Merge pull request #135 from dagood/dev/dagood/1.15

Add 1.15 infrastructure

.github/CODEOWNERS

@@ -0,0 +1,8 @@
+# Require review from golang-compiler team for changes in any file. This keeps us in the loop on
+# auto-merge PRs. The review bot is also an owner so that it can still trigger auto-merge for sync
+# PRs on its own. We may remove this rule once auto-merges are routine.
+* @microsoft/golang-compiler @microsoft-golang-review-bot
+
+# Automatically request review from golang-compiler team for changes in the Microsoft-specific
+# files. This takes precedence over earlier rules in the file.
+/eng/ @microsoft/golang-compiler

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,57 @@
+# Copyright (c) Microsoft Corporation.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+# This is a CodeQL analysis job that runs on each PR to point out whether it
+# adds new potentially insecure code patterns. It also runs on a periodic basis
+# to analyze the checked-in code.
+
+# For more overall info about CodeQL: https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning
+# More about the CodeQL actions: https://github.com/github/codeql-action
+# OneNote page with more internal info: https://microsoft.sharepoint.com/teams/managedlanguages/_layouts/OneNote.aspx?id=%2Fteams%2Fmanagedlanguages%2Ffiles%2FTeam%20Notebook%2FGoLang%20Team&wd=target%28Main.one%7C62B655D4-14E7-41D6-A063-0869C28D63FC%2FSDL%20Tools%7C3908F727-3751-4ACC-8C71-6CEB2DF277B4%2F%29
+
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ microsoft/* ]
+  pull_request:
+    branches: [ microsoft/* ]
+  schedule:
+    # Run at 08:39 UTC each Thursday.
+    - cron: '39 8 * * 4'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'cpp', 'go' ]
+
+    env:
+      # Instead of running "go build" during the analysis step, instrument our custom build.
+      CODEQL_EXTRACTOR_GO_BUILD_TRACING: "on"
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: ${{ matrix.language }}
+
+      # Custom build command. The Go repo itself doesn't have a module at the
+      # root, so typical Go module build commands don't work.
+      - run: |
+          pwsh eng/run.ps1 build
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1

CODE_OF_CONDUCT.md

@@ -0,0 +1,9 @@
+# Microsoft Open Source Code of Conduct
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+
+Resources:
+
+- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
+- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
+- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns

NuGet.config

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) Microsoft Corporation. Use of this source code is governed by a BSD-style license that can be found in the LICENSE file. -->
+<!--
+  This NuGet.config is required to be in this location by the Arcade SDK, or auto-updates throw
+  errors. It is only used during the signing process, when locating .NET dependencies.
+-->
+<configuration>
+  <packageSources>
+    <clear />
+    <add key="dotnet-eng" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json" />
+    <add key="dotnet-public" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public/nuget/v3/index.json" />
+    <add key="MicroBuildToolset" value="https://pkgs.dev.azure.com/dnceng/_packaging/MicroBuildToolset/nuget/v3/index.json" />
+  </packageSources>
+  <disabledPackageSources>
+    <clear />
+  </disabledPackageSources>
+</configuration>

README.md

@@ -3,42 +3,36 @@
 Go is an open source programming language that makes it easy to build simple,
 reliable, and efficient software.
 
-![Gopher image](doc/gopher/fiveyears.jpg)
+This repository, https://github.com/microsoft/go, contains the source for Go and
+the infrastructure used by Microsoft to build Go. See
+[`eng/README.md`](eng/README.md) for more information.
+
+![Gopher image](https://golang.org/doc/gopher/fiveyears.jpg)
 *Gopher image by [Renee French][rf], licensed under [Creative Commons 3.0 Attributions license][cc3-by].*
 
-Our canonical Git repository is located at https://go.googlesource.com/go.
-There is a mirror of the repository at https://github.com/golang/go.
+The canonical Git repository is located at https://go.googlesource.com/go.
 
 Unless otherwise noted, the Go source files are distributed under the
 BSD-style license found in the LICENSE file.
 
-### Download and Install
-
-#### Binary Distributions
-
-Official binary distributions are available at https://golang.org/dl/.
-
-After downloading a binary release, visit https://golang.org/doc/install
-or load [doc/install.html](./doc/install.html) in your web browser for installation
-instructions.
-
-#### Install From Source
-
-If a binary distribution is not available for your combination of
-operating system and architecture, visit
-https://golang.org/doc/install/source or load [doc/install-source.html](./doc/install-source.html)
-in your web browser for source installation instructions.
+## Contributing
 
-### Contributing
+This project welcomes contributions and suggestions.  Most contributions require you to agree to a
+Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
+the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
 
-Go is the work of thousands of contributors. We appreciate your help!
+When you submit a pull request, a CLA bot will automatically determine whether you need to provide
+a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
+provided by the bot. You will only need to do this once across all repos using our CLA.
 
-To contribute, please read the contribution guidelines:
-	https://golang.org/doc/contribute.html
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
+contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
 
-Note that the Go project uses the issue tracker for bug reports and
-proposals only. See https://golang.org/wiki/Questions for a list of
-places to ask questions about the Go language.
+## Trademarks
 
-[rf]: https://reneefrench.blogspot.com/
-[cc3-by]: https://creativecommons.org/licenses/by/3.0/
+This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft 
+trademarks or logos is subject to and must follow 
+[Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general).
+Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
+Any use of third-party trademarks or logos are subject to those third-party's policies.

SECURITY.md

@@ -1,13 +1,41 @@
-# Security Policy
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.5 BLOCK -->
 
-## Supported Versions
+## Security
 
-We support the past two Go releases (for example, Go 1.12.x and Go 1.13.x).
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
 
-See https://golang.org/wiki/Go-Release-Cycle and in particular the
-[Release Maintenance](https://github.com/golang/go/wiki/Go-Release-Cycle#release-maintenance)
-part of that page.
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below.
 
-## Reporting a Vulnerability
+## Reporting Security Issues
 
-See https://golang.org/security for how to report a vulnerability.
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->

SUPPORT.md

@@ -0,0 +1,25 @@
+# TODO: The maintainer of this repo has not yet edited this file
+
+**REPO OWNER**: Do you want Customer Service & Support (CSS) support for this product/project?
+
+- **No CSS support:** Fill out this template with information about how to file issues and get help.
+- **Yes CSS support:** Fill out an intake form at [aka.ms/spot](https://aka.ms/spot). CSS will work with/help you to determine next steps. More details also available at [aka.ms/onboardsupport](https://aka.ms/onboardsupport).
+- **Not sure?** Fill out a SPOT intake as though the answer were "Yes". CSS will help you decide.
+
+*Then remove this first heading from this SUPPORT.MD file before publishing your repo.*
+
+# Support
+
+## How to file issues and get help  
+
+This project uses GitHub Issues to track bugs and feature requests. Please search the existing 
+issues before filing new issues to avoid duplicates.  For new issues, file your bug or 
+feature request as a new Issue.
+
+For help and questions about using this project, please **REPO MAINTAINER: INSERT INSTRUCTIONS HERE 
+FOR HOW TO ENGAGE REPO OWNERS OR COMMUNITY FOR HELP. COULD BE A STACK OVERFLOW TAG OR OTHER
+CHANNEL. WHERE WILL YOU HELP PEOPLE?**.
+
+## Microsoft Support Policy  
+
+Support for this **PROJECT or PRODUCT** is limited to the resources listed above.

eng/.gitignore

@@ -0,0 +1 @@
+artifacts/

eng/README.md

@@ -0,0 +1,76 @@
+# `eng`: the Microsoft infrastructure to build Go
+
+This directory contains build infrastructure files that Microsoft uses to build
+Go. This directory serves a similar purpose to https://github.com/golang/build,
+which stores the build infrastructure for the upstream Go repo,
+https://go.googlesource.com/go.
+
+The directory name, "eng", is short for "engineering". This name is required
+because the [dotnet/arcade](https://github.com/dotnet/arcade) auto-update
+process specifically looks for `eng/Version.Details.xml` and `eng/common/`
+absolute paths.
+
+## Prerequisites
+
+* [PowerShell 6+](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell)
+
+## Building Go
+
+To build Go using the Microsoft scripts, run `./run.ps1 build`, or run
+`eng/run.ps1 build` from the root of the repository. To run the build from a
+shell other than PowerShell without switching, use `pwsh eng/run.ps1 build`.
+This script is cross-platform.
+
+The standard way to build the upstream Go repository is to run `./make.bash` in
+the `src` directory. Running `eng/run.ps1 build` accomplishes the same end
+result, but it will automatically download a version of Go and use that to
+build, and `eng/run.ps1 build` will also build the race runtime once the
+standard build is complete.
+
+Run `eng/run.ps1 build -h` for more information.
+
+The `build` tool supports these OS/architectures:
+* `linux_amd64`
+* `windows_amd64`
+
+## Change containment
+
+Changes specific to the Microsoft build of Go are kept inside the `eng`
+directory. This helps to isolate and easily contribute changes to the upstream
+Go repository.
+
+However, there are a few places outside of `eng` that are modified to fit
+infrastructure requirements:
+
+* `/*.md` - The Microsoft GitHub organization has standard repository text that
+  needs to be in these files, so the upstream Go repo text is changed.
+* `/.github` - Contains CI configuration. GitHub requires files to be at this
+  absolute path, so the files in the upstream Go repo need to be deleted to
+  configure Microsoft's CI.
+* `/global.json` - This is a .NET SDK `global.json` file. It contains the
+  version of the Arcade SDK that will be used for signing our outputs. Arcade
+  SDK auto-update requires this file to be in this absolute location.
+* `/NuGet.config` - This is a .NET NuGet sources configuration file. This is
+  also required at the root of the repo by the Arcade SDK.
+
+For a complete list of files that are modified vs. the upstream Git repository,
+first make sure you have the upstream Git refs locally. One way to do this is to
+set up a remote:
+
+```sh
+git remote add golang https://github.com/microsoft/go
+git fetch golang
+```
+
+Then compare `master` (for example) against the corresponding `microsoft/main`
+branch:
+
+```sh
+git checkout microsoft/main
+# '...' compares against the shared base commit for both branches.
+git diff --name-status golang/master...
+```
+
+The diff is also calculated and included in every auto-merge PR description. You
+can use this query to find the most recent `microsoft/main` auto-merge PR:
+<https://github.com/microsoft/go/pulls?q=is%3Apr+author%3Amicrosoft-golang-bot+%22Merge+upstream%22>