Move vcpkg-ce development into the vcpkg-tool repo. (#428)

* Move vcpkg-ce development into the vcpkg-tool repo. This change obsoletes https://github.com/microsoft/vcpkg-ce , which will be archived shortly after this merges. ce development did not maintain a linear history but vcpkg-tool does maintain a linear history, so I have not attempted to preserve "blame". The following files were not copied over: * `.git/**/*` * `.github/**/*` (workflows changes merged into pipelines.yaml) * `.scripts/verify-pr.yaml` * `.scripts/signing/**/*` * `LICENSE.md` * `test/vcpkg-ce.test.build.log` * `azure-pipelines.yml` The following files were modified: * `.vscode/**/*` was placed in the root, had paths rewritten to target the "ce" subdirectory, and a few tasks renamed to indicate that they target the "ce" subset. * `CODE_OF_CONDUCT.md`/`SECURITY.md`/`SUPPORT.md`/`PolicheckExclusion.xml` were placed in the root. * `.gitattributes` was merged with the existing one in the root. * `.gitignore` had a few things explicitly copied into the root but most were discarded. * `readme.md` had some content merged. * Add missing gitignores * Remove broken fast-xml-parser reference. * Fix some more vcpkg-ce names. * Fix some repo docs. * Add back overzealous vcpkg- removal for vcpkg-init. * Delete support.md as it's irrelevant in the tool repo. * Replay microsoft/vcpkg-ce#22 * Remove big test assets. * Update ce/getting-started.md Co-authored-by: Robert Schumacher <[email protected]> * Delete 'docs' folder. Co-authored-by: Robert Schumacher <[email protected]>
microsoft · Mar 23, 2022 · e0600cb · e0600cb
1 parent 3425b09
commit e0600cb
Show file tree

Hide file tree

Showing 262 changed files with 26,604 additions and 33 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -1 +1,20 @@
+# Don't allow people to merge changes to these generated files, because the result
+# may be invalid.  You need to run "rush update" again.
+ce/pnpm-lock.yaml               merge=binary
+ce/shrinkwrap.yaml              merge=binary
+ce/npm-shrinkwrap.json          merge=binary
+
+
+# Disable line ending smudges entirely.
 * -text
+
+# Rush's JSON config files use JavaScript-style code comments.  The rule below prevents pedantic
+# syntax highlighters such as GitHub's from highlighting these comments as errors.  Your text editor
+# may also require a special configuration to allow comments in JSON.
+#
+# For more information, see this issue: https://github.com/Microsoft/web-build-tools/issues/1088
+#
+*.json                       linguist-language=JSON-with-Comments
+*.png               binary
+*.gif               binary
+*.mp4               binary
diff --git a/.gitignore b/.gitignore
@@ -8,8 +8,17 @@
 /CMakeSettings.json
 /out
 .DS_Store
-# Qt Creator CMake project files
 CMakeLists.txt.user
 .cache
 /vcpkg-ce.zip
-/vcpkg-ce/**
+node_modules/
+**/.rush/
+**/dist/
+/ce/test/**/*.d.ts
+/ce/test/**/*.map
+/ce/test/**/*.js
+/ce/ce/vcpkg-ce.build.log
+/ce/common/config/rush/pnpm-lock.yaml
+/ce/test/vcpkg-ce.test.build.log
+/ce/common/temp
+/vcpkg-root
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -0,0 +1,9 @@
+# Microsoft Open Source Code of Conduct
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+
+Resources:
+
+- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
+- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
+- Contact [[email protected]](mailto:[email protected]) with questions or concerns
diff --git a/README.md b/README.md
@@ -16,6 +16,50 @@ tracking, and edits to which libraries are available.
 This repository contains the contents formerly at https://github.com/microsoft/vcpkg in the
 "toolsrc" tree, and build support.
 
+# Vcpkg-ce: "Configure Environment" / artifacts
+
+Parts of vcpkg powered by "ce" are currently in 'preview' -- there will most certainly be changes between now
+and when the tool is 'released' based on feedback. 
+
+You can use it, but be forewarned that we may change formats, commands, etc. 
+
+Think of it as a manifest-driven desired state configuration for C/C++ projects. 
+
+It 
+ - integrates itself into your shell (PowerShell, CMD, bash/zsh)
+ - can restore artifacts according to a manifest that follows one’s code 
+ - provides discoverability interfaces
+
+## Installation
+
+While the usage of `ce` is the same on all platforms, the installation/loading/removal is slightly different depending on the platform you're using.
+
+`ce` doesn't persist any changes to the environment, nor does it automatically add itself to the start-up environment. If you wish to make it load in a window, you can just execute the script. Manually adding that in your profile will load it in every new window.
+
+<hr>
+
+## Install/Use/Remove
+
+| OS              | Install                                             | Use                   | Remove                          |
+|-----------------|-----------------------------------------------------|-----------------------|---------------------------------|
+| **PowerShell/Pwsh** |`iex (iwr -useb https://aka.ms/vcpkg-init.ps1)`              |` . ~/.vcpkg/vcpkg-init.ps1`          | `rmdir -recurse ~/.vcpkg`          |
+| **Linux/OSX**       |`. <(curl https://aka.ms/vcpkg-init.sh -L)`                  |` . ~/.vcpkg/vcpkg-init.sh`          | `rm -rf ~/.ce`                  |
+| **CMD Shell**       |`curl -LO https://aka.ms/vcpkg-init.cmd && .\vcpkg-init.cmd` |`%USERPROFILE%\.vcpkg\vcpkg-init.cmd` | `rmdir /s /q %USERPROFILE%\.vcpkg` |
+
+## Glossary
+
+| Term       | Description                                         |
+|------------|-----------------------------------------------------|
+| `artifact` | An archive (.zip or .tar.gz-like), package (.nupkg, .vsix) binary inside which build tools or components thereof are stored. |
+| `artifact metadata` | A description of the locations one or more artifacts describing rules for which ones are deployed given selection of a host architecture, target architecture, or other properties|
+| `artifact identity` | A short string that uniquely describes a moniker that a given artifact (and its metadata) can be referenced by. They can have one of the following forms:<br> `full/identity/path` - the full identity of an artifact that is in the built-in artifact source<br>`sourcename:full/identity/path` - the full identity of an artifact that is in the artifact source specified by the sourcename prefix<br>`shortname` - the shortened unique name of an artifact that is in the built-in artifact source<br>`sourcename:shortname` - the shortened unique name of an artifact that is in the artifact source specified by the sourcename prefix<br>Shortened names are generated based off the shortest unique identity path in the given source. |
+| `artifact source` | Also known as a “feed”. An Artifact Source is a location that hosts metadata to locate artifacts. (_There is only one source currently_) |
+| `project profile` | The per-project configuration file (`environment.yaml` or `environment.json`) 
+| `AMF`&nbsp;or&nbsp;`Metadata`&nbsp;`Format` | The schema / format of the YAML/JSON files for project profiles, global settings, and artifacts metadata. |
+| `activation` | The process by which a particular set of artifacts are acquired and enabled for use in a calling command program.|
+| `versions` | Version numbers are specified using the Semver format. If a version for a particular operation isn't specified, a range for the latest version ( `*` ) is assumed. A version or version range can be specified using the npm semver matching syntax. When a version is stored, it can be stored using the version range specified, a space and then the version found. (ie, the first version is what was asked for, the second is what was installed. No need for a separate lock file.) |
+
+
 # Contributing
 
 Please refer to the "contributing" section of the
@@ -36,6 +80,14 @@ with any additional questions or comments.
 The product code in this repository is licensed under the [MIT License](LICENSE.txt). The tests
 contain 3rd party code as documented in `NOTICE.txt`.
 
+# Trademarks
+
+This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft 
+trademarks or logos is subject to and must follow 
+[Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general).
+Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
+Any use of third-party trademarks or logos are subject to those third-party's policies.
+
 # Telemetry
 
 vcpkg collects usage data in order to help us improve your experience.

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.5 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
+
+If you prefer to submit without logging in, send email to [[email protected]](mailto:[email protected]).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->
diff --git a/azure-pipelines/arch-independent-signing.signproj b/azure-pipelines/arch-independent-signing.signproj
@@ -11,14 +11,14 @@
   </ItemGroup>
 
   <ItemGroup>
-    <FilesToSign Include="$(IntermediateOutputPath)\vcpkg-ce\**\*.js" Exclude="$(IntermediateOutputPath)\vcpkg-ce\**\node_modules\**\*.js">
+    <FilesToSign Include="$(IntermediateOutputPath)\ce\**\*.js" Exclude="$(IntermediateOutputPath)\ce\**\node_modules\**\*.js">
       <Authenticode>Microsoft400</Authenticode>
     </FilesToSign>
-    <FilesToSign Include="$(IntermediateOutputPath)\vcpkg-ce\scripts\ce.ps1">
+    <FilesToSign Include="$(IntermediateOutputPath)\ce\scripts\ce.ps1">
       <Authenticode>Microsoft400</Authenticode>
     </FilesToSign>
-    <FilesToSign Include="$(IntermediateOutputPath)\vcpkg-ce\**\node_modules\**\*.js"
-                 Exclude="$(IntermediateOutputPath)\vcpkg-ce\common\temp\node_modules\.pnpm\**\node_modules\fast-xml-parser\src\xmlbuilder\prettifyJs2Xml.js">
+    <FilesToSign Include="$(IntermediateOutputPath)\ce\**\node_modules\**\*.js"
+                 Exclude="$(IntermediateOutputPath)\ce\common\temp\node_modules\.pnpm\**\node_modules\fast-xml-parser\src\xmlbuilder\prettifyJs2Xml.js">
       <Authenticode>3PartyScriptsSHA2</Authenticode>
     </FilesToSign>
     <FilesToSign Include="$(IntermediateOutputPath)\vcpkg-init.ps1">

diff --git a/azure-pipelines/pipelines.yml b/azure-pipelines/pipelines.yml
@@ -1,6 +1,6 @@
 jobs:
 - job: linux_gcc_9
-  displayName: 'Ubuntu 20.04 with GCC 9'
+  displayName: 'Ubuntu 20.04 with GCC 9, plus vcpkg-ce'
   pool:
     vmImage: 'ubuntu-20.04'
   variables:
@@ -11,6 +11,34 @@ jobs:
         git clone https://github.com/microsoft/vcpkg "$VCPKG_ROOT" -n
         git -C "$VCPKG_ROOT" checkout `cat vcpkg-init/vcpkg-scripts-sha.txt`
       displayName: "Clone vcpkg repo to serve as root"
+    - task: NodeTool@0
+      inputs:
+        versionSpec: '16.x'
+      displayName: 'Install Node.js'
+    - script: |
+        cd ce
+
+        npm install -g npm
+        rc=$?; if [ $rc -ne 0 ]; then exit $rc ; fi
+
+        npx @microsoft/rush update
+        rc=$?; if [ $rc -ne 0 ]; then exit $rc ; fi
+
+        npx @microsoft/rush rebuild
+        rc=$?; if [ $rc -ne 0 ]; then exit $rc ; fi
+
+        npx @microsoft/rush test
+        rc=$?; if [ $rc -ne 0 ]; then exit $rc ; fi
+
+        npx @microsoft/rush lint
+        rc=$?; if [ $rc -ne 0 ]; then exit $rc ; fi
+
+        if [ -n "$(git status --porcelain)" ]; then
+          echo "ERROR: Working directory is dirty. Are there test output files missing from the PR?"
+          git status
+          exit 1
+        fi
+      displayName: 'Rush install, build and test vcpkg-ce'
     - bash: |
         export CXXFLAGS="-fprofile-arcs -ftest-coverage -fPIC -O0"
         cmake -DCMAKE_BUILD_TYPE=Debug -DBUILD_TESTING=ON -DVCPKG_DEVELOPMENT_WARNINGS=ON -DVCPKG_WARNINGS_AS_ERRORS=ON -DVCPKG_BUILD_FUZZING=ON -B build.amd64.debug

diff --git a/azure-pipelines/signing.yml b/azure-pipelines/signing.yml
@@ -66,55 +66,42 @@ jobs:
         filePath: vcpkg-init/lock-versions.ps1
         arguments: '-Destination "$(Build.BinariesDirectory)" -VcpkgBaseVersion $(VCPKG_INITIAL_BASE_VERSION)'
     # Build and test vcpkg-ce
-    - task: PowerShell@2
-      displayName: 'Download vcpkg-ce sources'
-      inputs:
-        targetType: 'inline'
-        script: |
-          $sha = Get-Content azure-pipelines/vcpkg-ce-sha.txt -Raw
-          $sha = $sha.Trim()
-          if( test-path vcpkg-ce) { rmdir -recurse -force vcpkg-ce -ea 0 }
-          # this will keep the .git folder, which is used by set-versions to accurately set the version of ce
-          git clone https://github.com/microsoft/vcpkg-ce/ vcpkg-ce
-          cd vcpkg-ce
-          git checkout $sha
-        pwsh: true
     - task: UseNode@1
       displayName: Use Node 16 or later
       inputs:
         version: "16.x"
     - script: npm install -g @microsoft/rush
       displayName: Install Rush
-      workingDirectory: vcpkg-ce
+      workingDirectory: ce
     - script: rush update
       displayName: Install vcpkg-ce Dependencies
-      workingDirectory: vcpkg-ce
+      workingDirectory: ce
     - script: rush lint
       displayName: Check vcpkg-ce for Linting Errors
-      workingDirectory: vcpkg-ce
+      workingDirectory: ce
     - script: rush rebuild
       displayName: Build vcpkg-ce Packages
-      workingDirectory: vcpkg-ce
+      workingDirectory: ce
     - script: rush test
       displayName: Run vcpkg-ce Tests
-      workingDirectory: vcpkg-ce
+      workingDirectory: ce
     - script: |
         rush set-versions
         node -e "const c = require('./ce/package.json'); p = require('./assets/package.json') ; p.version = c.version; require('fs').writeFileSync('./assets/package.json', JSON.stringify(p,undefined,2)); console.log(``set asset version to `${p.version}``);"
       displayName: Set vcpkg-ce Package Versions
-      workingDirectory: vcpkg-ce
-    - script: mkdir "$(Build.BinariesDirectory)\vcpkg-ce" && rush deploy -t "$(Build.BinariesDirectory)\vcpkg-ce"
+      workingDirectory: ce
+    - script: mkdir "$(Build.BinariesDirectory)\ce" && rush deploy -t "$(Build.BinariesDirectory)\ce"
       displayName: Collect vcpkg-ce Dependencies
-      workingDirectory: vcpkg-ce
+      workingDirectory: ce
     - task: ComponentGovernanceComponentDetection@0
       displayName: Detect Components
       inputs:
-        ignoreDirectories: vcpkg-ce/common/temp
+        ignoreDirectories: ce/common/temp
     # Inject the NOTICE file. This must run after component detection.
     - task: msospo.ospo-extension.8d7f9abb-6896-461d-9e25-4f74ed65ddb2.notice@0
       displayName: Generate NOTICE File
       inputs:
-        outputfile: $(Build.BinariesDirectory)/vcpkg-ce/NOTICE.txt
+        outputfile: $(Build.BinariesDirectory)/ce/NOTICE.txt
     - task: MicroBuildSigningPlugin@3
       displayName: Install MicroBuild Signing
       inputs:
@@ -148,10 +135,10 @@ jobs:
         arguments: '-DestinationTarball "$(Build.BinariesDirectory)\vcpkg-standalone-bundle.tar.gz" -TempDir standalone-temp "$(Build.BinariesDirectory)\vcpkg-init.cmd" "$(Build.BinariesDirectory)\vcpkg-init.ps1" "$(Build.BinariesDirectory)\vcpkg-init"'
     - script: npm pack
       displayName: Create vcpkg-ce Pack
-      workingDirectory: $(Build.BinariesDirectory)/vcpkg-ce
+      workingDirectory: $(Build.BinariesDirectory)/ce
     - script: |
         mkdir "$(Build.ArtifactStagingDirectory)\staging"
-        move "$(Build.BinariesDirectory)\vcpkg-ce\vcpkg-ce-*.tgz" "$(Build.ArtifactStagingDirectory)\staging\vcpkg-ce.tgz"
+        move "$(Build.BinariesDirectory)\ce\vcpkg-ce-*.tgz" "$(Build.ArtifactStagingDirectory)\staging\vcpkg-ce.tgz"
         move "$(Build.BinariesDirectory)\vcpkg-standalone-bundle.tar.gz" "$(Build.ArtifactStagingDirectory)\staging\vcpkg-standalone-bundle.tar.gz"
         move "$(Build.BinariesDirectory)\vcpkg-init" "$(Build.ArtifactStagingDirectory)\staging\vcpkg-init"
         move "$(Build.BinariesDirectory)\vcpkg-init.ps1" "$(Build.ArtifactStagingDirectory)\staging\vcpkg-init.ps1"

diff --git a/azure-pipelines/vcpkg-ce-sha.txt b/azure-pipelines/vcpkg-ce-sha.txt
diff --git a/ce/.eslintignore b/ce/.eslintignore
@@ -0,0 +1 @@
+**/*.d.ts
diff --git a/ce/.scripts/for-each.js b/ce/.scripts/for-each.js
@@ -0,0 +1,76 @@
+const { spawn } = require('child_process');
+const { readFileSync } = require('fs');
+const { resolve } = require('path');
+
+/** Reads a json/jsonc file and returns the JSON.
+ * 
+ * Necessary because rush uses jsonc ( >,< )
+ */
+function read(filename) {
+  const txt = readFileSync(filename, "utf8")
+    .replace(/\r/gm, "")
+    .replace(/\n/gm, "«")
+    .replace(/\/\*.*?\*\//gm, "")
+    .replace(/«/gm, "\n")
+    .replace(/\s+\/\/.*/g, "");
+  return JSON.parse(txt);
+}
+
+const repo = `${__dirname}/..`;
+
+const rush = read(`${repo}/rush.json`);
+const pjs = {};
+
+function forEachProject(onEach) {
+  // load all the projects
+  for (const each of rush.projects) {
+    const packageName = each.packageName;
+    const projectFolder = resolve(`${repo}/${each.projectFolder}`);
+    const project = JSON.parse(readFileSync(`${projectFolder}/package.json`));
+    onEach(packageName, projectFolder, project);
+  }
+}
+
+function npmForEach(cmd) {
+  let count = 0;
+  let failing = false;
+  const result = {};
+  const procs = [];
+  const t1 = process.uptime() * 100;
+  forEachProject((name, location, project) => {
+    // checks for the script first
+    if (project.scripts[cmd]) {
+      count++;
+      const proc = spawn("npm", ["--silent", "run", cmd], { cwd: location, shell: true, stdio: "inherit" });
+      procs.push(proc);
+      result[name] = {
+        name, location, project, proc,
+      };
+    }
+  });
+
+  procs.forEach(proc => proc.on("close", (code, signal) => {
+    count--;
+    failing || !!code;
+
+    if (count === 0) {
+      const t2 = process.uptime() * 100;
+
+      console.log('---------------------------------------------------------');
+      if (failing) {
+        console.log(`  Done : command '${cmd}' - ${Math.floor(t2 - t1) / 100} s -- Errors encountered. `)
+      } else {
+        console.log(`  Done : command '${cmd}' - ${Math.floor(t2 - t1) / 100} s -- No Errors `)
+      }
+      console.log('---------------------------------------------------------');
+      process.exit(failing ? 1 : 0);
+    }
+  }));
+
+  return result;
+}
+
+module.exports.forEachProject = forEachProject;
+module.exports.npm = npmForEach;
+module.exports.projectCount = rush.projects.length;
+module.exports.read = read;
diff --git a/ce/.scripts/npm-run.js b/ce/.scripts/npm-run.js
@@ -0,0 +1,2 @@
+// Runs the npm run command on each project that has it.
+require('./for-each').npm(process.argv[2]);
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		// Runs the npm run command on each project that has it.
		require('./for-each').npm(process.argv[2]);