Use shared GitHub and ADO pipelines (#129)

.azure-pipelines/after-all.yml

@@ -1,6 +0,0 @@
-steps:
-  - task: ComponentGovernanceComponentDetection@0
-    displayName: 'Component Detection'
-    condition: ne(variables['System.PullRequest.IsFork'], 'True')
-
-  - template: compliance/compliance.yml

.azure-pipelines/before-all.yml

@@ -1,5 +0,0 @@
-steps:
-  - task: NodeTool@0
-    displayName: 'Use Node 16.x'
-    inputs:
-      versionSpec: 16.x

.azure-pipelines/compliance/CredScanSuppressions.json

@@ -1,9 +1,5 @@
+// More info at https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/cred-bot-trinity/credential-risk-exposure-defense/troubleshoot_guides/local-suppressions
 {
     "tool": "Credential Scanner",
-    "suppressions": [
-        {
-            "file": "node_modules\\enquirer\\README.md",
-            "_justification": "No need to scan external node modules."
-        }
-    ]
+    "suppressions": []
 }

.azure-pipelines/compliance/PoliCheckExclusions.xml

@@ -1,10 +1,11 @@
 <PoliCheckExclusions>
+    <!-- More info at https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/sdl-azdo-extension/policheck-build-task#excluding-files-or-folders-from-the-policheck-scan -->
     <!--Each of these exclusions is a folder name -if \[name]\exists in the file path, it will be skipped -->
-    <Exclusion Type="FolderPathFull">NODE_MODULES|BACKUPTEMPLATES</Exclusion>
+    <Exclusion Type="FolderPathFull">NODE_MODULES|BACKUPTEMPLATES|.VSCODE-TEST|DIST</Exclusion>
     <!--Each of these exclusions is a folder name -if any folder or file starts with "\[name]", it will be skipped -->
     <!--<Exclusion Type="FolderPathStart">ABC|XYZ</Exclusion>-->
     <!--Each of these file types will be completely skipped for the entire scan -->
     <!--<Exclusion Type="FileType">.ABC|.XYZ</Exclusion>-->
     <!--The specified file names will be skipped during the scan regardless which folder they are in -->
-    <!--<Exclusion Type="FileName">ABC.TXT|XYZ.CS</Exclusion>-->
+    <Exclusion Type="FileName">NOTICE.HTML</Exclusion>
 </PoliCheckExclusions>

.azure-pipelines/compliance/compliance.yml

@@ -1,48 +0,0 @@
-steps:
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
-    displayName: 'AntiMalware Scanner'
-    inputs:
-      FileDirPath: '$(Build.SourcesDirectory)'
-      EnableServices: true
-    condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule')) # Only on scheduled and manual builds because it is slow
-
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
-    displayName: 'Run PoliCheck'
-    inputs:
-      targetType: F # search files and folders
-      optionsUEPATH: '$(Build.SourcesDirectory)/.azure-pipelines/compliance/PoliCheckExclusions.xml'
-    continueOnError: true
-    condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule')) # Only on scheduled and manual builds because it is slow
-
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
-    displayName: 'Run CredScan'
-    inputs:
-      toolMajorVersion: V2
-      suppressionsFile: '$(Build.SourcesDirectory)/.azure-pipelines/compliance/CredScanSuppressions.json'
-    continueOnError: true
-    condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule')) # Only on scheduled and manual builds because it is slow
-
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
-    displayName: 'Publish Security Analysis Logs'
-    condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule'))
-
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
-    displayName: 'Post Analysis'
-    inputs:
-      AllTools: false
-      CredScan: true
-      PoliCheck: true
-    condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Windows_NT'), in(variables['Build.Reason'], 'Manual', 'Schedule'))
-
-  - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
-    displayName: 'SBoM Generation Task'
-    inputs:
-      BuildDropPath: '$(build.artifactstagingdirectory)'
-    condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Linux'), in(variables['Build.Reason'], 'Manual', 'Schedule')) # Only on scheduled and manual builds because it is slow
-
-  - task: PublishBuildArtifacts@1
-    displayName: 'Publish SBoM'
-    inputs:
-      PathtoPublish: '$(build.artifactstagingdirectory)/_manifest'
-      ArtifactName: '_manifest'
-    condition: and(ne(variables['System.PullRequest.IsFork'], 'True'), eq(variables['Agent.OS'], 'Linux'), in(variables['Build.Reason'], 'Manual', 'Schedule'))

.azure-pipelines/job-steps.yml

@@ -1,42 +0,0 @@
-steps:
-  - template: before-all.yml
-
-  - task: Npm@1
-    displayName: 'Install'
-    inputs:
-      command: ci
-
-  - task: Npm@1
-    displayName: 'Lint'
-    inputs:
-      command: custom
-      customCommand: run lint
-
-  - task: Npm@1
-    displayName: 'Test'
-    inputs:
-      command: custom
-      customCommand: test
-
-  - task: Npm@1
-    displayName: 'Pack'
-    inputs:
-      command: custom
-      customCommand: pack
-    condition: and(eq(variables['Agent.OS'], 'Linux'), ne(variables['System.PullRequest.IsFork'], 'True'))
-
-  - task: CopyFiles@2
-    displayName: 'Copy Package'
-    inputs:
-      Contents: 'microsoft-compose-language-service*.tgz'
-      TargetFolder: '$(build.artifactstagingdirectory)'
-    condition: and(eq(variables['Agent.OS'], 'Linux'), ne(variables['System.PullRequest.IsFork'], 'True'))
-
-  - task: PublishBuildArtifacts@1
-    displayName: 'Publish Package'
-    inputs:
-      PathtoPublish: '$(build.artifactstagingdirectory)'
-      ArtifactName: 'microsoft-compose-language-service'
-    condition: and(eq(variables['Agent.OS'], 'Linux'), ne(variables['System.PullRequest.IsFork'], 'True'))
-
-  - template: after-all.yml

.azure-pipelines/main.yml

@@ -1,32 +1,26 @@
-jobs:
-  - job: Windows
-    pool:
-      vmImage: windows-latest
-    steps:
-      - template: job-steps.yml
-
-  - job: Linux
-    pool:
-      vmImage: ubuntu-latest
-    steps:
-      - template: job-steps.yml
-    variables:
-      Codeql.Enabled: $[in(variables['Build.Reason'], 'Schedule')] # Enable CodeQL only on scheduled builds because it is slow
-
+# Trigger the build whenever `main` or `rel/*` is updated
 trigger:
-  branches:
-    include:
-      - '*'
-
-pr:
-  branches:
-    include:
   - main
+  - rel/*
 
+# Scheduled nightly build
 schedules:
   - cron: "0 0 * * *"
-    displayName: Daily midnight build
+    displayName: Nightly scheduled build
+    always: false # Don't rebuild if there haven't been changes
     branches:
       include:
         - main
-    always: false
+
+# Grab the base templates from https://github.com/microsoft/vscode-azuretools/tree/main/azure-pipelines
+resources:
+  repositories:
+    - repository: templates
+      type: github
+      name: microsoft/vscode-azuretools
+      ref: main
+      endpoint: GitHub
+
+# Use those templates
+extends:
+  template: azure-pipelines/jobs.yml@templates

.github/workflows/main.yml

@@ -0,0 +1,22 @@
+name: Node PR Lint, Build and Test
+
+on:
+  # Trigger when manually run
+  workflow_dispatch:
+
+  # Trigger on pushes to `main` or `rel/*`
+  push:
+    branches:
+      - main
+      - rel/*
+
+  # Trigger on pull requests to `main` or `rel/*`
+  pull_request:
+    branches:
+      - main
+      - rel/*
+
+jobs:
+  Build:
+    # Use template from https://github.com/microsoft/vscode-azuretools/tree/main/.github/workflows
+    uses: microsoft/vscode-azuretools/.github/workflows/jobs.yml@main

.github/workflows/node.js.yml

@@ -1,31 +0,0 @@
-# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
-# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
-
-name: Node CI Build and Test
-
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    branches: [ main ]
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-
-    strategy:
-      matrix:
-        node-version: [16.x]
-        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
-
-    steps:
-    - uses: actions/checkout@v2
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v2
-      with:
-        node-version: ${{ matrix.node-version }}
-    - run: npm ci
-    - run: npm run build --if-present
-    - run: npm test
-    - run: npm run lint

.github/workflows/npm-publish.yml

@@ -16,6 +16,7 @@ jobs:
         with:
           node-version: 16
       - run: npm ci
+      - run: npm build
       - run: npm test
 
   publish-npm:
@@ -28,6 +29,7 @@ jobs:
           node-version: 16
           registry-url: https://registry.npmjs.org/
       - run: npm ci
+      - run: npm build
       - run: npm publish
         env:
           NODE_AUTH_TOKEN: ${{secrets.npm_token}}
@@ -45,6 +47,7 @@ jobs:
           node-version: 16
           registry-url: https://npm.pkg.github.com/
       - run: npm ci
+      - run: npm build
       - run: npm publish
         env:
           NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

.nvmrc

@@ -0,0 +1 @@
+16.17

package.json

@@ -26,8 +26,7 @@
         "lint": "eslint --max-warnings 0 src --ext ts",
         "test": "mocha --file lib/test/global.test.js --recursive lib/test",
         "unittest": "npm test -- --grep /unit/i",
-        "pretest": "npm run build",
-        "prepack": "npm run build"
+        "package": "npm pack"
     },
     "devDependencies": {
         "@types/chai": "^4.3.0",