diff --git a/.azuredevops/dependabot.yml b/.azuredevops/dependabot.yml new file mode 100644 index 00000000000..f18e60565a4 --- /dev/null +++ b/.azuredevops/dependabot.yml @@ -0,0 +1,5 @@ +version: 2 + +# Disabling dependabot on Azure DevOps as this is a mirrored repo. Updates should go through github. +enable-campaigned-updates: false +enable-security-updates: false diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index f279d791db2..1c89d970d51 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -5,4 +5,3 @@ /eng/ global.json /eng/dependabot @dotnet/dotnet-monitor -/eng/actions @dotnet/dotnet-monitor diff --git a/.github/releases.json b/.github/releases.json index 1682dfc0f6b..7904d7a7fb4 100644 --- a/.github/releases.json +++ b/.github/releases.json @@ -4,28 +4,17 @@ "cleanupUnsupportedReleasesAfterMonths": 12 }, "preview": [ - "10.0", "9.1" ], "supported": [ + "10.0", "9.0", "8.1" ], "unsupported": [ - "8.0", - "6.3" + "8.0" ], "releases": { - "6.3": { - "tag": "v6.3.10", - "minorReleaseDate": "2022-10-11T00:00:00.000Z", - "patchReleaseDate": "2024-11-12T00:00:00.000Z", - "supportedFrameworks": [ - "net6.0", - "netcoreapp3.1" - ], - "outOfSupportDate": "2024-11-12T00:00:00.000Z" - }, "8.0": { "tag": "v8.0.8", "minorReleaseDate": "2023-11-14T00:00:00.000Z", @@ -36,9 +25,9 @@ "outOfSupportDate": "2025-05-11T00:00:00.000Z" }, "9.0": { - "tag": "v9.0.4", + "tag": "v9.0.5", "minorReleaseDate": "2024-11-12T00:00:00.000Z", - "patchReleaseDate": "2025-08-06T00:00:00.000Z", + "patchReleaseDate": "2025-11-11T00:00:00.000Z", "supportedFrameworks": [ "net9.0" ] @@ -60,9 +49,9 @@ ] }, "10.0": { - "tag": "v10.0.0-rc.2.25503.6", - "minorReleaseDate": "2025-10-14T00:00:00.000Z", - "patchReleaseDate": "2025-10-14T00:00:00.000Z", + "tag": "v10.0.0", + "minorReleaseDate": "2025-11-12T00:00:00.000Z", + "patchReleaseDate": "2025-11-12T00:00:00.000Z", "supportedFrameworks": [ "net10.0" ] diff --git a/.github/workflows/check-learning-path-links.yml b/.github/workflows/check-learning-path-links.yml index c2a427fd77f..475aeb27296 100644 --- a/.github/workflows/check-learning-path-links.yml +++ b/.github/workflows/check-learning-path-links.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Checkout head - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.1 with: persist-credentials: true # need this for opening a PR fetch-depth: 0 @@ -30,7 +30,7 @@ jobs: echo "prev_sha=$prev_sha" >> $GITHUB_ENV - name: Checkout previous update - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.1 with: persist-credentials: false ref: ${{ env.prev_sha }} diff --git a/.github/workflows/check-markdown-links.yml b/.github/workflows/check-markdown-links.yml index b0843e38754..d33fb923da3 100644 --- a/.github/workflows/check-markdown-links.yml +++ b/.github/workflows/check-markdown-links.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd with: persist-credentials: false diff --git a/.github/workflows/cleanup-releases.yml b/.github/workflows/cleanup-releases.yml index cb12d9f84d7..e0eadf87443 100644 --- a/.github/workflows/cleanup-releases.yml +++ b/.github/workflows/cleanup-releases.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd with: persist-credentials: true # We need to persist credentials inorder to open a PR. diff --git a/.github/workflows/generate-release-notes.yml b/.github/workflows/generate-release-notes.yml index 3879ab2b54b..74f91bb346d 100644 --- a/.github/workflows/generate-release-notes.yml +++ b/.github/workflows/generate-release-notes.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout release branch - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd with: persist-credentials: false fetch-depth: 0 # Fetch the entire repo for the below git commit graph operations @@ -65,7 +65,7 @@ jobs: BASELINE_TAG: ${{ inputs.baselineTag }} - name: Checkout main - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd with: persist-credentials: true # We need to persist credentials to push the resulting changes upstream. ref: main diff --git a/.github/workflows/post-release.yml b/.github/workflows/post-release.yml index f2dac3baf1b..bff45509afe 100644 --- a/.github/workflows/post-release.yml +++ b/.github/workflows/post-release.yml @@ -29,7 +29,7 @@ jobs: # It's simpler than trying to parse our `eng/Versions.prop` due to the conditionals in it. steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd with: persist-credentials: false @@ -52,7 +52,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd with: persist-credentials: false @@ -104,7 +104,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd with: persist-credentials: true # We need to persist credentials inorder to open a PR. ref: bot/${{ env.TARGET_BRANCH_POSTFIX }} diff --git a/.github/workflows/spellcheck.yml b/.github/workflows/spellcheck.yml index e8b21a4ff78..748dfeec027 100644 --- a/.github/workflows/spellcheck.yml +++ b/.github/workflows/spellcheck.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd with: persist-credentials: false diff --git a/.github/workflows/submit-to-do-issue.yml b/.github/workflows/submit-to-do-issue.yml index fdf3cb29773..d9924076aea 100644 --- a/.github/workflows/submit-to-do-issue.yml +++ b/.github/workflows/submit-to-do-issue.yml @@ -27,7 +27,7 @@ jobs: }); - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd with: persist-credentials: false diff --git a/.github/workflows/sync-branches.yml b/.github/workflows/sync-branches.yml index 5d2bd5cea30..0a9ec27d757 100644 --- a/.github/workflows/sync-branches.yml +++ b/.github/workflows/sync-branches.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd with: persist-credentials: true # We need to persist credentials to push the resulting changes upstream. fetch-depth: 0 # Fetch the entire repo for the below git operations @@ -35,7 +35,6 @@ jobs: ".github" \ ".devcontainer" \ ".vscode" \ - "eng/actions" \ "cspell.json" \ "documentation/**.md" @@ -64,7 +63,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd with: persist-credentials: true # We need to persist credentials to push the resulting changes upstream. fetch-depth: 0 # Fetch the entire repo for the below git operations diff --git a/.github/workflows/update-release-version.yml b/.github/workflows/update-release-version.yml index 5a24e677d99..940f07eb2ec 100644 --- a/.github/workflows/update-release-version.yml +++ b/.github/workflows/update-release-version.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout branch - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd with: persist-credentials: true # We need to persist credentials to push the resulting changes upstream. diff --git a/documentation/release-process.md b/documentation/release-process.md index 19282ece9bf..a8983ad6fa8 100644 --- a/documentation/release-process.md +++ b/documentation/release-process.md @@ -23,6 +23,13 @@ - It can be helpful to create test release branches (e.g. release/test/8.x). Note these branches will trigger warnings because they are considered unprotected release branches and should be deleted as soon as possible. - If you created a build from a newly created release branch without a channel, you will get the message 'target build already exists on all channels'. To use this build you need to add it to a channel: `darc add-build-to-channel --id --channel "General Testing"`. +## Additional steps for GA releases + +1. [global.json](../global.json) typically points to `MicrosoftNETCoreApp100Version` and similar, but this will not work for GA releases (since the stable version has not yet been released). +1. Change `MicrosoftNETCoreApp100Version` to `VSRedistCommonNetCoreSharedFrameworkx64100Version` +1. Change `MicrosoftAspNetCoreApp100Version` `VSRedistCommonAspNetCoreSharedFrameworkx64100Version` +1. After the release is finished, this change should be reverted. + ## Updating dependencies If necessary, update dependencies in the release branch. @@ -33,7 +40,7 @@ If necessary, update dependencies in the release branch. 1. Use `darc get-subscriptions --target-repo monitor` to see existing subscriptions. 1. Use `darc trigger-subscriptions` to trigger an update. This will create a pull request that will update the Versions.details.xml file. 1. Sometimes an existing subscription needs to be updated. For example, when updating from Preview 5 to Preview 6: - +1. In some situations the build from the subscription may not be the one you want. You can manually update dependencies using `darc update-dependencies` ``` darc get-subscriptions --target-repo https://github.com/dotnet/dotnet-monitor --target-branch release/8.x https://github.com/dotnet/installer (.NET 8.0.1xx SDK Preview 5) ==> 'https://github.com/dotnet/dotnet-monitor' ('release/8.x') @@ -45,6 +52,8 @@ darc get-subscriptions --target-repo https://github.com/dotnet/dotnet-monitor -- https://github.com/dotnet/installer (.NET 8.0.1xx SDK Preview 6) ==> 'https://github.com/dotnet/dotnet-monitor' ('release/8.x') - Id: 2f528213-5355-43ec-0bf5-08db410c84fe +darc update-dependencies --id 288422 + ``` **For internal/release/\* build**: You will likely need to update the existing subscription to the **internal** sdk release. diff --git a/documentation/releaseNotes/releaseNotes.v10.0.0.md b/documentation/releaseNotes/releaseNotes.v10.0.0.md new file mode 100644 index 00000000000..f9731c73bbc --- /dev/null +++ b/documentation/releaseNotes/releaseNotes.v10.0.0.md @@ -0,0 +1,7 @@ +Today we are releasing the 10.0.0 build of the `dotnet monitor` tool. This release includes: + +- Updated dependencies + + + +If you would like to provide additional feedback to the team [please fill out this survey](https://aka.ms/dotnet-monitor-survey?src=rn). \ No newline at end of file diff --git a/documentation/releases.md b/documentation/releases.md index a2ad41c9a8b..7483e85403e 100644 --- a/documentation/releases.md +++ b/documentation/releases.md @@ -4,7 +4,8 @@ | Version | Original Release Date | Latest Patch Version | Patch Release Date | End of Support | Runtime Frameworks | | --- | --- | --- | --- | --- | --- | -| 9.0 | November 12, 2024 | [9.0.4](https://github.com/dotnet/dotnet-monitor/releases/tag/v9.0.4) | August 6, 2025 | | net9.0 | +| 10.0 | November 12, 2025 | [10.0.0](https://github.com/dotnet/dotnet-monitor/releases/tag/v10.0.0) | November 12, 2025 | | net10.0 | +| 9.0 | November 12, 2024 | [9.0.5](https://github.com/dotnet/dotnet-monitor/releases/tag/v9.0.5) | November 11, 2025 | | net9.0 | | 8.1 | February 11, 2025 | [8.1.2](https://github.com/dotnet/dotnet-monitor/releases/tag/v8.1.2) | August 6, 2025 | | net8.0 | @@ -13,14 +14,12 @@ | Version | Original Release Date | Latest Patch Version | Patch Release Date | End of Support | Runtime Frameworks | | --- | --- | --- | --- | --- | --- | | 8.0 | November 14, 2023 | [8.0.8](https://github.com/dotnet/dotnet-monitor/releases/tag/v8.0.8) | February 11, 2025 | May 11, 2025 | net8.0 | -| 6.3 | October 11, 2022 | [6.3.10](https://github.com/dotnet/dotnet-monitor/releases/tag/v6.3.10) | November 12, 2024 | November 12, 2024 | net6.0
netcoreapp3.1 | ## Preview versions | Version | Release Date | Latest Version | Runtime Frameworks | | --- | --- | --- | --- | -| 10.0 | October 14, 2025 | [10.0.0 rc 2](https://github.com/dotnet/dotnet-monitor/releases/tag/v10.0.0-rc.2.25503.6) | net10.0 | | 9.1 | May 13, 2025 | [9.1.0 preview 3](https://github.com/dotnet/dotnet-monitor/releases/tag/v9.1.0-preview.3.25257.5) | net9.0 | diff --git a/eng/dependabot/independent/Versions.props b/eng/dependabot/independent/Versions.props index 978ecc9a3d3..a18058bbe35 100644 --- a/eng/dependabot/independent/Versions.props +++ b/eng/dependabot/independent/Versions.props @@ -2,11 +2,11 @@ - 1.49.0 - 1.17.0 + 1.50.0 + 1.17.1 12.26.0 12.24.0 - 4.0.1 + 4.1.1 1.6.28 4.3.2 5.0.0 diff --git a/eng/dependabot/net8.0/Versions.props b/eng/dependabot/net8.0/Versions.props index aa86fc2c62f..8c241ec201f 100644 --- a/eng/dependabot/net8.0/Versions.props +++ b/eng/dependabot/net8.0/Versions.props @@ -10,7 +10,7 @@ 8.0.1 - 8.0.21 + 8.0.22 8.0.6 diff --git a/eng/dependabot/net9.0/Versions.props b/eng/dependabot/net9.0/Versions.props index 0ef1906cfdd..5c5e64509c5 100644 --- a/eng/dependabot/net9.0/Versions.props +++ b/eng/dependabot/net9.0/Versions.props @@ -2,16 +2,16 @@ - 9.0.10 + 9.0.11 - 9.0.10 + 9.0.11 - 9.0.10 + 9.0.11 - 9.0.10 + 9.0.11 - 9.0.10 + 9.0.11 - 9.0.10 + 9.0.11 diff --git a/eng/helix/Helix.proj b/eng/helix/Helix.proj index 9ee3a67ee37..888daded426 100644 --- a/eng/helix/Helix.proj +++ b/eng/helix/Helix.proj @@ -119,7 +119,7 @@ - $([System.Environment]::GetEnvironmentVariable('DotNetBuildsInternalContainerReadToken')) diff --git a/eng/pipelines/dotnet-monitor-official.yml b/eng/pipelines/dotnet-monitor-official.yml index 3dc774d1a51..3fef6c27fce 100644 --- a/eng/pipelines/dotnet-monitor-official.yml +++ b/eng/pipelines/dotnet-monitor-official.yml @@ -15,7 +15,6 @@ pr: - .vscode - .gitignore - cspell.json - - eng/actions - samples - '**.md' diff --git a/eng/pipelines/dotnet-monitor-public.yml b/eng/pipelines/dotnet-monitor-public.yml index 90bb8220fc4..1d0c4041077 100644 --- a/eng/pipelines/dotnet-monitor-public.yml +++ b/eng/pipelines/dotnet-monitor-public.yml @@ -15,7 +15,6 @@ pr: - .vscode - .gitignore - cspell.json - - eng/actions - samples - '**.md' diff --git a/eng/pipelines/jobs/build.yml b/eng/pipelines/jobs/build.yml index 57454563a74..9f27b7382dd 100644 --- a/eng/pipelines/jobs/build.yml +++ b/eng/pipelines/jobs/build.yml @@ -110,7 +110,7 @@ jobs: - ${{ if eq(variables['System.TeamProject'], 'internal') }}: - _InternalInstallArgs: >- - -RuntimeSourceFeed https://dotnetbuilds.blob.core.windows.net/internal + -RuntimeSourceFeed https://ci.dot.net/internal -RuntimeSourceFeedKey $(dotnetbuilds-internal-container-read-token-base64) - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: diff --git a/eng/pipelines/jobs/pack-sign-publish.yml b/eng/pipelines/jobs/pack-sign-publish.yml index 2f97c187be1..9210de174ce 100644 --- a/eng/pipelines/jobs/pack-sign-publish.yml +++ b/eng/pipelines/jobs/pack-sign-publish.yml @@ -45,7 +45,7 @@ jobs: /p:SkipPublishProjects=true /p:CustomIsPacking=true /p:ThirdPartyNoticesFilePath='$(Build.SourcesDirectory)/$(_TPNFile)' - /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal + /p:DotNetRuntimeSourceFeed=https://ci.dot.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) /nowarn:MSB4011 displayName: Pack, Sign, and Publish diff --git a/eng/pipelines/jobs/sign-binaries.yml b/eng/pipelines/jobs/sign-binaries.yml index 00ac5543744..e489fcb6082 100644 --- a/eng/pipelines/jobs/sign-binaries.yml +++ b/eng/pipelines/jobs/sign-binaries.yml @@ -43,7 +43,7 @@ jobs: /p:OfficialBuildId=$(BUILD.BUILDNUMBER) /p:DotNetSignType=real /p:SignAllBinaries=true - /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal + /p:DotNetRuntimeSourceFeed=https://ci.dot.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) displayName: Sign diff --git a/eng/pipelines/jobs/tpn.yml b/eng/pipelines/jobs/tpn.yml index 9ca72f1aee5..c46713ff03f 100644 --- a/eng/pipelines/jobs/tpn.yml +++ b/eng/pipelines/jobs/tpn.yml @@ -9,7 +9,7 @@ jobs: - _InternalInstallArgs: '' - ${{ if eq(variables['System.TeamProject'], 'internal') }}: - _InternalInstallArgs: >- - /p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal + /p:DotNetRuntimeSourceFeed=https://ci.dot.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) steps: - template: /eng/pipelines/steps/setup-nuget-sources.yml@self diff --git a/samples/K8s_Ephemeral_Containers/README.md b/samples/K8s_Ephemeral_Containers/README.md new file mode 100644 index 00000000000..4bd2915da05 --- /dev/null +++ b/samples/K8s_Ephemeral_Containers/README.md @@ -0,0 +1,59 @@ +# Running dotnet-monitor as an Ephemeral Container in Kubernetes + +Running `dotnet-monitor` as an ephemeral container lets you attach diagnostics tooling to a live .NET workload only when you need it—without permanent resource, security, or operational overhead. Instead of baking tools into each application image or running a sidecar continuously, you temporarily inject a container to collect dumps, traces, logs, metrics, or other artifacts (even from hung or crash-looping processes) and then let it disappear. + +### Why use an ephemeral container? +* On-demand: No steady-state CPU/memory cost; start only for investigations. +* Lightweight images: Keep app container images free of extra tooling. +* Smaller attack surface: Elevated permissions and tooling exist for minutes, not the lifetime of the pod. +* Post-mortem access: Attach after failures or while the target process is unresponsive. +* Version independence: Use the latest `dotnet-monitor` image regardless of app version. +* Consistent workflow: Same injection procedure across all pods; no pre-provisioned sidecars. +* Cost aware: Fewer always-on containers reduces baseline resource usage. + +## Prerequisites +1. Kubernetes v1.25 or newer (ephemeral containers stable). +2. Target pod created with required env vars, volume, and volume mounts. + +## Inject dotnet monitor into a Pod +Prepare a [config file](config.yaml) whose values match the target's deployment dotnet monitor configuration. This step is performed once per pod lifetime; the ephemeral container persists until the pod restarts. + +```bash +Namespace="" +Pod="" +AppContainer="" +ConfigFile="./config.yaml" +MonitorPort=52323 + +kubectl debug -n "$Namespace" "pod/$Pod" \ + --image "mcr.microsoft.com/dotnet/monitor:10.0" \ + --container "debugger" \ + --profile "general" \ + --custom "$ConfigFile" +``` + +## Access the HTTP API +If you have existing [collection rules](../../documentation/api/collectionrules.md) and [egress](../../documentation/egress.md) configured, port-forwarding is optional; otherwise it enables ad-hoc requests. + +```bash +kubectl port-forward -n $Namespace pod/$Pod "${MonitorPort}:${MonitorPort}" +``` + +## Example: Collect a GC Dump +After port-forwarding, call the [HTTP API](../../documentation/api/README.md): + +```bash +ProcessId=1 +ts=$(date +'%Y%m%d_%H%M%S') +file="./diagnostics/gcdump_${ProcessId}_${ts}.gcdump" +uri="http://127.0.0.1:${MonitorPort}/gcdump?pid=${ProcessId}" +echo "[INFO] Collecting GC dump for PID ${ProcessId}" >&2 +mkdir -p "$(dirname "$file")" +curl -sS -H 'Accept: application/octet-stream' "$uri" -o "$file" +echo "[INFO] Saved GC dump to $file" >&2 +``` + +## Next Steps +* Use other endpoints for traces (`/trace`), process dumps (`/dump`), or metrics. +* Configure secure [authentication](../../documentation/authentication.md). +* Automate common investigations with [collection rules](../../documentation/collectionrules/collectionrules.md) and [egress](../../documentation/egress.md) before incidents occur. diff --git a/samples/K8s_Ephemeral_Containers/config.yaml b/samples/K8s_Ephemeral_Containers/config.yaml new file mode 100644 index 00000000000..888427fc3b9 --- /dev/null +++ b/samples/K8s_Ephemeral_Containers/config.yaml @@ -0,0 +1,12 @@ +{ + "volumeMounts": [ + { "name": "diagvol", "mountPath": "/diag" }, + ], + "env": [ + { "name": "DotnetMonitor_Urls", "value": "http://+:52323" }, + { "name": "DotnetMonitor_DiagnosticPort__ConnectionMode", "value": "Listen" }, + { "name": "DotnetMonitor_DiagnosticPort__EndpointName", "value": "/diag/dotnet-monitor.sock" }, + { "name": "DOTNETMONITOR_Storage__DefaultSharedPath", "value": "/diag" } + ], + args: [ "collect", "--no-auth" ] +}