From 65ef8150185c55ca77441d463631c2cbca5237e3 Mon Sep 17 00:00:00 2001 From: embeddedbot <85956900+embeddedbot@users.noreply.github.com> Date: Mon, 3 Jan 2022 15:07:25 -0800 Subject: [PATCH 1/6] Set up CI with Azure Pipelines --- azure-pipelines.yml | 121 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+) create mode 100644 azure-pipelines.yml diff --git a/azure-pipelines.yml b/azure-pipelines.yml new file mode 100644 index 00000000..59595bb9 --- /dev/null +++ b/azure-pipelines.yml @@ -0,0 +1,121 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +name: $(Date:yyyyMMdd)$(Rev:.r).0-$(SourceBranchName) + +pr: + - master + - dev + +trigger: + branches: + include: + - master + - dev + tags: + include: + - v* + +pool: + name: VSEngSS-MicroBuild2019-1ES + +steps: + # Run these scanners first so that they don't detect issues in dependencies. + # Failures won't break the build until "Check for compliance errors" step. + - task: CredScan@2 + displayName: Run CredScan + inputs: + toolMajorVersion: V2 + - task: PoliCheck@1 + displayName: Run PoliCheck + inputs: + targetType: F + targetArgument: $(Build.SourcesDirectory) + + # Node 14 matches the version of Node used by VS Code when this was written, + # but it should be updated when VS Code updates its Node version. + - task: NodeTool@0 + displayName: Use Node 14.x + inputs: + versionSpec: 14.x + - script: npm install --global gulp node-gyp vsce + displayName: Install global dependencies + - script: npm install + displayName: Install project dependencies + + - script: gulp tslint + displayName: Check for linting errors + - script: gulp genAikey + displayName: Use production AI key + condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags')) + - script: vsce package --out vscode-arduino.vsix + displayName: Build and pack extension + - publish: vscode-arduino.vsix + artifact: VS Code extension VSIX + displayName: Publish extension VSIX as artifact + + - task: ComponentGovernanceComponentDetection@0 + displayName: Detect components + + # Install the Arduino IDE and run tests. + - script: curl -LO https://downloads.arduino.cc/arduino-1.8.19-windows.zip + displayName: Download Arduino IDE + - script: >- + node --eval "process.exit(require('crypto').createHash('sha256').update( + require('fs').readFileSync('arduino-1.8.19-windows.zip')).digest('hex') + == 'c704a821089eab2588f1deae775916219b1517febd1dd574ff29958dca873945' + ? 0 : 1)" + displayName: Verify Arduino IDE + - task: ExtractFiles@1 + displayName: Extract Arduino IDE + inputs: + archiveFilePatterns: arduino-1.8.19-windows.zip + destinationFolder: arduino-ide + - script: "echo ##vso[task.prependpath]$(Build.SourcesDirectory)\\arduino-ide\\arduino-1.8.19" + displayName: Add Arduino IDE to PATH + - script: npm test --silent + displayName: Run tests + + - task: PostAnalysis@1 + displayName: Check for compliance errors + # To avoid spirious warnings about missing logs, explicitly declare what we scanned. + inputs: + CredScan: true + PoliCheck: true + + # Trust Services Automation (TSA) can automatically open bugs for compliance issues. + # https://www.1eswiki.com/wiki/Trust_Services_Automation_(TSA) + - task: TSAUpload@1 + displayName: Upload logs to TSA + inputs: + tsaVersion: TsaV2 + codebase: NewOrUpdate + codeBaseName: vscode-arduino + notificationAlias: embeddeddev@microsoft.com + instanceUrlForTsaV2: DEVDIV + projectNameDEVDIV: DevDiv + areaPath: DevDiv\Cpp Developer Experience\Cross Platform\Embedded + iterationPath: DevDiv + # To avoid spurious warnings about missing logs, explicitly declare what we don't upload. + uploadAPIScan: false + uploadBinSkim: false + uploadFortifySCA: false + uploadFxCop: false + uploadModernCop: false + uploadPREfast: false + uploadRoslyn: false + uploadTSLint: false + # Don't open bugs for PR builds + condition: ne(variables['Build.Reason'], 'PullRequest') + + - task: GitHubRelease@0 + displayName: Publish to GitHub + inputs: + gitHubConnection: embeddedbot + repositoryName: microsoft/vscode-arduino + action: create + target: $(Build.SourceVersion) + tagSource: auto + assets: $(Build.SourcesDirectory)\vscode-arduino.vsix + isPreRelease: $[contains(variables['Build.SourceBranch'], '-rc')] + condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags')) From e5262968d8b43e7dfda199ebc7b9f197392479a5 Mon Sep 17 00:00:00 2001 From: Ben McMorran Date: Wed, 5 Jan 2022 10:16:12 -0800 Subject: [PATCH 2/6] Remove deploy and add Windows test to GH actions --- .github/workflows/build.yml | 140 +++++++++++++----------------------- 1 file changed, 50 insertions(+), 90 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f0d811a1..5d668dac 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,8 @@ -name: CI-Tests +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +name: CI + on: push: branches: @@ -11,110 +15,66 @@ on: - master - dev - jobs: build: - runs-on: ${{ matrix.os }} + runs-on: ${{ matrix.os }} strategy: + fail-fast: false matrix: os: [ ubuntu-latest, macos-latest, windows-latest ] - + steps: - - name: checkout - uses: actions/checkout@v2 - - name: get node - uses: actions/setup-node@v1 - with: - node-version: 11.x - - name: linux setup + - name: Windows setup + if: ${{ matrix.os == 'windows-latest' }} + run: | + curl -LO https://downloads.arduino.cc/arduino-1.8.19-windows.zip + 7z x arduino-1.8.19-windows.zip -o"$Env:TEMP\arduino-ide" + echo "$Env:TEMP\arduino-ide\arduino-1.8.19" | Out-File -FilePath $env:GITHUB_PATH -Append + - name: Linux setup if: ${{ matrix.os == 'ubuntu-latest' }} run: | export CXX="g++-4.9" CC="gcc-4.9" DISPLAY=:99.0 sleep 3 - wget https://downloads.arduino.cc/arduino-1.8.2-linux64.tar.xz -P /home/$USER - tar -xvf /home/$USER/arduino-1.8.2-linux64.tar.xz -C /home/$USER/ - sudo ln -s /home/$USER/arduino-1.8.2/arduino /usr/bin/arduino + wget https://downloads.arduino.cc/arduino-1.8.19-linux64.tar.xz -P /home/$USER + tar -xvf /home/$USER/arduino-1.8.19-linux64.tar.xz -C /home/$USER/ + sudo ln -s /home/$USER/arduino-1.8.19/arduino /usr/bin/arduino sudo apt-get update - sudo apt-get install g++-multilib - sudo apt-get install -y build-essential - sudo apt-get install libudev-dev - - name: macos setup + sudo apt-get install -y g++-multilib build-essential libudev-dev + - name: macOS setup if: ${{ matrix.os == 'macos-latest' }} - run: | + run: | /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" brew install arduino --cask - - name: preinstall - run: | - npm install -g node-gyp - npm install -g vsce@"^1.0.0" - npm install -g gulp - - name: install - run: npm install - - name: scripts - run: | - gulp tslint - vsce package - - name: run tests + + - name: Checkout + uses: actions/checkout@v2 + + # Node 14 matches the version of Node used by VS Code when this was + # written, but it should be updated when VS Code updates its Node version. + - name: Use Node 14.x + uses: actions/setup-node@v2 + with: + node-version: 14.x + # Windows agents already have gulp installed. + - name: Install gulp if: ${{ matrix.os != 'windows-latest' }} + run: npm install --global gulp + - name: Install global dependencies + run: npm install --global node-gyp vsce + - name: Install project dependencies + run: npm install + + - name: Check for linting errors + run: gulp tslint + - name: Build and pack extension + run: vsce package --out vscode-arduino.vsix + - name: Publish extension VSIX as artifact + uses: actions/upload-artifact@v2 + with: + name: VS Code extension VSIX (${{ matrix.os }}) + path: vscode-arduino.vsix + + - name: Run tests uses: GabrielBB/xvfb-action@v1 with: run: npm test --silent - - deploy: - needs: build - runs-on: ubuntu-latest - environment: vsix-publishing - if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') - steps: - - run: echo "VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV - - run: echo ${{env.VERSION}} - - name: Checkout - uses: actions/checkout@v2 - - name: get node - uses: actions/setup-node@v1 - with: - node-version: 11.x - - name: linux setup - run: | - export CXX="g++-4.9" CC="gcc-4.9" DISPLAY=:99.0 - sleep 3 - sudo apt-get update - sudo apt-get install g++-multilib - sudo apt-get install -y build-essential - sudo apt-get install libudev-dev - - name: preinstall - run: | - npm install -g node-gyp - npm install -g vsce@"^1.0.0" - npm install -g gulp - - name: install - run: npm install - - name: scripts - run: | - gulp tslint - gulp genAikey - vsce package - - name: upload .vsix to github tag - uses: svenstaro/upload-release-action@v2 - with: - repo_token: ${{ secrets.OAUTH_TOKEN }} - file: ${{github.workspace}}/vscode-arduino*.vsix - tag: ${{ github.ref }} - overwrite: true - file_glob: true - - name: check for production tag - id: check-version - run: | - if [[ ${{ env.VERSION }} =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo ::set-output name=ISPRODUCTION::true - fi - # Skip attempting to publish for now, because I can't figure out how to - # generate a valid VSCE_TOKEN. Instead we can manually publish by uploading - # the release build artifact to the extension publisher site. - - name: publish - if: false && steps.check-version.outputs.ISPRODUCTION == 'true' - env: - PROD_AIKEY: ${{ secrets.PROD_AIKEY }} - run: | - gulp genAikey - vsce publish -p ${{ secrets.VSCE_TOKEN }} From c37e97b60d537888c169625f6e0075434bb8d63a Mon Sep 17 00:00:00 2001 From: Ben McMorran Date: Thu, 6 Jan 2022 10:54:20 -0800 Subject: [PATCH 3/6] Add hash verification for Linux and Windows --- .github/workflows/build.yml | 25 ++++++++++++++++--------- azure-pipelines.yml | 6 ++---- build/checkHash.js | 17 +++++++++++++++++ 3 files changed, 35 insertions(+), 13 deletions(-) create mode 100644 build/checkHash.js diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5d668dac..5b909550 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -24,10 +24,24 @@ jobs: os: [ ubuntu-latest, macos-latest, windows-latest ] steps: + - name: Checkout + uses: actions/checkout@v2 + + # Node 14 matches the version of Node used by VS Code when this was + # written, but it should be updated when VS Code updates its Node version. + # Node needs to be installed before OS-specific setup so that we can run + # the hash verification script. + - name: Use Node 14.x + uses: actions/setup-node@v2 + with: + node-version: 14.x + - name: Windows setup if: ${{ matrix.os == 'windows-latest' }} run: | curl -LO https://downloads.arduino.cc/arduino-1.8.19-windows.zip + node build/checkHash.js arduino-1.8.19-windows.zip ` + c704a821089eab2588f1deae775916219b1517febd1dd574ff29958dca873945 7z x arduino-1.8.19-windows.zip -o"$Env:TEMP\arduino-ide" echo "$Env:TEMP\arduino-ide\arduino-1.8.19" | Out-File -FilePath $env:GITHUB_PATH -Append - name: Linux setup @@ -36,6 +50,8 @@ jobs: export CXX="g++-4.9" CC="gcc-4.9" DISPLAY=:99.0 sleep 3 wget https://downloads.arduino.cc/arduino-1.8.19-linux64.tar.xz -P /home/$USER + node build/checkHash.js /home/$USER/arduino-1.8.19-linux64.tar.xz \ + eb68bddc1d1c0120be2fca1350a03ee34531cf37f51847b21210b6e70545bc9b tar -xvf /home/$USER/arduino-1.8.19-linux64.tar.xz -C /home/$USER/ sudo ln -s /home/$USER/arduino-1.8.19/arduino /usr/bin/arduino sudo apt-get update @@ -46,15 +62,6 @@ jobs: /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" brew install arduino --cask - - name: Checkout - uses: actions/checkout@v2 - - # Node 14 matches the version of Node used by VS Code when this was - # written, but it should be updated when VS Code updates its Node version. - - name: Use Node 14.x - uses: actions/setup-node@v2 - with: - node-version: 14.x # Windows agents already have gulp installed. - name: Install gulp if: ${{ matrix.os != 'windows-latest' }} diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 59595bb9..12fb0e64 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -61,10 +61,8 @@ steps: - script: curl -LO https://downloads.arduino.cc/arduino-1.8.19-windows.zip displayName: Download Arduino IDE - script: >- - node --eval "process.exit(require('crypto').createHash('sha256').update( - require('fs').readFileSync('arduino-1.8.19-windows.zip')).digest('hex') - == 'c704a821089eab2588f1deae775916219b1517febd1dd574ff29958dca873945' - ? 0 : 1)" + node build/checkHash.js arduino-1.8.19-windows.zip + c704a821089eab2588f1deae775916219b1517febd1dd574ff29958dca873945 displayName: Verify Arduino IDE - task: ExtractFiles@1 displayName: Extract Arduino IDE diff --git a/build/checkHash.js b/build/checkHash.js new file mode 100644 index 00000000..052b9a81 --- /dev/null +++ b/build/checkHash.js @@ -0,0 +1,17 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + +// Usage +// $ node checkHash.js myfile.zip c704...3945 +// Returns with an exit code of zero if and only if the SHA-256 hash of the +// given file matches the expected hash. + +const path = process.argv[2]; +const expected = process.argv[3]; +const data = require('fs').readFileSync(path); +const hash = require('crypto').createHash('sha256').update(data).digest('hex'); +if (hash !== expected) { + console.error( + `Expected SHA-256 of "${path}" to be ${expected} but found ${hash}.`); + process.exit(1); +} From d36064147b7a704b17ea945351f04f4ac37d8e44 Mon Sep 17 00:00:00 2001 From: Ben McMorran Date: Thu, 6 Jan 2022 11:52:59 -0800 Subject: [PATCH 4/6] Add signing for VSIX, JS, and Windows files --- .github/workflows/build.yml | 4 +- .vscodeignore | 4 +- azure-pipelines.yml | 84 ++++++++++++++++++++++++++++++++++--- build/SignFiles.proj | 28 +++++++++++++ build/SignVsix.proj | 19 +++++++++ build/packages.config | 4 ++ package.json | 1 - 7 files changed, 136 insertions(+), 8 deletions(-) create mode 100644 build/SignFiles.proj create mode 100644 build/SignVsix.proj create mode 100644 build/packages.config diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5b909550..1cff1fde 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -73,7 +73,9 @@ jobs: - name: Check for linting errors run: gulp tslint - - name: Build and pack extension + - name: Build extension + run: gulp build --mode=production + - name: Pack extension run: vsce package --out vscode-arduino.vsix - name: Publish extension VSIX as artifact uses: actions/upload-artifact@v2 diff --git a/.vscodeignore b/.vscodeignore index c4e16b01..5e07e3aa 100644 --- a/.vscodeignore +++ b/.vscodeignore @@ -15,4 +15,6 @@ gulpfile.js *.log webpack.config.js node_modules/** -vendor/** \ No newline at end of file +vendor/** +azure-pipelines.yml +build/** \ No newline at end of file diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 12fb0e64..15128952 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -3,6 +3,16 @@ name: $(Date:yyyyMMdd)$(Rev:.r).0-$(SourceBranchName) +parameters: + - name: SignTypeOverride + displayName: Signing type override + type: string + default: default + values: + - default + - test + - real + pr: - master - dev @@ -19,7 +29,27 @@ trigger: pool: name: VSEngSS-MicroBuild2019-1ES +variables: + # MicroBuild requires TeamName to be set. + TeamName: C++ Cross Platform and Cloud + # If the user didn't override the signing type, then only real-sign on master + # or dev. + ${{ if ne(parameters.SignTypeOverride, 'default') }}: + SignType: ${{ parameters.SignTypeOverride }} + ${{ if and(eq(parameters.SignTypeOverride, 'default'), or(eq(variables['Build.SourceBranchName'], 'master'), eq(variables['Build.SourceBranchName'], 'dev'))) }}: + SignType: real + ${{ if and(eq(parameters.SignTypeOverride, 'default'), not(or(eq(variables['Build.SourceBranchName'], 'master'), eq(variables['Build.SourceBranchName'], 'dev')))) }}: + SignType: test + steps: + - task: MicroBuildSigningPlugin@3 + displayName: Install MicroBuild Signing + inputs: + signType: $(SignType) + zipSources: false + # MicroBuild signing will always fail on public PRs. + condition: ne(variables['Build.Reason'], 'PullRequest') + # Run these scanners first so that they don't detect issues in dependencies. # Failures won't break the build until "Check for compliance errors" step. - task: CredScan@2 @@ -48,15 +78,56 @@ steps: - script: gulp genAikey displayName: Use production AI key condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags')) + - script: gulp build --mode=production + displayName: Build extension + # Pack the extension now even though it's unsigned so that we ignore files + # from .vscodeignore. This will reduce load on the signing server later and + # ensure we only attempt to sign shipping files. - script: vsce package --out vscode-arduino.vsix - displayName: Build and pack extension - - publish: vscode-arduino.vsix - artifact: VS Code extension VSIX - displayName: Publish extension VSIX as artifact + displayName: Pack extension - task: ComponentGovernanceComponentDetection@0 displayName: Detect components + # Extract the VSIX, sign what we can, then pack it back up and publish it. + - task: ExtractFiles@1 + displayName: Extract extension for signing + inputs: + archiveFilePatterns: vscode-arduino.vsix + destinationFolder: $(Build.StagingDirectory)\vscode-arduino + - task: NuGetToolInstaller@1 + displayName: Install NuGet + - task: NuGetAuthenticate@0 + displayName: Authenticate NuGet + - script: nuget restore .\build\SignFiles.proj -PackagesDirectory .\build\packages + displayName: Restore MicroBuild Core + # MicroBuild signing will always fail on public PRs. + condition: ne(variables['Build.Reason'], 'PullRequest') + - task: MSBuild@1 + displayName: Sign files + inputs: + solution: .\build\SignFiles.proj + msbuildArguments: /p:SignType=$(SignType) + # MicroBuild signing will always fail on public PRs. + condition: ne(variables['Build.Reason'], 'PullRequest') + - task: ArchiveFiles@2 + displayName: Pack signed files + inputs: + rootFolderOrFile: $(Build.StagingDirectory)\vscode-arduino + includeRootFolder: false + archiveType: zip + archiveFile: $(Build.StagingDirectory)\vscode-arduino.vsix + - task: MSBuild@1 + displayName: Sign VSIX + inputs: + solution: .\build\SignVsix.proj + msbuildArguments: /p:SignType=$(SignType) + # MicroBuild signing will always fail on public PRs. + condition: ne(variables['Build.Reason'], 'PullRequest') + - publish: $(Build.StagingDirectory)\vscode-arduino.vsix + artifact: VS Code extension VSIX + displayName: Publish extension VSIX as artifact + # Install the Arduino IDE and run tests. - script: curl -LO https://downloads.arduino.cc/arduino-1.8.19-windows.zip displayName: Download Arduino IDE @@ -114,6 +185,9 @@ steps: action: create target: $(Build.SourceVersion) tagSource: auto - assets: $(Build.SourcesDirectory)\vscode-arduino.vsix + assets: $(Build.StagingDirectory)\vscode-arduino.vsix isPreRelease: $[contains(variables['Build.SourceBranch'], '-rc')] condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags')) + + - task: MicroBuildCleanup@1 + displayName: Clean up MicroBuild diff --git a/build/SignFiles.proj b/build/SignFiles.proj new file mode 100644 index 00000000..8c243fda --- /dev/null +++ b/build/SignFiles.proj @@ -0,0 +1,28 @@ + + + + + + $(BUILD_STAGINGDIRECTORY)\vscode-arduino\extension + + $(BaseOutputDirectory) + $(BaseOutputDirectory) + + + + + Microsoft400 + + + Microsoft400 + + + Microsoft400 + + + 3PartyScriptsSHA2 + + + + + \ No newline at end of file diff --git a/build/SignVsix.proj b/build/SignVsix.proj new file mode 100644 index 00000000..bf9b6047 --- /dev/null +++ b/build/SignVsix.proj @@ -0,0 +1,19 @@ + + + + + + $(BUILD_STAGINGDIRECTORY) + + $(BaseOutputDirectory) + $(BaseOutputDirectory) + + + + + VsixSHA2 + + + + + \ No newline at end of file diff --git a/build/packages.config b/build/packages.config new file mode 100644 index 00000000..df03298c --- /dev/null +++ b/build/packages.config @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/package.json b/package.json index c677c34a..28f09ce6 100644 --- a/package.json +++ b/package.json @@ -571,7 +571,6 @@ ] }, "scripts": { - "vscode:prepublish": "gulp build --mode=production", "postinstall": "cd ./src/views && npm install && node ../../node_modules/node-usb-native/scripts/rebuild-serialport.js", "test": "gulp test" }, From fc0287f27a15f554384d8b3e5919a99be44cbc81 Mon Sep 17 00:00:00 2001 From: Ben McMorran Date: Thu, 6 Jan 2022 17:26:25 -0800 Subject: [PATCH 5/6] Real-sign tags --- azure-pipelines.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 15128952..22b0754c 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -32,13 +32,13 @@ pool: variables: # MicroBuild requires TeamName to be set. TeamName: C++ Cross Platform and Cloud - # If the user didn't override the signing type, then only real-sign on master - # or dev. + # If the user didn't override the signing type, then only real-sign on tags, + # master, or dev. ${{ if ne(parameters.SignTypeOverride, 'default') }}: SignType: ${{ parameters.SignTypeOverride }} - ${{ if and(eq(parameters.SignTypeOverride, 'default'), or(eq(variables['Build.SourceBranchName'], 'master'), eq(variables['Build.SourceBranchName'], 'dev'))) }}: + ${{ if and(eq(parameters.SignTypeOverride, 'default'), or(startsWith(variables['Build.SourceBranch'], 'refs/tags'), eq(variables['Build.SourceBranchName'], 'master'), eq(variables['Build.SourceBranchName'], 'dev'))) }}: SignType: real - ${{ if and(eq(parameters.SignTypeOverride, 'default'), not(or(eq(variables['Build.SourceBranchName'], 'master'), eq(variables['Build.SourceBranchName'], 'dev')))) }}: + ${{ if and(eq(parameters.SignTypeOverride, 'default'), not(or(startsWith(variables['Build.SourceBranch'], 'refs/tags'), eq(variables['Build.SourceBranchName'], 'master'), eq(variables['Build.SourceBranchName'], 'dev')))) }}: SignType: test steps: From c700ec7167b416c4469f31a3b8fb5d2eaadbb2da Mon Sep 17 00:00:00 2001 From: Ben McMorran Date: Fri, 7 Jan 2022 10:52:00 -0800 Subject: [PATCH 6/6] Address PR comments --- .github/workflows/build.yml | 4 +--- azure-pipelines.yml | 4 +--- build/SignFiles.proj | 2 ++ package.json | 1 + 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1cff1fde..5b909550 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -73,9 +73,7 @@ jobs: - name: Check for linting errors run: gulp tslint - - name: Build extension - run: gulp build --mode=production - - name: Pack extension + - name: Build and pack extension run: vsce package --out vscode-arduino.vsix - name: Publish extension VSIX as artifact uses: actions/upload-artifact@v2 diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 22b0754c..49c67f56 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -78,13 +78,11 @@ steps: - script: gulp genAikey displayName: Use production AI key condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags')) - - script: gulp build --mode=production - displayName: Build extension # Pack the extension now even though it's unsigned so that we ignore files # from .vscodeignore. This will reduce load on the signing server later and # ensure we only attempt to sign shipping files. - script: vsce package --out vscode-arduino.vsix - displayName: Pack extension + displayName: Build and pack extension - task: ComponentGovernanceComponentDetection@0 displayName: Detect components diff --git a/build/SignFiles.proj b/build/SignFiles.proj index 8c243fda..19a18ba7 100644 --- a/build/SignFiles.proj +++ b/build/SignFiles.proj @@ -13,6 +13,8 @@ Microsoft400 + Microsoft400 diff --git a/package.json b/package.json index 28f09ce6..c677c34a 100644 --- a/package.json +++ b/package.json @@ -571,6 +571,7 @@ ] }, "scripts": { + "vscode:prepublish": "gulp build --mode=production", "postinstall": "cd ./src/views && npm install && node ../../node_modules/node-usb-native/scripts/rebuild-serialport.js", "test": "gulp test" },