diff --git a/.azure/azure-pipelines-release.yml b/.azure/azure-pipelines-release.yml index 9a57039..19f5aad 100644 --- a/.azure/azure-pipelines-release.yml +++ b/.azure/azure-pipelines-release.yml @@ -4,48 +4,51 @@ name: vscode-makecode Release trigger: none pr: none -pool: - vmImage: 'ubuntu-latest' +parameters: +- name: nodeVersion + type: string + default: '20.x' +- name: isPreRelease + type: boolean + default: false + +resources: + repositories: + - repository: CustomPipelineTemplates + type: git + name: 1ESPipelineTemplates/MicroBuildTemplate variables: - group: 'makecode-marketplace-pat' -stages: - # Stage to build the VSIX and publish it -- stage: Build - displayName: Build the VSIX - jobs: - - job: Build - steps: - - template: templates/build.yml +extends: + template: azure-pipelines/MicroBuild.1ES.Official.yml@CustomPipelineTemplates + parameters: + pool: + name: AzurePipelines-EO + image: 1ESPT-Ubuntu22.04 + os: linux + sdl: + sourceAnalysisPool: + name: AzurePipelines-EO + image: 1ESPT-Windows2022 + stages: + # Stage to build the VSIX and publish it + - template: stages/build.yml parameters: - isPreRelease: false - - # Stage provides a manual approval step before the publish stage is run -- stage: Approval - displayName: Approve the release - jobs: - - deployment: ApproveRelease - displayName: "Approve Release" - environment: "makecode" # Defined in AzDO Pipeline environments - strategy: - runOnce: - deploy: - steps: - - checkout: none - - # Publish the VSIX to the extension marketplace -- stage: Publish - displayName: Publish the VSIX - dependsOn: - - Build - - Approval - jobs: - - job: Publish - variables: - - name: vsixName - value: $[ stageDependencies.Build.Build.outputs['SetExtensionName.VSIX'] ] - steps: - - template: templates/publish.yml + isPreRelease: ${{ parameters.isPreRelease }} + nodeVersion: ${{ parameters.nodeVersion }} + signType: 'real' + + # - template: stages/sign.yml + # parameters: + # signType: 'real' + # nodeVersion: ${{ parameters.nodeVersion }} + + # Stage provides a manual approval step before the publish stage is run + - template: stages/approval.yml + + # Publish the VSIX to the extension marketplace + - template: stages/publish.yml parameters: - isPreRelease: false + isPreRelease: ${{ parameters.isPreRelease }} diff --git a/.azure/stages/approval.yml b/.azure/stages/approval.yml new file mode 100644 index 0000000..fe07576 --- /dev/null +++ b/.azure/stages/approval.yml @@ -0,0 +1,15 @@ +stages: +- stage: Approval + displayName: Approve the release + dependsOn: Build + jobs: + - job: ApproveRelease + displayName: "Approve Release" + pool: server + timeoutInMinutes: 120 + steps: + - task: ManualValidation@0 + inputs: + notifyUsers: '' + instructions: 'Please approve the release before continuing' + onTimeout: 'reject' diff --git a/.azure/stages/build.yml b/.azure/stages/build.yml new file mode 100644 index 0000000..c56f486 --- /dev/null +++ b/.azure/stages/build.yml @@ -0,0 +1,52 @@ +parameters: + - name: isPreRelease + type: boolean + - name: nodeVersion + type: string + - name: signType + type: string + +stages: +- stage: Build + displayName: Build the VSIX & sign it + jobs: + - job: Build + steps: + - checkout: self + + - task: NodeTool@0 + displayName: 🔨 Install Node.js + inputs: + versionSpec: ${{ parameters.nodeVersion }} + + # Create a unique filename for the extension vsix to match the verison number + - bash: | + VSIX=$(node -p "require(\"./package.json\").publisher + \".\" + require(\"./package.json\").name + \".\" + require(\"./package.json\").version + \".vsix\"") + echo "##vso[task.setvariable variable=VSIX;isOutput=true]$VSIX" + name: SetExtensionName + displayName: Set VSIX file name + + # Yarn package script to build the vsix file + - bash: | + echo "Compiling Production Webpack" + yarn && yarn package-web + echo "Compiled Production Webpack" + displayName: Compile + + - ${{ if parameters.isPreRelease }}: + - script: npx @vscode/vsce@latest package -o $(Build.ArtifactStagingDirectory)/$(SetExtensionName.VSIX) --pre-release + displayName: Package pre-release extension VSIX + + - ${{ else }}: + - script: npx @vscode/vsce@latest package -o $(Build.ArtifactStagingDirectory)/$(SetExtensionName.VSIX) + displayName: Package extension VSIX + + - task: 1ES.PublishPipelineArtifact@1 + inputs: + path: $(Build.ArtifactStagingDirectory)/$(SetExtensionName.VSIX) + artifact: extension + sbomBuildDropPath: $(Build.ArtifactStagingDirectory) + + - template: ../steps/sign.yml + parameters: + signType: ${{ parameters.signType }} diff --git a/.azure/stages/publish.yml b/.azure/stages/publish.yml new file mode 100644 index 0000000..ce8f7c4 --- /dev/null +++ b/.azure/stages/publish.yml @@ -0,0 +1,43 @@ +parameters: + - name: isPreRelease + type: boolean + +stages: +- stage: Publish + displayName: Publish the VSIX + dependsOn: + - Build + - Approval + jobs: + - job: Publish + variables: + - name: vsixName + value: $[ stageDependencies.Build.Build.outputs['SetExtensionName.VSIX'] ] + steps: + - download: current + artifact: extension + displayName: 🚚 Download extension artifact + + - download: current + artifact: extension-manifest + displayName: 🚚 Download extension manifest artifact + + - download: current + artifact: extension-signature + displayName: 🚚 Download extension signature artifact + + + - ${{ if parameters.isPreRelease }}: + - bash: echo "Publishing PreRelease" + - script: npx @vscode/vsce@latest publish --packagePath $(Pipeline.Workspace)/extension/$(vsixName) --manifestPath $(Pipeline.Workspace)/extension-manifest/$(vsixName).manifest --signaturePath $(Pipeline.Workspace)/extension-signature/$(vsixName).signature.p7s --pre-release + displayName: Publish pre-release extension + env: + # Marketplace PAT needs to be uploaded as a pipeline variable + VSCE_PAT: $(marketplace-pat) + + - ${{ else }}: + - bash: echo "Publishing Release" + - script: npx @vscode/vsce@latest publish --packagePath $(Pipeline.Workspace)/extension/$(vsixName) --manifestPath $(Pipeline.Workspace)/extension-manifest/$(vsixName).manifest --signaturePath $(Pipeline.Workspace)/extension-signature/$(vsixName).signature.p7s + displayName: Publish extension + env: + VSCE_PAT: $(marketplace-pat) diff --git a/.azure/steps/sign.yml b/.azure/steps/sign.yml new file mode 100644 index 0000000..1225c0f --- /dev/null +++ b/.azure/steps/sign.yml @@ -0,0 +1,74 @@ +parameters: + - name: signType + type: string + +steps: +- task: UseDotNet@2 + displayName: "Install dotnet SDK" + inputs: + packageType: "sdk" + version: "6.0.x" + +# Need this to run signing plugins +- task: UseDotNet@2 + displayName: "Install dotnet 3.1.0 SDK" + inputs: + packageType: "sdk" + version: "3.1.x" + +- task: NuGetAuthenticate@0 +- task: MicroBuildSigningPlugin@4 + displayName: "Install Signing Plugin" + inputs: + signType: ${{ parameters.signType }} + azureSubscription: "MicroBuild Signing Task (DevDiv)" + feedSource: "https://devdiv.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json" + env: + TeamName: "$(TeamName)" + +- script: npx @vscode/vsce@latest generate-manifest -i $(SetExtensionName.VSIX) -o $(SetExtensionName.VSIX).manifest + displayName: 'Generate extension manifest' + workingDirectory: $(Build.ArtifactStagingDirectory) + +- script: cp $(SetExtensionName.VSIX).manifest $(SetExtensionName.VSIX).signature.p7s + displayName: 'Prepare manifest for signing' + workingDirectory: $(Build.ArtifactStagingDirectory) + +- script: | + cat <> signfilelist-extension.xml + + + + + + + + EOT + displayName: "Create the signfilelist" + +# Sign Files +- powershell: | + dotnet (get-item $(Build.ArtifactStagingDirectory)/MicroBuild/Plugins/MicroBuild.Plugins.Signing.*/build/DDSignFiles.dll).FullName -- /filelist:signfilelist-extension.xml + displayName: "Sign VSIX" + +# Clean up MicroBuild +- task: MicroBuildCleanup@1 + +- powershell: | + Remove-Item -Recurse -Force $(Build.ArtifactStagingDirectory)/MicroBuild + displayName: "Clean up MicroBuild folder" + +- task: 1ES.PublishPipelineArtifact@1 + inputs: + path: $(Build.ArtifactStagingDirectory)/$(SetExtensionName.VSIX).manifest + artifact: extension-manifest + sbomBuildDropPath: $(Build.ArtifactStagingDirectory) + +- task: 1ES.PublishPipelineArtifact@1 + inputs: + path: $(Build.ArtifactStagingDirectory)/$(SetExtensionName.VSIX).signature.p7s + artifact: extension-signature + sbomBuildDropPath: $(Build.ArtifactStagingDirectory) \ No newline at end of file diff --git a/.azure/templates/build.yml b/.azure/templates/build.yml deleted file mode 100644 index 35a096b..0000000 --- a/.azure/templates/build.yml +++ /dev/null @@ -1,38 +0,0 @@ -parameters: - - name: isPreRelease - type: boolean - -steps: -- checkout: self - -- task: NodeTool@0 - displayName: Install Node.js - inputs: - versionSpec: 16.x - -# Create a unique filename for the extension vsix to match the verison number -- bash: | - VSIX=$(node -p "require(\"./package.json\").publisher + \".\" + require(\"./package.json\").name + \".\" + require(\"./package.json\").version + \".vsix\"") - echo "##vso[task.setvariable variable=VSIX;isOutput=true]$VSIX" - name: SetExtensionName - displayName: Set VSIX file name - - -# Yarn package script to build the vsix file -- bash: | - echo "Compiling Production Webpack" - yarn && yarn package-web - echo "Compiled Production Webpack" - displayName: Compile - -- ${{ if parameters.isPreRelease }}: - - script: npx @vscode/vsce package -o $(Build.ArtifactStagingDirectory)/$(SetExtensionName.VSIX) --pre-release - displayName: Package pre-release extension VSIX - -- ${{ else }}: - - script: npx @vscode/vsce package -o $(Build.ArtifactStagingDirectory)/$(SetExtensionName.VSIX) - displayName: Package extension VSIX - -- publish: $(Build.ArtifactStagingDirectory)/$(SetExtensionName.VSIX) - artifact: $(SetExtensionName.VSIX) - displayName: Publish VSIX artifact diff --git a/.azure/templates/publish.yml b/.azure/templates/publish.yml deleted file mode 100644 index 5e52444..0000000 --- a/.azure/templates/publish.yml +++ /dev/null @@ -1,23 +0,0 @@ -parameters: - - name: isPreRelease - type: boolean - -steps: -# Download the VSIX we built earlier -- download: current - artifact: $(vsixName) - -- ${{ if parameters.isPreRelease }}: - - bash: echo "Publishing PreRelease" - - script: npx @vscode/vsce publish --packagePath $(Pipeline.Workspace)/$(vsixName)/$(vsixName) --pre-release - displayName: Publish pre-release extension - env: - # Marketplace PAT needs to be uploaded as a pipeline variable - VSCE_PAT: $(marketplace-pat) - -- ${{ else }}: - - bash: echo "Publishing Release" - - script: npx @vscode/vsce publish --packagePath $(Pipeline.Workspace)/$(vsixName)/$(vsixName) - displayName: Publish extension - env: - VSCE_PAT: $(marketplace-pat) diff --git a/package.json b/package.json index 8f7cc4d..043eb91 100644 --- a/package.json +++ b/package.json @@ -347,7 +347,7 @@ "@typescript-eslint/eslint-plugin": "^5.38.1", "@typescript-eslint/parser": "^5.38.1", "@vscode/l10n-dev": "^0.0.22", - "@vscode/test-web": "^0.0.30", + "@vscode/test-web": "^0.0.63", "assert": "^2.0.0", "eslint": "^8.24.0", "mocha": "^10.0.0",