Skip to content

Commit 62713c8

Browse files
jdneojdneo
authored
build - Onboard MicroBuild (#867)
1 parent 573598b commit 62713c8

File tree

3 files changed

+81
-150
lines changed

3 files changed

+81
-150
lines changed

.azure-pipelines/nightly.yml

Lines changed: 41 additions & 76 deletions
Original file line numberDiff line numberDiff line change
@@ -12,31 +12,27 @@ resources:
1212
- repository: self
1313
type: git
1414
ref: refs/heads/main
15-
- repository: 1esPipelines
15+
- repository: MicroBuildTemplate
1616
type: git
17-
name: 1ESPipelineTemplates/1ESPipelineTemplates
18-
ref: refs/tags/release
17+
name: 1ESPipelineTemplates/MicroBuildTemplate
1918
trigger: none
2019
extends:
21-
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
20+
template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
2221
parameters:
2322
pool:
24-
name: 1ES_JavaTooling_Pool
25-
image: 1ES_JavaTooling_Windows_2022
26-
os: windows
27-
sdl:
28-
sourceAnalysisPool:
29-
name: 1ES_JavaTooling_Pool
30-
image: 1ES_JavaTooling_Windows_2022
31-
os: windows
32-
customBuildTags:
33-
- MigrationTooling-mseng-VSJava-13463-Tool
23+
name: MSEngSS-MicroBuild2022-1ES
3424
stages:
3525
- stage: Build
3626
jobs:
3727
- job: Job_1
3828
displayName: Agent job 1
3929
templateContext:
30+
mb:
31+
signing:
32+
enabled: true
33+
signType: real
34+
zipSources: false
35+
feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json'
4036
outputs:
4137
- output: pipelineArtifact
4238
artifactName: extension
@@ -50,66 +46,57 @@ extends:
5046
displayName: Use Node 20.x
5147
inputs:
5248
versionSpec: 20.x
49+
# The image does not have jdk preinstalled, we need to download it first.
50+
- task: PowerShell@2
51+
displayName: Download JDK 17
52+
inputs:
53+
targetType: 'inline'
54+
script: |-
55+
New-Item -ItemType Directory -Path "$env:AGENT_TEMPDIRECTORY\downloadjdk"
56+
Invoke-WebRequest -Uri "https://aka.ms/download-jdk/microsoft-jdk-17-windows-x64.zip" -OutFile "$env:AGENT_TEMPDIRECTORY\downloadjdk\microsoft-jdk-17-windows-x64.zip"
5357
- task: JavaToolInstaller@0
5458
displayName: Use Java 17
5559
inputs:
5660
versionSpec: "17"
5761
jdkArchitectureOption: x64
58-
jdkSourceOption: PreInstalled
62+
jdkSourceOption: LocalDirectory
63+
jdkFile: $(Agent.TempDirectory)/downloadjdk/microsoft-jdk-17-windows-x64.zip
64+
jdkDestinationDirectory: $(Agent.ToolsDirectory)/ms-jdk17
65+
- script: java --version
66+
displayName: 'Check Java installation'
5967
- task: Npm@1
6068
displayName: npm install
6169
inputs:
6270
verbose: false
63-
- task: Bash@3
71+
- task: CmdLine@2
6472
displayName: npx gulp build_server
6573
inputs:
6674
targetType: inline
6775
script: |-
6876
# Build the jars to the server folder.
6977
npm run build-server
70-
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
71-
displayName: ESRP CodeSigning
78+
- task: PowerShell@2
79+
displayName: Sign Jars
7280
inputs:
73-
ConnectedServiceName: 'ESRP-Release-Test'
74-
AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6'
75-
AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
76-
AuthAKVName: 'vscjavaci'
77-
AuthCertName: 'vscjava-esrprelease-auth'
78-
AuthSignCertName: 'VSCJava-CodeSign'
79-
FolderPath: server
80-
Pattern: com.microsoft.jdtls.ext.*.jar
81-
signConfigType: inlineSignParams
82-
inlineOperation: |-
83-
[
84-
{
85-
"KeyCode" : "CP-447347-Java",
86-
"OperationCode" : "JavaSign",
87-
"Parameters" : {
88-
"SigAlg" : "SHA256withRSA",
89-
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
90-
},
91-
"ToolName" : "sign",
92-
"ToolVersion" : "1.0"
93-
},
94-
{
95-
"KeyCode" : "CP-447347-Java",
96-
"OperationCode" : "JavaVerify",
97-
"Parameters" : {},
98-
"ToolName" : "sign",
99-
"ToolVersion" : "1.0"
100-
}
101-
]
81+
targetType: 'inline'
82+
script: |-
83+
$files = Get-ChildItem -Path . -Recurse -Filter "com.microsoft.jdtls.ext.*.jar"
84+
foreach ($file in $files) {
85+
$fileName = $file.Name
86+
& dotnet "$env:MBSIGN_APPFOLDER\DDSignFiles.dll" /file:"$fileName" /certs:100010171
87+
}
88+
workingDirectory: 'server'
10289
- task: CmdLine@2
10390
displayName: Replace AI Key
10491
inputs:
10592
script: npx [email protected] -I -f package.json -e "this.aiKey=\"%AI_KEY%\""
106-
- task: Bash@3
107-
displayName: Bash Script
93+
- task: PowerShell@2
94+
displayName: Update package.json
10895
inputs:
10996
targetType: inline
11097
script: |-
11198
node ./scripts/prepare-nightly-build.js
112-
mv ./package.insiders.json ./package.json
99+
Move-Item -Path "./package.insiders.json" -Destination "./package.json" -Force
113100
- script: npx @vscode/vsce@latest package --pre-release -o extension.vsix
114101
displayName: 'vsce package --pre-release'
115102
### Copy files for APIScan
@@ -133,34 +120,12 @@ extends:
133120
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
134121
- script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
135122
displayName: 'Generate extension manifest'
136-
- script: cp extension.manifest extension.signature.p7s
123+
- script: copy extension.manifest extension.signature.p7s
137124
displayName: 'Prepare manifest for signing'
138-
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
125+
- task: CmdLine@2
126+
displayName: Sign extension
139127
inputs:
140-
ConnectedServiceName: 'ESRP-Release-Test'
141-
AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6'
142-
AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
143-
AuthAKVName: 'vscjavaci'
144-
AuthCertName: 'vscjava-esrprelease-auth'
145-
AuthSignCertName: 'VSCJava-CodeSign'
146-
FolderPath: '.'
147-
Pattern: 'extension.signature.p7s'
148-
signConfigType: inlineSignParams
149-
inlineOperation: |
150-
[
151-
{
152-
"keyCode": "CP-401405",
153-
"operationSetCode": "VSCodePublisherSign",
154-
"parameters" : [],
155-
"toolName": "sign",
156-
"toolVersion": "1.0"
157-
}
158-
]
159-
SessionTimeout: 90
160-
MaxConcurrency: 25
161-
MaxRetryAttempts: 5
162-
PendingAnalysisWaitTimeoutMinutes: 5
163-
displayName: 'Sign extension'
128+
script: dotnet %MBSIGN_APPFOLDER%/ddsignfiles.dll /file:extension.signature.p7s /certs:4014052
164129
- task: CopyFiles@2
165130
displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)"
166131
inputs:

.azure-pipelines/rc.yml

Lines changed: 39 additions & 74 deletions
Original file line numberDiff line numberDiff line change
@@ -7,31 +7,27 @@ resources:
77
- repository: self
88
type: git
99
ref: refs/heads/main
10-
- repository: 1esPipelines
10+
- repository: MicroBuildTemplate
1111
type: git
12-
name: 1ESPipelineTemplates/1ESPipelineTemplates
13-
ref: refs/tags/release
12+
name: 1ESPipelineTemplates/MicroBuildTemplate
1413
trigger: none
1514
extends:
16-
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
15+
template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
1716
parameters:
1817
pool:
19-
name: 1ES_JavaTooling_Pool
20-
image: 1ES_JavaTooling_Windows_2022
21-
os: windows
22-
sdl:
23-
sourceAnalysisPool:
24-
name: 1ES_JavaTooling_Pool
25-
image: 1ES_JavaTooling_Windows_2022
26-
os: windows
27-
customBuildTags:
28-
- MigrationTooling-mseng-VSJava-9019-Tool
18+
name: MSEngSS-MicroBuild2022-1ES
2919
stages:
3020
- stage: Build
3121
jobs:
3222
- job: Job_1
3323
displayName: RC
3424
templateContext:
25+
mb:
26+
signing:
27+
enabled: true
28+
signType: real
29+
zipSources: false
30+
feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json'
3531
outputs:
3632
- output: pipelineArtifact
3733
artifactName: extension
@@ -45,60 +41,51 @@ extends:
4541
displayName: Use Node 20.x
4642
inputs:
4743
versionSpec: 20.x
44+
# The image does not have jdk preinstalled, we need to download it first.
45+
- task: PowerShell@2
46+
displayName: Download JDK 17
47+
inputs:
48+
targetType: 'inline'
49+
script: |-
50+
New-Item -ItemType Directory -Path "$env:AGENT_TEMPDIRECTORY\downloadjdk"
51+
Invoke-WebRequest -Uri "https://aka.ms/download-jdk/microsoft-jdk-17-windows-x64.zip" -OutFile "$env:AGENT_TEMPDIRECTORY\downloadjdk\microsoft-jdk-17-windows-x64.zip"
4852
- task: JavaToolInstaller@0
4953
displayName: Use Java 17
5054
inputs:
5155
versionSpec: "17"
5256
jdkArchitectureOption: x64
53-
jdkSourceOption: PreInstalled
57+
jdkSourceOption: LocalDirectory
58+
jdkFile: $(Agent.TempDirectory)/downloadjdk/microsoft-jdk-17-windows-x64.zip
59+
jdkDestinationDirectory: $(Agent.ToolsDirectory)/ms-jdk17
60+
- script: java --version
61+
displayName: 'Check Java installation'
5462
- task: Npm@1
5563
displayName: npm install
5664
inputs:
5765
verbose: false
58-
- task: Bash@3
66+
- task: CmdLine@2
5967
displayName: npx gulp build_server
6068
inputs:
6169
targetType: inline
6270
script: |-
6371
# Build the jars to the server folder.
6472
npm run build-server
65-
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
66-
displayName: ESRP CodeSigning
73+
- task: PowerShell@2
74+
displayName: Sign Jars
6775
inputs:
68-
ConnectedServiceName: 'ESRP-Release-Test'
69-
AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6'
70-
AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
71-
AuthAKVName: 'vscjavaci'
72-
AuthCertName: 'vscjava-esrprelease-auth'
73-
AuthSignCertName: 'VSCJava-CodeSign'
74-
FolderPath: server
75-
Pattern: com.microsoft.jdtls.ext.*.jar
76-
signConfigType: inlineSignParams
77-
inlineOperation: |-
78-
[
79-
{
80-
"KeyCode" : "CP-447347-Java",
81-
"OperationCode" : "JavaSign",
82-
"Parameters" : {
83-
"SigAlg" : "SHA256withRSA",
84-
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
85-
},
86-
"ToolName" : "sign",
87-
"ToolVersion" : "1.0"
88-
},
89-
{
90-
"KeyCode" : "CP-447347-Java",
91-
"OperationCode" : "JavaVerify",
92-
"Parameters" : {},
93-
"ToolName" : "sign",
94-
"ToolVersion" : "1.0"
95-
}
96-
]
76+
targetType: 'inline'
77+
script: |-
78+
$files = Get-ChildItem -Path . -Recurse -Filter "com.microsoft.jdtls.ext.*.jar"
79+
foreach ($file in $files) {
80+
$fileName = $file.Name
81+
& dotnet "$env:MBSIGN_APPFOLDER\DDSignFiles.dll" /file:"$fileName" /certs:100010171
82+
}
83+
workingDirectory: 'server'
9784
- task: CmdLine@2
9885
displayName: Replace AI Key
9986
inputs:
10087
script: npx [email protected] -I -f package.json -e "this.aiKey=\"%AI_KEY%\""
101-
- task: Bash@3
88+
- task: CmdLine@2
10289
displayName: vsce package
10390
inputs:
10491
targetType: inline
@@ -124,34 +111,12 @@ extends:
124111
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
125112
- script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
126113
displayName: 'Generate extension manifest'
127-
- script: cp extension.manifest extension.signature.p7s
114+
- script: copy extension.manifest extension.signature.p7s
128115
displayName: 'Prepare manifest for signing'
129-
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
116+
- task: CmdLine@2
117+
displayName: Sign extension
130118
inputs:
131-
ConnectedServiceName: 'ESRP-Release-Test'
132-
AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6'
133-
AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
134-
AuthAKVName: 'vscjavaci'
135-
AuthCertName: 'vscjava-esrprelease-auth'
136-
AuthSignCertName: 'VSCJava-CodeSign'
137-
FolderPath: '.'
138-
Pattern: 'extension.signature.p7s'
139-
signConfigType: inlineSignParams
140-
inlineOperation: |
141-
[
142-
{
143-
"keyCode": "CP-401405",
144-
"operationSetCode": "VSCodePublisherSign",
145-
"parameters" : [],
146-
"toolName": "sign",
147-
"toolVersion": "1.0"
148-
}
149-
]
150-
SessionTimeout: 90
151-
MaxConcurrency: 25
152-
MaxRetryAttempts: 5
153-
PendingAnalysisWaitTimeoutMinutes: 5
154-
displayName: 'Sign extension'
119+
script: dotnet %MBSIGN_APPFOLDER%/ddsignfiles.dll /file:extension.signature.p7s /certs:4014052
155120
- task: CopyFiles@2
156121
displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)"
157122
inputs:

.vscodeignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,3 +23,4 @@ test-resources
2323

2424
# Ignore output of code sign
2525
server/*.md
26+
**/*.log

0 commit comments

Comments
 (0)