* ci: switch PR workflows back to 1ES self-hosted runners with JobId
Re-applies #311975 (reverted in #312033). Adds per-run+attempt JobId
labels to scope 1ES agents to specific GitHub Actions runs and prevent
intermittent runner cancellations.
Also switches the pr.yml compile job's GITHUB_TOKEN from the
ephemeral repo-scoped runner token to secrets.VSCODE_OSS so cross-repo
GitHub API release fetches (vscode-js-debug, vscode-js-debug-companion,
vscode-js-profile-visualizer, etc.) authenticate properly. On 1ES pools
the shared egress IPs hit the anonymous 60/hr api.github.com rate limit
and produced 403 fan-out across PRs last time.
* ci: fall back to GITHUB_TOKEN for fork PRs
Match the historical pattern from before #255987 — fork PRs can't
access secrets.VSCODE_OSS, so use the conditional to pick GITHUB_TOKEN
for forks.
* ci: switch PR workflows back to 1ES self-hosted runners with JobId
Reverts the GitHub-hosted runner switch for ubuntu/windows jobs in pr*.yml
and adds a unique JobId label per job, per the IcM mitigation. The JobId
ensures 1ES pool runs are scoped to a specific GitHub Actions run+attempt,
which prevents the cancellation issues that occurred with bare pool labels.
Pool labels:
- 1es-vscode-oss-ubuntu-22.04-x64
- 1es-vscode-oss-windows-2022-x64
macOS jobs (pr-darwin-test.yml, pr-node-modules macOS) remain on
GitHub-hosted runners as no 1ES macOS pool exists.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* ci: keep pr-linux-test.yml on ubuntu-24.04 GH-hosted runner
Linux electron tests were stabilized by moving to ubuntu-24.04 in #308495
and #309451. Keep that runner GH-hosted while the rest of the PR workflows
use 1ES self-hosted pools.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* ci: include inputs.job_name in JobId for reusable test workflows
pr-win32-test.yml is invoked 3x from pr.yml (Electron/Browser/Remote) and
without a per-invocation discriminator all 3 jobs share the same JobId
within a run, defeating the 1ES per-job scoping. Add inputs.job_name to
the JobId prefix so each invocation is distinct. Apply the same defense
to pr-linux-cli-test.yml for safety.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Run our build scripts directly as typescript #277567
Follow up on #276864
For #277526
* Remove a few more ts-node references
* Fix linux and script reference
* Remove `_build-script` ref
* Fix script missing closing quote
* use type only import
* Fix export
* Make sure to run copy-policy-dto
* Make sure we run the copy-policy-dto script
* Enable `verbatimModuleSyntax`
* Pipelines fixes
* Try adding explicit ext to path
* Fix bad edit
* Revert extra `--`
---------
Co-authored-by: João Moreno <joaomoreno@users.noreply.github.com>
Michael Lively
Raymond Zhao
João Moreno
dependabot[bot]
Matt Bierner
Ladislau Szomoru
Robo
Alexandru Dima