mirror of
https://github.com/Microsoft/vscode
synced 2024-10-12 06:17:18 +00:00
e5515ac702
* extend 1es pipeline template * oops * fix template references * argh * hmm * hm * hm * use outputs for compilation artifact * this * use 1ES.PublishPipelineArtifact@1 instead of publish * more 1ES.PublishPipelineArtifact@1 adoption * provide windows pool for sdl sources * sdl * fix pools * fix macos * disable sbom for intermediate artifacts * use mariner linux * try inline tsa options * fix credscan * hm * sudo it * more suppressions * be explicit with SBOM build drop paths * fix indentation * fix file extensions * fix cli sbom build drop paths * fix more build * fix unzip cli * careful with _manifest in artifacts * do not close file * add logging * debug * use snapcraft container * remove size check * fix macos cli step * fix snap permissions * fix macos * better logs * fix snap * more cred scan suppressions * even more supressiong * alpine-arm64: try using x64 * Revert "alpine-arm64: try using x64" This reverts commitbf2003bf60
. * test docker * I wonder * logs * hm * fix indentation * hm * hm * fix snap finds * remove auth * use hostArchitecture * snap: limit find * hm * sudo * Add validateToolOutput: None to the build pipeline * bring back sdl-scan * try all tools: true * use release * Update Azure Pipelines YAML file for Linux product build and test * hm * hm * same for win32 * hm * hm * Revert "hm" This reverts commit1b9dcae85b
. * use branch * fix template file * fix template paths
165 lines
6.3 KiB
YAML
165 lines
6.3 KiB
YAML
steps:
|
|
- task: NodeTool@0
|
|
inputs:
|
|
versionSource: fromFile
|
|
versionFilePath: .nvmrc
|
|
nodejsMirror: https://github.com/joaomoreno/node-mirror/releases/download
|
|
|
|
- template: ../distro/download-distro.yml@self
|
|
|
|
- task: AzureKeyVault@1
|
|
displayName: "Azure Key Vault: Get Secrets"
|
|
inputs:
|
|
azureSubscription: "vscode-builds-subscription"
|
|
KeyVaultName: vscode-build-secrets
|
|
SecretsFilter: "github-distro-mixin-password"
|
|
|
|
- task: DownloadPipelineArtifact@2
|
|
inputs:
|
|
artifact: Compilation
|
|
path: $(Build.ArtifactStagingDirectory)
|
|
displayName: Download compilation output
|
|
|
|
- script: tar -xzf $(Build.ArtifactStagingDirectory)/compilation.tar.gz
|
|
displayName: Extract compilation output
|
|
|
|
- script: node build/setup-npm-registry.js $NPM_REGISTRY
|
|
condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'))
|
|
displayName: Setup NPM Registry
|
|
|
|
- script: mkdir -p .build && node build/azure-pipelines/common/computeNodeModulesCacheKey.js web > .build/yarnlockhash
|
|
displayName: Prepare node_modules cache key
|
|
|
|
- task: Cache@2
|
|
inputs:
|
|
key: '"node_modules" | .build/yarnlockhash'
|
|
path: .build/node_modules_cache
|
|
cacheHitVar: NODE_MODULES_RESTORED
|
|
displayName: Restore node_modules cache
|
|
|
|
- script: tar -xzf .build/node_modules_cache/cache.tgz
|
|
condition: and(succeeded(), eq(variables.NODE_MODULES_RESTORED, 'true'))
|
|
displayName: Extract node_modules cache
|
|
|
|
- script: |
|
|
set -e
|
|
npm config set registry "$NPM_REGISTRY" --location=project
|
|
# npm >v7 deprecated the `always-auth` config option, refs npm/cli@72a7eeb
|
|
# following is a workaround for yarn to send authorization header
|
|
# for GET requests to the registry.
|
|
echo "always-auth=true" >> .npmrc
|
|
yarn config set registry "$NPM_REGISTRY"
|
|
condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'), ne(variables['NPM_REGISTRY'], 'none'))
|
|
displayName: Setup NPM & Yarn
|
|
|
|
- task: npmAuthenticate@0
|
|
inputs:
|
|
workingFile: .npmrc
|
|
condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'), ne(variables['NPM_REGISTRY'], 'none'))
|
|
displayName: Setup NPM Authentication
|
|
|
|
- script: sudo apt-get update && sudo apt-get install -y libkrb5-dev
|
|
displayName: Install build dependencies
|
|
condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'))
|
|
|
|
- script: |
|
|
set -e
|
|
for i in {1..5}; do # try 5 times
|
|
yarn --frozen-lockfile --check-files && break
|
|
if [ $i -eq 3 ]; then
|
|
echo "Yarn failed too many times" >&2
|
|
exit 1
|
|
fi
|
|
echo "Yarn failed $i, trying again..."
|
|
done
|
|
env:
|
|
ELECTRON_SKIP_BINARY_DOWNLOAD: 1
|
|
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
|
|
GITHUB_TOKEN: "$(github-distro-mixin-password)"
|
|
displayName: Install dependencies
|
|
condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'))
|
|
|
|
- script: node build/azure-pipelines/distro/mixin-npm
|
|
condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'))
|
|
displayName: Mixin distro node modules
|
|
|
|
- script: |
|
|
set -e
|
|
node build/azure-pipelines/common/listNodeModules.js .build/node_modules_list.txt
|
|
mkdir -p .build/node_modules_cache
|
|
tar -czf .build/node_modules_cache/cache.tgz --files-from .build/node_modules_list.txt
|
|
condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'))
|
|
displayName: Create node_modules archive
|
|
|
|
- script: node build/azure-pipelines/distro/mixin-quality
|
|
displayName: Mixin distro quality
|
|
|
|
- template: ../common/install-builtin-extensions.yml@self
|
|
|
|
- script: |
|
|
set -e
|
|
yarn gulp vscode-web-min-ci
|
|
ARCHIVE_PATH=".build/web/vscode-web.tar.gz"
|
|
mkdir -p $(dirname $ARCHIVE_PATH)
|
|
tar --owner=0 --group=0 -czf $ARCHIVE_PATH -C .. vscode-web
|
|
echo "##vso[task.setvariable variable=WEB_PATH]$ARCHIVE_PATH"
|
|
env:
|
|
GITHUB_TOKEN: "$(github-distro-mixin-password)"
|
|
displayName: Build
|
|
|
|
- task: AzureCLI@2
|
|
displayName: Fetch secrets from Azure
|
|
inputs:
|
|
azureSubscription: "vscode-builds-subscription"
|
|
scriptType: pscore
|
|
scriptLocation: inlineScript
|
|
addSpnToEnvironment: true
|
|
inlineScript: |
|
|
Write-Host "##vso[task.setvariable variable=AZURE_TENANT_ID]$env:tenantId"
|
|
Write-Host "##vso[task.setvariable variable=AZURE_CLIENT_ID]$env:servicePrincipalId"
|
|
Write-Host "##vso[task.setvariable variable=AZURE_CLIENT_SECRET;issecret=true]$env:servicePrincipalKey"
|
|
|
|
- script: |
|
|
set -e
|
|
AZURE_STORAGE_ACCOUNT="vscodeweb" \
|
|
AZURE_TENANT_ID="$(AZURE_TENANT_ID)" \
|
|
AZURE_CLIENT_ID="$(AZURE_CLIENT_ID)" \
|
|
AZURE_CLIENT_SECRET="$(AZURE_CLIENT_SECRET)" \
|
|
node build/azure-pipelines/upload-cdn
|
|
displayName: Upload to CDN
|
|
|
|
# upload only the workbench.web.main.js source maps because
|
|
# we just compiled these bits in the previous step and the
|
|
# general task to upload source maps has already been run
|
|
- script: |
|
|
set -e
|
|
AZURE_STORAGE_ACCOUNT="ticino" \
|
|
AZURE_TENANT_ID="$(AZURE_TENANT_ID)" \
|
|
AZURE_CLIENT_ID="$(AZURE_CLIENT_ID)" \
|
|
AZURE_CLIENT_SECRET="$(AZURE_CLIENT_SECRET)" \
|
|
node build/azure-pipelines/upload-sourcemaps out-vscode-web-min out-vscode-web-min/vs/workbench/workbench.web.main.js.map
|
|
displayName: Upload sourcemaps (Web)
|
|
|
|
- script: |
|
|
set -e
|
|
AZURE_STORAGE_ACCOUNT="ticino" \
|
|
AZURE_TENANT_ID="$(AZURE_TENANT_ID)" \
|
|
AZURE_CLIENT_ID="$(AZURE_CLIENT_ID)" \
|
|
AZURE_CLIENT_SECRET="$(AZURE_CLIENT_SECRET)" \
|
|
node build/azure-pipelines/upload-nlsmetadata
|
|
displayName: Upload NLS Metadata
|
|
|
|
- script: echo "##vso[task.setvariable variable=ARTIFACT_PREFIX]attempt$(System.JobAttempt)_"
|
|
condition: and(succeededOrFailed(), notIn(variables['Agent.JobStatus'], 'Succeeded', 'SucceededWithIssues'))
|
|
displayName: Generate artifact prefix
|
|
|
|
- task: 1ES.PublishPipelineArtifact@1
|
|
inputs:
|
|
targetPath: $(WEB_PATH)
|
|
artifactName: $(ARTIFACT_PREFIX)vscode_web_linux_standalone_archive-unsigned
|
|
sbomBuildDropPath: $(Agent.BuildDirectory)/vscode-web
|
|
sbomPackageName: "VS Code Web"
|
|
sbomPackageVersion: $(Build.SourceVersion)
|
|
condition: and(succeededOrFailed(), ne(variables['WEB_PATH'], ''))
|
|
displayName: Publish web archive
|