172 строки
7.0 KiB
YAML
172 строки
7.0 KiB
YAML
name: $(Date:yyyyMMdd).$(Rev:r)
|
|
variables:
|
|
- name: Codeql.Enabled
|
|
value: true
|
|
schedules:
|
|
- cron: 0 0 * * *
|
|
branches:
|
|
include:
|
|
- refs/heads/main
|
|
resources:
|
|
repositories:
|
|
- repository: self
|
|
type: git
|
|
ref: refs/heads/main
|
|
- repository: 1esPipelines
|
|
type: git
|
|
name: 1ESPipelineTemplates/1ESPipelineTemplates
|
|
ref: refs/tags/release
|
|
trigger: none
|
|
extends:
|
|
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
|
|
parameters:
|
|
pool:
|
|
name: 1ES_JavaTooling_Pool
|
|
image: 1ES_JavaTooling_Windows_2022
|
|
os: windows
|
|
sdl:
|
|
sourceAnalysisPool:
|
|
name: 1ES_JavaTooling_Pool
|
|
image: 1ES_JavaTooling_Windows_2022
|
|
os: windows
|
|
customBuildTags:
|
|
- MigrationTooling-mseng-VSJava-13463-Tool
|
|
stages:
|
|
- stage: Build
|
|
jobs:
|
|
- job: Job_1
|
|
displayName: Agent job 1
|
|
templateContext:
|
|
outputs:
|
|
- output: pipelineArtifact
|
|
artifactName: extension
|
|
targetPath: $(Build.ArtifactStagingDirectory)
|
|
displayName: "Publish Artifact: extension"
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
fetchTags: true
|
|
- task: NodeTool@0
|
|
displayName: Use Node 20.x
|
|
inputs:
|
|
versionSpec: 20.x
|
|
- task: JavaToolInstaller@0
|
|
displayName: Use Java 17
|
|
inputs:
|
|
versionSpec: "17"
|
|
jdkArchitectureOption: x64
|
|
jdkSourceOption: PreInstalled
|
|
- task: Npm@1
|
|
displayName: npm install
|
|
inputs:
|
|
verbose: false
|
|
- task: Bash@3
|
|
displayName: npx gulp build_server
|
|
inputs:
|
|
targetType: inline
|
|
script: |-
|
|
# Build the jars to the server folder.
|
|
npm run build-server
|
|
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
|
|
displayName: ESRP CodeSigning
|
|
inputs:
|
|
ConnectedServiceName: 'ESRP-Release-Test'
|
|
AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6'
|
|
AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
|
|
AuthAKVName: 'vscjavaci'
|
|
AuthCertName: 'vscjava-esrprelease-auth'
|
|
AuthSignCertName: 'VSCJava-CodeSign'
|
|
FolderPath: server
|
|
Pattern: com.microsoft.jdtls.ext.*.jar
|
|
signConfigType: inlineSignParams
|
|
inlineOperation: |-
|
|
[
|
|
{
|
|
"KeyCode" : "CP-447347-Java",
|
|
"OperationCode" : "JavaSign",
|
|
"Parameters" : {
|
|
"SigAlg" : "SHA256withRSA",
|
|
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
|
|
},
|
|
"ToolName" : "sign",
|
|
"ToolVersion" : "1.0"
|
|
},
|
|
{
|
|
"KeyCode" : "CP-447347-Java",
|
|
"OperationCode" : "JavaVerify",
|
|
"Parameters" : {},
|
|
"ToolName" : "sign",
|
|
"ToolVersion" : "1.0"
|
|
}
|
|
]
|
|
- task: CmdLine@2
|
|
displayName: Replace AI Key
|
|
inputs:
|
|
script: npx json@9.0.6 -I -f package.json -e "this.aiKey=\"%AI_KEY%\""
|
|
- task: Bash@3
|
|
displayName: Bash Script
|
|
inputs:
|
|
targetType: inline
|
|
script: |-
|
|
node ./scripts/prepare-nightly-build.js
|
|
mv ./package.insiders.json ./package.json
|
|
- script: npx @vscode/vsce@latest package --pre-release -o extension.vsix
|
|
displayName: 'vsce package --pre-release'
|
|
### Copy files for APIScan
|
|
- task: CopyFiles@2
|
|
displayName: "Copy Files for APIScan"
|
|
inputs:
|
|
Contents: "*.vsix"
|
|
TargetFolder: $(Agent.TempDirectory)/APIScanFiles
|
|
condition: and(succeeded(), ne(variables['DisableAPIScan'], 'true'))
|
|
### Run latest version of APIScan listed at https://www.1eswiki.com/wiki/APIScan_Build_Task
|
|
- task: APIScan@2
|
|
displayName: Run APIScan
|
|
inputs:
|
|
softwareFolder: $(Agent.TempDirectory)/APIScanFiles
|
|
softwareName: "vscode-java-dependency"
|
|
softwareVersionNum: "$(Build.BuildId)"
|
|
isLargeApp: false
|
|
toolVersion: "Latest"
|
|
condition: and(succeeded(), ne(variables['DisableAPIScan'], 'true'))
|
|
env:
|
|
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
|
|
- script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
|
|
displayName: 'Generate extension manifest'
|
|
- script: cp extension.manifest extension.signature.p7s
|
|
displayName: 'Prepare manifest for signing'
|
|
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
|
|
inputs:
|
|
ConnectedServiceName: 'ESRP-Release-Test'
|
|
AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6'
|
|
AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
|
|
AuthAKVName: 'vscjavaci'
|
|
AuthCertName: 'vscjava-esrprelease-auth'
|
|
AuthSignCertName: 'VSCJava-CodeSign'
|
|
FolderPath: '.'
|
|
Pattern: 'extension.signature.p7s'
|
|
signConfigType: inlineSignParams
|
|
inlineOperation: |
|
|
[
|
|
{
|
|
"keyCode": "CP-401405",
|
|
"operationSetCode": "VSCodePublisherSign",
|
|
"parameters" : [],
|
|
"toolName": "sign",
|
|
"toolVersion": "1.0"
|
|
}
|
|
]
|
|
SessionTimeout: 90
|
|
MaxConcurrency: 25
|
|
MaxRetryAttempts: 5
|
|
PendingAnalysisWaitTimeoutMinutes: 5
|
|
displayName: 'Sign extension'
|
|
- task: CopyFiles@2
|
|
displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)"
|
|
inputs:
|
|
Contents: |
|
|
extension.vsix
|
|
extension.manifest
|
|
extension.signature.p7s
|
|
TargetFolder: $(Build.ArtifactStagingDirectory)
|