136 lines
4.9 KiB
YAML
136 lines
4.9 KiB
YAML
steps:
|
|
- task: NodeTool@0
|
|
inputs:
|
|
versionSource: fromFile
|
|
versionFilePath: .nvmrc
|
|
nodejsMirror: https://github.com/joaomoreno/node-mirror/releases/download
|
|
|
|
- task: AzureKeyVault@2
|
|
displayName: "Azure Key Vault: Get Secrets"
|
|
inputs:
|
|
azureSubscription: vscode
|
|
KeyVaultName: vscode-build-secrets
|
|
SecretsFilter: "github-distro-mixin-password"
|
|
|
|
- task: AzureKeyVault@2
|
|
displayName: "Azure Key Vault: Get ESRP Secrets"
|
|
inputs:
|
|
azureSubscription: vscode-esrp
|
|
KeyVaultName: vscode-esrp
|
|
SecretsFilter: esrp-auth,esrp-sign
|
|
|
|
# allow-any-unicode-next-line
|
|
- pwsh: Write-Host "##vso[build.addbuildtag]🚀"
|
|
displayName: Add build tag
|
|
|
|
- pwsh: |
|
|
npm ci
|
|
workingDirectory: build
|
|
displayName: Install build dependencies
|
|
|
|
- download: current
|
|
patterns: "**/artifacts_processed_*.txt"
|
|
displayName: Download all artifacts_processed text files
|
|
|
|
- task: AzureCLI@2
|
|
displayName: Fetch secrets
|
|
inputs:
|
|
azureSubscription: vscode
|
|
scriptType: pscore
|
|
scriptLocation: inlineScript
|
|
addSpnToEnvironment: true
|
|
inlineScript: |
|
|
Write-Host "##vso[task.setvariable variable=AZURE_TENANT_ID]$env:tenantId"
|
|
Write-Host "##vso[task.setvariable variable=AZURE_CLIENT_ID]$env:servicePrincipalId"
|
|
Write-Host "##vso[task.setvariable variable=AZURE_ID_TOKEN;issecret=true]$env:idToken"
|
|
|
|
- pwsh: |
|
|
. build/azure-pipelines/win32/exec.ps1
|
|
|
|
if (Test-Path "$(Pipeline.Workspace)/artifacts_processed_*/artifacts_processed_*.txt") {
|
|
Write-Host "Artifacts already processed so a build must have already been created."
|
|
return
|
|
}
|
|
|
|
$VERSION = node -p "require('./package.json').version"
|
|
Write-Host "Creating build with version: $VERSION"
|
|
exec { node build/azure-pipelines/common/createBuild.js $VERSION }
|
|
env:
|
|
AZURE_TENANT_ID: "$(AZURE_TENANT_ID)"
|
|
AZURE_CLIENT_ID: "$(AZURE_CLIENT_ID)"
|
|
AZURE_ID_TOKEN: "$(AZURE_ID_TOKEN)"
|
|
displayName: Create build if it hasn't been created before
|
|
|
|
- pwsh: |
|
|
$publishAuthTokens = (node build/azure-pipelines/common/getPublishAuthTokens)
|
|
Write-Host "##vso[task.setvariable variable=PUBLISH_AUTH_TOKENS;issecret=true]$publishAuthTokens"
|
|
env:
|
|
AZURE_TENANT_ID: "$(AZURE_TENANT_ID)"
|
|
AZURE_CLIENT_ID: "$(AZURE_CLIENT_ID)"
|
|
AZURE_ID_TOKEN: "$(AZURE_ID_TOKEN)"
|
|
displayName: Get publish auth tokens
|
|
|
|
- pwsh: node build/azure-pipelines/common/publish.js
|
|
env:
|
|
GITHUB_TOKEN: "$(github-distro-mixin-password)"
|
|
AZURE_TENANT_ID: "$(AZURE_TENANT_ID)"
|
|
AZURE_CLIENT_ID: "$(AZURE_CLIENT_ID)"
|
|
AZURE_ID_TOKEN: "$(AZURE_ID_TOKEN)"
|
|
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
|
|
PUBLISH_AUTH_TOKENS: "$(PUBLISH_AUTH_TOKENS)"
|
|
RELEASE_TENANT_ID: "$(ESRP_TENANT_ID)"
|
|
RELEASE_CLIENT_ID: "$(ESRP_CLIENT_ID)"
|
|
RELEASE_AUTH_CERT: "$(esrp-auth)"
|
|
RELEASE_REQUEST_SIGNING_CERT: "$(esrp-sign)"
|
|
displayName: Process artifacts
|
|
retryCountOnTaskFailure: 3
|
|
|
|
- task: 1ES.PublishPipelineArtifact@1
|
|
inputs:
|
|
targetPath: $(Pipeline.Workspace)/artifacts_processed_$(System.StageAttempt)/artifacts_processed_$(System.StageAttempt).txt
|
|
artifactName: artifacts_processed_$(System.StageAttempt)
|
|
sbomEnabled: false
|
|
displayName: Publish the artifacts processed for this stage attempt
|
|
condition: always()
|
|
|
|
- pwsh: |
|
|
$ErrorActionPreference = 'Stop'
|
|
|
|
# Determine which stages we need to watch
|
|
$stages = @(
|
|
if ($env:VSCODE_BUILD_STAGE_WINDOWS -eq 'True') { 'Windows' }
|
|
if ($env:VSCODE_BUILD_STAGE_LINUX -eq 'True') { 'Linux' }
|
|
if ($env:VSCODE_BUILD_STAGE_LINUX_LEGACY_SERVER -eq 'True') { 'LinuxLegacyServer' }
|
|
if ($env:VSCODE_BUILD_STAGE_ALPINE -eq 'True') { 'Alpine' }
|
|
if ($env:VSCODE_BUILD_STAGE_MACOS -eq 'True') { 'macOS' }
|
|
if ($env:VSCODE_BUILD_STAGE_WEB -eq 'True') { 'Web' }
|
|
)
|
|
Write-Host "Stages to check: $stages"
|
|
|
|
# Get the timeline and see if it says the other stage completed
|
|
$timeline = Invoke-RestMethod "$($env:BUILDS_API_URL)timeline?api-version=6.0" -Headers @{
|
|
Authorization = "Bearer $env:SYSTEM_ACCESSTOKEN"
|
|
} -MaximumRetryCount 5 -RetryIntervalSec 1
|
|
|
|
$failedStages = @()
|
|
foreach ($stage in $stages) {
|
|
$didStageFail = $timeline.records | Where-Object {
|
|
$_.name -eq $stage -and $_.type -eq 'stage' -and $_.result -ne 'succeeded' -and $_.result -ne 'succeededWithIssues'
|
|
}
|
|
|
|
if($didStageFail) {
|
|
$failedStages += $stage
|
|
Write-Host "'$stage' failed!"
|
|
Write-Host $didStageFail
|
|
} else {
|
|
Write-Host "'$stage' did not fail."
|
|
}
|
|
}
|
|
|
|
if ($failedStages.Length) {
|
|
throw "Failed stages: $($failedStages -join ', '). This stage will now fail so that it is easier to retry failed jobs."
|
|
}
|
|
env:
|
|
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
|
|
displayName: Determine if stage should succeed
|