68 lines
3.0 KiB
YAML
68 lines
3.0 KiB
YAML
steps:
|
|
- task: NodeTool@0
|
|
inputs:
|
|
versionSource: fromFile
|
|
versionFilePath: .nvmrc
|
|
nodejsMirror: https://github.com/joaomoreno/node-mirror/releases/download
|
|
|
|
- task: UseDotNet@2
|
|
inputs:
|
|
version: 6.x
|
|
|
|
- task: EsrpClientTool@1
|
|
continueOnError: true
|
|
displayName: Download ESRPClient
|
|
|
|
- task: AzureKeyVault@1
|
|
displayName: "Azure Key Vault: Get Secrets"
|
|
inputs:
|
|
azureSubscription: "vscode-builds-subscription"
|
|
KeyVaultName: vscode-build-secrets
|
|
SecretsFilter: "ESRP-PKI,esrp-aad-username,esrp-aad-password"
|
|
|
|
- download: current
|
|
artifact: unsigned_vscode_client_darwin_$(VSCODE_ARCH)_archive
|
|
displayName: Download $(VSCODE_ARCH) artifact
|
|
|
|
- script: node build/azure-pipelines/common/sign $(Agent.ToolsDirectory)/esrpclient/*/*/net6.0/esrpcli.dll sign-darwin $(ESRP-PKI) $(esrp-aad-username) $(esrp-aad-password) $(Pipeline.Workspace)/unsigned_vscode_client_darwin_$(VSCODE_ARCH)_archive VSCode-darwin-$(VSCODE_ARCH).zip
|
|
displayName: Codesign
|
|
|
|
- script: node build/azure-pipelines/common/sign $(Agent.ToolsDirectory)/esrpclient/*/*/net6.0/esrpcli.dll notarize-darwin $(ESRP-PKI) $(esrp-aad-username) $(esrp-aad-password) $(Pipeline.Workspace)/unsigned_vscode_client_darwin_$(VSCODE_ARCH)_archive VSCode-darwin-$(VSCODE_ARCH).zip
|
|
displayName: Notarize
|
|
|
|
- script: unzip $(Pipeline.Workspace)/unsigned_vscode_client_darwin_$(VSCODE_ARCH)_archive/VSCode-darwin-$(VSCODE_ARCH).zip -d $(Agent.BuildDirectory)/VSCode-darwin-$(VSCODE_ARCH)
|
|
displayName: Extract signed app
|
|
|
|
- script: |
|
|
set -e
|
|
APP_ROOT="$(Agent.BuildDirectory)/VSCode-darwin-$(VSCODE_ARCH)"
|
|
APP_NAME="`ls $APP_ROOT | head -n 1`"
|
|
APP_PATH="$APP_ROOT/$APP_NAME"
|
|
codesign -dv --deep --verbose=4 "$APP_PATH"
|
|
"$APP_PATH/Contents/Resources/app/bin/code" --export-default-configuration=.build
|
|
displayName: Verify signature
|
|
condition: and(succeeded(), ne(variables['VSCODE_ARCH'], 'arm64'))
|
|
|
|
- script: |
|
|
# For legacy purposes, arch for x64 is just 'darwin'
|
|
case $VSCODE_ARCH in
|
|
x64) ASSET_ID="darwin" ;;
|
|
arm64) ASSET_ID="darwin-arm64" ;;
|
|
universal) ASSET_ID="darwin-universal" ;;
|
|
esac
|
|
echo "##vso[task.setvariable variable=ASSET_ID]$ASSET_ID"
|
|
displayName: Set asset id variable
|
|
|
|
- script: mv $(Pipeline.Workspace)/unsigned_vscode_client_darwin_$(VSCODE_ARCH)_archive/VSCode-darwin-x64.zip $(Pipeline.Workspace)/unsigned_vscode_client_darwin_$(VSCODE_ARCH)_archive/VSCode-darwin.zip
|
|
displayName: Rename x64 build to its legacy name
|
|
condition: and(succeeded(), eq(variables['VSCODE_ARCH'], 'x64'))
|
|
|
|
- task: 1ES.PublishPipelineArtifact@1
|
|
inputs:
|
|
targetPath: $(Pipeline.Workspace)/unsigned_vscode_client_darwin_$(VSCODE_ARCH)_archive/VSCode-$(ASSET_ID).zip
|
|
artifactName: vscode_client_darwin_$(VSCODE_ARCH)_archive
|
|
sbomBuildDropPath: $(Agent.BuildDirectory)/VSCode-darwin-$(VSCODE_ARCH)
|
|
sbomPackageName: "VS Code macOS $(VSCODE_ARCH)"
|
|
sbomPackageVersion: $(Build.SourceVersion)
|
|
displayName: Publish client archive
|