Leverage Managed Identity Publish (#1942)

* add publish task

* move template out of steps and into jobs

* get rid of pool

* dont pass 1es pool

* add depends on chain

* use vsce latest

* run package on publi

* add approval step:

* vsixs are stored in the root, so don't check in the extension folder

* Switch to MI instead of a PAT

* Fix ps1 issue

* Only deploy on internal

* Use pool vs vmimage

* Try to fix pool condition

* Use a different pool

* Condition the name of the build based on OS

Why is windows the bomb emoji and not the windows emoji?
And why did I do this:

The windows build goes last because its in alphabetical order based on the behavior of how devops works. This is bad because it should go first and makes the other steps take longer as they depend on only the windows task. The bomb emoji is one of the first emojis thats not an emoticon before the penguin emoji so I picked that one..

* It's pretty silly you cant define a variable in a template but here we are

* Maybe it has to be in plaintext

* The deployment step is not necessary

* wait for wait job

* Set the emoji

* Move windows to the top

* Set 'use 1es pool' to true

* Switch to a different ordering so windows runs first, then linux

* try to fix bug where version is not passed and publish args is wrong

* Try to pass var into another job since we cant have a template in the jobs

* Revert "Try to pass var into another job since we cant have a template in the jobs"

This reverts commit 7bdf2dfec9.

* Try to condition the yamls omewhere else

* is yaml failing

* Revert "is yaml failing"

This reverts commit b014dd042f.

* Revert "Try to condition the yamls omewhere else"

This reverts commit 7ccb36f01c.

* Revert "try to fix bug where version is not passed and publish args is wrong"

This reverts commit 592349be71.

* Get version again

We cant return a value from a template
We cant make a template callable with jobs in another job
We cant pass a variable from one job to another if its a job in a job
We cant do so many things in yaml

* yaml indentation

* Don't skip checking out the repo, we kinda need that to get the version

1es-azure-pipeline.yml

@@ -38,15 +38,18 @@ parameters:
 - name: pools
   type: object
   default:
+  - name: NetCore1ESPool-Internal
+    image: 1es-windows-2022
+    os: windows
+    emoji: ⚪
   - name: NetCore1ESPool-Internal
     image: 1es-ubuntu-2204
     os: linux
+    emoji: 🟣
   - name: Azure Pipelines
     image: macOS-latest
     os: macOS
-  - name: NetCore1ESPool-Internal
-    image: 1es-windows-2022
-    os: windows
+    emoji: ⚫
 - name: SignType
   displayName: Sign type
   type: string
@@ -78,6 +81,7 @@ extends:
               name: ${{ image.name }}
               image: ${{ image.image }}
               os: ${{ image.os }}
+              emoji: ${{ image.emoji }}
             useOneEngineeringPool: true
       - template: pipeline-templates/upstream-verify.yaml@self
         parameters:

1pr-azure-pipeline.yml

@@ -27,15 +27,18 @@ parameters:
 - name: pools
   type: object
   default:
+  - name: NetCore-Public
+    vmImage: windows-latest
+    os: windows
+    emoji: ⚪
   - name: NetCore-Public
     vmImage: ubuntu-latest
     os: linux
+    emoji: 🟣
   - name: NetCore-Public
     vmImage: macOS-latest
     os: macOS
-  - name: NetCore-Public
-    vmImage: windows-latest
-    os: windows
+    emoji: ⚫
 
 stages:
 - stage: o # o is just used so it looks like a bullet point in the output of devops
@@ -46,6 +49,7 @@ stages:
         pool:
           vmImage: ${{ image.vmImage }}
           os: ${{ image.os }}
+          emoji: ${{ image.emoji }}
         useOneEngineeringPool: false
   - template: pipeline-templates/upstream-verify.yaml
     parameters:
@@ -64,4 +68,5 @@ stages:
       pool:
         vmImage: windows-latest
         os: windows
-      useOneEngineeringPool: false
+      useOneEngineeringPool: false
+      SignType: Test

pipeline-templates/build-test.yaml

@@ -8,7 +8,8 @@ jobs:
         ${{ parameters.pool }}
     ${{ else }}:
         vmImage: ${{ parameters.pool.vmImage }}
-  displayName: '🔨 ${{ parameters.pool.os }} Build and Test'
+
+  displayName: '${{ parameters.pool.emoji }} ${{ parameters.pool.os }} Build and Test'
   templateContext:
     outputs:
     - output: pipelineArtifact

pipeline-templates/package-vsix.yaml

@@ -42,7 +42,7 @@ jobs:
     name: GetVersion
     displayName: '❓ Get Version'
     workingDirectory: $(dir-name)
-  - ${{ if eq('${{ parameters.useOneEngineeringPool }}', 'true') }}:
+  - ${{ if eq(parameters.useOneEngineeringPool, 'true') }}:
     - template: prepare-signing.yaml
       parameters:
         SignType: ${{ parameters.SignType }}
@@ -61,7 +61,6 @@ jobs:
       SignType: ${{ parameters.SignType }}
   - task: CmdLine@2
     displayName: 🤌 Rename Signed VSIX
-
     inputs:
       script: rename ".\packages\$(package-name)-$(GetVersion.version).vsix" $(package-name)-$(GetVersion.version)-signed.vsix
   - task: CopyFiles@2
@@ -77,4 +76,11 @@ jobs:
       SourceFolder: '$(Build.SourcesDirectory)'
       Contents: '**\*.binlog'
       TargetFolder: '$(Build.ArtifactStagingDirectory)'
-      flattenFolders: false
+      flattenFolders: false
+- ${{ if eq(parameters.useOneEngineeringPool, 'true') }}:
+  - template: publish.yaml
+    parameters:
+      pool: ${{ parameters.pool }}
+      SignType: ${{ parameters.SignType }}
+      version: $(GetVersion.version)
+      useOneEngineeringPool: true

pipeline-templates/publish.yaml

@@ -0,0 +1,60 @@
+parameters:
+  pool: ''
+  SignType: ''
+  useOneEngineeringPool: ''
+
+jobs:
+  - job: waitForValidation
+    displayName: ☁️ Wait for release approval
+    pool: server
+    timeoutInMinutes: 4320 # job times out in 3 days
+    steps:
+    - task: ManualValidation@0
+      timeoutInMinutes: 4320
+      inputs:
+        instructions: 'Please validate that the release build has been tested, and resume to publish a new version'
+        onTimeout: 'reject'
+  - job: Publish
+    pool:
+      ${{ if eq(parameters.useOneEngineeringPool, 'true') }}:
+        ${{ parameters.pool }}
+      ${{ else }}:
+        vmImage: ${{ parameters.pool.vmImage }}
+    displayName: '🌐 Publish to Marketplace'
+    dependsOn:
+    - waitForValidation
+    - ${{ parameters.pool.os }}_Package
+    steps:
+    - task: DownloadPipelineArtifact@2
+      displayName: '⬇️ Download Packaged Extension'
+      inputs:
+        path: '$(System.ArtifactsDirectory)'
+    - template: install-node.yaml
+    - bash: |
+        VERSION=`node -p "require('./package.json').version"`
+        npm version $VERSION --allow-same-version
+        echo "##vso[task.setvariable variable=version;isOutput=true]$VERSION"
+      name: GetVersion
+      displayName: '❓ Get Version'
+      workingDirectory: 'vscode-dotnet-runtime-extension'
+    - task: AzureCLI@2
+      displayName: '🚀 Publish to Marketplace'
+      inputs:
+        azureSubscription: 'VSCode Marketplace Publishing'
+        scriptType: "pscore"
+        scriptLocation: 'inlineScript'
+        workingDirectory: '$(System.ArtifactsDirectory)'
+        inlineScript: |
+          npm install @vscode/vsce@latest -g --reg https://registry.npmjs.org/ --verbose
+          $basePublishArgs = , "publish"
+          $basePublishArgs += '--azure-credential'
+          $basePublishArgs += '--packagePath'
+          $publishArgs = $basePublishArgs + 'vscode-dotnet-runtime-$(GetVersion.version)-signed.vsix'
+          If ("${{ parameters.SignType }}" -ne "Real") {
+            Write-Host "With a test-signed build, the command to publish is printed instead of run."
+            Write-Host "##[command]vsce $publishArgs"
+          }
+          Else {
+            Write-Host "##[command]vsce $publishArgs"
+            vsce @publishArgs
+          }