Skip to content

Commit 7ba0eb9

Browse files
jdneojdneo
authored
build - Onboard MicroBuild for code sign (#1741)
1 parent bc9d569 commit 7ba0eb9

File tree

3 files changed

+86
-146
lines changed

3 files changed

+86
-146
lines changed

.azure-pipelines/vscode-java-test-nightly.yml

Lines changed: 44 additions & 74 deletions
Original file line numberDiff line numberDiff line change
@@ -12,31 +12,28 @@ resources:
1212
- repository: self
1313
type: git
1414
ref: refs/heads/main
15-
- repository: 1esPipelines
15+
- repository: MicroBuildTemplate
1616
type: git
17-
name: 1ESPipelineTemplates/1ESPipelineTemplates
18-
ref: refs/tags/release
17+
name: 1ESPipelineTemplates/MicroBuildTemplate
1918
trigger: none
2019
extends:
21-
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
20+
template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
2221
parameters:
2322
pool:
24-
name: 1ES_JavaTooling_Pool
25-
image: 1ES_JavaTooling_Windows_2022
23+
name: MSEngSS-MicroBuild2022-1ES
2624
os: windows
27-
sdl:
28-
sourceAnalysisPool:
29-
name: 1ES_JavaTooling_Pool
30-
image: 1ES_JavaTooling_Windows_2022
31-
os: windows
32-
customBuildTags:
33-
- MigrationTooling-mseng-VSJava-13462-Tool
3425
stages:
3526
- stage: Build
3627
jobs:
3728
- job: Job_1
3829
displayName: VSCode-Test-Runner-Nightly
3930
templateContext:
31+
mb:
32+
signing:
33+
enabled: true
34+
signType: real
35+
zipSources: false
36+
feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json'
4037
outputs:
4138
- output: pipelineArtifact
4239
artifactName: extension
@@ -45,12 +42,28 @@ extends:
4542
steps:
4643
- checkout: self
4744
fetchTags: true
45+
- task: UseNode@1
46+
displayName: Use Node 20.x
47+
inputs:
48+
version: '20.x'
49+
# The image does not have jdk preinstalled, we need to download it first.
50+
- task: PowerShell@2
51+
displayName: Download JDK 17
52+
inputs:
53+
targetType: 'inline'
54+
script: |-
55+
New-Item -ItemType Directory -Path "$env:AGENT_TEMPDIRECTORY\downloadjdk"
56+
Invoke-WebRequest -Uri "https://aka.ms/download-jdk/microsoft-jdk-17-windows-x64.zip" -OutFile "$env:AGENT_TEMPDIRECTORY\downloadjdk\microsoft-jdk-17-windows-x64.zip"
4857
- task: JavaToolInstaller@0
4958
displayName: Use Java 17
5059
inputs:
5160
versionSpec: "17"
5261
jdkArchitectureOption: x64
53-
jdkSourceOption: PreInstalled
62+
jdkSourceOption: LocalDirectory
63+
jdkFile: $(Agent.TempDirectory)/downloadjdk/microsoft-jdk-17-windows-x64.zip
64+
jdkDestinationDirectory: $(Agent.ToolsDirectory)/ms-jdk17
65+
- script: java --version
66+
displayName: 'Check Java installation'
5467
- task: Npm@1
5568
displayName: npm install
5669
inputs:
@@ -67,49 +80,28 @@ extends:
6780
command: custom
6881
verbose: false
6982
customCommand: run build-plugin
70-
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
71-
displayName: ESRP CodeSigning
83+
- task: PowerShell@2
84+
displayName: Sign Jars
7285
inputs:
73-
ConnectedServiceName: $(EsrpConnectionServiceName)
74-
AppRegistrationClientId: $(AppRegistrationClientId)
75-
AppRegistrationTenantId: $(AppRegistrationTenantId)
76-
AuthAKVName: $(AuthAKVName)
77-
AuthCertName: $(AuthCertName)
78-
AuthSignCertName: $(AuthSignCertName)
79-
FolderPath: server
80-
Pattern: com.microsoft.java.test.*.jar
81-
signConfigType: inlineSignParams
82-
inlineOperation: |-
83-
[
84-
{
85-
"KeyCode" : "CP-447347-Java",
86-
"OperationCode" : "JavaSign",
87-
"Parameters" : {
88-
"SigAlg" : "SHA256withRSA",
89-
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
90-
},
91-
"ToolName" : "sign",
92-
"ToolVersion" : "1.0"
93-
},
94-
{
95-
"KeyCode" : "CP-447347-Java",
96-
"OperationCode" : "JavaVerify",
97-
"Parameters" : {},
98-
"ToolName" : "sign",
99-
"ToolVersion" : "1.0"
100-
}
101-
]
86+
targetType: 'inline'
87+
script: |-
88+
$files = Get-ChildItem -Path . -Recurse -Filter "com.microsoft.java.test.*.jar"
89+
foreach ($file in $files) {
90+
$fileName = $file.Name
91+
& dotnet "$env:MBSIGN_APPFOLDER\DDSignFiles.dll" /file:"$fileName" /certs:100010171
92+
}
93+
workingDirectory: 'server'
10294
- task: CmdLine@2
10395
displayName: Replace AI Key
10496
inputs:
10597
script: npx json@9.0.6 -I -f package.json -e "this.aiKey=\"%AI_KEY%\""
106-
- task: Bash@3
107-
displayName: Bash Script
98+
- task: PowerShell@2
99+
displayName: Update package.json
108100
inputs:
109101
targetType: inline
110102
script: |-
111103
node ./scripts/prepare-nightly-build.js
112-
mv ./package.insiders.json ./package.json
104+
Move-Item -Path "./package.insiders.json" -Destination "./package.json" -Force
113105
- task: CmdLine@2
114106
displayName: vsce package --pre-release
115107
inputs:
@@ -135,34 +127,12 @@ extends:
135127
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
136128
- script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
137129
displayName: 'Generate extension manifest'
138-
- script: cp extension.manifest extension.signature.p7s
130+
- script: copy extension.manifest extension.signature.p7s
139131
displayName: 'Prepare manifest for signing'
140-
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
132+
- task: CmdLine@2
133+
displayName: Sign extension
141134
inputs:
142-
ConnectedServiceName: $(EsrpConnectionServiceName)
143-
AppRegistrationClientId: $(AppRegistrationClientId)
144-
AppRegistrationTenantId: $(AppRegistrationTenantId)
145-
AuthAKVName: $(AuthAKVName)
146-
AuthCertName: $(AuthCertName)
147-
AuthSignCertName: $(AuthSignCertName)
148-
FolderPath: '.'
149-
Pattern: 'extension.signature.p7s'
150-
signConfigType: inlineSignParams
151-
inlineOperation: |
152-
[
153-
{
154-
"keyCode": "CP-401405",
155-
"operationSetCode": "VSCodePublisherSign",
156-
"parameters" : [],
157-
"toolName": "sign",
158-
"toolVersion": "1.0"
159-
}
160-
]
161-
SessionTimeout: 90
162-
MaxConcurrency: 25
163-
MaxRetryAttempts: 5
164-
PendingAnalysisWaitTimeoutMinutes: 5
165-
displayName: 'Sign extension'
135+
script: dotnet %MBSIGN_APPFOLDER%/ddsignfiles.dll /file:extension.signature.p7s /certs:4014052
166136
- task: CopyFiles@2
167137
displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)"
168138
inputs:

.azure-pipelines/vscode-java-test-rc.yml

Lines changed: 41 additions & 71 deletions
Original file line numberDiff line numberDiff line change
@@ -7,31 +7,28 @@ resources:
77
- repository: self
88
type: git
99
ref: refs/heads/main
10-
- repository: 1esPipelines
10+
- repository: MicroBuildTemplate
1111
type: git
12-
name: 1ESPipelineTemplates/1ESPipelineTemplates
13-
ref: refs/tags/release
12+
name: 1ESPipelineTemplates/MicroBuildTemplate
1413
trigger: none
1514
extends:
16-
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
15+
template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
1716
parameters:
1817
pool:
19-
name: 1ES_JavaTooling_Pool
20-
image: 1ES_JavaTooling_Windows_2022
18+
name: MSEngSS-MicroBuild2022-1ES
2119
os: windows
22-
sdl:
23-
sourceAnalysisPool:
24-
name: 1ES_JavaTooling_Pool
25-
image: 1ES_JavaTooling_Windows_2022
26-
os: windows
27-
customBuildTags:
28-
- MigrationTooling-mseng-VSJava-8791-Tool
2920
stages:
3021
- stage: Build
3122
jobs:
3223
- job: Job_1
3324
displayName: VSCode-Test-Runner-RC
3425
templateContext:
26+
mb:
27+
signing:
28+
enabled: true
29+
signType: real
30+
zipSources: false
31+
feedSource: 'https://mseng.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json'
3532
outputs:
3633
- output: pipelineArtifact
3734
artifactName: extension
@@ -40,12 +37,28 @@ extends:
4037
steps:
4138
- checkout: self
4239
fetchTags: true
40+
- task: UseNode@1
41+
displayName: Use Node 20.x
42+
inputs:
43+
version: '20.x'
44+
# The image does not have jdk preinstalled, we need to download it first.
45+
- task: PowerShell@2
46+
displayName: Download JDK 17
47+
inputs:
48+
targetType: 'inline'
49+
script: |-
50+
New-Item -ItemType Directory -Path "$env:AGENT_TEMPDIRECTORY\downloadjdk"
51+
Invoke-WebRequest -Uri "https://aka.ms/download-jdk/microsoft-jdk-17-windows-x64.zip" -OutFile "$env:AGENT_TEMPDIRECTORY\downloadjdk\microsoft-jdk-17-windows-x64.zip"
4352
- task: JavaToolInstaller@0
4453
displayName: Use Java 17
4554
inputs:
4655
versionSpec: "17"
4756
jdkArchitectureOption: x64
48-
jdkSourceOption: PreInstalled
57+
jdkSourceOption: LocalDirectory
58+
jdkFile: $(Agent.TempDirectory)/downloadjdk/microsoft-jdk-17-windows-x64.zip
59+
jdkDestinationDirectory: $(Agent.ToolsDirectory)/ms-jdk17
60+
- script: java --version
61+
displayName: 'Check Java installation'
4962
- task: Npm@1
5063
displayName: npm install
5164
inputs:
@@ -62,38 +75,17 @@ extends:
6275
command: custom
6376
verbose: false
6477
customCommand: run build-plugin
65-
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
66-
displayName: ESRP CodeSigning
78+
- task: PowerShell@2
79+
displayName: Sign Jars
6780
inputs:
68-
ConnectedServiceName: $(EsrpConnectionServiceName)
69-
AppRegistrationClientId: $(AppRegistrationClientId)
70-
AppRegistrationTenantId: $(AppRegistrationTenantId)
71-
AuthAKVName: $(AuthAKVName)
72-
AuthCertName: $(AuthCertName)
73-
AuthSignCertName: $(AuthSignCertName)
74-
FolderPath: server
75-
Pattern: com.microsoft.java.test.*.jar
76-
signConfigType: inlineSignParams
77-
inlineOperation: |-
78-
[
79-
{
80-
"KeyCode" : "CP-447347-Java",
81-
"OperationCode" : "JavaSign",
82-
"Parameters" : {
83-
"SigAlg" : "SHA256withRSA",
84-
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
85-
},
86-
"ToolName" : "sign",
87-
"ToolVersion" : "1.0"
88-
},
89-
{
90-
"KeyCode" : "CP-447347-Java",
91-
"OperationCode" : "JavaVerify",
92-
"Parameters" : {},
93-
"ToolName" : "sign",
94-
"ToolVersion" : "1.0"
95-
}
96-
]
81+
targetType: 'inline'
82+
script: |-
83+
$files = Get-ChildItem -Path . -Recurse -Filter "com.microsoft.java.test.*.jar"
84+
foreach ($file in $files) {
85+
$fileName = $file.Name
86+
& dotnet "$env:MBSIGN_APPFOLDER\DDSignFiles.dll" /file:"$fileName" /certs:100010171
87+
}
88+
workingDirectory: 'server'
9789
- task: CmdLine@2
9890
displayName: Replace AI Key
9991
inputs:
@@ -123,34 +115,12 @@ extends:
123115
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
124116
- script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
125117
displayName: 'Generate extension manifest'
126-
- script: cp extension.manifest extension.signature.p7s
118+
- script: copy extension.manifest extension.signature.p7s
127119
displayName: 'Prepare manifest for signing'
128-
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
120+
- task: CmdLine@2
121+
displayName: Sign extension
129122
inputs:
130-
ConnectedServiceName: $(EsrpConnectionServiceName)
131-
AppRegistrationClientId: $(AppRegistrationClientId)
132-
AppRegistrationTenantId: $(AppRegistrationTenantId)
133-
AuthAKVName: $(AuthAKVName)
134-
AuthCertName: $(AuthCertName)
135-
AuthSignCertName: $(AuthSignCertName)
136-
FolderPath: '.'
137-
Pattern: 'extension.signature.p7s'
138-
signConfigType: inlineSignParams
139-
inlineOperation: |
140-
[
141-
{
142-
"keyCode": "CP-401405",
143-
"operationSetCode": "VSCodePublisherSign",
144-
"parameters" : [],
145-
"toolName": "sign",
146-
"toolVersion": "1.0"
147-
}
148-
]
149-
SessionTimeout: 90
150-
MaxConcurrency: 25
151-
MaxRetryAttempts: 5
152-
PendingAnalysisWaitTimeoutMinutes: 5
153-
displayName: 'Sign extension'
123+
script: dotnet %MBSIGN_APPFOLDER%/ddsignfiles.dll /file:extension.signature.p7s /certs:4014052
154124
- task: CopyFiles@2
155125
displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)"
156126
inputs:

.vscodeignore

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ resources/templates/scss/**
1414
dist/**/test
1515
webpack.*.js
1616
node_modules
17-
*.log
17+
**/*.log
1818
demo
1919
CONTRIBUTING.md
2020
extension.bundle.ts

0 commit comments

Comments
 (0)