diff --git a/build/azure-pipelines/darwin/sql-product-build-darwin-signing.yml b/build/azure-pipelines/darwin/sql-product-build-darwin-signing.yml new file mode 100644 index 0000000000..9259e95420 --- /dev/null +++ b/build/azure-pipelines/darwin/sql-product-build-darwin-signing.yml @@ -0,0 +1,82 @@ +steps: + - task: InstallAppleCertificate@2 + displayName: 'Install developer certificate' + inputs: + certSecureFile: 'osx_signing_key.p12' + condition: eq(variables['signed'], true) + + - task: DownloadBuildArtifacts@0 + displayName: 'Download Build Artifacts' + inputs: + downloadType: specific + itemPattern: 'drop/darwin/archive/azuredatastudio-darwin-unsigned.zip' + downloadPath: '$(Build.SourcesDirectory)/.build/' + + - script: | + pushd $(Build.SourcesDirectory)/.build/drop/darwin/archive + mv azuredatastudio-darwin-unsigned.zip azuredatastudio-darwin.zip + displayName: 'Rename the file' + + - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 + displayName: 'ESRP CodeSigning' + inputs: + ConnectedServiceName: 'Code Signing' + FolderPath: '$(Build.SourcesDirectory)/.build/drop/darwin/archive' + Pattern: 'azuredatastudio-darwin.zip' + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "keyCode": "CP-401337-Apple", + "operationCode": "MacAppDeveloperSign", + "parameters": { + "Hardening": "Enable" + }, + "toolName": "sign", + "toolVersion": "1.0" + } + ] + SessionTimeout: 90 + condition: and(succeeded(), eq(variables['signed'], true)) + + - script: | + zip -d $(Build.SourcesDirectory)/.build/drop/darwin/archive/azuredatastudio-darwin.zip "*.pkg" + displayName: Clean Archive + condition: and(succeeded(), eq(variables['signed'], true)) + + - task: EsrpCodeSigning@1 + displayName: 'ESRP Notarization' + inputs: + ConnectedServiceName: 'Code Signing' + FolderPath: '$(Build.SourcesDirectory)/.build/drop/darwin/archive' + Pattern: 'azuredatastudio-darwin.zip' + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "KeyCode": "CP-401337-Apple", + "OperationCode": "MacAppNotarize", + "Parameters": { + "BundleId": "com.microsoft.azuredatastudio-$(VSCODE_QUALITY)" + }, + "ToolName": "sign", + "ToolVersion": "1.0" + } + ] + SessionTimeout: 120 + condition: and(succeeded(), eq(variables['signed'], true)) + + - task: CopyFiles@2 + displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)/darwin/archive' + inputs: + SourceFolder: '$(Build.SourcesDirectory)/.build/drop/darwin/archive' + TargetFolder: '$(Build.ArtifactStagingDirectory)/darwin/archive' + + - task: PublishBuildArtifacts@1 + displayName: 'Publish Artifact: drop' + condition: always() + + - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 + displayName: 'Component Detection' + inputs: + failOnAlert: true diff --git a/build/azure-pipelines/darwin/sql-product-build-darwin.yml b/build/azure-pipelines/darwin/sql-product-build-darwin.yml index 74b452f167..192ee92bdb 100644 --- a/build/azure-pipelines/darwin/sql-product-build-darwin.yml +++ b/build/azure-pipelines/darwin/sql-product-build-darwin.yml @@ -171,55 +171,16 @@ steps: pushd ../azuredatastudio-darwin ditto -c -k --keepParent *.app $(Build.SourcesDirectory)/.build/darwin/archive/azuredatastudio-darwin.zip popd - displayName: 'Archive' - - - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 - displayName: 'ESRP CodeSigning' - inputs: - ConnectedServiceName: 'Code Signing' - FolderPath: '$(Build.SourcesDirectory)/.build/darwin/archive' - Pattern: 'azuredatastudio-darwin.zip' - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "keyCode": "CP-401337-Apple", - "operationCode": "MacAppDeveloperSign", - "parameters": { - "Hardening": "Enable" - }, - "toolName": "sign", - "toolVersion": "1.0" - } - ] - SessionTimeout: 90 - condition: and(succeeded(), eq(variables['signed'], true)) + displayName: 'Archive (no signing)' + condition: and(succeeded(), eq(variables['signed'], false)) - script: | - zip -d $(Build.SourcesDirectory)/.build/darwin/archive/azuredatastudio-darwin.zip "*.pkg" - displayName: Clean Archive - condition: and(succeeded(), eq(variables['signed'], true)) - - - task: EsrpCodeSigning@1 - displayName: 'ESRP Notarization' - inputs: - ConnectedServiceName: 'Code Signing' - FolderPath: '$(Build.SourcesDirectory)/.build/darwin/archive' - Pattern: 'azuredatastudio-darwin.zip' - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "KeyCode": "CP-401337-Apple", - "OperationCode": "MacAppNotarize", - "Parameters": { - "BundleId": "com.microsoft.azuredatastudio-$(VSCODE_QUALITY)" - }, - "ToolName": "sign", - "ToolVersion": "1.0" - } - ] - SessionTimeout: 120 + set -e + mkdir -p .build/darwin/archive + pushd ../azuredatastudio-darwin + ditto -c -k --keepParent *.app $(Build.SourcesDirectory)/.build/darwin/archive/azuredatastudio-darwin-unsigned.zip + popd + displayName: 'Archive' condition: and(succeeded(), eq(variables['signed'], true)) - script: | diff --git a/build/azure-pipelines/sql-product-build.yml b/build/azure-pipelines/sql-product-build.yml index 7472f83d19..f86af93e93 100644 --- a/build/azure-pipelines/sql-product-build.yml +++ b/build/azure-pipelines/sql-product-build.yml @@ -26,6 +26,16 @@ jobs: - template: darwin/sql-product-build-darwin.yml timeoutInMinutes: 180 +- job: macOS_Signing + condition: and(succeeded(), eq(variables['VSCODE_BUILD_MACOS'], 'true'), eq(variables['signed'], true)) + pool: + vmImage: macOS-latest + dependsOn: + - macOS + steps: + - template: darwin/sql-product-build-darwin-signing.yml + timeoutInMinutes: 60 + - job: Linux condition: and(succeeded(), eq(variables['VSCODE_BUILD_LINUX'], 'true')) pool: @@ -90,6 +100,7 @@ jobs: - Windows - Windows_Test - LinuxWeb + - macOS_Signing steps: - template: sql-release.yml