Use RBAC for builds (#137473)
* build: 👷 adopt latest azure storage account * build: 💄 * missing compilation * iterate faster * try using AzureCliCredential * fix indentation * arg * fix build * use MSI for storage * fix dependency * argh * debug * fix! * bring back * argh * use RBAC for cosmos * empty
This commit is contained in:
parent
d614b269ba
commit
6ac63ccffb
|
@ -5,11 +5,11 @@
|
|||
'use strict';
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
const fs = require("fs");
|
||||
const url = require("url");
|
||||
const crypto = require("crypto");
|
||||
const azure = require("azure-storage");
|
||||
const storage_blob_1 = require("@azure/storage-blob");
|
||||
const mime = require("mime");
|
||||
const cosmos_1 = require("@azure/cosmos");
|
||||
const identity_1 = require("@azure/identity");
|
||||
const retry_1 = require("./retry");
|
||||
if (process.argv.length !== 8) {
|
||||
console.error('Usage: node createAsset.js PRODUCT OS ARCH TYPE NAME FILE');
|
||||
|
@ -118,20 +118,6 @@ function hashStream(hashName, stream) {
|
|||
.on('close', () => c(shasum.digest('hex')));
|
||||
});
|
||||
}
|
||||
async function doesAssetExist(blobService, quality, blobName) {
|
||||
const existsResult = await new Promise((c, e) => blobService.doesBlobExist(quality, blobName, (err, r) => err ? e(err) : c(r)));
|
||||
return existsResult.exists;
|
||||
}
|
||||
async function uploadBlob(blobService, quality, blobName, filePath, fileName) {
|
||||
const blobOptions = {
|
||||
contentSettings: {
|
||||
contentType: mime.lookup(filePath),
|
||||
contentDisposition: `attachment; filename="${fileName}"`,
|
||||
cacheControl: 'max-age=31536000, public'
|
||||
}
|
||||
};
|
||||
await new Promise((c, e) => blobService.createBlockBlobFromLocalFile(quality, blobName, filePath, blobOptions, err => err ? e(err) : c()));
|
||||
}
|
||||
function getEnv(name) {
|
||||
const result = process.env[name];
|
||||
if (typeof result === 'undefined') {
|
||||
|
@ -155,28 +141,35 @@ async function main() {
|
|||
console.log('SHA1:', sha1hash);
|
||||
console.log('SHA256:', sha256hash);
|
||||
const blobName = commit + '/' + fileName;
|
||||
const storageAccount = process.env['AZURE_STORAGE_ACCOUNT_2'];
|
||||
const blobService = azure.createBlobService(storageAccount, process.env['AZURE_STORAGE_ACCESS_KEY_2'])
|
||||
.withFilter(new azure.ExponentialRetryPolicyFilter(20));
|
||||
const blobExists = await doesAssetExist(blobService, quality, blobName);
|
||||
const storagePipelineOptions = { retryOptions: { retryPolicyType: storage_blob_1.StorageRetryPolicyType.EXPONENTIAL, maxTries: 6, tryTimeoutInMs: 10 * 60 * 1000 } };
|
||||
const credential = new identity_1.ClientSecretCredential(process.env['AZURE_TENANT_ID'], process.env['AZURE_CLIENT_ID'], process.env['AZURE_CLIENT_SECRET']);
|
||||
const blobServiceClient = new storage_blob_1.BlobServiceClient(`https://vscode.blob.core.windows.net`, credential, storagePipelineOptions);
|
||||
const containerClient = blobServiceClient.getContainerClient(quality);
|
||||
const blobClient = containerClient.getBlockBlobClient(blobName);
|
||||
const blobExists = await blobClient.exists();
|
||||
if (blobExists) {
|
||||
console.log(`Blob ${quality}, ${blobName} already exists, not publishing again.`);
|
||||
return;
|
||||
}
|
||||
const mooncakeBlobService = azure.createBlobService(storageAccount, process.env['MOONCAKE_STORAGE_ACCESS_KEY'], `${storageAccount}.blob.core.chinacloudapi.cn`)
|
||||
.withFilter(new azure.ExponentialRetryPolicyFilter(20));
|
||||
// mooncake is fussy and far away, this is needed!
|
||||
blobService.defaultClientRequestTimeoutInMs = 10 * 60 * 1000;
|
||||
mooncakeBlobService.defaultClientRequestTimeoutInMs = 10 * 60 * 1000;
|
||||
const mooncakeCredential = new identity_1.ClientSecretCredential(process.env['AZURE_MOONCAKE_TENANT_ID'], process.env['AZURE_MOONCAKE_CLIENT_ID'], process.env['AZURE_MOONCAKE_CLIENT_SECRET']);
|
||||
const mooncakeBlobServiceClient = new storage_blob_1.BlobServiceClient(`https://vscode.blob.core.chinacloudapi.cn`, mooncakeCredential, storagePipelineOptions);
|
||||
const mooncakeContainerClient = mooncakeBlobServiceClient.getContainerClient(quality);
|
||||
const mooncakeBlobClient = mooncakeContainerClient.getBlockBlobClient(blobName);
|
||||
console.log('Uploading blobs to Azure storage and Mooncake Azure storage...');
|
||||
const blobOptions = {
|
||||
blobHTTPHeaders: {
|
||||
blobContentType: mime.lookup(filePath),
|
||||
blobContentDisposition: `attachment; filename="${fileName}"`,
|
||||
blobCacheControl: 'max-age=31536000, public'
|
||||
}
|
||||
};
|
||||
await (0, retry_1.retry)(() => Promise.all([
|
||||
uploadBlob(blobService, quality, blobName, filePath, fileName),
|
||||
uploadBlob(mooncakeBlobService, quality, blobName, filePath, fileName)
|
||||
blobClient.uploadFile(filePath, blobOptions),
|
||||
mooncakeBlobClient.uploadFile(filePath, blobOptions)
|
||||
]));
|
||||
console.log('Blobs successfully uploaded.');
|
||||
// TODO: Understand if blobName and blobPath are the same and replace blobPath with blobName if so.
|
||||
const assetUrl = `${process.env['AZURE_CDN_URL']}/${quality}/${blobName}`;
|
||||
const blobPath = url.parse(assetUrl).path;
|
||||
const blobPath = new URL(assetUrl).pathname;
|
||||
const mooncakeUrl = `${process.env['MOONCAKE_CDN_URL']}${blobPath}`;
|
||||
const asset = {
|
||||
platform,
|
||||
|
@ -192,7 +185,7 @@ async function main() {
|
|||
asset.supportsFastUpdate = true;
|
||||
}
|
||||
console.log('Asset:', JSON.stringify(asset, null, ' '));
|
||||
const client = new cosmos_1.CosmosClient({ endpoint: process.env['AZURE_DOCUMENTDB_ENDPOINT'], key: process.env['AZURE_DOCUMENTDB_MASTERKEY'] });
|
||||
const client = new cosmos_1.CosmosClient({ endpoint: process.env['AZURE_DOCUMENTDB_ENDPOINT'], aadCredentials: credential });
|
||||
const scripts = client.database('builds').container(quality).scripts;
|
||||
await (0, retry_1.retry)(() => scripts.storedProcedure('createAsset').execute('', [commit, asset, true]));
|
||||
console.log(` Done ✔️`);
|
||||
|
|
|
@ -6,12 +6,12 @@
|
|||
'use strict';
|
||||
|
||||
import * as fs from 'fs';
|
||||
import * as url from 'url';
|
||||
import { Readable } from 'stream';
|
||||
import * as crypto from 'crypto';
|
||||
import * as azure from 'azure-storage';
|
||||
import { BlobServiceClient, BlockBlobParallelUploadOptions, StoragePipelineOptions, StorageRetryPolicyType } from '@azure/storage-blob';
|
||||
import * as mime from 'mime';
|
||||
import { CosmosClient } from '@azure/cosmos';
|
||||
import { ClientSecretCredential } from '@azure/identity';
|
||||
import { retry } from './retry';
|
||||
|
||||
interface Asset {
|
||||
|
@ -137,23 +137,6 @@ function hashStream(hashName: string, stream: Readable): Promise<string> {
|
|||
});
|
||||
}
|
||||
|
||||
async function doesAssetExist(blobService: azure.BlobService, quality: string, blobName: string): Promise<boolean | undefined> {
|
||||
const existsResult = await new Promise<azure.BlobService.BlobResult>((c, e) => blobService.doesBlobExist(quality, blobName, (err, r) => err ? e(err) : c(r)));
|
||||
return existsResult.exists;
|
||||
}
|
||||
|
||||
async function uploadBlob(blobService: azure.BlobService, quality: string, blobName: string, filePath: string, fileName: string): Promise<void> {
|
||||
const blobOptions: azure.BlobService.CreateBlockBlobRequestOptions = {
|
||||
contentSettings: {
|
||||
contentType: mime.lookup(filePath),
|
||||
contentDisposition: `attachment; filename="${fileName}"`,
|
||||
cacheControl: 'max-age=31536000, public'
|
||||
}
|
||||
};
|
||||
|
||||
await new Promise<void>((c, e) => blobService.createBlockBlobFromLocalFile(quality, blobName, filePath, blobOptions, err => err ? e(err) : c()));
|
||||
}
|
||||
|
||||
function getEnv(name: string): string {
|
||||
const result = process.env[name];
|
||||
|
||||
|
@ -186,37 +169,44 @@ async function main(): Promise<void> {
|
|||
console.log('SHA256:', sha256hash);
|
||||
|
||||
const blobName = commit + '/' + fileName;
|
||||
const storageAccount = process.env['AZURE_STORAGE_ACCOUNT_2']!;
|
||||
|
||||
const blobService = azure.createBlobService(storageAccount, process.env['AZURE_STORAGE_ACCESS_KEY_2']!)
|
||||
.withFilter(new azure.ExponentialRetryPolicyFilter(20));
|
||||
const storagePipelineOptions: StoragePipelineOptions = { retryOptions: { retryPolicyType: StorageRetryPolicyType.EXPONENTIAL, maxTries: 6, tryTimeoutInMs: 10 * 60 * 1000 } };
|
||||
|
||||
const blobExists = await doesAssetExist(blobService, quality, blobName);
|
||||
const credential = new ClientSecretCredential(process.env['AZURE_TENANT_ID']!, process.env['AZURE_CLIENT_ID']!, process.env['AZURE_CLIENT_SECRET']!);
|
||||
const blobServiceClient = new BlobServiceClient(`https://vscode.blob.core.windows.net`, credential, storagePipelineOptions);
|
||||
const containerClient = blobServiceClient.getContainerClient(quality);
|
||||
const blobClient = containerClient.getBlockBlobClient(blobName);
|
||||
const blobExists = await blobClient.exists();
|
||||
|
||||
if (blobExists) {
|
||||
console.log(`Blob ${quality}, ${blobName} already exists, not publishing again.`);
|
||||
return;
|
||||
}
|
||||
|
||||
const mooncakeBlobService = azure.createBlobService(storageAccount, process.env['MOONCAKE_STORAGE_ACCESS_KEY']!, `${storageAccount}.blob.core.chinacloudapi.cn`)
|
||||
.withFilter(new azure.ExponentialRetryPolicyFilter(20));
|
||||
|
||||
// mooncake is fussy and far away, this is needed!
|
||||
blobService.defaultClientRequestTimeoutInMs = 10 * 60 * 1000;
|
||||
mooncakeBlobService.defaultClientRequestTimeoutInMs = 10 * 60 * 1000;
|
||||
const mooncakeCredential = new ClientSecretCredential(process.env['AZURE_MOONCAKE_TENANT_ID']!, process.env['AZURE_MOONCAKE_CLIENT_ID']!, process.env['AZURE_MOONCAKE_CLIENT_SECRET']!);
|
||||
const mooncakeBlobServiceClient = new BlobServiceClient(`https://vscode.blob.core.chinacloudapi.cn`, mooncakeCredential, storagePipelineOptions);
|
||||
const mooncakeContainerClient = mooncakeBlobServiceClient.getContainerClient(quality);
|
||||
const mooncakeBlobClient = mooncakeContainerClient.getBlockBlobClient(blobName);
|
||||
|
||||
console.log('Uploading blobs to Azure storage and Mooncake Azure storage...');
|
||||
|
||||
const blobOptions: BlockBlobParallelUploadOptions = {
|
||||
blobHTTPHeaders: {
|
||||
blobContentType: mime.lookup(filePath),
|
||||
blobContentDisposition: `attachment; filename="${fileName}"`,
|
||||
blobCacheControl: 'max-age=31536000, public'
|
||||
}
|
||||
};
|
||||
|
||||
await retry(() => Promise.all([
|
||||
uploadBlob(blobService, quality, blobName, filePath, fileName),
|
||||
uploadBlob(mooncakeBlobService, quality, blobName, filePath, fileName)
|
||||
blobClient.uploadFile(filePath, blobOptions),
|
||||
mooncakeBlobClient.uploadFile(filePath, blobOptions)
|
||||
]));
|
||||
|
||||
console.log('Blobs successfully uploaded.');
|
||||
|
||||
// TODO: Understand if blobName and blobPath are the same and replace blobPath with blobName if so.
|
||||
const assetUrl = `${process.env['AZURE_CDN_URL']}/${quality}/${blobName}`;
|
||||
const blobPath = url.parse(assetUrl).path;
|
||||
const blobPath = new URL(assetUrl).pathname;
|
||||
const mooncakeUrl = `${process.env['MOONCAKE_CDN_URL']}${blobPath}`;
|
||||
|
||||
const asset: Asset = {
|
||||
|
@ -236,7 +226,7 @@ async function main(): Promise<void> {
|
|||
|
||||
console.log('Asset:', JSON.stringify(asset, null, ' '));
|
||||
|
||||
const client = new CosmosClient({ endpoint: process.env['AZURE_DOCUMENTDB_ENDPOINT']!, key: process.env['AZURE_DOCUMENTDB_MASTERKEY'] });
|
||||
const client = new CosmosClient({ endpoint: process.env['AZURE_DOCUMENTDB_ENDPOINT']!, aadCredentials: credential });
|
||||
const scripts = client.database('builds').container(quality).scripts;
|
||||
await retry(() => scripts.storedProcedure('createAsset').execute('', [commit, asset, true]));
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
*--------------------------------------------------------------------------------------------*/
|
||||
'use strict';
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
const identity_1 = require("@azure/identity");
|
||||
const cosmos_1 = require("@azure/cosmos");
|
||||
const retry_1 = require("./retry");
|
||||
if (process.argv.length !== 3) {
|
||||
|
@ -38,7 +39,8 @@ async function main() {
|
|||
assets: [],
|
||||
updates: {}
|
||||
};
|
||||
const client = new cosmos_1.CosmosClient({ endpoint: process.env['AZURE_DOCUMENTDB_ENDPOINT'], key: process.env['AZURE_DOCUMENTDB_MASTERKEY'] });
|
||||
const aadCredentials = new identity_1.ClientSecretCredential(process.env['AZURE_TENANT_ID'], process.env['AZURE_CLIENT_ID'], process.env['AZURE_CLIENT_SECRET']);
|
||||
const client = new cosmos_1.CosmosClient({ endpoint: process.env['AZURE_DOCUMENTDB_ENDPOINT'], aadCredentials });
|
||||
const scripts = client.database('builds').container(quality).scripts;
|
||||
await (0, retry_1.retry)(() => scripts.storedProcedure('createBuild').execute('', [Object.assign(Object.assign({}, build), { _partitionKey: '' })]));
|
||||
}
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
|
||||
'use strict';
|
||||
|
||||
import { ClientSecretCredential } from '@azure/identity';
|
||||
import { CosmosClient } from '@azure/cosmos';
|
||||
import { retry } from './retry';
|
||||
|
||||
|
@ -47,7 +48,8 @@ async function main(): Promise<void> {
|
|||
updates: {}
|
||||
};
|
||||
|
||||
const client = new CosmosClient({ endpoint: process.env['AZURE_DOCUMENTDB_ENDPOINT']!, key: process.env['AZURE_DOCUMENTDB_MASTERKEY'] });
|
||||
const aadCredentials = new ClientSecretCredential(process.env['AZURE_TENANT_ID']!, process.env['AZURE_CLIENT_ID']!, process.env['AZURE_CLIENT_SECRET']!);
|
||||
const client = new CosmosClient({ endpoint: process.env['AZURE_DOCUMENTDB_ENDPOINT']!, aadCredentials });
|
||||
const scripts = client.database('builds').container(quality).scripts;
|
||||
await retry(() => scripts.storedProcedure('createBuild').execute('', [{ ...build, _partitionKey: '' }]));
|
||||
}
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
*--------------------------------------------------------------------------------------------*/
|
||||
'use strict';
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
const identity_1 = require("@azure/identity");
|
||||
const cosmos_1 = require("@azure/cosmos");
|
||||
const retry_1 = require("./retry");
|
||||
function getEnv(name) {
|
||||
|
@ -30,7 +31,8 @@ async function getConfig(client, quality) {
|
|||
async function main() {
|
||||
const commit = getEnv('BUILD_SOURCEVERSION');
|
||||
const quality = getEnv('VSCODE_QUALITY');
|
||||
const client = new cosmos_1.CosmosClient({ endpoint: process.env['AZURE_DOCUMENTDB_ENDPOINT'], key: process.env['AZURE_DOCUMENTDB_MASTERKEY'] });
|
||||
const aadCredentials = new identity_1.ClientSecretCredential(process.env['AZURE_TENANT_ID'], process.env['AZURE_CLIENT_ID'], process.env['AZURE_CLIENT_SECRET']);
|
||||
const client = new cosmos_1.CosmosClient({ endpoint: process.env['AZURE_DOCUMENTDB_ENDPOINT'], aadCredentials });
|
||||
const config = await getConfig(client, quality);
|
||||
console.log('Quality config:', config);
|
||||
if (config.frozen) {
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
|
||||
'use strict';
|
||||
|
||||
import { ClientSecretCredential } from '@azure/identity';
|
||||
import { CosmosClient } from '@azure/cosmos';
|
||||
import { retry } from './retry';
|
||||
|
||||
|
@ -46,7 +47,8 @@ async function main(): Promise<void> {
|
|||
const commit = getEnv('BUILD_SOURCEVERSION');
|
||||
const quality = getEnv('VSCODE_QUALITY');
|
||||
|
||||
const client = new CosmosClient({ endpoint: process.env['AZURE_DOCUMENTDB_ENDPOINT']!, key: process.env['AZURE_DOCUMENTDB_MASTERKEY'] });
|
||||
const aadCredentials = new ClientSecretCredential(process.env['AZURE_TENANT_ID']!, process.env['AZURE_CLIENT_ID']!, process.env['AZURE_CLIENT_SECRET']!);
|
||||
const client = new CosmosClient({ endpoint: process.env['AZURE_DOCUMENTDB_ENDPOINT']!, aadCredentials });
|
||||
const config = await getConfig(client, quality);
|
||||
|
||||
console.log('Quality config:', config);
|
||||
|
|
|
@ -289,9 +289,6 @@ steps:
|
|||
|
||||
- script: |
|
||||
set -e
|
||||
AZURE_DOCUMENTDB_MASTERKEY="$(builds-docdb-key-readwrite)" \
|
||||
AZURE_STORAGE_ACCESS_KEY_2="$(vscode-storage-key)" \
|
||||
VSCODE_MIXIN_PASSWORD="$(github-distro-mixin-password)" \
|
||||
VSCODE_ARCH="$(VSCODE_ARCH)" \
|
||||
./build/azure-pipelines/linux/prepare-publish.sh
|
||||
displayName: Prepare for Publish
|
||||
|
|
|
@ -152,212 +152,209 @@ stages:
|
|||
- template: product-compile.yml
|
||||
|
||||
- ${{ if and(eq(parameters.VSCODE_COMPILE_ONLY, false), eq(variables['VSCODE_BUILD_STAGE_WINDOWS'], true)) }}:
|
||||
- stage: Windows
|
||||
dependsOn:
|
||||
- Compile
|
||||
pool:
|
||||
vmImage: VS2017-Win2016
|
||||
jobs:
|
||||
- stage: Windows
|
||||
dependsOn:
|
||||
- Compile
|
||||
pool:
|
||||
vmImage: VS2017-Win2016
|
||||
jobs:
|
||||
- ${{ if eq(parameters.VSCODE_BUILD_WIN32, true) }}:
|
||||
- job: Windows
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: x64
|
||||
steps:
|
||||
- template: win32/product-build-win32.yml
|
||||
|
||||
- ${{ if eq(parameters.VSCODE_BUILD_WIN32, true) }}:
|
||||
- job: Windows
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: x64
|
||||
steps:
|
||||
- template: win32/product-build-win32.yml
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_WIN32_32BIT, true)) }}:
|
||||
- job: Windows32
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: ia32
|
||||
steps:
|
||||
- template: win32/product-build-win32.yml
|
||||
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_WIN32_32BIT, true)) }}:
|
||||
- job: Windows32
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: ia32
|
||||
steps:
|
||||
- template: win32/product-build-win32.yml
|
||||
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_WIN32_ARM64, true)) }}:
|
||||
- job: WindowsARM64
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: arm64
|
||||
steps:
|
||||
- template: win32/product-build-win32.yml
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_WIN32_ARM64, true)) }}:
|
||||
- job: WindowsARM64
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: arm64
|
||||
steps:
|
||||
- template: win32/product-build-win32.yml
|
||||
|
||||
- ${{ if and(eq(parameters.VSCODE_COMPILE_ONLY, false), eq(variables['VSCODE_BUILD_STAGE_LINUX'], true)) }}:
|
||||
- stage: Linux
|
||||
dependsOn:
|
||||
- Compile
|
||||
pool:
|
||||
vmImage: "Ubuntu-18.04"
|
||||
jobs:
|
||||
|
||||
- ${{ if eq(parameters.VSCODE_BUILD_LINUX, true) }}:
|
||||
- job: Linux
|
||||
container: vscode-x64
|
||||
variables:
|
||||
VSCODE_ARCH: x64
|
||||
NPM_ARCH: x64
|
||||
DISPLAY: ":10"
|
||||
steps:
|
||||
- template: linux/product-build-linux.yml
|
||||
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_LINUX, true), ne(variables['VSCODE_PUBLISH'], 'false')) }}:
|
||||
- job: LinuxSnap
|
||||
dependsOn:
|
||||
- Linux
|
||||
container: snapcraft
|
||||
variables:
|
||||
VSCODE_ARCH: x64
|
||||
steps:
|
||||
- template: linux/snap-build-linux.yml
|
||||
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_LINUX_ARMHF, true)) }}:
|
||||
- job: LinuxArmhf
|
||||
container: vscode-armhf
|
||||
variables:
|
||||
VSCODE_ARCH: armhf
|
||||
NPM_ARCH: armv7l
|
||||
steps:
|
||||
- template: linux/product-build-linux.yml
|
||||
|
||||
# TODO@joaomoreno: We don't ship ARM snaps for now
|
||||
- ${{ if and(false, eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_LINUX_ARMHF, true)) }}:
|
||||
- job: LinuxSnapArmhf
|
||||
dependsOn:
|
||||
- LinuxArmhf
|
||||
container: snapcraft
|
||||
variables:
|
||||
VSCODE_ARCH: armhf
|
||||
steps:
|
||||
- template: linux/snap-build-linux.yml
|
||||
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_LINUX_ARM64, true)) }}:
|
||||
- job: LinuxArm64
|
||||
container: vscode-arm64
|
||||
variables:
|
||||
VSCODE_ARCH: arm64
|
||||
NPM_ARCH: arm64
|
||||
steps:
|
||||
- template: linux/product-build-linux.yml
|
||||
|
||||
# TODO@joaomoreno: We don't ship ARM snaps for now
|
||||
- ${{ if and(false, eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_LINUX_ARM64, true)) }}:
|
||||
- job: LinuxSnapArm64
|
||||
dependsOn:
|
||||
- LinuxArm64
|
||||
container: snapcraft
|
||||
variables:
|
||||
VSCODE_ARCH: arm64
|
||||
steps:
|
||||
- template: linux/snap-build-linux.yml
|
||||
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_LINUX_ALPINE, true)) }}:
|
||||
- job: LinuxAlpine
|
||||
variables:
|
||||
VSCODE_ARCH: x64
|
||||
steps:
|
||||
- template: linux/product-build-alpine.yml
|
||||
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_LINUX_ALPINE_ARM64, true)) }}:
|
||||
- job: LinuxAlpineArm64
|
||||
variables:
|
||||
VSCODE_ARCH: arm64
|
||||
steps:
|
||||
- template: linux/product-build-alpine.yml
|
||||
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_WEB, true)) }}:
|
||||
- job: LinuxWeb
|
||||
variables:
|
||||
VSCODE_ARCH: x64
|
||||
steps:
|
||||
- template: web/product-build-web.yml
|
||||
|
||||
- ${{ if and(eq(parameters.VSCODE_COMPILE_ONLY, false), eq(variables['VSCODE_BUILD_STAGE_MACOS'], true)) }}:
|
||||
- stage: macOS
|
||||
dependsOn:
|
||||
- Compile
|
||||
pool:
|
||||
vmImage: macOS-latest
|
||||
jobs:
|
||||
|
||||
- ${{ if eq(parameters.VSCODE_BUILD_MACOS, true) }}:
|
||||
- job: macOS
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: x64
|
||||
steps:
|
||||
- template: darwin/product-build-darwin.yml
|
||||
- ${{ if ne(variables['VSCODE_PUBLISH'], 'false') }}:
|
||||
- job: macOSSign
|
||||
dependsOn:
|
||||
- macOS
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: x64
|
||||
steps:
|
||||
- template: darwin/product-build-darwin-sign.yml
|
||||
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_MACOS_ARM64, true)) }}:
|
||||
- job: macOSARM64
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: arm64
|
||||
steps:
|
||||
- template: darwin/product-build-darwin.yml
|
||||
- ${{ if ne(variables['VSCODE_PUBLISH'], 'false') }}:
|
||||
- job: macOSARM64Sign
|
||||
dependsOn:
|
||||
- macOSARM64
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: arm64
|
||||
steps:
|
||||
- template: darwin/product-build-darwin-sign.yml
|
||||
|
||||
- ${{ if eq(variables['VSCODE_BUILD_MACOS_UNIVERSAL'], true) }}:
|
||||
- job: macOSUniversal
|
||||
dependsOn:
|
||||
- macOS
|
||||
- macOSARM64
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: universal
|
||||
steps:
|
||||
- template: darwin/product-build-darwin.yml
|
||||
- ${{ if ne(variables['VSCODE_PUBLISH'], 'false') }}:
|
||||
- job: macOSUniversalSign
|
||||
dependsOn:
|
||||
- macOSUniversal
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: universal
|
||||
steps:
|
||||
- template: darwin/product-build-darwin-sign.yml
|
||||
|
||||
- ${{ if and(eq(parameters.VSCODE_COMPILE_ONLY, false), ne(variables['VSCODE_PUBLISH'], 'false')) }}:
|
||||
- stage: Publish
|
||||
dependsOn:
|
||||
- Compile
|
||||
pool:
|
||||
vmImage: "Ubuntu-18.04"
|
||||
variables:
|
||||
- name: BUILDS_API_URL
|
||||
value: $(System.CollectionUri)$(System.TeamProject)/_apis/build/builds/$(Build.BuildId)/
|
||||
jobs:
|
||||
- job: PublishBuild
|
||||
timeoutInMinutes: 180
|
||||
displayName: Publish Build
|
||||
steps:
|
||||
- template: product-publish.yml
|
||||
|
||||
- ${{ if or(eq(parameters.VSCODE_RELEASE, true), and(in(parameters.VSCODE_QUALITY, 'insider', 'exploration'), eq(variables['VSCODE_SCHEDULEDBUILD'], true))) }}:
|
||||
- stage: Release
|
||||
- stage: Linux
|
||||
dependsOn:
|
||||
- Publish
|
||||
- Compile
|
||||
pool:
|
||||
vmImage: "Ubuntu-18.04"
|
||||
jobs:
|
||||
- job: ReleaseBuild
|
||||
displayName: Release Build
|
||||
- ${{ if eq(parameters.VSCODE_BUILD_LINUX, true) }}:
|
||||
- job: Linux
|
||||
container: vscode-x64
|
||||
variables:
|
||||
VSCODE_ARCH: x64
|
||||
NPM_ARCH: x64
|
||||
DISPLAY: ":10"
|
||||
steps:
|
||||
- template: linux/product-build-linux.yml
|
||||
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_LINUX, true), ne(variables['VSCODE_PUBLISH'], 'false')) }}:
|
||||
- job: LinuxSnap
|
||||
dependsOn:
|
||||
- Linux
|
||||
container: snapcraft
|
||||
variables:
|
||||
VSCODE_ARCH: x64
|
||||
steps:
|
||||
- template: linux/snap-build-linux.yml
|
||||
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_LINUX_ARMHF, true)) }}:
|
||||
- job: LinuxArmhf
|
||||
container: vscode-armhf
|
||||
variables:
|
||||
VSCODE_ARCH: armhf
|
||||
NPM_ARCH: armv7l
|
||||
steps:
|
||||
- template: linux/product-build-linux.yml
|
||||
|
||||
# TODO@joaomoreno: We don't ship ARM snaps for now
|
||||
- ${{ if and(false, eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_LINUX_ARMHF, true)) }}:
|
||||
- job: LinuxSnapArmhf
|
||||
dependsOn:
|
||||
- LinuxArmhf
|
||||
container: snapcraft
|
||||
variables:
|
||||
VSCODE_ARCH: armhf
|
||||
steps:
|
||||
- template: linux/snap-build-linux.yml
|
||||
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_LINUX_ARM64, true)) }}:
|
||||
- job: LinuxArm64
|
||||
container: vscode-arm64
|
||||
variables:
|
||||
VSCODE_ARCH: arm64
|
||||
NPM_ARCH: arm64
|
||||
steps:
|
||||
- template: linux/product-build-linux.yml
|
||||
|
||||
# TODO@joaomoreno: We don't ship ARM snaps for now
|
||||
- ${{ if and(false, eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_LINUX_ARM64, true)) }}:
|
||||
- job: LinuxSnapArm64
|
||||
dependsOn:
|
||||
- LinuxArm64
|
||||
container: snapcraft
|
||||
variables:
|
||||
VSCODE_ARCH: arm64
|
||||
steps:
|
||||
- template: linux/snap-build-linux.yml
|
||||
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_LINUX_ALPINE, true)) }}:
|
||||
- job: LinuxAlpine
|
||||
variables:
|
||||
VSCODE_ARCH: x64
|
||||
steps:
|
||||
- template: linux/product-build-alpine.yml
|
||||
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_LINUX_ALPINE_ARM64, true)) }}:
|
||||
- job: LinuxAlpineArm64
|
||||
variables:
|
||||
VSCODE_ARCH: arm64
|
||||
steps:
|
||||
- template: linux/product-build-alpine.yml
|
||||
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_WEB, true)) }}:
|
||||
- job: LinuxWeb
|
||||
variables:
|
||||
VSCODE_ARCH: x64
|
||||
steps:
|
||||
- template: web/product-build-web.yml
|
||||
|
||||
- ${{ if and(eq(parameters.VSCODE_COMPILE_ONLY, false), eq(variables['VSCODE_BUILD_STAGE_MACOS'], true)) }}:
|
||||
- stage: macOS
|
||||
dependsOn:
|
||||
- Compile
|
||||
pool:
|
||||
vmImage: macOS-latest
|
||||
jobs:
|
||||
- ${{ if eq(parameters.VSCODE_BUILD_MACOS, true) }}:
|
||||
- job: macOS
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: x64
|
||||
steps:
|
||||
- template: darwin/product-build-darwin.yml
|
||||
- ${{ if ne(variables['VSCODE_PUBLISH'], 'false') }}:
|
||||
- job: macOSSign
|
||||
dependsOn:
|
||||
- macOS
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: x64
|
||||
steps:
|
||||
- template: darwin/product-build-darwin-sign.yml
|
||||
|
||||
- ${{ if and(eq(variables['VSCODE_CIBUILD'], false), eq(parameters.VSCODE_BUILD_MACOS_ARM64, true)) }}:
|
||||
- job: macOSARM64
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: arm64
|
||||
steps:
|
||||
- template: darwin/product-build-darwin.yml
|
||||
- ${{ if ne(variables['VSCODE_PUBLISH'], 'false') }}:
|
||||
- job: macOSARM64Sign
|
||||
dependsOn:
|
||||
- macOSARM64
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: arm64
|
||||
steps:
|
||||
- template: darwin/product-build-darwin-sign.yml
|
||||
|
||||
- ${{ if eq(variables['VSCODE_BUILD_MACOS_UNIVERSAL'], true) }}:
|
||||
- job: macOSUniversal
|
||||
dependsOn:
|
||||
- macOS
|
||||
- macOSARM64
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: universal
|
||||
steps:
|
||||
- template: darwin/product-build-darwin.yml
|
||||
- ${{ if ne(variables['VSCODE_PUBLISH'], 'false') }}:
|
||||
- job: macOSUniversalSign
|
||||
dependsOn:
|
||||
- macOSUniversal
|
||||
timeoutInMinutes: 90
|
||||
variables:
|
||||
VSCODE_ARCH: universal
|
||||
steps:
|
||||
- template: darwin/product-build-darwin-sign.yml
|
||||
|
||||
- ${{ if and(eq(parameters.VSCODE_COMPILE_ONLY, false), ne(variables['VSCODE_PUBLISH'], 'false')) }}:
|
||||
- stage: Publish
|
||||
dependsOn:
|
||||
- Compile
|
||||
pool:
|
||||
vmImage: "Ubuntu-18.04"
|
||||
variables:
|
||||
- name: BUILDS_API_URL
|
||||
value: $(System.CollectionUri)$(System.TeamProject)/_apis/build/builds/$(Build.BuildId)/
|
||||
jobs:
|
||||
- job: PublishBuild
|
||||
timeoutInMinutes: 180
|
||||
displayName: Publish Build
|
||||
steps:
|
||||
- template: product-release.yml
|
||||
- template: product-publish.yml
|
||||
|
||||
- ${{ if or(eq(parameters.VSCODE_RELEASE, true), and(in(parameters.VSCODE_QUALITY, 'insider', 'exploration'), eq(variables['VSCODE_SCHEDULEDBUILD'], true))) }}:
|
||||
- stage: Release
|
||||
dependsOn:
|
||||
- Publish
|
||||
pool:
|
||||
vmImage: "Ubuntu-18.04"
|
||||
jobs:
|
||||
- job: ReleaseBuild
|
||||
displayName: Release Build
|
||||
steps:
|
||||
- template: product-release.yml
|
||||
|
|
|
@ -20,6 +20,28 @@ steps:
|
|||
patterns: "**/artifacts_processed_*.txt"
|
||||
displayName: Download all artifacts_processed text files
|
||||
|
||||
- task: AzureCLI@2
|
||||
inputs:
|
||||
azureSubscription: "vscode-builds-subscription"
|
||||
scriptType: pscore
|
||||
scriptLocation: inlineScript
|
||||
addSpnToEnvironment: true
|
||||
inlineScript: |
|
||||
Write-Host "##vso[task.setvariable variable=AZURE_TENANT_ID]$env:tenantId"
|
||||
Write-Host "##vso[task.setvariable variable=AZURE_CLIENT_ID]$env:servicePrincipalId"
|
||||
Write-Host "##vso[task.setvariable variable=AZURE_CLIENT_SECRET;issecret=true]$env:servicePrincipalKey"
|
||||
|
||||
- task: AzureCLI@2
|
||||
inputs:
|
||||
azureSubscription: "vscode-builds-mooncake-subscription"
|
||||
scriptType: pscore
|
||||
scriptLocation: inlineScript
|
||||
addSpnToEnvironment: true
|
||||
inlineScript: |
|
||||
Write-Host "##vso[task.setvariable variable=AZURE_MOONCAKE_TENANT_ID]$env:tenantId"
|
||||
Write-Host "##vso[task.setvariable variable=AZURE_MOONCAKE_CLIENT_ID]$env:servicePrincipalId"
|
||||
Write-Host "##vso[task.setvariable variable=AZURE_MOONCAKE_CLIENT_SECRET;issecret=true]$env:servicePrincipalKey"
|
||||
|
||||
- pwsh: |
|
||||
. build/azure-pipelines/win32/exec.ps1
|
||||
|
||||
|
@ -28,7 +50,9 @@ steps:
|
|||
return
|
||||
}
|
||||
|
||||
$env:AZURE_DOCUMENTDB_MASTERKEY = "$(builds-docdb-key-readwrite)"
|
||||
$env:AZURE_TENANT_ID = "$(AZURE_TENANT_ID)"
|
||||
$env:AZURE_CLIENT_ID = "$(AZURE_CLIENT_ID)"
|
||||
$env:AZURE_CLIENT_SECRET = "$(AZURE_CLIENT_SECRET)"
|
||||
$VERSION = node -p "require('./package.json').version"
|
||||
Write-Host "Creating build with version: $VERSION"
|
||||
exec { node build/azure-pipelines/common/createBuild.js $VERSION }
|
||||
|
@ -36,10 +60,12 @@ steps:
|
|||
|
||||
- pwsh: |
|
||||
$env:VSCODE_MIXIN_PASSWORD = "$(github-distro-mixin-password)"
|
||||
$env:AZURE_DOCUMENTDB_MASTERKEY = "$(builds-docdb-key-readwrite)"
|
||||
$env:AZURE_STORAGE_ACCESS_KEY = "$(ticino-storage-key)"
|
||||
$env:AZURE_STORAGE_ACCESS_KEY_2 = "$(vscode-storage-key)"
|
||||
$env:MOONCAKE_STORAGE_ACCESS_KEY = "$(vscode-mooncake-storage-key)"
|
||||
$env:AZURE_TENANT_ID = "$(AZURE_TENANT_ID)"
|
||||
$env:AZURE_CLIENT_ID = "$(AZURE_CLIENT_ID)"
|
||||
$env:AZURE_CLIENT_SECRET = "$(AZURE_CLIENT_SECRET)"
|
||||
$env:AZURE_MOONCAKE_TENANT_ID = "$(AZURE_MOONCAKE_TENANT_ID)"
|
||||
$env:AZURE_MOONCAKE_CLIENT_ID = "$(AZURE_MOONCAKE_CLIENT_ID)"
|
||||
$env:AZURE_MOONCAKE_CLIENT_SECRET = "$(AZURE_MOONCAKE_CLIENT_SECRET)"
|
||||
build/azure-pipelines/product-publish.ps1
|
||||
env:
|
||||
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
|
||||
|
|
|
@ -3,17 +3,21 @@ steps:
|
|||
inputs:
|
||||
versionSpec: "14.x"
|
||||
|
||||
- task: AzureKeyVault@1
|
||||
displayName: "Azure Key Vault: Get Secrets"
|
||||
- task: AzureCLI@2
|
||||
inputs:
|
||||
azureSubscription: "vscode-builds-subscription"
|
||||
KeyVaultName: vscode
|
||||
SecretsFilter: "builds-docdb-key-readwrite"
|
||||
scriptType: pscore
|
||||
scriptLocation: inlineScript
|
||||
addSpnToEnvironment: true
|
||||
inlineScript: |
|
||||
Write-Host "##vso[task.setvariable variable=AZURE_TENANT_ID]$env:tenantId"
|
||||
Write-Host "##vso[task.setvariable variable=AZURE_CLIENT_ID]$env:servicePrincipalId"
|
||||
Write-Host "##vso[task.setvariable variable=AZURE_CLIENT_SECRET;issecret=true]$env:servicePrincipalKey"
|
||||
|
||||
- script: |
|
||||
set -e
|
||||
|
||||
(cd build ; yarn)
|
||||
|
||||
AZURE_DOCUMENTDB_MASTERKEY="$(builds-docdb-key-readwrite)" \
|
||||
AZURE_TENANT_ID="$(AZURE_TENANT_ID)" \
|
||||
AZURE_CLIENT_ID="$(AZURE_CLIENT_ID)" \
|
||||
AZURE_CLIENT_SECRET="$(AZURE_CLIENT_SECRET)" \
|
||||
node build/azure-pipelines/common/releaseBuild.js
|
||||
|
|
|
@ -306,9 +306,6 @@ steps:
|
|||
- powershell: |
|
||||
. build/azure-pipelines/win32/exec.ps1
|
||||
$ErrorActionPreference = "Stop"
|
||||
$env:AZURE_STORAGE_ACCESS_KEY_2 = "$(vscode-storage-key)"
|
||||
$env:AZURE_DOCUMENTDB_MASTERKEY = "$(builds-docdb-key-readwrite)"
|
||||
$env:VSCODE_MIXIN_PASSWORD="$(github-distro-mixin-password)"
|
||||
.\build\azure-pipelines\win32\prepare-publish.ps1
|
||||
displayName: Publish
|
||||
condition: and(succeeded(), ne(variables['VSCODE_PUBLISH'], 'false'))
|
||||
|
|
|
@ -3,14 +3,15 @@
|
|||
"version": "1.0.0",
|
||||
"license": "MIT",
|
||||
"devDependencies": {
|
||||
"@azure/cosmos": "^3.9.3",
|
||||
"@azure/storage-blob": "^12.4.0",
|
||||
"@azure/cosmos": "^3.14.1",
|
||||
"@azure/identity": "^2.0.1",
|
||||
"@azure/storage-blob": "^12.8.0",
|
||||
"@electron/get": "^1.12.4",
|
||||
"@types/ansi-colors": "^3.2.0",
|
||||
"@types/azure": "0.9.19",
|
||||
"@types/byline": "^4.2.32",
|
||||
"@types/cssnano": "^4.0.0",
|
||||
"@types/debounce": "^1.0.0",
|
||||
"@types/debug": "4.1.5",
|
||||
"@types/eslint": "4.16.1",
|
||||
"@types/fancy-log": "^1.3.0",
|
||||
"@types/fs-extra": "^9.0.12",
|
||||
|
@ -43,7 +44,6 @@
|
|||
"@typescript-eslint/experimental-utils": "~2.13.0",
|
||||
"@typescript-eslint/parser": "^3.3.0",
|
||||
"applicationinsights": "1.0.8",
|
||||
"azure-storage": "^2.1.0",
|
||||
"byline": "^5.0.0",
|
||||
"colors": "^1.4.0",
|
||||
"commander": "^7.0.0",
|
||||
|
|
786
build/yarn.lock
786
build/yarn.lock
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue