Merge pull request #1711 from microsoft/dev/gcampbell/UpdatePipelines

Update pipelines to use common template.

Author: gcampbell-msft

azure-pipelines.yml

@@ -4,38 +4,53 @@
 name: $(Date:yyyyMMdd)$(Rev:.r).0-$(SourceBranchName)
 
 parameters:
-  - name: SignTypeOverride
-    displayName: Signing type override
-    type: string
-    default: default
-    values:
-      - default
-      - test
-      - real
+- name: SignTypeOverride
+  displayName: Signing type override
+  type: string
+  default: default
+  values:
+  - default
+  - test
+  - real
 
 pr:
   - main
 
 trigger:
   branches:
     include:
-      - main
+    - main
   tags:
     include:
-      - v*
-
-pool:
-  name: VSEngSS-MicroBuild2019-1ES
+    - v*
 
 variables:
-  # If the user didn't override the signing type, then only real-sign on tags or
-  # the main branch.
   ${{ if ne(parameters.SignTypeOverride, 'default') }}:
     SignType: ${{ parameters.SignTypeOverride }}
   ${{ if and(eq(parameters.SignTypeOverride, 'default'), or(startsWith(variables['Build.SourceBranch'], 'refs/tags'), eq(variables['Build.SourceBranchName'], 'main'))) }}:
     SignType: real
   ${{ if and(eq(parameters.SignTypeOverride, 'default'), not(or(startsWith(variables['Build.SourceBranch'], 'refs/tags'), eq(variables['Build.SourceBranchName'], 'main')))) }}:
     SignType: test
 
-jobs:
-  - template: build/build.yml
+resources:
+  repositories:
+  - repository: MicroBuildTemplate
+    type: git
+    name: 1ESPipelineTemplates/MicroBuildTemplate
+    ref: refs/tags/release
+
+extends:
+  template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
+  parameters:
+    pool:
+      name: VSEngSS-MicroBuild2022-1ES
+    sdl:
+      sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES
+      spotBugs:
+        enabled: false # Turn this off, this isn't java.
+    customBuildTags:
+    - ES365AIMigrationTooling
+    stages:
+    - stage: stage
+      jobs:
+      - template: /build/build.yml@self

build/build.yml

@@ -2,163 +2,127 @@
 # Licensed under the MIT License.
 
 parameters:
-  - name: prerelease
-    type: boolean
-    default: false
+- name: prerelease
+  type: boolean
+  default: false
 
 jobs:
-  - job: Build
-    pool:
-      name: VSEngSS-MicroBuild2019-1ES
-    variables:
-      # MicroBuild requires TeamName to be set.
-      TeamName: C++ Cross Platform and Cloud
-    steps:
-      - task: MicroBuildSigningPlugin@3
-        displayName: Install MicroBuild Signing
-        inputs:
-          signType: $(SignType)
-          zipSources: false
-        # MicroBuild signing will always fail on public PRs.
-        condition: ne(variables['Build.Reason'], 'PullRequest')
-
-      # Run these scanners first so that they don't detect issues in dependencies.
-      # Failures won't break the build until "Check for compliance errors" step.
-      - task: CredScan@3
-        displayName: Run CredScan
-        inputs:
-          toolMajorVersion: V2
-      - task: PoliCheck@2
-        displayName: Run PoliCheck
-        inputs:
-          targetType: F
-          targetArgument: $(Build.SourcesDirectory)
-
-      # Node 14 matches the version of Node used by VS Code when this was written,
-      # but it should be updated when VS Code updates its Node version.
-      - task: NodeTool@0
-        displayName: Use Node 16.x
-        inputs:
-          versionSpec: 16.x
-
-      # Override the patch version if this is a pre-release build.
-      - ${{ if parameters.prerelease }}:
-          - pwsh: node -e "p=require('./package.json');p.version=p.version.replace(/\.\d+$/,'.'+$(Build.BuildNumber));require('fs').writeFileSync('./package.json',JSON.stringify(p,undefined,2))"
-
-      - script: npm install --global gulp node-gyp @vscode/vsce
-        displayName: Install global dependencies
-      - script: npm install
-        displayName: Install project dependencies
-
-      - task: ComponentGovernanceComponentDetection@0
-        displayName: Detect components
-      - task: notice@0
-        displayName: Generate NOTICE file
-        inputs:
-          outputfile: $(Build.SourcesDirectory)/NOTICE.txt
-        condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest'))
-
-      - script: gulp tslint
-        displayName: Check for linting errors
-      - script: gulp genAikey
-        displayName: Use production AI key
-        condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags'))
-      # Pack the extension now even though it's unsigned so that we ignore files
-      # from .vscodeignore. This will reduce load on the signing server later and
-      # ensure we only attempt to sign shipping files.
-      - ${{ if parameters.prerelease }}:
-          - script: node build/package.js --pre-release
-            displayName: Build and pack extension
-      - ${{ else }}:
-          - script: node build/package.js
-            displayName: Build and pack extension
-
-      # Extract the VSIXes, sign what we can, then pack it back up and publish it.
-      - pwsh: |
-          $path = Join-Path $Env:TEMP "7z-installer.exe"
-          Invoke-WebRequest https://www.7-zip.org/a/7z2201-x64.exe -OutFile $path
-          Start-Process -FilePath $path -Args "/S" -Verb RunAs -Wait
-          Remove-Item $path
-          Echo "##vso[task.prependpath]$Env:PROGRAMFILES\7-Zip\"
-        displayName: Install 7zip
-      - pwsh: Get-ChildItem out\vsix | Foreach-Object { 7z x $_.FullName -o$(Build.StagingDirectory)\vscode-arduino\$($_.BaseName) }
-        displayName: Extract extension for signing
-      - task: NuGetToolInstaller@1
-        displayName: Install NuGet
-      - task: NuGetAuthenticate@0
-        displayName: Authenticate NuGet
-      - script: nuget restore .\build\SignFiles.proj -PackagesDirectory .\build\packages
-        displayName: Restore MicroBuild Core
-        # MicroBuild signing will always fail on public PRs.
-        condition: ne(variables['Build.Reason'], 'PullRequest')
-      - task: MSBuild@1
-        displayName: Sign files
-        inputs:
-          solution: .\build\SignFiles.proj
-          msbuildArguments: /p:SignType=$(SignType)
-        # MicroBuild signing will always fail on public PRs.
-        condition: ne(variables['Build.Reason'], 'PullRequest')
-      - pwsh: |
-            Get-ChildItem -Directory $(Build.StagingDirectory)\vscode-arduino | Foreach-Object { 7z a ($_.FullName + ".vsix") ($_.FullName + "\*") -tzip }
-            New-Item -Path $(Build.StagingDirectory)\vscode-arduino\vsix -ItemType Directory
-            Get-Item $(Build.StagingDirectory)\vscode-arduino\*.vsix | Move-Item -Destination $(Build.StagingDirectory)\vscode-arduino\vsix
-        displayName: Pack signed files
-      - task: MSBuild@1
-        displayName: Sign VSIXes
-        inputs:
-          solution: .\build\SignVsix.proj
-          msbuildArguments: /p:SignType=$(SignType)
-        # MicroBuild signing will always fail on public PRs.
-        condition: ne(variables['Build.Reason'], 'PullRequest')
-      - publish: $(Build.StagingDirectory)\vscode-arduino\vsix
-        artifact: extension-vsixes
-        displayName: Publish extension VSIXes as artifact
-
-      # Install the Arduino IDE and run tests.
-      - script: curl -LO https://downloads.arduino.cc/arduino-1.8.19-windows.zip
-        displayName: Download Arduino IDE
-      - script: >-
-          node build/checkHash.js arduino-1.8.19-windows.zip
-          c704a821089eab2588f1deae775916219b1517febd1dd574ff29958dca873945
-        displayName: Verify Arduino IDE
-      - task: ExtractFiles@1
-        displayName: Extract Arduino IDE
-        inputs:
-          archiveFilePatterns: arduino-1.8.19-windows.zip
-          destinationFolder: arduino-ide
-      - script: "echo ##vso[task.prependpath]$(Build.SourcesDirectory)\\arduino-ide\\arduino-1.8.19"
-        displayName: Add Arduino IDE to PATH
-      - script: npm test --silent
-        displayName: Run tests
-
-      - task: PostAnalysis@2
-        displayName: Check for compliance errors
-        # To avoid spirious warnings about missing logs, explicitly declare what we scanned.
-        inputs:
-          CredScan: true
-          PoliCheck: true
-
-      # Trust Services Automation (TSA) can automatically open bugs for compliance issues.
-      # https://www.1eswiki.com/wiki/Trust_Services_Automation_(TSA)
-      - task: TSAUpload@2
-        displayName: Upload logs to TSA
-        inputs:
-          GdnPublishTsaOnboard: true
-          GdnPublishTsaConfigFile: $(Build.SourcesDirectory)\build\tsa.gdntsa
-        # Don't open bugs for PR builds
-        condition: ne(variables['Build.Reason'], 'PullRequest')
-
-      - task: GitHubRelease@0
-        displayName: Publish to GitHub
-        inputs:
-          gitHubConnection: embeddedbot
-          repositoryName: microsoft/vscode-arduino
-          action: create
-          target: $(Build.SourceVersion)
-          tagSource: auto
-          assets: $(Build.StagingDirectory)\vscode-arduino\vsix\*.vsix
-          isPreRelease: $[contains(variables['Build.SourceBranch'], '-rc')]
-        condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags'))
-
-      - task: MicroBuildCleanup@1
-        displayName: Clean up MicroBuild
+- job: Build
+  pool: 
+    name: VSEngSS-MicroBuild2022-1ES
+  variables:
+    TeamName: C++ Cross Platform and Cloud
+  templateContext:
+    sdl:
+    ${{ if ne(variables['Build.Reason'], 'PullRequest') }}:
+      tsa:
+        enabled: true
+        GdnPublishTsaOnboard: true
+        GdnPublishTsaConfigFile: $(Build.SourcesDirectory)\build\tsa.gdntsa
+    outputs:
+    - output: pipelineArtifact
+      displayName: 'Publish extension VSIXes as artifact'
+      targetPath: $(Build.StagingDirectory)\vscode-arduino\vsix
+      artifactName: extension-vsixes
+      sbomBuildDropPath: $(Build.SourcesDirectory)
+  steps:
+  - task: MicroBuildSigningPlugin@3
+    displayName: Install MicroBuild Signing
+    inputs:
+      signType: $(SignType)
+      zipSources: false
+    condition: ne(variables['Build.Reason'], 'PullRequest')
+  - task: NodeTool@0
+    displayName: Use Node 16.x
+    inputs:
+      versionSpec: 16.x
+  - ${{ if parameters.prerelease }}:
+    - pwsh: node -e "p=require('./package.json');p.version=p.version.replace(/\.\d+$/,'.'+$(Build.BuildNumber));require('fs').writeFileSync('./package.json',JSON.stringify(p,undefined,2))"
+  - script: npm install --global gulp node-gyp @vscode/vsce
+    displayName: Install global dependencies
+  - script: npm install
+    displayName: Install project dependencies
+  - task: ComponentGovernanceComponentDetection@0
+    displayName: Detect components
+  - task: notice@0
+    displayName: Generate NOTICE file
+    inputs:
+      outputfile: $(Build.SourcesDirectory)/NOTICE.txt
+    condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest'))
+  - script: gulp tslint
+    displayName: Check for linting errors
+  - script: gulp genAikey
+    displayName: Use production AI key
+    condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags'))
+  - ${{ if parameters.prerelease }}:
+    - script: node build/package.js --pre-release
+      displayName: Build and pack extension
+  - ${{ else }}:
+    - script: node build/package.js
+      displayName: Build and pack extension
+  - pwsh: |
+      $path = Join-Path $Env:TEMP "7z-installer.exe"
+      Invoke-WebRequest https://www.7-zip.org/a/7z2201-x64.exe -OutFile $path
+      Start-Process -FilePath $path -Args "/S" -Verb RunAs -Wait
+      Remove-Item $path
+      Echo "##vso[task.prependpath]$Env:PROGRAMFILES\7-Zip\"
+    displayName: Install 7zip
+  - pwsh: Get-ChildItem out\vsix | Foreach-Object { 7z x $_.FullName -o$(Build.StagingDirectory)\vscode-arduino\$($_.BaseName) }
+    displayName: Extract extension for signing
+  - task: NuGetToolInstaller@1
+    displayName: Install NuGet
+  - task: NuGetAuthenticate@0
+    displayName: Authenticate NuGet
+  - script: nuget restore .\build\SignFiles.proj -PackagesDirectory .\build\packages
+    displayName: Restore MicroBuild Core
+    condition: ne(variables['Build.Reason'], 'PullRequest')
+  - task: MSBuild@1
+    displayName: Sign files
+    inputs:
+      solution: .\build\SignFiles.proj
+      msbuildArguments: /p:SignType=$(SignType)
+    condition: ne(variables['Build.Reason'], 'PullRequest')
+  - pwsh: |
+      Get-ChildItem -Directory $(Build.StagingDirectory)\vscode-arduino | Foreach-Object { 7z a ($_.FullName + ".vsix") ($_.FullName + "\*") -tzip }
+      New-Item -Path $(Build.StagingDirectory)\vscode-arduino\vsix -ItemType Directory
+      Get-Item $(Build.StagingDirectory)\vscode-arduino\*.vsix | Move-Item -Destination $(Build.StagingDirectory)\vscode-arduino\vsix
+    displayName: Pack signed files
+  - task: MSBuild@1
+    displayName: Sign VSIXes
+    inputs:
+      solution: .\build\SignVsix.proj
+      msbuildArguments: /p:SignType=$(SignType)
+    condition: ne(variables['Build.Reason'], 'PullRequest')
+  - script: curl -LO https://downloads.arduino.cc/arduino-1.8.19-windows.zip
+    displayName: Download Arduino IDE
+  - script: >-
+      node build/checkHash.js arduino-1.8.19-windows.zip c704a821089eab2588f1deae775916219b1517febd1dd574ff29958dca873945
+    displayName: Verify Arduino IDE
+  - task: ExtractFiles@1
+    displayName: Extract Arduino IDE
+    inputs:
+      archiveFilePatterns: arduino-1.8.19-windows.zip
+      destinationFolder: arduino-ide
+  - script: "echo ##vso[task.prependpath]$(Build.SourcesDirectory)\\arduino-ide\\arduino-1.8.19"
+    displayName: Add Arduino IDE to PATH
+  - script: npm test --silent
+    displayName: Run tests
+  - task: PostAnalysis@2
+    displayName: Check for compliance errors
+    inputs:
+      CredScan: true
+      PoliCheck: true
+    condition: ne(variables['Build.Reason'], 'PullRequest')
+  - task: GitHubRelease@0
+    displayName: Publish to GitHub
+    inputs:
+      gitHubConnection: embeddedbot
+      repositoryName: microsoft/vscode-arduino
+      action: create
+      target: $(Build.SourceVersion)
+      tagSource: auto
+      assets: $(Build.StagingDirectory)\vscode-arduino\vsix\*.vsix
+      isPreRelease: $[contains(variables['Build.SourceBranch'], '-rc')]
+    condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags'))
+  - task: MicroBuildCleanup@1
+    displayName: Clean up MicroBuild

build/package.js

@@ -10,7 +10,7 @@ const flags = argv.slice(2).join(" ");
 // Taken from https://code.visualstudio.com/api/working-with-extensions/publishing-extension#platformspecific-extensions
 const platforms = [
   "win32-x64",
-  "win32-ia32",
+  // "win32-ia32", This is no longer supported by vscode based on the link above.
   "win32-arm64",
   "linux-x64",
   "linux-arm64",