From 0d8cac25bb840686637e3498bac8f8a8c5d1db91 Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Thu, 5 Jun 2025 14:50:48 -0600 Subject: [PATCH 01/18] Update becheran/mlc action to v0.22.0 --- .github/workflows/docs_validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docs_validate.yml b/.github/workflows/docs_validate.yml index 2425d742..80476a0d 100644 --- a/.github/workflows/docs_validate.yml +++ b/.github/workflows/docs_validate.yml @@ -17,7 +17,7 @@ jobs: with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. - name: 🔗 Markup Link Checker (mlc) - uses: becheran/mlc@v0.21.0 + uses: becheran/mlc@88c9db09b8dabab813a2edd13f955b36aa73657a # v0.22.0 with: args: --do-not-warn-for-redirect-to https://learn.microsoft.com*,https://dotnet.microsoft.com/*,https://dev.azure.com/*,https://app.codecov.io/* -p docfx -i https://aka.ms/onboardsupport,https://aka.ms/spot,https://msrc.microsoft.com/*,https://www.microsoft.com/msrc*,https://microsoft.com/msrc* - name: ⚙ Install prerequisites From e427b3f3a3550a53929baf1361e11fbfeef00332 Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Thu, 5 Jun 2025 14:55:27 -0600 Subject: [PATCH 02/18] Pin actions/checkout --- .github/workflows/docs_validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docs_validate.yml b/.github/workflows/docs_validate.yml index 80476a0d..391289a4 100644 --- a/.github/workflows/docs_validate.yml +++ b/.github/workflows/docs_validate.yml @@ -13,7 +13,7 @@ jobs: name: 📚 Doc validation runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 # avoid shallow clone so nbgv can do its work. - name: 🔗 Markup Link Checker (mlc) From df32f51fa7771b8c8863c2323a7cce7468cc2e53 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 7 Jun 2025 05:23:07 -0600 Subject: [PATCH 03/18] Update xunit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Directory.Packages.props | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Directory.Packages.props b/Directory.Packages.props index c75c510a..c510499a 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -10,8 +10,8 @@ - - + + From 0c41b219292b26fddfa418b3c4b1796f943c4704 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 11 Jun 2025 05:56:25 -0600 Subject: [PATCH 04/18] Update Dockerfile and global.json updates to v9.0.301 (#376) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .devcontainer/Dockerfile | 2 +- global.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 938b19f8..cd1285d4 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,5 +1,5 @@ # Refer to https://hub.docker.com/_/microsoft-dotnet-sdk for available versions -FROM mcr.microsoft.com/dotnet/sdk:9.0.300-noble@sha256:9f7bd4d010026e15a57d9cf876f2f7d08c3eeed6a0ea987b8c5ba8c75e68e948 +FROM mcr.microsoft.com/dotnet/sdk:9.0.301-noble@sha256:4f50505b5344e9d8a76805d71bb4ba76da6b01656e17a66a8ce1e4c4dfaaec12 # Installing mono makes `dotnet test` work without errors even for net472. # But installing it takes a long time, so it's excluded by default. diff --git a/global.json b/global.json index 33fc5ca6..0e241b6f 100644 --- a/global.json +++ b/global.json @@ -1,6 +1,6 @@ { "sdk": { - "version": "9.0.300", + "version": "9.0.301", "rollForward": "patch", "allowPrerelease": false } From 4e511afa763d5fd001f92d2dc92a7ea8dd5ce8e9 Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Wed, 11 Jun 2025 14:12:11 -0600 Subject: [PATCH 05/18] Add copilot swe agent setup instructions (#377) --- .github/workflows/copilot-setup-steps.yml | 41 +++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/copilot-setup-steps.yml diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml new file mode 100644 index 00000000..bb149d65 --- /dev/null +++ b/.github/workflows/copilot-setup-steps.yml @@ -0,0 +1,41 @@ +name: "Copilot Setup Steps" + +# Automatically run the setup steps when they are changed to allow for easy validation, and +# allow manual testing through the repository's "Actions" tab +on: + workflow_dispatch: + push: + branches: + - main + paths: + - .github/workflows/copilot-setup-steps.yml + pull_request: + paths: + - .github/workflows/copilot-setup-steps.yml + +jobs: + # The job MUST be called `copilot-setup-steps` or it will not be picked up by Copilot. + copilot-setup-steps: + runs-on: ubuntu-latest + # Set the permissions to the lowest permissions possible needed for your steps. + # Copilot will be given its own token for its operations. + permissions: + # If you want to clone the repository as part of your setup steps, for example to install dependencies, you'll need the `contents: read` permission. If you don't clone the repository in your setup steps, Copilot will do this for you automatically after the steps complete. + contents: read + + # You can define any steps you want, and they will run before the agent starts. + # If you do not check out your code, Copilot will do this for you. + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 # avoid shallow clone so nbgv can do its work. + - name: ⚙ Install prerequisites + run: | + ./init.ps1 -UpgradePrerequisites -NoNuGetCredProvider + dotnet --info + + # Print mono version if it is present. + if (Get-Command mono -ErrorAction SilentlyContinue) { + mono --version + } + shell: pwsh From 231dae9d7654ea546d0dc0eb6c9a9bb3774c12e6 Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Wed, 11 Jun 2025 14:20:33 -0600 Subject: [PATCH 06/18] Touch-up name of github workflow --- .github/workflows/copilot-setup-steps.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index bb149d65..053f56e9 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -1,4 +1,4 @@ -name: "Copilot Setup Steps" +name: 💪🏼 Copilot Setup Steps # Automatically run the setup steps when they are changed to allow for easy validation, and # allow manual testing through the repository's "Actions" tab From f6217c2a72bb2edd662883795ff847a76b31beb3 Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Tue, 17 Jun 2025 07:36:02 -0600 Subject: [PATCH 07/18] Bump MicroBuild to 2.0.198 --- Directory.Packages.props | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Directory.Packages.props b/Directory.Packages.props index f5cbaec6..69917d40 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -5,7 +5,7 @@ true true - 2.0.187 + 2.0.198 From 0e6d59ccb2c15a14b09cef2fcab5b5e4322eda3d Mon Sep 17 00:00:00 2001 From: Skylar Nam Date: Wed, 18 Jun 2025 13:29:39 -0700 Subject: [PATCH 08/18] Enable PME signing for Library.Template --- azure-pipelines/build.yml | 3 +++ azure-pipelines/microbuild.before.yml | 1 + 2 files changed, 4 insertions(+) diff --git a/azure-pipelines/build.yml b/azure-pipelines/build.yml index ff3bef40..1482140f 100644 --- a/azure-pipelines/build.yml +++ b/azure-pipelines/build.yml @@ -118,6 +118,7 @@ jobs: zipSources: false ${{ if parameters.RealSign }}: signType: real + signWithProd: true ${{ else }}: signType: test sbom: @@ -223,6 +224,7 @@ jobs: signing: enabled: false # enable when building unique artifacts on this agent that must be signed signType: real + signWithProd: true outputParentDirectory: $(Build.ArtifactStagingDirectory) outputs: - ${{ each artifact_name in parameters.artifact_names }}: @@ -258,6 +260,7 @@ jobs: signing: enabled: false # enable when building unique artifacts on this agent that must be signed signType: real + signWithProd: true outputParentDirectory: $(Build.ArtifactStagingDirectory) outputs: - ${{ each artifact_name in parameters.artifact_names }}: diff --git a/azure-pipelines/microbuild.before.yml b/azure-pipelines/microbuild.before.yml index 05acd319..07429bc7 100644 --- a/azure-pipelines/microbuild.before.yml +++ b/azure-pipelines/microbuild.before.yml @@ -44,6 +44,7 @@ steps: inputs: signType: Real zipSources: false + ConnectedPMEServiceName: 6cc74545-d7b9-4050-9dfa-ebefcc8961ea # devdiv's SC ID displayName: 🔧 Install MicroBuild Signing Plugin - ${{ if parameters.EnableLocalization }}: From ce93bede641735dc358b34a0d1c9776ff6181e9d Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Wed, 18 Jun 2025 14:57:12 -0600 Subject: [PATCH 09/18] Fix expand-template.yml indentation --- azure-pipelines/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines/build.yml b/azure-pipelines/build.yml index ff3bef40..ca2cedb5 100644 --- a/azure-pipelines/build.yml +++ b/azure-pipelines/build.yml @@ -246,7 +246,7 @@ jobs: displayName: 💅 Verify formatted code env: dotnetformat: true # part of a workaround for https://github.com/dotnet/sdk/issues/44951 - - template: expand-template.yml + - template: expand-template.yml - ${{ if parameters.EnableMacOSBuild }}: - job: macOS From dd63cb05dac2a0e3647434404218fa6ed87da31a Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Thu, 19 Jun 2025 17:36:18 -0600 Subject: [PATCH 10/18] Focus binskim on just the binaries we build --- azure-pipelines/build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/azure-pipelines/build.yml b/azure-pipelines/build.yml index 215a17c3..b69a9f5c 100644 --- a/azure-pipelines/build.yml +++ b/azure-pipelines/build.yml @@ -141,6 +141,9 @@ jobs: - ${{ if parameters.EnableOptProf }}: - powershell: Write-Host "##vso[task.setvariable variable=PROFILINGINPUTSDROPNAME]$(tools/variables/ProfilingInputsDropName.ps1)" displayName: ⚙ Set ProfilingInputsDropName for optprof + sdl: + binskim: + analyzeTargetGlob: $(Build.ArtifactStagingDirectory)\symbols-Windows\** outputParentDirectory: $(Build.ArtifactStagingDirectory) outputs: From b432d5eeff8ecf9a484615a7098e07008463ab51 Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Thu, 19 Jun 2025 21:47:12 -0600 Subject: [PATCH 11/18] Build for OptProf with test signed bits Real signing can only be used for official builds. --- azure-pipelines/microbuild.before.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/azure-pipelines/microbuild.before.yml b/azure-pipelines/microbuild.before.yml index 07429bc7..25071536 100644 --- a/azure-pipelines/microbuild.before.yml +++ b/azure-pipelines/microbuild.before.yml @@ -42,9 +42,8 @@ steps: - task: MicroBuildSigningPlugin@4 inputs: - signType: Real + signType: Test zipSources: false - ConnectedPMEServiceName: 6cc74545-d7b9-4050-9dfa-ebefcc8961ea # devdiv's SC ID displayName: 🔧 Install MicroBuild Signing Plugin - ${{ if parameters.EnableLocalization }}: From 1a7db8d2477fba5c3c11f2862b7a28c65673b473 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 20 Jun 2025 06:52:49 -0600 Subject: [PATCH 12/18] Update mcr.microsoft.com/dotnet/sdk:9.0.301-noble Docker digest to 21cd104 (#379) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .devcontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index cd1285d4..bc640c8a 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,5 +1,5 @@ # Refer to https://hub.docker.com/_/microsoft-dotnet-sdk for available versions -FROM mcr.microsoft.com/dotnet/sdk:9.0.301-noble@sha256:4f50505b5344e9d8a76805d71bb4ba76da6b01656e17a66a8ce1e4c4dfaaec12 +FROM mcr.microsoft.com/dotnet/sdk:9.0.301-noble@sha256:21cd104bae759d9787f99a7d9a9d0e431f9360ee373909bbbfd4b8da07a7e3d9 # Installing mono makes `dotnet test` work without errors even for net472. # But installing it takes a long time, so it's excluded by default. From f84cb0f8a87686cd3388a448cf924c043930ed7a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 20 Jun 2025 15:52:18 -0600 Subject: [PATCH 13/18] Update mcr.microsoft.com/dotnet/sdk:9.0.301-noble Docker digest to f353951 (#380) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .devcontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index bc640c8a..eaf9a82e 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,5 +1,5 @@ # Refer to https://hub.docker.com/_/microsoft-dotnet-sdk for available versions -FROM mcr.microsoft.com/dotnet/sdk:9.0.301-noble@sha256:21cd104bae759d9787f99a7d9a9d0e431f9360ee373909bbbfd4b8da07a7e3d9 +FROM mcr.microsoft.com/dotnet/sdk:9.0.301-noble@sha256:f353951d75cd99696c912ba7a29a1c6905fe0c1c7613e12e5318efed40d9b287 # Installing mono makes `dotnet test` work without errors even for net472. # But installing it takes a long time, so it's excluded by default. From d1219b5166a7d25145317795102696495f671cc1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 24 Jun 2025 22:53:36 -0600 Subject: [PATCH 14/18] Update dependency powershell to 7.5.2 Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .config/dotnet-tools.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json index 0eae3250..79ad7dda 100644 --- a/.config/dotnet-tools.json +++ b/.config/dotnet-tools.json @@ -3,7 +3,7 @@ "isRoot": true, "tools": { "powershell": { - "version": "7.5.1", + "version": "7.5.2", "commands": [ "pwsh" ], From c14a73b6392be60a68cd1383db777d5ad8241273 Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Sun, 29 Jun 2025 14:51:35 -0600 Subject: [PATCH 15/18] Re-enable static graph nuget restore --- Directory.Build.props | 3 +-- README.md | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/Directory.Build.props b/Directory.Build.props index e862541e..f702243a 100644 --- a/Directory.Build.props +++ b/Directory.Build.props @@ -17,8 +17,7 @@ true - - false + true $(MSBuildThisFileDirectory) diff --git a/README.md b/README.md index f78bfdb3..f0b0f7d8 100644 --- a/README.md +++ b/README.md @@ -15,10 +15,10 @@ * Static analyzers: default [Code Analysis](https://docs.microsoft.com/dotnet/fundamentals/code-analysis/overview) and [StyleCop](https://github.com/DotNetAnalyzers/StyleCopAnalyzers) * Read-only source tree (builds to top-level bin/obj folders) * Auto-versioning (via [Nerdbank.GitVersioning](https://github.com/dotnet/nerdbank.gitversioning)) -* Builds with a "pinned" .NET Core SDK to ensure reproducible builds across machines and across time. +* Builds with a "pinned" .NET SDK to ensure reproducible builds across machines and across time. * Automatically pack the library and publish it as an artifact, and even push it to some NuGet feed for consumption. * Testing - * Testing on .NET Framework, multiple .NET Core versions + * Testing on .NET Framework, multiple .NET versions * Testing on Windows, Linux and OSX * Tests that crash or hang in Azure Pipelines automatically collect dumps and publish as a pipeline artifact for later investigation. * Cloud build support From 53960183851451f5482da6bdcc421057a277d989 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 7 Jul 2025 20:33:23 -0600 Subject: [PATCH 16/18] Update becheran/mlc action to v1 (#383) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f0f293ee..b6beb8d8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -76,6 +76,6 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: 🔗 Markup Link Checker (mlc) - uses: becheran/mlc@88c9db09b8dabab813a2edd13f955b36aa73657a # v0.22.0 + uses: becheran/mlc@18a06b3aa2901ca197de59c8b0b1f54fdba6b3fa # v1.0.0 with: args: --do-not-warn-for-redirect-to https://learn.microsoft.com*,https://dotnet.microsoft.com/*,https://dev.azure.com/*,https://app.codecov.io/* -p docfx From d9522ff94699b409df91d539dc46b7e01e4b00af Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 7 Jul 2025 20:33:50 -0600 Subject: [PATCH 17/18] Update mcr.microsoft.com/dotnet/sdk:9.0.301-noble Docker digest to 2346351 (#382) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .devcontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index eaf9a82e..0a5f632a 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,5 +1,5 @@ # Refer to https://hub.docker.com/_/microsoft-dotnet-sdk for available versions -FROM mcr.microsoft.com/dotnet/sdk:9.0.301-noble@sha256:f353951d75cd99696c912ba7a29a1c6905fe0c1c7613e12e5318efed40d9b287 +FROM mcr.microsoft.com/dotnet/sdk:9.0.301-noble@sha256:2346351dfe95ffdfe8352042647b2c9746c62cfc812eead9b9bf6154937c86ba # Installing mono makes `dotnet test` work without errors even for net472. # But installing it takes a long time, so it's excluded by default. From 200f811d546e7beed6fa7c7b5c4786fe7b725003 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 8 Jul 2025 07:25:59 -0600 Subject: [PATCH 18/18] Update mcr.microsoft.com/dotnet/sdk:9.0.301-noble Docker digest to 4fd7d3e (#384) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .devcontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 0a5f632a..f06bc4ca 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,5 +1,5 @@ # Refer to https://hub.docker.com/_/microsoft-dotnet-sdk for available versions -FROM mcr.microsoft.com/dotnet/sdk:9.0.301-noble@sha256:2346351dfe95ffdfe8352042647b2c9746c62cfc812eead9b9bf6154937c86ba +FROM mcr.microsoft.com/dotnet/sdk:9.0.301-noble@sha256:4fd7d3e5aeb6cfb75e923a54cdb0b6e858b27ad3b517837917c57c2e632b5694 # Installing mono makes `dotnet test` work without errors even for net472. # But installing it takes a long time, so it's excluded by default.