338 lines
13 KiB
YAML
338 lines
13 KiB
YAML
steps:
|
|
- script: |
|
|
mkdir -p .build
|
|
echo -n $BUILD_SOURCEVERSION > .build/commit
|
|
echo -n $VSCODE_QUALITY > .build/quality
|
|
echo -n $ENABLE_TERRAPIN > .build/terrapin
|
|
displayName: Prepare compilation cache flags
|
|
|
|
- task: 1ESLighthouseEng.PipelineArtifactCaching.RestoreCacheV1.RestoreCache@1
|
|
inputs:
|
|
keyfile: "build/.cachesalt, .build/commit, .build/quality, .build/terrapin"
|
|
targetfolder: ".build, out-build, out-vscode-min, out-vscode-reh-min, out-vscode-reh-web-min"
|
|
vstsFeed: "npm-vscode"
|
|
platformIndependent: true
|
|
alias: "Compilation"
|
|
|
|
- script: |
|
|
set -e
|
|
exit 1
|
|
displayName: Check RestoreCache
|
|
condition: and(succeeded(), ne(variables['CacheRestored-Compilation'], 'true'))
|
|
|
|
- task: NodeTool@0
|
|
inputs:
|
|
versionSpec: "12.14.1"
|
|
|
|
- task: geeklearningio.gl-vsts-tasks-yarn.yarn-installer-task.YarnInstaller@2
|
|
inputs:
|
|
versionSpec: "1.x"
|
|
|
|
- task: AzureKeyVault@1
|
|
displayName: "Azure Key Vault: Get Secrets"
|
|
inputs:
|
|
azureSubscription: "vscode-builds-subscription"
|
|
KeyVaultName: vscode
|
|
|
|
- script: |
|
|
set -e
|
|
|
|
cat << EOF > ~/.netrc
|
|
machine github.com
|
|
login vscode
|
|
password $(github-distro-mixin-password)
|
|
EOF
|
|
|
|
git config user.email "vscode@microsoft.com"
|
|
git config user.name "VSCode"
|
|
displayName: Prepare tooling
|
|
|
|
- script: |
|
|
set -e
|
|
sudo xcode-select -s /Applications/Xcode_12.2.app
|
|
displayName: Switch to Xcode 12
|
|
condition: and(succeeded(), eq(variables['VSCODE_ARCH'], 'arm64'))
|
|
|
|
- script: |
|
|
set -e
|
|
git remote add distro "https://github.com/$(VSCODE_MIXIN_REPO).git"
|
|
git fetch distro
|
|
git merge $(node -p "require('./package.json').distro")
|
|
displayName: Merge distro
|
|
|
|
- script: |
|
|
npx https://aka.ms/enablesecurefeed standAlone
|
|
displayName: Switch to Terrapin packages
|
|
timeoutInMinutes: 5
|
|
condition: and(succeeded(), eq(variables['ENABLE_TERRAPIN'], 'true'))
|
|
|
|
- script: |
|
|
echo -n $(VSCODE_ARCH) > .build/arch
|
|
displayName: Prepare yarn cache flags
|
|
|
|
- task: 1ESLighthouseEng.PipelineArtifactCaching.RestoreCacheV1.RestoreCache@1
|
|
inputs:
|
|
keyfile: ".build/arch, .build/terrapin, build/.cachesalt, .yarnrc, remote/.yarnrc, **/yarn.lock, !**/node_modules/**/yarn.lock, !**/.*/**/yarn.lock"
|
|
targetfolder: "**/node_modules, !**/node_modules/**/node_modules"
|
|
vstsFeed: "npm-vscode"
|
|
|
|
- script: |
|
|
set -e
|
|
npm install -g node-gyp@7.1.0
|
|
node-gyp --version
|
|
displayName: Update node-gyp
|
|
condition: and(succeeded(), ne(variables['CacheRestored'], 'true'))
|
|
|
|
- script: |
|
|
set -e
|
|
export npm_config_arch=$(VSCODE_ARCH)
|
|
export npm_config_node_gyp=$(which node-gyp)
|
|
export SDKROOT=/Applications/Xcode_12.2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.0.sdk
|
|
export CHILD_CONCURRENCY="1"
|
|
|
|
for i in {1..3}; do # try 3 times, for Terrapin
|
|
yarn --frozen-lockfile && break
|
|
if [ $i -eq 3 ]; then
|
|
echo "Yarn failed too many times" >&2
|
|
exit 1
|
|
fi
|
|
echo "Yarn failed $i, trying again..."
|
|
done
|
|
displayName: Install dependencies
|
|
condition: and(succeeded(), ne(variables['CacheRestored'], 'true'))
|
|
|
|
- task: 1ESLighthouseEng.PipelineArtifactCaching.SaveCacheV1.SaveCache@1
|
|
inputs:
|
|
keyfile: ".build/arch, .build/terrapin, build/.cachesalt, .yarnrc, remote/.yarnrc, **/yarn.lock, !**/node_modules/**/yarn.lock, !**/.*/**/yarn.lock"
|
|
targetfolder: "**/node_modules, !**/node_modules/**/node_modules"
|
|
vstsFeed: "npm-vscode"
|
|
condition: and(succeeded(), ne(variables['CacheRestored'], 'true'))
|
|
|
|
- script: |
|
|
set -e
|
|
export npm_config_arch=$(VSCODE_ARCH)
|
|
export npm_config_node_gyp=$(which node-gyp)
|
|
export SDKROOT=/Applications/Xcode_12.2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.0.sdk
|
|
ls /Applications/Xcode_12.2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/
|
|
yarn postinstall
|
|
displayName: Run postinstall scripts
|
|
condition: and(succeeded(), eq(variables['CacheRestored'], 'true'))
|
|
|
|
- script: |
|
|
set -e
|
|
export npm_config_arch=$(VSCODE_ARCH)
|
|
export npm_config_node_gyp=$(which node-gyp)
|
|
export npm_config_build_from_source=true
|
|
export SDKROOT=/Applications/Xcode_12.2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.0.sdk
|
|
ls /Applications/Xcode_12.2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/
|
|
yarn electron-rebuild
|
|
cd ./node_modules/keytar
|
|
node-gyp rebuild
|
|
displayName: Rebuild native modules for ARM64
|
|
condition: eq(variables['VSCODE_ARCH'], 'arm64')
|
|
|
|
- script: |
|
|
set -e
|
|
node build/azure-pipelines/mixin
|
|
displayName: Mix in quality
|
|
|
|
- script: |
|
|
set -e
|
|
VSCODE_MIXIN_PASSWORD="$(github-distro-mixin-password)" \
|
|
yarn gulp vscode-darwin-$(VSCODE_ARCH)-min-ci
|
|
displayName: Build
|
|
|
|
- script: |
|
|
set -e
|
|
VSCODE_MIXIN_PASSWORD="$(github-distro-mixin-password)" \
|
|
yarn gulp vscode-reh-darwin-min-ci
|
|
VSCODE_MIXIN_PASSWORD="$(github-distro-mixin-password)" \
|
|
yarn gulp vscode-reh-web-darwin-min-ci
|
|
displayName: Build reh
|
|
condition: and(succeeded(), eq(variables['VSCODE_ARCH'], 'x64'))
|
|
|
|
- script: |
|
|
set -e
|
|
yarn electron $(VSCODE_ARCH)
|
|
displayName: Download Electron
|
|
condition: and(succeeded(), eq(variables['VSCODE_STEP_ON_IT'], 'false'))
|
|
|
|
- script: |
|
|
set -e
|
|
security create-keychain -p pwd $(agent.tempdirectory)/buildagent.keychain
|
|
security default-keychain -s $(agent.tempdirectory)/buildagent.keychain
|
|
security unlock-keychain -p pwd $(agent.tempdirectory)/buildagent.keychain
|
|
echo "$(macos-developer-certificate)" | base64 -D > $(agent.tempdirectory)/cert.p12
|
|
security import $(agent.tempdirectory)/cert.p12 -k $(agent.tempdirectory)/buildagent.keychain -P "$(macos-developer-certificate-key)" -T /usr/bin/codesign
|
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k pwd $(agent.tempdirectory)/buildagent.keychain
|
|
VSCODE_ARCH="$(VSCODE_ARCH)" DEBUG=electron-osx-sign* node build/darwin/sign.js
|
|
displayName: Set Hardened Entitlements
|
|
|
|
- script: |
|
|
set -e
|
|
./scripts/test.sh --build --tfs "Unit Tests"
|
|
displayName: Run unit tests (Electron)
|
|
condition: and(succeeded(), eq(variables['VSCODE_ARCH'], 'x64'), eq(variables['VSCODE_STEP_ON_IT'], 'false'))
|
|
|
|
- script: |
|
|
set -e
|
|
yarn test-browser --build --browser chromium --browser webkit --browser firefox --tfs "Browser Unit Tests"
|
|
displayName: Run unit tests (Browser)
|
|
condition: and(succeeded(), eq(variables['VSCODE_ARCH'], 'x64'), eq(variables['VSCODE_STEP_ON_IT'], 'false'))
|
|
|
|
- script: |
|
|
# Figure out the full absolute path of the product we just built
|
|
# including the remote server and configure the integration tests
|
|
# to run with these builds instead of running out of sources.
|
|
set -e
|
|
APP_ROOT=$(agent.builddirectory)/VSCode-darwin-$(VSCODE_ARCH)
|
|
APP_NAME="`ls $APP_ROOT | head -n 1`"
|
|
INTEGRATION_TEST_ELECTRON_PATH="$APP_ROOT/$APP_NAME/Contents/MacOS/Electron" \
|
|
VSCODE_REMOTE_SERVER_PATH="$(agent.builddirectory)/vscode-reh-darwin" \
|
|
./scripts/test-integration.sh --build --tfs "Integration Tests"
|
|
displayName: Run integration tests (Electron)
|
|
condition: and(succeeded(), eq(variables['VSCODE_ARCH'], 'x64'), eq(variables['VSCODE_STEP_ON_IT'], 'false'))
|
|
|
|
- script: |
|
|
set -e
|
|
VSCODE_REMOTE_SERVER_PATH="$(agent.builddirectory)/vscode-reh-web-darwin" \
|
|
./resources/server/test/test-web-integration.sh --browser webkit
|
|
displayName: Run integration tests (Browser)
|
|
condition: and(succeeded(), eq(variables['VSCODE_ARCH'], 'x64'), eq(variables['VSCODE_STEP_ON_IT'], 'false'))
|
|
|
|
- script: |
|
|
set -e
|
|
APP_ROOT=$(agent.builddirectory)/VSCode-darwin-$(VSCODE_ARCH)
|
|
APP_NAME="`ls $APP_ROOT | head -n 1`"
|
|
INTEGRATION_TEST_ELECTRON_PATH="$APP_ROOT/$APP_NAME/Contents/MacOS/Electron" \
|
|
VSCODE_REMOTE_SERVER_PATH="$(agent.builddirectory)/vscode-reh-darwin" \
|
|
./resources/server/test/test-remote-integration.sh
|
|
displayName: Run remote integration tests (Electron)
|
|
condition: and(succeeded(), eq(variables['VSCODE_ARCH'], 'x64'), eq(variables['VSCODE_STEP_ON_IT'], 'false'))
|
|
|
|
- script: |
|
|
set -e
|
|
APP_ROOT=$(agent.builddirectory)/VSCode-darwin-$(VSCODE_ARCH)
|
|
APP_NAME="`ls $APP_ROOT | head -n 1`"
|
|
yarn smoketest --build "$APP_ROOT/$APP_NAME"
|
|
continueOnError: true
|
|
displayName: Run smoke tests (Electron)
|
|
condition: and(succeeded(), eq(variables['VSCODE_ARCH'], 'x64'), eq(variables['VSCODE_STEP_ON_IT'], 'false'))
|
|
|
|
- script: |
|
|
set -e
|
|
VSCODE_REMOTE_SERVER_PATH="$(agent.builddirectory)/vscode-reh-web-darwin" \
|
|
yarn smoketest --web --headless
|
|
continueOnError: true
|
|
displayName: Run smoke tests (Browser)
|
|
condition: and(succeeded(), eq(variables['VSCODE_ARCH'], 'x64'), eq(variables['VSCODE_STEP_ON_IT'], 'false'))
|
|
|
|
- task: PublishPipelineArtifact@0
|
|
inputs:
|
|
artifactName: crash-dump-macos-$(VSCODE_ARCH)
|
|
targetPath: .build/crashes
|
|
displayName: "Publish Crash Reports"
|
|
continueOnError: true
|
|
condition: failed()
|
|
|
|
- task: PublishTestResults@2
|
|
displayName: Publish Tests Results
|
|
inputs:
|
|
testResultsFiles: "*-results.xml"
|
|
searchFolder: "$(Build.ArtifactStagingDirectory)/test-results"
|
|
condition: succeededOrFailed()
|
|
|
|
- script: |
|
|
set -e
|
|
pushd $(agent.builddirectory)/VSCode-darwin-$(VSCODE_ARCH) && zip -r -X -y $(agent.builddirectory)/VSCode-darwin-$(VSCODE_ARCH).zip * && popd
|
|
displayName: Archive build
|
|
|
|
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
|
|
inputs:
|
|
ConnectedServiceName: "ESRP CodeSign"
|
|
FolderPath: "$(agent.builddirectory)"
|
|
Pattern: "VSCode-darwin-$(VSCODE_ARCH).zip"
|
|
signConfigType: inlineSignParams
|
|
inlineOperation: |
|
|
[
|
|
{
|
|
"keyCode": "CP-401337-Apple",
|
|
"operationSetCode": "MacAppDeveloperSign",
|
|
"parameters": [
|
|
{
|
|
"parameterName": "Hardening",
|
|
"parameterValue": "--options=runtime"
|
|
}
|
|
],
|
|
"toolName": "sign",
|
|
"toolVersion": "1.0"
|
|
}
|
|
]
|
|
SessionTimeout: 60
|
|
displayName: Codesign
|
|
|
|
- script: |
|
|
zip -d $(agent.builddirectory)/VSCode-darwin-$(VSCODE_ARCH).zip "*.pkg"
|
|
displayName: Clean Archive
|
|
|
|
- script: |
|
|
APP_ROOT=$(agent.builddirectory)/VSCode-darwin-$(VSCODE_ARCH)
|
|
APP_NAME="`ls $APP_ROOT | head -n 1`"
|
|
BUNDLE_IDENTIFIER=$(node -p "require(\"$APP_ROOT/$APP_NAME/Contents/Resources/app/product.json\").darwinBundleIdentifier")
|
|
echo "##vso[task.setvariable variable=BundleIdentifier]$BUNDLE_IDENTIFIER"
|
|
displayName: Export bundle identifier
|
|
|
|
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
|
|
inputs:
|
|
ConnectedServiceName: "ESRP CodeSign"
|
|
FolderPath: "$(agent.builddirectory)"
|
|
Pattern: "VSCode-darwin-$(VSCODE_ARCH).zip"
|
|
signConfigType: inlineSignParams
|
|
inlineOperation: |
|
|
[
|
|
{
|
|
"keyCode": "CP-401337-Apple",
|
|
"operationSetCode": "MacAppNotarize",
|
|
"parameters": [
|
|
{
|
|
"parameterName": "BundleId",
|
|
"parameterValue": "$(BundleIdentifier)"
|
|
}
|
|
],
|
|
"toolName": "sign",
|
|
"toolVersion": "1.0"
|
|
}
|
|
]
|
|
SessionTimeout: 60
|
|
displayName: Notarization
|
|
|
|
- script: |
|
|
set -e
|
|
APP_ROOT=$(agent.builddirectory)/VSCode-darwin-$(VSCODE_ARCH)
|
|
APP_NAME="`ls $APP_ROOT | head -n 1`"
|
|
"$APP_ROOT/$APP_NAME/Contents/Resources/app/bin/code" --export-default-configuration=.build
|
|
displayName: Verify start after signing (export configuration)
|
|
condition: and(succeeded(), eq(variables['VSCODE_ARCH'], 'x64'))
|
|
|
|
- script: |
|
|
set -e
|
|
VSCODE_MIXIN_PASSWORD="$(github-distro-mixin-password)" \
|
|
AZURE_DOCUMENTDB_MASTERKEY="$(builds-docdb-key-readwrite)" \
|
|
AZURE_STORAGE_ACCESS_KEY="$(ticino-storage-key)" \
|
|
AZURE_STORAGE_ACCESS_KEY_2="$(vscode-storage-key)" \
|
|
VSCODE_ARCH="$(VSCODE_ARCH)" \
|
|
./build/azure-pipelines/darwin/publish.sh
|
|
displayName: Publish
|
|
|
|
- script: |
|
|
AZURE_STORAGE_ACCESS_KEY="$(ticino-storage-key)" \
|
|
VSCODE_ARCH="$(VSCODE_ARCH)" \
|
|
yarn gulp upload-vscode-configuration
|
|
displayName: Upload configuration (for Bing settings search)
|
|
condition: and(succeeded(), eq(variables['VSCODE_ARCH'], 'x64'))
|
|
continueOnError: true
|
|
|
|
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
|
|
displayName: "Component Detection"
|
|
continueOnError: true
|