Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build - Onboard MicroBuild #867

Merged
merged 2 commits into from
Dec 4, 2024
Merged

build - Onboard MicroBuild #867

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
424c26e
build - Onboard MicroBuild
jdneo Dec 3, 2024
0db86ad
Replace Bash with CmdLine
jdneo Dec 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
117 changes: 41 additions & 76 deletions .azure-pipelines/nightly.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,31 +12,27 @@ resources:
- repository: self
type: git
ref: refs/heads/main
- repository: 1esPipelines
- repository: MicroBuildTemplate
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
name: 1ESPipelineTemplates/MicroBuildTemplate
trigger: none
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
parameters:
pool:
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Windows_2022
os: windows
sdl:
sourceAnalysisPool:
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Windows_2022
os: windows
customBuildTags:
- MigrationTooling-mseng-VSJava-13463-Tool
name: MSEngSS-MicroBuild2022-1ES
stages:
- stage: Build
jobs:
- job: Job_1
displayName: Agent job 1
templateContext:
mb:
signing:
enabled: true
signType: real
zipSources: false
feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json'
outputs:
- output: pipelineArtifact
artifactName: extension
Expand All @@ -50,66 +46,57 @@ extends:
displayName: Use Node 20.x
inputs:
versionSpec: 20.x
# The image does not have jdk preinstalled, we need to download it first.
- task: PowerShell@2
displayName: Download JDK 17
inputs:
targetType: 'inline'
script: |-
New-Item -ItemType Directory -Path "$env:AGENT_TEMPDIRECTORY\downloadjdk"
Invoke-WebRequest -Uri "https://aka.ms/download-jdk/microsoft-jdk-17-windows-x64.zip" -OutFile "$env:AGENT_TEMPDIRECTORY\downloadjdk\microsoft-jdk-17-windows-x64.zip"
- task: JavaToolInstaller@0
displayName: Use Java 17
inputs:
versionSpec: "17"
jdkArchitectureOption: x64
jdkSourceOption: PreInstalled
jdkSourceOption: LocalDirectory
jdkFile: $(Agent.TempDirectory)/downloadjdk/microsoft-jdk-17-windows-x64.zip
jdkDestinationDirectory: $(Agent.ToolsDirectory)/ms-jdk17
- script: java --version
displayName: 'Check Java installation'
- task: Npm@1
displayName: npm install
inputs:
verbose: false
- task: Bash@3
- task: CmdLine@2
displayName: npx gulp build_server
inputs:
targetType: inline
script: |-
# Build the jars to the server folder.
npm run build-server
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: ESRP CodeSigning
- task: PowerShell@2
displayName: Sign Jars
inputs:
ConnectedServiceName: 'ESRP-Release-Test'
AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6'
AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
AuthAKVName: 'vscjavaci'
AuthCertName: 'vscjava-esrprelease-auth'
AuthSignCertName: 'VSCJava-CodeSign'
FolderPath: server
Pattern: com.microsoft.jdtls.ext.*.jar
signConfigType: inlineSignParams
inlineOperation: |-
[
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaSign",
"Parameters" : {
"SigAlg" : "SHA256withRSA",
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
targetType: 'inline'
script: |-
$files = Get-ChildItem -Path . -Recurse -Filter "com.microsoft.jdtls.ext.*.jar"
foreach ($file in $files) {
$fileName = $file.Name
& dotnet "$env:MBSIGN_APPFOLDER\DDSignFiles.dll" /file:"$fileName" /certs:100010171
}
workingDirectory: 'server'
- task: CmdLine@2
displayName: Replace AI Key
inputs:
script: npx [email protected] -I -f package.json -e "this.aiKey=\"%AI_KEY%\""
- task: Bash@3
displayName: Bash Script
- task: PowerShell@2
displayName: Update package.json
inputs:
targetType: inline
script: |-
node ./scripts/prepare-nightly-build.js
mv ./package.insiders.json ./package.json
Move-Item -Path "./package.insiders.json" -Destination "./package.json" -Force
- script: npx @vscode/vsce@latest package --pre-release -o extension.vsix
displayName: 'vsce package --pre-release'
### Copy files for APIScan
Expand All @@ -133,34 +120,12 @@ extends:
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
- script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
displayName: 'Generate extension manifest'
- script: cp extension.manifest extension.signature.p7s
- script: copy extension.manifest extension.signature.p7s
displayName: 'Prepare manifest for signing'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
- task: CmdLine@2
displayName: Sign extension
inputs:
ConnectedServiceName: 'ESRP-Release-Test'
AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6'
AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
AuthAKVName: 'vscjavaci'
AuthCertName: 'vscjava-esrprelease-auth'
AuthSignCertName: 'VSCJava-CodeSign'
FolderPath: '.'
Pattern: 'extension.signature.p7s'
signConfigType: inlineSignParams
inlineOperation: |
[
{
"keyCode": "CP-401405",
"operationSetCode": "VSCodePublisherSign",
"parameters" : [],
"toolName": "sign",
"toolVersion": "1.0"
}
]
SessionTimeout: 90
MaxConcurrency: 25
MaxRetryAttempts: 5
PendingAnalysisWaitTimeoutMinutes: 5
displayName: 'Sign extension'
script: dotnet %MBSIGN_APPFOLDER%/ddsignfiles.dll /file:extension.signature.p7s /certs:4014052
- task: CopyFiles@2
displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)"
inputs:
Expand Down
113 changes: 39 additions & 74 deletions .azure-pipelines/rc.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,31 +7,27 @@ resources:
- repository: self
type: git
ref: refs/heads/main
- repository: 1esPipelines
- repository: MicroBuildTemplate
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
name: 1ESPipelineTemplates/MicroBuildTemplate
trigger: none
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
parameters:
pool:
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Windows_2022
os: windows
sdl:
sourceAnalysisPool:
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Windows_2022
os: windows
customBuildTags:
- MigrationTooling-mseng-VSJava-9019-Tool
name: MSEngSS-MicroBuild2022-1ES
stages:
- stage: Build
jobs:
- job: Job_1
displayName: RC
templateContext:
mb:
signing:
enabled: true
signType: real
zipSources: false
feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json'
outputs:
- output: pipelineArtifact
artifactName: extension
Expand All @@ -45,60 +41,51 @@ extends:
displayName: Use Node 20.x
inputs:
versionSpec: 20.x
# The image does not have jdk preinstalled, we need to download it first.
- task: PowerShell@2
displayName: Download JDK 17
inputs:
targetType: 'inline'
script: |-
New-Item -ItemType Directory -Path "$env:AGENT_TEMPDIRECTORY\downloadjdk"
Invoke-WebRequest -Uri "https://aka.ms/download-jdk/microsoft-jdk-17-windows-x64.zip" -OutFile "$env:AGENT_TEMPDIRECTORY\downloadjdk\microsoft-jdk-17-windows-x64.zip"
- task: JavaToolInstaller@0
displayName: Use Java 17
inputs:
versionSpec: "17"
jdkArchitectureOption: x64
jdkSourceOption: PreInstalled
jdkSourceOption: LocalDirectory
jdkFile: $(Agent.TempDirectory)/downloadjdk/microsoft-jdk-17-windows-x64.zip
jdkDestinationDirectory: $(Agent.ToolsDirectory)/ms-jdk17
- script: java --version
displayName: 'Check Java installation'
- task: Npm@1
displayName: npm install
inputs:
verbose: false
- task: Bash@3
- task: CmdLine@2
displayName: npx gulp build_server
inputs:
targetType: inline
script: |-
# Build the jars to the server folder.
npm run build-server
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: ESRP CodeSigning
- task: PowerShell@2
displayName: Sign Jars
inputs:
ConnectedServiceName: 'ESRP-Release-Test'
AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6'
AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
AuthAKVName: 'vscjavaci'
AuthCertName: 'vscjava-esrprelease-auth'
AuthSignCertName: 'VSCJava-CodeSign'
FolderPath: server
Pattern: com.microsoft.jdtls.ext.*.jar
signConfigType: inlineSignParams
inlineOperation: |-
[
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaSign",
"Parameters" : {
"SigAlg" : "SHA256withRSA",
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
targetType: 'inline'
script: |-
$files = Get-ChildItem -Path . -Recurse -Filter "com.microsoft.jdtls.ext.*.jar"
foreach ($file in $files) {
$fileName = $file.Name
& dotnet "$env:MBSIGN_APPFOLDER\DDSignFiles.dll" /file:"$fileName" /certs:100010171
}
workingDirectory: 'server'
- task: CmdLine@2
displayName: Replace AI Key
inputs:
script: npx [email protected] -I -f package.json -e "this.aiKey=\"%AI_KEY%\""
- task: Bash@3
- task: CmdLine@2
displayName: vsce package
inputs:
targetType: inline
Expand All @@ -124,34 +111,12 @@ extends:
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
- script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
displayName: 'Generate extension manifest'
- script: cp extension.manifest extension.signature.p7s
- script: copy extension.manifest extension.signature.p7s
displayName: 'Prepare manifest for signing'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
- task: CmdLine@2
displayName: Sign extension
inputs:
ConnectedServiceName: 'ESRP-Release-Test'
AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6'
AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
AuthAKVName: 'vscjavaci'
AuthCertName: 'vscjava-esrprelease-auth'
AuthSignCertName: 'VSCJava-CodeSign'
FolderPath: '.'
Pattern: 'extension.signature.p7s'
signConfigType: inlineSignParams
inlineOperation: |
[
{
"keyCode": "CP-401405",
"operationSetCode": "VSCodePublisherSign",
"parameters" : [],
"toolName": "sign",
"toolVersion": "1.0"
}
]
SessionTimeout: 90
MaxConcurrency: 25
MaxRetryAttempts: 5
PendingAnalysisWaitTimeoutMinutes: 5
displayName: 'Sign extension'
script: dotnet %MBSIGN_APPFOLDER%/ddsignfiles.dll /file:extension.signature.p7s /certs:4014052
- task: CopyFiles@2
displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)"
inputs:
Expand Down
1 change: 1 addition & 0 deletions .vscodeignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,4 @@ test-resources

# Ignore output of code sign
server/*.md
**/*.log
Loading