microsoft · benmcmorran · Feb 23, 2023 · Feb 22, 2023 · Feb 22, 2023 · Feb 23, 2023
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -28,8 +28,6 @@ pool:
   name: VSEngSS-MicroBuild2019-1ES
 
 variables:
-  # MicroBuild requires TeamName to be set.
-  TeamName: C++ Cross Platform and Cloud
   # If the user didn't override the signing type, then only real-sign on tags or
   # the main branch.
   ${{ if ne(parameters.SignTypeOverride, 'default') }}:
@@ -39,158 +37,5 @@ variables:
   ${{ if and(eq(parameters.SignTypeOverride, 'default'), not(or(startsWith(variables['Build.SourceBranch'], 'refs/tags'), eq(variables['Build.SourceBranchName'], 'main')))) }}:
     SignType: test
 
-steps:
-  - task: MicroBuildSigningPlugin@3
-    displayName: Install MicroBuild Signing
-    inputs:
-      signType: $(SignType)
-      zipSources: false
-    # MicroBuild signing will always fail on public PRs.
-    condition: ne(variables['Build.Reason'], 'PullRequest')
-
-  # Run these scanners first so that they don't detect issues in dependencies.
-  # Failures won't break the build until "Check for compliance errors" step.
-  - task: CredScan@2
-    displayName: Run CredScan
-    inputs:
-      toolMajorVersion: V2
-  - task: PoliCheck@1
-    displayName: Run PoliCheck
-    inputs:
-      targetType: F
-      targetArgument: $(Build.SourcesDirectory)
-
-  # Node 14 matches the version of Node used by VS Code when this was written,
-  # but it should be updated when VS Code updates its Node version.
-  - task: NodeTool@0
-    displayName: Use Node 16.x
-    inputs:
-      versionSpec: 16.x
-  - script: npm install --global gulp node-gyp @vscode/vsce
-    displayName: Install global dependencies
-  - script: npm install
-    displayName: Install project dependencies
-
-  - task: ComponentGovernanceComponentDetection@0
-    displayName: Detect components
-  - task: notice@0
-    displayName: Generate NOTICE file
-    inputs:
-      outputfile: $(Build.SourcesDirectory)/NOTICE.txt
-    condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest'))
-
-  - script: gulp tslint
-    displayName: Check for linting errors
-  - script: gulp genAikey
-    displayName: Use production AI key
-    condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags'))
-  # Pack the extension now even though it's unsigned so that we ignore files
-  # from .vscodeignore. This will reduce load on the signing server later and
-  # ensure we only attempt to sign shipping files.
-  - script: node build/package.js
-    displayName: Build and pack extension
-
-  # Extract the VSIXes, sign what we can, then pack it back up and publish it.
-  - pwsh: |
-      $path = Join-Path $Env:TEMP "7z-installer.exe"
-      Invoke-WebRequest https://www.7-zip.org/a/7z2201-x64.exe -OutFile $path
-      Start-Process -FilePath $path -Args "/S" -Verb RunAs -Wait
-      Remove-Item $path
-      Echo "##vso[task.prependpath]$Env:PROGRAMFILES\7-Zip\"
-    displayName: Install 7zip
-  - pwsh: Get-ChildItem out\vsix | Foreach-Object { 7z x $_.FullName -o$(Build.StagingDirectory)\vscode-arduino\$($_.BaseName) }
-    displayName: Extract extension for signing
-  - task: NuGetToolInstaller@1
-    displayName: Install NuGet
-  - task: NuGetAuthenticate@0
-    displayName: Authenticate NuGet
-  - script: nuget restore .\build\SignFiles.proj -PackagesDirectory .\build\packages
-    displayName: Restore MicroBuild Core
-    # MicroBuild signing will always fail on public PRs.
-    condition: ne(variables['Build.Reason'], 'PullRequest')
-  - task: MSBuild@1
-    displayName: Sign files
-    inputs:
-      solution: .\build\SignFiles.proj
-      msbuildArguments: /p:SignType=$(SignType)
-    # MicroBuild signing will always fail on public PRs.
-    condition: ne(variables['Build.Reason'], 'PullRequest')
-  - pwsh: |
-        Get-ChildItem -Directory $(Build.StagingDirectory)\vscode-arduino | Foreach-Object { 7z a ($_.FullName + ".vsix") ($_.FullName + "\*") -tzip }
-        New-Item -Path $(Build.StagingDirectory)\vscode-arduino\vsix -ItemType Directory
-        Get-Item $(Build.StagingDirectory)\vscode-arduino\*.vsix | Move-Item -Destination $(Build.StagingDirectory)\vscode-arduino\vsix
-    displayName: Pack signed files
-  - task: MSBuild@1
-    displayName: Sign VSIXes
-    inputs:
-      solution: .\build\SignVsix.proj
-      msbuildArguments: /p:SignType=$(SignType)
-    # MicroBuild signing will always fail on public PRs.
-    condition: ne(variables['Build.Reason'], 'PullRequest')
-  - publish: $(Build.StagingDirectory)\vscode-arduino\vsix
-    artifact: VS Code extension VSIXes
-    displayName: Publish extension VSIXes as artifact
-
-  # Install the Arduino IDE and run tests.
-  - script: curl -LO https://downloads.arduino.cc/arduino-1.8.19-windows.zip
-    displayName: Download Arduino IDE
-  - script: >-
-      node build/checkHash.js arduino-1.8.19-windows.zip
-      c704a821089eab2588f1deae775916219b1517febd1dd574ff29958dca873945
-    displayName: Verify Arduino IDE
-  - task: ExtractFiles@1
-    displayName: Extract Arduino IDE
-    inputs:
-      archiveFilePatterns: arduino-1.8.19-windows.zip
-      destinationFolder: arduino-ide
-  - script: "echo ##vso[task.prependpath]$(Build.SourcesDirectory)\\arduino-ide\\arduino-1.8.19"
-    displayName: Add Arduino IDE to PATH
-  - script: npm test --silent
-    displayName: Run tests
-
-  - task: PostAnalysis@1
-    displayName: Check for compliance errors
-    # To avoid spirious warnings about missing logs, explicitly declare what we scanned.
-    inputs:
-      CredScan: true
-      PoliCheck: true
-
-  # Trust Services Automation (TSA) can automatically open bugs for compliance issues.
-  # https://www.1eswiki.com/wiki/Trust_Services_Automation_(TSA)
-  - task: TSAUpload@1
-    displayName: Upload logs to TSA
-    inputs:
-      tsaVersion: TsaV2
-      codebase: NewOrUpdate
-      codeBaseName: vscode-arduino
-      notificationAlias: [email protected]
-      instanceUrlForTsaV2: DEVDIV
-      projectNameDEVDIV: DevDiv
-      areaPath: DevDiv\Cpp Developer Experience\Cross Platform\Embedded
-      iterationPath: DevDiv
-      # To avoid spurious warnings about missing logs, explicitly declare what we don't upload.
-      uploadAPIScan: false
-      uploadBinSkim: false
-      uploadFortifySCA: false
-      uploadFxCop: false
-      uploadModernCop: false
-      uploadPREfast: false
-      uploadRoslyn: false
-      uploadTSLint: false
-    # Don't open bugs for PR builds
-    condition: ne(variables['Build.Reason'], 'PullRequest')
-
-  - task: GitHubRelease@0
-    displayName: Publish to GitHub
-    inputs:
-      gitHubConnection: embeddedbot
-      repositoryName: microsoft/vscode-arduino
-      action: create
-      target: $(Build.SourceVersion)
-      tagSource: auto
-      assets: $(Build.StagingDirectory)\vscode-arduino\vsix\*.vsix
-      isPreRelease: $[contains(variables['Build.SourceBranch'], '-rc')]
-    condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags'))
-
-  - task: MicroBuildCleanup@1
-    displayName: Clean up MicroBuild
+jobs:
+  - template: build/build.yml
diff --git a/build/build.yml b/build/build.yml
@@ -0,0 +1,179 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+parameters:
+  - name: prerelease
+    type: boolean
+    default: false
+
+jobs:
+  - job: Build
+    pool:
+      name: VSEngSS-MicroBuild2019-1ES
+    variables:
+      # MicroBuild requires TeamName to be set.
+      TeamName: C++ Cross Platform and Cloud
+    steps:
+      - task: MicroBuildSigningPlugin@3
+        displayName: Install MicroBuild Signing
+        inputs:
+          signType: $(SignType)
+          zipSources: false
+        # MicroBuild signing will always fail on public PRs.
+        condition: ne(variables['Build.Reason'], 'PullRequest')
+
+      # Run these scanners first so that they don't detect issues in dependencies.
+      # Failures won't break the build until "Check for compliance errors" step.
+      - task: CredScan@2
+        displayName: Run CredScan
+        inputs:
+          toolMajorVersion: V2
+      - task: PoliCheck@1
+        displayName: Run PoliCheck
+        inputs:
+          targetType: F
+          targetArgument: $(Build.SourcesDirectory)
+
+      # Node 14 matches the version of Node used by VS Code when this was written,
+      # but it should be updated when VS Code updates its Node version.
+      - task: NodeTool@0
+        displayName: Use Node 16.x
+        inputs:
+          versionSpec: 16.x
+
+      # Override the patch version if this is a pre-release build.
+      - ${{ if parameters.prerelease }}:
+          - pwsh: node -e "p=require('./package.json');p.version=p.version.replace(/\.\d+$/,'.'+$(Build.BuildNumber));require('fs').writeFileSync('./package.json',JSON.stringify(p,undefined,2))"
+
+      - script: npm install --global gulp node-gyp @vscode/vsce
+        displayName: Install global dependencies
+      - script: npm install
+        displayName: Install project dependencies
+
+      - task: ComponentGovernanceComponentDetection@0
+        displayName: Detect components
+      - task: notice@0
+        displayName: Generate NOTICE file
+        inputs:
+          outputfile: $(Build.SourcesDirectory)/NOTICE.txt
+        condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest'))
+
+      - script: gulp tslint
+        displayName: Check for linting errors
+      - script: gulp genAikey
+        displayName: Use production AI key
+        condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags'))
+      # Pack the extension now even though it's unsigned so that we ignore files
+      # from .vscodeignore. This will reduce load on the signing server later and
+      # ensure we only attempt to sign shipping files.
+      - ${{ if parameters.prerelease }}:
+          - script: node build/package.js --pre-release
+            displayName: Build and pack extension
+      - ${{ else }}:
+          - script: node build/package.js
+            displayName: Build and pack extension
+
+      # Extract the VSIXes, sign what we can, then pack it back up and publish it.
+      - pwsh: |
+          $path = Join-Path $Env:TEMP "7z-installer.exe"
+          Invoke-WebRequest https://www.7-zip.org/a/7z2201-x64.exe -OutFile $path
+          Start-Process -FilePath $path -Args "/S" -Verb RunAs -Wait
+          Remove-Item $path
+          Echo "##vso[task.prependpath]$Env:PROGRAMFILES\7-Zip\"
+        displayName: Install 7zip
+      - pwsh: Get-ChildItem out\vsix | Foreach-Object { 7z x $_.FullName -o$(Build.StagingDirectory)\vscode-arduino\$($_.BaseName) }
+        displayName: Extract extension for signing
+      - task: NuGetToolInstaller@1
+        displayName: Install NuGet
+      - task: NuGetAuthenticate@0
+        displayName: Authenticate NuGet
+      - script: nuget restore .\build\SignFiles.proj -PackagesDirectory .\build\packages
+        displayName: Restore MicroBuild Core
+        # MicroBuild signing will always fail on public PRs.
+        condition: ne(variables['Build.Reason'], 'PullRequest')
+      - task: MSBuild@1
+        displayName: Sign files
+        inputs:
+          solution: .\build\SignFiles.proj
+          msbuildArguments: /p:SignType=$(SignType)
+        # MicroBuild signing will always fail on public PRs.
+        condition: ne(variables['Build.Reason'], 'PullRequest')
+      - pwsh: |
+            Get-ChildItem -Directory $(Build.StagingDirectory)\vscode-arduino | Foreach-Object { 7z a ($_.FullName + ".vsix") ($_.FullName + "\*") -tzip }
+            New-Item -Path $(Build.StagingDirectory)\vscode-arduino\vsix -ItemType Directory
+            Get-Item $(Build.StagingDirectory)\vscode-arduino\*.vsix | Move-Item -Destination $(Build.StagingDirectory)\vscode-arduino\vsix
+        displayName: Pack signed files
+      - task: MSBuild@1
+        displayName: Sign VSIXes
+        inputs:
+          solution: .\build\SignVsix.proj
+          msbuildArguments: /p:SignType=$(SignType)
+        # MicroBuild signing will always fail on public PRs.
+        condition: ne(variables['Build.Reason'], 'PullRequest')
+      - publish: $(Build.StagingDirectory)\vscode-arduino\vsix
+        artifact: extension-vsixes
+        displayName: Publish extension VSIXes as artifact
+
+      # Install the Arduino IDE and run tests.
+      - script: curl -LO https://downloads.arduino.cc/arduino-1.8.19-windows.zip
+        displayName: Download Arduino IDE
+      - script: >-
+          node build/checkHash.js arduino-1.8.19-windows.zip
+          c704a821089eab2588f1deae775916219b1517febd1dd574ff29958dca873945
+        displayName: Verify Arduino IDE
+      - task: ExtractFiles@1
+        displayName: Extract Arduino IDE
+        inputs:
+          archiveFilePatterns: arduino-1.8.19-windows.zip
+          destinationFolder: arduino-ide
+      - script: "echo ##vso[task.prependpath]$(Build.SourcesDirectory)\\arduino-ide\\arduino-1.8.19"
+        displayName: Add Arduino IDE to PATH
+      - script: npm test --silent
+        displayName: Run tests
+
+      - task: PostAnalysis@1
+        displayName: Check for compliance errors
+        # To avoid spirious warnings about missing logs, explicitly declare what we scanned.
+        inputs:
+          CredScan: true
+          PoliCheck: true
+
+      # Trust Services Automation (TSA) can automatically open bugs for compliance issues.
+      # https://www.1eswiki.com/wiki/Trust_Services_Automation_(TSA)
+      - task: TSAUpload@1
+        displayName: Upload logs to TSA
+        inputs:
+          tsaVersion: TsaV2
+          codebase: NewOrUpdate
+          codeBaseName: vscode-arduino
+          notificationAlias: [email protected]
+          instanceUrlForTsaV2: DEVDIV
+          projectNameDEVDIV: DevDiv
+          areaPath: DevDiv\Cpp Developer Experience\Cross Platform\Embedded
+          iterationPath: DevDiv
+          # To avoid spurious warnings about missing logs, explicitly declare what we don't upload.
+          uploadAPIScan: false
+          uploadBinSkim: false
+          uploadFortifySCA: false
+          uploadFxCop: false
+          uploadModernCop: false
+          uploadPREfast: false
+          uploadRoslyn: false
+          uploadTSLint: false
+        # Don't open bugs for PR builds
+        condition: ne(variables['Build.Reason'], 'PullRequest')
+
+      - task: GitHubRelease@0
+        displayName: Publish to GitHub
+        inputs:
+          gitHubConnection: embeddedbot
+          repositoryName: microsoft/vscode-arduino
+          action: create
+          target: $(Build.SourceVersion)
+          tagSource: auto
+          assets: $(Build.StagingDirectory)\vscode-arduino\vsix\*.vsix
+          isPreRelease: $[contains(variables['Build.SourceBranch'], '-rc')]
+        condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags'))
+
+      - task: MicroBuildCleanup@1
+        displayName: Clean up MicroBuild
diff --git a/build/prerelease.yml b/build/prerelease.yml
@@ -0,0 +1,43 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+# This will become the patch digit on the extension version. To avoid potential
+# issues, it uses a two digit year to keep the entire number well under 2^31-1.
+name: $(Date:yyMMdd)$(Rev:rrr)
+
+trigger: none
+pr: none
+schedules:
+  - cron: "0 2 * * *"
+    displayName: Daily 2 AM
+    branches:
+      include:
+        - main
+
+variables:
+  # TODO: change this to real sign after getting signing approval.
+  SignType: test
+
+jobs:
+  - template: ./build.yml
+    parameters:
+      prerelease: true
+  - job: PublishExtensions
+    displayName: Publish extensions
+    dependsOn: Build
+    pool:
+      name: "AzurePipelines-EO"
+    steps:
+      - checkout: none
+      - download: current
+        artifact: extension-vsixes
+      - task: NodeTool@0
+        displayName: Use Node 16.x
+        inputs:
+          versionSpec: 16.x
+      - script: npm install --global @vscode/vsce
+        displayName: Install vsce
+      - script: for f in $(Pipeline.Workspace)/extension-vsixes/*.vsix; do vsce publish --packagePath $f; done
+        displayName: Publish vscode-arduino
+        env:
+          VSCE_PAT: $(vscePat)