All files up to date

[sdumortier]

Agent version and platform

Version of your agent? 2.109.2
OS of the machine running the agent? OSX/Windows

VSTS type and version

On-Prem TFS?
2015 Update 2

What's not working?

When running a build definition from our OnPrem TFS the iOS/Xamarin solution is not getting copied over to the MAC machine to be built. I keep getting a message "All Files up to date". However, when I run the tf command from the MAC with the " tf get -force" command, files get copied over and build completes. I wonder if something is getting cached on the MAC that thinks all the source files are up to date.

Agent and Worker's diag log

Workspace 'ws_1_82' created. [command]tf workfold -map -workspace:ws_1_82 "$/xxxx/xxxx/xxxx/MyReceipts" /Users/user/Mac/_work/1/s "-collection:https://tfs.xxx.com/tfs/ProdSup/" -jwt:**** -noprompt [command]tf get -version:C2239024 -recursive -overwrite /Users/crauser/MacWindwardAgentPS/_work/1/s -jwt:**** -noprompt All files up to date. Finishing: Get Sources

[ericsciple]

@sdumortier after running the "tf get -force" command once, do future builds pull incremental changes correctly?

[sdumortier]

No, I have to run the same command every time to pull the incremental changes.

[ericsciple]

it sounds like something is messed up with the cache. does the folder /Users/user/Mac/_work/1/s/.tf exist and contain files?

as a workaround, you can delete the workspace. the next build should create a mapping that should work from there-on-out (unless something is interfering with the cache files). if you queue a build with the variable build.clean set to all it will drop the entire 1 folder and start fresh.

[sdumortier]

Yes the folder /Users/user/Mac/_work/1/s/.tf exists and contains files.

I did try to delete the workspace and re-run the build definition to build the solution. However, I get the same message "All files up to date" and the builds fails because the solution files are not on the MAC. I also change the clean option to "true" under the repository tab in the build definition. Is that what you were referring to with the build.clean or something else? with the option clean set to true I get the same message.

[ericsciple]

can you try tf workspaces -remove and then tf workspace -delete? the agent carries a copy of the TEE command line under externals/tee. then you can add a variable on the variables tab (or at queue time) build.clean set to all which instructs the agent to drop the 1 folder.

there are other cache files too under your home directory. so my guess is somehting is missing there

[sdumortier]

I have 3 agents folders on the MAC, Each of this folder point to a different TFS instance. So, I'm in the agent folder that I'm testing the build definition. I ran the command to delete all the workspaces with "ws_1". When I run the command tf workspace within the agent folder I do see several workspaces been listed.

I have also added on the variables tab the following: Name: build.clean Value: all

I keep getting the same message: Please see below for some additional details... I do see that the workspace (ws_1_82) getting deleted. But nothing gets copied over... the "s" directory is empty

==========

tf workspace -delete ws_1_82;Build\ecb93bfe-769b-4e16-9edf-fa765421a895 "-collection:https://tfsps.xxx.com/tfs/xxxProdSup/" -jwt:**** -noprompt Workspace 'ws_1_82' deleted.

tf workspaces ws_1_82 -computer:* -format:xml "-collection:https://tfsps.xxxx.com/tfs/xxxxProdSup/" -jwt:**** -noprompt

No workspace matching ws_1_82;Project Collection Build Service (TEAM FOUNDATION) on computer * found in Team Foundation Server https://tfsps.xxx.com/tfs/xxxxProdSup/.

Deleting: '/Users/crauser/MacWindwardAgentPS/_work/1/s'.

tf workspace -new -location:local -permission:Public ws_1_82 "-collection:https://tfsps.xxxx.com/tfs/xxxxProdSup/" -jwt:**** -noprompt Workspace 'ws_1_82' created.

tf workfold -map -workspace:ws_1_82 "$/PS03C/xxx/xxx/MyReceipts - iOS" /Users/crauser/MacWindwardAgentPS/_work/1/s "-collection:https://tfsps.xxx.com/tfs/xxxxProdSup/" -jwt:**** -noprompt

tf get -version:C2239024 -recursive -overwrite /Users/crauser/MacWindwardAgentPS/_work/1/s -jwt:**** -noprompt All files up to date. Finishing: Get Sources

[ericsciple]

ah ok, in that case i think the built-in build service identity does not have permission to download the sources.

the jwt token used during the build is for the Project Collection Build Service or Project Build Service identity in TFS. can you verify whether that identity has access?

in the VC web UI, you can browse the project at any level of the folder structure and check the security settings.

[sdumortier]

thank you for the feedback. I'm not an expert on this so I may need some additional guidance, You want me to check on the TFS web portal, under security that the TFS group "Project Collection Build Service Accounts" have certain permission set or I need to add a member to be part of this group?

I didn't created a jwt token in TFS, I'm running the build definition under my credentials. If that's what you asking me. If you can elaborate a little more on this, it will be great.

The way I configured the OS X agent in the MAC is by using a local user account that was created in the TFS Server. I use this account to configure/connect the agent with TFS.

thank you in advance for your assitance

[ericsciple]

against a 2015 server your creds are used only to listen to the queue. when a job (i.e. build or release) is sent to the agent, the job message contains an auth token just for that job (with a short lived expiry for that job). during the job, the auth token for the job is used to communicate back to the server (including sync sources).

on the general tab you can select the authz scope for the build definition. The default is Project Collection which corresponds to the Project Collection Build Service identity (built-in identity within TFS).

If you check permission on the project in the web UI, that identity should have permission to your sources. Code -> Explorer, select a folder in the tree view, open the Security context menu. The users section should contain Project Collection Build Service. If it doesn't, you will need to add the user and grant permissions.

[ericsciple]

also on a side note, in tfs 2017 and on vsts, your creds are only used during configurationg (add the agent to the pool). during config, a token is generated that is scoped to that one agent and allows it listen to the queue. the enhancement required server side changes that landed in TFS 2017, so against a 2015 TFS server the agent falls back to the old behavior.

[sdumortier]

Thank you for the detailed information. I added the "Project Collection Build Service" identity in the project folder of the solution by selecting the security option. Ran the build definition and that worked!! all source code was copied over the MAC. What I did was to set all permissions to "Allow" for every option. However, do you know if I can set this permission at the project collection level? So don't have to add it for every project? It looks like that identify is added in our TFS instance but some of the permission are not set. Do you know which one should be set to allow?

Here is a snippet of the current permissions at the collection level:

[ericsciple]

my 2015 U3 test server looks like this (i'm pretty sure i haven't modified the permissions):

do you know whether the identity was explicitly removed? i think it should be there by default, unless there was a bug in 2015 U2 that i dont remember. i have heard of customers run into it a couple times when they explicitly removed permissions.

you might be able to grant the permission at a higher level from Visual Studio's source control explorer. poking around at it a little, i can't find a way from the web UI.

another option might be to add it to a group that has appropriate permissions.

[sdumortier]

No - the identity is there at the collection level and it has the same permissions from your snippet you provided. However, when running the build definition it does not work having the identity at the collection level. When you add the "Project Collection Build Service" identity on the project folder with the same permissions option from the identity from the collection level the build works - source file get copied over.

When you remove the identity from the project source folder or change the "General" option in the build definition to project collection the build does not work. So, it looks based on the testing that i did, is that you must add the Project Collection Build Service identity to the source folder that you want to run the build definition against.

[sdumortier]

the build definition works fine having the identity on the project source folder, The Xamarin.iOS gets build successfully and then I have a step to code sign the application which works great. However, when running the Xamarin.Android project, the sources get copied over the MAC fine but I get an error when the build happens.

[error]Supported task execution handler not found. Supported handlers: Node

Do you know what may be happening?

[ericsciple]

yes, you have run into an error message that is not great and that we want to improve :)

the problem is, 2015 Update 2 and 3 only had a Windows implementation of the Xamarin.Android task.

TFS 2017 shipped with an update for the task that runs on Mac and Linux. it looks like the newer task will probably work with an older server.

if you want to try it out, you can:

1. clone the [https://github.com/Microsoft/vsts-tasks](tasks repo)
2. checkout a stable branch (e.g. releases/m109 shipped a few weeks ago to VSTS and would probably be a good
3. follow the build instructions corresponding to the branch you check-out (contribute instructions are in the README.md at the root of the repo)
4. then use tfx cli to upload the _build/Tasks/XamarinAndroid folder to your server - make sure you upload it against the collection URL (e.g http\://SERVER:8080/tfs/defaultcollection)

or if you want to email ersciple i can send you a zip containing the built task folder.

[ericsciple]

...sorry forgot to mention domain (at microsoft com) for email alias mentioned above

[sdumortier]

I sent you an email to request the zip. Thanks for your help

[ericsciple]

sent

[ericsciple]

assigning to myself to test if this repros on 2017. if so then updating the troubleshooting docs would be good.

[ericsciple]

this also repros in 2017. i'll add it to the troubleshooting docs.

[ericsciple]

done