Skip to content

Commit

Permalink
build - Onboard MicroBuild for code sign (#1741)
Browse files Browse the repository at this point in the history
  • Loading branch information
jdneo authored Nov 19, 2024
1 parent bc9d569 commit 7ba0eb9
Show file tree
Hide file tree
Showing 3 changed files with 86 additions and 146 deletions.
118 changes: 44 additions & 74 deletions .azure-pipelines/vscode-java-test-nightly.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,31 +12,28 @@ resources:
- repository: self
type: git
ref: refs/heads/main
- repository: 1esPipelines
- repository: MicroBuildTemplate
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
name: 1ESPipelineTemplates/MicroBuildTemplate
trigger: none
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
parameters:
pool:
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Windows_2022
name: MSEngSS-MicroBuild2022-1ES
os: windows
sdl:
sourceAnalysisPool:
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Windows_2022
os: windows
customBuildTags:
- MigrationTooling-mseng-VSJava-13462-Tool
stages:
- stage: Build
jobs:
- job: Job_1
displayName: VSCode-Test-Runner-Nightly
templateContext:
mb:
signing:
enabled: true
signType: real
zipSources: false
feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json'
outputs:
- output: pipelineArtifact
artifactName: extension
Expand All @@ -45,12 +42,28 @@ extends:
steps:
- checkout: self
fetchTags: true
- task: UseNode@1
displayName: Use Node 20.x
inputs:
version: '20.x'
# The image does not have jdk preinstalled, we need to download it first.
- task: PowerShell@2
displayName: Download JDK 17
inputs:
targetType: 'inline'
script: |-
New-Item -ItemType Directory -Path "$env:AGENT_TEMPDIRECTORY\downloadjdk"
Invoke-WebRequest -Uri "https://aka.ms/download-jdk/microsoft-jdk-17-windows-x64.zip" -OutFile "$env:AGENT_TEMPDIRECTORY\downloadjdk\microsoft-jdk-17-windows-x64.zip"
- task: JavaToolInstaller@0
displayName: Use Java 17
inputs:
versionSpec: "17"
jdkArchitectureOption: x64
jdkSourceOption: PreInstalled
jdkSourceOption: LocalDirectory
jdkFile: $(Agent.TempDirectory)/downloadjdk/microsoft-jdk-17-windows-x64.zip
jdkDestinationDirectory: $(Agent.ToolsDirectory)/ms-jdk17
- script: java --version
displayName: 'Check Java installation'
- task: Npm@1
displayName: npm install
inputs:
Expand All @@ -67,49 +80,28 @@ extends:
command: custom
verbose: false
customCommand: run build-plugin
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: ESRP CodeSigning
- task: PowerShell@2
displayName: Sign Jars
inputs:
ConnectedServiceName: $(EsrpConnectionServiceName)
AppRegistrationClientId: $(AppRegistrationClientId)
AppRegistrationTenantId: $(AppRegistrationTenantId)
AuthAKVName: $(AuthAKVName)
AuthCertName: $(AuthCertName)
AuthSignCertName: $(AuthSignCertName)
FolderPath: server
Pattern: com.microsoft.java.test.*.jar
signConfigType: inlineSignParams
inlineOperation: |-
[
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaSign",
"Parameters" : {
"SigAlg" : "SHA256withRSA",
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
targetType: 'inline'
script: |-
$files = Get-ChildItem -Path . -Recurse -Filter "com.microsoft.java.test.*.jar"
foreach ($file in $files) {
$fileName = $file.Name
& dotnet "$env:MBSIGN_APPFOLDER\DDSignFiles.dll" /file:"$fileName" /certs:100010171
}
workingDirectory: 'server'
- task: CmdLine@2
displayName: Replace AI Key
inputs:
script: npx json@9.0.6 -I -f package.json -e "this.aiKey=\"%AI_KEY%\""
- task: Bash@3
displayName: Bash Script
- task: PowerShell@2
displayName: Update package.json
inputs:
targetType: inline
script: |-
node ./scripts/prepare-nightly-build.js
mv ./package.insiders.json ./package.json
Move-Item -Path "./package.insiders.json" -Destination "./package.json" -Force
- task: CmdLine@2
displayName: vsce package --pre-release
inputs:
Expand All @@ -135,34 +127,12 @@ extends:
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
- script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
displayName: 'Generate extension manifest'
- script: cp extension.manifest extension.signature.p7s
- script: copy extension.manifest extension.signature.p7s
displayName: 'Prepare manifest for signing'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
- task: CmdLine@2
displayName: Sign extension
inputs:
ConnectedServiceName: $(EsrpConnectionServiceName)
AppRegistrationClientId: $(AppRegistrationClientId)
AppRegistrationTenantId: $(AppRegistrationTenantId)
AuthAKVName: $(AuthAKVName)
AuthCertName: $(AuthCertName)
AuthSignCertName: $(AuthSignCertName)
FolderPath: '.'
Pattern: 'extension.signature.p7s'
signConfigType: inlineSignParams
inlineOperation: |
[
{
"keyCode": "CP-401405",
"operationSetCode": "VSCodePublisherSign",
"parameters" : [],
"toolName": "sign",
"toolVersion": "1.0"
}
]
SessionTimeout: 90
MaxConcurrency: 25
MaxRetryAttempts: 5
PendingAnalysisWaitTimeoutMinutes: 5
displayName: 'Sign extension'
script: dotnet %MBSIGN_APPFOLDER%/ddsignfiles.dll /file:extension.signature.p7s /certs:4014052
- task: CopyFiles@2
displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)"
inputs:
Expand Down
112 changes: 41 additions & 71 deletions .azure-pipelines/vscode-java-test-rc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,31 +7,28 @@ resources:
- repository: self
type: git
ref: refs/heads/main
- repository: 1esPipelines
- repository: MicroBuildTemplate
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
name: 1ESPipelineTemplates/MicroBuildTemplate
trigger: none
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
parameters:
pool:
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Windows_2022
name: MSEngSS-MicroBuild2022-1ES
os: windows
sdl:
sourceAnalysisPool:
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Windows_2022
os: windows
customBuildTags:
- MigrationTooling-mseng-VSJava-8791-Tool
stages:
- stage: Build
jobs:
- job: Job_1
displayName: VSCode-Test-Runner-RC
templateContext:
mb:
signing:
enabled: true
signType: real
zipSources: false
feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json'
outputs:
- output: pipelineArtifact
artifactName: extension
Expand All @@ -40,12 +37,28 @@ extends:
steps:
- checkout: self
fetchTags: true
- task: UseNode@1
displayName: Use Node 20.x
inputs:
version: '20.x'
# The image does not have jdk preinstalled, we need to download it first.
- task: PowerShell@2
displayName: Download JDK 17
inputs:
targetType: 'inline'
script: |-
New-Item -ItemType Directory -Path "$env:AGENT_TEMPDIRECTORY\downloadjdk"
Invoke-WebRequest -Uri "https://aka.ms/download-jdk/microsoft-jdk-17-windows-x64.zip" -OutFile "$env:AGENT_TEMPDIRECTORY\downloadjdk\microsoft-jdk-17-windows-x64.zip"
- task: JavaToolInstaller@0
displayName: Use Java 17
inputs:
versionSpec: "17"
jdkArchitectureOption: x64
jdkSourceOption: PreInstalled
jdkSourceOption: LocalDirectory
jdkFile: $(Agent.TempDirectory)/downloadjdk/microsoft-jdk-17-windows-x64.zip
jdkDestinationDirectory: $(Agent.ToolsDirectory)/ms-jdk17
- script: java --version
displayName: 'Check Java installation'
- task: Npm@1
displayName: npm install
inputs:
Expand All @@ -62,38 +75,17 @@ extends:
command: custom
verbose: false
customCommand: run build-plugin
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
displayName: ESRP CodeSigning
- task: PowerShell@2
displayName: Sign Jars
inputs:
ConnectedServiceName: $(EsrpConnectionServiceName)
AppRegistrationClientId: $(AppRegistrationClientId)
AppRegistrationTenantId: $(AppRegistrationTenantId)
AuthAKVName: $(AuthAKVName)
AuthCertName: $(AuthCertName)
AuthSignCertName: $(AuthSignCertName)
FolderPath: server
Pattern: com.microsoft.java.test.*.jar
signConfigType: inlineSignParams
inlineOperation: |-
[
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaSign",
"Parameters" : {
"SigAlg" : "SHA256withRSA",
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
targetType: 'inline'
script: |-
$files = Get-ChildItem -Path . -Recurse -Filter "com.microsoft.java.test.*.jar"
foreach ($file in $files) {
$fileName = $file.Name
& dotnet "$env:MBSIGN_APPFOLDER\DDSignFiles.dll" /file:"$fileName" /certs:100010171
}
workingDirectory: 'server'
- task: CmdLine@2
displayName: Replace AI Key
inputs:
Expand Down Expand Up @@ -123,34 +115,12 @@ extends:
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
- script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
displayName: 'Generate extension manifest'
- script: cp extension.manifest extension.signature.p7s
- script: copy extension.manifest extension.signature.p7s
displayName: 'Prepare manifest for signing'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
- task: CmdLine@2
displayName: Sign extension
inputs:
ConnectedServiceName: $(EsrpConnectionServiceName)
AppRegistrationClientId: $(AppRegistrationClientId)
AppRegistrationTenantId: $(AppRegistrationTenantId)
AuthAKVName: $(AuthAKVName)
AuthCertName: $(AuthCertName)
AuthSignCertName: $(AuthSignCertName)
FolderPath: '.'
Pattern: 'extension.signature.p7s'
signConfigType: inlineSignParams
inlineOperation: |
[
{
"keyCode": "CP-401405",
"operationSetCode": "VSCodePublisherSign",
"parameters" : [],
"toolName": "sign",
"toolVersion": "1.0"
}
]
SessionTimeout: 90
MaxConcurrency: 25
MaxRetryAttempts: 5
PendingAnalysisWaitTimeoutMinutes: 5
displayName: 'Sign extension'
script: dotnet %MBSIGN_APPFOLDER%/ddsignfiles.dll /file:extension.signature.p7s /certs:4014052
- task: CopyFiles@2
displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)"
inputs:
Expand Down
2 changes: 1 addition & 1 deletion .vscodeignore
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ resources/templates/scss/**
dist/**/test
webpack.*.js
node_modules
*.log
**/*.log
demo
CONTRIBUTING.md
extension.bundle.ts
Expand Down

0 comments on commit 7ba0eb9

Please sign in to comment.