microsoft · jdneo · Jul 17, 2024 · Jul 17, 2024
diff --git a/.azure-pipelines/nightly.yml b/.azure-pipelines/nightly.yml
@@ -63,12 +63,12 @@ extends:
               - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
                 displayName: ESRP CodeSigning
                 inputs:
-                  ConnectedServiceName: 'ESRP-Release-Test'
-                  AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6'
-                  AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
-                  AuthAKVName: 'vscjavaci'
-                  AuthCertName: 'vscjava-esrprelease-auth'
-                  AuthSignCertName: 'VSCJava-CodeSign'
+                  ConnectedServiceName: $(ConnectedServiceName)
+                  AppRegistrationClientId: $(AppRegistrationClientId)
+                  AppRegistrationTenantId: $(AppRegistrationTenantId)
+                  AuthAKVName: $(AuthAKVName)
+                  AuthCertName: $(AuthCertName)
+                  AuthSignCertName: $(AuthSignCertName)
                   FolderPath: plugins
                   Pattern: com.microsoft.java.lombok-*.jar
                   signConfigType: inlineSignParams
@@ -98,7 +98,7 @@ extends:
               - bash: |
                   node ./scripts/build/prepare-nightly-build.js
                 displayName: Set pre-release versions
-              - script: 'npx vsce@latest package --pre-release'
+              - script: 'npx vsce@latest package --pre-release -o extension.vsix'
                 displayName: 'package vsix'
               ### Copy files for APIScan
               - task: CopyFiles@2
@@ -119,8 +119,41 @@ extends:
                 condition: and(succeeded(), ne(variables['DisableAPIScan'], 'true'))
                 env:
                   AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
+              - script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
+                displayName: 'Generate extension manifest'
+              - script: cp extension.manifest extension.signature.p7s
+                displayName: 'Prepare manifest for signing'
+              - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
+                inputs:
+                  ConnectedServiceName: $(ConnectedServiceName)
+                  AppRegistrationClientId: $(AppRegistrationClientId)
+                  AppRegistrationTenantId: $(AppRegistrationTenantId)
+                  AuthAKVName: $(AuthAKVName)
+                  AuthCertName: $(AuthCertName)
+                  AuthSignCertName: $(AuthSignCertName)
+                  FolderPath: '.'
+                  Pattern: 'extension.signature.p7s'
+                  signConfigType: inlineSignParams
+                  inlineOperation: |
+                    [
+                      {
+                        "keyCode": "CP-401405",
+                        "operationSetCode": "VSCodePublisherSign",
+                        "parameters" : [],
+                        "toolName": "sign",
+                        "toolVersion": "1.0"
+                      }
+                    ]
+                  SessionTimeout: 90
+                  MaxConcurrency: 25
+                  MaxRetryAttempts: 5
+                  PendingAnalysisWaitTimeoutMinutes: 5
+                displayName: 'Sign extension'
               - task: CopyFiles@2
                 displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)'
                 inputs:
-                  Contents: '*.vsix'
+                  Contents: |
+                    extension.vsix
+                    extension.manifest
+                    extension.signature.p7s
                   TargetFolder: '$(Build.ArtifactStagingDirectory)'
diff --git a/.azure-pipelines/rc.yml b/.azure-pipelines/rc.yml
@@ -63,12 +63,12 @@ extends:
               - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
                 displayName: ESRP CodeSigning
                 inputs:
-                  ConnectedServiceName: 'ESRP-Release-Test'
-                  AppRegistrationClientId: '1992ee18-e9d2-42d6-ab20-94dd947a44b6'
-                  AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
-                  AuthAKVName: 'vscjavaci'
-                  AuthCertName: 'vscjava-esrprelease-auth'
-                  AuthSignCertName: 'VSCJava-CodeSign'
+                  ConnectedServiceName: $(ConnectedServiceName)
+                  AppRegistrationClientId: $(AppRegistrationClientId)
+                  AppRegistrationTenantId: $(AppRegistrationTenantId)
+                  AuthAKVName: $(AuthAKVName)
+                  AuthCertName: $(AuthCertName)
+                  AuthSignCertName: $(AuthSignCertName)
                   FolderPath: plugins
                   Pattern: com.microsoft.java.lombok-*.jar
                   signConfigType: inlineSignParams
@@ -95,7 +95,7 @@ extends:
               - bash: |
                   npx json@latest -I -f package.json -e "this.aiKey=\"$(AI_KEY)\""
                 displayName: Replace AI Key
-              - script: 'npx vsce@latest package'
+              - script: 'npx vsce@latest package -o extension.vsix'
                 displayName: 'package vsix'
               ### Copy files for APIScan
               - task: CopyFiles@2
@@ -116,8 +116,41 @@ extends:
                 condition: and(succeeded(), ne(variables['DisableAPIScan'], 'true'))
                 env:
                   AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
+              - script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
+                displayName: 'Generate extension manifest'
+              - script: cp extension.manifest extension.signature.p7s
+                displayName: 'Prepare manifest for signing'
+              - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
+                inputs:
+                  ConnectedServiceName: $(ConnectedServiceName)
+                  AppRegistrationClientId: $(AppRegistrationClientId)
+                  AppRegistrationTenantId: $(AppRegistrationTenantId)
+                  AuthAKVName: $(AuthAKVName)
+                  AuthCertName: $(AuthCertName)
+                  AuthSignCertName: $(AuthSignCertName)
+                  FolderPath: '.'
+                  Pattern: 'extension.signature.p7s'
+                  signConfigType: inlineSignParams
+                  inlineOperation: |
+                    [
+                      {
+                        "keyCode": "CP-401405",
+                        "operationSetCode": "VSCodePublisherSign",
+                        "parameters" : [],
+                        "toolName": "sign",
+                        "toolVersion": "1.0"
+                      }
+                    ]
+                  SessionTimeout: 90
+                  MaxConcurrency: 25
+                  MaxRetryAttempts: 5
+                  PendingAnalysisWaitTimeoutMinutes: 5
+                displayName: 'Sign extension'
               - task: CopyFiles@2
                 displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)'
                 inputs:
-                  Contents: '*.vsix'
+                  Contents: |
+                    extension.vsix
+                    extension.manifest
+                    extension.signature.p7s
                   TargetFolder: '$(Build.ArtifactStagingDirectory)'