From 48b2cbb0bfe3de49a9dfc4561b62eb737b3cde2d Mon Sep 17 00:00:00 2001 From: Anthony Dresser Date: Wed, 27 Nov 2019 13:01:55 -0800 Subject: [PATCH] Rework windows pipeline to sign less (and min builds) (#8472) * only sign windows once * more scoping and add copy steps * remove reh * wip * use min everywhere * fix zip file name * fix location of build file * fix version.json production * remove unneeded vars * fix archive drop * give mac more time * fix location of windows archive * fix system location and add comments * fix installer signing * remove unnecessary build step * reduce the sign count * fix dlls * remove missing dlls --- .../darwin/sql-product-build-darwin.yml | 5 +- .../linux/sql-product-build-linux.yml | 5 +- build/azure-pipelines/sql-product-build.yml | 4 +- .../win32/sql-product-build-win32.yml | 239 ++++++------------ build/gulpfile.vscode.win32.js | 2 +- 5 files changed, 84 insertions(+), 171 deletions(-) diff --git a/build/azure-pipelines/darwin/sql-product-build-darwin.yml b/build/azure-pipelines/darwin/sql-product-build-darwin.yml index 3c3698012d..f1874fb064 100644 --- a/build/azure-pipelines/darwin/sql-product-build-darwin.yml +++ b/build/azure-pipelines/darwin/sql-product-build-darwin.yml @@ -70,7 +70,7 @@ steps: - script: | set -e - yarn gulp vscode-darwin + yarn gulp vscode-darwin-min displayName: Build - task: ArchiveFiles@2 # WHY ARE WE DOING THIS? @@ -141,8 +141,7 @@ steps: - script: | # WHY ARE WE DOING THIS? set -e - BUILD="$(Build.SourcesDirectory)/../azuredatastudio-darwin" - PACKAGEJSON=`ls $BUILD/*.app/Contents/Resources/app/package.json` + PACKAGEJSON=`ls $(Build.SourcesDirectory)/package.json` VERSION=`node -p "require(\"$PACKAGEJSON\").version"` COMMIT_ID=`git rev-parse HEAD` diff --git a/build/azure-pipelines/linux/sql-product-build-linux.yml b/build/azure-pipelines/linux/sql-product-build-linux.yml index 0dc974a17c..9dd4bda5ed 100644 --- a/build/azure-pipelines/linux/sql-product-build-linux.yml +++ b/build/azure-pipelines/linux/sql-product-build-linux.yml @@ -84,7 +84,7 @@ steps: - script: | set -e - yarn gulp vscode-linux-x64 + yarn gulp vscode-linux-x64-min displayName: Build - script: | @@ -158,8 +158,7 @@ steps: - script: | # WHY ARE WE DOING THIS? set -e - BUILD="$(Build.SourcesDirectory)/../azuredatastudio-linux-x64" - PACKAGEJSON="$BUILD/resources/app/package.json" + PACKAGEJSON="$(Build.SourcesDirectory)/package.json" VERSION=$(node -p "require(\"$PACKAGEJSON\").version") COMMIT_ID=$(git rev-parse HEAD) diff --git a/build/azure-pipelines/sql-product-build.yml b/build/azure-pipelines/sql-product-build.yml index 3b41b9a841..6cab7e4321 100644 --- a/build/azure-pipelines/sql-product-build.yml +++ b/build/azure-pipelines/sql-product-build.yml @@ -5,6 +5,8 @@ jobs: vmImage: macOS 10.13 steps: - template: darwin/sql-product-build-darwin.yml + timeoutInMinutes: 90 + cancelTimeoutInMinutes: 5 - job: Linux condition: eq(variables['VSCODE_BUILD_LINUX'], 'true') @@ -19,7 +21,7 @@ jobs: name: mssqltools steps: - template: win32/sql-product-build-win32.yml - timeoutInMinutes: 120 + timeoutInMinutes: 90 cancelTimeoutInMinutes: 5 - job: Release diff --git a/build/azure-pipelines/win32/sql-product-build-win32.yml b/build/azure-pipelines/win32/sql-product-build-win32.yml index 2fc8a61e1e..2e437c0f23 100644 --- a/build/azure-pipelines/win32/sql-product-build-win32.yml +++ b/build/azure-pipelines/win32/sql-product-build-win32.yml @@ -76,7 +76,7 @@ steps: - powershell: | . build/azure-pipelines/win32/exec.ps1 $ErrorActionPreference = "Stop" - exec { yarn gulp "vscode-win32-x64" } + exec { yarn gulp "vscode-win32-x64-min" } displayName: Build - task: ArchiveFiles@2 # WHY @@ -128,11 +128,11 @@ steps: displayName: Run unstable integration tests - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 - displayName: 'ESRP CodeSigning - Build files - sha256 only' + displayName: 'Sign out code' inputs: ConnectedServiceName: 'Code Signing' - FolderPath: '$(Build.SourcesDirectory)/../azuredatastudio-win32-x64' - Pattern: 'azuredatastudio.exe,azuredatastudio-insider.exe,watcher.exe,inno_updater.exe,7z.exe,mksnapshot.exe,Compil32.exe,ISCC.exe,islzma32.exe,islzma64.exe,winpty-agent.exe,rcedit.exe,rg.exe,CodeHelper.exe,CodeHelper.exe,CodeHelper.exe,CodeHelper.exe,electron.exe,chromedriver.exe,launcher.exe,ffmpeg.dll,libEGL.dll,libGLESv2.dll,node.dll,7-zip.dll,7-zip32.dll,7z.dll,isbunzip.dll,isbzip.dll,ISCmplr.dll,islzma.dll,ISPP.dll,isscint.dll,isunzlib.dll,iszlib.dll,winpty.dll,ffmpeg.dll,libEGL.dll,libGLESv2.dll,node.dll,MicrosoftSqlToolsCredentials.exe,MicrosoftSqlToolsServiceLayer.exe,SqlSerializationService.exe,SqlToolsResourceProviderService.exe,Microsoft.SqlTools.Hosting.dll,Microsoft.SqlTools.ResourceProvider.Core.dll,Microsoft.SqlTools.ResourceProvider.DefaultImpl.dll,MicrosoftSqlToolsCredentials.dll,MicrosoftSqlToolsServiceLayer.dll,Newtonsoft.Json.dll,SqlSerializationService.dll,SqlToolsResourceProviderService.dll,Microsoft.SqlServer.*.dll,Microsoft.Data.Tools.Sql.BatchParser.dll' + FolderPath: '$(agent.builddirectory)/azuredatastudio-win32-x64' + Pattern: '*.exe,*.node,resources/app/node_modules.asar.unpacked/*.dll,swiftshader/*.dll,d3dcompiler_47.dll,libGLESv2.dll,ffmpeg.dll,libEGL.dll,Microsoft.SqlTools.Hosting.dll,Microsoft.SqlTools.ResourceProvider.Core.dll,Microsoft.SqlTools.ResourceProvider.DefaultImpl.dll,MicrosoftSqlToolsCredentials.dll,MicrosoftSqlToolsServiceLayer.dll,Newtonsoft.Json.dll,SqlSerializationService.dll,SqlToolsResourceProviderService.dll,Microsoft.SqlServer.*.dll,Microsoft.Data.Tools.Sql.BatchParser.dll' signConfigType: inlineSignParams inlineOperation: | [ @@ -182,165 +182,19 @@ steps: MaxRetryAttempts: 20 condition: and(succeeded(), eq(variables['signed'], true)) - - task: CmdLine@1 - displayName: 'Delete CodeSignSummary.md' - inputs: - filename: del - arguments: '$(Build.SourcesDirectory)\..\azuredatastudio-win32-x64\CodeSignSummary*.md' - condition: and(succeeded(), eq(variables['signed'], true)) - - powershell: | . build/azure-pipelines/win32/exec.ps1 $ErrorActionPreference = "Stop" exec { yarn gulp "vscode-win32-x64-user-setup" } - displayName: User setup - - - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 - displayName: 'ESRP CodeSigning - User Installer - sha256 only' - inputs: - ConnectedServiceName: 'Code Signing' - FolderPath: '$(Build.SourcesDirectory)/.build/win32-x64/user-setup' - signConfigType: inlineSignParams - inlineOperation: | - [ -   { -     "keyCode": "CP-230012", -     "operationSetCode": "SigntoolSign", -     "parameters": [ -     { -       "parameterName": "OpusName", -       "parameterValue": "Azure Data Studio" -     }, -     { -       "parameterName": "OpusInfo", -       "parameterValue": "https://github.com/microsoft/azuredatastudio" -     }, -     { -       "parameterName": "PageHash", -       "parameterValue": "/NPH" -     }, -     { -       "parameterName": "FileDigest", -       "parameterValue": "/fd sha256" -     }, -     { -       "parameterName": "TimeStamp", -       "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" -     } -     ], -     "toolName": "signtool.exe", -     "toolVersion": "6.2.9304.0" -   }, -   { -     "keyCode": "CP-230012", -     "operationSetCode": "SigntoolVerify", -     "parameters": [ -     { -       "parameterName": "VerifyAll", -       "parameterValue": "/all" -     } - ], -     "toolName": "signtool.exe", -     "toolVersion": "6.2.9304.0" -   } - ] - SessionTimeout: 600 - MaxConcurrency: 5 - MaxRetryAttempts: 20 - condition: and(succeeded(), eq(variables['signed'], true)) - - - task: CmdLine@1 - displayName: 'Delete CodeSignSummary.md for user installer' - inputs: - filename: del - arguments: '$(Build.SourcesDirectory)\.build\win32-x64\user-setup\CodeSignSummary.md' - continueOnError: true - condition: and(succeeded(), eq(variables['signed'], true)) - - - powershell: | - . build/azure-pipelines/win32/exec.ps1 - $ErrorActionPreference = "Stop" exec { yarn gulp "vscode-win32-x64-system-setup" } - displayName: System setup - - - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 - displayName: 'ESRP CodeSigning - Installer - sha256 only' - inputs: - ConnectedServiceName: 'Code Signing' - FolderPath: '$(Build.SourcesDirectory)/.build/win32-x64/system-setup' - signConfigType: inlineSignParams - inlineOperation: | - [ -   { -     "keyCode": "CP-230012", -     "operationSetCode": "SigntoolSign", -     "parameters": [ -     { -       "parameterName": "OpusName", -       "parameterValue": "Azure Data Studio" -     }, -     { -       "parameterName": "OpusInfo", -       "parameterValue": "https://github.com/microsoft/azuredatastudio" -     }, -     { -       "parameterName": "PageHash", -       "parameterValue": "/NPH" -     }, -     { -       "parameterName": "FileDigest", -       "parameterValue": "/fd sha256" -     }, -     { -       "parameterName": "TimeStamp", -       "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" -     } -     ], -     "toolName": "signtool.exe", -     "toolVersion": "6.2.9304.0" -   }, -   { -     "keyCode": "CP-230012", -     "operationSetCode": "SigntoolVerify", -     "parameters": [ -     { -       "parameterName": "VerifyAll", -       "parameterValue": "/all" -     } - ], -     "toolName": "signtool.exe", -     "toolVersion": "6.2.9304.0" -   } - ] - SessionTimeout: 600 - MaxConcurrency: 5 - MaxRetryAttempts: 20 - condition: and(succeeded(), eq(variables['signed'], true)) - - - task: CmdLine@1 - displayName: 'Delete CodeSignSummary.md for installer' - inputs: - filename: del - arguments: '$(Build.SourcesDirectory)\.build\win32-x64\system-setup\CodeSignSummary.md' - continueOnError: true - condition: and(succeeded(), eq(variables['signed'], true)) - - - script: | - if exist $(Build.SourcesDirectory)\..\azuredatastudio-windows rmdir /s /q $(Build.SourcesDirectory)\..\azuredatastudio-windows - move $(Build.SourcesDirectory)\..\azuredatastudio-win32-x64 $(Build.SourcesDirectory)\..\azuredatastudio-windows - displayName: 'Rename Build Directory' - - - task: ArchiveFiles@1 - displayName: 'Archive files' - inputs: - rootFolder: '$(Build.SourcesDirectory)/../azuredatastudio-windows' - archiveFile: '$(Build.ArtifactStagingDirectory)/azuredatastudio-windows.zip' + exec { yarn gulp "vscode-win32-x64-archive" } + displayName: Archive & User & System setup - task: CopyFiles@2 - displayName: 'Copy System Install to: $(Build.ArtifactStagingDirectory)' + displayName: 'Copy Archive to: $(Build.ArtifactStagingDirectory)' inputs: - SourceFolder: '$(Build.SourcesDirectory)/.build/win32-x64/system-setup/' - TargetFolder: '$(Build.ArtifactStagingDirectory)' + SourceFolder: '$(Build.SourcesDirectory)/.build/win32-x64/archive/' + TargetFolder: '$(Build.ArtifactStagingDirectory)' # our release scripts expect the archive to be in the root - task: CopyFiles@2 displayName: 'Copy User Installer to: $(Build.ArtifactStagingDirectory)' @@ -348,16 +202,75 @@ steps: SourceFolder: '$(Build.SourcesDirectory)/.build/win32-x64/user-setup/' TargetFolder: '$(Build.ArtifactStagingDirectory)/user-setup/' - - script: | - cd $(Build.ArtifactStagingDirectory) - ren *.zip *-UNSIGNED.zip - ren *.exe *-UNSIGNED.exe - displayName: 'Rename unsigned files' - condition: or(failed(), eq(variables['signed'], false)) + - task: CopyFiles@2 + displayName: 'Copy System Install to: $(Build.ArtifactStagingDirectory)' + inputs: + SourceFolder: '$(Build.SourcesDirectory)/.build/win32-x64/system-setup/' + TargetFolder: '$(Build.ArtifactStagingDirectory)/' # our release scripts except system exe to be in root and user setup to be under /user-setup + + - task: CopyFiles@2 + displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)/vsix' + inputs: + SourceFolder: '$(Build.SourcesDirectory)/../vsix' + TargetFolder: '$(Build.ArtifactStagingDirectory)/vsix' + + - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 + displayName: 'Sign installers' + inputs: + ConnectedServiceName: 'Code Signing' + FolderPath: '$(Build.ArtifactStagingDirectory)' + Pattern: '*.exe' + signConfigType: inlineSignParams + inlineOperation: | + [ +   { +     "keyCode": "CP-230012", +     "operationSetCode": "SigntoolSign", +     "parameters": [ +     { +       "parameterName": "OpusName", +       "parameterValue": "Azure Data Studio" +     }, +     { +       "parameterName": "OpusInfo", +       "parameterValue": "https://github.com/microsoft/azuredatastudio" +     }, +     { +       "parameterName": "PageHash", +       "parameterValue": "/NPH" +     }, +     { +       "parameterName": "FileDigest", +       "parameterValue": "/fd sha256" +     }, +     { +       "parameterName": "TimeStamp", +       "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" +     } +     ], +     "toolName": "signtool.exe", +     "toolVersion": "6.2.9304.0" +   }, +   { +     "keyCode": "CP-230012", +     "operationSetCode": "SigntoolVerify", +     "parameters": [ +     { +       "parameterName": "VerifyAll", +       "parameterValue": "/all" +     } + ], +     "toolName": "signtool.exe", +     "toolVersion": "6.2.9304.0" +   } + ] + SessionTimeout: 600 + MaxConcurrency: 5 + MaxRetryAttempts: 20 + condition: and(succeeded(), eq(variables['signed'], true)) - powershell: | # WHY! - $Build = "$(Build.SourcesDirectory)\..\azuredatastudio-windows" - $PackageJson = Get-Content -Raw -Path "$Build\resources\app\package.json" | ConvertFrom-Json + $PackageJson = Get-Content -Raw -Path "$(Build.SourcesDirectory)\package.json" | ConvertFrom-Json $jsonResult = @{ version = $PackageJson.version diff --git a/build/gulpfile.vscode.win32.js b/build/gulpfile.vscode.win32.js index e5e21e3058..e20374ec57 100644 --- a/build/gulpfile.vscode.win32.js +++ b/build/gulpfile.vscode.win32.js @@ -23,7 +23,7 @@ const repoPath = path.dirname(__dirname); // {{SQL CARBON EDIT}} const buildPath = arch => path.join(path.dirname(repoPath), `azuredatastudio-win32-${arch}`); const zipDir = arch => path.join(repoPath, '.build', `win32-${arch}`, 'archive'); -const zipPath = arch => path.join(zipDir(arch), `VSCode-win32-${arch}.zip`); +const zipPath = arch => path.join(zipDir(arch), `azuredatastudio-win32-${arch}.zip`); const setupDir = (arch, target) => path.join(repoPath, '.build', `win32-${arch}`, `${target}-setup`); const issPath = path.join(__dirname, 'win32', 'code.iss'); const innoSetupPath = path.join(path.dirname(path.dirname(require.resolve('innosetup'))), 'bin', 'ISCC.exe');