search

microsoft / vscode-azuretools

Common packages for building Azure extensions for VS Code
MIT License
106 stars 66 forks source link

azure-pipelines: Add steps to sign extensions with MSBuild #1775

Closed alexweininger closed 3 weeks ago

alexweininger commented 3 weeks ago

After discussions with the team, the CI/CD design we're going for is: two pipelines 1. Build and 2. Release. Build will build/package/test AND sign. And upload the signed bits. Release will just download the bits, and release it using vsce.

In this PR:

  1. Move from the 1ES template to the MicroBuild template. They are basically the same so there were little breaking changes.
  2. Enable the signing toolset which is auto installed thanks to the new MicroBuild template
  3. Add a new sign template that uses vsce to generate a manifest (the file that is used for signing)
  4. Use MSBuild to sign the extensions

The changes in the pipelines will look for a ".azure-pipelines/SignExtension.signproj" file in the repo and will sign the extension if present. I will be adding this and the below change to each extension.

Template consumers will have to add the following to their 1esmain.yml. This is required by the MicroBuild template that we are now using. I can't figure out a way to avoid this.

variables:
  # Required by MicroBuild template
  - name: TeamName
    value: "Azure Tools for VS Code"

See https://github.com/microsoft/vscode-azureresourcegroups/pull/907 for what these changes will look like.

alexweininger commented 3 weeks ago

I'm going to wait to merge this until most (if not all) the consumers are ready. I'm pretty sure I have all the PRs made.