From fa80a2f9ca5bf06041e1d042bfb5cb1ffca340d4 Mon Sep 17 00:00:00 2001 From: Sheng Chen Date: Wed, 4 Dec 2024 09:48:34 +0800 Subject: [PATCH] build - Onboard MicroBuild --- .azure-pipelines/vscode-gradle-nightly.yml | 127 ++++++--------------- .azure-pipelines/vscode-gradle-rc.yml | 127 ++++++--------------- extension/.vscodeignore | 2 + 3 files changed, 76 insertions(+), 180 deletions(-) diff --git a/.azure-pipelines/vscode-gradle-nightly.yml b/.azure-pipelines/vscode-gradle-nightly.yml index cc07ae1a8..091982d6a 100644 --- a/.azure-pipelines/vscode-gradle-nightly.yml +++ b/.azure-pipelines/vscode-gradle-nightly.yml @@ -43,6 +43,15 @@ extends: steps: - checkout: self fetchTags: true + - task: UsePythonVersion@0 + displayName: 'Use Python 3.11.x' + inputs: + versionSpec: 3.11.x + - task: UseDotNet@2 + displayName: 'Use .NET Core 3.1.x' + inputs: + packageType: 'sdk' + version: '3.1.x' - task: JavaToolInstaller@0 displayName: Install Java 17 inputs: @@ -53,6 +62,14 @@ extends: displayName: Install Node 18.x inputs: versionSpec: 18.x + - task: MicroBuildSigningPlugin@4 + displayName: 'Install Signing Plugin' + inputs: + signType: real + azureSubscription: 'MicroBuild Signing Task (MSEng)' + feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json' + env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) - task: DownloadBuildArtifacts@1 displayName: 'Download Build Server Artifacts' inputs: @@ -94,38 +111,11 @@ extends: - bash: chmod +x gradle-server workingDirectory: $(Build.SourcesDirectory)/extension/lib displayName: Set permission - - task: EsrpCodeSigning@5 - displayName: 'ESRP CodeSigning' - inputs: - ConnectedServiceName: $(ConnectedServiceName) - AppRegistrationClientId: $(AppRegistrationClientId) - AppRegistrationTenantId: $(AppRegistrationTenantId) - AuthAKVName: $(AuthAKVName) - AuthCertName: $(AuthCertName) - AuthSignCertName: $(AuthSignCertName) - FolderPath: 'extension/lib' - Pattern: 'gradle-server.jar' - signConfigType: 'inlineSignParams' - inlineOperation: | - [ - { - "KeyCode" : "CP-447347-Java", - "OperationCode" : "JavaSign", - "Parameters" : { - "SigAlg" : "SHA256withRSA", - "Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp" - }, - "ToolName" : "sign", - "ToolVersion" : "1.0" - }, - { - "KeyCode" : "CP-447347-Java", - "OperationCode" : "JavaVerify", - "Parameters" : {}, - "ToolName" : "sign", - "ToolVersion" : "1.0" - } - ] + - task: CmdLine@2 + displayName: Sign jars + inputs: + script: dotnet "$MBSIGN_APPFOLDER/DDSignFiles.dll" -- /file:extension/lib/gradle-server.jar /certs:100010171 + workingDirectory: 'extension/lib' - bash: npx json@latest -I -f package.json -e "this.aiKey=\"$(AI_KEY)\"" workingDirectory: $(Build.SourcesDirectory)/extension displayName: Replace AI Key @@ -154,38 +144,16 @@ extends: gradleWrapperFile: 'gradlew' gradleOptions: '-Xmx3072m' tasks: ':extension:copyJdtlsPluginJar' - - task: EsrpCodeSigning@5 - displayName: 'ESRP CodeSigning' - inputs: - ConnectedServiceName: $(ConnectedServiceName) - AppRegistrationClientId: $(AppRegistrationClientId) - AppRegistrationTenantId: $(AppRegistrationTenantId) - AuthAKVName: $(AuthAKVName) - AuthCertName: $(AuthCertName) - AuthSignCertName: $(AuthSignCertName) - FolderPath: 'extension/server' - Pattern: 'com.microsoft.gradle.bs.importer-*.jar' - signConfigType: 'inlineSignParams' - inlineOperation: | - [ - { - "KeyCode" : "CP-447347-Java", - "OperationCode" : "JavaSign", - "Parameters" : { - "SigAlg" : "SHA256withRSA", - "Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp" - }, - "ToolName" : "sign", - "ToolVersion" : "1.0" - }, - { - "KeyCode" : "CP-447347-Java", - "OperationCode" : "JavaVerify", - "Parameters" : {}, - "ToolName" : "sign", - "ToolVersion" : "1.0" - } - ] + - task: CmdLine@2 + displayName: Sign jars + inputs: + script: | + files=$(find . -type f -name "com.microsoft.gradle.bs.importer-*.jar") + for file in $files; do + fileName=$(basename "$file") + dotnet "$MBSIGN_APPFOLDER/DDSignFiles.dll" -- /file:"$fileName" /certs:100010171 + done + workingDirectory: 'extension/server' - bash: npx @vscode/vsce@latest package --pre-release -o extension.vsix workingDirectory: $(Build.SourcesDirectory)/extension displayName: Package VSIX @@ -195,32 +163,11 @@ extends: - bash: cp extension.manifest extension.signature.p7s workingDirectory: $(Build.SourcesDirectory)/extension displayName: 'Prepare manifest for signing' - - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 - inputs: - ConnectedServiceName: $(ConnectedServiceName) - AppRegistrationClientId: $(AppRegistrationClientId) - AppRegistrationTenantId: $(AppRegistrationTenantId) - AuthAKVName: $(AuthAKVName) - AuthCertName: $(AuthCertName) - AuthSignCertName: $(AuthSignCertName) - FolderPath: 'extension' - Pattern: 'extension.signature.p7s' - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "keyCode": "CP-401405", - "operationSetCode": "VSCodePublisherSign", - "parameters" : [], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - SessionTimeout: 90 - MaxConcurrency: 25 - MaxRetryAttempts: 5 - PendingAnalysisWaitTimeoutMinutes: 5 - displayName: 'Sign extension' + - task: CmdLine@2 + displayName: Sign extension + inputs: + script: dotnet "$MBSIGN_APPFOLDER/DDSignFiles.dll" -- /file:extension.signature.p7s /certs:4014052 + workingDirectory: 'extension' - task: CopyFiles@2 displayName: Copy VSIX inputs: diff --git a/.azure-pipelines/vscode-gradle-rc.yml b/.azure-pipelines/vscode-gradle-rc.yml index 6ab5ddd31..17042e1a9 100644 --- a/.azure-pipelines/vscode-gradle-rc.yml +++ b/.azure-pipelines/vscode-gradle-rc.yml @@ -43,6 +43,15 @@ extends: steps: - checkout: self fetchTags: true + - task: UsePythonVersion@0 + displayName: 'Use Python 3.11.x' + inputs: + versionSpec: 3.11.x + - task: UseDotNet@2 + displayName: 'Use .NET Core 3.1.x' + inputs: + packageType: 'sdk' + version: '3.1.x' - task: JavaToolInstaller@0 displayName: Install Java 17 inputs: @@ -53,6 +62,14 @@ extends: displayName: Install Node 18.x inputs: versionSpec: 18.x + - task: MicroBuildSigningPlugin@4 + displayName: 'Install Signing Plugin' + inputs: + signType: real + azureSubscription: 'MicroBuild Signing Task (MSEng)' + feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json' + env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) - task: DownloadBuildArtifacts@1 displayName: 'Download Build Server Artifacts' inputs: @@ -94,38 +111,11 @@ extends: - bash: chmod +x gradle-server workingDirectory: $(Build.SourcesDirectory)/extension/lib displayName: Set permission - - task: EsrpCodeSigning@5 - displayName: 'ESRP CodeSigning' - inputs: - ConnectedServiceName: $(ConnectedServiceName) - AppRegistrationClientId: $(AppRegistrationClientId) - AppRegistrationTenantId: $(AppRegistrationTenantId) - AuthAKVName: $(AuthAKVName) - AuthCertName: $(AuthCertName) - AuthSignCertName: $(AuthSignCertName) - FolderPath: 'extension/lib' - Pattern: 'gradle-server.jar' - signConfigType: 'inlineSignParams' - inlineOperation: | - [ - { - "KeyCode" : "CP-447347-Java", - "OperationCode" : "JavaSign", - "Parameters" : { - "SigAlg" : "SHA256withRSA", - "Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp" - }, - "ToolName" : "sign", - "ToolVersion" : "1.0" - }, - { - "KeyCode" : "CP-447347-Java", - "OperationCode" : "JavaVerify", - "Parameters" : {}, - "ToolName" : "sign", - "ToolVersion" : "1.0" - } - ] + - task: CmdLine@2 + displayName: Sign jars + inputs: + script: dotnet "$MBSIGN_APPFOLDER/DDSignFiles.dll" -- /file:extension/lib/gradle-server.jar /certs:100010171 + workingDirectory: 'extension/lib' - bash: npx json@latest -I -f package.json -e "this.aiKey=\"$(AI_KEY)\"" workingDirectory: $(Build.SourcesDirectory)/extension displayName: Replace AI Key @@ -149,38 +139,16 @@ extends: gradleWrapperFile: 'gradlew' gradleOptions: '-Xmx3072m' tasks: ':extension:copyJdtlsPluginJar' - - task: EsrpCodeSigning@5 - displayName: 'ESRP CodeSigning' - inputs: - ConnectedServiceName: $(ConnectedServiceName) - AppRegistrationClientId: $(AppRegistrationClientId) - AppRegistrationTenantId: $(AppRegistrationTenantId) - AuthAKVName: $(AuthAKVName) - AuthCertName: $(AuthCertName) - AuthSignCertName: $(AuthSignCertName) - FolderPath: 'extension/server' - Pattern: 'com.microsoft.gradle.bs.importer-*.jar' - signConfigType: 'inlineSignParams' - inlineOperation: | - [ - { - "KeyCode" : "CP-447347-Java", - "OperationCode" : "JavaSign", - "Parameters" : { - "SigAlg" : "SHA256withRSA", - "Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp" - }, - "ToolName" : "sign", - "ToolVersion" : "1.0" - }, - { - "KeyCode" : "CP-447347-Java", - "OperationCode" : "JavaVerify", - "Parameters" : {}, - "ToolName" : "sign", - "ToolVersion" : "1.0" - } - ] + - task: CmdLine@2 + displayName: Sign jars + inputs: + script: | + files=$(find . -type f -name "com.microsoft.gradle.bs.importer-*.jar") + for file in $files; do + fileName=$(basename "$file") + dotnet "$MBSIGN_APPFOLDER/DDSignFiles.dll" -- /file:"$fileName" /certs:100010171 + done + workingDirectory: 'extension/server' - bash: npx @vscode/vsce@latest package -o extension.vsix workingDirectory: $(Build.SourcesDirectory)/extension displayName: Package VSIX @@ -190,32 +158,11 @@ extends: - bash: cp extension.manifest extension.signature.p7s workingDirectory: $(Build.SourcesDirectory)/extension displayName: 'Prepare manifest for signing' - - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 - inputs: - ConnectedServiceName: $(ConnectedServiceName) - AppRegistrationClientId: $(AppRegistrationClientId) - AppRegistrationTenantId: $(AppRegistrationTenantId) - AuthAKVName: $(AuthAKVName) - AuthCertName: $(AuthCertName) - AuthSignCertName: $(AuthSignCertName) - FolderPath: 'extension' - Pattern: 'extension.signature.p7s' - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "keyCode": "CP-401405", - "operationSetCode": "VSCodePublisherSign", - "parameters" : [], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - SessionTimeout: 90 - MaxConcurrency: 25 - MaxRetryAttempts: 5 - PendingAnalysisWaitTimeoutMinutes: 5 - displayName: 'Sign extension' + - task: CmdLine@2 + displayName: Sign extension + inputs: + script: dotnet "$MBSIGN_APPFOLDER/DDSignFiles.dll" -- /file:extension.signature.p7s /certs:4014052 + workingDirectory: 'extension' - task: CopyFiles@2 displayName: Copy VSIX inputs: diff --git a/extension/.vscodeignore b/extension/.vscodeignore index 79f856ea3..c56fe8abc 100644 --- a/extension/.vscodeignore +++ b/extension/.vscodeignore @@ -25,6 +25,8 @@ beta/** ARCHITECTURE.md # Ignore output of code sign lib/*.md +**/*.log + scripts # for nightly build package.insiders.json