From b720e67309273f1c167a82f9fd81c1765d851149 Mon Sep 17 00:00:00 2001 From: Sheng Chen Date: Fri, 28 Jun 2024 15:37:39 +0800 Subject: [PATCH] Add vsix sign steps --- .azure-pipelines/ci.yml | 4 ++-- .azure-pipelines/nightly.yml | 46 +++++++++++++++++++++++++++++------- .azure-pipelines/rc.yml | 41 ++++++++++++++++++++++++++++---- 3 files changed, 77 insertions(+), 14 deletions(-) diff --git a/.azure-pipelines/ci.yml b/.azure-pipelines/ci.yml index 492d6665..da46c1be 100644 --- a/.azure-pipelines/ci.yml +++ b/.azure-pipelines/ci.yml @@ -50,9 +50,9 @@ extends: jdkArchitectureOption: x64 jdkSourceOption: PreInstalled - task: NodeTool@0 - displayName: Use Node 16.x + displayName: Use Node 18.x inputs: - versionSpec: 16.x + versionSpec: 18.x - task: Npm@1 displayName: npm install inputs: diff --git a/.azure-pipelines/nightly.yml b/.azure-pipelines/nightly.yml index 472e9ec3..94fe2964 100644 --- a/.azure-pipelines/nightly.yml +++ b/.azure-pipelines/nightly.yml @@ -47,9 +47,9 @@ extends: clean: true fetchTags: true - task: NodeTool@0 - displayName: Use Node 16.x + displayName: Use Node 18.x inputs: - versionSpec: 16.x + versionSpec: 18.x - task: JavaToolInstaller@0 displayName: Use Java 17 inputs: @@ -110,11 +110,8 @@ extends: script: |- node ./scripts/prepare-nightly-build.js mv ./package.insiders.json ./package.json - - task: Bash@3 - displayName: vsce package --pre-release - inputs: - targetType: inline - script: npx @vscode/vsce@latest package --pre-release + - script: npx @vscode/vsce@latest package --pre-release -o extension.vsix + displayName: 'vsce package --pre-release' ### Copy files for APIScan - task: CopyFiles@2 displayName: "Copy Files for APIScan" @@ -134,8 +131,41 @@ extends: condition: and(succeeded(), ne(variables['DisableAPIScan'], 'true')) env: AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret) + - script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest + displayName: 'Generate extension manifest' + - script: cp extension.manifest extension.signature.p7s + displayName: 'Prepare manifest for signing' + - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 + inputs: + ConnectedServiceName: 'ESRP-Release-Test' + AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6' + AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' + AuthAKVName: 'vscjavaci' + AuthCertName: 'vscjava-esrprelease-auth' + AuthSignCertName: 'VSCJava-CodeSign' + FolderPath: '.' + Pattern: 'extension.signature.p7s' + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "keyCode": "CP-401405", + "operationSetCode": "VSCodePublisherSign", + "parameters" : [], + "toolName": "sign", + "toolVersion": "1.0" + } + ] + SessionTimeout: 90 + MaxConcurrency: 25 + MaxRetryAttempts: 5 + PendingAnalysisWaitTimeoutMinutes: 5 + displayName: 'Sign extension' - task: CopyFiles@2 displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)" inputs: - Contents: "*.vsix" + Contents: | + extension.vsix + extension.manifest + extension.signature.p7s TargetFolder: $(Build.ArtifactStagingDirectory) diff --git a/.azure-pipelines/rc.yml b/.azure-pipelines/rc.yml index cc8e8472..ee059eb5 100644 --- a/.azure-pipelines/rc.yml +++ b/.azure-pipelines/rc.yml @@ -42,9 +42,9 @@ extends: clean: true fetchTags: true - task: NodeTool@0 - displayName: Use Node 16.x + displayName: Use Node 18.x inputs: - versionSpec: 16.x + versionSpec: 18.x - task: JavaToolInstaller@0 displayName: Use Java 17 inputs: @@ -102,7 +102,7 @@ extends: displayName: vsce package inputs: targetType: inline - script: npx @vscode/vsce@latest package + script: npx @vscode/vsce@latest package -o extension.vsix ### Copy files for APIScan - task: CopyFiles@2 displayName: "Copy Files for APIScan" @@ -122,8 +122,41 @@ extends: condition: and(succeeded(), ne(variables['DisableAPIScan'], 'true')) env: AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret) + - script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest + displayName: 'Generate extension manifest' + - script: cp extension.manifest extension.signature.p7s + displayName: 'Prepare manifest for signing' + - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 + inputs: + ConnectedServiceName: 'ESRP-Release-Test' + AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6' + AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' + AuthAKVName: 'vscjavaci' + AuthCertName: 'vscjava-esrprelease-auth' + AuthSignCertName: 'VSCJava-CodeSign' + FolderPath: '.' + Pattern: 'extension.signature.p7s' + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "keyCode": "CP-401405", + "operationSetCode": "VSCodePublisherSign", + "parameters" : [], + "toolName": "sign", + "toolVersion": "1.0" + } + ] + SessionTimeout: 90 + MaxConcurrency: 25 + MaxRetryAttempts: 5 + PendingAnalysisWaitTimeoutMinutes: 5 + displayName: 'Sign extension' - task: CopyFiles@2 displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)" inputs: - Contents: "*.vsix" + Contents: | + extension.vsix + extension.manifest + extension.signature.p7s TargetFolder: $(Build.ArtifactStagingDirectory)