Skip to content

Commit

Permalink
sign vsix in build pipeline (#1499)
Browse files Browse the repository at this point in the history
  • Loading branch information
testforstephen authored Jul 19, 2024
1 parent 1f602c3 commit 4a903c4
Show file tree
Hide file tree
Showing 2 changed files with 71 additions and 5 deletions.
39 changes: 36 additions & 3 deletions .azure-pipelines/nightly.yml
Original file line number Diff line number Diff line change
Expand Up @@ -83,9 +83,9 @@ extends:
inputs:
script: npx json@9.0.6 -I -f package.json -e "this.aiKey=\"%AI_KEY%\""
- task: CmdLine@2
displayName: vsce package --pre-release
displayName: vsce package --pre-release -o extension.vsix
inputs:
script: npx @vscode/vsce@latest package --pre-release
script: npx @vscode/vsce@latest package --pre-release -o extension.vsix
### Copy files for APIScan
- task: CopyFiles@2
displayName: "Copy Files for APIScan"
Expand All @@ -105,8 +105,41 @@ extends:
condition: and(succeeded(), ne(variables['DisableAPIScan'], 'true'))
env:
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
- script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
displayName: 'Generate extension manifest'
- script: cp extension.manifest extension.signature.p7s
displayName: 'Prepare manifest for signing'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
inputs:
ConnectedServiceName: $(ConnectedServiceName)
AppRegistrationClientId: $(AppRegistrationClientId)
AppRegistrationTenantId: $(AppRegistrationTenantId)
AuthAKVName: $(AuthAKVName)
AuthCertName: $(AuthCertName)
AuthSignCertName: $(AuthSignCertName)
FolderPath: '.'
Pattern: 'extension.signature.p7s'
signConfigType: inlineSignParams
inlineOperation: |
[
{
"keyCode": "CP-401405",
"operationSetCode": "VSCodePublisherSign",
"parameters" : [],
"toolName": "sign",
"toolVersion": "1.0"
}
]
SessionTimeout: 90
MaxConcurrency: 25
MaxRetryAttempts: 5
PendingAnalysisWaitTimeoutMinutes: 5
displayName: 'Sign extension'
- task: CopyFiles@2
displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)/vsix"
inputs:
Contents: "*.vsix"
Contents: |
extension.vsix
extension.manifest
extension.signature.p7s
TargetFolder: $(Build.ArtifactStagingDirectory)/vsix
37 changes: 35 additions & 2 deletions .azure-pipelines/rc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ extends:
- task: CmdLine@2
displayName: vsce package
inputs:
script: npx @vscode/vsce@latest package
script: npx @vscode/vsce@latest package -o extension.vsix
### Copy files for APIScan
- task: CopyFiles@2
displayName: "Copy Files for APIScan"
Expand All @@ -96,8 +96,41 @@ extends:
condition: and(succeeded(), ne(variables['DisableAPIScan'], 'true'))
env:
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
- script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
displayName: 'Generate extension manifest'
- script: cp extension.manifest extension.signature.p7s
displayName: 'Prepare manifest for signing'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
inputs:
ConnectedServiceName: $(ConnectedServiceName)
AppRegistrationClientId: $(AppRegistrationClientId)
AppRegistrationTenantId: $(AppRegistrationTenantId)
AuthAKVName: $(AuthAKVName)
AuthCertName: $(AuthCertName)
AuthSignCertName: $(AuthSignCertName)
FolderPath: '.'
Pattern: 'extension.signature.p7s'
signConfigType: inlineSignParams
inlineOperation: |
[
{
"keyCode": "CP-401405",
"operationSetCode": "VSCodePublisherSign",
"parameters" : [],
"toolName": "sign",
"toolVersion": "1.0"
}
]
SessionTimeout: 90
MaxConcurrency: 25
MaxRetryAttempts: 5
PendingAnalysisWaitTimeoutMinutes: 5
displayName: 'Sign extension'
- task: CopyFiles@2
displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)/vsix"
inputs:
Contents: "*.vsix"
Contents: |
extension.vsix
extension.manifest
extension.signature.p7s
TargetFolder: $(Build.ArtifactStagingDirectory)/vsix

0 comments on commit 4a903c4

Please sign in to comment.