Adopt 1ES PT (#207844)

* extend 1es pipeline template * oops * fix template references * argh * hmm * hm * hm * use outputs for compilation artifact * this * use 1ES.PublishPipelineArtifact@1 instead of publish * more 1ES.PublishPipelineArtifact@1 adoption * provide windows pool for sdl sources * sdl * fix pools * fix macos * disable sbom for intermediate artifacts * use mariner linux * try inline tsa options * fix credscan * hm * sudo it * more suppressions * be explicit with SBOM build drop paths * fix indentation * fix file extensions * fix cli sbom build drop paths * fix more build * fix unzip cli * careful with _manifest in artifacts * do not close file * add logging * debug * use snapcraft container * remove size check * fix macos cli step * fix snap permissions * fix macos * better logs * fix snap * more cred scan suppressions * even more supressiong * alpine-arm64: try using x64 * Revert "alpine-arm64: try using x64" This reverts commit bf2003bf60. * test docker * I wonder * logs * hm * fix indentation * hm * hm * fix snap finds * remove auth * use hostArchitecture * snap: limit find * hm * sudo * Add validateToolOutput: None to the build pipeline * bring back sdl-scan * try all tools: true * use release * Update Azure Pipelines YAML file for Linux product build and test * hm * hm * same for win32 * hm * hm * Revert "hm" This reverts commit 1b9dcae85b. * use branch * fix template file * fix template paths
2026-04-20 16:49:06 +01:00 · 2024-03-21 14:16:32 +01:00
parent e3cf2530e6
commit e5515ac702
34 changed files with 1040 additions and 974 deletions
--- a/build/azure-pipelines/linux/cli-build-linux.yml
+++ b/build/azure-pipelines/linux/cli-build-linux.yml
@@ -22,7 +22,7 @@ steps:
      nodejsMirror: https://github.com/joaomoreno/node-mirror/releases/download

  - ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}:
-    - template: ../cli/cli-apply-patches.yml
+    - template: ../cli/cli-apply-patches.yml@self

  - task: Npm@1
    displayName: Download openssl prebuilt
@@ -79,7 +79,7 @@ steps:
      mkdir -p $(Build.SourcesDirectory)/.build
    displayName: Create .build folder for misc dependencies

-  - template: ../cli/install-rust-posix.yml
+  - template: ../cli/install-rust-posix.yml@self
    parameters:
      targets:
        - ${{ if eq(parameters.VSCODE_BUILD_LINUX_ARM64, true) }}:
@@ -90,7 +90,7 @@ steps:
          - armv7-unknown-linux-gnueabihf

  - ${{ if eq(parameters.VSCODE_BUILD_LINUX_ARM64, true) }}:
-    - template: ../cli/cli-compile.yml
+    - template: ../cli/cli-compile.yml@self
      parameters:
        VSCODE_QUALITY: ${{ parameters.VSCODE_QUALITY }}
        VSCODE_CLI_TARGET: aarch64-unknown-linux-gnu
@@ -102,7 +102,7 @@ steps:
          SYSROOT_ARCH: arm64

  - ${{ if eq(parameters.VSCODE_BUILD_LINUX, true) }}:
-    - template: ../cli/cli-compile.yml
+    - template: ../cli/cli-compile.yml@self
      parameters:
        VSCODE_QUALITY: ${{ parameters.VSCODE_QUALITY }}
        VSCODE_CLI_TARGET: x86_64-unknown-linux-gnu
@@ -114,7 +114,7 @@ steps:
          SYSROOT_ARCH: amd64

  - ${{ if eq(parameters.VSCODE_BUILD_LINUX_ARMHF, true) }}:
-    - template: ../cli/cli-compile.yml
+    - template: ../cli/cli-compile.yml@self
      parameters:
        VSCODE_QUALITY: ${{ parameters.VSCODE_QUALITY }}
        VSCODE_CLI_TARGET: armv7-unknown-linux-gnueabihf
@@ -125,20 +125,33 @@ steps:
          OPENSSL_INCLUDE_DIR: $(Build.ArtifactStagingDirectory)/openssl/arm-linux/include
          SYSROOT_ARCH: armhf

-  - ${{ if eq(parameters.VSCODE_BUILD_LINUX_ARMHF, true) }}:
-    - template: ../cli/cli-publish.yml
-      parameters:
-        VSCODE_CLI_ARTIFACT: vscode_cli_linux_armhf_cli
-        VSCODE_CHECK_ONLY: ${{ parameters.VSCODE_CHECK_ONLY }}
+  - ${{ if not(parameters.VSCODE_CHECK_ONLY) }}:
+    - ${{ if eq(parameters.VSCODE_BUILD_LINUX_ARMHF, true) }}:
+      - task: 1ES.PublishPipelineArtifact@1
+        inputs:
+          targetPath: $(Build.ArtifactStagingDirectory)/vscode_cli_linux_armhf_cli.tar.gz
+          artifactName: vscode_cli_linux_armhf_cli
+          sbomBuildDropPath: $(Build.ArtifactStagingDirectory)/cli
+          sbomPackageName: "VS Code Linux armhf CLI"
+          sbomPackageVersion: $(Build.SourceVersion)
+        displayName: Publish vscode_cli_linux_armhf_cli artifact

-  - ${{ if eq(parameters.VSCODE_BUILD_LINUX, true) }}:
-    - template: ../cli/cli-publish.yml
-      parameters:
-        VSCODE_CLI_ARTIFACT: vscode_cli_linux_x64_cli
-        VSCODE_CHECK_ONLY: ${{ parameters.VSCODE_CHECK_ONLY }}
+    - ${{ if eq(parameters.VSCODE_BUILD_LINUX, true) }}:
+      - task: 1ES.PublishPipelineArtifact@1
+        inputs:
+          targetPath: $(Build.ArtifactStagingDirectory)/vscode_cli_linux_x64_cli.tar.gz
+          artifactName: vscode_cli_linux_x64_cli
+          sbomBuildDropPath: $(Build.ArtifactStagingDirectory)/cli
+          sbomPackageName: "VS Code Linux x64 CLI"
+          sbomPackageVersion: $(Build.SourceVersion)
+        displayName: Publish vscode_cli_linux_x64_cli artifact

-  - ${{ if eq(parameters.VSCODE_BUILD_LINUX_ARM64, true) }}:
-    - template: ../cli/cli-publish.yml
-      parameters:
-        VSCODE_CLI_ARTIFACT: vscode_cli_linux_arm64_cli
-        VSCODE_CHECK_ONLY: ${{ parameters.VSCODE_CHECK_ONLY }}
+    - ${{ if eq(parameters.VSCODE_BUILD_LINUX_ARM64, true) }}:
+      - task: 1ES.PublishPipelineArtifact@1
+        inputs:
+          targetPath: $(Build.ArtifactStagingDirectory)/vscode_cli_linux_arm64_cli.tar.gz
+          artifactName: vscode_cli_linux_arm64_cli
+          sbomBuildDropPath: $(Build.ArtifactStagingDirectory)/cli
+          sbomPackageName: "VS Code Linux arm64 CLI"
+          sbomPackageVersion: $(Build.SourceVersion)
+        displayName: Publish vscode_cli_linux_arm64_cli artifact