From 62713c888440347980efe1b5590e6bc749d14487 Mon Sep 17 00:00:00 2001 From: Sheng Chen Date: Wed, 4 Dec 2024 08:56:41 +0800 Subject: [PATCH] build - Onboard MicroBuild (#867) --- .azure-pipelines/nightly.yml | 117 ++++++++++++----------------------- .azure-pipelines/rc.yml | 113 ++++++++++++--------------------- .vscodeignore | 1 + 3 files changed, 81 insertions(+), 150 deletions(-) diff --git a/.azure-pipelines/nightly.yml b/.azure-pipelines/nightly.yml index 34b58b53..6078c137 100644 --- a/.azure-pipelines/nightly.yml +++ b/.azure-pipelines/nightly.yml @@ -12,31 +12,27 @@ resources: - repository: self type: git ref: refs/heads/main - - repository: 1esPipelines + - repository: MicroBuildTemplate type: git - name: 1ESPipelineTemplates/1ESPipelineTemplates - ref: refs/tags/release + name: 1ESPipelineTemplates/MicroBuildTemplate trigger: none extends: - template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines + template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate parameters: pool: - name: 1ES_JavaTooling_Pool - image: 1ES_JavaTooling_Windows_2022 - os: windows - sdl: - sourceAnalysisPool: - name: 1ES_JavaTooling_Pool - image: 1ES_JavaTooling_Windows_2022 - os: windows - customBuildTags: - - MigrationTooling-mseng-VSJava-13463-Tool + name: MSEngSS-MicroBuild2022-1ES stages: - stage: Build jobs: - job: Job_1 displayName: Agent job 1 templateContext: + mb: + signing: + enabled: true + signType: real + zipSources: false + feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json' outputs: - output: pipelineArtifact artifactName: extension @@ -50,66 +46,57 @@ extends: displayName: Use Node 20.x inputs: versionSpec: 20.x + # The image does not have jdk preinstalled, we need to download it first. + - task: PowerShell@2 + displayName: Download JDK 17 + inputs: + targetType: 'inline' + script: |- + New-Item -ItemType Directory -Path "$env:AGENT_TEMPDIRECTORY\downloadjdk" + Invoke-WebRequest -Uri "https://aka.ms/download-jdk/microsoft-jdk-17-windows-x64.zip" -OutFile "$env:AGENT_TEMPDIRECTORY\downloadjdk\microsoft-jdk-17-windows-x64.zip" - task: JavaToolInstaller@0 displayName: Use Java 17 inputs: versionSpec: "17" jdkArchitectureOption: x64 - jdkSourceOption: PreInstalled + jdkSourceOption: LocalDirectory + jdkFile: $(Agent.TempDirectory)/downloadjdk/microsoft-jdk-17-windows-x64.zip + jdkDestinationDirectory: $(Agent.ToolsDirectory)/ms-jdk17 + - script: java --version + displayName: 'Check Java installation' - task: Npm@1 displayName: npm install inputs: verbose: false - - task: Bash@3 + - task: CmdLine@2 displayName: npx gulp build_server inputs: targetType: inline script: |- # Build the jars to the server folder. npm run build-server - - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 - displayName: ESRP CodeSigning + - task: PowerShell@2 + displayName: Sign Jars inputs: - ConnectedServiceName: 'ESRP-Release-Test' - AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6' - AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' - AuthAKVName: 'vscjavaci' - AuthCertName: 'vscjava-esrprelease-auth' - AuthSignCertName: 'VSCJava-CodeSign' - FolderPath: server - Pattern: com.microsoft.jdtls.ext.*.jar - signConfigType: inlineSignParams - inlineOperation: |- - [ - { - "KeyCode" : "CP-447347-Java", - "OperationCode" : "JavaSign", - "Parameters" : { - "SigAlg" : "SHA256withRSA", - "Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp" - }, - "ToolName" : "sign", - "ToolVersion" : "1.0" - }, - { - "KeyCode" : "CP-447347-Java", - "OperationCode" : "JavaVerify", - "Parameters" : {}, - "ToolName" : "sign", - "ToolVersion" : "1.0" - } - ] + targetType: 'inline' + script: |- + $files = Get-ChildItem -Path . -Recurse -Filter "com.microsoft.jdtls.ext.*.jar" + foreach ($file in $files) { + $fileName = $file.Name + & dotnet "$env:MBSIGN_APPFOLDER\DDSignFiles.dll" /file:"$fileName" /certs:100010171 + } + workingDirectory: 'server' - task: CmdLine@2 displayName: Replace AI Key inputs: script: npx json@9.0.6 -I -f package.json -e "this.aiKey=\"%AI_KEY%\"" - - task: Bash@3 - displayName: Bash Script + - task: PowerShell@2 + displayName: Update package.json inputs: targetType: inline script: |- node ./scripts/prepare-nightly-build.js - mv ./package.insiders.json ./package.json + Move-Item -Path "./package.insiders.json" -Destination "./package.json" -Force - script: npx @vscode/vsce@latest package --pre-release -o extension.vsix displayName: 'vsce package --pre-release' ### Copy files for APIScan @@ -133,34 +120,12 @@ extends: AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret) - script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest displayName: 'Generate extension manifest' - - script: cp extension.manifest extension.signature.p7s + - script: copy extension.manifest extension.signature.p7s displayName: 'Prepare manifest for signing' - - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 + - task: CmdLine@2 + displayName: Sign extension inputs: - ConnectedServiceName: 'ESRP-Release-Test' - AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6' - AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' - AuthAKVName: 'vscjavaci' - AuthCertName: 'vscjava-esrprelease-auth' - AuthSignCertName: 'VSCJava-CodeSign' - FolderPath: '.' - Pattern: 'extension.signature.p7s' - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "keyCode": "CP-401405", - "operationSetCode": "VSCodePublisherSign", - "parameters" : [], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - SessionTimeout: 90 - MaxConcurrency: 25 - MaxRetryAttempts: 5 - PendingAnalysisWaitTimeoutMinutes: 5 - displayName: 'Sign extension' + script: dotnet %MBSIGN_APPFOLDER%/ddsignfiles.dll /file:extension.signature.p7s /certs:4014052 - task: CopyFiles@2 displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)" inputs: diff --git a/.azure-pipelines/rc.yml b/.azure-pipelines/rc.yml index 9808dfd2..0038ff36 100644 --- a/.azure-pipelines/rc.yml +++ b/.azure-pipelines/rc.yml @@ -7,31 +7,27 @@ resources: - repository: self type: git ref: refs/heads/main - - repository: 1esPipelines + - repository: MicroBuildTemplate type: git - name: 1ESPipelineTemplates/1ESPipelineTemplates - ref: refs/tags/release + name: 1ESPipelineTemplates/MicroBuildTemplate trigger: none extends: - template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines + template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate parameters: pool: - name: 1ES_JavaTooling_Pool - image: 1ES_JavaTooling_Windows_2022 - os: windows - sdl: - sourceAnalysisPool: - name: 1ES_JavaTooling_Pool - image: 1ES_JavaTooling_Windows_2022 - os: windows - customBuildTags: - - MigrationTooling-mseng-VSJava-9019-Tool + name: MSEngSS-MicroBuild2022-1ES stages: - stage: Build jobs: - job: Job_1 displayName: RC templateContext: + mb: + signing: + enabled: true + signType: real + zipSources: false + feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json' outputs: - output: pipelineArtifact artifactName: extension @@ -45,60 +41,51 @@ extends: displayName: Use Node 20.x inputs: versionSpec: 20.x + # The image does not have jdk preinstalled, we need to download it first. + - task: PowerShell@2 + displayName: Download JDK 17 + inputs: + targetType: 'inline' + script: |- + New-Item -ItemType Directory -Path "$env:AGENT_TEMPDIRECTORY\downloadjdk" + Invoke-WebRequest -Uri "https://aka.ms/download-jdk/microsoft-jdk-17-windows-x64.zip" -OutFile "$env:AGENT_TEMPDIRECTORY\downloadjdk\microsoft-jdk-17-windows-x64.zip" - task: JavaToolInstaller@0 displayName: Use Java 17 inputs: versionSpec: "17" jdkArchitectureOption: x64 - jdkSourceOption: PreInstalled + jdkSourceOption: LocalDirectory + jdkFile: $(Agent.TempDirectory)/downloadjdk/microsoft-jdk-17-windows-x64.zip + jdkDestinationDirectory: $(Agent.ToolsDirectory)/ms-jdk17 + - script: java --version + displayName: 'Check Java installation' - task: Npm@1 displayName: npm install inputs: verbose: false - - task: Bash@3 + - task: CmdLine@2 displayName: npx gulp build_server inputs: targetType: inline script: |- # Build the jars to the server folder. npm run build-server - - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 - displayName: ESRP CodeSigning + - task: PowerShell@2 + displayName: Sign Jars inputs: - ConnectedServiceName: 'ESRP-Release-Test' - AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6' - AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' - AuthAKVName: 'vscjavaci' - AuthCertName: 'vscjava-esrprelease-auth' - AuthSignCertName: 'VSCJava-CodeSign' - FolderPath: server - Pattern: com.microsoft.jdtls.ext.*.jar - signConfigType: inlineSignParams - inlineOperation: |- - [ - { - "KeyCode" : "CP-447347-Java", - "OperationCode" : "JavaSign", - "Parameters" : { - "SigAlg" : "SHA256withRSA", - "Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp" - }, - "ToolName" : "sign", - "ToolVersion" : "1.0" - }, - { - "KeyCode" : "CP-447347-Java", - "OperationCode" : "JavaVerify", - "Parameters" : {}, - "ToolName" : "sign", - "ToolVersion" : "1.0" - } - ] + targetType: 'inline' + script: |- + $files = Get-ChildItem -Path . -Recurse -Filter "com.microsoft.jdtls.ext.*.jar" + foreach ($file in $files) { + $fileName = $file.Name + & dotnet "$env:MBSIGN_APPFOLDER\DDSignFiles.dll" /file:"$fileName" /certs:100010171 + } + workingDirectory: 'server' - task: CmdLine@2 displayName: Replace AI Key inputs: script: npx json@9.0.6 -I -f package.json -e "this.aiKey=\"%AI_KEY%\"" - - task: Bash@3 + - task: CmdLine@2 displayName: vsce package inputs: targetType: inline @@ -124,34 +111,12 @@ extends: AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret) - script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest displayName: 'Generate extension manifest' - - script: cp extension.manifest extension.signature.p7s + - script: copy extension.manifest extension.signature.p7s displayName: 'Prepare manifest for signing' - - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 + - task: CmdLine@2 + displayName: Sign extension inputs: - ConnectedServiceName: 'ESRP-Release-Test' - AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6' - AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' - AuthAKVName: 'vscjavaci' - AuthCertName: 'vscjava-esrprelease-auth' - AuthSignCertName: 'VSCJava-CodeSign' - FolderPath: '.' - Pattern: 'extension.signature.p7s' - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "keyCode": "CP-401405", - "operationSetCode": "VSCodePublisherSign", - "parameters" : [], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - SessionTimeout: 90 - MaxConcurrency: 25 - MaxRetryAttempts: 5 - PendingAnalysisWaitTimeoutMinutes: 5 - displayName: 'Sign extension' + script: dotnet %MBSIGN_APPFOLDER%/ddsignfiles.dll /file:extension.signature.p7s /certs:4014052 - task: CopyFiles@2 displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)" inputs: diff --git a/.vscodeignore b/.vscodeignore index 8a6df51d..f496bbbe 100644 --- a/.vscodeignore +++ b/.vscodeignore @@ -23,3 +23,4 @@ test-resources # Ignore output of code sign server/*.md +**/*.log