Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build - Onboard MicroBuild for code sign #1741

Merged
merged 3 commits into from
Nov 19, 2024
Merged

build - Onboard MicroBuild for code sign #1741

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2666286
Onboard microbuild
jdneo Nov 13, 2024
ff25c99
ignore .log
jdneo Nov 13, 2024
b9bfff5
Update RC pipeline
jdneo Nov 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
118 changes: 44 additions & 74 deletions .azure-pipelines/vscode-java-test-nightly.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,31 +12,28 @@ resources:
- repository: self
type: git
ref: refs/heads/main
- repository: 1esPipelines
- repository: MicroBuildTemplate
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
name: 1ESPipelineTemplates/MicroBuildTemplate
trigger: none
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
parameters:
pool:
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Windows_2022
name: MSEngSS-MicroBuild2022-1ES
os: windows
sdl:
sourceAnalysisPool:
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Windows_2022
os: windows
customBuildTags:
- MigrationTooling-mseng-VSJava-13462-Tool
stages:
- stage: Build
jobs:
- job: Job_1
displayName: VSCode-Test-Runner-Nightly
templateContext:
mb:
signing:
enabled: true
signType: real
zipSources: false
feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json'
outputs:
- output: pipelineArtifact
artifactName: extension
Expand All @@ -45,12 +42,28 @@ extends:
steps:
- checkout: self
fetchTags: true
- task: UseNode@1
displayName: Use Node 20.x
inputs:
version: '20.x'
# The image does not have jdk preinstalled, we need to download it first.
- task: PowerShell@2
displayName: Download JDK 17
inputs:
targetType: 'inline'
script: |-
New-Item -ItemType Directory -Path "$env:AGENT_TEMPDIRECTORY\downloadjdk"
Invoke-WebRequest -Uri "https://aka.ms/download-jdk/microsoft-jdk-17-windows-x64.zip" -OutFile "$env:AGENT_TEMPDIRECTORY\downloadjdk\microsoft-jdk-17-windows-x64.zip"
- task: JavaToolInstaller@0
displayName: Use Java 17
inputs:
versionSpec: "17"
jdkArchitectureOption: x64
jdkSourceOption: PreInstalled
jdkSourceOption: LocalDirectory
jdkFile: $(Agent.TempDirectory)/downloadjdk/microsoft-jdk-17-windows-x64.zip
jdkDestinationDirectory: $(Agent.ToolsDirectory)/ms-jdk17
- script: java --version
displayName: 'Check Java installation'
- task: Npm@1
displayName: npm install
inputs:
Expand All @@ -67,49 +80,28 @@ extends:
command: custom
verbose: false
customCommand: run build-plugin
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: ESRP CodeSigning
- task: PowerShell@2
displayName: Sign Jars
inputs:
ConnectedServiceName: $(EsrpConnectionServiceName)
AppRegistrationClientId: $(AppRegistrationClientId)
AppRegistrationTenantId: $(AppRegistrationTenantId)
AuthAKVName: $(AuthAKVName)
AuthCertName: $(AuthCertName)
AuthSignCertName: $(AuthSignCertName)
FolderPath: server
Pattern: com.microsoft.java.test.*.jar
signConfigType: inlineSignParams
inlineOperation: |-
[
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaSign",
"Parameters" : {
"SigAlg" : "SHA256withRSA",
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
targetType: 'inline'
script: |-
$files = Get-ChildItem -Path . -Recurse -Filter "com.microsoft.java.test.*.jar"
foreach ($file in $files) {
$fileName = $file.Name
& dotnet "$env:MBSIGN_APPFOLDER\DDSignFiles.dll" /file:"$fileName" /certs:100010171
}
workingDirectory: 'server'
- task: CmdLine@2
displayName: Replace AI Key
inputs:
script: npx [email protected] -I -f package.json -e "this.aiKey=\"%AI_KEY%\""
- task: Bash@3
displayName: Bash Script
- task: PowerShell@2
displayName: Update package.json
inputs:
targetType: inline
script: |-
node ./scripts/prepare-nightly-build.js
mv ./package.insiders.json ./package.json
Move-Item -Path "./package.insiders.json" -Destination "./package.json" -Force
- task: CmdLine@2
displayName: vsce package --pre-release
inputs:
Expand All @@ -135,34 +127,12 @@ extends:
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
- script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
displayName: 'Generate extension manifest'
- script: cp extension.manifest extension.signature.p7s
- script: copy extension.manifest extension.signature.p7s
displayName: 'Prepare manifest for signing'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
- task: CmdLine@2
displayName: Sign extension
inputs:
ConnectedServiceName: $(EsrpConnectionServiceName)
AppRegistrationClientId: $(AppRegistrationClientId)
AppRegistrationTenantId: $(AppRegistrationTenantId)
AuthAKVName: $(AuthAKVName)
AuthCertName: $(AuthCertName)
AuthSignCertName: $(AuthSignCertName)
FolderPath: '.'
Pattern: 'extension.signature.p7s'
signConfigType: inlineSignParams
inlineOperation: |
[
{
"keyCode": "CP-401405",
"operationSetCode": "VSCodePublisherSign",
"parameters" : [],
"toolName": "sign",
"toolVersion": "1.0"
}
]
SessionTimeout: 90
MaxConcurrency: 25
MaxRetryAttempts: 5
PendingAnalysisWaitTimeoutMinutes: 5
displayName: 'Sign extension'
script: dotnet %MBSIGN_APPFOLDER%/ddsignfiles.dll /file:extension.signature.p7s /certs:4014052
- task: CopyFiles@2
displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)"
inputs:
Expand Down
112 changes: 41 additions & 71 deletions .azure-pipelines/vscode-java-test-rc.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,31 +7,28 @@ resources:
- repository: self
type: git
ref: refs/heads/main
- repository: 1esPipelines
- repository: MicroBuildTemplate
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
name: 1ESPipelineTemplates/MicroBuildTemplate
trigger: none
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
parameters:
pool:
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Windows_2022
name: MSEngSS-MicroBuild2022-1ES
os: windows
sdl:
sourceAnalysisPool:
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Windows_2022
os: windows
customBuildTags:
- MigrationTooling-mseng-VSJava-8791-Tool
stages:
- stage: Build
jobs:
- job: Job_1
displayName: VSCode-Test-Runner-RC
templateContext:
mb:
signing:
enabled: true
signType: real
zipSources: false
feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json'
outputs:
- output: pipelineArtifact
artifactName: extension
Expand All @@ -40,12 +37,28 @@ extends:
steps:
- checkout: self
fetchTags: true
- task: UseNode@1
displayName: Use Node 20.x
inputs:
version: '20.x'
# The image does not have jdk preinstalled, we need to download it first.
- task: PowerShell@2
displayName: Download JDK 17
inputs:
targetType: 'inline'
script: |-
New-Item -ItemType Directory -Path "$env:AGENT_TEMPDIRECTORY\downloadjdk"
Invoke-WebRequest -Uri "https://aka.ms/download-jdk/microsoft-jdk-17-windows-x64.zip" -OutFile "$env:AGENT_TEMPDIRECTORY\downloadjdk\microsoft-jdk-17-windows-x64.zip"
- task: JavaToolInstaller@0
displayName: Use Java 17
inputs:
versionSpec: "17"
jdkArchitectureOption: x64
jdkSourceOption: PreInstalled
jdkSourceOption: LocalDirectory
jdkFile: $(Agent.TempDirectory)/downloadjdk/microsoft-jdk-17-windows-x64.zip
jdkDestinationDirectory: $(Agent.ToolsDirectory)/ms-jdk17
- script: java --version
displayName: 'Check Java installation'
- task: Npm@1
displayName: npm install
inputs:
Expand All @@ -62,38 +75,17 @@ extends:
command: custom
verbose: false
customCommand: run build-plugin
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: ESRP CodeSigning
- task: PowerShell@2
displayName: Sign Jars
inputs:
ConnectedServiceName: $(EsrpConnectionServiceName)
AppRegistrationClientId: $(AppRegistrationClientId)
AppRegistrationTenantId: $(AppRegistrationTenantId)
AuthAKVName: $(AuthAKVName)
AuthCertName: $(AuthCertName)
AuthSignCertName: $(AuthSignCertName)
FolderPath: server
Pattern: com.microsoft.java.test.*.jar
signConfigType: inlineSignParams
inlineOperation: |-
[
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaSign",
"Parameters" : {
"SigAlg" : "SHA256withRSA",
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
targetType: 'inline'
script: |-
$files = Get-ChildItem -Path . -Recurse -Filter "com.microsoft.java.test.*.jar"
foreach ($file in $files) {
$fileName = $file.Name
& dotnet "$env:MBSIGN_APPFOLDER\DDSignFiles.dll" /file:"$fileName" /certs:100010171
}
workingDirectory: 'server'
- task: CmdLine@2
displayName: Replace AI Key
inputs:
Expand Down Expand Up @@ -123,34 +115,12 @@ extends:
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
- script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
displayName: 'Generate extension manifest'
- script: cp extension.manifest extension.signature.p7s
- script: copy extension.manifest extension.signature.p7s
displayName: 'Prepare manifest for signing'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
- task: CmdLine@2
displayName: Sign extension
inputs:
ConnectedServiceName: $(EsrpConnectionServiceName)
AppRegistrationClientId: $(AppRegistrationClientId)
AppRegistrationTenantId: $(AppRegistrationTenantId)
AuthAKVName: $(AuthAKVName)
AuthCertName: $(AuthCertName)
AuthSignCertName: $(AuthSignCertName)
FolderPath: '.'
Pattern: 'extension.signature.p7s'
signConfigType: inlineSignParams
inlineOperation: |
[
{
"keyCode": "CP-401405",
"operationSetCode": "VSCodePublisherSign",
"parameters" : [],
"toolName": "sign",
"toolVersion": "1.0"
}
]
SessionTimeout: 90
MaxConcurrency: 25
MaxRetryAttempts: 5
PendingAnalysisWaitTimeoutMinutes: 5
displayName: 'Sign extension'
script: dotnet %MBSIGN_APPFOLDER%/ddsignfiles.dll /file:extension.signature.p7s /certs:4014052
- task: CopyFiles@2
displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)"
inputs:
Expand Down
2 changes: 1 addition & 1 deletion .vscodeignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ resources/templates/scss/**
dist/**/test
webpack.*.js
node_modules
*.log
**/*.log
demo
CONTRIBUTING.md
extension.bundle.ts
Expand Down
Loading