184 lines
6.1 KiB
YAML
184 lines
6.1 KiB
YAML
parameters:
|
|
- name: VSCODE_ARCH
|
|
type: string
|
|
- name: VSCODE_QUALITY
|
|
type: string
|
|
|
|
steps:
|
|
- task: NodeTool@0
|
|
inputs:
|
|
versionSource: fromFile
|
|
versionFilePath: .nvmrc
|
|
nodejsMirror: https://github.com/joaomoreno/node-mirror/releases/download
|
|
|
|
- task: UsePythonVersion@0
|
|
inputs:
|
|
versionSpec: "3.x"
|
|
addToPath: true
|
|
|
|
- template: ../distro/download-distro.yml@self
|
|
|
|
- task: AzureKeyVault@2
|
|
displayName: "Azure Key Vault: Get Secrets"
|
|
inputs:
|
|
azureSubscription: vscode
|
|
KeyVaultName: vscode-build-secrets
|
|
SecretsFilter: "github-distro-mixin-password"
|
|
|
|
- powershell: node build/setup-npm-registry.js $env:NPM_REGISTRY
|
|
condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'))
|
|
displayName: Setup NPM Registry
|
|
|
|
- powershell: |
|
|
. build/azure-pipelines/win32/exec.ps1
|
|
$ErrorActionPreference = "Stop"
|
|
# Set the private NPM registry to the global npmrc file
|
|
# so that authentication works for subfolders like build/, remote/, extensions/ etc
|
|
# which does not have their own .npmrc file
|
|
exec { npm config set registry "$env:NPM_REGISTRY" }
|
|
$NpmrcPath = (npm config get userconfig)
|
|
echo "##vso[task.setvariable variable=NPMRC_PATH]$NpmrcPath"
|
|
condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'))
|
|
displayName: Setup NPM
|
|
|
|
- task: npmAuthenticate@0
|
|
inputs:
|
|
workingFile: $(NPMRC_PATH)
|
|
condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'))
|
|
displayName: Setup NPM Authentication
|
|
|
|
- pwsh: |
|
|
$includes = @'
|
|
{
|
|
'target_defaults': {
|
|
'conditions': [
|
|
['OS=="win"', {
|
|
'msvs_settings': {
|
|
'VCCLCompilerTool': {
|
|
'AdditionalOptions': [
|
|
'/Zi',
|
|
'/FS'
|
|
],
|
|
},
|
|
'VCLinkerTool': {
|
|
'AdditionalOptions': [
|
|
'/profile'
|
|
]
|
|
}
|
|
}
|
|
}]
|
|
]
|
|
}
|
|
}
|
|
'@
|
|
|
|
if (!(Test-Path "~/.gyp")) {
|
|
mkdir "~/.gyp"
|
|
}
|
|
echo $includes > "~/.gyp/include.gypi"
|
|
displayName: Create include.gypi
|
|
|
|
- powershell: |
|
|
. build/azure-pipelines/win32/exec.ps1
|
|
$ErrorActionPreference = "Stop"
|
|
exec { npm ci }
|
|
env:
|
|
npm_config_arch: ${{ parameters.VSCODE_ARCH }}
|
|
npm_config_foreground_scripts: "true"
|
|
ELECTRON_SKIP_BINARY_DOWNLOAD: 1
|
|
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
|
|
GITHUB_TOKEN: "$(github-distro-mixin-password)"
|
|
retryCountOnTaskFailure: 5
|
|
displayName: Install dependencies
|
|
|
|
- script: node build/azure-pipelines/distro/mixin-npm
|
|
displayName: Mixin distro node modules
|
|
|
|
- script: node build/azure-pipelines/distro/mixin-quality
|
|
displayName: Mixin distro quality
|
|
env:
|
|
VSCODE_QUALITY: ${{ parameters.VSCODE_QUALITY }}
|
|
|
|
- powershell: npm run compile
|
|
displayName: Compile
|
|
|
|
- powershell: |
|
|
Get-ChildItem '$(Build.SourcesDirectory)' -Recurse -Filter "*.exe"
|
|
Get-ChildItem '$(Build.SourcesDirectory)' -Recurse -Filter "*.dll"
|
|
Get-ChildItem '$(Build.SourcesDirectory)' -Recurse -Filter "*.node"
|
|
Get-ChildItem '$(Build.SourcesDirectory)' -Recurse -Filter "*.pdb"
|
|
displayName: List files
|
|
|
|
- powershell: npm run gulp "vscode-symbols-win32-${{ parameters.VSCODE_ARCH }}"
|
|
env:
|
|
GITHUB_TOKEN: "$(github-distro-mixin-password)"
|
|
displayName: Download Symbols
|
|
|
|
- powershell: |
|
|
Get-ChildItem '$(Agent.BuildDirectory)\scanbin' -Recurse -Filter "*.exe"
|
|
Get-ChildItem '$(Agent.BuildDirectory)\scanbin' -Recurse -Filter "*.dll"
|
|
Get-ChildItem '$(Agent.BuildDirectory)\scanbin' -Recurse -Filter "*.node"
|
|
Get-ChildItem '$(Agent.BuildDirectory)\scanbin' -Recurse -Filter "*.pdb"
|
|
displayName: List files again
|
|
|
|
- task: BinSkim@4
|
|
inputs:
|
|
InputType: "Basic"
|
|
Function: "analyze"
|
|
TargetPattern: "guardianGlob"
|
|
AnalyzeIgnorePdbLoadError: true
|
|
AnalyzeTargetGlob: '$(Agent.BuildDirectory)\scanbin\**.dll;$(Agent.BuildDirectory)\scanbin\**.exe;$(Agent.BuildDirectory)\scanbin\**.node'
|
|
AnalyzeLocalSymbolDirectories: '$(Agent.BuildDirectory)\scanbin\VSCode-win32-${{ parameters.VSCODE_ARCH }}\pdb'
|
|
|
|
- task: CopyFiles@2
|
|
displayName: 'Collect Symbols for API Scan'
|
|
inputs:
|
|
SourceFolder: $(Agent.BuildDirectory)
|
|
Contents: 'scanbin\**\*.pdb'
|
|
TargetFolder: '$(Agent.BuildDirectory)\symbols'
|
|
flattenFolders: true
|
|
condition: succeeded()
|
|
|
|
- task: PublishSymbols@2
|
|
inputs:
|
|
IndexSources: false
|
|
SymbolsFolder: '$(Agent.BuildDirectory)\symbols'
|
|
SearchPattern: '**\*.pdb'
|
|
SymbolServerType: TeamServices
|
|
SymbolsProduct: 'code'
|
|
ArtifactServices.Symbol.AccountName: microsoft
|
|
ArtifactServices.Symbol.PAT: $(System.AccessToken)
|
|
ArtifactServices.Symbol.UseAAD: false
|
|
displayName: Publish Symbols
|
|
condition: succeeded()
|
|
|
|
- task: APIScan@2
|
|
inputs:
|
|
softwareFolder: $(Agent.BuildDirectory)\scanbin
|
|
softwareName: 'vscode-client'
|
|
softwareVersionNum: '1'
|
|
symbolsFolder: 'srv*https://symweb.azurefd.net;$(Agent.BuildDirectory)\symbols'
|
|
isLargeApp: false
|
|
toolVersion: 'Latest'
|
|
azureSubscription: 'vscode-apiscan'
|
|
displayName: Run ApiScan
|
|
condition: succeeded()
|
|
env:
|
|
AzureServicesAuthConnectionString: RunAs=App;AppId=c0940da5-8bd3-4dd3-8af1-40774b50edbd;TenantId=72f988bf-86f1-41af-91ab-2d7cd011db47;ServiceConnectionId=3e55d992-b60d-414d-9071-e4fad359c748;
|
|
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
|
|
|
|
- task: PublishSecurityAnalysisLogs@3
|
|
inputs:
|
|
ArtifactName: CodeAnalysisLogs
|
|
ArtifactType: Container
|
|
PublishProcessedResults: false
|
|
AllTools: true
|
|
|
|
# TSA Upload
|
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@2
|
|
displayName: TSA Upload
|
|
continueOnError: true
|
|
inputs:
|
|
GdnPublishTsaOnboard: true
|
|
GdnPublishTsaConfigFile: '$(Build.SourcesDirectory)/build/azure-pipelines/config/tsaoptions.json'
|