From 2666286a35a5e7bc5f0617c1e01931abebd2c019 Mon Sep 17 00:00:00 2001 From: Sheng Chen Date: Wed, 13 Nov 2024 16:23:32 +0800 Subject: [PATCH] Onboard microbuild --- .azure-pipelines/vscode-java-test-nightly.yml | 118 +++++++----------- 1 file changed, 44 insertions(+), 74 deletions(-) diff --git a/.azure-pipelines/vscode-java-test-nightly.yml b/.azure-pipelines/vscode-java-test-nightly.yml index 758161df..9a7be1ad 100644 --- a/.azure-pipelines/vscode-java-test-nightly.yml +++ b/.azure-pipelines/vscode-java-test-nightly.yml @@ -12,31 +12,28 @@ resources: - repository: self type: git ref: refs/heads/main - - repository: 1esPipelines + - repository: MicroBuildTemplate type: git - name: 1ESPipelineTemplates/1ESPipelineTemplates - ref: refs/tags/release + name: 1ESPipelineTemplates/MicroBuildTemplate trigger: none extends: - template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines + template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate parameters: pool: - name: 1ES_JavaTooling_Pool - image: 1ES_JavaTooling_Windows_2022 + name: MSEngSS-MicroBuild2022-1ES os: windows - sdl: - sourceAnalysisPool: - name: 1ES_JavaTooling_Pool - image: 1ES_JavaTooling_Windows_2022 - os: windows - customBuildTags: - - MigrationTooling-mseng-VSJava-13462-Tool stages: - stage: Build jobs: - job: Job_1 displayName: VSCode-Test-Runner-Nightly templateContext: + mb: + signing: + enabled: true + signType: real + zipSources: false + feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json' outputs: - output: pipelineArtifact artifactName: extension @@ -45,12 +42,28 @@ extends: steps: - checkout: self fetchTags: true + - task: UseNode@1 + displayName: Use Node 20.x + inputs: + version: '20.x' + # The image does not have jdk preinstalled, we need to download it first. + - task: PowerShell@2 + displayName: Download JDK 17 + inputs: + targetType: 'inline' + script: |- + New-Item -ItemType Directory -Path "$env:AGENT_TEMPDIRECTORY\downloadjdk" + Invoke-WebRequest -Uri "https://aka.ms/download-jdk/microsoft-jdk-17-windows-x64.zip" -OutFile "$env:AGENT_TEMPDIRECTORY\downloadjdk\microsoft-jdk-17-windows-x64.zip" - task: JavaToolInstaller@0 displayName: Use Java 17 inputs: versionSpec: "17" jdkArchitectureOption: x64 - jdkSourceOption: PreInstalled + jdkSourceOption: LocalDirectory + jdkFile: $(Agent.TempDirectory)/downloadjdk/microsoft-jdk-17-windows-x64.zip + jdkDestinationDirectory: $(Agent.ToolsDirectory)/ms-jdk17 + - script: java --version + displayName: 'Check Java installation' - task: Npm@1 displayName: npm install inputs: @@ -67,49 +80,28 @@ extends: command: custom verbose: false customCommand: run build-plugin - - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 - displayName: ESRP CodeSigning + - task: PowerShell@2 + displayName: Sign Jars inputs: - ConnectedServiceName: $(EsrpConnectionServiceName) - AppRegistrationClientId: $(AppRegistrationClientId) - AppRegistrationTenantId: $(AppRegistrationTenantId) - AuthAKVName: $(AuthAKVName) - AuthCertName: $(AuthCertName) - AuthSignCertName: $(AuthSignCertName) - FolderPath: server - Pattern: com.microsoft.java.test.*.jar - signConfigType: inlineSignParams - inlineOperation: |- - [ - { - "KeyCode" : "CP-447347-Java", - "OperationCode" : "JavaSign", - "Parameters" : { - "SigAlg" : "SHA256withRSA", - "Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp" - }, - "ToolName" : "sign", - "ToolVersion" : "1.0" - }, - { - "KeyCode" : "CP-447347-Java", - "OperationCode" : "JavaVerify", - "Parameters" : {}, - "ToolName" : "sign", - "ToolVersion" : "1.0" - } - ] + targetType: 'inline' + script: |- + $files = Get-ChildItem -Path . -Recurse -Filter "com.microsoft.java.test.*.jar" + foreach ($file in $files) { + $fileName = $file.Name + & dotnet "$env:MBSIGN_APPFOLDER\DDSignFiles.dll" /file:"$fileName" /certs:100010171 + } + workingDirectory: 'server' - task: CmdLine@2 displayName: Replace AI Key inputs: script: npx json@9.0.6 -I -f package.json -e "this.aiKey=\"%AI_KEY%\"" - - task: Bash@3 - displayName: Bash Script + - task: PowerShell@2 + displayName: Update package.json inputs: targetType: inline script: |- node ./scripts/prepare-nightly-build.js - mv ./package.insiders.json ./package.json + Move-Item -Path "./package.insiders.json" -Destination "./package.json" -Force - task: CmdLine@2 displayName: vsce package --pre-release inputs: @@ -135,34 +127,12 @@ extends: AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret) - script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest displayName: 'Generate extension manifest' - - script: cp extension.manifest extension.signature.p7s + - script: copy extension.manifest extension.signature.p7s displayName: 'Prepare manifest for signing' - - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 + - task: CmdLine@2 + displayName: Sign extension inputs: - ConnectedServiceName: $(EsrpConnectionServiceName) - AppRegistrationClientId: $(AppRegistrationClientId) - AppRegistrationTenantId: $(AppRegistrationTenantId) - AuthAKVName: $(AuthAKVName) - AuthCertName: $(AuthCertName) - AuthSignCertName: $(AuthSignCertName) - FolderPath: '.' - Pattern: 'extension.signature.p7s' - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "keyCode": "CP-401405", - "operationSetCode": "VSCodePublisherSign", - "parameters" : [], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - SessionTimeout: 90 - MaxConcurrency: 25 - MaxRetryAttempts: 5 - PendingAnalysisWaitTimeoutMinutes: 5 - displayName: 'Sign extension' + script: dotnet %MBSIGN_APPFOLDER%/ddsignfiles.dll /file:extension.signature.p7s /certs:4014052 - task: CopyFiles@2 displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)" inputs: