diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f0d811a1..5b909550 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,4 +1,8 @@
-name: CI-Tests
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+name: CI
+
on:
push:
branches:
@@ -11,110 +15,73 @@ on:
- master
- dev
-
jobs:
build:
- runs-on: ${{ matrix.os }}
+ runs-on: ${{ matrix.os }}
strategy:
+ fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest, windows-latest ]
-
+
steps:
- - name: checkout
+ - name: Checkout
uses: actions/checkout@v2
- - name: get node
- uses: actions/setup-node@v1
+
+ # Node 14 matches the version of Node used by VS Code when this was
+ # written, but it should be updated when VS Code updates its Node version.
+ # Node needs to be installed before OS-specific setup so that we can run
+ # the hash verification script.
+ - name: Use Node 14.x
+ uses: actions/setup-node@v2
with:
- node-version: 11.x
- - name: linux setup
+ node-version: 14.x
+
+ - name: Windows setup
+ if: ${{ matrix.os == 'windows-latest' }}
+ run: |
+ curl -LO https://downloads.arduino.cc/arduino-1.8.19-windows.zip
+ node build/checkHash.js arduino-1.8.19-windows.zip `
+ c704a821089eab2588f1deae775916219b1517febd1dd574ff29958dca873945
+ 7z x arduino-1.8.19-windows.zip -o"$Env:TEMP\arduino-ide"
+ echo "$Env:TEMP\arduino-ide\arduino-1.8.19" | Out-File -FilePath $env:GITHUB_PATH -Append
+ - name: Linux setup
if: ${{ matrix.os == 'ubuntu-latest' }}
run: |
export CXX="g++-4.9" CC="gcc-4.9" DISPLAY=:99.0
sleep 3
- wget https://downloads.arduino.cc/arduino-1.8.2-linux64.tar.xz -P /home/$USER
- tar -xvf /home/$USER/arduino-1.8.2-linux64.tar.xz -C /home/$USER/
- sudo ln -s /home/$USER/arduino-1.8.2/arduino /usr/bin/arduino
+ wget https://downloads.arduino.cc/arduino-1.8.19-linux64.tar.xz -P /home/$USER
+ node build/checkHash.js /home/$USER/arduino-1.8.19-linux64.tar.xz \
+ eb68bddc1d1c0120be2fca1350a03ee34531cf37f51847b21210b6e70545bc9b
+ tar -xvf /home/$USER/arduino-1.8.19-linux64.tar.xz -C /home/$USER/
+ sudo ln -s /home/$USER/arduino-1.8.19/arduino /usr/bin/arduino
sudo apt-get update
- sudo apt-get install g++-multilib
- sudo apt-get install -y build-essential
- sudo apt-get install libudev-dev
- - name: macos setup
+ sudo apt-get install -y g++-multilib build-essential libudev-dev
+ - name: macOS setup
if: ${{ matrix.os == 'macos-latest' }}
- run: |
+ run: |
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
brew install arduino --cask
- - name: preinstall
- run: |
- npm install -g node-gyp
- npm install -g vsce@"^1.0.0"
- npm install -g gulp
- - name: install
- run: npm install
- - name: scripts
- run: |
- gulp tslint
- vsce package
- - name: run tests
+
+ # Windows agents already have gulp installed.
+ - name: Install gulp
if: ${{ matrix.os != 'windows-latest' }}
+ run: npm install --global gulp
+ - name: Install global dependencies
+ run: npm install --global node-gyp vsce
+ - name: Install project dependencies
+ run: npm install
+
+ - name: Check for linting errors
+ run: gulp tslint
+ - name: Build and pack extension
+ run: vsce package --out vscode-arduino.vsix
+ - name: Publish extension VSIX as artifact
+ uses: actions/upload-artifact@v2
+ with:
+ name: VS Code extension VSIX (${{ matrix.os }})
+ path: vscode-arduino.vsix
+
+ - name: Run tests
uses: GabrielBB/xvfb-action@v1
with:
run: npm test --silent
-
- deploy:
- needs: build
- runs-on: ubuntu-latest
- environment: vsix-publishing
- if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
- steps:
- - run: echo "VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- - run: echo ${{env.VERSION}}
- - name: Checkout
- uses: actions/checkout@v2
- - name: get node
- uses: actions/setup-node@v1
- with:
- node-version: 11.x
- - name: linux setup
- run: |
- export CXX="g++-4.9" CC="gcc-4.9" DISPLAY=:99.0
- sleep 3
- sudo apt-get update
- sudo apt-get install g++-multilib
- sudo apt-get install -y build-essential
- sudo apt-get install libudev-dev
- - name: preinstall
- run: |
- npm install -g node-gyp
- npm install -g vsce@"^1.0.0"
- npm install -g gulp
- - name: install
- run: npm install
- - name: scripts
- run: |
- gulp tslint
- gulp genAikey
- vsce package
- - name: upload .vsix to github tag
- uses: svenstaro/upload-release-action@v2
- with:
- repo_token: ${{ secrets.OAUTH_TOKEN }}
- file: ${{github.workspace}}/vscode-arduino*.vsix
- tag: ${{ github.ref }}
- overwrite: true
- file_glob: true
- - name: check for production tag
- id: check-version
- run: |
- if [[ ${{ env.VERSION }} =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
- echo ::set-output name=ISPRODUCTION::true
- fi
- # Skip attempting to publish for now, because I can't figure out how to
- # generate a valid VSCE_TOKEN. Instead we can manually publish by uploading
- # the release build artifact to the extension publisher site.
- - name: publish
- if: false && steps.check-version.outputs.ISPRODUCTION == 'true'
- env:
- PROD_AIKEY: ${{ secrets.PROD_AIKEY }}
- run: |
- gulp genAikey
- vsce publish -p ${{ secrets.VSCE_TOKEN }}
diff --git a/.vscodeignore b/.vscodeignore
index c4e16b01..5e07e3aa 100644
--- a/.vscodeignore
+++ b/.vscodeignore
@@ -15,4 +15,6 @@ gulpfile.js
*.log
webpack.config.js
node_modules/**
-vendor/**
\ No newline at end of file
+vendor/**
+azure-pipelines.yml
+build/**
\ No newline at end of file
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
new file mode 100644
index 00000000..49c67f56
--- /dev/null
+++ b/azure-pipelines.yml
@@ -0,0 +1,191 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+name: $(Date:yyyyMMdd)$(Rev:.r).0-$(SourceBranchName)
+
+parameters:
+ - name: SignTypeOverride
+ displayName: Signing type override
+ type: string
+ default: default
+ values:
+ - default
+ - test
+ - real
+
+pr:
+ - master
+ - dev
+
+trigger:
+ branches:
+ include:
+ - master
+ - dev
+ tags:
+ include:
+ - v*
+
+pool:
+ name: VSEngSS-MicroBuild2019-1ES
+
+variables:
+ # MicroBuild requires TeamName to be set.
+ TeamName: C++ Cross Platform and Cloud
+ # If the user didn't override the signing type, then only real-sign on tags,
+ # master, or dev.
+ ${{ if ne(parameters.SignTypeOverride, 'default') }}:
+ SignType: ${{ parameters.SignTypeOverride }}
+ ${{ if and(eq(parameters.SignTypeOverride, 'default'), or(startsWith(variables['Build.SourceBranch'], 'refs/tags'), eq(variables['Build.SourceBranchName'], 'master'), eq(variables['Build.SourceBranchName'], 'dev'))) }}:
+ SignType: real
+ ${{ if and(eq(parameters.SignTypeOverride, 'default'), not(or(startsWith(variables['Build.SourceBranch'], 'refs/tags'), eq(variables['Build.SourceBranchName'], 'master'), eq(variables['Build.SourceBranchName'], 'dev')))) }}:
+ SignType: test
+
+steps:
+ - task: MicroBuildSigningPlugin@3
+ displayName: Install MicroBuild Signing
+ inputs:
+ signType: $(SignType)
+ zipSources: false
+ # MicroBuild signing will always fail on public PRs.
+ condition: ne(variables['Build.Reason'], 'PullRequest')
+
+ # Run these scanners first so that they don't detect issues in dependencies.
+ # Failures won't break the build until "Check for compliance errors" step.
+ - task: CredScan@2
+ displayName: Run CredScan
+ inputs:
+ toolMajorVersion: V2
+ - task: PoliCheck@1
+ displayName: Run PoliCheck
+ inputs:
+ targetType: F
+ targetArgument: $(Build.SourcesDirectory)
+
+ # Node 14 matches the version of Node used by VS Code when this was written,
+ # but it should be updated when VS Code updates its Node version.
+ - task: NodeTool@0
+ displayName: Use Node 14.x
+ inputs:
+ versionSpec: 14.x
+ - script: npm install --global gulp node-gyp vsce
+ displayName: Install global dependencies
+ - script: npm install
+ displayName: Install project dependencies
+
+ - script: gulp tslint
+ displayName: Check for linting errors
+ - script: gulp genAikey
+ displayName: Use production AI key
+ condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags'))
+ # Pack the extension now even though it's unsigned so that we ignore files
+ # from .vscodeignore. This will reduce load on the signing server later and
+ # ensure we only attempt to sign shipping files.
+ - script: vsce package --out vscode-arduino.vsix
+ displayName: Build and pack extension
+
+ - task: ComponentGovernanceComponentDetection@0
+ displayName: Detect components
+
+ # Extract the VSIX, sign what we can, then pack it back up and publish it.
+ - task: ExtractFiles@1
+ displayName: Extract extension for signing
+ inputs:
+ archiveFilePatterns: vscode-arduino.vsix
+ destinationFolder: $(Build.StagingDirectory)\vscode-arduino
+ - task: NuGetToolInstaller@1
+ displayName: Install NuGet
+ - task: NuGetAuthenticate@0
+ displayName: Authenticate NuGet
+ - script: nuget restore .\build\SignFiles.proj -PackagesDirectory .\build\packages
+ displayName: Restore MicroBuild Core
+ # MicroBuild signing will always fail on public PRs.
+ condition: ne(variables['Build.Reason'], 'PullRequest')
+ - task: MSBuild@1
+ displayName: Sign files
+ inputs:
+ solution: .\build\SignFiles.proj
+ msbuildArguments: /p:SignType=$(SignType)
+ # MicroBuild signing will always fail on public PRs.
+ condition: ne(variables['Build.Reason'], 'PullRequest')
+ - task: ArchiveFiles@2
+ displayName: Pack signed files
+ inputs:
+ rootFolderOrFile: $(Build.StagingDirectory)\vscode-arduino
+ includeRootFolder: false
+ archiveType: zip
+ archiveFile: $(Build.StagingDirectory)\vscode-arduino.vsix
+ - task: MSBuild@1
+ displayName: Sign VSIX
+ inputs:
+ solution: .\build\SignVsix.proj
+ msbuildArguments: /p:SignType=$(SignType)
+ # MicroBuild signing will always fail on public PRs.
+ condition: ne(variables['Build.Reason'], 'PullRequest')
+ - publish: $(Build.StagingDirectory)\vscode-arduino.vsix
+ artifact: VS Code extension VSIX
+ displayName: Publish extension VSIX as artifact
+
+ # Install the Arduino IDE and run tests.
+ - script: curl -LO https://downloads.arduino.cc/arduino-1.8.19-windows.zip
+ displayName: Download Arduino IDE
+ - script: >-
+ node build/checkHash.js arduino-1.8.19-windows.zip
+ c704a821089eab2588f1deae775916219b1517febd1dd574ff29958dca873945
+ displayName: Verify Arduino IDE
+ - task: ExtractFiles@1
+ displayName: Extract Arduino IDE
+ inputs:
+ archiveFilePatterns: arduino-1.8.19-windows.zip
+ destinationFolder: arduino-ide
+ - script: "echo ##vso[task.prependpath]$(Build.SourcesDirectory)\\arduino-ide\\arduino-1.8.19"
+ displayName: Add Arduino IDE to PATH
+ - script: npm test --silent
+ displayName: Run tests
+
+ - task: PostAnalysis@1
+ displayName: Check for compliance errors
+ # To avoid spirious warnings about missing logs, explicitly declare what we scanned.
+ inputs:
+ CredScan: true
+ PoliCheck: true
+
+ # Trust Services Automation (TSA) can automatically open bugs for compliance issues.
+ # https://www.1eswiki.com/wiki/Trust_Services_Automation_(TSA)
+ - task: TSAUpload@1
+ displayName: Upload logs to TSA
+ inputs:
+ tsaVersion: TsaV2
+ codebase: NewOrUpdate
+ codeBaseName: vscode-arduino
+ notificationAlias: embeddeddev@microsoft.com
+ instanceUrlForTsaV2: DEVDIV
+ projectNameDEVDIV: DevDiv
+ areaPath: DevDiv\Cpp Developer Experience\Cross Platform\Embedded
+ iterationPath: DevDiv
+ # To avoid spurious warnings about missing logs, explicitly declare what we don't upload.
+ uploadAPIScan: false
+ uploadBinSkim: false
+ uploadFortifySCA: false
+ uploadFxCop: false
+ uploadModernCop: false
+ uploadPREfast: false
+ uploadRoslyn: false
+ uploadTSLint: false
+ # Don't open bugs for PR builds
+ condition: ne(variables['Build.Reason'], 'PullRequest')
+
+ - task: GitHubRelease@0
+ displayName: Publish to GitHub
+ inputs:
+ gitHubConnection: embeddedbot
+ repositoryName: microsoft/vscode-arduino
+ action: create
+ target: $(Build.SourceVersion)
+ tagSource: auto
+ assets: $(Build.StagingDirectory)\vscode-arduino.vsix
+ isPreRelease: $[contains(variables['Build.SourceBranch'], '-rc')]
+ condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags'))
+
+ - task: MicroBuildCleanup@1
+ displayName: Clean up MicroBuild
diff --git a/build/SignFiles.proj b/build/SignFiles.proj
new file mode 100644
index 00000000..19a18ba7
--- /dev/null
+++ b/build/SignFiles.proj
@@ -0,0 +1,30 @@
+
+
+
+
+
+ $(BUILD_STAGINGDIRECTORY)\vscode-arduino\extension
+
+ $(BaseOutputDirectory)
+ $(BaseOutputDirectory)
+
+
+
+
+ Microsoft400
+
+
+
+ Microsoft400
+
+
+ Microsoft400
+
+
+ 3PartyScriptsSHA2
+
+
+
+
+
\ No newline at end of file
diff --git a/build/SignVsix.proj b/build/SignVsix.proj
new file mode 100644
index 00000000..bf9b6047
--- /dev/null
+++ b/build/SignVsix.proj
@@ -0,0 +1,19 @@
+
+
+
+
+
+ $(BUILD_STAGINGDIRECTORY)
+
+ $(BaseOutputDirectory)
+ $(BaseOutputDirectory)
+
+
+
+
+ VsixSHA2
+
+
+
+
+
\ No newline at end of file
diff --git a/build/checkHash.js b/build/checkHash.js
new file mode 100644
index 00000000..052b9a81
--- /dev/null
+++ b/build/checkHash.js
@@ -0,0 +1,17 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+// Usage
+// $ node checkHash.js myfile.zip c704...3945
+// Returns with an exit code of zero if and only if the SHA-256 hash of the
+// given file matches the expected hash.
+
+const path = process.argv[2];
+const expected = process.argv[3];
+const data = require('fs').readFileSync(path);
+const hash = require('crypto').createHash('sha256').update(data).digest('hex');
+if (hash !== expected) {
+ console.error(
+ `Expected SHA-256 of "${path}" to be ${expected} but found ${hash}.`);
+ process.exit(1);
+}
diff --git a/build/packages.config b/build/packages.config
new file mode 100644
index 00000000..df03298c
--- /dev/null
+++ b/build/packages.config
@@ -0,0 +1,4 @@
+
+
+
+
\ No newline at end of file