefaultWorkingDirectory)/.gdn/CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning diff --git a/build-tools/automation/yaml-templates/variables.yaml b/build-tools/automation/yaml-templates/variables.yaml index c9985c79c0c..a246cba647f 100644 --- a/build-tools/automation/yaml-templates/variables.yaml +++ b/build-tools/automation/yaml-templates/variables.yaml @@ -72,13 +72,7 @@ variables: value: 'cat != SystemApplication & cat != TimeZoneInfo & cat != Localization' - name: RunMAUITestJob value: true -${{ if eq(variables['Agent.OS'], 'Linux') }}: - - name: CredScanEnabled - value: false - - name: ONEES_ENFORCED_CREDSCAN_ENABLED - value: false -${{ else }}: - - name: CredScanEnabled - value: true - - name: CredScanSuppressionFile - value: $(System.DefaultWorkingDirectory)/.gdn/CredScanSuppressions.json +- name: CredScanEnabled + value: $[ne(variables['Agent.OS'], 'Linux')] +- name: OneES.Enforced.CredScan.Enabled + value: $[ne(variables['Agent.OS'], 'Linux')] From bd99d721ff023a6072140e951679dc73d45d6f47 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Thu, 26 Jun 2025 14:34:02 -0500 Subject: [PATCH 37/49] trying something else --- build-tools/automation/azure-pipelines.yaml | 7 ++++--- build-tools/automation/yaml-templates/variables.yaml | 4 ---- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 599f389db67..bf16ab2cd2f 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -71,9 +71,10 @@ extends: compiled: enabled: false justificationForDisabling: CodeQL runs against the nightly build - credscan: - enabled: $(CredScanEnabled) - suppressionsFile: $(System.DefaultWorkingDirectory)/.gdn/CredScanSuppressions.json + ${{ if ne(variables['Agent.OS'], 'Linux') }}: + credscan: + enabled: true + suppressionsFile: $(System.DefaultWorkingDirectory)/.gdn/CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning diff --git a/build-tools/automation/yaml-templates/variables.yaml b/build-tools/automation/yaml-templates/variables.yaml index a246cba647f..a2822871012 100644 --- a/build-tools/automation/yaml-templates/variables.yaml +++ b/build-tools/automation/yaml-templates/variables.yaml @@ -72,7 +72,3 @@ variables: value: 'cat != SystemApplication & cat != TimeZoneInfo & cat != Localization' - name: RunMAUITestJob value: true -- name: CredScanEnabled - value: $[ne(variables['Agent.OS'], 'Linux')] -- name: OneES.Enforced.CredScan.Enabled - value: $[ne(variables['Agent.OS'], 'Linux')] From 7e5b7d8a19ce2ce22414c08f58e703f4629c1802 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Fri, 27 Jun 2025 08:25:48 -0500 Subject: [PATCH 38/49] Use multi-repo checkout everywhere --- build-tools/automation/azure-pipelines.yaml | 11 +++++------ .../automation/yaml-templates/build-windows.yaml | 4 ++++ .../yaml-templates/setup-test-environment.yaml | 4 ++++ 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index bf16ab2cd2f..65f4ac403d3 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -71,10 +71,9 @@ extends: compiled: enabled: false justificationForDisabling: CodeQL runs against the nightly build - ${{ if ne(variables['Agent.OS'], 'Linux') }}: - credscan: - enabled: true - suppressionsFile: $(System.DefaultWorkingDirectory)/.gdn/CredScanSuppressions.json + credscan: + enabled: true + suppressionsFile: $(System.DefaultWorkingDirectory)/android/.gdn/CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning @@ -91,10 +90,10 @@ extends: - repository: maui - repository: yaml-templates suppression: - suppressionFile: $(Build.SourcesDirectory)/.gdn/.gdnsuppress + suppressionFile: $(Build.SourcesDirectory)/android/.gdn/.gdnsuppress tsa: enabled: true - configFile: $(Build.SourcesDirectory)/.gdn/tsaoptions-v2.json + configFile: $(Build.SourcesDirectory)/android/.gdn/tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true stages: diff --git a/build-tools/automation/yaml-templates/build-windows.yaml b/build-tools/automation/yaml-templates/build-windows.yaml index 95db7e69485..a91eba621c9 100644 --- a/build-tools/automation/yaml-templates/build-windows.yaml +++ b/build-tools/automation/yaml-templates/build-windows.yaml @@ -39,6 +39,10 @@ stages: - template: /build-tools/automation/yaml-templates/clean.yaml + # Always checkout a second resource to ensure we are using multi-repo checkout behavior + # https://learn.microsoft.com/en-us/azure/devops/pipelines/repos/multi-repo-checkout?view=azure-devops#checkout-path + - checkout: maui + - template: /build-tools/automation/yaml-templates/setup-jdk-variables.yaml parameters: useAgentJdkPath: false diff --git a/build-tools/automation/yaml-templates/setup-test-environment.yaml b/build-tools/automation/yaml-templates/setup-test-environment.yaml index 19a98a86fad..f1834b6f7ce 100644 --- a/build-tools/automation/yaml-templates/setup-test-environment.yaml +++ b/build-tools/automation/yaml-templates/setup-test-environment.yaml @@ -22,6 +22,10 @@ steps: clean: true submodules: recursive +# Always checkout a second resource to ensure we are using multi-repo checkout behavior +# https://learn.microsoft.com/en-us/azure/devops/pipelines/repos/multi-repo-checkout?view=azure-devops#checkout-path +- checkout: maui + - template: /build-tools/automation/yaml-templates/setup-jdk-variables.yaml parameters: jdkMajorVersion: ${{ parameters.jdkMajorVersion }} From a60fd71c122ed66f46e55c457b924ef037bb6b9e Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Fri, 27 Jun 2025 11:06:23 -0500 Subject: [PATCH 39/49] Clone `android-tools` instead of `maui` its smaller --- build-tools/automation/azure-pipelines.yaml | 5 +++++ build-tools/automation/yaml-templates/build-linux.yaml | 2 +- build-tools/automation/yaml-templates/build-windows.yaml | 2 +- build-tools/automation/yaml-templates/commercial-build.yaml | 2 +- .../automation/yaml-templates/setup-test-environment.yaml | 2 +- 5 files changed, 9 insertions(+), 4 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 65f4ac403d3..c68871ecac9 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -28,6 +28,10 @@ resources: name: dotnet/maui ref: refs/heads/net10.0 endpoint: xamarin + - repository: android-tools + type: github + name: dotnet/android-tools + endpoint: xamarin parameters: - name: pushXAPackagesToMaestro @@ -87,6 +91,7 @@ extends: sourceRepositoriesToScan: exclude: - repository: android-platform-support + - repository: android-tools - repository: maui - repository: yaml-templates suppression: diff --git a/build-tools/automation/yaml-templates/build-linux.yaml b/build-tools/automation/yaml-templates/build-linux.yaml index 08999e2f033..fa97557717f 100644 --- a/build-tools/automation/yaml-templates/build-linux.yaml +++ b/build-tools/automation/yaml-templates/build-linux.yaml @@ -55,7 +55,7 @@ stages: # Always checkout a second resource to ensure we are using multi-repo checkout behavior # https://learn.microsoft.com/en-us/azure/devops/pipelines/repos/multi-repo-checkout?view=azure-devops#checkout-path - - checkout: maui + - checkout: android-tools - template: /build-tools/automation/yaml-templates/setup-jdk-variables.yaml parameters: diff --git a/build-tools/automation/yaml-templates/build-windows.yaml b/build-tools/automation/yaml-templates/build-windows.yaml index a91eba621c9..5911cd3909c 100644 --- a/build-tools/automation/yaml-templates/build-windows.yaml +++ b/build-tools/automation/yaml-templates/build-windows.yaml @@ -41,7 +41,7 @@ stages: # Always checkout a second resource to ensure we are using multi-repo checkout behavior # https://learn.microsoft.com/en-us/azure/devops/pipelines/repos/multi-repo-checkout?view=azure-devops#checkout-path - - checkout: maui + - checkout: android-tools - template: /build-tools/automation/yaml-templates/setup-jdk-variables.yaml parameters: diff --git a/build-tools/automation/yaml-templates/commercial-build.yaml b/build-tools/automation/yaml-templates/commercial-build.yaml index 7fb29cad5d7..b5bf643b22b 100644 --- a/build-tools/automation/yaml-templates/commercial-build.yaml +++ b/build-tools/automation/yaml-templates/commercial-build.yaml @@ -24,7 +24,7 @@ steps: # Always checkout a second resource to ensure we are using multi-repo checkout behavior # https://learn.microsoft.com/en-us/azure/devops/pipelines/repos/multi-repo-checkout?view=azure-devops#checkout-path -- checkout: maui +- checkout: android-tools - ${{ if ne(variables['System.PullRequest.IsFork'], 'True') }}: - checkout: android-platform-support diff --git a/build-tools/automation/yaml-templates/setup-test-environment.yaml b/build-tools/automation/yaml-templates/setup-test-environment.yaml index f1834b6f7ce..b7bdce8cd7e 100644 --- a/build-tools/automation/yaml-templates/setup-test-environment.yaml +++ b/build-tools/automation/yaml-templates/setup-test-environment.yaml @@ -24,7 +24,7 @@ steps: # Always checkout a second resource to ensure we are using multi-repo checkout behavior # https://learn.microsoft.com/en-us/azure/devops/pipelines/repos/multi-repo-checkout?view=azure-devops#checkout-path -- checkout: maui +- checkout: android-tools - template: /build-tools/automation/yaml-templates/setup-jdk-variables.yaml parameters: From cb28d63c0fa43052a1a6d85b00000df973b745e3 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Fri, 27 Jun 2025 11:21:51 -0500 Subject: [PATCH 40/49] `/android` for multi-repo checkout --- .../yaml-templates/apk-instrumentation.yaml | 2 +- .../yaml-templates/build-windows.yaml | 18 +++++++++--------- .../yaml-templates/run-dotnet-preview.yaml | 2 +- .../yaml-templates/run-msbuild-tests.yaml | 2 +- .../yaml-templates/run-sliced-nunit-tests.yaml | 2 +- .../yaml-templates/run-xaprepare.yaml | 2 +- .../yaml-templates/setup-test-environment.yaml | 2 +- .../stage-msbuild-emulator-tests.yaml | 2 +- .../yaml-templates/stage-msbuild-tests.yaml | 2 +- .../yaml-templates/start-stop-emulator.yaml | 10 +++++----- .../yaml-templates/upload-results.yaml | 2 +- 11 files changed, 23 insertions(+), 23 deletions(-) diff --git a/build-tools/automation/yaml-templates/apk-instrumentation.yaml b/build-tools/automation/yaml-templates/apk-instrumentation.yaml index 81468c6c681..a497cd0bc72 100644 --- a/build-tools/automation/yaml-templates/apk-instrumentation.yaml +++ b/build-tools/automation/yaml-templates/apk-instrumentation.yaml @@ -1,7 +1,7 @@ parameters: buildConfiguration: $(XA.Build.Configuration) configuration: $(XA.Build.Configuration) - xaSourcePath: $(System.DefaultWorkingDirectory) + xaSourcePath: $(System.DefaultWorkingDirectory)/android testName: "" project: "" testResultsFiles: "" diff --git a/build-tools/automation/yaml-templates/build-windows.yaml b/build-tools/automation/yaml-templates/build-windows.yaml index 5911cd3909c..6677fd2f740 100644 --- a/build-tools/automation/yaml-templates/build-windows.yaml +++ b/build-tools/automation/yaml-templates/build-windows.yaml @@ -55,25 +55,25 @@ stages: - task: DotNetCoreCLI@2 displayName: Prepare Solution inputs: - projects: Xamarin.Android.sln - arguments: '-c $(XA.Build.Configuration) -t:Prepare --no-restore -p:AutoProvision=true -bl:$(System.DefaultWorkingDirectory)\bin\Build$(XA.Build.Configuration)\dotnet-build-prepare.binlog' + projects: android/Xamarin.Android.sln + arguments: '-c $(XA.Build.Configuration) -t:Prepare --no-restore -p:AutoProvision=true -bl:$(System.DefaultWorkingDirectory)\android\bin\Build$(XA.Build.Configuration)\dotnet-build-prepare.binlog' # Build Xamarin.Android and configure local workloads to test improved local build loop - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml parameters: - project: Xamarin.Android.sln + project: android/Xamarin.Android.sln arguments: >- -t:BuildDotNet -c $(XA.Build.Configuration) -v:n - -bl:$(System.DefaultWorkingDirectory)\bin\Build$(XA.Build.Configuration)\dotnet-build.binlog + -bl:$(System.DefaultWorkingDirectory)\android\bin\Build$(XA.Build.Configuration)\dotnet-build.binlog displayName: Build Solution continueOnError: false - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml parameters: - project: build-tools/create-packs/Microsoft.Android.Sdk.proj + project: android/build-tools/create-packs/Microsoft.Android.Sdk.proj arguments: >- -t:ConfigureLocalWorkload -c $(XA.Build.Configuration) -v:n -p:RunningOnCI=false - -bl:$(System.DefaultWorkingDirectory)\bin\Build$(XA.Build.Configuration)\local-workload.binlog + -bl:$(System.DefaultWorkingDirectory)\android\bin\Build$(XA.Build.Configuration)\local-workload.binlog displayName: Run ConfigureLocalWorkload target continueOnError: false @@ -85,7 +85,7 @@ stages: - template: /build-tools/automation/yaml-templates/run-nunit-tests.yaml parameters: testRunTitle: Smoke MSBuild Tests - Windows Dotnet Build - testAssembly: $(System.DefaultWorkingDirectory)\bin\Test$(XA.Build.Configuration)\$(DotNetStableTargetFramework)\Xamarin.Android.Build.Tests.dll + testAssembly: $(System.DefaultWorkingDirectory)\android\bin\Test$(XA.Build.Configuration)\$(DotNetStableTargetFramework)\Xamarin.Android.Build.Tests.dll dotNetTestExtraArgs: --filter "TestCategory = SmokeTests" - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml@self @@ -111,10 +111,10 @@ stages: # Pack .nupkgs and extract workload packs to dotnet preview test directory - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml parameters: - project: Xamarin.Android.sln + project: android/Xamarin.Android.sln arguments: >- -t:PackDotNet -c $(XA.Build.Configuration) -v:n - -bl:$(System.DefaultWorkingDirectory)\bin\Build$(XA.Build.Configuration)\dotnet-pack.binlog + -bl:$(System.DefaultWorkingDirectory)\android\bin\Build$(XA.Build.Configuration)\dotnet-pack.binlog displayName: Test PackDotNet - template: /build-tools/automation/yaml-templates/upload-results.yaml diff --git a/build-tools/automation/yaml-templates/run-dotnet-preview.yaml b/build-tools/automation/yaml-templates/run-dotnet-preview.yaml index 9253ca1dfa9..2b1bce3975b 100644 --- a/build-tools/automation/yaml-templates/run-dotnet-preview.yaml +++ b/build-tools/automation/yaml-templates/run-dotnet-preview.yaml @@ -1,6 +1,6 @@ parameters: configuration: $(XA.Build.Configuration) - xaSourcePath: $(System.DefaultWorkingDirectory) + xaSourcePath: $(System.DefaultWorkingDirectory)/android command: build project: '' arguments: '' diff --git a/build-tools/automation/yaml-templates/run-msbuild-tests.yaml b/build-tools/automation/yaml-templates/run-msbuild-tests.yaml index 7853353e798..4fa4ac71e3f 100644 --- a/build-tools/automation/yaml-templates/run-msbuild-tests.yaml +++ b/build-tools/automation/yaml-templates/run-msbuild-tests.yaml @@ -4,7 +4,7 @@ parameters: jobDisplayName: '' # Display name of the job agentCount: 1 # Number of build agents to run in parallel testFilter: '' # Filter used to select tests (NUnit test selection language, not dotnet test filter language) - xaSourcePath: $(System.DefaultWorkingDirectory) + xaSourcePath: $(System.DefaultWorkingDirectory)/android repositoryAlias: 'self' commit: '' shouldFailOnIssue: true diff --git a/build-tools/automation/yaml-templates/run-sliced-nunit-tests.yaml b/build-tools/automation/yaml-templates/run-sliced-nunit-tests.yaml index 7451c87fba0..eb88101ec8b 100644 --- a/build-tools/automation/yaml-templates/run-sliced-nunit-tests.yaml +++ b/build-tools/automation/yaml-templates/run-sliced-nunit-tests.yaml @@ -2,7 +2,7 @@ parameters: testAssembly: '' # NUnit test assembly to run testFilter: '' # Filter used to select tests (NUnit test selection language, not dotnet test filter language) testRunTitle: '' # Title of the test run - xaSourcePath: $(System.DefaultWorkingDirectory) + xaSourcePath: $(System.DefaultWorkingDirectory)/android retryFailedTests: true # Retry failed tests once steps: diff --git a/build-tools/automation/yaml-templates/run-xaprepare.yaml b/build-tools/automation/yaml-templates/run-xaprepare.yaml index 209aab8219d..83c66d84024 100644 --- a/build-tools/automation/yaml-templates/run-xaprepare.yaml +++ b/build-tools/automation/yaml-templates/run-xaprepare.yaml @@ -2,7 +2,7 @@ parameters: displayName: run xaprepare name: configuration: $(XA.Build.Configuration) - xaSourcePath: $(System.DefaultWorkingDirectory) + xaSourcePath: $(System.DefaultWorkingDirectory)/android condition: succeeded() arguments: diff --git a/build-tools/automation/yaml-templates/setup-test-environment.yaml b/build-tools/automation/yaml-templates/setup-test-environment.yaml index b7bdce8cd7e..4965ed7a4a2 100644 --- a/build-tools/automation/yaml-templates/setup-test-environment.yaml +++ b/build-tools/automation/yaml-templates/setup-test-environment.yaml @@ -1,6 +1,6 @@ parameters: configuration: $(XA.Build.Configuration) - xaSourcePath: $(System.DefaultWorkingDirectory) + xaSourcePath: $(System.DefaultWorkingDirectory)/android jdkMajorVersion: $(DefaultJavaSdkMajorVersion) useAgentJdkPath: true remove_dotnet: false diff --git a/build-tools/automation/yaml-templates/stage-msbuild-emulator-tests.yaml b/build-tools/automation/yaml-templates/stage-msbuild-emulator-tests.yaml index 957e3f239fb..dd1a26342b2 100644 --- a/build-tools/automation/yaml-templates/stage-msbuild-emulator-tests.yaml +++ b/build-tools/automation/yaml-templates/stage-msbuild-emulator-tests.yaml @@ -7,7 +7,7 @@ parameters: agent_count: 12 stageCondition: succeeded() stagePrefix: '' - xaSourcePath: $(System.DefaultWorkingDirectory) + xaSourcePath: $(System.DefaultWorkingDirectory)/android repositoryAlias: 'self' commit: '' usesCleanImages: true diff --git a/build-tools/automation/yaml-templates/stage-msbuild-tests.yaml b/build-tools/automation/yaml-templates/stage-msbuild-tests.yaml index 54fb9005e16..cc68998cff7 100644 --- a/build-tools/automation/yaml-templates/stage-msbuild-tests.yaml +++ b/build-tools/automation/yaml-templates/stage-msbuild-tests.yaml @@ -5,7 +5,7 @@ parameters: stageCondition: succeeded() dependsOn: mac_build stagePrefix: '' - xaSourcePath: $(System.DefaultWorkingDirectory) + xaSourcePath: $(System.DefaultWorkingDirectory)/android repositoryAlias: 'self' commit: '' shouldFailOnIssue: true diff --git a/build-tools/automation/yaml-templates/start-stop-emulator.yaml b/build-tools/automation/yaml-templates/start-stop-emulator.yaml index 5d8f229f4e5..f7939ae39fc 100644 --- a/build-tools/automation/yaml-templates/start-stop-emulator.yaml +++ b/build-tools/automation/yaml-templates/start-stop-emulator.yaml @@ -9,7 +9,7 @@ parameters: launchTimeoutMin: 20 # Minutes to wait for the emulator to start taskTimeoutInMinutes: 30 # Minutes to wait for the task to finish startContinueOnError: false # If 'true', do not mark the step as failed if starting the emulator fails - xaSourcePath: $(System.DefaultWorkingDirectory) # working directory + xaSourcePath: $(System.DefaultWorkingDirectory)/android # working directory steps: - ${{ if eq(parameters.command, 'start') }}: @@ -29,13 +29,13 @@ steps: -p:TestAvdType=${{ parameters.avdType }} ${{ parameters.emulatorMSBuildArgs }} -p:AvdLaunchTimeoutMinutes=${{ parameters.launchTimeoutMin }} - -bl:$(System.DefaultWorkingDirectory)/bin/Test$(XA.Build.Configuration)/install-emulator-${{ parameters.avdApiLevel }}.binlog + -bl:${{ parameters.xaSourcePath }}/bin/Test$(XA.Build.Configuration)/install-emulator-${{ parameters.avdApiLevel }}.binlog ${{ else }}: arguments: >- -c $(XA.Build.Configuration) -t:AcquireAndroidTarget ${{ parameters.emulatorMSBuildArgs }} -p:AvdLaunchTimeoutMinutes=${{ parameters.launchTimeoutMin }} - -bl:$(System.DefaultWorkingDirectory)/bin/Test$(XA.Build.Configuration)/start-emulator.binlog + -bl:${{ parameters.xaSourcePath }}/bin/Test$(XA.Build.Configuration)/start-emulator.binlog - ${{ if eq(parameters.command, 'stop') }}: - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml @@ -54,9 +54,9 @@ steps: -p:TestAvdAbi=${{ parameters.avdAbi }} -p:TestAvdType=${{ parameters.avdType }} -p:AvdLaunchTimeoutMinutes=${{ parameters.launchTimeoutMin }} - -bl:$(System.DefaultWorkingDirectory)/bin/Test$(XA.Build.Configuration)/shutdown-emulator.binlog + -bl:${{ parameters.xaSourcePath }}/bin/Test$(XA.Build.Configuration)/shutdown-emulator.binlog ${{ else }}: arguments: >- -c $(XA.Build.Configuration) -t:"AcquireAndroidTarget,ReleaseAndroidTarget" -p:AvdLaunchTimeoutMinutes=${{ parameters.launchTimeoutMin }} - -bl:$(System.DefaultWorkingDirectory)/bin/Test$(XA.Build.Configuration)/shutdown-emulator.binlog + -bl:${{ parameters.xaSourcePath }}/bin/Test$(XA.Build.Configuration)/shutdown-emulator.binlog diff --git a/build-tools/automation/yaml-templates/upload-results.yaml b/build-tools/automation/yaml-templates/upload-results.yaml index 24ebe8007d6..4c158d4818d 100644 --- a/build-tools/automation/yaml-templates/upload-results.yaml +++ b/build-tools/automation/yaml-templates/upload-results.yaml @@ -1,5 +1,5 @@ parameters: - xaSourcePath: $(System.DefaultWorkingDirectory) + xaSourcePath: $(System.DefaultWorkingDirectory)/android configuration: $(XA.Build.Configuration) artifactName: results includeBuildResults: false From ada173df81bf5e23e2c9e2f287043d94de998171 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Fri, 27 Jun 2025 13:32:40 -0500 Subject: [PATCH 41/49] Fix more paths for `/android` --- .../stage-msbuild-emulator-tests.yaml | 4 ++-- .../yaml-templates/stage-package-tests.yaml | 18 +++++++++--------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/build-tools/automation/yaml-templates/stage-msbuild-emulator-tests.yaml b/build-tools/automation/yaml-templates/stage-msbuild-emulator-tests.yaml index dd1a26342b2..cb1f8a2340b 100644 --- a/build-tools/automation/yaml-templates/stage-msbuild-emulator-tests.yaml +++ b/build-tools/automation/yaml-templates/stage-msbuild-emulator-tests.yaml @@ -52,7 +52,7 @@ stages: # Currently needed for samples/NativeAOT - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml@self parameters: - project: Xamarin.Android.sln + project: ${{ parameters.xaSourcePath }}/Xamarin.Android.sln arguments: -t:PrepareJavaInterop -c $(XA.Build.Configuration) --no-restore displayName: prepare java.interop $(XA.Build.Configuration) continueOnError: false @@ -186,7 +186,7 @@ stages: - template: /build-tools/automation/yaml-templates/run-sliced-nunit-tests.yaml parameters: - testAssembly: $(System.DefaultWorkingDirectory)\bin\Test$(XA.Build.Configuration)\MSBuildDeviceIntegration\$(DotNetStableTargetFramework)\MSBuildDeviceIntegration.dll + testAssembly: ${{ parameters.xaSourcePath }}\bin\Test$(XA.Build.Configuration)\MSBuildDeviceIntegration\$(DotNetStableTargetFramework)\MSBuildDeviceIntegration.dll testFilter: name == DebuggingTest testRunTitle: DebuggingTest tests on Windows diff --git a/build-tools/automation/yaml-templates/stage-package-tests.yaml b/build-tools/automation/yaml-templates/stage-package-tests.yaml index 5c6fcfeb141..d41bbce823f 100644 --- a/build-tools/automation/yaml-templates/stage-package-tests.yaml +++ b/build-tools/automation/yaml-templates/stage-package-tests.yaml @@ -26,21 +26,21 @@ stages: - task: DownloadPipelineArtifact@2 inputs: artifactName: $(TestAssembliesArtifactName) - downloadPath: $(System.DefaultWorkingDirectory)/bin/Test$(XA.Build.Configuration) + downloadPath: $(System.DefaultWorkingDirectory)/android/bin/Test$(XA.Build.Configuration) # Set up dependencies to run tests in both debug and release configurations - task: DotNetCoreCLI@2 displayName: build Xamarin.Android.Tools.BootstrapTasks.csproj inputs: - projects: $(System.DefaultWorkingDirectory)/build-tools/Xamarin.Android.Tools.BootstrapTasks/Xamarin.Android.Tools.BootstrapTasks.csproj - arguments: -c Debug -bl:$(System.DefaultWorkingDirectory)/bin/TestDebug/BootstrapTasks.binlog + projects: $(System.DefaultWorkingDirectory)/android/build-tools/Xamarin.Android.Tools.BootstrapTasks/Xamarin.Android.Tools.BootstrapTasks.csproj + arguments: -c Debug -bl:$(System.DefaultWorkingDirectory)/android/bin/TestDebug/BootstrapTasks.binlog - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml parameters: project: Xamarin.Android.sln arguments: >- -t:PrepareJavaInterop -c Debug --no-restore - -p:DotNetPreviewTool=$(System.DefaultWorkingDirectory)/bin/$(XA.Build.Configuration)/dotnet/dotnet + -p:DotNetPreviewTool=$(System.DefaultWorkingDirectory)/android/bin/$(XA.Build.Configuration)/dotnet/dotnet displayName: prepare java.interop Debug continueOnError: false @@ -133,21 +133,21 @@ stages: - task: DownloadPipelineArtifact@2 inputs: artifactName: $(TestAssembliesArtifactName) - downloadPath: $(System.DefaultWorkingDirectory)/bin/Test$(XA.Build.Configuration) + downloadPath: $(System.DefaultWorkingDirectory)/android/bin/Test$(XA.Build.Configuration) # Set up dependencies to run tests in both debug and release configurations - task: DotNetCoreCLI@2 displayName: build Xamarin.Android.Tools.BootstrapTasks.csproj inputs: - projects: $(System.DefaultWorkingDirectory)/build-tools/Xamarin.Android.Tools.BootstrapTasks/Xamarin.Android.Tools.BootstrapTasks.csproj - arguments: -c Debug -bl:$(System.DefaultWorkingDirectory)/bin/TestDebug/BootstrapTasks.binlog + projects: $(System.DefaultWorkingDirectory)/android/build-tools/Xamarin.Android.Tools.BootstrapTasks/Xamarin.Android.Tools.BootstrapTasks.csproj + arguments: -c Debug -bl:$(System.DefaultWorkingDirectory)/android/bin/TestDebug/BootstrapTasks.binlog - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml parameters: project: Xamarin.Android.sln arguments: >- -t:PrepareJavaInterop -c Debug --no-restore - -p:DotNetPreviewTool=$(System.DefaultWorkingDirectory)/bin/$(XA.Build.Configuration)/dotnet/dotnet + -p:DotNetPreviewTool=$(System.DefaultWorkingDirectory)/android/bin/$(XA.Build.Configuration)/dotnet/dotnet displayName: prepare java.interop Debug continueOnError: false @@ -230,7 +230,7 @@ stages: - template: /build-tools/automation/yaml-templates/run-nunit-tests.yaml parameters: testRunTitle: Xamarin.Android.Tools.Aidl-Tests - macOS - testAssembly: $(System.DefaultWorkingDirectory)/bin/Test$(XA.Build.Configuration)/$(DotNetStableTargetFramework)/Xamarin.Android.Tools.Aidl-Tests.dll + testAssembly: $(System.DefaultWorkingDirectory)/android/bin/Test$(XA.Build.Configuration)/$(DotNetStableTargetFramework)/Xamarin.Android.Tools.Aidl-Tests.dll - task: ShellScript@2 displayName: Test dotnet-local.sh From cb01d2be1612b60d4a40b2c81b9f3b20e3531ae6 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Fri, 27 Jun 2025 16:07:05 -0500 Subject: [PATCH 42/49] More `android/` --- .../automation/yaml-templates/stage-package-tests.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build-tools/automation/yaml-templates/stage-package-tests.yaml b/build-tools/automation/yaml-templates/stage-package-tests.yaml index d41bbce823f..59d6aef8b3b 100644 --- a/build-tools/automation/yaml-templates/stage-package-tests.yaml +++ b/build-tools/automation/yaml-templates/stage-package-tests.yaml @@ -37,7 +37,7 @@ stages: - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml parameters: - project: Xamarin.Android.sln + project: android/Xamarin.Android.sln arguments: >- -t:PrepareJavaInterop -c Debug --no-restore -p:DotNetPreviewTool=$(System.DefaultWorkingDirectory)/android/bin/$(XA.Build.Configuration)/dotnet/dotnet @@ -54,7 +54,7 @@ stages: - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml parameters: command: test - project: src/Microsoft.Android.Sdk.Analysis/Tests/Microsoft.Android.Sdk.Analysis.Tests.csproj + project: android/src/Microsoft.Android.Sdk.Analysis/Tests/Microsoft.Android.Sdk.Analysis.Tests.csproj arguments: -c $(XA.Build.Configuration) displayName: Test Microsoft.Android.Sdk.Analysis $(XA.Build.Configuration) continueOnError: false @@ -153,7 +153,7 @@ stages: - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml parameters: - project: Xamarin.Android.sln + project: android/Xamarin.Android.sln arguments: -t:PrepareJavaInterop -c $(XA.Build.Configuration) --no-restore displayName: prepare java.interop $(XA.Build.Configuration) continueOnError: false @@ -161,7 +161,7 @@ stages: - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml parameters: command: test - project: src/Microsoft.Android.Sdk.Analysis/Tests/Microsoft.Android.Sdk.Analysis.Tests.csproj + project: android/src/Microsoft.Android.Sdk.Analysis/Tests/Microsoft.Android.Sdk.Analysis.Tests.csproj arguments: -c $(XA.Build.Configuration) displayName: Test Microsoft.Android.Sdk.Analysis $(XA.Build.Configuration) continueOnError: false From e76b310e9680a815982794ca7728a48935b8efc8 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Fri, 8 Aug 2025 11:21:07 -0500 Subject: [PATCH 43/49] project: android/Xamarin.Android.sln --- build-tools/automation/azure-pipelines-nightly.yaml | 2 +- .../automation/yaml-templates/stage-package-tests.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build-tools/automation/azure-pipelines-nightly.yaml b/build-tools/automation/azure-pipelines-nightly.yaml index 9b809bab272..5ac9e262974 100644 --- a/build-tools/automation/azure-pipelines-nightly.yaml +++ b/build-tools/automation/azure-pipelines-nightly.yaml @@ -126,7 +126,7 @@ stages: - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml parameters: - project: Xamarin.Android.sln + project: android/Xamarin.Android.sln arguments: -t:PrepareJavaInterop -c $(XA.Build.Configuration) -m:1 -v:n displayName: prepare java.interop $(XA.Build.Configuration) continueOnError: false diff --git a/build-tools/automation/yaml-templates/stage-package-tests.yaml b/build-tools/automation/yaml-templates/stage-package-tests.yaml index 299301341ce..a4efea1f7f5 100644 --- a/build-tools/automation/yaml-templates/stage-package-tests.yaml +++ b/build-tools/automation/yaml-templates/stage-package-tests.yaml @@ -37,14 +37,14 @@ stages: - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml parameters: - project: Xamarin.Android.sln + project: android/Xamarin.Android.sln arguments: -t:PrepareJavaInterop -c Debug --no-restore displayName: prepare java.interop Debug continueOnError: false - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml parameters: - project: Xamarin.Android.sln + project: android/Xamarin.Android.sln arguments: -t:PrepareJavaInterop -c $(XA.Build.Configuration) --no-restore displayName: prepare java.interop $(XA.Build.Configuration) continueOnError: false @@ -142,7 +142,7 @@ stages: - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml parameters: - project: Xamarin.Android.sln + project: android/Xamarin.Android.sln arguments: -t:PrepareJavaInterop -c Debug --no-restore displayName: prepare java.interop Debug continueOnError: false From be67a212553442744df7814529edc6ba7826b3c9 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Fri, 8 Aug 2025 11:24:12 -0500 Subject: [PATCH 44/49] Update build-windows.yaml --- build-tools/automation/yaml-templates/build-windows.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-tools/automation/yaml-templates/build-windows.yaml b/build-tools/automation/yaml-templates/build-windows.yaml index 6677fd2f740..52b89ce5a11 100644 --- a/build-tools/automation/yaml-templates/build-windows.yaml +++ b/build-tools/automation/yaml-templates/build-windows.yaml @@ -91,7 +91,7 @@ stages: - template: /build-tools/automation/yaml-templates/run-dotnet-preview.yaml@self parameters: command: test - project: src/Microsoft.Android.Sdk.Analysis/Tests/Microsoft.Android.Sdk.Analysis.Tests.csproj + project: android/src/Microsoft.Android.Sdk.Analysis/Tests/Microsoft.Android.Sdk.Analysis.Tests.csproj arguments: -c $(XA.Build.Configuration) displayName: Test Microsoft.Android.Sdk.Analysis $(XA.Build.Configuration) continueOnError: false From 1df12cad88c8bea1de07a7dbc577d8cc19790db3 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Fri, 8 Aug 2025 11:24:53 -0500 Subject: [PATCH 45/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index c68871ecac9..22d96f7b261 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -77,7 +77,7 @@ extends: justificationForDisabling: CodeQL runs against the nightly build credscan: enabled: true - suppressionsFile: $(System.DefaultWorkingDirectory)/android/.gdn/CredScanSuppressions.json + suppressionsFile: .gdn/CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning From 8eb0e68af160b41a500c09b8cab1db9f6fa189e5 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 13 Aug 2025 12:38:08 -0500 Subject: [PATCH 46/49] Revert "Update azure-pipelines.yaml" This reverts commit 1df12cad88c8bea1de07a7dbc577d8cc19790db3. --- build-tools/automation/azure-pipelines.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 22d96f7b261..c68871ecac9 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -77,7 +77,7 @@ extends: justificationForDisabling: CodeQL runs against the nightly build credscan: enabled: true - suppressionsFile: .gdn/CredScanSuppressions.json + suppressionsFile: $(System.DefaultWorkingDirectory)/android/.gdn/CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning From 360bec5e01dbb9f4c675b869eacccb5f0016515d Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 13 Aug 2025 12:38:24 -0500 Subject: [PATCH 47/49] Update build-windows.yaml --- build-tools/automation/yaml-templates/build-windows.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build-tools/automation/yaml-templates/build-windows.yaml b/build-tools/automation/yaml-templates/build-windows.yaml index 52b89ce5a11..6d219697952 100644 --- a/build-tools/automation/yaml-templates/build-windows.yaml +++ b/build-tools/automation/yaml-templates/build-windows.yaml @@ -99,13 +99,13 @@ stages: - task: BatchScript@1 displayName: Test dotnet-local.cmd - create template inputs: - filename: dotnet-local.cmd + filename: android/dotnet-local.cmd arguments: new android -o $(Build.StagingDirectory)/LocalWorkloadTest - task: BatchScript@1 displayName: Test dotnet-local.cmd - build template inputs: - filename: dotnet-local.cmd + filename: android/dotnet-local.cmd arguments: build -v:n $(Build.StagingDirectory)/LocalWorkloadTest # Pack .nupkgs and extract workload packs to dotnet preview test directory From 4345020eb949170f56eda90485a8450b5eaab901 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 13 Aug 2025 12:45:29 -0500 Subject: [PATCH 48/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index c68871ecac9..8ff53d3bf06 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -77,7 +77,10 @@ extends: justificationForDisabling: CodeQL runs against the nightly build credscan: enabled: true - suppressionsFile: $(System.DefaultWorkingDirectory)/android/.gdn/CredScanSuppressions.json + ${{ if startsWith(variables['System.JobName'], 'SDL Sources Analysis') }}: + suppressionsFile: .gdn/CredScanSuppressions.json + ${{ else }}: + suppressionsFile: $(System.SourcesDirectory)/android/.gdn/CredScanSuppressions.json policheck: enabled: false justification: Built in task does not support multi-language scanning @@ -95,10 +98,16 @@ extends: - repository: maui - repository: yaml-templates suppression: - suppressionFile: $(Build.SourcesDirectory)/android/.gdn/.gdnsuppress + ${{ if startsWith(variables['System.JobName'], 'SDL Sources Analysis') }}: + suppressionFile: .gdn/.gdnsuppress + ${{ else }}: + suppressionFile: $(Build.SourcesDirectory)/android/.gdn/.gdnsuppress tsa: enabled: true - configFile: $(Build.SourcesDirectory)/android/.gdn/tsaoptions-v2.json + ${{ if startsWith(variables['System.JobName'], 'SDL Sources Analysis') }}: + configFile: .gdn/tsaoptions-v2.json + ${{ else }}: + configFile: $(Build.SourcesDirectory)/android/.gdn/tsaoptions-v2.json settings: skipBuildTagsForGitHubPullRequests: true stages: From 3a544324063f7accc7b116d2e69f133e2d9a1f32 Mon Sep 17 00:00:00 2001 From: Jonathan Peppers Date: Wed, 13 Aug 2025 13:32:13 -0500 Subject: [PATCH 49/49] Update azure-pipelines.yaml --- build-tools/automation/azure-pipelines.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 8ff53d3bf06..b6734940cbd 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -77,7 +77,7 @@ extends: justificationForDisabling: CodeQL runs against the nightly build credscan: enabled: true - ${{ if startsWith(variables['System.JobName'], 'SDL Sources Analysis') }}: + ${{ if startsWith(variables['System.JobName'], 'SDLSources') }}: suppressionsFile: .gdn/CredScanSuppressions.json ${{ else }}: suppressionsFile: $(System.SourcesDirectory)/android/.gdn/CredScanSuppressions.json @@ -98,13 +98,13 @@ extends: - repository: maui - repository: yaml-templates suppression: - ${{ if startsWith(variables['System.JobName'], 'SDL Sources Analysis') }}: + ${{ if startsWith(variables['System.JobName'], 'SDLSources') }}: suppressionFile: .gdn/.gdnsuppress ${{ else }}: suppressionFile: $(Build.SourcesDirectory)/android/.gdn/.gdnsuppress tsa: enabled: true - ${{ if startsWith(variables['System.JobName'], 'SDL Sources Analysis') }}: + ${{ if startsWith(variables['System.JobName'], 'SDLSources') }}: configFile: .gdn/tsaoptions-v2.json ${{ else }}: configFile: $(Build.SourcesDirectory)/android/.gdn/tsaoptions-v2.json