vscode/build/darwin/sign.ts

126 lines
4.5 KiB
TypeScript
Raw Normal View History

/*---------------------------------------------------------------------------------------------
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License. See License.txt in the project root for license information.
*--------------------------------------------------------------------------------------------*/
import * as fs from 'fs';
import * as path from 'path';
import * as codesign from 'electron-osx-sign';
import { spawn } from '@malept/cross-spawn-promise';
const root = path.dirname(path.dirname(__dirname));
function getElectronVersion(): string {
feat: switch to npm as default package manager (#226927) * feat: move from yarn to npm * chore: skip yarn.lock files * fix: playwright download * chore: fix compile and hygiene * chore: bump vsce@2.17.0 Refs https://github.com/microsoft/vscode-vsce/commit/8b49e9dfdf909ad3af2b9ec9c825f5b501f6d75e * test: update results for bat and sh colorizer tests * fix: add missing lock files for windows * fix: switch to legacy-peer-deps * chore: update markdown-it@14.1.0 Refs https://github.com/markdown-it/markdown-it/commit/737c95a12976357df99652e4b51d831cac4a75aa esbuild step in extensions-ci-pr was previously using markdown-it from root which had userland punycode and was able to compile successfully. * ci: increase pr timeout for windows integration tests * chore: fix product build * build: ignore extension dev dependency for rcedit * build: fix working directory inside container * build: fix dependency generation * npm: update dependencies * ci: use global npmrc * ci: update cache * ci: setup global npmrc for private npm auth * build: fix extension bundling * chore: sync npm dependencies * ci: debug env variables for container * ci: fix win32 cli pipeline * build: fix npmrc config usage for build/ and remote/ dirs * fix: windows build * fix: container builds * fix: markdown-language-features tests and bundling ``` [03:58:22] Error: Command failed: /Users/demohan/.nvm/versions/node/v20.15.1/bin/node /Users/demohan/github/vscode/extensions/markdown-language-features/esbuild-notebook.js --outputRoot /Users/demohan/github/vscode/.build/extensions/markdown-language-features ✘ [ERROR] Could not resolve "punycode" extensions/markdown-language-features/node_modules/markdown-it/lib/index.js:14:27: 14 │ var punycode = require('punycode'); ╵ ~~~~~~~~~~ The package "punycode" wasn't found on the file system but is built into node. Are you trying to bundle for node? You can use "platform: 'node'" to do that, which will remove this error. ``` Adds userland package based on https://github.com/markdown-it/markdown-it/commit/beed9aee2c1b44819afc25d485e86a6c699b6ef0 * fix: container builds for distro * chore: update yarn occurrences * fixup! chore: bump vsce@2.17.0 Uses the closest version to `main` branch that does not include https://github.com/microsoft/vscode-vsce/commit/d3cc84cdec99b8e9f24be63d1a2a54abe908f68b while still having the fix https://github.com/microsoft/vscode-vsce/commit/8b49e9dfdf909ad3af2b9ec9c825f5b501f6d75e * chore: sync npm dependencies * chore: sync npm dependencies * chore: sync npm dependencies * chore: throw error when yarn is used for installation * chore: add review feedback * chore: switch exec => run where needed * chore: npm sync dependencies * fix: markdown-language-features bundling ``` ✘ [ERROR] Could not resolve "punycode" extensions/markdown-language-features/node_modules/markdown-it/lib/index.js:14:27: 14 │ var punycode = require('punycode'); ╵ ~~~~~~~~~~ The package "punycode" wasn't found on the file system but is built into node. Are you trying to bundle for node? You can use "platform: 'node'" to do that, which will remove this error. ``` Adds missing userland package based on markdown-it/markdown-it@beed9ae, can be removed once we update markdown-it >= 14.1.0 * ci: rename no-yarn-lock-changes.yml * chore: sync npm dependencies * ci: restore no-yarn-lock-changes.yml We can disable it in a separate PR to keep the required checks happy and also need workflow edit perms. * chore: sync npm dependencies * ci: rebuild cache * ci: fix no-package-lock-changes.yml * chore: bump distro * chore: rm yarn.lock files * chore: rm yarn.lock files without dependencies * chore: add vscode-selfhost-import-aid to postinstall dirs * chore: bump distro
2024-09-06 21:18:02 +08:00
const npmrc = fs.readFileSync(path.join(root, '.npmrc'), 'utf8');
const target = /^target="(.*)"$/m.exec(npmrc)![1];
return target;
}
async function main(buildDir?: string): Promise<void> {
const tempDir = process.env['AGENT_TEMPDIRECTORY'];
const arch = process.env['VSCODE_ARCH'];
const identity = process.env['CODESIGN_IDENTITY'];
if (!buildDir) {
throw new Error('$AGENT_BUILDDIRECTORY not set');
}
if (!tempDir) {
throw new Error('$AGENT_TEMPDIRECTORY not set');
}
const product = JSON.parse(fs.readFileSync(path.join(root, 'product.json'), 'utf8'));
const baseDir = path.dirname(__dirname);
const appRoot = path.join(buildDir, `VSCode-darwin-${arch}`);
const appName = product.nameLong + '.app';
const appFrameworkPath = path.join(appRoot, appName, 'Contents', 'Frameworks');
const helperAppBaseName = product.nameShort;
const gpuHelperAppName = helperAppBaseName + ' Helper (GPU).app';
const rendererHelperAppName = helperAppBaseName + ' Helper (Renderer).app';
const pluginHelperAppName = helperAppBaseName + ' Helper (Plugin).app';
const infoPlistPath = path.resolve(appRoot, appName, 'Contents', 'Info.plist');
const defaultOpts: codesign.SignOptions = {
app: path.join(appRoot, appName),
platform: 'darwin',
entitlements: path.join(baseDir, 'azure-pipelines', 'darwin', 'app-entitlements.plist'),
'entitlements-inherit': path.join(baseDir, 'azure-pipelines', 'darwin', 'app-entitlements.plist'),
hardenedRuntime: true,
'pre-auto-entitlements': false,
'pre-embed-provisioning-profile': false,
keychain: path.join(tempDir, 'buildagent.keychain'),
version: getElectronVersion(),
identity,
'gatekeeper-assess': false
};
const appOpts = {
...defaultOpts,
// TODO(deepak1556): Incorrectly declared type in electron-osx-sign
ignore: (filePath: string) => {
return filePath.includes(gpuHelperAppName) ||
filePath.includes(rendererHelperAppName) ||
filePath.includes(pluginHelperAppName);
}
};
const gpuHelperOpts: codesign.SignOptions = {
...defaultOpts,
app: path.join(appFrameworkPath, gpuHelperAppName),
entitlements: path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-gpu-entitlements.plist'),
'entitlements-inherit': path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-gpu-entitlements.plist'),
};
const rendererHelperOpts: codesign.SignOptions = {
...defaultOpts,
app: path.join(appFrameworkPath, rendererHelperAppName),
entitlements: path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-renderer-entitlements.plist'),
'entitlements-inherit': path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-renderer-entitlements.plist'),
};
const pluginHelperOpts: codesign.SignOptions = {
...defaultOpts,
app: path.join(appFrameworkPath, pluginHelperAppName),
entitlements: path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-plugin-entitlements.plist'),
'entitlements-inherit': path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-plugin-entitlements.plist'),
};
2022-03-21 15:05:13 +08:00
// Only overwrite plist entries for x64 and arm64 builds,
// universal will get its copy from the x64 build.
if (arch !== 'universal') {
await spawn('plutil', [
'-insert',
'NSAppleEventsUsageDescription',
'-string',
'An application in Visual Studio Code wants to use AppleScript.',
`${infoPlistPath}`
]);
await spawn('plutil', [
'-replace',
'NSMicrophoneUsageDescription',
'-string',
'An application in Visual Studio Code wants to use the Microphone.',
`${infoPlistPath}`
]);
await spawn('plutil', [
'-replace',
'NSCameraUsageDescription',
'-string',
'An application in Visual Studio Code wants to use the Camera.',
`${infoPlistPath}`
]);
}
await codesign.signAsync(gpuHelperOpts);
await codesign.signAsync(rendererHelperOpts);
await codesign.signAsync(pluginHelperOpts);
await codesign.signAsync(appOpts as any);
}
if (require.main === module) {
main(process.argv[2]).catch(err => {
console.error(err);
process.exit(1);
});
}