mirror of
https://github.com/Microsoft/vscode
synced 2024-09-13 21:55:38 +00:00
e5515ac702
* extend 1es pipeline template * oops * fix template references * argh * hmm * hm * hm * use outputs for compilation artifact * this * use 1ES.PublishPipelineArtifact@1 instead of publish * more 1ES.PublishPipelineArtifact@1 adoption * provide windows pool for sdl sources * sdl * fix pools * fix macos * disable sbom for intermediate artifacts * use mariner linux * try inline tsa options * fix credscan * hm * sudo it * more suppressions * be explicit with SBOM build drop paths * fix indentation * fix file extensions * fix cli sbom build drop paths * fix more build * fix unzip cli * careful with _manifest in artifacts * do not close file * add logging * debug * use snapcraft container * remove size check * fix macos cli step * fix snap permissions * fix macos * better logs * fix snap * more cred scan suppressions * even more supressiong * alpine-arm64: try using x64 * Revert "alpine-arm64: try using x64" This reverts commitbf2003bf60
. * test docker * I wonder * logs * hm * fix indentation * hm * hm * fix snap finds * remove auth * use hostArchitecture * snap: limit find * hm * sudo * Add validateToolOutput: None to the build pipeline * bring back sdl-scan * try all tools: true * use release * Update Azure Pipelines YAML file for Linux product build and test * hm * hm * same for win32 * hm * hm * Revert "hm" This reverts commit1b9dcae85b
. * use branch * fix template file * fix template paths
57 lines
2.3 KiB
YAML
57 lines
2.3 KiB
YAML
parameters:
|
|
- name: VSCODE_CLI_ARTIFACTS
|
|
type: object
|
|
default: []
|
|
|
|
steps:
|
|
- task: AzureKeyVault@1
|
|
displayName: "Azure Key Vault: Get Secrets"
|
|
inputs:
|
|
azureSubscription: "vscode-builds-subscription"
|
|
KeyVaultName: vscode-build-secrets
|
|
SecretsFilter: "ESRP-PKI,esrp-aad-username,esrp-aad-password"
|
|
|
|
- task: UseDotNet@2
|
|
inputs:
|
|
version: 6.x
|
|
|
|
- task: EsrpClientTool@1
|
|
continueOnError: true
|
|
displayName: Download ESRPClient
|
|
|
|
- ${{ each target in parameters.VSCODE_CLI_ARTIFACTS }}:
|
|
- task: DownloadPipelineArtifact@2
|
|
displayName: Download ${{ target }}
|
|
inputs:
|
|
artifact: ${{ target }}
|
|
path: $(Build.ArtifactStagingDirectory)/pkg/${{ target }}
|
|
|
|
- task: ExtractFiles@1
|
|
displayName: Extract artifact
|
|
inputs:
|
|
archiveFilePatterns: $(Build.ArtifactStagingDirectory)/pkg/${{ target }}/*.zip
|
|
destinationFolder: $(Build.ArtifactStagingDirectory)/sign/${{ target }}
|
|
|
|
- script: node build/azure-pipelines/common/sign $(Agent.ToolsDirectory)/esrpclient/*/*/net6.0/esrpcli.dll sign-darwin $(ESRP-PKI) $(esrp-aad-username) $(esrp-aad-password) $(Build.ArtifactStagingDirectory)/pkg "*.zip"
|
|
displayName: Codesign
|
|
|
|
- script: node build/azure-pipelines/common/sign $(Agent.ToolsDirectory)/esrpclient/*/*/net6.0/esrpcli.dll notarize-darwin $(ESRP-PKI) $(esrp-aad-username) $(esrp-aad-password) $(Build.ArtifactStagingDirectory)/pkg "*.zip"
|
|
displayName: Notarize
|
|
|
|
- ${{ each target in parameters.VSCODE_CLI_ARTIFACTS }}:
|
|
- script: |
|
|
set -e
|
|
ASSET_ID=$(echo "${{ target }}" | sed "s/unsigned_//")
|
|
mv $(Build.ArtifactStagingDirectory)/pkg/${{ target }}/${{ target }}.zip $(Build.ArtifactStagingDirectory)/pkg/${{ target }}/$ASSET_ID.zip
|
|
echo "##vso[task.setvariable variable=ASSET_ID]$ASSET_ID"
|
|
displayName: Set asset id variable
|
|
|
|
- task: 1ES.PublishPipelineArtifact@1
|
|
inputs:
|
|
targetPath: $(Build.ArtifactStagingDirectory)/pkg/${{ target }}/$(ASSET_ID).zip
|
|
artifactName: $(ASSET_ID)
|
|
sbomBuildDropPath: $(Build.ArtifactStagingDirectory)/sign/${{ target }}
|
|
sbomPackageName: "VS Code macOS ${{ target }} CLI"
|
|
sbomPackageVersion: $(Build.SourceVersion)
|
|
displayName: Publish signed artifact with ID $(ASSET_ID)
|