Merge branch 'platform-runtime-helper' of https://github.com/mcNets/uno…

… into platform-runtime-helper

.github/workflows/codeql.yml

@@ -0,0 +1,96 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL Advanced"
+
+on:
+  push:
+    branches: [ "master", "feature/*", "legacy/**", "release/beta/*", "release/stable/*" ]
+  pull_request:
+    branches: [ "master", "feature/*", "legacy/**", "release/beta/*", "release/stable/*" ]
+  schedule:
+    - cron: '16 14 * * 1'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: csharp
+          build-mode: none
+        - language: java-kotlin
+          build-mode: none # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too.
+        - language: javascript-typescript
+          build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    # If the analyze step fails for one of the languages you are analyzing with
+    # "We were unable to automatically build your code", modify the matrix above
+    # to set the build mode to "manual" for that language. Then modify this step
+    # to build your code.
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    - if: matrix.build-mode == 'manual'
+      shell: bash
+      run: |
+        echo 'If you are using a "manual" build mode for one or more of the' \
+          'languages you are analyzing, replace this with the commands to build' \
+          'your code, for example:'
+        echo '  make bootstrap'
+        echo '  make release'
+        exit 1
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/scorecard.yml

@@ -0,0 +1,73 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '24 13 * * 4'
+  push:
+    branches: [ "master" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecard on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: false
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard (optional).
+      # Commenting out will disable upload of results to your repo's Code Scanning dashboard
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif

.github/workflows/uwp-autoconvert.yml

@@ -13,7 +13,7 @@ concurrency:
   cancel-in-progress: true
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  UnoCheck_Version: '1.26.0-dev.63'
+  UnoCheck_Version: '1.27.0-dev.8'
 
 jobs:
   build:

.vsts-ci-docs.yml

@@ -17,7 +17,7 @@ pr:
       - legacy/*
 
 variables:
-  windowsScaledPool: 'Windows2022-20240421'
+  windowsScaledPool: 'Windows2022-20241021-1'
   linuxVMImage: 'ubuntu-latest'
 
 stages:

.vsts-ci.yml

@@ -53,7 +53,7 @@ variables:
   DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
   windows2019HostedVMImage: 'windows-2019'
   windows2022HostedVMImage: 'windows-2022'
-  windowsScaledPool: 'Windows2022-20240421'
+  windowsScaledPool: 'Windows2022-20241021-1'
   linuxVMImage: 'ubuntu-latest'
   linuxScaledPool: 'Ubuntu2204-20230918'
   macOSVMImage: 'macOS-15'

build/PackageDiffIgnore.xml

@@ -1994,7 +1994,7 @@
 		NOT what will be published by the PR in progress.
 		To test locally, you need to install: 
 			; the tool version can be found from the failed task OR look for "ValidatePackage" in Uno.UI.Build.csproj
-			dotnet tool install --global Uno.PackageDiff --version 1.1.0-dev.25
+			dotnet tool install --global Uno.PackageDiff --version 1.1.0-dev.29
 		Then, run this command: // the command is supposed to be one line
 			generatepkgdiff
 				--base=path/to/the-latest-stable-from-nuget-org/uno.winui.5.2.175.nupkg

build/Uno.UI.Build.csproj

@@ -390,7 +390,7 @@
 			<_diffPackage Include="Uno.UI.Adapter.Microsoft.Extensions.Logging" Other="..\..\..\NugetPackages-Artifacts-skia-$(ArtifactsPlatformName)\vslatest-skia\Uno.UI.Adapter.Microsoft.Extensions.Logging.$(GITVERSION_SemVer).nupkg" />
 		</ItemGroup>
 
-		<Exec Command="dotnet tool install --tool-path $(MSBuildThisFileDirectory)\tools Uno.PackageDiff --version 1.1.0-dev.25" IgnoreExitCode="true" />
+		<Exec Command="dotnet tool install --tool-path $(MSBuildThisFileDirectory)\tools Uno.PackageDiff --version 1.1.0-dev.29" IgnoreExitCode="true" />
 
 		<MakeDir Directories="$(OutputDir)\ApiDiff" />
 		<Exec Command="$(MSBuildThisFileDirectory)\tools\generatepkgdiff.exe --base=%(_diffPackage.Identity) --other=%(_diffPackage.Other) --diffignore=PackageDiffIgnore.xml --outfile=$(OutputDir)\ApiDiff\ApiDiff.%(_diffPackage.Identity).$(GITVERSION_SemVer).md" />

build/ci/.azure-devops-project-template-tests.yml

@@ -36,8 +36,8 @@ jobs:
       artifactName: 'Nuget_Packages'
 
   - template: templates/gitversion.yml
-
   - template: templates/dotnet-mobile-install-windows.yml
+  - template: templates/uno-dev-feed.yml
 
   - script: copy $(System.ArtifactsDirectory)\Nuget_Packages\vslatest\*.nupkg $(Build.SourcesDirectory)\src\PackageCache
     displayName: Copy Artifacts to PackageCache
@@ -103,6 +103,7 @@ jobs:
       xCodeRoot: ${{ parameters.xCodeRoot }}
 
   - template: templates/dotnet-mobile-install-mac.yml
+  - template: templates/uno-dev-feed.yml
 
   - powershell: cp $(System.ArtifactsDirectory)/Nuget_Packages/vslatest/*.nupkg $(Build.SourcesDirectory)/src/PackageCache
     displayName: Copy Artifacts to PackageCache
@@ -134,6 +135,8 @@ jobs:
         TestGroup: '1'
       group_2:
         TestGroup: '2'
+      group_3:
+        TestGroup: '3'
 
   variables:
     # don't validate transitive dependencies for template tests
@@ -145,11 +148,10 @@ jobs:
       artifactName: 'Nuget_Packages'
 
   - template: templates/gitversion.yml
-
   - template: templates/dotnet-mobile-install-linux.yml
-
   - template: templates/gitversion.yml
-
+  - template: templates/uno-dev-feed.yml
+
   - script: cp $(System.ArtifactsDirectory)/Nuget_Packages/vslatest/*.nupkg $(Build.SourcesDirectory)/src/PackageCache
     displayName: Copy Artifacts to PackageCache
 

build/ci/net9/global.json

@@ -1,11 +1,11 @@
 {
 	"sdk": {
-		"version": "9.0.100-rc.2.24474.11",
+		"version": "9.0.100",
 		"allowPrerelease": true,
 		"rollForward": "disable"
 	},
 	"tools": {
-		"dotnet": "9.0.100-rc.2.24474.11"
+		"dotnet": "9.0.100"
 	},
 	"msbuild-sdks": {
 		"MSBuild.Sdk.Extras": "3.0.44",

build/ci/templates/dotnet-mobile-install-linux.yml

@@ -1,5 +1,5 @@
 parameters:
-  UnoCheck_Version: '1.26.0-dev.63'
+  UnoCheck_Version: '1.27.0-dev.8'
 
 steps:
 

build/ci/templates/dotnet-mobile-install-mac.yml

@@ -1,5 +1,5 @@
 parameters:
-  UnoCheck_Version: '1.26.0-dev.63'
+  UnoCheck_Version: '1.27.0-dev.8'
 
 steps:
 

build/ci/templates/dotnet-mobile-install-windows.yml

@@ -1,5 +1,5 @@
 parameters:
-  UnoCheck_Version: '1.26.0-dev.63'
+  UnoCheck_Version: '1.27.0-dev.8'
 
 steps:
 

build/ci/templates/uno-dev-feed.yml

@@ -0,0 +1,7 @@
+parameters:
+  nugetPackages: '$(Pipeline.Workspace)/.nuget/packages'
+
+steps:
+
+  - pwsh: dotnet nuget add source https://pkgs.dev.azure.com/uno-platform/1dd81cbd-cb35-41de-a570-b0df3571a196/_packaging/unoplatformdev/nuget/v3/index.json -n "uno-dev"
+    displayName: Add dev feed source

build/nuget/uno.winui.targets

@@ -21,4 +21,18 @@
 	<Import Project="../uno.winui.runtime-replace.targets" Condition="'$(_UnoIsWinAppSDKDefined)'!='true'" />
 
 	<Import Project="../uno.winui.winappsdk.targets" Condition="'$(_UnoIsWinAppSDKDefined)'=='true'" />
+
+	<!-- HD workaround for https://github.com/dotnet/sdk/issues/1212, see HD#2924 -->
+	<Target Name="_RemoveHDAnalyzerRelease"
+			BeforeTargets="CoreCompile;XamlPreCompile"
+			Condition=" '$(Optimize)' == 'true' ">
+		<!---
+		Remove HD analyzers in release mode, as they cannot work in release mode.
+		-->
+		<ItemGroup>
+			<_HDAnalyzerToRemove Include="@(Analyzer)" Condition="'%(Analyzer.NuGetPackageId)'=='Uno.UI.HotDesign'" />
+			<Analyzer Remove="@(_HDAnalyzerToRemove)"/>
+		</ItemGroup>
+	</Target>
+
 </Project>

build/test-scripts/run-net7-template-linux.ps1

@@ -48,13 +48,13 @@ $projects =
     @(0, "5.1/uno51blank/uno51blank.Wasm/uno51blank.Wasm.csproj", @(), @()),
 
     # 5.1 Recommended
-    @(0, "5.1/uno51recommended/uno51recommended.Skia.Gtk/uno51recommended.Skia.Gtk.csproj", @(), @()),
-    @(0, "5.1/uno51recommended/uno51recommended.Skia.Linux.FrameBuffer/uno51recommended.Skia.Linux.FrameBuffer.csproj", @(), @()),
-    @(0, "5.1/uno51recommended/uno51recommended.Skia.WPF/uno51recommended.Skia.WPF.csproj", @(), @()),
-    @(0, "5.1/uno51recommended/uno51recommended.Wasm/uno51recommended.Wasm.csproj", @(), @()),
-    @(0, "5.1/uno51recommended/uno51recommended.Server/uno51recommended.Server.csproj", @(), @()),
-    @(0, "5.1/uno51recommended/uno51recommended.Tests/uno51recommended.Tests.csproj", @(), @()),
-    @(0, "5.1/uno51recommended/uno51recommended.UITests/uno51recommended.UITests.csproj", @(), @()),
+    @(1, "5.1/uno51recommended/uno51recommended.Skia.Gtk/uno51recommended.Skia.Gtk.csproj", @(), @()),
+    @(1, "5.1/uno51recommended/uno51recommended.Skia.Linux.FrameBuffer/uno51recommended.Skia.Linux.FrameBuffer.csproj", @(), @()),
+    @(1, "5.1/uno51recommended/uno51recommended.Skia.WPF/uno51recommended.Skia.WPF.csproj", @(), @()),
+    @(1, "5.1/uno51recommended/uno51recommended.Wasm/uno51recommended.Wasm.csproj", @(), @()),
+    @(1, "5.1/uno51recommended/uno51recommended.Server/uno51recommended.Server.csproj", @(), @()),
+    @(1, "5.1/uno51recommended/uno51recommended.Tests/uno51recommended.Tests.csproj", @(), @()),
+    @(1, "5.1/uno51recommended/uno51recommended.UITests/uno51recommended.UITests.csproj", @(), @()),
 
     # 5.2 Blank
     @(1, "5.2/uno52blank/uno52blank/uno52blank.csproj", @(), @()),
@@ -69,16 +69,19 @@ $projects =
     @(1, "5.2/uno52Lib/uno52Lib.csproj", @(), @()),
 
     # 5.2 Uno NuGet Lib
-    @(1, "5.2/uno52NuGetLib/uno52NuGetLib.csproj", @(), @()),
+    @(2, "5.2/uno52NuGetLib/uno52NuGetLib.csproj", @(), @()),
 
     # 5.2 Uno SingleProject Lib
-    @(1, "5.2/uno52SingleProjectLib/uno52SingleProjectLib.csproj", @(), @()),
+    @(2, "5.2/uno52SingleProjectLib/uno52SingleProjectLib.csproj", @(), @()),
 
     # 5.2 Uno App with Library reference
-    @(1, "5.2/uno52AppWithLib/uno52AppWithLib/uno52AppWithLib.csproj", @(), @()),
+    @(2, "5.2/uno52AppWithLib/uno52AppWithLib/uno52AppWithLib.csproj", @(), @()),
 
     # 5.3 Blank with net9
-    @(2, "5.3/uno53net9blank/uno53net9blank/uno53net9blank.csproj", @(), @())
+    @(3, "5.3/uno53net9blank/uno53net9blank/uno53net9blank.csproj", @(), @()),
+
+    # 5.3 lib
+    @(3, "5.3/uno53net9Lib/uno53net9Lib.csproj", @(), @())
 
     # 5.3 blank publish testing
     # Disabled for LXD setup issues

build/test-scripts/run-netcore-mobile-template-tests.ps1

@@ -338,11 +338,17 @@ $projects =
     @(3, "5.3/uno53net9blank/uno53net9blank/uno53net9blank.csproj", @("-f", "net9.0-desktop"), @("macOS", "NetCore")),
     @(3, "5.3/uno53net9blank/uno53net9blank/uno53net9blank.csproj", @("-f", "net9.0-desktop", $sdkFeatures), @("macOS", "NetCore")),
 
+    # 5.3 Library
+    @(3, "5.3/uno53net9Lib/uno53net9Lib.csproj", @(), @("macOS", "NetCore")),
+
     # Default mode for the template is WindowsAppSDKSelfContained=true, which requires specifying a target platform.
     @(4, "5.2/uno52AppWithLib/uno52AppWithLib/uno52AppWithLib.csproj", @("-p:Platform=x86" , "-p:TargetFramework=net8.0-windows10.0.19041"), @()),
 
     # Publishing validation
-    @(4, "5.3/uno53net9blank/uno53net9blank/uno53net9blank.csproj", @("-f", "net9.0-desktop", "-p:PackageFormat=app"), @("OnlyMacOS", "NetCore", "Publish"))
+    @(4, "5.3/uno53net9blank/uno53net9blank/uno53net9blank.csproj", @("-f", "net9.0-desktop", "-p:PackageFormat=app"), @("OnlyMacOS", "NetCore", "Publish")),
+
+    # Ensure that build can happen even if a RID is specified
+    @(4, "5.3/uno53net9blank/uno53net9blank/uno53net9blank.csproj", @("-f", "net9.0-android", "-r", "android-arm64"), @("macOS", "NetCore"))
 
     ## Note for contributors
     ##

build/test-scripts/wasm-run-automated-uitests.sh

@@ -19,10 +19,6 @@ dotnet tool uninstall dotnet-serve --tool-path $BUILD_SOURCESDIRECTORY/build/too
 dotnet tool install dotnet-serve --version 1.10.140 --tool-path $BUILD_SOURCESDIRECTORY/build/tools || true
 export PATH="$PATH:$BUILD_SOURCESDIRECTORY/build/tools"
 
-# Workaround an issue where dotnet test gets stuck.
-# If this is removed and everything works, then remove it! :)
-export MSBUILDENSURESTDOUTFORTASKPROCESSES=1
-
 export UNO_UITEST_TARGETURI=http://localhost:8000
 export UNO_UITEST_DRIVERPATH_CHROME=$BUILD_SOURCESDIRECTORY/build/wasm-uitest-binaries/node_modules/chromedriver/lib/chromedriver
 export UNO_UITEST_CHROME_BINARY_PATH=~/.cache/puppeteer/chrome/linux-127.0.6533.72/chrome-linux64/chrome