From 28e823a2cde4f205f6d97eba6d45e5eaf2d60cb3 Mon Sep 17 00:00:00 2001 From: Aditya Mankal Date: Mon, 14 Oct 2024 10:12:16 +0530 Subject: [PATCH] Squashed Commits --- .azure-pipelines/common-steps.yml | 42 ++++++++++++++- .../github-release/github-release.js | 51 +++++++++++++++++-- .azure-pipelines/release-pipeline.yml | 13 +++-- CHANGELOG.md | 6 +++ package-lock.json | 4 +- package.json | 2 +- 6 files changed, 106 insertions(+), 12 deletions(-) diff --git a/.azure-pipelines/common-steps.yml b/.azure-pipelines/common-steps.yml index a708a058..c43ad19d 100644 --- a/.azure-pipelines/common-steps.yml +++ b/.azure-pipelines/common-steps.yml @@ -36,9 +36,47 @@ steps: # Acquire the `vsce` tool and use it to package - script: | npm install -g @vscode/vsce - vsce package + displayName: Install VSCE + +- script: | + vsce package -o $(Build.ArtifactStagingDirectory)/extension.vsix displayName: Create VSIX +- script: | + vsce generate-manifest -i $(Build.ArtifactStagingDirectory)/extension.vsix -o $(Build.ArtifactStagingDirectory)/extension.manifest + displayName: Create VSIX Manifest + +- script: | + cp $(Build.ArtifactStagingDirectory)/extension.manifest $(Build.ArtifactStagingDirectory)/extension.signature.p7s + displayName: Prepare Manifest Signature + +- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 + inputs: + ConnectedServiceName: PipelinesAgentAndTasksESRP + AppRegistrationClientId: $(AppRegistrationClientId) + AppRegistrationTenantId: $(AppRegistrationTenantId) + AuthAKVName: $(AuthAKVName) + AuthCertName: $(AuthCertName) + AuthSignCertName: $(AuthSignCertName) + FolderPath: '$(Build.ArtifactStagingDirectory)' + Pattern: 'extension.signature.p7s' + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "keyCode": "CP-401405", + "operationSetCode": "VSCodePublisherSign", + "parameters" : [], + "toolName": "sign", + "toolVersion": "1.0" + } + ] + SessionTimeout: 90 + MaxConcurrency: 25 + MaxRetryAttempts: 5 + PendingAnalysisWaitTimeoutMinutes: 5 + displayName: Sign Extension + - script: | npm run vscode:prepublish cat /home/vsts/.npm/_logs/*.log @@ -63,4 +101,6 @@ steps: version.txt branch.txt minichangelog.txt + extension.signature.p7s + extension.manifest targetFolder: $(Build.ArtifactStagingDirectory) diff --git a/.azure-pipelines/github-release/github-release.js b/.azure-pipelines/github-release/github-release.js index 23734506..2fc9b768 100644 --- a/.azure-pipelines/github-release/github-release.js +++ b/.azure-pipelines/github-release/github-release.js @@ -11,6 +11,9 @@ const DEBUG_LOGGING = process.env.SYSTEM_DEBUG && process.env.SYSTEM_DEBUG == 't let vsixName = process.argv[2] || null; let version = process.argv[3] || null; let token = process.argv[4] || null +let signature = process.argv[5] || null +let manifest = process.argv[6] || null + if (token === null) { console.log(`Usage: @@ -59,12 +62,12 @@ async function createRelease() { console.log(createReleaseResult); } + // Upload the VSIX const vsixSize = fs.statSync(vsixName).size; - console.log('Uploading VSIX...'); - let uploadResult; + let vsixUploadResult; try { - uploadResult = await octokit.repos.uploadAsset({ + vsixUploadResult = await octokit.repos.uploadAsset({ url: createReleaseResult.data.upload_url, headers: { 'content-length': vsixSize, @@ -78,8 +81,48 @@ async function createRelease() { } console.log('Uploaded VSIX.'); + // Upload the Manifest + const manifestSize = fs.statSync(manifest).size; + console.log('Uploading Manifest...'); + let manifestUploadResult; + try { + manifestUploadResult = await octokit.repos.uploadAsset({ + url: createReleaseResult.data.upload_url, + headers: { + 'content-length': manifestSize, + 'content-type': application/xml, + }, + name: manifest, + file: fs.createReadStream(manifest) + }); + } catch (e) { + throw e; + } + console.log('Uploaded Manifest.'); + + // Upload the Signature + const signatureSize = fs.statSync(signature).size; + console.log('Uploading Signature...'); + let signatureUploadResult; + try { + signatureUploadResult = await octokit.repos.uploadAsset({ + url: createReleaseResult.data.upload_url, + headers: { + 'content-length': signatureSize, + 'content-type': application/pkcs7-signature, + }, + name: signature, + file: fs.createReadStream(signature) + }); + } catch (e) { + throw e; + } + console.log('Uploaded Signature.'); + if (DEBUG_LOGGING) { - console.log(uploadResult); + console.log("VISX Upload Result:" + vsixUploadResult); + console.log("Manifest Upload Result:" + manifestUploadResult); + console.log("Signature Upload Result:" + signatureUploadResult); } } diff --git a/.azure-pipelines/release-pipeline.yml b/.azure-pipelines/release-pipeline.yml index ea3604d1..8c5e5c04 100644 --- a/.azure-pipelines/release-pipeline.yml +++ b/.azure-pipelines/release-pipeline.yml @@ -4,17 +4,17 @@ # Only trigger manually -# This Yaml Document has been converted by ESAI Yaml Pipeline Conversion Tool. -# This pipeline will be extended to the OneESPT template - trigger: none + pr: none + resources: repositories: - repository: 1ESPipelineTemplates type: git name: 1ESPipelineTemplates/1ESPipelineTemplates ref: refs/tags/release + extends: template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates parameters: @@ -36,6 +36,7 @@ extends: os: linux customBuildTags: - ES365AIMigrationTooling + stages: - stage: stage jobs: @@ -46,6 +47,7 @@ extends: displayName: 'Publish VSIX' artifactName: azure-pipelines-vscode targetPath: $(Build.ArtifactStagingDirectory) + steps: # release version should be correctly set in package.json - bash: | @@ -72,11 +74,14 @@ extends: npm install displayName: Prepare to create GitHub Release workingDirectory: '$(Build.SourcesDirectory)/.azure-pipelines/github-release' + - bash: | SCRIPT=.azure-pipelines/github-release/github-release.js VSIX=*.vsix VERSION=$(node -p "require('./package.json').version") - node $SCRIPT $VSIX $VERSION $GITHUB_TOKEN + VSIX_SIGNATURE=extension.signature.p7s + VSIX_MANIFEST=extension.manifest + node $SCRIPT $VSIX $VERSION $GITHUB_TOKEN $VSIX_SIGNATURE $VSIX_MANIFEST displayName: Create GitHub Release env: GITHUB_TOKEN: $(GitHubSecret) diff --git a/CHANGELOG.md b/CHANGELOG.md index a8485290..7c130a2b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -207,3 +207,9 @@ All of the material changes in this version were courtesy of @50Wliu. Thanks! - Initial release - Syntax highlighting for Azure Pipelines files - Intellisense for Azure Pipelines files + +## 1.247.1-beta-0.6 +### Added +- Added ESRP Esrp CodeSigning step +- Updated build generation to sign the VSIX +- Updated upload steps to upload VSIX, signature & manifest \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index 6e56308b..8ec48758 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "azure-pipelines", - "version": "1.237.0", + "version": "1.247.1-beta-0.6", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "azure-pipelines", - "version": "1.237.0", + "version": "1.247.1-beta-0.6", "license": "MIT", "dependencies": { "@vscode/extension-telemetry": "^0.5.1", diff --git a/package.json b/package.json index d524164a..8f870108 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "azure-pipelines", "displayName": "Azure Pipelines", "description": "Syntax highlighting, IntelliSense, and more for Azure Pipelines YAML", - "version": "1.237.0", + "version": "1.247.1-beta-0.6", "publisher": "ms-azure-devops", "aiKey": "AIF-d9b70cd4-b9f9-4d70-929b-a071c400b217", "repository": {