Rollout 2024-08-05 (#3779)

.config/dotnet-tools.json

@@ -3,7 +3,7 @@
   "isRoot": true,
   "tools": {
     "microsoft.dnceng.secretmanager": {
-      "version": "1.1.0-beta.24351.3",
+      "version": "1.1.0-beta.24374.1",
       "commands": [
         "secret-manager"
       ]
@@ -15,7 +15,7 @@
       ]
     },
     "microsoft.dnceng.configuration.bootstrap": {
-      "version": "1.1.0-beta.24351.3",
+      "version": "1.1.0-beta.24374.1",
       "commands": [
         "bootstrap-dnceng-configuration"
       ]

.vault-config/helixkv.yaml

@@ -4,27 +4,9 @@ storageLocation:
     subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
     name: helixkv
 
-
 secrets:
   dn-bot-account-redmond:
     type: domain-account
     parameters:
       accountName: dn-bot
       description: The dn-bot account
-
-  dnb2-bot-account-redmond:
-    type: domain-account
-    parameters:
-      accountName: dnb2-bot
-      description: The dnb2-bot account
-
-  dn-dependabot-account-redmond:
-    type: domain-account
-    parameters:
-      accountName: dn-dependabot
-      description: The dn-dependabot account
-
-  dotnet-mc-bot-account:
-    type: github-account
-    parameters:
-      name: dotnet-mc-bot

.vault-config/maestrolocal.yaml

@@ -19,11 +19,6 @@ secrets:
       hasWebhookSecret: false
       hasOAuthSecret: true
 
-  prod-maestro-token:
-    type: maestro-access-token
-    parameters:
-      environment: https://maestro.dot.net/
-
   dn-bot-dnceng-build-rw-code-rw-release-rw:
     type: azure-devops-access-token
     parameters:
@@ -33,53 +28,3 @@ secrets:
         name: dn-bot-account-redmond
       organizations: dnceng
       scopes: build_execute code_write release_execute
-
-  dn-bot-devdiv-build-rw-code-rw-release-rw:
-    type: azure-devops-access-token
-    parameters:
-      domainAccountName: dn-bot
-      domainAccountSecret:
-        location: helixkv
-        name: dn-bot-account-redmond
-      organizations: devdiv
-      scopes: build_execute code_write release_execute
-
-  dn-bot-domoreexp-build-rw-code-rw-release-rw:
-    type: azure-devops-access-token
-    parameters:
-      domainAccountName: dn-bot
-      domainAccountSecret:
-        location: helixkv
-        name: dn-bot-account-redmond
-      organizations: domoreexp
-      scopes: build_execute code_write release_execute
-
-  dn-bot-dnceng-packaging-rwm:
-    type: azure-devops-access-token
-    parameters:
-      domainAccountName: dn-bot
-      domainAccountSecret:
-        location: helixkv
-        name: dn-bot-account-redmond
-      organizations: dnceng
-      scopes: packaging_manage
-
-  dn-bot-dnceng-build-r:
-    type: azure-devops-access-token
-    parameters:
-      domainAccountName: dn-bot
-      domainAccountSecret:
-        location: helixkv
-        name: dn-bot-account-redmond
-      organizations: dnceng
-      scopes: build
-
-  dn-bot-dnceng-public-build-r:
-    type: azure-devops-access-token
-    parameters:
-      domainAccountName: dn-bot
-      domainAccountSecret:
-        location: helixkv
-        name: dn-bot-account-redmond
-      organizations: dnceng-public
-      scopes: build

.vault-config/product-construction-dev.yaml

@@ -25,14 +25,3 @@ secrets:
         location: engkeyvault
         name: BotAccount-dotnet-bot
       gitHubBotAccountName: dotnet-bot
-
-  dn-bot-all-orgs-code-r:
-    type: azure-devops-access-token
-    parameters:
-      domainAccountName: dn-bot
-      domainAccountSecret:
-          location: helixkv
-          name: dn-bot-account-redmond
-      name: dn-bot-all-orgs-code-r
-      organizations: devdiv dnceng
-      scopes: code

.vault-config/product-construction-int.yaml

@@ -26,17 +26,6 @@ secrets:
         name: BotAccount-dotnet-bot
       gitHubBotAccountName: dotnet-bot
 
-  dn-bot-all-orgs-code-r:
-    type: azure-devops-access-token
-    parameters:
-      domainAccountName: dn-bot
-      domainAccountSecret:
-          location: helixkv
-          name: dn-bot-account-redmond
-      name: dn-bot-all-orgs-code-r
-      organizations: devdiv dnceng
-      scopes: code
-
   github:
     type: github-app-secret
     parameters:

.vault-config/shared/maestro-secrets.yaml

@@ -5,11 +5,6 @@ github:
     hasWebhookSecret: true
     hasOAuthSecret: true
 
-prod-maestro-token:
-  type: maestro-access-token
-  parameters:
-    environment: https://maestro.dot.net/
-
 dn-bot-dnceng-build-rw-code-rw-release-rw:
   type: azure-devops-access-token
   parameters:
@@ -19,53 +14,3 @@ dn-bot-dnceng-build-rw-code-rw-release-rw:
       name: dn-bot-account-redmond
     organizations: dnceng
     scopes: build_execute code_write release_execute
-
-dn-bot-devdiv-build-rw-code-rw-release-rw:
-  type: azure-devops-access-token
-  parameters:
-    domainAccountName: dn-bot
-    domainAccountSecret:
-      location: helixkv
-      name: dn-bot-account-redmond
-    organizations: devdiv
-    scopes: build_execute code_write release_execute
-
-dn-bot-domoreexp-build-rw-code-rw-release-rw:
-  type: azure-devops-access-token
-  parameters:
-    domainAccountName: dn-bot
-    domainAccountSecret:
-      location: helixkv
-      name: dn-bot-account-redmond
-    organizations: domoreexp
-    scopes: build_execute code_write release_execute
-
-dn-bot-dnceng-packaging-rwm:
-  type: azure-devops-access-token
-  parameters:
-    domainAccountName: dn-bot
-    domainAccountSecret:
-      location: helixkv
-      name: dn-bot-account-redmond
-    organizations: dnceng
-    scopes: packaging_manage
-
-dn-bot-dnceng-build-r:
-  type: azure-devops-access-token
-  parameters:
-    domainAccountName: dn-bot
-    domainAccountSecret:
-      location: helixkv
-      name: dn-bot-account-redmond
-    organizations: dnceng
-    scopes: build
-
-dn-bot-dnceng-public-build-r:
-  type: azure-devops-access-token
-  parameters:
-    domainAccountName: dn-bot
-    domainAccountSecret:
-      location: helixkv
-      name: dn-bot-account-redmond
-    organizations: dnceng-public
-    scopes: build

Directory.Packages.props

@@ -4,7 +4,7 @@
     <AspNetAzureVersion>3.1.24</AspNetAzureVersion>
     <AspNetCoreVersion>6.0.26</AspNetCoreVersion>
     <MicrosoftExtensionsVersion>6.0.0</MicrosoftExtensionsVersion>
-    <AspireVersion>8.0.2</AspireVersion>
+    <AspireVersion>8.1.0</AspireVersion>
     <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
     <CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
   </PropertyGroup>
@@ -17,7 +17,7 @@
     <PackageVersion Include="Aspire.Hosting.AppHost" Version="$(AspireVersion)" />
     <PackageVersion Include="Aspire.Hosting.Azure.Storage" Version="$(AspireVersion)" />
     <PackageVersion Include="Aspire.Hosting.Azure" Version="$(AspireVersion)" />
-    <PackageVersion Include="Azure.Core" Version="1.40.0" />
+    <PackageVersion Include="Azure.Core" Version="1.41.0" />
     <PackageVersion Include="Azure.Extensions.AspNetCore.Configuration.Secrets" Version="1.3.0" />
     <PackageVersion Include="Azure.Extensions.AspNetCore.DataProtection.Blobs" Version="1.2.3" />
     <PackageVersion Include="Azure.Extensions.AspNetCore.DataProtection.Keys" Version="1.2.3" />
@@ -39,7 +39,6 @@
     <PackageVersion Include="Microsoft.AspNetCore.ApiVersioning.Analyzers" Version="$(MicrosoftAspNetCoreApiVersioningAnalyzersVersion)" />
     <PackageVersion Include="Microsoft.AspNetCore.ApiVersioning.Swashbuckle" Version="$(MicrosoftAspNetCoreApiVersioningSwashbuckleVersion)" />
     <PackageVersion Include="Microsoft.AspNetCore.ApiVersioning" Version="$(MicrosoftAspNetCoreApiVersioningVersion)" />
-    <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0" />
     <PackageVersion Include="Microsoft.AspNetCore.Http" Version="2.2.2" />
     <PackageVersion Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="$(AspNetCoreVersion)" />
     <PackageVersion Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="$(AspNetCoreVersion)" />
@@ -121,11 +120,11 @@
     <PackageVersion Include="NUnit" Version="4.0.1" />
     <PackageVersion Include="NUnit3TestAdapter" Version="4.5.0" />
     <PackageVersion Include="Octokit" Version="13.0.1" />
-    <PackageVersion Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.8.1" />
-    <PackageVersion Include="OpenTelemetry.Extensions.Hosting" Version="1.8.1" />
-    <PackageVersion Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.8.1" />
+    <PackageVersion Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.9.0" />
+    <PackageVersion Include="OpenTelemetry.Extensions.Hosting" Version="1.9.0" />
+    <PackageVersion Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.9.0" />
     <PackageVersion Include="OpenTelemetry.Instrumentation.GrpcNetClient" Version="1.6.0-beta.3" />
-    <PackageVersion Include="OpenTelemetry.Instrumentation.Http" Version="1.8.1" />
+    <PackageVersion Include="OpenTelemetry.Instrumentation.Http" Version="1.9.0" />
     <PackageVersion Include="OpenTelemetry.Instrumentation.Runtime" Version="1.8.0" />
     <PackageVersion Include="ServiceFabricMocks" Version="$(ServiceFabricMocksVersion)" />
     <PackageVersion Include="Swashbuckle.AspNetCore" Version="6.5.0" />

azure-pipelines-product-construction-service.yml

@@ -20,7 +20,6 @@ variables:
   value: $(Build.ArtifactStagingDirectory)/diff
 - ${{ if ne(variables['Build.SourceBranch'], 'refs/heads/production') }}:
   # https://dev.azure.com/dnceng/internal/_library?itemType=VariableGroups&view=VariableGroupView&variableGroupId=189
-  - group: Product-Construction-Service-Int
   - name: containerappName
     value: product-construction-int
   - name: containerRegistryName
@@ -69,9 +68,14 @@ stages:
       displayName: Build docker image
 
     - ${{ if notin(variables['Build.Reason'], 'PullRequest') }}:
-      - powershell: |
-          echo $(container-registry-password) | docker login --username $(container-registry-username) --password-stdin $(dockerRegistryUrl)
-          docker push "$(dockerRegistryUrl)/$(containerName):$(newDockerImageTag)"
+      - task: AzureCLI@2
+        inputs:
+          azureSubscription: $(serviceConnectionName)
+          scriptType: pscore
+          scriptLocation: inlineScript
+          inlineScript: |
+            az acr login --name $(containerRegistryName)
+            docker push "$(dockerRegistryUrl)/$(containerName):$(newDockerImageTag)"
         displayName: Push docker image
 
       - ${{ if ne(variables['Build.SourceBranch'], 'refs/heads/production') }}:

azure-pipelines.yml

@@ -160,27 +160,6 @@ extends:
                 artifact: Maestro.ScenarioTests
                 displayName: Publish Maestro Scenario Tests
                 condition: always()
-
-    - ${{ if in(variables['Build.SourceBranch'], 'refs/heads/main', 'refs/heads/production') }}:
-      - template: /eng/common/templates-official/post-build/post-build.yml@self
-        parameters:
-          enableSymbolValidation: true
-          enableSigningValidation: false
-          artifactsPublishingAdditionalParameters: '/p:CheckEolTargetFramework=false'
-          symbolPublishingAdditionalParameters: '/p:CheckEolTargetFramework=false'
-          SDLValidationParameters:
-            enable: true
-            params: '-SourceToolsList @("policheck","credscan")
-            -TsaInstanceURL $(_TsaInstanceURL)
-            -TsaProjectName $(_TsaProjectName)
-            -TsaNotificationEmail $(_TsaNotificationEmail)
-            -TsaCodebaseAdmin $(_TsaCodebaseAdmin)
-            -TsaBugAreaPath $(_TsaBugAreaPath)
-            -TsaIterationPath $(_TsaIterationPath)
-            -TsaRepositoryName "Arcade-Services"
-            -TsaCodebaseName "Arcade-Services"
-            -TsaPublish $True
-            -PoliCheckAdditionalRunConfigParams @("UserExclusionPath < $(Build.SourcesDirectory)/eng/PoliCheckExclusions.xml")'
 
     - template: /eng/templates/stages/deploy.yaml@self
       parameters:
@@ -202,3 +181,24 @@ extends:
           VariableGroup: MaestroProd KeyVault
           BarConnectionString: "Data Source=tcp:maestro-prod.database.windows.net,1433; Initial Catalog=BuildAssetRegistry; Authentication=Active Directory Default; Persist Security Info=False; MultipleActiveResultSets=True; Connect Timeout=120; Encrypt=True; TrustServerCertificate=False; User Id=1093df3b-c754-4788-a4ae-ea33b86b82aa"
           BarMigrationSubscription: BarMigrationProd
+
+    - ${{ if in(variables['Build.SourceBranch'], 'refs/heads/main', 'refs/heads/production') }}:
+      - template: /eng/common/templates-official/post-build/post-build.yml@self
+        parameters:
+          enableSymbolValidation: true
+          enableSigningValidation: false
+          artifactsPublishingAdditionalParameters: '/p:CheckEolTargetFramework=false'
+          symbolPublishingAdditionalParameters: '/p:CheckEolTargetFramework=false'
+          SDLValidationParameters:
+            enable: true
+            params: '-SourceToolsList @("policheck","credscan")
+            -TsaInstanceURL $(_TsaInstanceURL)
+            -TsaProjectName $(_TsaProjectName)
+            -TsaNotificationEmail $(_TsaNotificationEmail)
+            -TsaCodebaseAdmin $(_TsaCodebaseAdmin)
+            -TsaBugAreaPath $(_TsaBugAreaPath)
+            -TsaIterationPath $(_TsaIterationPath)
+            -TsaRepositoryName "Arcade-Services"
+            -TsaCodebaseName "Arcade-Services"
+            -TsaPublish $True
+            -PoliCheckAdditionalRunConfigParams @("UserExclusionPath < $(Build.SourcesDirectory)/eng/PoliCheckExclusions.xml")'