After discussions with the team, the CI/CD design we're going for is: two pipelines 1. Build and 2. Release. Build will build/package/test AND sign. And upload the signed bits. Release will just download the bits, and release it using vsce.
In this PR:
Move from the 1ES template to the MicroBuild template. They are basically the same so there were little breaking changes.
Enable the signing toolset which is auto installed thanks to the new MicroBuild template
Add a new sign template that uses vsce to generate a manifest (the file that is used for signing)
Use MSBuild to sign the extensions
The changes in the pipelines will look for a ".azure-pipelines/SignExtension.signproj" file in the repo and will sign the extension if present. I will be adding this and the below change to each extension.
Template consumers will have to add the following to their 1esmain.yml. This is required by the MicroBuild template that we are now using. I can't figure out a way to avoid this.
variables:
# Required by MicroBuild template
- name: TeamName
value: "Azure Tools for VS Code"
After discussions with the team, the CI/CD design we're going for is: two pipelines 1. Build and 2. Release. Build will build/package/test AND sign. And upload the signed bits. Release will just download the bits, and release it using vsce.
In this PR:
The changes in the pipelines will look for a ".azure-pipelines/SignExtension.signproj" file in the repo and will sign the extension if present. I will be adding this and the below change to each extension.
Template consumers will have to add the following to their 1esmain.yml. This is required by the MicroBuild template that we are now using. I can't figure out a way to avoid this.
See https://github.com/microsoft/vscode-azureresourcegroups/pull/907 for what these changes will look like.