Skip to content

Commit ada98d1

Browse files
bschnurrbschnurr
authored
convert to azure pipeline (#385)
* convet to azure pipelines * update signing
1 parent 53db79e commit ada98d1

37 files changed

+608
-1
lines changed

.npmrc

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
# Force public npm registry to avoid CI auth (E401) when no token is provided
2+
registry=https://registry.npmjs.org/
3+
# Do not require auth for public installs
4+
always-auth=false

build/azure-devdiv-pipeline.pre-release.yml

Lines changed: 126 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,126 @@
1+
# Run on a schedule
2+
trigger: none
3+
pr: none
4+
5+
schedules:
6+
- cron: '0 10 * * 1-5' # 10AM UTC (2AM PDT) MON-FRI (VS Code Pre-release builds at 9PM PDT)
7+
displayName: Nightly Pre-Release Schedule
8+
always: false # only run if there are source code changes
9+
branches:
10+
include:
11+
- main
12+
13+
resources:
14+
repositories:
15+
- repository: MicroBuildTemplate
16+
type: git
17+
name: 1ESPipelineTemplates/MicroBuildTemplate
18+
ref: refs/tags/release
19+
variables:
20+
- name: TeamName
21+
value: VSCode-mypy
22+
- name: VsixName
23+
value: mypy.vsix
24+
- name: AZURE_ARTIFACTS_FEED
25+
value: 'https://devdiv.pkgs.visualstudio.com/DevDiv/_packaging/Pylance_PublicPackages/npm/registry/'
26+
parameters:
27+
- name: publishExtension
28+
displayName: 🚀 Publish Extension
29+
type: boolean
30+
default: false
31+
32+
extends:
33+
template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
34+
parameters:
35+
sdl:
36+
sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES
37+
codeSignValidation:
38+
enabled: true
39+
sbom:
40+
enabled: false # Disable global SBOM generation; we'll enable selectively per artifact output
41+
pool:
42+
name: AzurePipelines-EO
43+
os: windows
44+
45+
customBuildTags:
46+
- ES365AIMigrationTooling
47+
stages:
48+
- stage: Build
49+
displayName: Build & Package Extension
50+
jobs:
51+
- job: Build
52+
displayName: Build Job
53+
pool:
54+
name: VSEngSS-MicroBuild2022-1ES # use windows for codesigning to make things easier https://dev.azure.com/devdiv/DevDiv/_wiki/wikis/DevDiv.wiki/650/MicroBuild-Signing
55+
os: windows
56+
templateContext:
57+
mb:
58+
signing:
59+
enabled: true
60+
signType: real
61+
signWithProd: true
62+
outputs:
63+
- output: pipelineArtifact
64+
displayName: 'Publish Drop Artifact'
65+
targetPath: '$(Build.StagingDirectory)\drop'
66+
artifactName: drop
67+
sbomEnabled: true
68+
steps:
69+
- task: npmAuthenticate@0
70+
inputs:
71+
workingFile: .npmrc
72+
73+
- script: npm config get registry
74+
displayName: Verify NPM Registry
75+
76+
- task: NodeTool@0
77+
inputs:
78+
versionSpec: '22.17.0'
79+
checkLatest: true
80+
displayName: Select Node 22 LTS
81+
82+
- task: UsePythonVersion@0
83+
inputs:
84+
versionSpec: '3.9' # note Install Python dependencies step below relies on Python 3.9
85+
addToPath: true
86+
architecture: 'x64'
87+
displayName: Select Python version
88+
89+
- script: npm ci
90+
displayName: Install NPM dependencies
91+
92+
- script: python -m pip install -U pip
93+
displayName: Upgrade pip
94+
95+
- script: python -m pip install wheel
96+
displayName: Install wheel
97+
98+
- script: python -m pip install nox
99+
displayName: Install nox
100+
101+
- script: python -m nox --session install_bundled_libs
102+
displayName: Install Python dependencies
103+
104+
- script: python ./build/update_ext_version.py --for-publishing
105+
displayName: Update build number
106+
107+
- script: npm run vsce-package-pre
108+
displayName: Build VSIX
109+
110+
- template: build/templates/sign.yml@self
111+
parameters:
112+
vsixName: $(VsixName)
113+
workingDirectory: $(Build.StagingDirectory)\drop
114+
signType: real
115+
verifySignature: true
116+
teamName: $(TeamName)
117+
118+
- ${{ if eq(parameters.publishExtension, true) }}:
119+
- template: build/templates/publish.yml@self
120+
parameters:
121+
azureSubscription: PylancePublishPipelineSecureConnectionWithManagedIdentity
122+
vsixName: $(VsixName)
123+
manifestName: extension.manifest
124+
signatureName: extension.signature.p7s
125+
publishFolder: drop
126+
preRelease: true

build/azure-devdiv-pipeline.stable.yml

Lines changed: 111 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,111 @@
1+
name: Publish Release
2+
trigger:
3+
branches:
4+
include:
5+
- refs/tags/*
6+
7+
resources:
8+
repositories:
9+
- repository: MicroBuildTemplate
10+
type: git
11+
name: 1ESPipelineTemplates/MicroBuildTemplate
12+
ref: refs/tags/release
13+
variables:
14+
- name: TeamName
15+
value: VSCode-mypy
16+
- name: VsixName
17+
value: mypy.vsix
18+
19+
parameters:
20+
- name: publishExtension
21+
displayName: 🚀 Publish Extension
22+
type: boolean
23+
default: false
24+
25+
extends:
26+
template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
27+
parameters:
28+
sdl:
29+
sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES
30+
codeSignValidation:
31+
enabled: true
32+
sbom:
33+
enabled: false # Disable global SBOM generation; we'll enable selectively per artifact output
34+
pool:
35+
name: AzurePipelines-EO
36+
os: windows
37+
38+
customBuildTags:
39+
- ES365AIMigrationTooling
40+
stages:
41+
- stage: Build
42+
displayName: Build & Package Extension
43+
jobs:
44+
- job: Build
45+
displayName: Build Job
46+
pool:
47+
name: VSEngSS-MicroBuild2022-1ES # use windows for codesigning to make things easier https://dev.azure.com/devdiv/DevDiv/_wiki/wikis/DevDiv.wiki/650/MicroBuild-Signing
48+
os: windows
49+
templateContext:
50+
mb:
51+
signing:
52+
enabled: true
53+
signType: real
54+
signWithProd: true
55+
outputs:
56+
- output: pipelineArtifact
57+
displayName: 'Publish Drop Artifact'
58+
targetPath: '$(Build.StagingDirectory)\drop'
59+
artifactName: drop
60+
sbomEnabled: true
61+
steps:
62+
- task: NodeTool@0
63+
inputs:
64+
versionSpec: '22.17.0'
65+
checkLatest: true
66+
displayName: Select Node 22 LTS
67+
- task: UsePythonVersion@0
68+
inputs:
69+
versionSpec: '3.9' # note Install Python dependencies step below relies on Python 3.9
70+
addToPath: true
71+
architecture: 'x64'
72+
displayName: Select Python version
73+
74+
- script: npm ci
75+
displayName: Install NPM dependencies
76+
77+
- script: python -m pip install -U pip
78+
displayName: Upgrade pip
79+
80+
- script: python -m pip install wheel
81+
displayName: Install wheel
82+
83+
- script: python -m pip install nox
84+
displayName: Install nox
85+
86+
- script: python -m nox --session install_bundled_libs
87+
displayName: Install Python dependencies
88+
89+
- script: python ./build/update_ext_version.py --release --for-publishing
90+
displayName: Update build number
91+
92+
- script: npm run vsce-package
93+
displayName: Build VSIX
94+
95+
- template: build/templates/sign.yml@self
96+
parameters:
97+
vsixName: $(VsixName)
98+
workingDirectory: $(Build.StagingDirectory)\drop
99+
signType: real
100+
verifySignature: true
101+
teamName: $(TeamName)
102+
103+
- ${{ if eq(parameters.publishExtension, true) }}:
104+
- template: build/templates/publish.yml@self
105+
parameters:
106+
azureSubscription: PylancePublishPipelineSecureConnectionWithManagedIdentity
107+
vsixName: $(VsixName)
108+
manifestName: extension.manifest
109+
signatureName: extension.signature.p7s
110+
publishFolder: drop
111+
preRelease: false

build/sign.proj

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
<?xml version="1.0" encoding="utf-8"?>
2+
<Project InitialTargets="SetSigningProperties" DefaultTargets="SignFiles" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3+
<!-- Adjusted package path to parent directory since NuGet restore places packages at repository root -->
4+
<Import Project="..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.props" Condition="Exists('..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.props')" />
5+
6+
7+
<Target Name="SetSigningProperties">
8+
<PropertyGroup>
9+
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
10+
<!-- Emit signing outputs into BaseOutputDirectory; allow override from MSBuild /p:BaseOutputDirectory=... -->
11+
<BaseOutputDirectory Condition="'$(BaseOutputDirectory)' == ''">.\</BaseOutputDirectory>
12+
<!-- These properties are required by MicroBuild, which only signs files that are under these paths -->
13+
<IntermediateOutputPath Condition="'$(IntermediateOutputPath)' == ''">$(BaseOutputDirectory)/intermediate</IntermediateOutputPath>
14+
<OutDir Condition="'$(OutDir)' == ''">$(BaseOutputDirectory)</OutDir>
15+
</PropertyGroup>
16+
</Target>
17+
18+
<!-- Reintroduced CopySignatureFile & CopyBackSignatureFile so signing flow is self-contained -->
19+
20+
<Target Name="CopySignatureFile" BeforeTargets="GetFilesToSign">
21+
<!-- Use manifest from OutDir (working directory passed via /p:OutDir) and ensure proper path joining with explicit backslash -->
22+
<Error Condition="!Exists('$(OutDir)\\extension.manifest')" Text="Manifest not found at $(OutDir)\\extension.manifest. Ensure manifest generation precedes signing." />
23+
<Copy SourceFiles="$(OutDir)\\extension.manifest" DestinationFiles="$(OutDir)\\extension.signature.p7s" SkipUnchangedFiles="true" />
24+
</Target>
25+
26+
<Target Name="CopyBackSignatureFile" AfterTargets="SignFiles">
27+
<Copy Condition="Exists('$(OutDir)extension.signature.p7s')" SourceFiles="$(OutDir)extension.signature.p7s" DestinationFiles="$(ProjectDir)extension.signature.p7s" />
28+
</Target>
29+
30+
31+
<!-- SignFiles now fails fast if MicroBuild signing targets are missing -->
32+
<Target Name="SignFiles">
33+
<Error Condition="!Exists('..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets')" Text="MicroBuild signing targets missing. Run NuGet restore before invoking MSBuild (packages.config)." />
34+
<Message Condition="Exists('..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets')" Text="MicroBuild signing targets detected; delegating signing to imported targets." Importance="high" />
35+
</Target>
36+
37+
38+
<Target Name="GetFilesToSign" BeforeTargets="SignFiles">
39+
<ItemGroup>
40+
<FilesToSign Include="$(OutDir)\\extension.signature.p7s">
41+
<Authenticode>VSCodePublisher</Authenticode>
42+
</FilesToSign>
43+
</ItemGroup>
44+
</Target>
45+
46+
<Target Name="Build" BeforeTargets="CopySignatureFile">
47+
<MakeDir Directories="$(OutDir)"/>
48+
</Target>
49+
50+
<Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="Build">
51+
<PropertyGroup>
52+
<ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
53+
</PropertyGroup>
54+
<Error Condition="!Exists('..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.props'))" />
55+
<Error Condition="!Exists('..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets'))" />
56+
</Target>
57+
58+
<Import Project="..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets" Condition="Exists('..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets')" />
59+
</Project>

0 commit comments

Comments
 (0)