Skip to content

Commit

Permalink
Migrate to 1ES pipelines (#109)
Browse files Browse the repository at this point in the history 
* Migrate to 1ES pipelines
* Fix pattern
* Update .vscodeignore
  • Loading branch information
@jdneo
jdneo authored Jan 16, 2024
1 parent a667a7f commit 549a236
Show file tree
Hide file tree
Showing 8 changed files with 384 additions and 455 deletions.
125 changes: 64 additions & 61 deletions .azure-pipelines/ci.yml
View file
Original file line number Diff line number Diff line change
@@ -1,63 +1,66 @@
name: $(Date:yyyyMMdd).$(Rev:r)
variables:
- name: Codeql.Enabled
value: true
resources:
repositories:
- repository: self
type: git
ref: refs/heads/main
- repository: 1esPipelines
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
trigger:
- main

jobs:
- job: static_analysis
displayName: Static Code Analysis
branches:
include:
- main
extends:
template: v1/1ES.Unofficial.PipelineTemplate.yml@1esPipelines
parameters:
pool:
vmImage: 'windows-latest'
steps:
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
displayName: 'Run CredScan'
inputs:
toolMajorVersion: V2
verboseOutput: true
debugMode: false
# - task: Semmle@1
# displayName: Code QL for TS/JS
# inputs:
# sourceCodeDirectory: '$(Build.SourcesDirectory)'
# language: 'tsandjs'
# includeNodeModules: false
# querySuite: 'Recommended'
# timeout: '1800'
# ram: '16384'
# addProjectDirToScanningExclusionList: true
- task: PostAnalysis@1
displayName: 'Post Analysis'
inputs:
CredScan: true
# Semmle: true
# SemmleBreakOn: 'Error'
ToolLogsNotFoundAction: 'Standard'

- job: ci
displayName: VS Code Lombok CI
pool:
vmImage: 'ubuntu-latest'
steps:
- task: JavaToolInstaller@0
displayName: 'Use Java 17'
inputs:
versionSpec: 17
jdkArchitectureOption: x64
jdkSourceOption: PreInstalled
- task: Npm@1
displayName: 'npm install'
inputs:
verbose: false
- task: Npm@1
displayName: 'npm run build-server'
inputs:
command: custom
verbose: false
customCommand: 'run build-server'
- script: 'npx vsce@latest package'
displayName: 'package vsix'
- task: CopyFiles@2
displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)'
inputs:
Contents: '*.vsix'
TargetFolder: '$(Build.ArtifactStagingDirectory)'
- task: PublishBuildArtifacts@1
displayName: 'Publish Artifact: drop'
os: linux
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Ubuntu-2004
sdl:
sourceAnalysisPool:
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Windows_2022
os: windows
stages:
- stage: Build
jobs:
- job: Job_1
displayName: VSCode-Test-Runner-CI
templateContext:
outputs:
- output: pipelineArtifact
artifactName: drop
targetPath: $(Build.ArtifactStagingDirectory)
displayName: "Publish Artifact: drop"
steps:
- checkout: self
fetchTags: false
- task: JavaToolInstaller@0
displayName: 'Use Java 17'
inputs:
versionSpec: 17
jdkArchitectureOption: x64
jdkSourceOption: PreInstalled
- task: Npm@1
displayName: 'npm install'
inputs:
verbose: false
- task: Npm@1
displayName: 'npm run build-server'
inputs:
command: custom
verbose: false
customCommand: 'run build-server'
- script: 'npx vsce@latest package'
displayName: 'package vsix'
- task: CopyFiles@2
displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)'
inputs:
Contents: '*.vsix'
TargetFolder: '$(Build.ArtifactStagingDirectory)'
172 changes: 99 additions & 73 deletions .azure-pipelines/nightly.yml
View file
Original file line number Diff line number Diff line change
@@ -1,76 +1,102 @@
name: $(Date:yyyyMMdd).$(Rev:r)
variables:
- name: Codeql.Enabled
value: true
schedules:
- cron: 0 3 * * *
branches:
include:
- main
resources:
repositories:
- repository: self
type: git
ref: refs/heads/main
- repository: 1esPipelines
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
trigger: none
pr: none

schedules:
- cron: "0 3 * * *"
displayName: Daily 3am build
branches:
include:
- main

jobs:
- job: static_analysis
displayName: Static Code Analysis
pool:
vmImage: 'windows-latest'
steps:
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
displayName: 'Run CredScan'
inputs:
toolMajorVersion: V2
verboseOutput: true
debugMode: false
# - task: Semmle@1
# displayName: Code QL for TS/JS
# inputs:
# sourceCodeDirectory: '$(Build.SourcesDirectory)'
# language: 'tsandjs'
# includeNodeModules: false
# querySuite: 'Recommended'
# timeout: '1800'
# ram: '16384'
# addProjectDirToScanningExclusionList: true
- task: PostAnalysis@1
displayName: 'Post Analysis'
inputs:
CredScan: true
# Semmle: true
# SemmleBreakOn: 'Error'
ToolLogsNotFoundAction: 'Standard'

- job: ci
displayName: VS Code Lombok CI
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
parameters:
pool:
vmImage: 'ubuntu-latest'
steps:
- task: JavaToolInstaller@0
displayName: 'Use Java 17'
inputs:
versionSpec: 17
jdkArchitectureOption: x64
jdkSourceOption: PreInstalled
- task: Npm@1
displayName: 'npm install'
inputs:
verbose: false
- task: Npm@1
displayName: 'npm run build-server'
inputs:
command: custom
verbose: false
customCommand: 'run build-server'
- bash: |
npx json@latest -I -f package.json -e "this.aiKey=\"$(AI_KEY)\""
displayName: Replace AI Key
- bash: |
node ./scripts/build/prepare-nightly-build.js
displayName: Set pre-release versions
- script: 'npx vsce@latest package --pre-release'
displayName: 'package vsix'
- task: CopyFiles@2
displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)'
inputs:
Contents: '*.vsix'
TargetFolder: '$(Build.ArtifactStagingDirectory)'
- task: PublishBuildArtifacts@1
displayName: 'Publish Artifact: drop'
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Ubuntu-2004
os: linux
sdl:
sourceAnalysisPool:
name: 1ES_JavaTooling_Pool
image: 1ES_JavaTooling_Windows_2022
os: windows
stages:
- stage: Build
jobs:
- job: Job_1
displayName: VSCode-Test-Runner-Nightly
templateContext:
outputs:
- output: pipelineArtifact
artifactName: drop
targetPath: $(Build.ArtifactStagingDirectory)
displayName: "Publish Artifact: drop"
steps:
- checkout: self
fetchTags: true
- task: JavaToolInstaller@0
displayName: 'Use Java 17'
inputs:
versionSpec: 17
jdkArchitectureOption: x64
jdkSourceOption: PreInstalled
- task: Npm@1
displayName: 'npm install'
inputs:
verbose: false
- task: Npm@1
displayName: 'npm run build-server'
inputs:
command: custom
verbose: false
customCommand: 'run build-server'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@2
displayName: ESRP CodeSigning
inputs:
ConnectedServiceName: vscjavaci_codesign
FolderPath: plugins
Pattern: com.microsoft.java.lombok-*.jar
signConfigType: inlineSignParams
inlineOperation: |-
[
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaSign",
"Parameters" : {
"SigAlg" : "SHA256withRSA",
"Timestamp" : "-tsa http://sha256timestamp.ws.digicert.com/sha256/timestamp"
},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-447347-Java",
"OperationCode" : "JavaVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
- bash: |
npx json@latest -I -f package.json -e "this.aiKey=\"$(AI_KEY)\""
displayName: Replace AI Key
- bash: |
node ./scripts/build/prepare-nightly-build.js
displayName: Set pre-release versions
- script: 'npx vsce@latest package --pre-release'
displayName: 'package vsix'
- task: CopyFiles@2
displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)'
inputs:
Contents: '*.vsix'
TargetFolder: '$(Build.ArtifactStagingDirectory)'
Loading

0 comments on commit 549a236

Please sign in to comment.