[automated] Merge branch 'release/9.0.2xx' => 'release/9.0.3xx' (#47434)

Co-authored-by: Mirroring <[email protected]>
Co-authored-by: ProductConstructionServiceProd <ProductConstructionServiceProd>
Co-authored-by: Sean Reeser (CSI Interfusion Inc) <[email protected]>
Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com>
Co-authored-by: Jason Zhai <[email protected]>
Co-authored-by: Eduardo Villalpando Mello <[email protected]>
Co-authored-by: Forgind <[email protected]>
Co-authored-by: Noah Gilson <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Nikola Milosavljevic <[email protected]>
Co-authored-by: vseanreesermsft <[email protected]>
Co-authored-by: dotnet-maestro[bot] <42748379+dotnet-maestro[bot]@users.noreply.github.com>
Co-authored-by: Marc Paine <[email protected]>
Co-authored-by: Noah Gilson <[email protected]>

Author: 10 people

.github/workflows/pr-analysis.yml

@@ -0,0 +1,14 @@
+name: PR Analysis
+on:
+  pull_request:
+    types: [opened, synchronize, labeled, unlabeled]
+permissions:
+  contents: read
+  pull-requests: read
+jobs:
+  allowed-labels:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Return error if branch is in lockdown or 'do not merge' label is present
+        run: echo "Labels on this PR prevent it from being merged. Please contact the repo owners for more information." && exit 1
+        if: ${{ contains(github.event.pull_request.labels.*.name, 'Branch Lockdown') || contains(github.event.pull_request.labels.*.name, 'DO NOT MERGE') }}

src/Cli/dotnet/NugetPackageDownloader/NuGetPackageDownloader.cs

@@ -38,6 +38,10 @@ internal class NuGetPackageDownloader : INuGetPackageDownloader
         private readonly Dictionary<PackageSource, SourceRepository> _sourceRepositories;
         private readonly bool _shouldUsePackageSourceMapping;
 
+        /// <summary>
+        /// If true, the package downloader will verify the signatures of the packages it downloads.
+        /// Temporarily disabled for macOS and Linux. 
+        /// </summary>
         private readonly bool _verifySignatures;
         private readonly VerbosityOptions _verbosityOptions;
         private readonly string _currentWorkingDirectory;
@@ -65,7 +69,9 @@ public NuGetPackageDownloader(
             _restoreActionConfig = restoreActionConfig ?? new RestoreActionConfig();
             _retryTimer = timer;
             _sourceRepositories = new();
-            _verifySignatures = verifySignatures;
+            // If windows or env variable is set, verify signatures
+            _verifySignatures = verifySignatures && (OperatingSystem.IsWindows() ? true 
+                : bool.TryParse(Environment.GetEnvironmentVariable(NuGetSignatureVerificationEnabler.DotNetNuGetSignatureVerification), out var shouldVerifySignature) ? shouldVerifySignature : OperatingSystem.IsLinux());
 
             _cacheSettings = new SourceCacheContext
             {
@@ -130,8 +136,17 @@ public async Task<string> DownloadPackageAsync(PackageId packageId,
                         packageVersion.ToNormalizedString()));
             }
 
-            await VerifySigning(nupkgPath, repository);
-            
+            // Delete file if verification fails
+            try
+            {
+                await VerifySigning(nupkgPath, repository);
+            }
+            catch (NuGetPackageInstallerException)
+            {
+                File.Delete(nupkgPath);
+                throw;
+            }
+
             return nupkgPath;
         }
 

src/Cli/dotnet/ReleasePropertyProjectLocator.cs

@@ -176,7 +176,7 @@ public IEnumerable<string> GetCustomDefaultConfigurationValueIfSpecified()
             Parallel.ForEach(sln.SolutionProjects.AsEnumerable(), (project, state) =>
             {
 #pragma warning disable CS8604 // Possible null reference argument.
-                string projectFullPath = Path.Combine(Path.GetDirectoryName(slnFullPath), project.FilePath);
+                string projectFullPath = Path.GetFullPath(project.FilePath, Path.GetDirectoryName(slnFullPath));
 #pragma warning restore CS8604 // Possible null reference argument.
                 if (IsUnanalyzableProjectInSolution(project, projectFullPath))
                     return;
@@ -220,7 +220,7 @@ public IEnumerable<string> GetCustomDefaultConfigurationValueIfSpecified()
             foreach (var project in sln.SolutionProjects.AsEnumerable())
             {
 #pragma warning disable CS8604 // Possible null reference argument.
-                string projectFullPath = Path.Combine(Path.GetDirectoryName(slnPath), project.FilePath);
+                string projectFullPath = Path.GetFullPath(project.FilePath, Path.GetDirectoryName(slnPath));
 #pragma warning restore CS8604 // Possible null reference argument.
                 if (IsUnanalyzableProjectInSolution(project, projectFullPath))
                     continue;

src/Cli/dotnet/commands/dotnet-workload/restore/WorkloadRestoreCommand.cs

@@ -136,10 +136,11 @@ internal static List<string> DiscoverAllProjects(string currentDirectory,
                     .Select(Path.GetFullPath).ToList();
             }
 
-            foreach (string file in slnFiles)
+            foreach (string solutionFilePath in slnFiles)
             {
-                var solutionFile = SlnFileFactory.CreateFromFileOrDirectory(file);
-                projectFiles.AddRange(solutionFile.SolutionProjects.Select(p => p.FilePath));
+                var solutionFile = SlnFileFactory.CreateFromFileOrDirectory(solutionFilePath);
+                projectFiles.AddRange(solutionFile.SolutionProjects.Select(
+                    p => Path.GetFullPath(p.FilePath, Path.GetDirectoryName(solutionFilePath))));
             }
 
             if (projectFiles.Count == 0)

src/SourceBuild/content/eng/finish-source-only.proj

@@ -114,12 +114,22 @@
           Outputs="$(BaseIntermediateOutputPath)ReportPoisonUsage.complete" >
     <ItemGroup>
       <!-- Exclude the Private.SourceBuilt.Artifacts archive from poison usage scan. -->
-      <PoisonFileToCheck Include="$(ArtifactsAssetsDir)*$(ArchiveExtension)" />
-      <PoisonFileToCheck Remove="$(ArtifactsAssetsDir)$(SourceBuiltArtifactsTarballName)*" />
+      <AssetToCheck Include="$(ArtifactsAssetsDir)*$(ArchiveExtension)" />
+      <AssetToCheck Remove="$(ArtifactsAssetsDir)$(SourceBuiltArtifactsTarballName)*" />
       <!-- Include shipping nuget packages. -->
-      <PoisonFileToCheck Include="$(ArtifactsShippingPackagesDir)*.nupkg" />
+      <ShippingPackageToCheck Include="$(ArtifactsShippingPackagesDir)**/*.nupkg" />
       <!-- Add and mark SBRP packages to validate that they have the correct poison attribute. -->
-      <PoisonFileToCheck Include="$(ReferencePackagesDir)**\*.nupkg" IsSourceBuildReferencePackage="true" />
+      <SbrpPackageToCheck Include="$(ReferencePackagesDir)**\*.nupkg" IsSourceBuildReferencePackage="true" />
+    </ItemGroup>
+
+    <Error Condition="'@(AssetToCheck)' == ''" Text="No assets will be poison checked - this is unexpected!" />
+    <Error Condition="'@(ShippingPackageToCheck)' == ''" Text="No shipping packages will be poison checked - this is unexpected!" />
+    <Error Condition="'@(SbrpPackageToCheck)' == ''" Text="No SBRP packages will be poison checked - this is unexpected!" />
+
+    <ItemGroup>
+      <PoisonFileToCheck Include="@(AssetToCheck)" />
+      <PoisonFileToCheck Include="@(ShippingPackageToCheck)" />
+      <PoisonFileToCheck Include="@(SbrpPackageToCheck)" />
     </ItemGroup>
 
     <Message Importance="High" Text="[$([System.DateTime]::Now.ToString('HH:mm:ss.ff'))] Checking @(PoisonFileToCheck) for poisoned files." />