diff --git a/build/azure-pipelines/linux/codesign.js b/build/azure-pipelines/linux/codesign.js new file mode 100644 index 00000000000..4b69f8aecc9 --- /dev/null +++ b/build/azure-pipelines/linux/codesign.js @@ -0,0 +1,46 @@ +"use strict"; +/*--------------------------------------------------------------------------------------------- + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. See License.txt in the project root for license information. + *--------------------------------------------------------------------------------------------*/ +Object.defineProperty(exports, "__esModule", { value: true }); +const zx_1 = require("zx"); +const publish_1 = require("../common/publish"); +function printBanner(title) { + title = `${title} (${new Date().toISOString()})`; + console.log('\n'); + console.log('#'.repeat(75)); + console.log(`# ${title.padEnd(71)} #`); + console.log('#'.repeat(75)); + console.log('\n'); +} +async function handleProcessPromise(name, promise) { + const result = await promise.pipe(process.stdout); + if (!result.ok) { + throw new Error(`${name} failed: ${result.stderr}`); + } +} +function sign(esrpCliDLLPath, type, folder, glob) { + return (0, zx_1.$) `node build/azure-pipelines/common/sign ${esrpCliDLLPath} ${type} ${folder} ${glob}`; +} +async function main() { + const esrpCliDLLPath = (0, publish_1.e)('EsrpCliDllPath'); + // Start the code sign processes in parallel + // 1. Codesign deb package + // 2. Codesign rpm package + const codesignTask1 = sign(esrpCliDLLPath, 'sign-pgp', '.build/linux/deb', '*.deb'); + const codesignTask2 = sign(esrpCliDLLPath, 'sign-pgp', '.build/linux/rpm', '*.rpm'); + // Codesign deb package + printBanner('Codesign deb package'); + await handleProcessPromise('Codesign deb package', codesignTask1); + // Codesign rpm package + printBanner('Codesign rpm package'); + await handleProcessPromise('Codesign rpm package', codesignTask2); +} +main().then(() => { + process.exit(0); +}, err => { + console.error(err); + process.exit(1); +}); +//# sourceMappingURL=codesign.js.map \ No newline at end of file diff --git a/build/azure-pipelines/linux/codesign.ts b/build/azure-pipelines/linux/codesign.ts new file mode 100644 index 00000000000..4cdab84dbae --- /dev/null +++ b/build/azure-pipelines/linux/codesign.ts @@ -0,0 +1,53 @@ +/*--------------------------------------------------------------------------------------------- + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. See License.txt in the project root for license information. + *--------------------------------------------------------------------------------------------*/ + +import { $, ProcessPromise } from 'zx'; +import { e } from '../common/publish'; + +function printBanner(title: string) { + title = `${title} (${new Date().toISOString()})`; + + console.log('\n'); + console.log('#'.repeat(75)); + console.log(`# ${title.padEnd(71)} #`); + console.log('#'.repeat(75)); + console.log('\n'); +} + +async function handleProcessPromise(name: string, promise: ProcessPromise): Promise { + const result = await promise.pipe(process.stdout); + if (!result.ok) { + throw new Error(`${name} failed: ${result.stderr}`); + } +} + +function sign(esrpCliDLLPath: string, type: 'sign-pgp', folder: string, glob: string): ProcessPromise { + return $`node build/azure-pipelines/common/sign ${esrpCliDLLPath} ${type} ${folder} ${glob}`; +} + +async function main() { + const esrpCliDLLPath = e('EsrpCliDllPath'); + + // Start the code sign processes in parallel + // 1. Codesign deb package + // 2. Codesign rpm package + const codesignTask1 = sign(esrpCliDLLPath, 'sign-pgp', '.build/linux/deb', '*.deb'); + const codesignTask2 = sign(esrpCliDLLPath, 'sign-pgp', '.build/linux/rpm', '*.rpm'); + + // Codesign deb package + printBanner('Codesign deb package'); + await handleProcessPromise('Codesign deb package', codesignTask1); + + // Codesign rpm package + printBanner('Codesign rpm package'); + await handleProcessPromise('Codesign rpm package', codesignTask2); +} + +main().then(() => { + process.exit(0); +}, err => { + console.error(err); + process.exit(1); +}); diff --git a/build/azure-pipelines/linux/product-build-linux.yml b/build/azure-pipelines/linux/product-build-linux.yml index d58f0223c02..6c2853ade3b 100644 --- a/build/azure-pipelines/linux/product-build-linux.yml +++ b/build/azure-pipelines/linux/product-build-linux.yml @@ -287,17 +287,6 @@ steps: GITHUB_TOKEN: "$(github-distro-mixin-password)" displayName: Transpile client and extensions - - ${{ if or(eq(parameters.VSCODE_RUN_ELECTRON_TESTS, true), eq(parameters.VSCODE_RUN_BROWSER_TESTS, true), eq(parameters.VSCODE_RUN_REMOTE_TESTS, true)) }}: - - template: product-build-linux-test.yml@self - parameters: - VSCODE_QUALITY: ${{ parameters.VSCODE_QUALITY }} - VSCODE_RUN_ELECTRON_TESTS: ${{ parameters.VSCODE_RUN_ELECTRON_TESTS }} - VSCODE_RUN_BROWSER_TESTS: ${{ parameters.VSCODE_RUN_BROWSER_TESTS }} - VSCODE_RUN_REMOTE_TESTS: ${{ parameters.VSCODE_RUN_REMOTE_TESTS }} - VSCODE_TEST_ARTIFACT_NAME: ${{ parameters.VSCODE_TEST_ARTIFACT_NAME }} - ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}: - PUBLISH_TASK_NAME: 1ES.PublishPipelineArtifact@1 - - ${{ if and(ne(parameters.VSCODE_CIBUILD, true), ne(parameters.VSCODE_QUALITY, 'oss')) }}: - script: | set -e @@ -365,15 +354,35 @@ steps: Pattern: noop displayName: 'Install ESRP Tooling' - - script: node build/azure-pipelines/common/sign $(Agent.RootDirectory)/_tasks/EsrpCodeSigning_*/*/net6.0/esrpcli.dll sign-pgp .build/linux/deb '*.deb' - env: - SYSTEM_ACCESSTOKEN: $(System.AccessToken) - displayName: Codesign deb + - pwsh: | + . build/azure-pipelines/win32/exec.ps1 + $ErrorActionPreference = "Stop" + $EsrpCodeSigningTool = (gci -directory -filter EsrpCodeSigning_* $(Agent.RootDirectory)/_tasks | Select-Object -last 1).FullName + $Version = (gci -directory $EsrpCodeSigningTool | Select-Object -last 1).FullName + echo "##vso[task.setvariable variable=EsrpCliDllPath]$Version/net6.0/esrpcli.dll" + displayName: Find ESRP CLI - - script: node build/azure-pipelines/common/sign $(Agent.RootDirectory)/_tasks/EsrpCodeSigning_*/*/net6.0/esrpcli.dll sign-pgp .build/linux/rpm '*.rpm' + - script: npx deemon -- npx zx build/azure-pipelines/linux/codesign.js env: + EsrpCliDllPath: $(EsrpCliDllPath) SYSTEM_ACCESSTOKEN: $(System.AccessToken) - displayName: Codesign rpm + displayName: ✍️ Codesign deb & rpm + + - ${{ if or(eq(parameters.VSCODE_RUN_ELECTRON_TESTS, true), eq(parameters.VSCODE_RUN_BROWSER_TESTS, true), eq(parameters.VSCODE_RUN_REMOTE_TESTS, true)) }}: + - template: product-build-linux-test.yml@self + parameters: + VSCODE_QUALITY: ${{ parameters.VSCODE_QUALITY }} + VSCODE_RUN_ELECTRON_TESTS: ${{ parameters.VSCODE_RUN_ELECTRON_TESTS }} + VSCODE_RUN_BROWSER_TESTS: ${{ parameters.VSCODE_RUN_BROWSER_TESTS }} + VSCODE_RUN_REMOTE_TESTS: ${{ parameters.VSCODE_RUN_REMOTE_TESTS }} + VSCODE_TEST_ARTIFACT_NAME: ${{ parameters.VSCODE_TEST_ARTIFACT_NAME }} + ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}: + PUBLISH_TASK_NAME: 1ES.PublishPipelineArtifact@1 + + - ${{ if and(ne(parameters.VSCODE_CIBUILD, true), ne(parameters.VSCODE_QUALITY, 'oss')) }}: + # - script: npx deemon --attach -- npx zx build/azure-pipelines/linux/codesign.js + # condition: succeededOrFailed() + # displayName: "✍️ Post-job: Codesign deb & rpm" - script: echo "##vso[task.setvariable variable=ARTIFACT_PREFIX]attempt$(System.JobAttempt)_" condition: and(succeededOrFailed(), notIn(variables['Agent.JobStatus'], 'Succeeded', 'SucceededWithIssues'))