Sign the DAC and build (and sign) the cross-OS DACs in the VMR #46377
+103
−31
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Jan 29, 2025
Open
ViktorHofer
reviewed
Jan 29, 2025
ViktorHofer
reviewed
Jan 29, 2025
ViktorHofer
reviewed
Jan 29, 2025
ViktorHofer
reviewed
Jan 29, 2025
ViktorHofer
reviewed
Jan 29, 2025
ViktorHofer
reviewed
Jan 29, 2025
jkoritzinsky
force-pushed
the
dac-sign
branch
from
6bfcfb8 to
b515aa0
Compare
|
/azp run sdk-unified-build-full |
|
Azure Pipelines successfully started running 1 pipeline(s). |
3 tasks
ViktorHofer
approved these changes
Feb 5, 2025
Co-authored-by: Viktor Hofer <viktor.hofer@microsoft.com>
|
/azp run sdk-unified-build-full |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run sdk-unified-build-full |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
The BuildPass2 job isn't building only the assets I want. I'll take a look tomorrow. |
|
/azp run sdk-unified-build-full |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run sdk-unified-build-full |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run sdk-unified-build-full |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run sdk-unified-build-full |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run sdk-unified-build-full |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Depends on dotnet/runtime#111927 and code flow of dotnet/runtime#111416
Depends on #46532 (the code-flow of the changes into dotnet/sdk)
This will also require someone (likely @hoyosjs or @tommcdon) to authorize the
dotnet-unified-buildinternal pipeline to use the AKV service connection before we make a release branch off of dotnet/dotnet.This change installs/uninstalls the DAC certificates around the build command on Windows and passes the correct arguments to the orchestrator to specify the path to the ESRP tool. It uses the templates defined by the runtime repo, which will be available in the VMR once dotnet/runtime#111416 has flowed all of the way to dotnet/dotnet.
It also adds a win-x86 join job for the cross-OS DAC builds. @ViktorHofer and I decided on using a separate join job as this is the only join point that depends on non-Windows non-ShortStack builds, so it may be the last job to start, and it may take near 20 minutes on its own (as we build all of the cross-OS DAC native code and do signing). By having it in its own job, we avoid slowing down the workloads + aspnetcore + sdk join job (which will only depend on Windows or ShortStack jobs)