azure-pipelines: Add steps to sign extensions with MSBuild #1775

alexweininger · 2024-08-23T18:47:29Z

After discussions with the team, the CI/CD design we're going for is: two pipelines 1. Build and 2. Release. Build will build/package/test AND sign. And upload the signed bits. Release will just download the bits, and release it using vsce.

In this PR:

Move from the 1ES template to the MicroBuild template. They are basically the same so there were little breaking changes.
Enable the signing toolset which is auto installed thanks to the new MicroBuild template
Add a new sign template that uses vsce to generate a manifest (the file that is used for signing)
Use MSBuild to sign the extensions

The changes in the pipelines will look for a ".azure-pipelines/SignExtension.signproj" file in the repo and will sign the extension if present. I will be adding this and the below change to each extension.

Template consumers will have to add the following to their 1esmain.yml. This is required by the MicroBuild template that we are now using. I can't figure out a way to avoid this.

variables:
  # Required by MicroBuild template
  - name: TeamName
    value: "Azure Tools for VS Code"

See microsoft/vscode-azureresourcegroups#907 for what these changes will look like.

azure-pipelines/templates/stage-artifacts.yml

azure-pipelines/templates/sign.yml

alexweininger · 2024-08-23T20:00:35Z

I'm going to wait to merge this until most (if not all) the consumers are ready. I'm pretty sure I have all the PRs made.

alexweininger added 30 commits August 2, 2024 14:48

Use MicroBuild template

bccd6da

Add teamname

7596666

undo

2de1b58

Add TeamName variable

34f87e7

remove team name

c597cb2

Add sign step

8a4c1dd

Add install signing plugin task

9df3746

enable mb signing toolset

5e2b357

Remove other sign step

e40af3e

edit

81b5767

use copy instead of cp

2e0ab5d

slash

19a0d40

Use repo name for vsix

795f24c

Fixup

3dc2d69

Get version from package.json

d23efaa

fixup

03c7f2a

Fixup

bf14fad

Fixup

8443c9f

Fixup

13174de

Upload package.json as build artifact

86d5d90

Fixup

b9d8879

Upload package.json

77b8c45

Fixup

8c98d05

Make it even stronger

94fca88

Fixes

0659bed

work

2b67715

Sign with MSBuild

5c2d846

Organize yaml

0458a7d

Fixup

3456fe2

use bash

86d0804

alexweininger added 13 commits August 23, 2024 13:36

Fixup

91d8744

Fixup

35a2364

Fixup

f4d1e55

Fixup

badb159

Remove

9de63e9

Remove comments

217c108

Fixup

f32608d

Fixup

2041d82

Define variable

398bf24

Try this

f3276fb

Undo

57215da

Edit readme

205aa2e

Merge remote-tracking branch 'origin' into alex/sign-with-msbuild

ce8c8b0

alexweininger requested a review from a team as a code owner August 23, 2024 18:47

alexweininger mentioned this pull request Aug 23, 2024

Sign with MSBuild microsoft/vscode-azureresourcegroups#907

Merged

bwateratmsft reviewed Aug 23, 2024

View reviewed changes

azure-pipelines/templates/stage-artifacts.yml Show resolved Hide resolved

azure-pipelines/templates/sign.yml Outdated Show resolved Hide resolved

alexweininger added 2 commits August 23, 2024 15:21

Try moving csproj

68b29a4

Update instructions

fa0a985

bwateratmsft approved these changes Aug 23, 2024

View reviewed changes

alexweininger merged commit d3c4079 into main Aug 26, 2024
4 checks passed

alexweininger deleted the alex/sign-with-msbuild branch August 26, 2024 20:34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

azure-pipelines: Add steps to sign extensions with MSBuild #1775

azure-pipelines: Add steps to sign extensions with MSBuild #1775

alexweininger commented Aug 23, 2024 •

edited

Loading

alexweininger commented Aug 23, 2024

azure-pipelines: Add steps to sign extensions with MSBuild #1775

azure-pipelines: Add steps to sign extensions with MSBuild #1775

Conversation

alexweininger commented Aug 23, 2024 • edited Loading

alexweininger commented Aug 23, 2024

alexweininger commented Aug 23, 2024 •

edited

Loading