microsoft · echalone · Jul 29, 2021 · Jul 29, 2021 · Aug 2, 2021 · Jan 26, 2022
@@ -18,6 +18,9 @@ public class ConfigureAgent : ConfigureOrRemoveBase
         [Option(Constants.Agent.CommandLine.Flags.AddMachineGroupTags)]
         public bool AddMachineGroupTags { get; set; }
 
+        [Option(Constants.Agent.CommandLine.Flags.AllowWorkDirectoryRepositories)]
+        public bool AllowWorkDirectoryRepositories { get; set; }
+
         [Option(Constants.Agent.CommandLine.Flags.AlwaysExtractTask)]
         public bool AlwaysExtractTask { get; set; }
 

@@ -532,6 +532,11 @@ public bool GetDisableLogUploads()
             return TestFlag(Configure?.DisableLogUploads, Constants.Agent.CommandLine.Flags.DisableLogUploads);
         }
 
+        public bool GetAllowWorkDirectoryRepositories()
+        {
+            return TestFlag(Configure?.AllowWorkDirectoryRepositories, Constants.Agent.CommandLine.Flags.AllowWorkDirectoryRepositories);
+        }
+
         public bool Unattended()
         {
             if (TestFlag(GetConfigureOrRemoveBase()?.Unattended, Constants.Agent.CommandLine.Flags.Unattended))

@@ -373,6 +373,8 @@ public async Task ConfigureAsync(CommandSettings command)
 
             agentSettings.DisableLogUploads = command.GetDisableLogUploads();
 
+            agentSettings.AllowWorkDirectoryRepositories = command.GetAllowWorkDirectoryRepositories();
+
             agentSettings.AlwaysExtractTask = command.GetAlwaysExtractTask();
 
             _store.SaveSettings(agentSettings);

@@ -92,6 +92,11 @@ protected bool HasMultipleCheckouts(AgentTaskPluginExecutionContext executionCon
             return executionContext != null && RepositoryUtil.HasMultipleCheckouts(executionContext.JobSettings);
         }
 
+        protected bool AllowWorkDirectoryRepositories(AgentTaskPluginExecutionContext executionContext)
+        {
+            return executionContext != null && RepositoryUtil.AllowWorkDirectoryRepositories(executionContext.AgentSettings);
+        }
+
         protected TeeUtil teeUtil;
         protected void initializeTeeUtil(AgentTaskPluginExecutionContext executionContext, CancellationToken cancellationToken)
         {
@@ -140,24 +145,34 @@ public override async Task RunAsync(AgentTaskPluginExecutionContext executionCon
             MergeCheckoutOptions(executionContext, repo);
 
             var currentRepoPath = repo.Properties.Get<string>(Pipelines.RepositoryPropertyNames.Path);
+            var workDirectory = executionContext.Variables.GetValueOrDefault("agent.workfolder")?.Value;
             var buildDirectory = executionContext.Variables.GetValueOrDefault("agent.builddirectory")?.Value;
             var tempDirectory = executionContext.Variables.GetValueOrDefault("agent.tempdirectory")?.Value;
 
             ArgUtil.NotNullOrEmpty(currentRepoPath, nameof(currentRepoPath));
+            ArgUtil.NotNullOrEmpty(workDirectory, nameof(workDirectory));
             ArgUtil.NotNullOrEmpty(buildDirectory, nameof(buildDirectory));
             ArgUtil.NotNullOrEmpty(tempDirectory, nameof(tempDirectory));
 
             // Determine the path that we should clone/move the repository into
             const string sourcesDirectory = "s"; //Constants.Build.Path.SourcesDirectory
             string expectRepoPath;
             var path = executionContext.GetInput("path");
+            var maxRootDirectory = buildDirectory;
+
             if (!string.IsNullOrEmpty(path))
             {
                 // When the checkout task provides a path, always use that one
                 expectRepoPath = IOUtil.ResolvePath(buildDirectory, path);
-                if (!expectRepoPath.StartsWith(buildDirectory.Replace(Path.AltDirectorySeparatorChar, Path.DirectorySeparatorChar) + Path.DirectorySeparatorChar))
+
+                if (AllowWorkDirectoryRepositories(executionContext))
+                {
+                    maxRootDirectory = workDirectory;
+                }
+
+                if (!expectRepoPath.StartsWith(maxRootDirectory.Replace(Path.AltDirectorySeparatorChar, Path.DirectorySeparatorChar) + Path.DirectorySeparatorChar))
                 {
-                    throw new ArgumentException($"Input path '{path}' should resolve to a directory under '{buildDirectory}', current resolved path '{expectRepoPath}'.");
+                    throw new ArgumentException($"Input path '{path}' should resolve to a directory under '{maxRootDirectory}', current resolved path '{expectRepoPath}'.");
                 }
             }
             else if (HasMultipleCheckouts(executionContext))

@@ -34,6 +34,11 @@ public class WellKnownJobSettings
         public static readonly string WorkspaceIdentifier = "WorkspaceIdentifier";
     }
 
+    public class WellKnownAgentSettings
+    {
+        public static readonly string AllowWorkDirectoryRepositories = "AllowWorkDirectoryRepositories";
+    }
+
     public class AgentTaskPluginExecutionContext : ITraceWriter, IKnobValueContext
     {
         private VssConnection _connection;
@@ -62,6 +67,7 @@ public AgentTaskPluginExecutionContext(ITraceWriter trace)
         public Dictionary<string, string> Inputs { get; set; }
         public ContainerInfo Container { get; set; }
         public Dictionary<string, string> JobSettings { get; set; }
+        public Dictionary<string, string> AgentSettings { get; set; }
         public AgentWebProxySettings WebProxySettings { get; private set; }
 
         [JsonIgnore]

@@ -40,6 +40,19 @@ public static bool HasMultipleCheckouts(Dictionary<string, string> jobSettings)
             return false;
         }
 
+        /// <summary>
+        /// Returns true if the dictionary contains the 'AllowWorkDirectoryRepository' key and the value is set to 'true'.
+        /// </summary>
+        public static bool AllowWorkDirectoryRepositories(Dictionary<string, string> agentSettings)
+        {
+            if (agentSettings != null && agentSettings.TryGetValue(WellKnownAgentSettings.AllowWorkDirectoryRepositories, out string allowWorkDirectoryRepositoriesText))
+            {
+                return bool.TryParse(allowWorkDirectoryRepositoriesText, out bool allowWorkDirectoryRepositories) && allowWorkDirectoryRepositories;
+            }
+
+            return false;
+        }
+
         /// <summary>
         /// Returns true if the string matches the primary repository name (self)
         /// </summary>

@@ -121,6 +121,7 @@ public AgentTaskPluginExecutionContext GeneratePluginExecutionContext(IExecution
                 Endpoints = context.Endpoints,
                 Container = containerInfo, //TODO: Figure out if this needs to have all the containers or just the one for the current step
                 JobSettings = context.JobSettings,
+                AgentSettings = context.AgentSettings,
             };
 
             // variables

@@ -190,17 +190,36 @@ public string GetRelativeRepositoryPath(
             string buildDirectory,
             string repositoryPath)
         {
+            var maxRootDirectory = buildDirectory;
+            var workDirectory = HostContext.GetDirectory(WellKnownDirectory.Work);
+            var allowWorkDirectoryRepositories = HostContext.GetService<IConfigurationStore>().GetSettings().AllowWorkDirectoryRepositories;
+
             ArgUtil.NotNullOrEmpty(buildDirectory, nameof(buildDirectory));
             ArgUtil.NotNullOrEmpty(repositoryPath, nameof(repositoryPath));
 
-            if (repositoryPath.StartsWith(buildDirectory + Path.DirectorySeparatorChar) || repositoryPath.StartsWith(buildDirectory + Path.AltDirectorySeparatorChar))
+            // resolve any potentially left over relative part of the path
+            repositoryPath = Path.GetFullPath(repositoryPath);
+
+            if (allowWorkDirectoryRepositories)
+            {
+                maxRootDirectory = workDirectory;
+            }
+
+            if (repositoryPath.StartsWith(maxRootDirectory + Path.DirectorySeparatorChar) || repositoryPath.StartsWith(maxRootDirectory + Path.AltDirectorySeparatorChar))
             {
                 // The sourcesDirectory in tracking file is a relative path to agent's work folder.
-                return repositoryPath.Substring(HostContext.GetDirectory(WellKnownDirectory.Work).Length + 1).TrimEnd(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar);
+                return repositoryPath.Substring(workDirectory.Length + 1).TrimEnd(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar);
             }
             else
             {
-                throw new ArgumentException($"Repository path '{repositoryPath}' should be located under agent's work directory '{buildDirectory}'.");
+                if (allowWorkDirectoryRepositories)
+                {
+                    throw new ArgumentException($"Repository path '{repositoryPath}' should be located under agent's work directory '{workDirectory}'.");
+                }
+                else
+                {
+                    throw new ArgumentException($"Repository path '{repositoryPath}' should be located under agent's build directory '{buildDirectory}'.");
+                }
             }
         }
 

@@ -37,6 +37,7 @@ public interface IExecutionContext : IAgentService, IKnobValueContext
         List<ServiceEndpoint> Endpoints { get; }
         List<SecureFile> SecureFiles { get; }
         List<Pipelines.RepositoryResource> Repositories { get; }
+        Dictionary<string, string> AgentSettings { get; }
         Dictionary<string, string> JobSettings { get; }
 
         PlanFeatures Features { get; }
@@ -130,6 +131,7 @@ public sealed class ExecutionContext : AgentService, IExecutionContext, IDisposa
         public List<SecureFile> SecureFiles { get; private set; }
         public List<Pipelines.RepositoryResource> Repositories { get; private set; }
         public Dictionary<string, string> JobSettings { get; private set; }
+        public Dictionary<string, string> AgentSettings { get; private set; }
         public Variables Variables { get; private set; }
         public Variables TaskVariables { get; private set; }
         public HashSet<string> OutputVariables => _outputvariables;
@@ -183,6 +185,10 @@ public override void Initialize(IHostContext hostContext)
             }
 
             _jobServerQueue = HostContext.GetService<IJobServerQueue>();
+
+            // Agent Settings
+            AgentSettings = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+            AgentSettings[WellKnownAgentSettings.AllowWorkDirectoryRepositories] = HostContext.GetService<IConfigurationStore>().GetSettings().AllowWorkDirectoryRepositories ? Boolean.TrueString : Boolean.FalseString;
         }
 
         public void CancelToken()
@@ -226,6 +232,7 @@ public IExecutionContext CreateChild(Guid recordId, string displayName, string r
             child.Endpoints = Endpoints;
             child.Repositories = Repositories;
             child.JobSettings = JobSettings;
+            child.AgentSettings = AgentSettings;
             child.SecureFiles = SecureFiles;
             child.TaskVariables = taskVariables;
             child._cancellationTokenSource = new CancellationTokenSource();

@@ -37,6 +37,7 @@ public Task<List<Capability>> GetCapabilitiesAsync(AgentSettings settings, Cance
             Add(capabilities, "Agent.Version", BuildConstants.AgentPackage.Version);
             Add(capabilities, "Agent.ComputerName", Environment.MachineName ?? string.Empty);
             Add(capabilities, "Agent.HomeDirectory", HostContext.GetDirectory(WellKnownDirectory.Root));
+            Add(capabilities, "AllowWorkDirectoryRepositories", settings.AllowWorkDirectoryRepositories.ToString());
             return Task.FromResult(capabilities);
         }
 

@@ -132,6 +132,9 @@ public string Fingerprint
 
         [DataMember(EmitDefaultValue = false)]
         public int MaxDedupParallelism { get; set; }
+
+        [DataMember(EmitDefaultValue = false)]
+        public bool AllowWorkDirectoryRepositories { get; set; }
     }
 
     [DataContract]

@@ -138,6 +138,7 @@ public static class Flags
                     public const string AddDeploymentGroupTags = "adddeploymentgrouptags";
                     public const string AddMachineGroupTags = "addmachinegrouptags";
                     public const string AddEnvironmentVirtualMachineResourceTags = "addvirtualmachineresourcetags";
+                    public const string AllowWorkDirectoryRepositories = "allowworkdirectoryrepositories";
                     public const string AlwaysExtractTask = "alwaysextracttask";
                     public const string Commit = "commit";
                     public const string DeploymentGroup = "deploymentgroup";