From ac2ac7459384321a516229dc78293c28654e742f Mon Sep 17 00:00:00 2001 From: Andrew Wang Date: Tue, 20 Jan 2026 15:56:00 -0800 Subject: [PATCH 1/5] Disable SBOM for non-folder publish and fix SymbolUpload Warning (#1540) Disable SBOM for non-folder publish and other warnings This PR disables SBOM for non-folder publishes because the build will get a warning saying: "BuildDropPath '' must be a directory, not a file" Disabling SBOM checks where we know we are only publishing a file. Changing ExpirationInDays to be 5475 --- eng/pipelines/steps/BuildSolution.yml | 2 ++ eng/pipelines/steps/CopyAndPublishSymbols.yml | 2 +- eng/pipelines/steps/PublishOpenDebugAD7.yml | 1 + eng/pipelines/steps/PublishVSPackages.yml | 1 + eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml | 2 ++ eng/pipelines/templates/VSCode-codesign-osx.template.yml | 1 + eng/pipelines/templates/VSCode-esrp-sign-osx.template.yml | 1 + 7 files changed, 9 insertions(+), 1 deletion(-) diff --git a/eng/pipelines/steps/BuildSolution.yml b/eng/pipelines/steps/BuildSolution.yml index 4e6c39263..a5d1e80da 100644 --- a/eng/pipelines/steps/BuildSolution.yml +++ b/eng/pipelines/steps/BuildSolution.yml @@ -39,6 +39,7 @@ steps: artifactName: '${{ parameters.Configuration }}_binlog' condition: ne(variables['System.Debug'], '') OneESPT: ${{ parameters.OneESPT }} + sbomEnabled: false # Disable SBOM for binlogs - template: ../tasks/1ES/PublishPipelineArtifact.yml parameters: @@ -47,4 +48,5 @@ steps: artifactName: '${{ parameters.Configuration }}_debug_bin' condition: ne(variables['System.Debug'], '') OneESPT: ${{ parameters.OneESPT }} + sbomEnabled: false # Disable SBOM for binaries for System.Debug runs ... \ No newline at end of file diff --git a/eng/pipelines/steps/CopyAndPublishSymbols.yml b/eng/pipelines/steps/CopyAndPublishSymbols.yml index 1ae0b04f9..4cef3ad3d 100644 --- a/eng/pipelines/steps/CopyAndPublishSymbols.yml +++ b/eng/pipelines/steps/CopyAndPublishSymbols.yml @@ -23,7 +23,7 @@ steps: SymbolsAgentPath: '$(Build.ArtifactStagingDirectory)\Symbols\' ExcludeAgentFolders: '$(Build.ArtifactStagingDirectory)\Symbols\Debug;$(Build.ArtifactStagingDirectory)\Symbols\Lab.Debug' ${{ if parameters.OneESPT }}: - ExpirationInDays: 3650 # Expire in 10 years for release builds + ExpirationInDays: 5475 # Expire in 10 years for release builds ${{ else }}: ExpirationInDays: 1 # Expire in 1 day if used for testing env: diff --git a/eng/pipelines/steps/PublishOpenDebugAD7.yml b/eng/pipelines/steps/PublishOpenDebugAD7.yml index 4e1d42c67..a598d3a4f 100644 --- a/eng/pipelines/steps/PublishOpenDebugAD7.yml +++ b/eng/pipelines/steps/PublishOpenDebugAD7.yml @@ -59,3 +59,4 @@ steps: targetPath: '$(Build.StagingDirectory)\zips\${{ parameters.RuntimeID }}.zip' artifactName: '${{ parameters.RuntimeID }}_zip' OneESPT: true + sbomEnabled: false # Disable SBOM for zipped files diff --git a/eng/pipelines/steps/PublishVSPackages.yml b/eng/pipelines/steps/PublishVSPackages.yml index 2308737b5..9b34248ac 100644 --- a/eng/pipelines/steps/PublishVSPackages.yml +++ b/eng/pipelines/steps/PublishVSPackages.yml @@ -18,6 +18,7 @@ steps: targetPath: '$(Build.SourcesDirectory)\obj\Lab.Release\NugetPackageVersion.txt' artifactName: 'PackageVersion' OneESPT: true + sbomEnabled: false # Disable SBOM for version file - task: CopyFiles@2 inputs: diff --git a/eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml b/eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml index 065c933ea..8453e7d86 100644 --- a/eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml +++ b/eng/pipelines/tasks/1ES/PublishPipelineArtifact.yml @@ -5,6 +5,7 @@ parameters: artifactName: 'drop' condition: 'succeeded()' OneESPT: false # Indicates that this is running under the 1ES Pipeline Template + sbomEnabled: true steps: - ${{ if eq(parameters['OneESPT'], true) }}: @@ -13,6 +14,7 @@ steps: inputs: targetPath: ${{ parameters.targetPath }} artifactName: '${{ parameters.artifactName }}' + sbomEnabled: ${{ parameters.sbomEnabled }} condition: ${{ parameters.condition }} - ${{ else }}: - template: ../PublishPipelineArtifact.yml diff --git a/eng/pipelines/templates/VSCode-codesign-osx.template.yml b/eng/pipelines/templates/VSCode-codesign-osx.template.yml index 6ef2efc4d..e9d62f05f 100644 --- a/eng/pipelines/templates/VSCode-codesign-osx.template.yml +++ b/eng/pipelines/templates/VSCode-codesign-osx.template.yml @@ -28,4 +28,5 @@ steps: targetPath: '$(Pipeline.Workspace)/${{ rid }}.zip' artifactName: 'unsigned_${{ rid }}_zip' OneESPT: true + sbomEnabled: false # Disable SBOM for zipped files ... diff --git a/eng/pipelines/templates/VSCode-esrp-sign-osx.template.yml b/eng/pipelines/templates/VSCode-esrp-sign-osx.template.yml index 9c55df586..aa31872c1 100644 --- a/eng/pipelines/templates/VSCode-esrp-sign-osx.template.yml +++ b/eng/pipelines/templates/VSCode-esrp-sign-osx.template.yml @@ -25,4 +25,5 @@ steps: targetPath: '$(Pipeline.Workspace)\Artifacts\${{ rid }}.zip' artifactName: '${{ rid }}_zip' OneESPT: true + sbomEnabled: false # Disable SBOM for zipped files ... \ No newline at end of file From f5d2dfbda0e9586a36d38c9c982ab62cefcf0408 Mon Sep 17 00:00:00 2001 From: Andrew Wang Date: Wed, 28 Jan 2026 11:22:34 -0800 Subject: [PATCH 2/5] Update BasicCallStack Test Frame lines for CppVsDbg (#1541) * Update BasicCallStack Test Frame lines This PR updates checkCallStack line 81 to 80 which matches what the cpp file has. Same with callback func * x86 and x64 should be the same now --- test/CppTests/Tests/ExpressionTests.cs | 52 ++++++++------------------ 1 file changed, 15 insertions(+), 37 deletions(-) diff --git a/test/CppTests/Tests/ExpressionTests.cs b/test/CppTests/Tests/ExpressionTests.cs index c73279ef9..7b2f4c105 100644 --- a/test/CppTests/Tests/ExpressionTests.cs +++ b/test/CppTests/Tests/ExpressionTests.cs @@ -523,43 +523,21 @@ private static StackFrame[] GenerateFramesList(IDebuggerSettings debugger) // VsDbg moves the stack pointer to the return address which is not necessarily the calling address if (debugger.DebuggerType == SupportedDebugger.VsDbg) { - // Visual C++ compiler for x64 and x86 generate symbols differently which means that the line numbers will be different. - if (debugger.DebuggeeArchitecture == SupportedArchitecture.x64) - { - return new[] { - new StackFrame(10, "accumulate(", "expression.cpp", null), - new StackFrame(12, "accumulate(", "expression.cpp", null), - new StackFrame(12, "accumulate(", "expression.cpp", null), - new StackFrame(20, "func(", "expression.cpp", null), - new StackFrame(81, "Expression::checkCallStack(", "expression.cpp", null), - new StackFrame(74, "Expression::checkPrettyPrinting(", "expression.cpp", null), - new StackFrame(63, "Expression::checkSpecialValues(", "expression.cpp", null), - new StackFrame(53, "Expression::checkClassOnStackAndHeap(", "expression.cpp", null), - new StackFrame(40, "Expression::checkArrayAndPointers(", "expression.cpp", null), - new StackFrame(32, "Expression::checkPrimitiveTypes(", "expression.cpp", null), - new StackFrame(86, "Expression::CoreRun(", "expression.cpp", null), - new StackFrame(23, "Feature::Run(", "feature.cpp", null), - new StackFrame(45, "main", "main.cpp", null) - }; - } - else - { - return new[] { - new StackFrame(10, "accumulate(", "expression.cpp", null), - new StackFrame(12, "accumulate(", "expression.cpp", null), - new StackFrame(12, "accumulate(", "expression.cpp", null), - new StackFrame(19, "func(", "expression.cpp", null), - new StackFrame(81, "Expression::checkCallStack(", "expression.cpp", null), - new StackFrame(75, "Expression::checkPrettyPrinting(", "expression.cpp", null), - new StackFrame(63, "Expression::checkSpecialValues(", "expression.cpp", null), - new StackFrame(54, "Expression::checkClassOnStackAndHeap(", "expression.cpp", null), - new StackFrame(40, "Expression::checkArrayAndPointers(", "expression.cpp", null), - new StackFrame(32, "Expression::checkPrimitiveTypes(", "expression.cpp", null), - new StackFrame(86, "Expression::CoreRun(", "expression.cpp", null), - new StackFrame(23, "Feature::Run(", "feature.cpp", null), - new StackFrame(46, "main", "main.cpp", null) - }; - } + return new[] { + new StackFrame(10, "accumulate(", "expression.cpp", null), + new StackFrame(12, "accumulate(", "expression.cpp", null), + new StackFrame(12, "accumulate(", "expression.cpp", null), + new StackFrame(19, "func(", "expression.cpp", null), + new StackFrame(80, "Expression::checkCallStack(", "expression.cpp", null), + new StackFrame(74, "Expression::checkPrettyPrinting(", "expression.cpp", null), + new StackFrame(62, "Expression::checkSpecialValues(", "expression.cpp", null), + new StackFrame(53, "Expression::checkClassOnStackAndHeap(", "expression.cpp", null), + new StackFrame(39, "Expression::checkArrayAndPointers(", "expression.cpp", null), + new StackFrame(31, "Expression::checkPrimitiveTypes(", "expression.cpp", null), + new StackFrame(85, "Expression::CoreRun(", "expression.cpp", null), + new StackFrame(22, "Feature::Run(", "feature.cpp", null), + new StackFrame(45, "main", "main.cpp", null) + }; } else { From 454c3e242f3f943b0bcc0f0f69e8276bbc50191a Mon Sep 17 00:00:00 2001 From: Andrew Wang Date: Wed, 28 Jan 2026 15:51:59 -0800 Subject: [PATCH 3/5] Refactor DebuggerTesting pipeline for 1ES Compliance (#1542) * Refactor DebuggerTesting pipeline for 1ES Compliance * Add comment --- eng/pipelines/DebuggerTesting-release.yml | 43 ++++++++++++++++--- .../DebuggerTesting-release.template.yml | 19 ++++++-- 2 files changed, 51 insertions(+), 11 deletions(-) diff --git a/eng/pipelines/DebuggerTesting-release.yml b/eng/pipelines/DebuggerTesting-release.yml index a0f5bd99e..cf1b61cea 100644 --- a/eng/pipelines/DebuggerTesting-release.yml +++ b/eng/pipelines/DebuggerTesting-release.yml @@ -1,14 +1,43 @@ --- name: $(Date:yyyMMdd).$(Rev:r) + variables: -- name: SignType - value: test - name: TeamName value: MDDDebugger -jobs: -- template: ./jobs/VSEngSS-MicroBuild2022-1ES.job.yml + +resources: + repositories: + - repository: MicroBuildTemplate + type: git + name: 1ESPipelineTemplates/MicroBuildTemplate + ref: refs/tags/release + +extends: + template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate parameters: - DisplayName: DebuggerTesting - JobTemplate: - - template: ../templates/DebuggerTesting-release.template.yml + pool: + name: VSEngSS-MicroBuild2022-1ES + os: windows + sdl: + sourceAnalysisPool: + name: VSEngSS-MicroBuild2022-1ES + os: windows + stages: + - stage: DebuggerTesting + jobs: + - job: + displayName: Windows + timeoutInMinutes: 180 + cancelTimeoutInMinutes: 1 + templateContext: + mb: + signing: + enabled: true + signType: real + signWithProd: true + zipSources: false + localization: + enabled: true + steps: + - template: /eng/pipelines/templates/DebuggerTesting-release.template.yml@self ... \ No newline at end of file diff --git a/eng/pipelines/templates/DebuggerTesting-release.template.yml b/eng/pipelines/templates/DebuggerTesting-release.template.yml index 927d7a00f..be7e750c8 100644 --- a/eng/pipelines/templates/DebuggerTesting-release.template.yml +++ b/eng/pipelines/templates/DebuggerTesting-release.template.yml @@ -6,8 +6,6 @@ steps: - template: ../tasks/NuGetToolInstaller.yml -- template: ../tasks/MicroBuildSigningPlugin.yml - - template: ../tasks/NuGetCommand.yml parameters: Command: 'restore' @@ -21,7 +19,7 @@ steps: configuration: 'Release' msbuildArguments: /p:NuGetPath=$(NuGetExeToolPath) /p:NuGetPrerelease=false env: { - "SIGN_TYPE": "$(SignType)" + "SIGN_TYPE": "real" } - template: ../tasks/SignVerify.yml @@ -31,12 +29,25 @@ steps: - template: ../steps/CopyAndPublishSymbols.yml parameters: SourceFolder: '$(Build.SourcesDirectory)\bin\DebugAdapterProtocolTests\Release\drop' + OneESPT: true -- template: ../tasks/PublishPipelineArtifact.yml +- template: ../tasks/1ES/PublishPipelineArtifact.yml parameters: displayName: 'Publish Nupkgs' path: '$(Build.SourcesDirectory)\bin\DebugAdapterProtocolTests\Release\drop' artifactName: 'nupkgs' + OneESPT: true + +# Retain the pipeline run for 2 years so we can compare future builds against it +- powershell: | + $contentType = 'application/json'; + $headers = @{ Authorization = 'Bearer $(System.AccessToken)' }; + $rawRequest = @{ daysValid = 365 * 2; definitionId = $(resources.pipeline.CI.pipelineID); ownerId = 'User:$(Build.RequestedForId)'; protectPipeline = $false; runId = $(resources.pipeline.CI.runId) }; + $request = ConvertTo-Json @($rawRequest); + Write-Host $request + $uri = "$(System.CollectionUri)$(System.TeamProject)/_apis/build/retention/leases?api-version=6.0-preview.1"; + Invoke-RestMethod -uri $uri -method POST -Headers $headers -ContentType $contentType -Body $request; + displayName: Retain build - template: ../tasks/MicroBuildCleanup.yml ... \ No newline at end of file From c427f6f96e0a570c8e56fd44e18edb264ad4191a Mon Sep 17 00:00:00 2001 From: Andrew Wang Date: Sun, 1 Feb 2026 21:12:53 -0800 Subject: [PATCH 4/5] DebuggerTesting-Release updates (#1543) Use Test Sign for Testing packages --- eng/pipelines/DebuggerTesting-release.yml | 3 +-- .../templates/DebuggerTesting-release.template.yml | 11 +++++++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/eng/pipelines/DebuggerTesting-release.yml b/eng/pipelines/DebuggerTesting-release.yml index cf1b61cea..d977b5280 100644 --- a/eng/pipelines/DebuggerTesting-release.yml +++ b/eng/pipelines/DebuggerTesting-release.yml @@ -33,8 +33,7 @@ extends: mb: signing: enabled: true - signType: real - signWithProd: true + signType: test zipSources: false localization: enabled: true diff --git a/eng/pipelines/templates/DebuggerTesting-release.template.yml b/eng/pipelines/templates/DebuggerTesting-release.template.yml index be7e750c8..19923018f 100644 --- a/eng/pipelines/templates/DebuggerTesting-release.template.yml +++ b/eng/pipelines/templates/DebuggerTesting-release.template.yml @@ -34,15 +34,22 @@ steps: - template: ../tasks/1ES/PublishPipelineArtifact.yml parameters: displayName: 'Publish Nupkgs' - path: '$(Build.SourcesDirectory)\bin\DebugAdapterProtocolTests\Release\drop' + targetPath: '$(Build.SourcesDirectory)\bin\DebugAdapterProtocolTests\Release\drop' artifactName: 'nupkgs' OneESPT: true +- task: 1ES.PublishNuget@1 + displayName: 'NuGet push' + inputs: + packageParentPath: '$(Build.SourcesDirectory)\bin\DebugAdapterProtocolTests\Release\drop\' + packagesToPush: '$(Build.SourcesDirectory)\bin\DebugAdapterProtocolTests\Release\drop\*.nupkg' + publishVstsFeed: 'cf33e8db-bbb9-4205-82ee-e1cd159cce99' + # Retain the pipeline run for 2 years so we can compare future builds against it - powershell: | $contentType = 'application/json'; $headers = @{ Authorization = 'Bearer $(System.AccessToken)' }; - $rawRequest = @{ daysValid = 365 * 2; definitionId = $(resources.pipeline.CI.pipelineID); ownerId = 'User:$(Build.RequestedForId)'; protectPipeline = $false; runId = $(resources.pipeline.CI.runId) }; + $rawRequest = @{ daysValid = 365 * 2; definitionId = $(System.DefinitionId); ownerId = 'User:$(Build.RequestedForId)'; protectPipeline = $false; runId = $(Build.BuildId) }; $request = ConvertTo-Json @($rawRequest); Write-Host $request $uri = "$(System.CollectionUri)$(System.TeamProject)/_apis/build/retention/leases?api-version=6.0-preview.1"; From 4212deabf1ab79ad25930ec1de17ed05a3f21cf9 Mon Sep 17 00:00:00 2001 From: Andrew Wang Date: Tue, 3 Feb 2026 10:46:50 -0800 Subject: [PATCH 5/5] Remove branch trigger and CI check for releases (#1544) * Remove branch trigger and CI check for releases * Trigger: none --- eng/pipelines/VS-release.yml | 12 +++--------- eng/pipelines/VSCode-release.yml | 12 +++--------- 2 files changed, 6 insertions(+), 18 deletions(-) diff --git a/eng/pipelines/VS-release.yml b/eng/pipelines/VS-release.yml index 3f5c43f82..2be862ff9 100644 --- a/eng/pipelines/VS-release.yml +++ b/eng/pipelines/VS-release.yml @@ -1,10 +1,7 @@ --- name: $(Date:yyyMMdd).$(Rev:r) -trigger: - branches: - include: - - release_mdd +trigger: none variables: - name: TeamName @@ -39,11 +36,8 @@ extends: mb: signing: enabled: true - ${{ if eq(variables['Build.Reason'], 'IndividualCI') }}: - signType: real - signWithProd: true - ${{ else }}: - signType: test + signType: real + signWithProd: true zipSources: false localization: enabled: true diff --git a/eng/pipelines/VSCode-release.yml b/eng/pipelines/VSCode-release.yml index e1432247b..3a4318c6e 100644 --- a/eng/pipelines/VSCode-release.yml +++ b/eng/pipelines/VSCode-release.yml @@ -1,10 +1,7 @@ --- name: $(Date:yyyMMdd).$(Rev:r) -trigger: - branches: - include: - - release-cpptools +trigger: none variables: - name: TeamName @@ -38,11 +35,8 @@ extends: mb: signing: enabled: true - ${{ if eq(variables['Build.Reason'], 'IndividualCI') }}: - signType: real - signWithProd: true - ${{ else }}: - signType: test + signType: real + signWithProd: true zipSources: false localization: enabled: true