Move vcpkg-ce development into the vcpkg-tool repo.

.gitattributes

@@ -1 +1,21 @@
+# Don't allow people to merge changes to these generated files, because the result
+# may be invalid.  You need to run "rush update" again.
+ce/pnpm-lock.yaml               merge=binary
+ce/shrinkwrap.yaml              merge=binary
+ce/npm-shrinkwrap.json          merge=binary
+ce/yarn.lock                    merge=binary
+
+
+# Disable line ending smudges entirely.
 * -text
+
+# Rush's JSON config files use JavaScript-style code comments.  The rule below prevents pedantic
+# syntax highlighters such as GitHub's from highlighting these comments as errors.  Your text editor
+# may also require a special configuration to allow comments in JSON.
+#
+# For more information, see this issue: https://github.com/Microsoft/web-build-tools/issues/1088
+#
+*.json                       linguist-language=JSON-with-Comments
+*.png               binary
+*.gif               binary
+*.mp4               binary

.gitignore

@@ -8,8 +8,17 @@
 /CMakeSettings.json
 /out
 .DS_Store
-# Qt Creator CMake project files
 CMakeLists.txt.user
 .cache
 /vcpkg-ce.zip
-/vcpkg-ce/**
+node_modules/
+**/.rush/
+**/dist/
+/ce/test/**/*.d.ts
+/ce/test/**/*.map
+/ce/test/**/*.js
+/ce/ce/vcpkg-ce.build.log
+/ce/common/config/rush/pnpm-lock.yaml
+/ce/test/vcpkg-ce.test.build.log
+/ce/common/temp
+/vcpkg-root

CODE_OF_CONDUCT.md

@@ -0,0 +1,9 @@
+# Microsoft Open Source Code of Conduct
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+
+Resources:
+
+- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
+- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
+- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns

PolicheckExclusion.xml

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!--    When adding new values, please use UPPER CASE - all values will be compared only to the UPPER CASE strings -->
+<PoliCheckExclusions>
+
+  <!-- Each of these exclusions is a folder name - if \[name]\ exists in the file path, it will be skipped -->
+  <Exclusion Type="FolderPathFull">.GIT|NODE_MODULES</Exclusion>
+
+  <!-- The specified file names will be skipped during the scan regardless which folder they are in -->
+  <Exclusion Type="FileName">YARN.JS</Exclusion>
+
+</PoliCheckExclusions>

README.md

@@ -16,6 +16,50 @@ tracking, and edits to which libraries are available.
 This repository contains the contents formerly at https://github.com/microsoft/vcpkg in the
 "toolsrc" tree, and build support.
 
+# Vcpkg-ce: "Configure Environment" / artifacts
+
+Parts of vcpkg powered by "ce" are currently in 'preview' -- there will most certainly be changes between now
+and when the tool is 'released' based on feedback. 
+
+You can use it, but be forewarned that we may change formats, commands, etc. 
+
+Think of it as a manifest-driven desired state configuration for C/C++ projects. 
+
+It 
+ - integrates itself into your shell (PowerShell, CMD, bash/zsh)
+ - can restore artifacts according to a manifest that follows one’s code 
+ - provides discoverability interfaces
+
+## Installation
+
+While the usage of `ce` is the same on all platforms, the installation/loading/removal is slightly different depending on the platform you're using.
+
+`ce` doesn't persist any changes to the environment, nor does it automatically add itself to the start-up environment. If you wish to make it load in a window, you can just execute the script. Manually adding that in your profile will load it in every new window.
+
+<hr>
+
+## Install/Use/Remove
+
+| OS              | Install                                             | Use                   | Remove                          |
+|-----------------|-----------------------------------------------------|-----------------------|---------------------------------|
+| **PowerShell/Pwsh** |`iex (iwr -useb https://aka.ms/vcpkg-init.ps1)`              |` . ~/.vcpkg/vcpkg-init.ps1`          | `rmdir -recurse ~/.vcpkg`          |
+| **Linux/OSX**       |`. <(curl https://aka.ms/vcpkg-init.sh -L)`                  |` . ~/.vcpkg/vcpkg-init.sh`          | `rm -rf ~/.ce`                  |
+| **CMD Shell**       |`curl -LO https://aka.ms/vcpkg-init.cmd && .\vcpkg-init.cmd` |`%USERPROFILE%\.vcpkg\vcpkg-init.cmd` | `rmdir /s /q %USERPROFILE%\.vcpkg` |
+
+## Glossary
+
+| Term       | Description                                         |
+|------------|-----------------------------------------------------|
+| `artifact` | An archive (.zip or .tar.gz-like), package (.nupkg, .vsix) binary inside which build tools or components thereof are stored. |
+| `artifact metadata` | A description of the locations one or more artifacts describing rules for which ones are deployed given selection of a host architecture, target architecture, or other properties|
+| `artifact identity` | A short string that uniquely describes a moniker that a given artifact (and its metadata) can be referenced by. They can have one of the following forms:<br> `full/identity/path` - the full identity of an artifact that is in the built-in artifact source<br>`sourcename:full/identity/path` - the full identity of an artifact that is in the artifact source specified by the sourcename prefix<br>`shortname` - the shortened unique name of an artifact that is in the built-in artifact source<br>`sourcename:shortname` - the shortened unique name of an artifact that is in the artifact source specified by the sourcename prefix<br>Shortened names are generated based off the shortest unique identity path in the given source. |
+| `artifact source` | Also known as a “feed”. An Artifact Source is a location that hosts metadata to locate artifacts. (_There is only one source currently_) |
+| `project profile` | The per-project configuration file (`environment.yaml` or `environment.json`) 
+| `AMF`&nbsp;or&nbsp;`Metadata`&nbsp;`Format` | The schema / format of the YAML/JSON files for project profiles, global settings, and artifacts metadata. |
+| `activation` | The process by which a particular set of artifacts are acquired and enabled for use in a calling command program.|
+| `versions` | Version numbers are specified using the Semver format. If a version for a particular operation isn't specified, a range for the latest version ( `*` ) is assumed. A version or version range can be specified using the npm semver matching syntax. When a version is stored, it can be stored using the version range specified, a space and then the version found. (ie, the first version is what was asked for, the second is what was installed. No need for a separate lock file.) |
+
+
 # Contributing
 
 Please refer to the "contributing" section of the
@@ -36,6 +80,14 @@ with any additional questions or comments.
 The product code in this repository is licensed under the [MIT License](LICENSE.txt). The tests
 contain 3rd party code as documented in `NOTICE.txt`.
 
+# Trademarks
+
+This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft 
+trademarks or logos is subject to and must follow 
+[Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general).
+Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
+Any use of third-party trademarks or logos are subject to those third-party's policies.
+
 # Telemetry
 
 vcpkg collects usage data in order to help us improve your experience.

SECURITY.md

@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.5 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->

SUPPORT.md

@@ -0,0 +1,11 @@
+# Support
+
+## How to file issues and get help  
+
+This project uses GitHub Issues to track bugs and feature requests. Please search the existing 
+issues before filing new issues to avoid duplicates.  For new issues, file your bug or 
+feature request as a new Issue.
+
+## Microsoft Support Policy  
+
+Support for this **vcpkg-ce** is limited to the resources listed above.

azure-pipelines/arch-independent-signing.signproj

@@ -11,17 +11,17 @@
   </ItemGroup>
 
   <ItemGroup>
-    <FilesToSign Include="$(IntermediateOutputPath)\vcpkg-ce\**\*.js" Exclude="$(IntermediateOutputPath)\vcpkg-ce\**\node_modules\**\*.js">
+    <FilesToSign Include="$(IntermediateOutputPath)\ce\**\*.js" Exclude="$(IntermediateOutputPath)\ce\**\node_modules\**\*.js">
       <Authenticode>Microsoft400</Authenticode>
     </FilesToSign>
-    <FilesToSign Include="$(IntermediateOutputPath)\vcpkg-ce\scripts\ce.ps1">
+    <FilesToSign Include="$(IntermediateOutputPath)\ce\scripts\ce.ps1">
       <Authenticode>Microsoft400</Authenticode>
     </FilesToSign>
-    <FilesToSign Include="$(IntermediateOutputPath)\vcpkg-ce\**\node_modules\**\*.js"
-                 Exclude="$(IntermediateOutputPath)\vcpkg-ce\common\temp\node_modules\.pnpm\**\node_modules\fast-xml-parser\src\xmlbuilder\prettifyJs2Xml.js">
+    <FilesToSign Include="$(IntermediateOutputPath)\ce\**\node_modules\**\*.js"
+                 Exclude="$(IntermediateOutputPath)\ce\common\temp\node_modules\.pnpm\**\node_modules\fast-xml-parser\src\xmlbuilder\prettifyJs2Xml.js">
       <Authenticode>3PartyScriptsSHA2</Authenticode>
     </FilesToSign>
-    <FilesToSign Include="$(IntermediateOutputPath)\vcpkg-init.ps1">
+    <FilesToSign Include="$(IntermediateOutputPath)\init.ps1">
       <Authenticode>Microsoft400</Authenticode>
     </FilesToSign>
   </ItemGroup>

azure-pipelines/pipelines.yml

@@ -1,6 +1,6 @@
 jobs:
 - job: linux_gcc_9
-  displayName: 'Ubuntu 20.04 with GCC 9'
+  displayName: 'Ubuntu 20.04 with GCC 9, plus vcpkg-ce'
   pool:
     vmImage: 'ubuntu-20.04'
   variables:
@@ -11,6 +11,34 @@ jobs:
         git clone https://github.com/microsoft/vcpkg "$VCPKG_ROOT" -n
         git -C "$VCPKG_ROOT" checkout `cat vcpkg-init/vcpkg-scripts-sha.txt`
       displayName: "Clone vcpkg repo to serve as root"
+    - task: NodeTool@0
+      inputs:
+        versionSpec: '16.x'
+      displayName: 'Install Node.js'
+    - script: |
+        cd ce
+
+        npm install -g npm
+        rc=$?; if [ $rc -ne 0 ]; then exit $rc ; fi
+
+        npx @microsoft/rush update
+        rc=$?; if [ $rc -ne 0 ]; then exit $rc ; fi
+
+        npx @microsoft/rush rebuild
+        rc=$?; if [ $rc -ne 0 ]; then exit $rc ; fi
+
+        npx @microsoft/rush test
+        rc=$?; if [ $rc -ne 0 ]; then exit $rc ; fi
+
+        npx @microsoft/rush lint
+        rc=$?; if [ $rc -ne 0 ]; then exit $rc ; fi
+
+        if [ -n "$(git status --porcelain)" ]; then
+          echo "ERROR: Working directory is dirty. Are there test output files missing from the PR?"
+          git status
+          exit 1
+        fi
+      displayName: 'Rush install, build and test vcpkg-ce'
     - bash: |
         export CXXFLAGS="-fprofile-arcs -ftest-coverage -fPIC -O0"
         cmake -DCMAKE_BUILD_TYPE=Debug -DBUILD_TESTING=ON -DVCPKG_DEVELOPMENT_WARNINGS=ON -DVCPKG_WARNINGS_AS_ERRORS=ON -DVCPKG_BUILD_FUZZING=ON -B build.amd64.debug

azure-pipelines/signing.yml

@@ -66,55 +66,42 @@ jobs:
         filePath: vcpkg-init/lock-versions.ps1
         arguments: '-Destination "$(Build.BinariesDirectory)" -VcpkgBaseVersion $(VCPKG_INITIAL_BASE_VERSION)'
     # Build and test vcpkg-ce
-    - task: PowerShell@2
-      displayName: 'Download vcpkg-ce sources'
-      inputs:
-        targetType: 'inline'
-        script: |
-          $sha = Get-Content azure-pipelines/vcpkg-ce-sha.txt -Raw
-          $sha = $sha.Trim()
-          if( test-path vcpkg-ce) { rmdir -recurse -force vcpkg-ce -ea 0 }
-          # this will keep the .git folder, which is used by set-versions to accurately set the version of ce
-          git clone https://github.com/microsoft/vcpkg-ce/ vcpkg-ce
-          cd vcpkg-ce
-          git checkout $sha
-        pwsh: true
     - task: UseNode@1
       displayName: Use Node 16 or later
       inputs:
         version: "16.x"
     - script: npm install -g @microsoft/rush
       displayName: Install Rush
-      workingDirectory: vcpkg-ce
+      workingDirectory: ce
     - script: rush update
       displayName: Install vcpkg-ce Dependencies
-      workingDirectory: vcpkg-ce
+      workingDirectory: ce
     - script: rush lint
       displayName: Check vcpkg-ce for Linting Errors
-      workingDirectory: vcpkg-ce
+      workingDirectory: ce
     - script: rush rebuild
       displayName: Build vcpkg-ce Packages
-      workingDirectory: vcpkg-ce
+      workingDirectory: ce
     - script: rush test
       displayName: Run vcpkg-ce Tests
-      workingDirectory: vcpkg-ce
+      workingDirectory: ce
     - script: |
         rush set-versions
         node -e "const c = require('./ce/package.json'); p = require('./assets/package.json') ; p.version = c.version; require('fs').writeFileSync('./assets/package.json', JSON.stringify(p,undefined,2)); console.log(``set asset version to `${p.version}``);"
       displayName: Set vcpkg-ce Package Versions
-      workingDirectory: vcpkg-ce
-    - script: mkdir "$(Build.BinariesDirectory)\vcpkg-ce" && rush deploy -t "$(Build.BinariesDirectory)\vcpkg-ce"
+      workingDirectory: ce
+    - script: mkdir "$(Build.BinariesDirectory)\ce" && rush deploy -t "$(Build.BinariesDirectory)\ce"
       displayName: Collect vcpkg-ce Dependencies
-      workingDirectory: vcpkg-ce
+      workingDirectory: ce
     - task: ComponentGovernanceComponentDetection@0
       displayName: Detect Components
       inputs:
-        ignoreDirectories: vcpkg-ce/common/temp
+        ignoreDirectories: ce/common/temp
     # Inject the NOTICE file. This must run after component detection.
     - task: msospo.ospo-extension.8d7f9abb-6896-461d-9e25-4f74ed65ddb2.notice@0
       displayName: Generate NOTICE File
       inputs:
-        outputfile: $(Build.BinariesDirectory)/vcpkg-ce/NOTICE.txt
+        outputfile: $(Build.BinariesDirectory)/ce/NOTICE.txt
     - task: MicroBuildSigningPlugin@3
       displayName: Install MicroBuild Signing
       inputs:
@@ -148,10 +135,10 @@ jobs:
         arguments: '-DestinationTarballName "$(Build.BinariesDirectory)\vcpkg-standalone-bundle.tar.gz" -TempPath standalone-temp "$(Build.BinariesDirectory)\vcpkg-init.cmd" "$(Build.BinariesDirectory)\vcpkg-init.ps1" "$(Build.BinariesDirectory)\vcpkg-init"'
     - script: npm pack
       displayName: Create vcpkg-ce Pack
-      workingDirectory: $(Build.BinariesDirectory)/vcpkg-ce
+      workingDirectory: $(Build.BinariesDirectory)/ce
     - script: |
         mkdir "$(Build.ArtifactStagingDirectory)\staging"
-        move "$(Build.BinariesDirectory)\vcpkg-ce\vcpkg-ce-*.tgz" "$(Build.ArtifactStagingDirectory)\staging\vcpkg-ce.tgz"
+        move "$(Build.BinariesDirectory)\ce\vcpkg-ce-*.tgz" "$(Build.ArtifactStagingDirectory)\staging\vcpkg-ce.tgz"
         move "$(Build.BinariesDirectory)\vcpkg-standalone-bundle.tar.gz" "$(Build.ArtifactStagingDirectory)\staging\vcpkg-standalone-bundle.tar.gz"
         move "$(Build.BinariesDirectory)\vcpkg-init" "$(Build.ArtifactStagingDirectory)\staging\vcpkg-init"
         move "$(Build.BinariesDirectory)\vcpkg-init.ps1" "$(Build.ArtifactStagingDirectory)\staging\vcpkg-init.ps1"

ce/.eslintignore

@@ -0,0 +1 @@
+**/*.d.ts