Create 2.286.1 runner release.

* github-praph.png deleted extra background

* background around tentacles of mascot also deleted

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,12 +1,18 @@
 ---
-name: Bug report
-about: Create a report to help us improve
+name: 🛑 Report a bug in the runner application
+about: If you have issues with GitHub Actions, please follow the "support for GitHub Actions" link, below.
 title: ''
 labels: bug
 assignees: ''
 
 ---
 
+<!--
+👋 You're opening a bug report against the GitHub Actions **runner application**.
+
+🛑 Please stop if you're not certain that the bug you're seeing is in the runner application - if you have general problems with actions, workflows, or runners, please see the [GitHub Community Support Forum](https://github.community/c/code-to-cloud/52) which is actively monitored.  Using the forum ensures that we route your problem to the correct team.  😃
+-->
+
 **Describe the bug**
 A clear and concise description of what the bug is.
 

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,11 @@
+blank_issues_enabled: false
+contact_links:
+  - name: ✅ Support for GitHub Actions
+    url: https://github.community/c/code-to-cloud/52
+    about: If you have questions about GitHub Actions or need support writing workflows, please ask in the GitHub Community Support forum.
+  - name: ✅ Feedback and suggestions for GitHub Actions
+    url: https://github.com/github/feedback/discussions/categories/actions-and-packages-feedback
+    about: If you have feedback or suggestions about GitHub Actions, please open a discussion (or add to an existing one) in the GitHub Actions Feedback.  GitHub Actions Product Managers and Engineers monitor the feedback forum.
+  - name: ‼️ GitHub Security Bug Bounty
+    url: https://bounty.github.com/
+    about: Please report security vulnerabilities here.

.github/ISSUE_TEMPLATE/enhancement_request.md

@@ -1,19 +1,24 @@
 ---
-name: Feature Request
-about: Create a request to help us improve
+name: 🛑 Request a feature in the runner application 
+about: If you have feature requests for GitHub Actions, please use the "feedback and suggestions for GitHub Actions" link below.
 title: ''
 labels: enhancement
 assignees: ''
 
 ---
 
-Thank you 🙇‍♀ for wanting to create a feature in this repository. Before you do, please ensure you are filing the issue in the right place. Issues should only be opened on if the issue **relates to code in this repository**.  
+<!--
+👋 You're opening a request for an enhancement in the GitHub Actions **runner application**.
 
+🛑 Please stop if you're not certain that the feature you want is in the runner application - if you have a suggestion for improving GitHub Actions, please see the [GitHub Actions Feedback](https://github.com/github/feedback/discussions/categories/actions-and-packages-feedback) discussion forum which is actively monitored.  Using the forum ensures that we route your problem to the correct team.  😃
+
+Some additional useful links:
 * If you have found a security issue [please submit it here](https://hackerone.com/github)
 * If you have questions or issues with the service, writing workflows or actions, then please [visit the GitHub Community Forum's Actions Board](https://github.community/t5/GitHub-Actions/bd-p/actions)
-* If you are having an issue or question about GitHub Actions then please [contact customer support](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/about-github-actions#contacting-support)
+* If you are having an issue or have a question about GitHub Actions then please [contact customer support](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/about-github-actions#contacting-support)
 
 If you have a feature request that is relevant to this repository, the runner, then please include the information below:
+-->
 
 **Describe the enhancement**
 A clear and concise description of what the features or enhancement you need.

.github/workflows/build.yml

@@ -57,6 +57,29 @@ jobs:
       working-directory: src
       if: matrix.runtime != 'linux-arm64' && matrix.runtime != 'linux-arm'
 
+    # Check runtime/externals hash
+    - name: Compute/Compare runtime and externals Hash
+      shell: bash
+      run: |
+        echo "Current dotnet runtime hash result: $DOTNET_RUNTIME_HASH"
+        echo "Current Externals hash result: $EXTERNALS_HASH"
+
+        NeedUpdate=0
+        if [ "$EXTERNALS_HASH" != "$(cat ./src/Misc/contentHash/externals/${{ matrix.runtime }})" ] ;then
+          echo Hash mismatch, Update ./src/Misc/contentHash/externals/${{ matrix.runtime }} to $EXTERNALS_HASH
+          NeedUpdate=1
+        fi
+
+        if [ "$DOTNET_RUNTIME_HASH" != "$(cat ./src/Misc/contentHash/dotnetRuntime/${{ matrix.runtime }})" ] ;then
+          echo Hash mismatch, Update ./src/Misc/contentHash/dotnetRuntime/${{ matrix.runtime }} to $DOTNET_RUNTIME_HASH
+          NeedUpdate=1
+        fi
+
+        exit $NeedUpdate
+      env:
+        DOTNET_RUNTIME_HASH: ${{hashFiles('**/_layout_trims/runtime/**/*')}}
+        EXTERNALS_HASH: ${{hashFiles('**/_layout_trims/externals/**/*')}}
+
     # Create runner package tar.gz/zip
     - name: Package Release
       if: github.event_name != 'pull_request'
@@ -67,7 +90,11 @@ jobs:
     # Upload runner package tar.gz/zip as artifact
     - name: Publish Artifact
       if: github.event_name != 'pull_request'
-      uses: actions/upload-artifact@v1
+      uses: actions/upload-artifact@v2
       with:
         name: runner-package-${{ matrix.runtime }}
-        path: _package
+        path: | 
+          _package
+          _package_trims/trim_externals
+          _package_trims/trim_runtime
+          _package_trims/trim_runtime_externals

.github/workflows/codeql.yml

@@ -1,7 +1,12 @@
 name: "Code Scanning - Action"
 
+permissions:
+  security-events: write
+
 on:
   push:
+    branches: 
+      - main
   pull_request:
   schedule:
     - cron: '0 0 * * 0'

.github/workflows/release.yml

@@ -51,6 +51,21 @@ jobs:
       linux-arm-sha: ${{ steps.sha.outputs.linux-arm-sha256 }}
       win-x64-sha: ${{ steps.sha.outputs.win-x64-sha256 }}
       osx-x64-sha: ${{ steps.sha.outputs.osx-x64-sha256 }}
+      linux-x64-sha-noexternals: ${{ steps.sha_noexternals.outputs.linux-x64-sha256 }}
+      linux-arm64-sha-noexternals: ${{ steps.sha_noexternals.outputs.linux-arm64-sha256 }}
+      linux-arm-sha-noexternals: ${{ steps.sha_noexternals.outputs.linux-arm-sha256 }}
+      win-x64-sha-noexternals: ${{ steps.sha_noexternals.outputs.win-x64-sha256 }}
+      osx-x64-sha-noexternals: ${{ steps.sha_noexternals.outputs.osx-x64-sha256 }}
+      linux-x64-sha-noruntime: ${{ steps.sha_noruntime.outputs.linux-x64-sha256 }}
+      linux-arm64-sha-noruntime: ${{ steps.sha_noruntime.outputs.linux-arm64-sha256 }}
+      linux-arm-sha-noruntime: ${{ steps.sha_noruntime.outputs.linux-arm-sha256 }}
+      win-x64-sha-noruntime: ${{ steps.sha_noruntime.outputs.win-x64-sha256 }}
+      osx-x64-sha-noruntime: ${{ steps.sha_noruntime.outputs.osx-x64-sha256 }}
+      linux-x64-sha-noruntime-noexternals: ${{ steps.sha_noruntime_noexternals.outputs.linux-x64-sha256 }}
+      linux-arm64-sha-noruntime-noexternals: ${{ steps.sha_noruntime_noexternals.outputs.linux-arm64-sha256 }}
+      linux-arm-sha-noruntime-noexternals: ${{ steps.sha_noruntime_noexternals.outputs.linux-arm-sha256 }}
+      win-x64-sha-noruntime-noexternals: ${{ steps.sha_noruntime_noexternals.outputs.win-x64-sha256 }}
+      osx-x64-sha-noruntime-noexternals: ${{ steps.sha_noruntime_noexternals.outputs.osx-x64-sha256 }}
     strategy:
       matrix:
         runtime: [ linux-x64, linux-arm64, linux-arm, win-x64, osx-x64 ]
@@ -99,14 +114,6 @@ jobs:
         ${{ matrix.devScript }} package Release ${{ matrix.runtime }}
       working-directory: src
 
-    # Upload runner package tar.gz/zip as artifact.
-    # Since each package name is unique, so we don't need to put ${{matrix}} info into artifact name
-    - name: Publish Artifact
-      if: github.event_name != 'pull_request'
-      uses: actions/upload-artifact@v1
-      with:
-        name: runner-packages
-        path: _package
     # compute shas and set as job outputs to use in release notes
     - run: brew install coreutils #needed for shasum util
       if: ${{ matrix.os == 'macOS-latest' }}
@@ -120,6 +127,91 @@ jobs:
       id: sha
       name: Compute SHA256
       working-directory: _package
+    - run: |
+        file=$(ls)
+        sha=$(sha256sum $file | awk '{ print $1 }')
+        echo "Computed sha256: $sha for $file"
+        echo "::set-output name=${{matrix.runtime}}-sha256::$sha"
+        echo "::set-output name=sha256::$sha"
+      shell: bash
+      id: sha_noexternals
+      name: Compute SHA256
+      working-directory: _package_trims/trim_externals
+    - run: |
+        file=$(ls)
+        sha=$(sha256sum $file | awk '{ print $1 }')
+        echo "Computed sha256: $sha for $file"
+        echo "::set-output name=${{matrix.runtime}}-sha256::$sha"
+        echo "::set-output name=sha256::$sha"
+      shell: bash
+      id: sha_noruntime
+      name: Compute SHA256
+      working-directory: _package_trims/trim_runtime
+    - run: |
+        file=$(ls)
+        sha=$(sha256sum $file | awk '{ print $1 }')
+        echo "Computed sha256: $sha for $file"
+        echo "::set-output name=${{matrix.runtime}}-sha256::$sha"
+        echo "::set-output name=sha256::$sha"
+      shell: bash
+      id: sha_noruntime_noexternals
+      name: Compute SHA256
+      working-directory: _package_trims/trim_runtime_externals
+    
+    - name: Create trimmedpackages.json for ${{ matrix.runtime }}
+      if: matrix.runtime == 'win-x64'
+      uses: actions/github-script@0.3.0
+      with:
+        github-token: ${{secrets.GITHUB_TOKEN}}
+        script: |
+          const core = require('@actions/core')
+          const fs = require('fs');
+          const runnerVersion = fs.readFileSync('src/runnerversion', 'utf8').replace(/\n$/g, '')
+          var trimmedPackages = fs.readFileSync('src/Misc/trimmedpackages_zip.json', 'utf8').replace(/<RUNNER_VERSION>/g, runnerVersion).replace(/<RUNNER_PLATFORM>/g, '${{ matrix.runtime }}')
+          trimmedPackages = trimmedPackages.replace(/<RUNTIME_HASH>/g, '${{hashFiles('**/_layout_trims/runtime/**/*')}}')
+          trimmedPackages = trimmedPackages.replace(/<EXTERNALS_HASH>/g, '${{hashFiles('**/_layout_trims/externals/**/*')}}')
+
+          trimmedPackages = trimmedPackages.replace(/<NO_RUNTIME_EXTERNALS_HASH>/g, '${{steps.sha_noruntime_noexternals.outputs.sha256}}')
+          trimmedPackages = trimmedPackages.replace(/<NO_RUNTIME_HASH>/g, '${{steps.sha_noruntime.outputs.sha256}}')
+          trimmedPackages = trimmedPackages.replace(/<NO_EXTERNALS_HASH>/g, '${{steps.sha_noexternals.outputs.sha256}}')
+
+          console.log(trimmedPackages)
+          fs.writeFileSync('${{ matrix.runtime }}-trimmedpackages.json', trimmedPackages)
+
+    - name: Create trimmedpackages.json for ${{ matrix.runtime }}
+      if: matrix.runtime != 'win-x64'
+      uses: actions/github-script@0.3.0
+      with:
+        github-token: ${{secrets.GITHUB_TOKEN}}
+        script: |
+          const core = require('@actions/core')
+          const fs = require('fs');
+          const runnerVersion = fs.readFileSync('src/runnerversion', 'utf8').replace(/\n$/g, '')
+          var trimmedPackages = fs.readFileSync('src/Misc/trimmedpackages_targz.json', 'utf8').replace(/<RUNNER_VERSION>/g, runnerVersion).replace(/<RUNNER_PLATFORM>/g, '${{ matrix.runtime }}')
+          trimmedPackages = trimmedPackages.replace(/<RUNTIME_HASH>/g, '${{hashFiles('**/_layout_trims/runtime/**/*')}}')
+          trimmedPackages = trimmedPackages.replace(/<EXTERNALS_HASH>/g, '${{hashFiles('**/_layout_trims/externals/**/*')}}')
+
+          trimmedPackages = trimmedPackages.replace(/<NO_RUNTIME_EXTERNALS_HASH>/g, '${{steps.sha_noruntime_noexternals.outputs.sha256}}')
+          trimmedPackages = trimmedPackages.replace(/<NO_RUNTIME_HASH>/g, '${{steps.sha_noruntime.outputs.sha256}}')
+          trimmedPackages = trimmedPackages.replace(/<NO_EXTERNALS_HASH>/g, '${{steps.sha_noexternals.outputs.sha256}}')
+
+          console.log(trimmedPackages)
+          fs.writeFileSync('${{ matrix.runtime }}-trimmedpackages.json', trimmedPackages)
+
+    # Upload runner package tar.gz/zip as artifact.
+    # Since each package name is unique, so we don't need to put ${{matrix}} info into artifact name
+    - name: Publish Artifact
+      if: github.event_name != 'pull_request'
+      uses: actions/upload-artifact@v2
+      with:
+        name: runner-packages
+        path: |
+          _package
+          _package_trims/trim_externals
+          _package_trims/trim_runtime
+          _package_trims/trim_runtime_externals
+          ${{ matrix.runtime }}-trimmedpackages.json
+
   release:
     needs: build
     runs-on: ubuntu-latest
@@ -150,6 +242,21 @@ jobs:
           releaseNote = releaseNote.replace(/<LINUX_X64_SHA>/g, '${{needs.build.outputs.linux-x64-sha}}')
           releaseNote = releaseNote.replace(/<LINUX_ARM_SHA>/g, '${{needs.build.outputs.linux-arm-sha}}')
           releaseNote = releaseNote.replace(/<LINUX_ARM64_SHA>/g, '${{needs.build.outputs.linux-arm64-sha}}')
+          releaseNote = releaseNote.replace(/<WIN_X64_SHA_NOEXTERNALS>/g, '${{needs.build.outputs.win-x64-sha-noexternals}}')
+          releaseNote = releaseNote.replace(/<OSX_X64_SHA_NOEXTERNALS>/g, '${{needs.build.outputs.osx-x64-sha-noexternals}}')
+          releaseNote = releaseNote.replace(/<LINUX_X64_SHA_NOEXTERNALS>/g, '${{needs.build.outputs.linux-x64-sha-noexternals}}')
+          releaseNote = releaseNote.replace(/<LINUX_ARM_SHA_NOEXTERNALS>/g, '${{needs.build.outputs.linux-arm-sha-noexternals}}')
+          releaseNote = releaseNote.replace(/<LINUX_ARM64_SHA_NOEXTERNALS>/g, '${{needs.build.outputs.linux-arm64-sha-noexternals}}')
+          releaseNote = releaseNote.replace(/<WIN_X64_SHA_NORUNTIME>/g, '${{needs.build.outputs.win-x64-sha-noruntime}}')
+          releaseNote = releaseNote.replace(/<OSX_X64_SHA_NORUNTIME>/g, '${{needs.build.outputs.osx-x64-sha-noruntime}}')
+          releaseNote = releaseNote.replace(/<LINUX_X64_SHA_NORUNTIME>/g, '${{needs.build.outputs.linux-x64-sha-noruntime}}')
+          releaseNote = releaseNote.replace(/<LINUX_ARM_SHA_NORUNTIME>/g, '${{needs.build.outputs.linux-arm-sha-noruntime}}')
+          releaseNote = releaseNote.replace(/<LINUX_ARM64_SHA_NORUNTIME>/g, '${{needs.build.outputs.linux-arm64-sha-noruntime}}')
+          releaseNote = releaseNote.replace(/<WIN_X64_SHA_NORUNTIME_NOEXTERNALS>/g, '${{needs.build.outputs.win-x64-sha-noruntime-noexternals}}')
+          releaseNote = releaseNote.replace(/<OSX_X64_SHA_NORUNTIME_NOEXTERNALS>/g, '${{needs.build.outputs.osx-x64-sha-noruntime-noexternals}}')
+          releaseNote = releaseNote.replace(/<LINUX_X64_SHA_NORUNTIME_NOEXTERNALS>/g, '${{needs.build.outputs.linux-x64-sha-noruntime-noexternals}}')
+          releaseNote = releaseNote.replace(/<LINUX_ARM_SHA_NORUNTIME_NOEXTERNALS>/g, '${{needs.build.outputs.linux-arm-sha-noruntime-noexternals}}')
+          releaseNote = releaseNote.replace(/<LINUX_ARM64_SHA_NORUNTIME_NOEXTERNALS>/g, '${{needs.build.outputs.linux-arm64-sha-noruntime-noexternals}}')
           console.log(releaseNote)
           core.setOutput('version', runnerVersion);
           core.setOutput('note', releaseNote);
@@ -164,16 +271,15 @@ jobs:
         release_name: "v${{ steps.releaseNote.outputs.version }}"
         body: |
           ${{ steps.releaseNote.outputs.note }}
-        prerelease: true
 
-    # Upload release assets
+    # Upload release assets (full runner packages)
     - name: Upload Release Asset (win-x64)
       uses: actions/upload-release-asset@v1.0.1
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
         upload_url: ${{ steps.createRelease.outputs.upload_url }}
-        asset_path: ${{ github.workspace }}/actions-runner-win-x64-${{ steps.releaseNote.outputs.version }}.zip
+        asset_path: ${{ github.workspace }}/_package/actions-runner-win-x64-${{ steps.releaseNote.outputs.version }}.zip
         asset_name: actions-runner-win-x64-${{ steps.releaseNote.outputs.version }}.zip
         asset_content_type: application/octet-stream
 
@@ -183,7 +289,7 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
         upload_url: ${{ steps.createRelease.outputs.upload_url }}
-        asset_path: ${{ github.workspace }}/actions-runner-linux-x64-${{ steps.releaseNote.outputs.version }}.tar.gz
+        asset_path: ${{ github.workspace }}/_package/actions-runner-linux-x64-${{ steps.releaseNote.outputs.version }}.tar.gz
         asset_name: actions-runner-linux-x64-${{ steps.releaseNote.outputs.version }}.tar.gz
         asset_content_type: application/octet-stream
 
@@ -193,7 +299,7 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
         upload_url: ${{ steps.createRelease.outputs.upload_url }}
-        asset_path: ${{ github.workspace }}/actions-runner-osx-x64-${{ steps.releaseNote.outputs.version }}.tar.gz
+        asset_path: ${{ github.workspace }}/_package/actions-runner-osx-x64-${{ steps.releaseNote.outputs.version }}.tar.gz
         asset_name: actions-runner-osx-x64-${{ steps.releaseNote.outputs.version }}.tar.gz
         asset_content_type: application/octet-stream
 
@@ -203,7 +309,7 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
         upload_url: ${{ steps.createRelease.outputs.upload_url }}
-        asset_path: ${{ github.workspace }}/actions-runner-linux-arm-${{ steps.releaseNote.outputs.version }}.tar.gz
+        asset_path: ${{ github.workspace }}/_package/actions-runner-linux-arm-${{ steps.releaseNote.outputs.version }}.tar.gz
         asset_name: actions-runner-linux-arm-${{ steps.releaseNote.outputs.version }}.tar.gz
         asset_content_type: application/octet-stream
 
@@ -213,6 +319,210 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
         upload_url: ${{ steps.createRelease.outputs.upload_url }}
-        asset_path: ${{ github.workspace }}/actions-runner-linux-arm64-${{ steps.releaseNote.outputs.version }}.tar.gz
+        asset_path: ${{ github.workspace }}/_package/actions-runner-linux-arm64-${{ steps.releaseNote.outputs.version }}.tar.gz
         asset_name: actions-runner-linux-arm64-${{ steps.releaseNote.outputs.version }}.tar.gz
         asset_content_type: application/octet-stream
+
+    # Upload release assets (trim externals)
+    - name: Upload Release Asset (win-x64-noexternals)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_externals/actions-runner-win-x64-${{ steps.releaseNote.outputs.version }}-noexternals.zip
+        asset_name: actions-runner-win-x64-${{ steps.releaseNote.outputs.version }}-noexternals.zip
+        asset_content_type: application/octet-stream
+
+    - name: Upload Release Asset (linux-x64-noexternals)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_externals/actions-runner-linux-x64-${{ steps.releaseNote.outputs.version }}-noexternals.tar.gz
+        asset_name: actions-runner-linux-x64-${{ steps.releaseNote.outputs.version }}-noexternals.tar.gz
+        asset_content_type: application/octet-stream
+
+    - name: Upload Release Asset (osx-x64-noexternals)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_externals/actions-runner-osx-x64-${{ steps.releaseNote.outputs.version }}-noexternals.tar.gz
+        asset_name: actions-runner-osx-x64-${{ steps.releaseNote.outputs.version }}-noexternals.tar.gz
+        asset_content_type: application/octet-stream
+
+    - name: Upload Release Asset (linux-arm-noexternals)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_externals/actions-runner-linux-arm-${{ steps.releaseNote.outputs.version }}-noexternals.tar.gz
+        asset_name: actions-runner-linux-arm-${{ steps.releaseNote.outputs.version }}-noexternals.tar.gz
+        asset_content_type: application/octet-stream
+
+    - name: Upload Release Asset (linux-arm64-noexternals)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_externals/actions-runner-linux-arm64-${{ steps.releaseNote.outputs.version }}-noexternals.tar.gz
+        asset_name: actions-runner-linux-arm64-${{ steps.releaseNote.outputs.version }}-noexternals.tar.gz
+        asset_content_type: application/octet-stream
+
+    # Upload release assets (trim runtime)
+    - name: Upload Release Asset (win-x64-noruntime)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_runtime/actions-runner-win-x64-${{ steps.releaseNote.outputs.version }}-noruntime.zip
+        asset_name: actions-runner-win-x64-${{ steps.releaseNote.outputs.version }}-noruntime.zip
+        asset_content_type: application/octet-stream
+
+    - name: Upload Release Asset (linux-x64-noruntime)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_runtime/actions-runner-linux-x64-${{ steps.releaseNote.outputs.version }}-noruntime.tar.gz
+        asset_name: actions-runner-linux-x64-${{ steps.releaseNote.outputs.version }}-noruntime.tar.gz
+        asset_content_type: application/octet-stream
+
+    - name: Upload Release Asset (osx-x64-noruntime)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_runtime/actions-runner-osx-x64-${{ steps.releaseNote.outputs.version }}-noruntime.tar.gz
+        asset_name: actions-runner-osx-x64-${{ steps.releaseNote.outputs.version }}-noruntime.tar.gz
+        asset_content_type: application/octet-stream
+
+    - name: Upload Release Asset (linux-arm-noruntime)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_runtime/actions-runner-linux-arm-${{ steps.releaseNote.outputs.version }}-noruntime.tar.gz
+        asset_name: actions-runner-linux-arm-${{ steps.releaseNote.outputs.version }}-noruntime.tar.gz
+        asset_content_type: application/octet-stream
+
+    - name: Upload Release Asset (linux-arm64-noruntime)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_runtime/actions-runner-linux-arm64-${{ steps.releaseNote.outputs.version }}-noruntime.tar.gz
+        asset_name: actions-runner-linux-arm64-${{ steps.releaseNote.outputs.version }}-noruntime.tar.gz
+        asset_content_type: application/octet-stream
+
+    # Upload release assets (trim runtime and externals)
+    - name: Upload Release Asset (win-x64-noruntime-noexternals)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_runtime_externals/actions-runner-win-x64-${{ steps.releaseNote.outputs.version }}-noruntime-noexternals.zip
+        asset_name: actions-runner-win-x64-${{ steps.releaseNote.outputs.version }}-noruntime-noexternals.zip
+        asset_content_type: application/octet-stream
+
+    - name: Upload Release Asset (linux-x64-noruntime-noexternals)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_runtime_externals/actions-runner-linux-x64-${{ steps.releaseNote.outputs.version }}-noruntime-noexternals.tar.gz
+        asset_name: actions-runner-linux-x64-${{ steps.releaseNote.outputs.version }}-noruntime-noexternals.tar.gz
+        asset_content_type: application/octet-stream
+
+    - name: Upload Release Asset (osx-x64-noruntime-noexternals)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_runtime_externals/actions-runner-osx-x64-${{ steps.releaseNote.outputs.version }}-noruntime-noexternals.tar.gz
+        asset_name: actions-runner-osx-x64-${{ steps.releaseNote.outputs.version }}-noruntime-noexternals.tar.gz
+        asset_content_type: application/octet-stream
+
+    - name: Upload Release Asset (linux-arm-noruntime-noexternals)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_runtime_externals/actions-runner-linux-arm-${{ steps.releaseNote.outputs.version }}-noruntime-noexternals.tar.gz
+        asset_name: actions-runner-linux-arm-${{ steps.releaseNote.outputs.version }}-noruntime-noexternals.tar.gz
+        asset_content_type: application/octet-stream
+
+    - name: Upload Release Asset (linux-arm64-noruntime-noexternals)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_runtime_externals/actions-runner-linux-arm64-${{ steps.releaseNote.outputs.version }}-noruntime-noexternals.tar.gz
+        asset_name: actions-runner-linux-arm64-${{ steps.releaseNote.outputs.version }}-noruntime-noexternals.tar.gz
+        asset_content_type: application/octet-stream
+
+    # Upload release assets (trimmedpackages.json)
+    - name: Upload Release Asset (win-x64-trimmedpackages.json)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/win-x64-trimmedpackages.json
+        asset_name: actions-runner-win-x64-${{ steps.releaseNote.outputs.version }}-trimmedpackages.json
+        asset_content_type: application/octet-stream
+
+    - name: Upload Release Asset (linux-x64-trimmedpackages.json)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/linux-x64-trimmedpackages.json
+        asset_name: actions-runner-linux-x64-${{ steps.releaseNote.outputs.version }}-trimmedpackages.json
+        asset_content_type: application/octet-stream
+
+    - name: Upload Release Asset (osx-x64-trimmedpackages.json)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/osx-x64-trimmedpackages.json
+        asset_name: actions-runner-osx-x64-${{ steps.releaseNote.outputs.version }}-trimmedpackages.json
+        asset_content_type: application/octet-stream
+
+    - name: Upload Release Asset (linux-arm-trimmedpackages.json)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/linux-arm-trimmedpackages.json
+        asset_name: actions-runner-linux-arm-${{ steps.releaseNote.outputs.version }}-trimmedpackages.json
+        asset_content_type: application/octet-stream
+
+    - name: Upload Release Asset (linux-arm64-trimmedpackages.json)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/linux-arm64-trimmedpackages.json
+        asset_name: actions-runner-linux-arm64-${{ steps.releaseNote.outputs.version }}-trimmedpackages.json
+        asset_content_type: application/octet-stream

.gitignore

@@ -19,7 +19,9 @@
 node_modules
 _downloads
 _layout
+_layout_trims
 _package
+_package_trims
 _dotnetsdk
 TestResults
 TestLogs

docs/start/envlinux.md

@@ -23,8 +23,8 @@ You might see something like this which indicate a dependency's missing.
 ./config.sh
     libunwind.so.8 => not found
     libunwind-x86_64.so.8 => not found
-Dependencies is missing for Dotnet Core 3.0
-Execute ./bin/installdependencies.sh to install any missing Dotnet Core 3.0 dependencies.
+Dependencies is missing for Dotnet Core 6.0
+Execute ./bin/installdependencies.sh to install any missing Dotnet Core 6.0 dependencies.
 ```
 You can easily correct the problem by executing `./bin/installdependencies.sh`.  
 The `installdependencies.sh` script should install all required dependencies on all supported Linux versions  

releaseNote.md

@@ -1,16 +1,14 @@
 ## Features
 
-- n/a
+- N/A
 
 ## Bugs
 
-- Fixed an issue where container environment variables names or values could escape the docker command (#2108)
-
+- Fix breaking change in dotnet 6 around globalization-invariant. (#1609)
 
 ## Misc
 
-- n/a
-
+- N/A
 
 ## Windows x64
 We recommend configuring the runner in a root folder of the Windows drive (e.g. "C:\actions-runner"). This will help avoid issues related to service identity folder permissions and long file path restrictions on Windows.
@@ -82,3 +80,21 @@ The SHA-256 checksums for the packages included in this build are shown below:
 - actions-runner-linux-x64-<RUNNER_VERSION>.tar.gz <!-- BEGIN SHA linux-x64 --><LINUX_X64_SHA><!-- END SHA linux-x64 -->
 - actions-runner-linux-arm64-<RUNNER_VERSION>.tar.gz <!-- BEGIN SHA linux-arm64 --><LINUX_ARM64_SHA><!-- END SHA linux-arm64 -->
 - actions-runner-linux-arm-<RUNNER_VERSION>.tar.gz <!-- BEGIN SHA linux-arm --><LINUX_ARM_SHA><!-- END SHA linux-arm -->
+
+- actions-runner-win-x64-<RUNNER_VERSION>-noexternals.zip <!-- BEGIN SHA win-x64_noexternals --><WIN_X64_SHA_NOEXTERNALS><!-- END SHA win-x64_noexternals -->
+- actions-runner-osx-x64-<RUNNER_VERSION>-noexternals.tar.gz <!-- BEGIN SHA osx-x64_noexternals --><OSX_X64_SHA_NOEXTERNALS><!-- END SHA osx-x64_noexternals -->
+- actions-runner-linux-x64-<RUNNER_VERSION>-noexternals.tar.gz <!-- BEGIN SHA linux-x64_noexternals --><LINUX_X64_SHA_NOEXTERNALS><!-- END SHA linux-x64_noexternals -->
+- actions-runner-linux-arm64-<RUNNER_VERSION>-noexternals.tar.gz <!-- BEGIN SHA linux-arm64_noexternals --><LINUX_ARM64_SHA_NOEXTERNALS><!-- END SHA linux-arm64_noexternals -->
+- actions-runner-linux-arm-<RUNNER_VERSION>-noexternals.tar.gz <!-- BEGIN SHA linux-arm_noexternals --><LINUX_ARM_SHA_NOEXTERNALS><!-- END SHA linux-arm_noexternals -->
+
+- actions-runner-win-x64-<RUNNER_VERSION>-noruntime.zip <!-- BEGIN SHA win-x64_noruntime --><WIN_X64_SHA_NORUNTIME><!-- END SHA win-x64_noruntime -->
+- actions-runner-osx-x64-<RUNNER_VERSION>-noruntime.tar.gz <!-- BEGIN SHA osx-x64_noruntime --><OSX_X64_SHA_NORUNTIME><!-- END SHA osx-x64_noruntime -->
+- actions-runner-linux-x64-<RUNNER_VERSION>-noruntime.tar.gz <!-- BEGIN SHA linux-x64_noruntime --><LINUX_X64_SHA_NORUNTIME><!-- END SHA linux-x64_noruntime -->
+- actions-runner-linux-arm64-<RUNNER_VERSION>-noruntime.tar.gz <!-- BEGIN SHA linux-arm64_noruntime --><LINUX_ARM64_SHA_NORUNTIME><!-- END SHA linux-arm64_noruntime -->
+- actions-runner-linux-arm-<RUNNER_VERSION>-noruntime.tar.gz <!-- BEGIN SHA linux-arm_noruntime --><LINUX_ARM_SHA_NORUNTIME><!-- END SHA linux-arm_noruntime -->
+
+- actions-runner-win-x64-<RUNNER_VERSION>-noruntime-noexternals.zip <!-- BEGIN SHA win-x64_noruntime_noexternals --><WIN_X64_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA win-x64_noruntime_noexternals -->
+- actions-runner-osx-x64-<RUNNER_VERSION>-noruntime-noexternals.tar.gz <!-- BEGIN SHA osx-x64_noruntime_noexternals --><OSX_X64_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA osx-x64_noruntime_noexternals -->
+- actions-runner-linux-x64-<RUNNER_VERSION>-noruntime-noexternals.tar.gz <!-- BEGIN SHA linux-x64_noruntime_noexternals --><LINUX_X64_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA linux-x64_noruntime_noexternals -->
+- actions-runner-linux-arm64-<RUNNER_VERSION>-noruntime-noexternals.tar.gz <!-- BEGIN SHA linux-arm64_noruntime_noexternals --><LINUX_ARM64_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA linux-arm64_noruntime_noexternals -->
+- actions-runner-linux-arm-<RUNNER_VERSION>-noruntime-noexternals.tar.gz <!-- BEGIN SHA linux-arm_noruntime_noexternals --><LINUX_ARM_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA linux-arm_noruntime_noexternals -->

releaseVersion

@@ -1 +1 @@
-2.285.2
+2.286.1

src/Misc/contentHash/dotnetRuntime/linux-arm

@@ -0,0 +1 @@
+de62d296708908cfd1236e58869aebbc2bae8a8c3d629276968542626c508e37

src/Misc/contentHash/dotnetRuntime/linux-arm64

@@ -0,0 +1 @@
+44fcd0422dd98ed17d2c8e9057ff2260c50165f20674236a4ae7d2645a07df25

src/Misc/contentHash/dotnetRuntime/linux-x64

@@ -0,0 +1 @@
+e57652cf322ee16ce3af4f9e58f80858746b9e1e60279e991a3b3d9a6baf8d79

src/Misc/contentHash/dotnetRuntime/osx-x64

@@ -0,0 +1 @@
+bdd247b2ff3f51095524412e2ac588e7a87af805e114d6caf2368366ee7be1ea

src/Misc/contentHash/dotnetRuntime/win-x64

@@ -0,0 +1 @@
+d23a0cb9f20c0aa1cddb7a39567cd097020cdeb06a1e952940601d1a405c53b8

src/Misc/contentHash/externals/linux-arm

@@ -0,0 +1 @@
+6ca4a0e1c50b7079ead05321dcf5835c1c25f23dc632add8c1c4667d416d103e

src/Misc/contentHash/externals/linux-arm64

@@ -0,0 +1 @@
+b5951dc607d782d9c7571a7224e940eb0975bb23c54ff25c7afdbf959a417081

src/Misc/contentHash/externals/linux-x64

@@ -0,0 +1 @@
+af819e92011cc9cbca90e8299f9f7651f2cf6bf45b42920f9a4ca22795486147

src/Misc/contentHash/externals/osx-x64

@@ -0,0 +1 @@
+aa0e6bf4bfaabf48c962ea3b262dca042629ab332005f73d282faec908847036

src/Misc/contentHash/externals/win-x64

@@ -0,0 +1 @@
+40328cff2b8229f9b578f32739183bd8f6aab481c21dadc052b09f1c7e8e4665

src/Misc/layoutroot/config.sh

@@ -8,7 +8,7 @@ if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then
     exit 1
 fi
 
-# Check dotnet core 3.0 dependencies for Linux
+# Check dotnet Core 6.0 dependencies for Linux
 if [[ (`uname` == "Linux") ]]
 then
     command -v ldd > /dev/null
@@ -18,25 +18,25 @@ then
         exit 1
     fi
 
-    message="Execute sudo ./bin/installdependencies.sh to install any missing Dotnet Core 3.0 dependencies."
+    message="Execute sudo ./bin/installdependencies.sh to install any missing Dotnet Core 6.0 dependencies."
 
     ldd ./bin/libcoreclr.so | grep 'not found'
     if [ $? -eq 0 ]; then
-        echo "Dependencies is missing for Dotnet Core 3.0"
+        echo "Dependencies is missing for Dotnet Core 6.0"
         echo $message
         exit 1
     fi
 
-    ldd ./bin/System.Security.Cryptography.Native.OpenSsl.so | grep 'not found'
+    ldd ./bin/libSystem.Security.Cryptography.Native.OpenSsl.so | grep 'not found'
     if [ $? -eq 0 ]; then
-        echo "Dependencies is missing for Dotnet Core 3.0"
+        echo "Dependencies is missing for Dotnet Core 6.0"
         echo $message
         exit 1
     fi
 
-    ldd ./bin/System.IO.Compression.Native.so | grep 'not found'
+    ldd ./bin/libSystem.IO.Compression.Native.so | grep 'not found'
     if [ $? -eq 0 ]; then
-        echo "Dependencies is missing for Dotnet Core 3.0"
+        echo "Dependencies is missing for Dotnet Core 6.0"
         echo $message
         exit 1
     fi
@@ -54,7 +54,7 @@ then
     libpath=${LD_LIBRARY_PATH:-}
     $LDCONFIG_COMMAND -NXv ${libpath//:/ } 2>&1 | grep libicu >/dev/null 2>&1
     if [ $? -ne 0 ]; then
-        echo "Libicu's dependencies is missing for Dotnet Core 3.0"
+        echo "Libicu's dependencies is missing for Dotnet Core 6.0"
         echo $message
         exit 1
     fi

src/Misc/runnercoreassets

@@ -0,0 +1,57 @@
+actions.runner.plist.template
+actions.runner.service.template
+checkScripts/downloadCert.js
+checkScripts/makeWebRequest.js
+darwin.svc.sh.template
+hashFiles/index.js
+installdependencies.sh
+macos-run-invoker.js
+Microsoft.IdentityModel.Logging.dll
+Microsoft.IdentityModel.Tokens.dll
+Minimatch.dll
+Newtonsoft.Json.Bson.dll
+Newtonsoft.Json.dll
+Runner.Common.deps.json
+Runner.Common.dll
+Runner.Common.pdb
+Runner.Listener
+Runner.Listener.deps.json
+Runner.Listener.dll
+Runner.Listener.exe
+Runner.Listener.pdb
+Runner.Listener.runtimeconfig.json
+Runner.PluginHost
+Runner.PluginHost.deps.json
+Runner.PluginHost.dll
+Runner.PluginHost.exe
+Runner.PluginHost.pdb
+Runner.PluginHost.runtimeconfig.json
+Runner.Plugins.deps.json
+Runner.Plugins.dll
+Runner.Plugins.pdb
+Runner.Sdk.deps.json
+Runner.Sdk.dll
+Runner.Sdk.pdb
+Runner.Worker
+Runner.Worker.deps.json
+Runner.Worker.dll
+Runner.Worker.exe
+Runner.Worker.pdb
+Runner.Worker.runtimeconfig.json
+RunnerService.exe
+RunnerService.exe.config
+RunnerService.js
+RunnerService.pdb
+runsvc.sh
+Sdk.deps.json
+Sdk.dll
+Sdk.pdb
+System.IdentityModel.Tokens.Jwt.dll
+System.Net.Http.Formatting.dll
+System.Security.Cryptography.Pkcs.dll
+System.Security.Cryptography.ProtectedData.dll
+System.ServiceProcess.ServiceController.dll
+systemd.svc.sh.template
+update.cmd.template
+update.sh.template
+YamlDotNet.dll

src/Misc/runnerdotnetruntimeassets

@@ -0,0 +1,263 @@
+api-ms-win-core-console-l1-1-0.dll
+api-ms-win-core-console-l1-2-0.dll
+api-ms-win-core-datetime-l1-1-0.dll
+api-ms-win-core-debug-l1-1-0.dll
+api-ms-win-core-errorhandling-l1-1-0.dll
+api-ms-win-core-file-l1-1-0.dll
+api-ms-win-core-file-l1-2-0.dll
+api-ms-win-core-file-l2-1-0.dll
+api-ms-win-core-handle-l1-1-0.dll
+api-ms-win-core-heap-l1-1-0.dll
+api-ms-win-core-interlocked-l1-1-0.dll
+api-ms-win-core-libraryloader-l1-1-0.dll
+api-ms-win-core-localization-l1-2-0.dll
+api-ms-win-core-memory-l1-1-0.dll
+api-ms-win-core-namedpipe-l1-1-0.dll
+api-ms-win-core-processenvironment-l1-1-0.dll
+api-ms-win-core-processthreads-l1-1-0.dll
+api-ms-win-core-processthreads-l1-1-1.dll
+api-ms-win-core-profile-l1-1-0.dll
+api-ms-win-core-rtlsupport-l1-1-0.dll
+api-ms-win-core-string-l1-1-0.dll
+api-ms-win-core-synch-l1-1-0.dll
+api-ms-win-core-synch-l1-2-0.dll
+api-ms-win-core-sysinfo-l1-1-0.dll
+api-ms-win-core-timezone-l1-1-0.dll
+api-ms-win-core-util-l1-1-0.dll
+api-ms-win-crt-conio-l1-1-0.dll
+api-ms-win-crt-convert-l1-1-0.dll
+api-ms-win-crt-environment-l1-1-0.dll
+api-ms-win-crt-filesystem-l1-1-0.dll
+api-ms-win-crt-heap-l1-1-0.dll
+api-ms-win-crt-locale-l1-1-0.dll
+api-ms-win-crt-math-l1-1-0.dll
+api-ms-win-crt-multibyte-l1-1-0.dll
+api-ms-win-crt-private-l1-1-0.dll
+api-ms-win-crt-process-l1-1-0.dll
+api-ms-win-crt-runtime-l1-1-0.dll
+api-ms-win-crt-stdio-l1-1-0.dll
+api-ms-win-crt-string-l1-1-0.dll
+api-ms-win-crt-time-l1-1-0.dll
+api-ms-win-crt-utility-l1-1-0.dll
+clrcompression.dll
+clretwrc.dll
+clrjit.dll
+coreclr.dll
+createdump
+createdump.exe
+dbgshim.dll
+hostfxr.dll
+hostpolicy.dll
+libclrjit.dylib
+libclrjit.so
+libcoreclr.dylib
+libcoreclr.so
+libcoreclrtraceptprovider.so
+libdbgshim.dylib
+libdbgshim.so
+libhostfxr.dylib
+libhostfxr.so
+libhostpolicy.dylib
+libhostpolicy.so
+libmscordaccore.dylib
+libmscordaccore.so
+libmscordbi.dylib
+libmscordbi.so
+Microsoft.CSharp.dll
+Microsoft.DiaSymReader.Native.amd64.dll
+Microsoft.VisualBasic.Core.dll
+Microsoft.VisualBasic.dll
+Microsoft.Win32.Primitives.dll
+Microsoft.Win32.Registry.dll
+mscordaccore.dll
+mscordaccore_amd64_amd64_6.0.21.52210.dll
+mscordbi.dll
+mscorlib.dll
+mscorrc.debug.dll
+mscorrc.dll
+msquic.dll
+netstandard.dll
+SOS_README.md
+System.AppContext.dll
+System.Buffers.dll
+System.Collections.Concurrent.dll
+System.Collections.dll
+System.Collections.Immutable.dll
+System.Collections.NonGeneric.dll
+System.Collections.Specialized.dll
+System.ComponentModel.Annotations.dll
+System.ComponentModel.DataAnnotations.dll
+System.ComponentModel.dll
+System.ComponentModel.EventBasedAsync.dll
+System.ComponentModel.Primitives.dll
+System.ComponentModel.TypeConverter.dll
+System.Configuration.dll
+System.Console.dll
+System.Core.dll
+System.Data.Common.dll
+System.Data.DataSetExtensions.dll
+System.Data.dll
+System.Diagnostics.Contracts.dll
+System.Diagnostics.Debug.dll
+System.Diagnostics.DiagnosticSource.dll
+System.Diagnostics.FileVersionInfo.dll
+System.Diagnostics.Process.dll
+System.Diagnostics.StackTrace.dll
+System.Diagnostics.TextWriterTraceListener.dll
+System.Diagnostics.Tools.dll
+System.Diagnostics.TraceSource.dll
+System.Diagnostics.Tracing.dll
+System.dll
+System.Drawing.dll
+System.Drawing.Primitives.dll
+System.Dynamic.Runtime.dll
+System.Formats.Asn1.dll
+System.Globalization.Calendars.dll
+System.Globalization.dll
+System.Globalization.Extensions.dll
+System.Globalization.Native.dylib
+System.Globalization.Native.so
+System.IO.Compression.Brotli.dll
+System.IO.Compression.dll
+System.IO.Compression.FileSystem.dll
+System.IO.Compression.Native.a
+System.IO.Compression.Native.dll
+System.IO.Compression.Native.dylib
+System.IO.Compression.Native.so
+System.IO.Compression.ZipFile.dll
+System.IO.dll
+System.IO.FileSystem.AccessControl.dll
+System.IO.FileSystem.dll
+System.IO.FileSystem.DriveInfo.dll
+System.IO.FileSystem.Primitives.dll
+System.IO.FileSystem.Watcher.dll
+System.IO.IsolatedStorage.dll
+System.IO.MemoryMappedFiles.dll
+System.IO.Pipes.AccessControl.dll
+System.IO.Pipes.dll
+System.IO.UnmanagedMemoryStream.dll
+System.Linq.dll
+System.Linq.Expressions.dll
+System.Linq.Parallel.dll
+System.Linq.Queryable.dll
+System.Memory.dll
+System.Native.a
+System.Native.dylib
+System.Native.so
+System.Net.dll
+System.Net.Http.dll
+System.Net.Http.Json.dll
+System.Net.Http.Native.a
+System.Net.Http.Native.dylib
+System.Net.Http.Native.so
+System.Net.HttpListener.dll
+System.Net.Mail.dll
+System.Net.NameResolution.dll
+System.Net.NetworkInformation.dll
+System.Net.Ping.dll
+System.Net.Primitives.dll
+System.Net.Quic.dll
+System.Net.Requests.dll
+System.Net.Security.dll
+System.Net.Security.Native.a
+System.Net.Security.Native.dylib
+System.Net.Security.Native.so
+System.Net.ServicePoint.dll
+System.Net.Sockets.dll
+System.Net.WebClient.dll
+System.Net.WebHeaderCollection.dll
+System.Net.WebProxy.dll
+System.Net.WebSockets.Client.dll
+System.Net.WebSockets.dll
+System.Numerics.dll
+System.Numerics.Vectors.dll
+System.ObjectModel.dll
+System.Private.CoreLib.dll
+System.Private.DataContractSerialization.dll
+System.Private.Uri.dll
+System.Private.Xml.dll
+System.Private.Xml.Linq.dll
+System.Reflection.DispatchProxy.dll
+System.Reflection.dll
+System.Reflection.Emit.dll
+System.Reflection.Emit.ILGeneration.dll
+System.Reflection.Emit.Lightweight.dll
+System.Reflection.Extensions.dll
+System.Reflection.Metadata.dll
+System.Reflection.Primitives.dll
+System.Reflection.TypeExtensions.dll
+System.Resources.Reader.dll
+System.Resources.ResourceManager.dll
+System.Resources.Writer.dll
+System.Runtime.CompilerServices.Unsafe.dll
+System.Runtime.CompilerServices.VisualC.dll
+System.Runtime.dll
+System.Runtime.Extensions.dll
+System.Runtime.Handles.dll
+System.Runtime.InteropServices.dll
+System.Runtime.InteropServices.RuntimeInformation.dll
+System.Runtime.InteropServices.WindowsRuntime.dll
+System.Runtime.Intrinsics.dll
+System.Runtime.Loader.dll
+System.Runtime.Numerics.dll
+System.Runtime.Serialization.dll
+System.Runtime.Serialization.Formatters.dll
+System.Runtime.Serialization.Json.dll
+System.Runtime.Serialization.Primitives.dll
+System.Runtime.Serialization.Xml.dll
+System.Runtime.WindowsRuntime.dll
+System.Runtime.WindowsRuntime.UI.Xaml.dll
+System.Security.AccessControl.dll
+System.Security.Claims.dll
+System.Security.Cryptography.Algorithms.dll
+System.Security.Cryptography.Cng.dll
+System.Security.Cryptography.Csp.dll
+System.Security.Cryptography.Encoding.dll
+System.Security.Cryptography.Native.Apple.a
+System.Security.Cryptography.Native.Apple.dylib
+System.Security.Cryptography.Native.OpenSsl.a
+System.Security.Cryptography.Native.OpenSsl.dylib
+System.Security.Cryptography.Native.OpenSsl.so
+System.Security.Cryptography.OpenSsl.dll
+System.Security.Cryptography.Primitives.dll
+System.Security.Cryptography.X509Certificates.dll
+System.Security.Cryptography.XCertificates.dll
+System.Security.dll
+System.Security.Principal.dll
+System.Security.Principal.Windows.dll
+System.Security.SecureString.dll
+System.ServiceModel.Web.dll
+System.ServiceProcess.dll
+System.Text.Encoding.CodePages.dll
+System.Text.Encoding.dll
+System.Text.Encoding.Extensions.dll
+System.Text.Encodings.Web.dll
+System.Text.Json.dll
+System.Text.RegularExpressions.dll
+System.Threading.Channels.dll
+System.Threading.dll
+System.Threading.Overlapped.dll
+System.Threading.Tasks.Dataflow.dll
+System.Threading.Tasks.dll
+System.Threading.Tasks.Extensions.dll
+System.Threading.Tasks.Parallel.dll
+System.Threading.Thread.dll
+System.Threading.ThreadPool.dll
+System.Threading.Timer.dll
+System.Transactions.dll
+System.Transactions.Local.dll
+System.ValueTuple.dll
+System.Web.dll
+System.Web.HttpUtility.dll
+System.Windows.dll
+System.Xml.dll
+System.Xml.Linq.dll
+System.Xml.ReaderWriter.dll
+System.Xml.Serialization.dll
+System.Xml.XDocument.dll
+System.Xml.XmlDocument.dll
+System.Xml.XmlSerializer.dll
+System.Xml.XPath.dll
+System.Xml.XPath.XDocument.dll
+ucrtbase.dll
+WindowsBase.dll

src/Misc/trimmedpackages_targz.json

@@ -0,0 +1,24 @@
+[
+    {
+        "HashValue": "<NO_RUNTIME_EXTERNALS_HASH>",
+        "DownloadUrl": "https://github.com/actions/runner/releases/download/v<RUNNER_VERSION>/actions-runner-<RUNNER_PLATFORM>-<RUNNER_VERSION>-noruntime-noexternals.tar.gz",
+        "TrimmedContents": {
+            "dotnetRuntime": "<RUNTIME_HASH>",
+            "externals": "<EXTERNALS_HASH>"
+        }
+    },
+    {
+        "HashValue": "<NO_RUNTIME_HASH>",
+        "DownloadUrl": "https://github.com/actions/runner/releases/download/v<RUNNER_VERSION>/actions-runner-<RUNNER_PLATFORM>-<RUNNER_VERSION>-noruntime.tar.gz",
+        "TrimmedContents": {
+            "dotnetRuntime": "<RUNTIME_HASH>"
+        }
+    },
+    {
+        "HashValue": "<NO_EXTERNALS_HASH>",
+        "DownloadUrl": "https://github.com/actions/runner/releases/download/v<RUNNER_VERSION>/actions-runner-<RUNNER_PLATFORM>-<RUNNER_VERSION>-noexternals.tar.gz",
+        "TrimmedContents": {
+            "externals": "<EXTERNALS_HASH>"
+        }
+    }
+]

src/Misc/trimmedpackages_zip.json

@@ -0,0 +1,24 @@
+[
+    {
+        "HashValue": "<NO_RUNTIME_EXTERNALS_HASH>",
+        "DownloadUrl": "https://github.com/actions/runner/releases/download/v<RUNNER_VERSION>/actions-runner-<RUNNER_PLATFORM>-<RUNNER_VERSION>-noruntime-noexternals.zip",
+        "TrimmedContents": {
+            "dotnetRuntime": "<RUNTIME_HASH>",
+            "externals": "<EXTERNALS_HASH>"
+        }
+    },
+    {
+        "HashValue": "<NO_RUNTIME_HASH>",
+        "DownloadUrl": "https://github.com/actions/runner/releases/download/v<RUNNER_VERSION>/actions-runner-<RUNNER_PLATFORM>-<RUNNER_VERSION>-noruntime.zip",
+        "TrimmedContents": {
+            "dotnetRuntime": "<RUNTIME_HASH>"
+        }
+    },
+    {
+        "HashValue": "<NO_EXTERNALS_HASH>",
+        "DownloadUrl": "https://github.com/actions/runner/releases/download/v<RUNNER_VERSION>/actions-runner-<RUNNER_PLATFORM>-<RUNNER_VERSION>-noexternals.zip",
+        "TrimmedContents": {
+            "externals": "<EXTERNALS_HASH>"
+        }
+    }
+]

src/Runner.Common/HostContext.cs

@@ -98,14 +98,14 @@ namespace GitHub.Runner.Common
             {
                 int logPageSize;
                 string logSizeEnv = Environment.GetEnvironmentVariable($"{hostType.ToUpperInvariant()}_LOGSIZE");
-                if (!string.IsNullOrEmpty(logSizeEnv) || !int.TryParse(logSizeEnv, out logPageSize))
+                if (string.IsNullOrEmpty(logSizeEnv) || !int.TryParse(logSizeEnv, out logPageSize))
                 {
                     logPageSize = _defaultLogPageSize;
                 }
 
                 int logRetentionDays;
                 string logRetentionDaysEnv = Environment.GetEnvironmentVariable($"{hostType.ToUpperInvariant()}_LOGRETENTION");
-                if (!string.IsNullOrEmpty(logRetentionDaysEnv) || !int.TryParse(logRetentionDaysEnv, out logRetentionDays))
+                if (string.IsNullOrEmpty(logRetentionDaysEnv) || !int.TryParse(logRetentionDaysEnv, out logRetentionDays))
                 {
                     logRetentionDays = _defaultLogRetentionDays;
                 }

src/Runner.Common/Runner.Common.csproj

@@ -1,13 +1,12 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFramework>net6.0</TargetFramework>
     <OutputType>Library</OutputType>
     <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64</RuntimeIdentifiers>
     <TargetLatestRuntimePatch>true</TargetLatestRuntimePatch>
     <NoWarn>NU1701;NU1603</NoWarn>
     <Version>$(Version)</Version>
-    <TieredCompilationQuickJit>true</TieredCompilationQuickJit>
   </PropertyGroup>
 
   <ItemGroup>

src/Runner.Listener/CommandSettings.cs

@@ -243,6 +243,7 @@ namespace GitHub.Runner.Listener
                 validator: Validators.ServerUrlValidator);
         }
 
+#if OS_WINDOWS
         public string GetWindowsLogonAccount(string defaultValue, string descriptionMsg)
         {
             return GetArgOrPrompt(
@@ -260,7 +261,7 @@ namespace GitHub.Runner.Listener
                 defaultValue: string.Empty,
                 validator: Validators.NonEmptyValidator);
         }
-
+#endif
         public string GetWork()
         {
             return GetArgOrPrompt(

src/Runner.Listener/Configuration/NativeWindowsServiceHelper.cs

@@ -1,4 +1,5 @@
 #if OS_WINDOWS
+#pragma warning disable CA1416
 using System;
 using System.Collections;
 using System.Collections.Generic;
@@ -1327,4 +1328,5 @@ namespace GitHub.Runner.Listener.Configuration
         public IntPtr hProfile;
     }
 }
+#pragma warning restore CA1416
 #endif

src/Runner.Listener/Configuration/Validators.cs

@@ -67,6 +67,8 @@ namespace GitHub.Runner.Listener.Configuration
             return !string.IsNullOrEmpty(value);
         }
 
+#if OS_WINDOWS
+#pragma warning disable CA1416
         public static bool NTAccountValidator(string arg)
         {
             if (string.IsNullOrEmpty(arg) || String.IsNullOrEmpty(arg.TrimStart('.', '\\')))
@@ -87,5 +89,7 @@ namespace GitHub.Runner.Listener.Configuration
 
             return true;
         }
+#pragma warning restore CA1416
+#endif
     }
 }

src/Runner.Listener/Configuration/WindowsServiceControlManager.cs

@@ -1,4 +1,5 @@
 #if OS_WINDOWS
+#pragma warning disable CA1416
 using System;
 using System.IO;
 using System.Linq;
@@ -169,4 +170,5 @@ namespace GitHub.Runner.Listener.Configuration
         }
     }
 }
+#pragma warning restore CA1416
 #endif

src/Runner.Listener/Runner.Listener.csproj

@@ -1,14 +1,14 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFramework>net6.0</TargetFramework>
     <OutputType>Exe</OutputType>
     <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64</RuntimeIdentifiers>
     <TargetLatestRuntimePatch>true</TargetLatestRuntimePatch>
     <NoWarn>NU1701;NU1603</NoWarn>
     <Version>$(Version)</Version>
-    <TieredCompilationQuickJit>true</TieredCompilationQuickJit>
-    <PublishReadyToRun>true</PublishReadyToRun>
+    <PredefinedCulturesOnly>false</PredefinedCulturesOnly>
+    <PublishReadyToRunComposite>true</PublishReadyToRunComposite>
   </PropertyGroup>
 
   <ItemGroup>
@@ -25,6 +25,12 @@
     <PackageReference Include="System.ServiceProcess.ServiceController" Version="4.4.0" />
   </ItemGroup>
 
+  <ItemGroup>
+    <EmbeddedResource Include="..\Misc\runnercoreassets">
+      <LogicalName>GitHub.Runner.Listener.runnercoreassets</LogicalName>
+    </EmbeddedResource>
+  </ItemGroup>
+
   <PropertyGroup Condition=" '$(Configuration)' == 'Debug' ">
     <DebugType>portable</DebugType>
   </PropertyGroup>

src/Runner.Listener/SelfUpdater.cs

@@ -14,6 +14,8 @@ using GitHub.Services.Common;
 using GitHub.Runner.Common;
 using GitHub.Runner.Sdk;
 using System.Text;
+using System.Collections.Generic;
+using System.Reflection;
 
 namespace GitHub.Runner.Listener
 {
@@ -34,6 +36,7 @@ namespace GitHub.Runner.Listener
         private IRunnerServer _runnerServer;
         private int _poolId;
         private int _agentId;
+        private readonly List<string> _updateTrace = new List<string>();
 
         public bool Busy { get; private set; }
 
@@ -54,6 +57,8 @@ namespace GitHub.Runner.Listener
             Busy = true;
             try
             {
+                var totalUpdateTime = Stopwatch.StartNew();
+
                 if (!await UpdateNeeded(updateMessage.TargetVersion, token))
                 {
                     Trace.Info($"Can't find available update package.");
@@ -61,16 +66,17 @@ namespace GitHub.Runner.Listener
                 }
 
                 Trace.Info($"An update is available.");
+                _updateTrace.Add($"RunnerPlatform: {_targetPackage.Platform}");
 
                 // Print console line that warn user not shutdown runner.
                 await UpdateRunnerUpdateStateAsync("Runner update in progress, do not shutdown runner.");
-                await UpdateRunnerUpdateStateAsync($"Downloading {_targetPackage.Version} runner", $"RunnerPlatform: {_targetPackage.Platform}");
+                await UpdateRunnerUpdateStateAsync($"Downloading {_targetPackage.Version} runner");
 
-                var downloadTrace = await DownloadLatestRunner(token);
+                await DownloadLatestRunner(token);
                 Trace.Info($"Download latest runner and unzip into runner root.");
 
                 // wait till all running job finish
-                await UpdateRunnerUpdateStateAsync("Waiting for current job finish running.", downloadTrace);
+                await UpdateRunnerUpdateStateAsync("Waiting for current job finish running.");
 
                 await jobDispatcher.WaitAsync(token);
                 Trace.Info($"All running job has exited.");
@@ -82,7 +88,8 @@ namespace GitHub.Runner.Listener
                 Trace.Info($"Delete old version runner backup.");
                 stopWatch.Stop();
                 // generate update script from template
-                await UpdateRunnerUpdateStateAsync("Generate and execute update script.", $"DeleteRunnerBackupTime: {stopWatch.ElapsedMilliseconds}ms");
+                _updateTrace.Add($"DeleteRunnerBackupTime: {stopWatch.ElapsedMilliseconds}ms");
+                await UpdateRunnerUpdateStateAsync("Generate and execute update script.");
 
                 string updateScript = GenerateUpdateScript(restartInteractiveRunner);
                 Trace.Info($"Generate update script into: {updateScript}");
@@ -99,12 +106,21 @@ namespace GitHub.Runner.Listener
                 invokeScript.Start();
                 Trace.Info($"Update script start running");
 
-                await UpdateRunnerUpdateStateAsync("Runner will exit shortly for update, should be back online within 10 seconds.", $"RestartInteractiveRunner: {restartInteractiveRunner}");
+                totalUpdateTime.Stop();
+
+                _updateTrace.Add($"TotalUpdateTime: {totalUpdateTime.ElapsedMilliseconds}ms");
+                await UpdateRunnerUpdateStateAsync("Runner will exit shortly for update, should be back online within 10 seconds.");
 
                 return true;
             }
+            catch (Exception ex)
+            {
+                _updateTrace.Add(ex.ToString());
+                throw;
+            }
             finally
             {
+                await UpdateRunnerUpdateStateAsync("Runner update process finished.");
                 Busy = false;
             }
         }
@@ -153,189 +169,29 @@ namespace GitHub.Runner.Listener
         /// </summary>
         /// <param name="token"></param>
         /// <returns></returns>
-        private async Task<string> DownloadLatestRunner(CancellationToken token)
+        private async Task DownloadLatestRunner(CancellationToken token)
         {
-            var traceStringBuilder = new StringBuilder();
-            traceStringBuilder.AppendLine($"DownloadUrl: {_targetPackage.DownloadUrl}");
             string latestRunnerDirectory = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), Constants.Path.UpdateDirectory);
             IOUtil.DeleteDirectory(latestRunnerDirectory, token);
             Directory.CreateDirectory(latestRunnerDirectory);
 
-            int runnerSuffix = 1;
             string archiveFile = null;
-            bool downloadSucceeded = false;
+            var packageDownloadUrl = _targetPackage.DownloadUrl;
+            var packageHashValue = _targetPackage.HashValue;
+            _updateTrace.Add($"DownloadUrl: {packageDownloadUrl}");
 
-            var stopWatch = Stopwatch.StartNew();
             try
             {
-                // Download the runner, using multiple attempts in order to be resilient against any networking/CDN issues
-                for (int attempt = 1; attempt <= Constants.RunnerDownloadRetryMaxAttempts; attempt++)
+                archiveFile = await DownLoadRunner(latestRunnerDirectory, packageDownloadUrl, packageHashValue, token);
+
+                if (string.IsNullOrEmpty(archiveFile))
                 {
-                    // Generate an available package name, and do our best effort to clean up stale local zip files
-                    while (true)
-                    {
-                        if (_targetPackage.Platform.StartsWith("win"))
-                        {
-                            archiveFile = Path.Combine(latestRunnerDirectory, $"runner{runnerSuffix}.zip");
-                        }
-                        else
-                        {
-                            archiveFile = Path.Combine(latestRunnerDirectory, $"runner{runnerSuffix}.tar.gz");
-                        }
-
-                        try
-                        {
-                            // delete .zip file
-                            if (!string.IsNullOrEmpty(archiveFile) && File.Exists(archiveFile))
-                            {
-                                Trace.Verbose("Deleting latest runner package zip '{0}'", archiveFile);
-                                IOUtil.DeleteFile(archiveFile);
-                            }
-
-                            break;
-                        }
-                        catch (Exception ex)
-                        {
-                            // couldn't delete the file for whatever reason, so generate another name
-                            Trace.Warning("Failed to delete runner package zip '{0}'. Exception: {1}", archiveFile, ex);
-                            runnerSuffix++;
-                        }
-                    }
-
-                    // Allow a 15-minute package download timeout, which is good enough to update the runner from a 1 Mbit/s ADSL connection.
-                    if (!int.TryParse(Environment.GetEnvironmentVariable("GITHUB_ACTIONS_RUNNER_DOWNLOAD_TIMEOUT") ?? string.Empty, out int timeoutSeconds))
-                    {
-                        timeoutSeconds = 15 * 60;
-                    }
-
-                    Trace.Info($"Attempt {attempt}: save latest runner into {archiveFile}.");
-
-                    using (var downloadTimeout = new CancellationTokenSource(TimeSpan.FromSeconds(timeoutSeconds)))
-                    using (var downloadCts = CancellationTokenSource.CreateLinkedTokenSource(downloadTimeout.Token, token))
-                    {
-                        try
-                        {
-                            Trace.Info($"Download runner: begin download");
-                            long downloadSize = 0;
-
-                            //open zip stream in async mode
-                            using (HttpClient httpClient = new HttpClient(HostContext.CreateHttpClientHandler()))
-                            {
-                                if (!string.IsNullOrEmpty(_targetPackage.Token))
-                                {
-                                    Trace.Info($"Adding authorization token ({_targetPackage.Token.Length} chars)");
-                                    httpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", _targetPackage.Token);
-                                }
-
-                                Trace.Info($"Downloading {_targetPackage.DownloadUrl}");
-
-                                using (FileStream fs = new FileStream(archiveFile, FileMode.Create, FileAccess.Write, FileShare.None, bufferSize: 4096, useAsync: true))
-                                using (Stream result = await httpClient.GetStreamAsync(_targetPackage.DownloadUrl))
-                                {
-                                    //81920 is the default used by System.IO.Stream.CopyTo and is under the large object heap threshold (85k).
-                                    await result.CopyToAsync(fs, 81920, downloadCts.Token);
-                                    await fs.FlushAsync(downloadCts.Token);
-                                    downloadSize = fs.Length;
-                                }
-                            }
-
-                            Trace.Info($"Download runner: finished download");
-                            downloadSucceeded = true;
-                            stopWatch.Stop();
-                            traceStringBuilder.AppendLine($"PackageDownloadTime: {stopWatch.ElapsedMilliseconds}ms");
-                            traceStringBuilder.AppendLine($"Attempts: {attempt}");
-                            traceStringBuilder.AppendLine($"PackageSize: {downloadSize / 1024 / 1024}MB");
-                            break;
-                        }
-                        catch (OperationCanceledException) when (token.IsCancellationRequested)
-                        {
-                            Trace.Info($"Runner download has been canceled.");
-                            throw;
-                        }
-                        catch (Exception ex)
-                        {
-                            if (downloadCts.Token.IsCancellationRequested)
-                            {
-                                Trace.Warning($"Runner download has timed out after {timeoutSeconds} seconds");
-                            }
-
-                            Trace.Warning($"Failed to get package '{archiveFile}' from '{_targetPackage.DownloadUrl}'. Exception {ex}");
-                        }
-                    }
+                    throw new TaskCanceledException($"Runner package '{packageDownloadUrl}' failed after {Constants.RunnerDownloadRetryMaxAttempts} download attempts");
                 }
 
-                if (!downloadSucceeded)
-                {
-                    throw new TaskCanceledException($"Runner package '{archiveFile}' failed after {Constants.RunnerDownloadRetryMaxAttempts} download attempts");
-                }
+                await ValidateRunnerHash(archiveFile, packageHashValue);
 
-                stopWatch.Restart();
-                // If we got this far, we know that we've successfully downloaded the runner package
-                // Validate Hash Matches if it is provided
-                using (FileStream stream = File.OpenRead(archiveFile))
-                {
-                    if (!String.IsNullOrEmpty(_targetPackage.HashValue))
-                    {
-                        using (SHA256 sha256 = SHA256.Create())
-                        {
-                            byte[] srcHashBytes = await sha256.ComputeHashAsync(stream);
-                            var hash = PrimitiveExtensions.ConvertToHexString(srcHashBytes);
-                            if (hash != _targetPackage.HashValue)
-                            {
-                                // Hash did not match, we can't recover from this, just throw
-                                throw new Exception($"Computed runner hash {hash} did not match expected Runner Hash {_targetPackage.HashValue} for {_targetPackage.Filename}");
-                            }
-                            Trace.Info($"Validated Runner Hash matches {_targetPackage.Filename} : {_targetPackage.HashValue}");
-                        }
-                    }
-                }
-                if (archiveFile.EndsWith(".zip", StringComparison.OrdinalIgnoreCase))
-                {
-                    ZipFile.ExtractToDirectory(archiveFile, latestRunnerDirectory);
-                }
-                else if (archiveFile.EndsWith(".tar.gz", StringComparison.OrdinalIgnoreCase))
-                {
-                    string tar = WhichUtil.Which("tar", trace: Trace);
-
-                    if (string.IsNullOrEmpty(tar))
-                    {
-                        throw new NotSupportedException($"tar -xzf");
-                    }
-
-                    // tar -xzf
-                    using (var processInvoker = HostContext.CreateService<IProcessInvoker>())
-                    {
-                        processInvoker.OutputDataReceived += new EventHandler<ProcessDataReceivedEventArgs>((sender, args) =>
-                        {
-                            if (!string.IsNullOrEmpty(args.Data))
-                            {
-                                Trace.Info(args.Data);
-                            }
-                        });
-
-                        processInvoker.ErrorDataReceived += new EventHandler<ProcessDataReceivedEventArgs>((sender, args) =>
-                        {
-                            if (!string.IsNullOrEmpty(args.Data))
-                            {
-                                Trace.Error(args.Data);
-                            }
-                        });
-
-                        int exitCode = await processInvoker.ExecuteAsync(latestRunnerDirectory, tar, $"-xzf \"{archiveFile}\"", null, token);
-                        if (exitCode != 0)
-                        {
-                            throw new NotSupportedException($"Can't use 'tar -xzf' extract archive file: {archiveFile}. return code: {exitCode}.");
-                        }
-                    }
-                }
-                else
-                {
-                    throw new NotSupportedException($"{archiveFile}");
-                }
-
-                stopWatch.Stop();
-                Trace.Info($"Finished getting latest runner package at: {latestRunnerDirectory}.");
-                traceStringBuilder.AppendLine($"PackageExtractTime: {stopWatch.ElapsedMilliseconds}ms");
+                await ExtractRunnerPackage(archiveFile, latestRunnerDirectory, token);
             }
             finally
             {
@@ -355,7 +211,204 @@ namespace GitHub.Runner.Listener
                 }
             }
 
-            stopWatch.Restart();
+            await CopyLatestRunnerToRoot(latestRunnerDirectory, token);
+        }
+
+        private async Task<string> DownLoadRunner(string downloadDirectory, string packageDownloadUrl, string packageHashValue, CancellationToken token)
+        {
+            var stopWatch = Stopwatch.StartNew();
+            int runnerSuffix = 1;
+            string archiveFile = null;
+            bool downloadSucceeded = false;
+
+            // Download the runner, using multiple attempts in order to be resilient against any networking/CDN issues
+            for (int attempt = 1; attempt <= Constants.RunnerDownloadRetryMaxAttempts; attempt++)
+            {
+                // Generate an available package name, and do our best effort to clean up stale local zip files
+                while (true)
+                {
+                    if (_targetPackage.Platform.StartsWith("win"))
+                    {
+                        archiveFile = Path.Combine(downloadDirectory, $"runner{runnerSuffix}.zip");
+                    }
+                    else
+                    {
+                        archiveFile = Path.Combine(downloadDirectory, $"runner{runnerSuffix}.tar.gz");
+                    }
+
+                    try
+                    {
+                        // delete .zip file
+                        if (!string.IsNullOrEmpty(archiveFile) && File.Exists(archiveFile))
+                        {
+                            Trace.Verbose("Deleting latest runner package zip '{0}'", archiveFile);
+                            IOUtil.DeleteFile(archiveFile);
+                        }
+
+                        break;
+                    }
+                    catch (Exception ex)
+                    {
+                        // couldn't delete the file for whatever reason, so generate another name
+                        Trace.Warning("Failed to delete runner package zip '{0}'. Exception: {1}", archiveFile, ex);
+                        runnerSuffix++;
+                    }
+                }
+
+                // Allow a 15-minute package download timeout, which is good enough to update the runner from a 1 Mbit/s ADSL connection.
+                if (!int.TryParse(Environment.GetEnvironmentVariable("GITHUB_ACTIONS_RUNNER_DOWNLOAD_TIMEOUT") ?? string.Empty, out int timeoutSeconds))
+                {
+                    timeoutSeconds = 15 * 60;
+                }
+
+                Trace.Info($"Attempt {attempt}: save latest runner into {archiveFile}.");
+
+                using (var downloadTimeout = new CancellationTokenSource(TimeSpan.FromSeconds(timeoutSeconds)))
+                using (var downloadCts = CancellationTokenSource.CreateLinkedTokenSource(downloadTimeout.Token, token))
+                {
+                    try
+                    {
+                        Trace.Info($"Download runner: begin download");
+                        long downloadSize = 0;
+
+                        //open zip stream in async mode
+                        using (HttpClient httpClient = new HttpClient(HostContext.CreateHttpClientHandler()))
+                        {
+                            if (!string.IsNullOrEmpty(_targetPackage.Token))
+                            {
+                                Trace.Info($"Adding authorization token ({_targetPackage.Token.Length} chars)");
+                                httpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", _targetPackage.Token);
+                            }
+
+                            Trace.Info($"Downloading {packageDownloadUrl}");
+
+                            using (FileStream fs = new FileStream(archiveFile, FileMode.Create, FileAccess.Write, FileShare.None, bufferSize: 4096, useAsync: true))
+                            using (Stream result = await httpClient.GetStreamAsync(packageDownloadUrl))
+                            {
+                                //81920 is the default used by System.IO.Stream.CopyTo and is under the large object heap threshold (85k).
+                                await result.CopyToAsync(fs, 81920, downloadCts.Token);
+                                await fs.FlushAsync(downloadCts.Token);
+                                downloadSize = fs.Length;
+                            }
+                        }
+
+                        Trace.Info($"Download runner: finished download");
+                        downloadSucceeded = true;
+                        stopWatch.Stop();
+                        _updateTrace.Add($"PackageDownloadTime: {stopWatch.ElapsedMilliseconds}ms");
+                        _updateTrace.Add($"Attempts: {attempt}");
+                        _updateTrace.Add($"PackageSize: {downloadSize / 1024 / 1024}MB");
+                        break;
+                    }
+                    catch (OperationCanceledException) when (token.IsCancellationRequested)
+                    {
+                        Trace.Info($"Runner download has been canceled.");
+                        throw;
+                    }
+                    catch (Exception ex)
+                    {
+                        if (downloadCts.Token.IsCancellationRequested)
+                        {
+                            Trace.Warning($"Runner download has timed out after {timeoutSeconds} seconds");
+                        }
+
+                        Trace.Warning($"Failed to get package '{archiveFile}' from '{packageDownloadUrl}'. Exception {ex}");
+                    }
+                }
+            }
+
+            if (downloadSucceeded)
+            {
+                return archiveFile;
+            }
+            else
+            {
+                return null;
+            }
+        }
+
+        private async Task ValidateRunnerHash(string archiveFile, string packageHashValue)
+        {
+            var stopWatch = Stopwatch.StartNew();
+            // Validate Hash Matches if it is provided
+            using (FileStream stream = File.OpenRead(archiveFile))
+            {
+                if (!string.IsNullOrEmpty(packageHashValue))
+                {
+                    using (SHA256 sha256 = SHA256.Create())
+                    {
+                        byte[] srcHashBytes = await sha256.ComputeHashAsync(stream);
+                        var hash = PrimitiveExtensions.ConvertToHexString(srcHashBytes);
+                        if (hash != packageHashValue)
+                        {
+                            // Hash did not match, we can't recover from this, just throw
+                            throw new Exception($"Computed runner hash {hash} did not match expected Runner Hash {packageHashValue} for {_targetPackage.Filename}");
+                        }
+
+                        stopWatch.Stop();
+                        Trace.Info($"Validated Runner Hash matches {_targetPackage.Filename} : {packageHashValue}");
+                        _updateTrace.Add($"ValidateHashTime: {stopWatch.ElapsedMilliseconds}ms");
+                    }
+                }
+            }
+        }
+
+        private async Task ExtractRunnerPackage(string archiveFile, string extractDirectory, CancellationToken token)
+        {
+            var stopWatch = Stopwatch.StartNew();
+
+            if (archiveFile.EndsWith(".zip", StringComparison.OrdinalIgnoreCase))
+            {
+                ZipFile.ExtractToDirectory(archiveFile, extractDirectory);
+            }
+            else if (archiveFile.EndsWith(".tar.gz", StringComparison.OrdinalIgnoreCase))
+            {
+                string tar = WhichUtil.Which("tar", trace: Trace);
+
+                if (string.IsNullOrEmpty(tar))
+                {
+                    throw new NotSupportedException($"tar -xzf");
+                }
+
+                // tar -xzf
+                using (var processInvoker = HostContext.CreateService<IProcessInvoker>())
+                {
+                    processInvoker.OutputDataReceived += new EventHandler<ProcessDataReceivedEventArgs>((sender, args) =>
+                    {
+                        if (!string.IsNullOrEmpty(args.Data))
+                        {
+                            Trace.Info(args.Data);
+                        }
+                    });
+
+                    processInvoker.ErrorDataReceived += new EventHandler<ProcessDataReceivedEventArgs>((sender, args) =>
+                    {
+                        if (!string.IsNullOrEmpty(args.Data))
+                        {
+                            Trace.Error(args.Data);
+                        }
+                    });
+
+                    int exitCode = await processInvoker.ExecuteAsync(extractDirectory, tar, $"-xzf \"{archiveFile}\"", null, token);
+                    if (exitCode != 0)
+                    {
+                        throw new NotSupportedException($"Can't use 'tar -xzf' extract archive file: {archiveFile}. return code: {exitCode}.");
+                    }
+                }
+            }
+            else
+            {
+                throw new NotSupportedException($"{archiveFile}");
+            }
+
+            stopWatch.Stop();
+            Trace.Info($"Finished getting latest runner package at: {extractDirectory}.");
+            _updateTrace.Add($"PackageExtractTime: {stopWatch.ElapsedMilliseconds}ms");
+        }
+
+        private Task CopyLatestRunnerToRoot(string latestRunnerDirectory, CancellationToken token)
+        {
+            var stopWatch = Stopwatch.StartNew();
             // copy latest runner into runner root folder
             // copy bin from _work/_update -> bin.version under root
             string binVersionDir = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), $"{Constants.Path.BinDirectory}.{_targetPackage.Version}");
@@ -383,9 +436,8 @@ namespace GitHub.Runner.Listener
             }
 
             stopWatch.Stop();
-            traceStringBuilder.AppendLine($"CopyRunnerToRootTime: {stopWatch.ElapsedMilliseconds}ms");
-
-            return traceStringBuilder.ToString();
+            _updateTrace.Add($"CopyRunnerToRootTime: {stopWatch.ElapsedMilliseconds}ms");
+            return Task.CompletedTask;
         }
 
         private void DeletePreviousVersionRunnerBackup(CancellationToken token)
@@ -505,18 +557,22 @@ namespace GitHub.Runner.Listener
             return updateScript;
         }
 
-        private async Task UpdateRunnerUpdateStateAsync(string currentState, string trace = "")
+        private async Task UpdateRunnerUpdateStateAsync(string currentState)
         {
             _terminal.WriteLine(currentState);
 
-            if (!string.IsNullOrEmpty(trace))
+            if (_updateTrace.Count > 0)
             {
-                Trace.Info(trace);
+                foreach (var trace in _updateTrace)
+                {
+                    Trace.Info(trace);
+                }
             }
 
             try
             {
-                await _runnerServer.UpdateAgentUpdateStateAsync(_poolId, _agentId, currentState, trace);
+                await _runnerServer.UpdateAgentUpdateStateAsync(_poolId, _agentId, currentState, string.Join(Environment.NewLine, _updateTrace));
+                _updateTrace.Clear();
             }
             catch (VssResourceNotFoundException)
             {

src/Runner.PluginHost/Runner.PluginHost.csproj

@@ -1,14 +1,14 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFramework>net6.0</TargetFramework>
     <OutputType>Exe</OutputType>
     <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64</RuntimeIdentifiers>
     <TargetLatestRuntimePatch>true</TargetLatestRuntimePatch>
     <NoWarn>NU1701;NU1603</NoWarn>
     <Version>$(Version)</Version>
-    <TieredCompilationQuickJit>true</TieredCompilationQuickJit>
-    <PublishReadyToRun>true</PublishReadyToRun>
+    <PredefinedCulturesOnly>false</PredefinedCulturesOnly>
+    <PublishReadyToRunComposite>true</PublishReadyToRunComposite>
   </PropertyGroup>
 
   <ItemGroup>

src/Runner.Plugins/Artifact/FileContainerServer.cs

@@ -444,7 +444,7 @@ namespace GitHub.Runner.Plugins.Artifact
                 {
                     // We should never
                     context.Error($"Error '{ex.Message}' when downloading file '{fileToDownload}'. (Downloader {downloaderId})");
-                    throw ex;
+                    throw;
                 }
             }
 
@@ -528,7 +528,7 @@ namespace GitHub.Runner.Plugins.Artifact
                 catch (Exception ex)
                 {
                     context.Output($"File error '{ex.Message}' when uploading file '{fileToUpload}'.");
-                    throw ex;
+                    throw;
                 }
             }
 

src/Runner.Plugins/Runner.Plugins.csproj

@@ -1,13 +1,12 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFramework>net6.0</TargetFramework>
     <OutputType>Library</OutputType>
     <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64</RuntimeIdentifiers>
     <TargetLatestRuntimePatch>true</TargetLatestRuntimePatch>
     <NoWarn>NU1701;NU1603</NoWarn>
     <Version>$(Version)</Version>
-    <TieredCompilationQuickJit>true</TieredCompilationQuickJit>
   </PropertyGroup>
 
   <ItemGroup>

src/Runner.Sdk/Runner.Sdk.csproj

@@ -1,13 +1,12 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFramework>net6.0</TargetFramework>
     <OutputType>Library</OutputType>
     <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64</RuntimeIdentifiers>
     <TargetLatestRuntimePatch>true</TargetLatestRuntimePatch>
     <NoWarn>NU1701;NU1603</NoWarn>
     <Version>$(Version)</Version>
-    <TieredCompilationQuickJit>true</TieredCompilationQuickJit>
   </PropertyGroup>
   
   <ItemGroup>

src/Runner.Worker/ActionCommandManager.cs

@@ -381,6 +381,13 @@ namespace GitHub.Runner.Worker
 
                 HostContext.SecretMasker.AddValue(command.Data);
                 Trace.Info($"Add new secret mask with length of {command.Data.Length}");
+
+                // Also add each individual line. Typically individual lines are processed from STDOUT of child processes.
+                var split = command.Data.Split(new[] { '\r', '\n' }, StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
+                foreach (var item in split)
+                {
+                    HostContext.SecretMasker.AddValue(item);
+                }
             }
         }
     }

src/Runner.Worker/Container/DockerCommandManager.cs

@@ -131,11 +131,11 @@ namespace GitHub.Runner.Worker.Container
             {
                 if (String.IsNullOrEmpty(env.Value))
                 {
-                    dockerOptions.Add(DockerUtil.CreateEscapedOption("-e", env.Key));
+                    dockerOptions.Add($"-e \"{env.Key}\"");
                 }
                 else
                 {
-                    dockerOptions.Add(DockerUtil.CreateEscapedOption("-e", env.Key, env.Value));
+                    dockerOptions.Add($"-e \"{env.Key}={env.Value.Replace("\"", "\\\"")}\"");
                 }
             }
 
@@ -202,7 +202,7 @@ namespace GitHub.Runner.Worker.Container
             {
                 // e.g. -e MY_SECRET maps the value into the exec'ed process without exposing
                 // the value directly in the command
-                dockerOptions.Add(DockerUtil.CreateEscapedOption("-e", env.Key));
+                dockerOptions.Add($"-e {env.Key}");
             }
 
             // Watermark for GitHub Action environment

src/Runner.Worker/Container/DockerUtil.cs

@@ -6,9 +6,6 @@ namespace GitHub.Runner.Worker.Container
 {
     public class DockerUtil
     {
-        private static readonly Regex QuoteEscape = new Regex(@"(\\*)" + "\"", RegexOptions.Compiled);
-        private static readonly Regex EndOfStringEscape = new Regex(@"(\\+)$", RegexOptions.Compiled);
-
         public static List<PortMapping> ParseDockerPort(IList<string> portMappingLines)
         {
             const string targetPort = "targetPort";
@@ -20,7 +17,7 @@ namespace GitHub.Runner.Worker.Container
             string pattern = $"^(?<{targetPort}>\\d+)/(?<{proto}>\\w+) -> (?<{host}>.+):(?<{hostPort}>\\d+)$";
 
             List<PortMapping> portMappings = new List<PortMapping>();
-            foreach (var line in portMappingLines)
+            foreach(var line in portMappingLines)
             {
                 Match m = Regex.Match(line, pattern, RegexOptions.None, TimeSpan.FromSeconds(1));
                 if (m.Success)
@@ -64,44 +61,5 @@ namespace GitHub.Runner.Worker.Container
             }
             return "";
         }
-
-        public static string CreateEscapedOption(string flag, string key)
-        {
-            if (String.IsNullOrEmpty(key))
-            {
-                return "";
-            }
-            return $"{flag} {EscapeString(key)}";
-        }
-
-        public static string CreateEscapedOption(string flag, string key, string value)
-        {
-            if (String.IsNullOrEmpty(key))
-            {
-                return "";
-            }
-            var escapedString = EscapeString($"{key}={value}");
-            return $"{flag} {escapedString}";
-        }
-
-        private static string EscapeString(string value)
-        {
-            if (String.IsNullOrEmpty(value))
-            {
-                return "";
-            }
-            // Dotnet escaping rules are weird here, we can only escape \ if it precedes a "
-            // If a double quotation mark follows two or an even number of backslashes, each proceeding backslash pair is replaced with one backslash and the double quotation mark is removed.
-            // If a double quotation mark follows an odd number of backslashes, including just one, each preceding pair is replaced with one backslash and the remaining backslash is removed; however, in this case the double quotation mark is not removed.
-            // https://docs.microsoft.com/en-us/dotnet/api/system.environment.getcommandlineargs?redirectedfrom=MSDN&view=net-6.0#remarks
-
-            // First, find any \ followed by a " and double the number of \ + 1.
-             value = QuoteEscape.Replace(value, @"$1$1\" + "\"");
-            // Next, what if it ends in `\`, it would escape the end quote. So, we need to detect that at the end of the string and perform the same escape
-            // Luckily, we can just use the $ character with detects the end of string in regex
-            value = EndOfStringEscape.Replace(value, @"$1$1");
-            // Finally, wrap it in quotes
-            return $"\"{value}\"";
-        }
     }
 }

src/Runner.Worker/ContainerOperationProvider.cs

@@ -55,12 +55,14 @@ namespace GitHub.Runner.Worker
             // Our container feature requires to map working directory from host to the container.
             // If we are already inside a container, we will not able to find out the real working direcotry path on the host.
 #if OS_WINDOWS
+#pragma warning disable CA1416
             // service CExecSvc is Container Execution Agent.
             ServiceController[] scServices = ServiceController.GetServices();
             if (scServices.Any(x => String.Equals(x.ServiceName, "cexecsvc", StringComparison.OrdinalIgnoreCase) && x.Status == ServiceControllerStatus.Running))
             {
                 throw new NotSupportedException("Container feature is not supported when runner is already running inside container.");
             }
+#pragma warning restore CA1416
 #else
             var initProcessCgroup = File.ReadLines("/proc/1/cgroup");
             if (initProcessCgroup.Any(x => x.IndexOf(":/docker/", StringComparison.OrdinalIgnoreCase) >= 0))
@@ -70,6 +72,7 @@ namespace GitHub.Runner.Worker
 #endif
 
 #if OS_WINDOWS
+#pragma warning disable CA1416
             // Check OS version (Windows server 1803 is required)
             object windowsInstallationType = Registry.GetValue(@"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "InstallationType", defaultValue: null);
             ArgUtil.NotNull(windowsInstallationType, nameof(windowsInstallationType));
@@ -88,6 +91,7 @@ namespace GitHub.Runner.Worker
             {
                 throw new ArgumentOutOfRangeException(@"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ReleaseId");
             }
+#pragma warning restore CA1416
 #endif
 
             // Check docker client/server version
@@ -334,6 +338,18 @@ namespace GitHub.Runner.Worker
 
             if (!string.IsNullOrEmpty(container.ContainerId))
             {
+                if(!container.IsJobContainer)
+                {
+                    // Print logs for service container jobs (not the "action" job itself b/c that's already logged).
+                    executionContext.Output($"Print service container logs: {container.ContainerDisplayName}");
+                    
+                    int logsExitCode = await _dockerManager.DockerLogs(executionContext, container.ContainerId);
+                    if (logsExitCode != 0)
+                    {
+                        executionContext.Warning($"Docker logs fail with exit code {logsExitCode}");
+                    }
+                }
+
                 executionContext.Output($"Stop and remove container: {container.ContainerDisplayName}");
 
                 int rmExitCode = await _dockerManager.DockerRemove(executionContext, container.ContainerId);

src/Runner.Worker/Handlers/StepHost.cs

@@ -188,7 +188,7 @@ namespace GitHub.Runner.Worker.Handlers
             {
                 // e.g. -e MY_SECRET maps the value into the exec'ed process without exposing
                 // the value directly in the command
-                dockerCommandArgs.Add(DockerUtil.CreateEscapedOption("-e", env.Key));
+                dockerCommandArgs.Add($"-e {env.Key}");
             }
             if (!string.IsNullOrEmpty(PrependPath))
             {

src/Runner.Worker/Runner.Worker.csproj

@@ -1,14 +1,14 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFramework>net6.0</TargetFramework>
     <OutputType>Exe</OutputType>
     <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64</RuntimeIdentifiers>
     <TargetLatestRuntimePatch>true</TargetLatestRuntimePatch>
     <NoWarn>NU1701;NU1603</NoWarn>
     <Version>$(Version)</Version>
-    <TieredCompilationQuickJit>true</TieredCompilationQuickJit>
-    <PublishReadyToRun>true</PublishReadyToRun>
+    <PredefinedCulturesOnly>false</PredefinedCulturesOnly>
+    <PublishReadyToRunComposite>true</PublishReadyToRunComposite>
   </PropertyGroup>
 
   <ItemGroup>

src/Runner.Worker/Worker.cs

@@ -22,12 +22,13 @@ namespace GitHub.Runner.Worker
     {
         private readonly TimeSpan _workerStartTimeout = TimeSpan.FromSeconds(30);
         private ManualResetEvent _completedCommand = new ManualResetEvent(false);
-        
+
         // Do not mask the values of these secrets
-        private static HashSet<String> SecretVariableMaskWhitelist = new HashSet<String>(StringComparer.OrdinalIgnoreCase){ 
+        private static HashSet<String> SecretVariableMaskWhitelist = new HashSet<String>(StringComparer.OrdinalIgnoreCase)
+        {
             Constants.Variables.Actions.StepDebug,
             Constants.Variables.Actions.RunnerDebug
-            };
+        };
 
         public async Task<int> RunAsync(string pipeIn, string pipeOut)
         {
@@ -138,10 +139,10 @@ namespace GitHub.Runner.Worker
                     HostContext.SecretMasker.AddValue(value);
 
                     // Also add each individual line. Typically individual lines are processed from STDOUT of child processes.
-                    var split = value.Split(new[] { '\r', '\n' }, StringSplitOptions.RemoveEmptyEntries);
+                    var split = value.Split(new[] { '\r', '\n' }, StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
                     foreach (var item in split)
                     {
-                        HostContext.SecretMasker.AddValue(item.Trim());
+                        HostContext.SecretMasker.AddValue(item);
                     }
                 }
             }

src/Sdk/Common/Common/Authentication/HttpRequestMessageWrapper.cs

@@ -28,14 +28,6 @@ namespace GitHub.Services.Common
             }
         }
 
-        public IDictionary<string, object> Properties
-        {
-            get
-            {
-                return m_request.Properties;
-            }
-        }
-
         IEnumerable<String> IHttpHeaders.GetValues(String name)
         {
             IEnumerable<String> values;

src/Sdk/Common/Common/Authentication/IHttpRequest.cs

@@ -14,10 +14,5 @@ namespace GitHub.Services.Common
         {
             get;
         }
-
-        IDictionary<string, object> Properties
-        {
-            get;
-        }
     }
 }

src/Sdk/Common/Common/Diagnostics/HttpRequestMessageExtensions.cs

@@ -21,7 +21,7 @@ namespace GitHub.Services.Common.Diagnostics
         public static VssTraceActivity GetActivity(this HttpRequestMessage message)
         {
             Object traceActivity;
-            if (!message.Properties.TryGetValue(VssTraceActivity.PropertyName, out traceActivity))
+            if (!message.Options.TryGetValue(VssTraceActivity.PropertyName, out traceActivity))
             {
                 return VssTraceActivity.Empty;
             }

src/Sdk/Common/Common/VssHttpMessageHandler.cs

@@ -169,7 +169,7 @@ namespace GitHub.Services.Common
             }
 
             // Add ourselves to the message so the underlying token issuers may use it if necessary
-            request.Properties[VssHttpMessageHandler.PropertyName] = this;
+            request.Options.Set(new HttpRequestOptionsKey<VssHttpMessageHandler>(VssHttpMessageHandler.PropertyName), this);
 
             Boolean succeeded = false;
             Boolean lastResponseDemandedProxyAuth = false;
@@ -409,7 +409,7 @@ namespace GitHub.Services.Common
             // Read the completion option provided by the caller. If we don't find the property then we
             // assume it is OK to buffer by default.
             HttpCompletionOption completionOption;
-            if (!request.Properties.TryGetValue(VssHttpRequestSettings.HttpCompletionOptionPropertyName, out completionOption))
+            if (!request.Options.TryGetValue(VssHttpRequestSettings.HttpCompletionOptionPropertyName, out completionOption))
             {
                 completionOption = HttpCompletionOption.ResponseContentRead;
             }

src/Sdk/Common/Common/VssHttpMessageHandlerTraceInfo.cs

@@ -77,9 +77,9 @@ namespace GitHub.Services.Common
         public static void SetTraceInfo(HttpRequestMessage message, VssHttpMessageHandlerTraceInfo traceInfo)
         {
             object existingTraceInfo;
-            if (!message.Properties.TryGetValue(TfsTraceInfoKey, out existingTraceInfo))
+            if (!message.Options.TryGetValue(TfsTraceInfoKey, out existingTraceInfo))
             {
-                message.Properties.Add(TfsTraceInfoKey, traceInfo);
+                message.Options.Set(new HttpRequestOptionsKey<VssHttpMessageHandlerTraceInfo>(TfsTraceInfoKey), traceInfo);
             }
         }
 
@@ -92,7 +92,7 @@ namespace GitHub.Services.Common
         {
             VssHttpMessageHandlerTraceInfo traceInfo = null;
 
-            if (message.Properties.TryGetValue(TfsTraceInfoKey, out object traceInfoObject))
+            if (message.Options.TryGetValue(TfsTraceInfoKey, out object traceInfoObject))
             {
                 traceInfo = traceInfoObject as VssHttpMessageHandlerTraceInfo;
             }

src/Sdk/Common/Common/VssHttpRequestSettings.cs

@@ -9,6 +9,7 @@ using System.Text;
 using System.Threading;
 using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
+using GitHub.Services.Common;
 
 namespace GitHub.Services.Common
 {
@@ -291,12 +292,12 @@ namespace GitHub.Services.Common
         protected internal virtual Boolean ApplyTo(HttpRequestMessage request)
         {
             // Make sure we only apply the settings to the request once
-            if (request.Properties.ContainsKey(PropertyName))
+            if (request.Options.TryGetValue<object>(PropertyName, out _))
             {
                 return false;
             }
 
-            request.Properties.Add(PropertyName, this);
+            request.Options.Set(new HttpRequestOptionsKey<VssHttpRequestSettings>(PropertyName), this);
 
             if (this.AcceptLanguages != null && this.AcceptLanguages.Count > 0)
             {

src/Sdk/Common/Common/VssHttpRetryMessageHandler.cs

@@ -36,7 +36,7 @@ namespace GitHub.Services.Common
         }
 
         public VssHttpRetryMessageHandler(
-            VssHttpRetryOptions options, 
+            VssHttpRetryOptions options,
             HttpMessageHandler innerHandler)
             : base(innerHandler)
         {
@@ -55,7 +55,7 @@ namespace GitHub.Services.Common
             // Allow overriding default retry options per request
             VssHttpRetryOptions retryOptions = m_retryOptions;
             object retryOptionsObject;
-            if (request.Properties.TryGetValue(HttpRetryOptionsKey, out retryOptionsObject)) // NETSTANDARD compliant, TryGetValue<T> is not
+            if (request.Options.TryGetValue(HttpRetryOptionsKey, out retryOptionsObject)) // NETSTANDARD compliant, TryGetValue<T> is not
             {
                 // Fallback to default options if object of unexpected type was passed
                 retryOptions = retryOptionsObject as VssHttpRetryOptions ?? m_retryOptions;
@@ -66,7 +66,7 @@ namespace GitHub.Services.Common
 
             IVssHttpRetryInfo retryInfo = null;
             object retryInfoObject;
-            if (request.Properties.TryGetValue(HttpRetryInfoKey, out retryInfoObject)) // NETSTANDARD compliant, TryGetValue<T> is not
+            if (request.Options.TryGetValue(HttpRetryInfoKey, out retryInfoObject)) // NETSTANDARD compliant, TryGetValue<T> is not
             {
                 retryInfo = retryInfoObject as IVssHttpRetryInfo;
             }
@@ -183,7 +183,7 @@ namespace GitHub.Services.Common
         {
             // implement in Server so retries are recorded in ProductTrace
         }
-        
+
         protected virtual void TraceHttpRequestFailed(VssTraceActivity activity, HttpRequestMessage request, HttpStatusCode statusCode, string afdRefInfo)
         {
             VssHttpEventSource.Log.HttpRequestFailed(activity, request, statusCode, afdRefInfo);
@@ -212,7 +212,7 @@ namespace GitHub.Services.Common
         private static bool IsLowPriority(HttpRequestMessage request)
         {
             bool isLowPriority = false;
-            
+
             IEnumerable<string> headers;
 
             if (request.Headers.TryGetValues(HttpHeaders.VssRequestPriority, out headers) && headers != null)

src/Sdk/DTWebApi/WebApi/PackageMetadata.cs

@@ -1,4 +1,5 @@
 using System;
+using System.ComponentModel;
 using System.Runtime.Serialization;
 
 namespace GitHub.DistributedTask.WebApi
@@ -59,10 +60,21 @@ namespace GitHub.DistributedTask.WebApi
             set;
         }
 
+        /// <summary>
+        /// File ID in file service
+        /// </summary>
+        [DataMember(EmitDefaultValue = false)]
+        [EditorBrowsable(EditorBrowsableState.Never)]
+        public Int32? FileId
+        {
+            get;
+            set;
+        }
+
         /// <summary>
         /// Auth token to download the package
         /// </summary>
-        [DataMember]
+        [DataMember(EmitDefaultValue = false)]
         public String Token
         {
             get;
@@ -70,7 +82,7 @@ namespace GitHub.DistributedTask.WebApi
         }
 
         /// <summary>
-        /// MD5 hash as a base64 string
+        /// SHA256 hash
         /// </summary>
         [DataMember(EmitDefaultValue = false)]
         public String HashValue
@@ -90,7 +102,7 @@ namespace GitHub.DistributedTask.WebApi
         }
 
         /// <summary>
-        /// The UI uses this to display instructions, i.e. "unzip MyAgent.zip"
+        /// The UI uses this to display instructions, e.g. "unzip MyAgent.zip"
         /// </summary>
         [DataMember]
         public String Filename

src/Sdk/Sdk.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFramework>netcoreapp3.1</TargetFramework>
+        <TargetFramework>net6.0</TargetFramework>
         <OutputType>Library</OutputType>
         <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64</RuntimeIdentifiers>
         <TargetLatestRuntimePatch>true</TargetLatestRuntimePatch>
@@ -10,7 +10,6 @@
         <DefineConstants>TRACE</DefineConstants>
         <LangVersion>7.3</LangVersion>
         <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
-        <TieredCompilationQuickJit>true</TieredCompilationQuickJit>
     </PropertyGroup>
 
     <ItemGroup>

src/Sdk/WebApi/WebApi/VssHttpClientBase.cs

@@ -833,20 +833,20 @@ namespace GitHub.Services.WebApi
             {
                 if (userState != null)
                 {
-                    message.Properties[UserStatePropertyName] = userState;
+                    message.Options.Set(new HttpRequestOptionsKey<object>(UserStatePropertyName), userState);
                 }
-                
+
                 if (!message.Headers.Contains(Common.Internal.HttpHeaders.VssE2EID))
                 {
                     message.Headers.Add(Common.Internal.HttpHeaders.VssE2EID, Guid.NewGuid().ToString("D"));
                 }
                 VssHttpEventSource.Log.HttpRequestStart(traceActivity, message);
                 message.Trace();
-                message.Properties[VssTraceActivity.PropertyName] = traceActivity;
+                message.Options.Set(new HttpRequestOptionsKey<VssTraceActivity>(VssTraceActivity.PropertyName), traceActivity);
 
                 // Send the completion option to the inner handler stack so we know when it's safe to buffer
                 // and when we should avoid buffering.
-                message.Properties[VssHttpRequestSettings.HttpCompletionOptionPropertyName] = completionOption;
+                message.Options.Set(new HttpRequestOptionsKey<HttpCompletionOption>(VssHttpRequestSettings.HttpCompletionOptionPropertyName), completionOption);
 
                 //ConfigureAwait(false) enables the continuation to be run outside
                 //any captured SyncronizationContext (such as ASP.NET's) which keeps things
@@ -872,7 +872,7 @@ namespace GitHub.Services.WebApi
         }
 
         protected virtual async Task HandleResponseAsync(
-            HttpResponseMessage response, 
+            HttpResponseMessage response,
             CancellationToken cancellationToken)
         {
             response.Trace();
@@ -1154,12 +1154,14 @@ namespace GitHub.Services.WebApi
         {
             if (BaseAddress != null)
             {
+#pragma warning disable SYSLIB0014
                 ServicePoint servicePoint = ServicePointManager.FindServicePoint(BaseAddress);
                 servicePoint.UseNagleAlgorithm = false;
                 servicePoint.SetTcpKeepAlive(
                     enabled: true,
                     keepAliveTime: c_keepAliveTime,
                     keepAliveInterval: c_keepAliveInterval);
+#pragma warning restore SYSLIB0014
             }
         }
 

src/Sdk/WebApi/WebApi/VssHttpUriUtility.cs

@@ -138,7 +138,7 @@ namespace GitHub.Services.WebApi
 
             if (routeReplacementOptions.HasFlag(RouteReplacementOptions.EscapeUri))
             {
-                sbResult = new StringBuilder(Uri.EscapeUriString(sbResult.ToString()));
+                sbResult = new StringBuilder(Uri.EscapeDataString(sbResult.ToString()));
             }
 
             if (routeReplacementOptions.HasFlag(RouteReplacementOptions.AppendUnusedAsQueryParams) && unusedValues.Count > 0)

src/Sdk/WebApi/WebApi/VssRequestTimerTrace.cs

@@ -16,9 +16,8 @@ namespace GitHub.Services.WebApi
 
         internal static void Trace(this HttpRequestMessage request)
         {
-            Object tracerObj = null;
-            VssRequestTimerTrace tracer = null;
-            if (request.Properties.TryGetValue(tracerKey, out tracerObj))
+            VssRequestTimerTrace tracer;
+            if (request.Options.TryGetValue(tracerKey, out object tracerObj))
             {
                 tracer = tracerObj as VssRequestTimerTrace;
                 Debug.Assert(tracer != null, "Tracer object is the wrong type!");
@@ -26,7 +25,7 @@ namespace GitHub.Services.WebApi
             else
             {
                 tracer = new VssRequestTimerTrace();
-                request.Properties[tracerKey] = tracer;
+                request.Options.Set(new HttpRequestOptionsKey<VssRequestTimerTrace>(tracerKey), tracer);
             }
 
             if (tracer != null)
@@ -37,9 +36,8 @@ namespace GitHub.Services.WebApi
 
         internal static void Trace(this HttpResponseMessage response)
         {
-            Object tracerObj = null;
             VssRequestTimerTrace tracer = null;
-            if (response.RequestMessage.Properties.TryGetValue(tracerKey, out tracerObj))
+            if (response.RequestMessage.Options.TryGetValue(tracerKey, out object tracerObj))
             {
                 tracer = tracerObj as VssRequestTimerTrace;
                 Debug.Assert(tracer != null, "Tracer object is the wrong type!");

src/Test/L0/Container/DockerUtilL0.cs

@@ -144,54 +144,5 @@ namespace GitHub.Runner.Common.Tests.Worker.Container
             var actual = DockerUtil.ParseRegistryHostnameFromImageName(input);
             Assert.Equal(expected, actual);
         }
-
-        [Theory]
-        [Trait("Level", "L0")]
-        [Trait("Category", "Worker")]
-        [InlineData("", "")]
-        [InlineData("foo", "foo")]
-        [InlineData("foo \\ bar", "foo \\ bar")]
-        [InlineData("foo \\", "foo \\\\")]
-        [InlineData("foo \\\\", "foo \\\\\\\\")]
-        [InlineData("foo \\\" bar", "foo \\\\\\\" bar")]
-        [InlineData("foo \\\\\" bar", "foo \\\\\\\\\\\" bar")]
-        public void CreateEscapedOption_keyOnly(string input, string escaped)
-        {
-            var flag = "--example";
-            var actual = DockerUtil.CreateEscapedOption(flag, input);
-            string expected;
-            if (String.IsNullOrEmpty(input))
-            {
-                expected = "";
-            }
-            else
-            {
-                expected = $"{flag} \"{escaped}\"";
-            }
-            Assert.Equal(expected, actual);
-        }
-
-        [Theory]
-        [Trait("Level", "L0")]
-        [Trait("Category", "Worker")]
-        [InlineData("foo", "bar", "foo=bar")]
-        [InlineData("foo\\", "bar", "foo\\=bar")]
-        [InlineData("foo\\", "bar\\", "foo\\=bar\\\\")]
-        [InlineData("foo \\","bar \\", "foo \\=bar \\\\")]
-        public void CreateEscapedOption_keyValue(string keyInput, string valueInput, string escapedString)
-        {
-            var flag = "--example";
-            var actual = DockerUtil.CreateEscapedOption(flag, keyInput, valueInput);
-            string expected;
-            if (String.IsNullOrEmpty(keyInput))
-            {
-                expected = "";
-            }
-            else
-            {
-                expected = $"{flag} \"{escapedString}\"";
-            }
-            Assert.Equal(expected, actual);
-        }
     }
 }

src/Test/L0/Listener/CommandSettingsL0.cs

@@ -547,6 +547,7 @@ namespace GitHub.Runner.Common.Tests
             }
         }
 
+#if OS_WINDOWS
         [Fact]
         [Trait("Level", "L0")]
         [Trait("Category", nameof(CommandSettings))]
@@ -603,7 +604,7 @@ namespace GitHub.Runner.Common.Tests
                 Assert.Equal("some windows logon password", actual);
             }
         }
-
+#endif
         [Fact]
         [Trait("Level", "L0")]
         [Trait("Category", nameof(CommandSettings))]

src/Test/L0/Listener/Configuration/NativeWindowsServiceHelperL0.cs

@@ -15,6 +15,7 @@ namespace Test.L0.Listener.Configuration
     {
 
 #if OS_WINDOWS
+#pragma warning disable CA1416
         [Fact]
         [Trait("Level", "L0")]
         [Trait("Category", "ConfigurationManagement")]
@@ -50,6 +51,7 @@ namespace Test.L0.Listener.Configuration
                 Assert.True(defaultServiceAccount.ToString().Equals(@"NT AUTHORITY\SYSTEM"), "If agent is getting configured as deployment agent, default service accout should be 'NT AUTHORITY\\SYSTEM'");
             }
         }
+#pragma warning restore CA1416
 #endif
     }
 }

src/Test/L0/Listener/SelfUpdaterL0.cs

@@ -0,0 +1,178 @@
+using GitHub.DistributedTask.WebApi;
+using GitHub.Runner.Listener;
+using GitHub.Runner.Sdk;
+using Moq;
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+using Xunit;
+using System.IO;
+
+namespace GitHub.Runner.Common.Tests.Listener
+{
+    public sealed class SelfUpdaterL0
+    {
+        private Mock<IRunnerServer> _runnerServer;
+        private Mock<ITerminal> _term;
+        private Mock<IConfigurationStore> _configStore;
+        private Mock<IJobDispatcher> _jobDispatcher;
+        private AgentRefreshMessage _refreshMessage = new AgentRefreshMessage(1, "2.299.0");
+
+#if !OS_WINDOWS
+        private string _packageUrl = $"https://github.com/actions/runner/releases/download/v2.285.1/actions-runner-{BuildConstants.RunnerPackage.PackageName}-2.285.1.tar.gz";
+#else
+        private string _packageUrl = $"https://github.com/actions/runner/releases/download/v2.285.1/actions-runner-{BuildConstants.RunnerPackage.PackageName}-2.285.1.zip";
+#endif
+        public SelfUpdaterL0()
+        {
+            _runnerServer = new Mock<IRunnerServer>();
+            _term = new Mock<ITerminal>();
+            _configStore = new Mock<IConfigurationStore>();
+            _jobDispatcher = new Mock<IJobDispatcher>();
+            _configStore.Setup(x => x.GetSettings()).Returns(new RunnerSettings() { PoolId = 1, AgentId = 1 });
+
+            _runnerServer.Setup(x => x.GetPackageAsync("agent", BuildConstants.RunnerPackage.PackageName, "2.299.0", true, It.IsAny<CancellationToken>()))
+                         .Returns(Task.FromResult(new PackageMetadata() { Platform = BuildConstants.RunnerPackage.PackageName, Version = new PackageVersion("2.299.0"), DownloadUrl = _packageUrl }));
+        }
+
+        [Fact]
+        [Trait("Level", "L0")]
+        [Trait("Category", "Runner")]
+        public async void TestSelfUpdateAsync()
+        {
+            using (var hc = new TestHostContext(this))
+            {
+                //Arrange
+                var updater = new Runner.Listener.SelfUpdater();
+                hc.SetSingleton<ITerminal>(_term.Object);
+                hc.SetSingleton<IRunnerServer>(_runnerServer.Object);
+                hc.SetSingleton<IConfigurationStore>(_configStore.Object);
+                hc.SetSingleton<IHttpClientHandlerFactory>(new HttpClientHandlerFactory());
+
+                var p = new ProcessInvokerWrapper();
+                p.Initialize(hc);
+                hc.EnqueueInstance<IProcessInvoker>(p);
+                updater.Initialize(hc);
+
+                _runnerServer.Setup(x => x.UpdateAgentUpdateStateAsync(1, 1, It.IsAny<string>(), It.IsAny<string>()))
+                             .Callback((int p, int a, string s, string t) =>
+                             {
+                                 hc.GetTrace().Info(t);
+                             })
+                             .Returns(Task.FromResult(new TaskAgent()));
+
+                try
+                {
+                    var result = await updater.SelfUpdate(_refreshMessage, _jobDispatcher.Object, true, hc.RunnerShutdownToken);
+                    Assert.True(result);
+                    Assert.True(Directory.Exists(Path.Combine(hc.GetDirectory(WellKnownDirectory.Root), "bin.2.299.0")));
+                    Assert.True(Directory.Exists(Path.Combine(hc.GetDirectory(WellKnownDirectory.Root), "externals.2.299.0")));
+                }
+                finally
+                {
+                    IOUtil.DeleteDirectory(Path.Combine(hc.GetDirectory(WellKnownDirectory.Root), "bin.2.299.0"), CancellationToken.None);
+                    IOUtil.DeleteDirectory(Path.Combine(hc.GetDirectory(WellKnownDirectory.Root), "externals.2.299.0"), CancellationToken.None);
+                }
+            }
+        }
+
+        [Fact]
+        [Trait("Level", "L0")]
+        [Trait("Category", "Runner")]
+        public async void TestSelfUpdateAsync_NoUpdateOnOldVersion()
+        {
+            using (var hc = new TestHostContext(this))
+            {
+                //Arrange
+                var updater = new Runner.Listener.SelfUpdater();
+                hc.SetSingleton<ITerminal>(_term.Object);
+                hc.SetSingleton<IRunnerServer>(_runnerServer.Object);
+                hc.SetSingleton<IConfigurationStore>(_configStore.Object);
+                updater.Initialize(hc);
+
+                _runnerServer.Setup(x => x.GetPackageAsync("agent", BuildConstants.RunnerPackage.PackageName, "2.200.0", true, It.IsAny<CancellationToken>()))
+                         .Returns(Task.FromResult(new PackageMetadata() { Platform = BuildConstants.RunnerPackage.PackageName, Version = new PackageVersion("2.200.0"), DownloadUrl = _packageUrl }));
+
+                _runnerServer.Setup(x => x.UpdateAgentUpdateStateAsync(1, 1, It.IsAny<string>(), It.IsAny<string>()))
+                             .Callback((int p, int a, string s, string t) =>
+                             {
+                                 hc.GetTrace().Info(t);
+                             })
+                             .Returns(Task.FromResult(new TaskAgent()));
+
+                var result = await updater.SelfUpdate(new AgentRefreshMessage(1, "2.200.0"), _jobDispatcher.Object, true, hc.RunnerShutdownToken);
+                Assert.False(result);
+            }
+        }
+
+        [Fact]
+        [Trait("Level", "L0")]
+        [Trait("Category", "Runner")]
+        public async void TestSelfUpdateAsync_DownloadRetry()
+        {
+            using (var hc = new TestHostContext(this))
+            {
+                //Arrange
+                var updater = new Runner.Listener.SelfUpdater();
+                hc.SetSingleton<ITerminal>(_term.Object);
+                hc.SetSingleton<IRunnerServer>(_runnerServer.Object);
+                hc.SetSingleton<IConfigurationStore>(_configStore.Object);
+                hc.SetSingleton<IHttpClientHandlerFactory>(new HttpClientHandlerFactory());
+
+                _runnerServer.Setup(x => x.GetPackageAsync("agent", BuildConstants.RunnerPackage.PackageName, "2.299.0", true, It.IsAny<CancellationToken>()))
+                         .Returns(Task.FromResult(new PackageMetadata() { Platform = BuildConstants.RunnerPackage.PackageName, Version = new PackageVersion("2.299.0"), DownloadUrl = $"https://github.com/actions/runner/notexists" }));
+
+                var p = new ProcessInvokerWrapper();
+                p.Initialize(hc);
+                hc.EnqueueInstance<IProcessInvoker>(p);
+                updater.Initialize(hc);
+
+                _runnerServer.Setup(x => x.UpdateAgentUpdateStateAsync(1, 1, It.IsAny<string>(), It.IsAny<string>()))
+                             .Callback((int p, int a, string s, string t) =>
+                             {
+                                 hc.GetTrace().Info(t);
+                             })
+                             .Returns(Task.FromResult(new TaskAgent()));
+
+
+                var ex = await Assert.ThrowsAsync<TaskCanceledException>(() => updater.SelfUpdate(_refreshMessage, _jobDispatcher.Object, true, hc.RunnerShutdownToken));
+                Assert.Contains($"failed after {Constants.RunnerDownloadRetryMaxAttempts} download attempts", ex.Message);
+            }
+        }
+
+        [Fact]
+        [Trait("Level", "L0")]
+        [Trait("Category", "Runner")]
+        public async void TestSelfUpdateAsync_ValidateHash()
+        {
+            using (var hc = new TestHostContext(this))
+            {
+                //Arrange
+                var updater = new Runner.Listener.SelfUpdater();
+                hc.SetSingleton<ITerminal>(_term.Object);
+                hc.SetSingleton<IRunnerServer>(_runnerServer.Object);
+                hc.SetSingleton<IConfigurationStore>(_configStore.Object);
+                hc.SetSingleton<IHttpClientHandlerFactory>(new HttpClientHandlerFactory());
+
+                _runnerServer.Setup(x => x.GetPackageAsync("agent", BuildConstants.RunnerPackage.PackageName, "2.299.0", true, It.IsAny<CancellationToken>()))
+                         .Returns(Task.FromResult(new PackageMetadata() { Platform = BuildConstants.RunnerPackage.PackageName, Version = new PackageVersion("2.299.0"), DownloadUrl = _packageUrl, HashValue = "bad_hash" }));
+
+                var p = new ProcessInvokerWrapper();
+                p.Initialize(hc);
+                hc.EnqueueInstance<IProcessInvoker>(p);
+                updater.Initialize(hc);
+
+                _runnerServer.Setup(x => x.UpdateAgentUpdateStateAsync(1, 1, It.IsAny<string>(), It.IsAny<string>()))
+                             .Callback((int p, int a, string s, string t) =>
+                             {
+                                 hc.GetTrace().Info(t);
+                             })
+                             .Returns(Task.FromResult(new TaskAgent()));
+
+
+                var ex = await Assert.ThrowsAsync<Exception>(() => updater.SelfUpdate(_refreshMessage, _jobDispatcher.Object, true, hc.RunnerShutdownToken));
+                Assert.Contains("did not match expected Runner Hash", ex.Message);
+            }
+        }
+    }
+}

src/Test/L0/PackagesTrimL0.cs

@@ -0,0 +1,154 @@
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Threading;
+using System.Threading.Tasks;
+using Xunit;
+using GitHub.Runner.Common.Util;
+using System.Threading.Channels;
+using GitHub.Runner.Sdk;
+using System.Linq;
+
+namespace GitHub.Runner.Common.Tests
+{
+    public sealed class PackagesTrimL0
+    {
+
+        [Fact]
+        [Trait("Level", "L0")]
+        [Trait("Category", "Common")]
+        public async Task RunnerLayoutParts_NewFilesCrossAll()
+        {
+            using (TestHostContext hc = new TestHostContext(this))
+            {
+                Tracing trace = hc.GetTrace();
+                var runnerCoreAssetsFile = Path.Combine(TestUtil.GetSrcPath(), @"Misc/runnercoreassets");
+                var runnerDotnetRuntimeFile = Path.Combine(TestUtil.GetSrcPath(), @"Misc/runnerdotnetruntimeassets");
+                string layoutBin = Path.Combine(TestUtil.GetSrcPath(), @"../_layout/bin");
+                var newFiles = new List<string>();
+                if (Directory.Exists(layoutBin))
+                {
+                    var coreAssets = await File.ReadAllLinesAsync(runnerCoreAssetsFile);
+                    var runtimeAssets = await File.ReadAllLinesAsync(runnerDotnetRuntimeFile);
+                    foreach (var file in Directory.GetFiles(layoutBin, "*", SearchOption.AllDirectories))
+                    {
+                        if (!coreAssets.Any(x => file.Replace(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar).EndsWith(x)) &&
+                            !runtimeAssets.Any(x => file.Replace(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar).EndsWith(x)))
+                        {
+                            newFiles.Add(file);
+                        }
+                    }
+
+                    if (newFiles.Count > 0)
+                    {
+                        Assert.True(false, $"Found new files '{string.Join('\n', newFiles)}'. These will break runner update using trimmed packages.");
+                    }
+                }
+            }
+        }
+
+        [Fact]
+        [Trait("Level", "L0")]
+        [Trait("Category", "Common")]
+        public async Task RunnerLayoutParts_OverlapFiles()
+        {
+            using (TestHostContext hc = new TestHostContext(this))
+            {
+                Tracing trace = hc.GetTrace();
+                var runnerCoreAssetsFile = Path.Combine(TestUtil.GetSrcPath(), @"Misc/runnercoreassets");
+                var runnerDotnetRuntimeFile = Path.Combine(TestUtil.GetSrcPath(), @"Misc/runnerdotnetruntimeassets");
+
+                var coreAssets = await File.ReadAllLinesAsync(runnerCoreAssetsFile);
+                var runtimeAssets = await File.ReadAllLinesAsync(runnerDotnetRuntimeFile);
+
+                foreach (var line in coreAssets)
+                {
+                    if (runtimeAssets.Contains(line, StringComparer.OrdinalIgnoreCase))
+                    {
+                        Assert.True(false, $"'Misc/runnercoreassets' and 'Misc/runnerdotnetruntimeassets' should not overlap.");
+                    }
+                }
+            }
+        }
+
+        [Fact]
+        [Trait("Level", "L0")]
+        [Trait("Category", "Common")]
+        public async Task RunnerLayoutParts_NewRunnerCoreAssets()
+        {
+            using (TestHostContext hc = new TestHostContext(this))
+            {
+                Tracing trace = hc.GetTrace();
+                var runnerCoreAssetsFile = Path.Combine(TestUtil.GetSrcPath(), @"Misc/runnercoreassets");
+                var coreAssets = await File.ReadAllLinesAsync(runnerCoreAssetsFile);
+
+                string layoutBin = Path.Combine(TestUtil.GetSrcPath(), @"../_layout/bin");
+                var newFiles = new List<string>();
+                if (Directory.Exists(layoutBin))
+                {
+                    var binDirs = Directory.GetDirectories(TestUtil.GetSrcPath(), "net6.0", SearchOption.AllDirectories);
+                    foreach (var binDir in binDirs)
+                    {
+                        if (binDir.Contains("Test") || binDir.Contains("obj"))
+                        {
+                            continue;
+                        }
+
+                        Directory.GetFiles(binDir, "*", SearchOption.TopDirectoryOnly).ToList().ForEach(x =>
+                        {
+                            if (!x.Contains("runtimeconfig.dev.json"))
+                            {
+                                if (!coreAssets.Any(y => x.Replace(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar).EndsWith(y)))
+                                {
+                                    newFiles.Add(x);
+                                }
+                            }
+                        });
+                    }
+
+                    if (newFiles.Count > 0)
+                    {
+                        Assert.True(false, $"Found new files '{string.Join('\n', newFiles)}'. These will break runner update using trimmed packages. You might need to update `Misc/runnercoreassets`.");
+                    }
+                }
+            }
+        }
+
+        [Fact]
+        [Trait("Level", "L0")]
+        [Trait("Category", "Common")]
+        public async Task RunnerLayoutParts_NewDotnetRuntimeAssets()
+        {
+            using (TestHostContext hc = new TestHostContext(this))
+            {
+                Tracing trace = hc.GetTrace();
+                var runnerDotnetRuntimeFile = Path.Combine(TestUtil.GetSrcPath(), @"Misc/runnerdotnetruntimeassets");
+                var runtimeAssets = await File.ReadAllLinesAsync(runnerDotnetRuntimeFile);
+
+                string layoutTrimsRuntimeAssets = Path.Combine(TestUtil.GetSrcPath(), @"../_layout_trims/runnerdotnetruntimeassets");
+                var newFiles = new List<string>();
+                if (File.Exists(layoutTrimsRuntimeAssets))
+                {
+                    var runtimeAssetsCurrent = await File.ReadAllLinesAsync(layoutTrimsRuntimeAssets);
+                    foreach (var runtimeFile in runtimeAssetsCurrent)
+                    {
+                        if (runtimeAssets.Any(x => runtimeFile.EndsWith(x, StringComparison.OrdinalIgnoreCase)))
+                        {
+                            continue;
+                        }
+                        else
+                        {
+                            newFiles.Add(runtimeFile);
+                        }
+                    }
+
+                    if (newFiles.Count > 0)
+                    {
+                        Assert.True(false, $"Found new dotnet runtime files '{string.Join('\n', newFiles)}'. These will break runner update using trimmed packages. You might need to update `Misc/runnerdotnetruntimeassets`.");
+                    }
+                }
+            }
+        }
+    }
+}

src/Test/L0/ProcessInvokerL0.cs

@@ -197,7 +197,7 @@ namespace GitHub.Runner.Common.Tests
 #if OS_WINDOWS
                 execTask = processInvoker.ExecuteAsync("", "cmd.exe", $"/c \"choice /T {SecondsToRun} /D y\"", null, tokenSource.Token);
 #else
-                execTask = processInvoker.ExecuteAsync("", "bash", $"-c \"sleep {SecondsToRun}s\"", null, tokenSource.Token);
+                execTask = processInvoker.ExecuteAsync("", "bash", $"-c \"sleep {SecondsToRun}\"", null, tokenSource.Token);
 #endif
                 await Task.Delay(500);
                 tokenSource.Cancel();

src/Test/L0/Worker/ActionCommandManagerL0.cs

@@ -122,14 +122,14 @@ namespace GitHub.Runner.Common.Tests.Worker
             {
                 _ec.Object.Global.EnvironmentVariables = new Dictionary<string, string>();
                 var expressionValues = new DictionaryContextData
-            {
-                ["env"] =
+                {
+                    ["env"] =
 #if OS_WINDOWS
                         new DictionaryContextData{ { Constants.Variables.Actions.AllowUnsupportedStopCommandTokens, new StringContextData(allowUnsupportedStopCommandTokens) }}
 #else
-                        new CaseSensitiveDictionaryContextData{ { Constants.Variables.Actions.AllowUnsupportedStopCommandTokens, new StringContextData(allowUnsupportedStopCommandTokens) }}
+                        new CaseSensitiveDictionaryContextData { { Constants.Variables.Actions.AllowUnsupportedStopCommandTokens, new StringContextData(allowUnsupportedStopCommandTokens) } }
 #endif
-            };
+                };
                 _ec.Setup(x => x.ExpressionValues).Returns(expressionValues);
                 _ec.Setup(x => x.JobTelemetry).Returns(new List<JobTelemetry>());
 
@@ -418,6 +418,31 @@ namespace GitHub.Runner.Common.Tests.Worker
             }
         }
 
+        [Fact]
+        [Trait("Level", "L0")]
+        [Trait("Category", "Worker")]
+        public void AddMaskWithMultilineValue()
+        {
+            using (TestHostContext hc = CreateTestContext())
+            {
+                // Act
+                _commandManager.TryProcessCommand(_ec.Object, $"::add-mask::abc%0Ddef%0Aghi%0D%0Ajkl", null);
+                _commandManager.TryProcessCommand(_ec.Object, $"::add-mask:: %0D  %0A   %0D%0A    %0D", null);
+
+                // Assert
+                Assert.Equal("***", hc.SecretMasker.MaskSecrets("abc"));
+                Assert.Equal("***", hc.SecretMasker.MaskSecrets("def"));
+                Assert.Equal("***", hc.SecretMasker.MaskSecrets("ghi"));
+                Assert.Equal("***", hc.SecretMasker.MaskSecrets("jkl"));
+                Assert.Equal("***", hc.SecretMasker.MaskSecrets("abc\rdef\nghi\r\njkl"));
+                Assert.Equal("", hc.SecretMasker.MaskSecrets(""));
+                Assert.Equal(" ", hc.SecretMasker.MaskSecrets(" "));
+                Assert.Equal("  ", hc.SecretMasker.MaskSecrets("  "));
+                Assert.Equal("   ", hc.SecretMasker.MaskSecrets("   "));
+                Assert.Equal("    ", hc.SecretMasker.MaskSecrets("    "));
+            }
+        }
+
         private TestHostContext CreateTestContext([CallerMemberName] string testName = "")
         {
             var hostContext = new TestHostContext(this, testName);
@@ -431,6 +456,7 @@ namespace GitHub.Runner.Common.Tests.Worker
                 new InternalPluginSetRepoPathCommandExtension(),
                 new SetEnvCommandExtension(),
                 new WarningCommandExtension(),
+                new AddMaskCommandExtension(),
             };
             foreach (var command in commands)
             {

src/Test/Test.csproj

@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk">
     <PropertyGroup>
-        <TargetFramework>netcoreapp3.1</TargetFramework>
+        <TargetFramework>net6.0</TargetFramework>
         <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64</RuntimeIdentifiers>
         <TargetLatestRuntimePatch>true</TargetLatestRuntimePatch>
         <NoWarn>NU1701;NU1603;NU1603;xUnit2013;</NoWarn>
@@ -15,7 +15,7 @@
     </ItemGroup>
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0" />
+        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.0.0" />
         <PackageReference Include="xunit" Version="2.4.1" />
         <PackageReference Include="xunit.runner.visualstudio" Version="2.4.1" />
         <PackageReference Include="System.Buffers" Version="4.3.0" />

src/dev.sh

@@ -14,10 +14,15 @@ DEV_TARGET_RUNTIME=$3
 
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 LAYOUT_DIR="$SCRIPT_DIR/../_layout"
+LAYOUT_TRIMS_DIR="$SCRIPT_DIR/../_layout_trims"
+LAYOUT_TRIM_EXTERNALS_DIR="$LAYOUT_TRIMS_DIR/trim_externals"
+LAYOUT_TRIM_RUNTIME_DIR="$LAYOUT_TRIMS_DIR/trim_runtime"
+LAYOUT_TRIM_RUNTIME_EXTERNALS_DIR="$LAYOUT_TRIMS_DIR/trim_runtime_externals"
 DOWNLOAD_DIR="$SCRIPT_DIR/../_downloads/netcore2x"
 PACKAGE_DIR="$SCRIPT_DIR/../_package"
+PACKAGE_TRIMS_DIR="$SCRIPT_DIR/../_package_trims"
 DOTNETSDK_ROOT="$SCRIPT_DIR/../_dotnetsdk"
-DOTNETSDK_VERSION="3.1.302"
+DOTNETSDK_VERSION="6.0.100"
 DOTNETSDK_INSTALLDIR="$DOTNETSDK_ROOT/$DOTNETSDK_VERSION"
 RUNNER_VERSION=$(cat runnerversion)
 
@@ -127,6 +132,48 @@ function layout ()
 
     heading "Setup externals folder for $RUNTIME_ID runner's layout"
     bash ./Misc/externals.sh $RUNTIME_ID || checkRC externals.sh
+
+    heading "Create layout (Trimmed) ..."
+
+    rm -Rf "$LAYOUT_TRIMS_DIR"
+    mkdir -p "$LAYOUT_TRIMS_DIR"
+    mkdir -p "$LAYOUT_TRIMS_DIR/runtime"
+    cp -r "$LAYOUT_DIR/bin/." "$LAYOUT_TRIMS_DIR/runtime"
+    mkdir -p "$LAYOUT_TRIMS_DIR/externals"
+    cp -r "$LAYOUT_DIR/externals/." "$LAYOUT_TRIMS_DIR/externals"
+
+    pushd "$LAYOUT_TRIMS_DIR/runtime" > /dev/null
+    if [[ ("$CURRENT_PLATFORM" == "windows") ]]; then
+        sed -i 's/\n$/\r\n/' "$SCRIPT_DIR/Misc/runnercoreassets"
+    fi
+
+    cat "$SCRIPT_DIR/Misc/runnercoreassets" | xargs rm -f
+    find . -empty -type d -delete
+    find . -type f > "$LAYOUT_TRIMS_DIR/runnerdotnetruntimeassets"
+    popd > /dev/null
+
+    heading "Create layout with externals trimmed ..."
+    mkdir -p "$LAYOUT_TRIM_EXTERNALS_DIR"
+    cp -r "$LAYOUT_DIR/." "$LAYOUT_TRIM_EXTERNALS_DIR/"
+    rm -Rf "$LAYOUT_TRIM_EXTERNALS_DIR/externals"
+    echo "Created... $LAYOUT_TRIM_EXTERNALS_DIR"
+
+    heading "Create layout with dotnet runtime trimmed ..."
+    mkdir -p "$LAYOUT_TRIM_RUNTIME_DIR"
+    cp -r "$LAYOUT_DIR/." "$LAYOUT_TRIM_RUNTIME_DIR/"
+    pushd "$LAYOUT_TRIM_RUNTIME_DIR/bin" > /dev/null
+    cat "$LAYOUT_TRIMS_DIR/runnerdotnetruntimeassets" | xargs rm -f
+    echo "Created... $LAYOUT_TRIM_RUNTIME_DIR"
+    popd > /dev/null
+
+    heading "Create layout with externals and dotnet runtime trimmed ..."
+    mkdir -p "$LAYOUT_TRIM_RUNTIME_EXTERNALS_DIR"
+    cp -r "$LAYOUT_DIR/." "$LAYOUT_TRIM_RUNTIME_EXTERNALS_DIR/"
+    rm -Rf "$LAYOUT_TRIM_RUNTIME_EXTERNALS_DIR/externals"
+    pushd "$LAYOUT_TRIM_RUNTIME_EXTERNALS_DIR/bin" > /dev/null
+    cat "$LAYOUT_TRIMS_DIR/runnerdotnetruntimeassets" | xargs rm -f
+    echo "Created... $LAYOUT_TRIM_RUNTIME_EXTERNALS_DIR"
+    popd > /dev/null
 }
 
 function runtest ()
@@ -156,7 +203,9 @@ function package ()
     find "${LAYOUT_DIR}/bin" -type f -name '*.pdb' -delete
 
     mkdir -p "$PACKAGE_DIR"
+    mkdir -p "$PACKAGE_TRIMS_DIR"
     rm -Rf "${PACKAGE_DIR:?}"/*
+    rm -Rf "${PACKAGE_TRIMS_DIR:?}"/*
 
     pushd "$PACKAGE_DIR" > /dev/null
 
@@ -174,6 +223,66 @@ function package ()
     fi
 
     popd > /dev/null
+
+    runner_trim_externals_pkg_name="actions-runner-${RUNTIME_ID}-${runner_ver}-noexternals"
+    heading "Packaging ${runner_trim_externals_pkg_name} (Trimmed)" 
+
+    PACKAGE_TRIM_EXTERNALS_DIR="$PACKAGE_TRIMS_DIR/trim_externals"
+    mkdir -p "$PACKAGE_TRIM_EXTERNALS_DIR"
+    pushd "$PACKAGE_TRIM_EXTERNALS_DIR" > /dev/null
+    if [[ ("$CURRENT_PLATFORM" == "linux") || ("$CURRENT_PLATFORM" == "darwin") ]]; then
+        tar_name="${runner_trim_externals_pkg_name}.tar.gz"
+        echo "Creating $tar_name in ${LAYOUT_TRIM_EXTERNALS_DIR}"
+        tar -czf "${tar_name}" -C "${LAYOUT_TRIM_EXTERNALS_DIR}" .
+    elif [[ ("$CURRENT_PLATFORM" == "windows") ]]; then
+        zip_name="${runner_trim_externals_pkg_name}.zip"
+        echo "Convert ${LAYOUT_TRIM_EXTERNALS_DIR} to Windows style path"
+        window_path=${LAYOUT_TRIM_EXTERNALS_DIR:1}
+        window_path=${window_path:0:1}:${window_path:1}
+        echo "Creating $zip_name in ${window_path}"
+        powershell -NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "Add-Type -Assembly \"System.IO.Compression.FileSystem\"; [System.IO.Compression.ZipFile]::CreateFromDirectory(\"${window_path}\", \"${zip_name}\")"
+    fi
+    popd > /dev/null
+
+    runner_trim_runtime_pkg_name="actions-runner-${RUNTIME_ID}-${runner_ver}-noruntime"
+    heading "Packaging ${runner_trim_runtime_pkg_name} (Trimmed)" 
+
+    PACKAGE_TRIM_RUNTIME_DIR="$PACKAGE_TRIMS_DIR/trim_runtime"
+    mkdir -p "$PACKAGE_TRIM_RUNTIME_DIR"
+    pushd "$PACKAGE_TRIM_RUNTIME_DIR" > /dev/null
+    if [[ ("$CURRENT_PLATFORM" == "linux") || ("$CURRENT_PLATFORM" == "darwin") ]]; then
+        tar_name="${runner_trim_runtime_pkg_name}.tar.gz"
+        echo "Creating $tar_name in ${LAYOUT_TRIM_RUNTIME_DIR}"
+        tar -czf "${tar_name}" -C "${LAYOUT_TRIM_RUNTIME_DIR}" .
+    elif [[ ("$CURRENT_PLATFORM" == "windows") ]]; then
+        zip_name="${runner_trim_runtime_pkg_name}.zip"
+        echo "Convert ${LAYOUT_TRIM_RUNTIME_DIR} to Windows style path"
+        window_path=${LAYOUT_TRIM_RUNTIME_DIR:1}
+        window_path=${window_path:0:1}:${window_path:1}
+        echo "Creating $zip_name in ${window_path}"
+        powershell -NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "Add-Type -Assembly \"System.IO.Compression.FileSystem\"; [System.IO.Compression.ZipFile]::CreateFromDirectory(\"${window_path}\", \"${zip_name}\")"
+    fi
+    popd > /dev/null
+
+    runner_trim_runtime_externals_pkg_name="actions-runner-${RUNTIME_ID}-${runner_ver}-noruntime-noexternals"
+    heading "Packaging ${runner_trim_runtime_externals_pkg_name} (Trimmed)" 
+
+    PACKAGE_TRIM_RUNTIME_EXTERNALS_DIR="$PACKAGE_TRIMS_DIR/trim_runtime_externals"
+    mkdir -p "$PACKAGE_TRIM_RUNTIME_EXTERNALS_DIR"
+    pushd "$PACKAGE_TRIM_RUNTIME_EXTERNALS_DIR" > /dev/null
+    if [[ ("$CURRENT_PLATFORM" == "linux") || ("$CURRENT_PLATFORM" == "darwin") ]]; then
+        tar_name="${runner_trim_runtime_externals_pkg_name}.tar.gz"
+        echo "Creating $tar_name in ${LAYOUT_TRIM_RUNTIME_EXTERNALS_DIR}"
+        tar -czf "${tar_name}" -C "${LAYOUT_TRIM_RUNTIME_EXTERNALS_DIR}" .
+    elif [[ ("$CURRENT_PLATFORM" == "windows") ]]; then
+        zip_name="${runner_trim_runtime_externals_pkg_name}.zip"
+        echo "Convert ${LAYOUT_TRIM_RUNTIME_EXTERNALS_DIR} to Windows style path"
+        window_path=${LAYOUT_TRIM_RUNTIME_EXTERNALS_DIR:1}
+        window_path=${window_path:0:1}:${window_path:1}
+        echo "Creating $zip_name in ${window_path}"
+        powershell -NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "Add-Type -Assembly \"System.IO.Compression.FileSystem\"; [System.IO.Compression.ZipFile]::CreateFromDirectory(\"${window_path}\", \"${zip_name}\")"
+    fi
+    popd > /dev/null
 }
 
 if [[ (! -d "${DOTNETSDK_INSTALLDIR}") || (! -e "${DOTNETSDK_INSTALLDIR}/.${DOTNETSDK_VERSION}") || (! -e "${DOTNETSDK_INSTALLDIR}/dotnet") ]]; then

src/global.json

@@ -1,5 +1,5 @@
 {
   "sdk": {
-    "version": "3.1.302"
+    "version": "6.0.100"
   }
 }

src/runnerversion

@@ -1 +1 @@
-2.285.2
+2.286.1