[automated] Merge branch 'release/9.0.1xx' => 'release/9.0.2xx' (#47341)

github-actions[bot] · dotnet-maestro[bot] · edvilme · web-flow · commit 99247e479de1 · 2025-03-10T11:15:45.000-07:00
Co-authored-by: dotnet-maestro[bot] &lt;dotnet-maestro[bot]@users.noreply.github.com&gt;
Co-authored-by: Eduardo Villalpando Mello &lt;eduardov@microsoft.com&gt;
Co-authored-by: Forgind &lt;12969783+Forgind@users.noreply.github.com&gt;
Co-authored-by: github-actions[bot] &lt;41898282+github-actions[bot]@users.noreply.github.com&gt;
Co-authored-by: Nikola Milosavljevic &lt;nikolam@microsoft.com&gt;
Co-authored-by: vseanreesermsft &lt;78103370+vseanreesermsft@users.noreply.github.com&gt;
Co-authored-by: v-wuzhai &lt;v-wuzhai@microsoft.com&gt;
diff --git a/.github/workflows/pr-analysis.yml b/.github/workflows/pr-analysis.yml
@@ -0,0 +1,14 @@
+name: PR Analysis
+on:
+  pull_request:
+    types: [opened, synchronize, labeled, unlabeled]
+permissions:
+  contents: read
+  pull-requests: read
+jobs:
+  allowed-labels:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Return error if branch is in lockdown or 'do not merge' label is present
+        run: echo "Labels on this PR prevent it from being merged. Please contact the repo owners for more information." && exit 1
+        if: ${{ contains(github.event.pull_request.labels.*.name, 'Branch Lockdown') || contains(github.event.pull_request.labels.*.name, 'DO NOT MERGE') }}
diff --git a/src/SourceBuild/content/eng/finish-source-only.proj b/src/SourceBuild/content/eng/finish-source-only.proj
@@ -114,12 +114,22 @@
           Outputs="$(BaseIntermediateOutputPath)ReportPoisonUsage.complete" >
     <ItemGroup>
       <!-- Exclude the Private.SourceBuilt.Artifacts archive from poison usage scan. -->
-      <PoisonFileToCheck Include="$(ArtifactsAssetsDir)*$(ArchiveExtension)" />
-      <PoisonFileToCheck Remove="$(ArtifactsAssetsDir)$(SourceBuiltArtifactsTarballName)*" />
+      <AssetToCheck Include="$(ArtifactsAssetsDir)*$(ArchiveExtension)" />
+      <AssetToCheck Remove="$(ArtifactsAssetsDir)$(SourceBuiltArtifactsTarballName)*" />
       <!-- Include shipping nuget packages. -->
-      <PoisonFileToCheck Include="$(ArtifactsShippingPackagesDir)*.nupkg" />
+      <ShippingPackageToCheck Include="$(ArtifactsShippingPackagesDir)**/*.nupkg" />
       <!-- Add and mark SBRP packages to validate that they have the correct poison attribute. -->
-      <PoisonFileToCheck Include="$(ReferencePackagesDir)**\*.nupkg" IsSourceBuildReferencePackage="true" />
+      <SbrpPackageToCheck Include="$(ReferencePackagesDir)**\*.nupkg" IsSourceBuildReferencePackage="true" />
+    </ItemGroup>
+
+    <Error Condition="'@(AssetToCheck)' == ''" Text="No assets will be poison checked - this is unexpected!" />
+    <Error Condition="'@(ShippingPackageToCheck)' == ''" Text="No shipping packages will be poison checked - this is unexpected!" />
+    <Error Condition="'@(SbrpPackageToCheck)' == ''" Text="No SBRP packages will be poison checked - this is unexpected!" />
+
+    <ItemGroup>
+      <PoisonFileToCheck Include="@(AssetToCheck)" />
+      <PoisonFileToCheck Include="@(ShippingPackageToCheck)" />
+      <PoisonFileToCheck Include="@(SbrpPackageToCheck)" />
     </ItemGroup>
 
     <Message Importance="High" Text="[$([System.DateTime]::Now.ToString('HH:mm:ss.ff'))] Checking @(PoisonFileToCheck) for poisoned files." />
