Give a warning before trying to publish symbols-only packages

Actions/.Modules/ReadSettings.psm1

@@ -196,7 +196,7 @@ function GetDefaultSettings
             "retentionDays"                             = 30
             "mode"                                      = "modifiedApps" # modifiedProjects, modifiedApps
         }
-        "microsoftTelemetryConnectionString"            = "InstrumentationKey=cd2cc63e-0f37-4968-b99a-532411a314b8;IngestionEndpoint=https://northeurope-2.in.applicationinsights.azure.com/"
+        "microsoftTelemetryConnectionString"            = "InstrumentationKey=cd2cc63e-0f37-4968-b99a-532411a314b8;IngestionEndpoint=https://northeurope-2.in.applicationinsights.azure.com/" #gitleaks:allow
         "partnerTelemetryConnectionString"              = ""
         "sendExtendedTelemetryToMicrosoft"              = $false
         "environments"                                  = @()

Actions/AL-Go-Helper.ps1

@@ -2159,6 +2159,64 @@ function ConnectAz {
     }
 }
 
+<#
+    .SYNOPSIS
+    Checks whether nuget.org is added as a nuget source.
+#>
+function AssertNugetSourceIsAdded() {
+    $nugetSource = "https://api.nuget.org/v3/index.json"
+    $nugetSourceExists = dotnet nuget list source | Select-String -Pattern $nugetSource
+    if (-not $nugetSourceExists) {
+        throw "Nuget source $nugetSource is not added. Please add the source using 'dotnet nuget add source $nugetSource' or add another source with nuget.org as an upstream source."
+    }
+}
+
+<#
+    .SYNOPSIS
+    Installs a .NET tool in a temporary folder and returns the path to the folder
+    .DESCRIPTION
+    This function installs a .NET tool using 'dotnet tool install' in a temporary folder and returns the path to the folder where the tool is installed.
+    .PARAMETER PackageName
+    The name of the package to install
+    .PARAMETER ToolPath
+    The path where the tool should be installed. If not specified, the tool is installed in a temporary folder.
+    .RETURNS
+    The path to the folder where the tool is installed.
+#>
+function Install-DotNetTool {
+    param(
+        [Parameter(Mandatory = $true)]
+        [string] $PackageName,
+        [Parameter(Mandatory = $false)]
+        [string] $ToolPath = $ENV:RUNNER_TEMP
+    )
+    AssertNugetSourceIsAdded
+
+    # Use GetTempPath if RunnerTemp is not set (e.g. when running locally)
+    if (-not $ToolPath) {
+        $ToolPath = [System.IO.Path]::GetTempPath()
+    }
+    $installationFolder = Join-Path -Path $ToolPath $PackageName
+    if (Test-Path -Path $installationFolder) {
+        # Tool is already installed
+        Write-Host "$PackageName is already installed in $installationFolder"
+        return $installationFolder
+    }
+
+    # Get version of the package
+    $version = GetPackageVersion -PackageName $PackageName
+
+    # Install the tool in the temp folder
+    Write-Host "Installing $PackageName ($version) in $installationFolder"
+    dotnet tool install $PackageName --version $version --tool-path $installationFolder | Out-Host
+
+    if (-not (Test-Path -Path $installationFolder)) {
+        throw "Failed to install $PackageName. If you are using a self-hosted runner please make sure you've followed all the steps described in https://aka.ms/algosettings#runs-on."
+    }
+
+    return $installationFolder
+}
+
 function OutputMessageAndArray {
     Param(
         [string] $message,

Actions/Environment.Packages.proj

@@ -12,6 +12,7 @@
     <PackageReference Include="Az.Accounts" Version="2.15.1" GeneratePathProperty="true" ExcludeAssets="All" />
     <PackageReference Include="Az.Storage" Version="6.1.1" GeneratePathProperty="true" ExcludeAssets="All" />
     <PackageReference Include="Az.KeyVault" Version="5.2.0" GeneratePathProperty="true" ExcludeAssets="All" />
+    <PackageReference Include="Microsoft.Dynamics.BusinessCentral.Development.Tools" Version="17.0.28.6483-beta" GeneratePathProperty="true" ExcludeAssets="All" />
   </ItemGroup>
 
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />

Actions/RunPipeline/RunPipeline.ps1

@@ -193,6 +193,7 @@ try {
     }
 
     # Replace secret names in install.apps and install.testApps
+    $tempDependenciesLocation = Join-Path $ENV:RUNNER_TEMP "Dependencies-$(Get-Random)"
     foreach($list in @('Apps','TestApps')) {
         $install."$list" = @($install."$list" | ForEach-Object {
             $pattern = '.*(\$\{\{\s*([^}]+?)\s*\}\}).*'
@@ -203,22 +204,44 @@ try {
             else {
                 $finalUrl = $url
             }
-            # Check validity of URL
+
             if ($finalUrl -like 'http*://*') {
+                # Check validity of URL
                 try {
                     Invoke-WebRequest -Method Head -UseBasicParsing -Uri $finalUrl | Out-Null
+                } catch {
+                    throw "Setting: install$($list) contains an inaccessible URL: $($url). Error was: $($_.Exception.Message)"
+                }
+
+                # Try downloading the app file
+                try {
+                    if (-not (Test-Path $tempDependenciesLocation)) {
+                        New-Item -Path $tempDependenciesLocation -ItemType Directory | Out-Null
+                    }
+                    $urlWithoutQuery = $finalUrl.Split('?')[0].TrimEnd('/')
+                    $rawFileName = [System.IO.Path]::GetFileName($urlWithoutQuery)
+                    $decodedFileName = [Uri]::UnescapeDataString($rawFileName)
+                    $appFile = Join-Path $tempDependenciesLocation $decodedFileName
+                    Invoke-WebRequest -Method GET -UseBasicParsing -Uri $finalUrl -OutFile $appFile -MaximumRetryCount 3 -RetryIntervalSec 5 | Out-Null
                 }
                 catch {
-                    throw "Setting: install$($list) contains an inaccessible URL: $($url). Error was: $($_.Exception.Message)"
+                    throw "Could not download app from URL: $($url). Error was: $($_.Exception.Message)"
                 }
+            } else {
+                $appFile = $_
             }
-            return $finalUrl
+            return $appFile
         })
     }
 
     # Analyze app.json version dependencies before launching pipeline
 
     # Analyze InstallApps and InstallTestApps before launching pipeline
+    if ((-not $settings.doNotPublishApps)) {
+        # Test that InstallApps are not symbols packages
+        Import-Module (Join-Path -Path $PSScriptRoot -ChildPath ".\RunPipeline.psm1" -Resolve)
+        Test-InstallApps -AllInstallApps ($install.Apps + $install.TestApps) -ProjectPath $projectPath
+    }
 
     # Check if codeSignCertificateUrl+Password is used (and defined)
     if (!$settings.doNotSignApps -and $codeSignCertificateUrl -and $codeSignCertificatePassword -and !$settings.keyVaultCodesignCertificateName) {

Actions/RunPipeline/RunPipeline.psm1

@@ -0,0 +1,85 @@
+Import-Module (Join-Path $PSScriptRoot '..\TelemetryHelper.psm1' -Resolve)
+. (Join-Path -Path $PSScriptRoot -ChildPath "..\AL-Go-Helper.ps1" -Resolve)
+
+<#
+    .SYNOPSIS
+    Installs the AL tool.
+    .DESCRIPTION
+    Installs the AL tool from the Microsoft.Dynamics.BusinessCentral.Development.Tools package.
+    .RETURNS
+    The path to the al.exe tool.
+#>
+function Install-ALTool {
+    $DevelopmentToolsPackage = "Microsoft.Dynamics.BusinessCentral.Development.Tools"
+    $alToolFolder = Install-DotNetTool -PackageName $DevelopmentToolsPackage
+    # Load the AL tool from the downloaded package
+    $alExe = Get-ChildItem -Path $alToolFolder -Filter "al*" | Where-Object { $_.Name -eq "al" -or $_.Name -eq "al.exe" } | Select-Object -First 1 -ExpandProperty FullName
+    if (-not $alExe) {
+        throw "Could not find al.exe in the $DevelopmentToolsPackage package."
+    }
+    return $alExe
+}
+
+<#
+    .SYNOPSIS
+    Analyzes the install apps to check if they are symbols packages.
+    .DESCRIPTION
+    Analyzes the install apps to check if they are symbols packages.
+    If an app is a symbols package, it outputs a warning message.
+    .PARAMETER AllInstallApps
+    The list of all install apps to analyze.
+    .PARAMETER ProjectPath
+    The path to the project where the apps are located.
+#>
+function Test-InstallApps() {
+    Param(
+        [string[]] $AllInstallApps,
+        [string] $ProjectPath
+    )
+
+    if ($AllInstallApps.Count -eq 0) {
+        Write-Host "No install apps to analyze."
+        return
+    }
+
+    try {
+        # Install the AL tool and get the path to al.exe
+        $alExe = Install-ALTool
+
+        foreach ($app in $AllInstallApps) {
+            if (Test-Path -Path $app) {
+                $appFilePath = (Get-Item -Path $app).FullName
+            } else {
+                $appFilePath = Join-Path $ProjectPath $app -Resolve -ErrorAction SilentlyContinue
+            }
+
+            if ($appFilePath) {
+                $appFile = Get-Item -Path $appFilePath
+                $appFileName = $appFile.Name
+                Write-Host "Analyzing app file $appFileName"
+                if (IsSymbolsOnlyPackage -AppFilePath $appFile -AlExePath $alExe) {
+                    # If package is not a runtime package and has no source code files, it is a symbols package
+                    # Symbols packages are not meant to be published to a BC Environment
+                    OutputWarning -Message "App $appFileName is a symbols package and should not be published. The workflow may fail if you try to publish it."
+                }
+            } else {
+                Write-Host "App file path for $app could not be resolved. Skipping symbols check."
+            }
+        }
+    }
+    catch {
+        Trace-Warning -Message "Something went wrong while analyzing install apps."
+        OutputDebug -message "Error: $_"
+    }
+}
+
+function IsSymbolsOnlyPackage {
+    param(
+        [string] $AppFilePath,
+        [string] $AlExePath
+    )
+    . $AlExePath IsSymbolOnly $AppFilePath | Out-Null
+    return $LASTEXITCODE -eq 0
+}
+
+Export-ModuleMember -Function Test-InstallApps

Actions/Sign/Sign.psm1

@@ -1,15 +1,3 @@
-<#
-    .SYNOPSIS
-    Checks whether nuget.org is added as a nuget source.
-#>
-function AssertNugetSourceIsAdded() {
-    $nugetSource = "https://api.nuget.org/v3/index.json"
-    $nugetSourceExists = dotnet nuget list source | Select-String -Pattern $nugetSource
-    if (-not $nugetSourceExists) {
-        throw "Nuget source $nugetSource is not added. Please add the source using 'dotnet nuget add source $nugetSource' or add another source with nuget.org as an upstream source."
-    }
-}
-
 <#
     .SYNOPSIS
     Installs the dotnet signing tool.
@@ -19,26 +7,10 @@ function AssertNugetSourceIsAdded() {
 function Install-SigningTool() {
     . (Join-Path -Path $PSScriptRoot -ChildPath "..\AL-Go-Helper.ps1" -Resolve)
 
-    # Create folder in temp directory with a unique name
-    $tempFolder = Join-Path -Path ([System.IO.Path]::GetTempPath()) "SigningTool-$(Get-Random)"
-
-    # Get version of the signing tool
-    $version = GetPackageVersion -PackageName "sign"
-
-    # Install the signing tool in the temp folder
-    Write-Host "Installing signing tool version $version in $tempFolder"
-    New-Item -ItemType Directory -Path $tempFolder | Out-Null
-    dotnet tool install sign --version $version --tool-path $tempFolder | Out-Host
+    $signToolFolder = Install-DotNetTool -PackageName sign
 
     # Return the path to the signing tool
-    $signingTool = Join-Path -Path $tempFolder "sign.exe"
-    if (-not (Test-Path -Path $signingTool)) {
-        # Check if nuget.org is added as a nuget source
-        AssertNugetSourceIsAdded
-
-        # If the tool is not found, throw an error
-        throw "Failed to install signing tool. If you are using a self-hosted runner please make sure you've followed all the steps described in https://aka.ms/algosettings#runs-on."
-    }
+    $signingTool = Join-Path -Path $signToolFolder "sign.exe"
     return $signingTool
 }
 
@@ -159,4 +131,4 @@ function Invoke-SigningTool() {
     }
 }
 
-Export-ModuleMember -Function Invoke-SigningTool
+Export-ModuleMember -Function *-*

RELEASENOTES.md

@@ -29,6 +29,7 @@ Please note that some automated features are premium and require the use of [Git
 - Issue 1937 trackALAlertsInGitHub is failing in preview
 - DeployTo settings from environment-specific AL-Go settings are not applied when deploying
 - `ReadSettings` action outputs too much information that is mainly used for debugging
+- Issue 1512: Throw a warning before trying to publish symbols packages
 
 ## v7.3
 

Scenarios/DeliveryTargets.md

@@ -137,7 +137,7 @@ Unlike GitHub Packages, NuGet feeds configured with `NuGetContext` are not autom
 **Organizational Secret**: `GitHubPackagesContext`
 
 ```json
-{"token":"ghp_1234567890abcdef","serverUrl":"https://nuget.pkg.github.com/contoso/index.json"}
+{"token":"ghp_<your_token>","serverUrl":"https://nuget.pkg.github.com/contoso/index.json"}
 ```
 
 **AL-Go-Settings.json** (optional):

Scenarios/settings.md

@@ -100,7 +100,7 @@ The repository settings are only read from the repository settings file (.github
 | <a id="licenseFileUrlSecretName"></a>licenseFileUrlSecretName | Specify the name (**NOT the secret**) of the LicenseFileUrl secret. Default is LicenseFileUrl. AL-Go for GitHub will look for a secret with this name in GitHub Secrets or Azure KeyVault to use as LicenseFileUrl. A LicenseFileUrl is required when building AppSource apps for Business Central prior to version 22. Read [this](SetupCiCdForExistingAppSourceApp.md) for more information. | LicenseFileUrl |
 | <a id="ghTokenWorkflowSecretName"></a>ghTokenWorkflowSecretName | Specifies the name (**NOT the secret**) of the GhTokenWorkflow secret. Default is GhTokenWorkflow. AL-Go for GitHub will look for a secret with this name in GitHub Secrets or Azure KeyVault to use as Personal Access Token with permission to modify workflows when running the Update AL-Go System Files workflow. Read [this](UpdateAlGoSystemFiles.md) for more information. | GhTokenWorkflow |
 | <a id="adminCenterApiCredentialsSecretName"></a>adminCenterApiCredentialsSecretName | Specifies the name (**NOT the secret**) of the adminCenterApiCredentials secret. Default is adminCenterApiCredentials. AL-Go for GitHub will look for a secret with this name in GitHub Secrets or Azure KeyVault to use when connecting to the Admin Center API when creating Online Development Environments. Read [this](CreateOnlineDevEnv2.md) for more information. | AdminCenterApiCredentials |
-| <a id="installApps"></a>installApps | An array of 3rd party dependency apps, which you do not have access to through the appDependencyProbingPaths. The setting should be an array of either secure URLs or paths to folders or files relative to the project, where the CI/CD workflow can find and download the apps. The apps in installApps are downloaded and installed before compiling and installing the apps.<br/>**Note:** If you specify ${{SECRETNAME}} as part of a URL, it will be replaced by the value of the secret SECRETNAME. | [ ] |
+| <a id="installApps"></a>installApps | An array of 3rd party dependency apps, which you do not have access to through the appDependencyProbingPaths. The setting should be an array of either secure URLs or paths to folders or files relative to the project, where the build workflow can find and download the apps. The apps in installApps are downloaded and installed before compiling and installing the apps in the current project. Before adding an app to the installApps property, please ensure it is not a symbols-only package. Symbols-only packages are not intended for publishing and installing and using them via installApps might lead to compilation or runtime errors.<br/>**Note:** If you specify ${{SECRETNAME}} as part of a URL, it will be replaced by the value of the secret SECRETNAME. | [ ] |
 | <a id="installTestApps"></a>installTestApps | An array of 3rd party dependency apps, which you do not have access to through the appDependencyProbingPaths. The setting should be an array of either secure URLs or paths to folders or files relative to the project, where the CI/CD workflow can find and download the apps. The apps in installTestApps are downloaded and installed before compiling and installing the test apps. Adding a parentheses around the setting indicates that the test in this app will NOT be run, only installed.<br/>**Note:** If you specify ${{SECRETNAME}} as part of a URL, it will be replaced by the value of the secret SECRETNAME. | [ ] |
 | <a id="configPackages"></a>configPackages | An array of configuration packages to be applied to the build container before running tests. Configuration packages can be the relative path within the project or it can be STANDARD, EXTENDED or EVALUATION for the rapidstart packages, which comes with Business Central. | [ ] |
 | <a id="configPackages.country"></a>configPackages.country | An array of configuration packages to be applied to the build container for country **country** before running tests. Configuration packages can be the relative path within the project or it can be STANDARD, EXTENDED or EVALUATION for the rapidstart packages, which comes with Business Central. | [ ] |

Tests/RunPipeline.Action.Test.ps1

@@ -23,6 +23,27 @@ Describe "RunPipeline Action Tests" {
         YamlTest -scriptRoot $scriptRoot -actionName $actionName -actionScript $actionScript -outputs $outputs
     }
 
+    It 'Test warning for symbols packages' {
+        Import-Module (Join-Path $scriptRoot '.\RunPipeline.psm1' -Resolve) -Force
+        . (Join-Path $PSScriptRoot '../Actions/AL-Go-Helper.ps1')
+        Import-Module (Join-Path $PSScriptRoot '../Actions/TelemetryHelper.psm1')
+
+        # Mock the OutputWarning and Trace-Warning functions
+        Mock -CommandName OutputWarning -MockWith { param($Message) Write-Host "OutputWarning: $Message" } -ModuleName RunPipeline
+        Mock -CommandName Trace-Warning -MockWith { param($Message) Write-Host "Trace-Information: $Message" } -ModuleName RunPipeline
+
+        # Invoke the function with TestApp1 (a symbols package) and TestApp2 (a full app package)
+        $tempFolder = [System.IO.Path]::GetTempPath()
+        Test-InstallApps -AllInstallApps @(".\TestApps\EssentialBusinessHeadlinesFull.app", ".\TestApps\EssentialBusinessHeadlinesSymbols.app") -ProjectPath $PSScriptRoot -RunnerTempFolder $tempFolder
+
+        # Assert that the warning was output
+        Should -Invoke -CommandName 'OutputWarning' -Times 1 -ModuleName RunPipeline
+        Should -Invoke -CommandName 'OutputWarning' -Times 1 -ModuleName RunPipeline -ParameterFilter { $Message -like "*App EssentialBusinessHeadlinesSymbols.app is a symbols package and should not be published. The workflow may fail if you try to publish it." }
+
+        # Assert that Trace-Warning was not called
+        Assert-MockCalled Trace-Warning -Exactly 0 -ModuleName RunPipeline
+    }
+
     # Call action
 
 }