зеркало из https://github.com/microsoft/kiota.git
Merge pull request #5042 from microsoft/feature/extension-signing
feat: adds vscode extension signing as this is a new security requirement
This commit is contained in:
Коммит
7bb7d36155
|
@ -200,7 +200,7 @@ extends:
|
|||
projects: '$(Build.SourcesDirectory)\kiota.sln'
|
||||
arguments: "--configuration $(BuildConfiguration) --no-build"
|
||||
|
||||
- task: EsrpCodeSigning@2
|
||||
- task: EsrpCodeSigning@3
|
||||
displayName: "ESRP CodeSigning"
|
||||
inputs:
|
||||
ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)"
|
||||
|
@ -267,7 +267,7 @@ extends:
|
|||
condition: eq(variables['isPrerelease'], 'false')
|
||||
displayName: "pack kiota builder"
|
||||
|
||||
- task: EsrpCodeSigning@2
|
||||
- task: EsrpCodeSigning@3
|
||||
displayName: "ESRP CodeSigning Nuget Packages"
|
||||
inputs:
|
||||
ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)"
|
||||
|
@ -379,7 +379,7 @@ extends:
|
|||
displayName: Set Hardened Entitlements
|
||||
condition: and(succeeded(), startsWith('${{ distribution.architecture }}', 'osx'))
|
||||
|
||||
- task: EsrpCodeSigning@2
|
||||
- task: EsrpCodeSigning@3
|
||||
condition: and(succeeded(), startsWith('${{ distribution.architecture }}', 'win'))
|
||||
inputs:
|
||||
ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)"
|
||||
|
@ -437,7 +437,7 @@ extends:
|
|||
archiveType: zip
|
||||
archiveFile: $(Build.ArtifactStagingDirectory)/binaries/${{ distribution.architecture }}.zip
|
||||
replaceExistingArchive: true
|
||||
- task: EsrpCodeSigning@2
|
||||
- task: EsrpCodeSigning@3
|
||||
condition: and(succeeded(), startsWith('${{ distribution.architecture }}', 'osx'))
|
||||
inputs:
|
||||
ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)"
|
||||
|
@ -459,7 +459,7 @@ extends:
|
|||
SessionTimeout: 20
|
||||
Pattern: |
|
||||
**/*.zip
|
||||
- task: EsrpCodeSigning@2
|
||||
- task: EsrpCodeSigning@3
|
||||
condition: and(succeeded(), startsWith('${{ distribution.architecture }}', 'osx'))
|
||||
inputs:
|
||||
ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)"
|
||||
|
@ -527,25 +527,64 @@ extends:
|
|||
displayName: "Get Kiota's version-number from .csproj"
|
||||
- pwsh: $(Build.SourcesDirectory)/scripts/update-vscode-releases.ps1 -version $(artifactVersion)$(versionSuffix) -filePath $(Build.SourcesDirectory)/vscode/microsoft-kiota/package.json -binaryFolderPath $(Build.ArtifactStagingDirectory)/Binaries
|
||||
displayName: "Update VSCode extension version-number"
|
||||
- pwsh: npm i -g @vscode/vsce
|
||||
- script: npm i -g @vscode/vsce
|
||||
displayName: "Install vsce"
|
||||
- pwsh: npm ci
|
||||
- script: npm ci
|
||||
displayName: "Install dependencies"
|
||||
workingDirectory: $(Build.SourcesDirectory)/vscode/microsoft-kiota
|
||||
- pwsh: vsce package --pre-release
|
||||
- script: vsce package --pre-release
|
||||
displayName: "Package VSCode extension as pre-release"
|
||||
workingDirectory: $(Build.SourcesDirectory)/vscode/microsoft-kiota
|
||||
condition: eq(variables['isPrerelease'], 'true')
|
||||
- pwsh: vsce package
|
||||
- script: vsce package
|
||||
displayName: "Package VSCode extension as release"
|
||||
workingDirectory: $(Build.SourcesDirectory)/vscode/microsoft-kiota
|
||||
condition: eq(variables['isPrerelease'], 'false')
|
||||
- pwsh: |
|
||||
$extensionFiles = Get-ChildItem -Filter *.vsix -Recurse
|
||||
if ($extensionFiles.Count -ne 1) {
|
||||
Write-Error "Expected 1 extension file, found $($extensionFiles.Count)"
|
||||
exit 1
|
||||
}
|
||||
$extensionFileName = $extensionFiles[0].BaseName
|
||||
Write-Output "##vso[task.setvariable variable=extensionFileName;isOutput=true]$extensionFileName"
|
||||
displayName: "Get extension file name"
|
||||
workingDirectory: $(Build.SourcesDirectory)/vscode/microsoft-kiota
|
||||
name: getExtensionFileName
|
||||
- script: vsce generate-manifest -i $(getExtensionFileName.extensionFileName).vsix -o $(getExtensionFileName.extensionFileName).manifest
|
||||
displayName: 'Generate extension manifest'
|
||||
workingDirectory: $(Build.SourcesDirectory)/vscode/microsoft-kiota
|
||||
- script: cp $(getExtensionFileName.extensionFileName).manifest $(getExtensionFileName.extensionFileName).signature.p7s
|
||||
displayName: 'Prepare manifest for signing'
|
||||
workingDirectory: $(Build.SourcesDirectory)/vscode/microsoft-kiota
|
||||
- task: EsrpCodeSigning@3
|
||||
inputs:
|
||||
ConnectedServiceName: "microsoftgraph ESRP CodeSign DLL and NuGet (AKV)"
|
||||
FolderPath: $(Build.SourcesDirectory)/vscode/microsoft-kiota
|
||||
UseMinimatch: true
|
||||
Pattern: '**\*.signature.p7s'
|
||||
signConfigType: inlineSignParams
|
||||
inlineOperation: |
|
||||
[
|
||||
{
|
||||
"keyCode": "CP-401405",
|
||||
"operationSetCode": "VSCodePublisherSign",
|
||||
"parameters" : [],
|
||||
"toolName": "sign",
|
||||
"toolVersion": "1.0"
|
||||
}
|
||||
]
|
||||
SessionTimeout: 90
|
||||
MaxConcurrency: 25
|
||||
MaxRetryAttempts: 5
|
||||
PendingAnalysisWaitTimeoutMinutes: 5
|
||||
displayName: 'Sign extension'
|
||||
- task: CopyFiles@2
|
||||
displayName: Prepare staging folder for upload
|
||||
inputs:
|
||||
targetFolder: $(Build.ArtifactStagingDirectory)/VSCode
|
||||
sourceFolder: $(Build.SourcesDirectory)/vscode/microsoft-kiota
|
||||
contents: "*.vsix"
|
||||
contents: "*.vsix,*.manifest,*.signature.p7s"
|
||||
- task: 1ES.PublishPipelineArtifact@1
|
||||
displayName: "Publish Artifact: VSCode"
|
||||
inputs:
|
||||
|
@ -592,14 +631,17 @@ extends:
|
|||
inlineScript: |
|
||||
$aadToken = az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv
|
||||
Get-ChildItem -Path $(Pipeline.Workspace) -Filter *.vsix -Recurse | ForEach-Object {
|
||||
Write-Host "Publishing $_.FullName"
|
||||
$packagePath = $_.FullName
|
||||
$manifestPath = $packagePath.Replace("vsix", "manifest")
|
||||
$signaturePath = $packagePath.Replace("vsix", "signature.p7s")
|
||||
Write-Host "Publishing $packagePath"
|
||||
if ($Env:isPrerelease -eq "true") {
|
||||
Write-Host "Publishing $_.FullName as a pre-release"
|
||||
vsce publish --pat "$aadToken" --packagePath $_.FullName --pre-release
|
||||
Write-Host "Publishing $packagePath as a pre-release"
|
||||
vsce publish --pat "$aadToken" --packagePath $packagePath --manifestPath $manifestPath --signaturePath $signaturePath --pre-release
|
||||
}
|
||||
else {
|
||||
Write-Host "Publishing $_.FullName as a release"
|
||||
vsce publish --pat "$aadToken" --packagePath $_.FullName
|
||||
Write-Host "Publishing $packagePath as a release"
|
||||
vsce publish --pat "$aadToken" --packagePath $packagePath --manifestPath $manifestPath --signaturePath $signaturePath
|
||||
}
|
||||
}
|
||||
env:
|
||||
|
|
Загрузка…
Ссылка в новой задаче