ckaczor/azuredatastudio
1
0
Fork 0
mirror of https://github.com/ckaczor/azuredatastudio.git synced 2026-02-17 02:51:36 -05:00
Code Issues Packages Projects Releases Wiki Activity

Rework windows pipeline to sign less (and min builds) (#8472)

Browse Source 
* only sign windows once

* more scoping and add copy steps

* remove reh

* wip

* use min everywhere

* fix zip file name

* fix location of build file

* fix version.json production

* remove unneeded vars

* fix archive drop

* give mac more time

* fix location of windows archive

* fix system location and add comments

* fix installer signing

* remove unnecessary build step

* reduce the sign count

* fix dlls

* remove missing dlls
This commit is contained in:
Anthony Dresser
2019-11-27 13:01:55 -08:00
committed by GitHub
parent 39e6b9933d
commit 48b2cbb0bf
5 changed files with 84 additions and 171 deletions
Download Patch File Download Diff File Expand all files Collapse all files

239
build/azure-pipelines/win32/sql-product-build-win32.yml
View File

@@ -76,7 +76,7 @@ steps:
- powershell: |
. build/azure-pipelines/win32/exec.ps1
$ErrorActionPreference = "Stop"
exec { yarn gulp "vscode-win32-x64" }
exec { yarn gulp "vscode-win32-x64-min" }
displayName: Build
- task: ArchiveFiles@2 # WHY
@@ -128,11 +128,11 @@ steps:
displayName: Run unstable integration tests
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
displayName: 'ESRP CodeSigning - Build files - sha256 only'
displayName: 'Sign out code'
inputs:
ConnectedServiceName: 'Code Signing'
FolderPath: '$(Build.SourcesDirectory)/../azuredatastudio-win32-x64'
Pattern: 'azuredatastudio.exe,azuredatastudio-insider.exe,watcher.exe,inno_updater.exe,7z.exe,mksnapshot.exe,Compil32.exe,ISCC.exe,islzma32.exe,islzma64.exe,winpty-agent.exe,rcedit.exe,rg.exe,CodeHelper.exe,CodeHelper.exe,CodeHelper.exe,CodeHelper.exe,electron.exe,chromedriver.exe,launcher.exe,ffmpeg.dll,libEGL.dll,libGLESv2.dll,node.dll,7-zip.dll,7-zip32.dll,7z.dll,isbunzip.dll,isbzip.dll,ISCmplr.dll,islzma.dll,ISPP.dll,isscint.dll,isunzlib.dll,iszlib.dll,winpty.dll,ffmpeg.dll,libEGL.dll,libGLESv2.dll,node.dll,MicrosoftSqlToolsCredentials.exe,MicrosoftSqlToolsServiceLayer.exe,SqlSerializationService.exe,SqlToolsResourceProviderService.exe,Microsoft.SqlTools.Hosting.dll,Microsoft.SqlTools.ResourceProvider.Core.dll,Microsoft.SqlTools.ResourceProvider.DefaultImpl.dll,MicrosoftSqlToolsCredentials.dll,MicrosoftSqlToolsServiceLayer.dll,Newtonsoft.Json.dll,SqlSerializationService.dll,SqlToolsResourceProviderService.dll,Microsoft.SqlServer.*.dll,Microsoft.Data.Tools.Sql.BatchParser.dll'
FolderPath: '$(agent.builddirectory)/azuredatastudio-win32-x64'
Pattern: '*.exe,*.node,resources/app/node_modules.asar.unpacked/*.dll,swiftshader/*.dll,d3dcompiler_47.dll,libGLESv2.dll,ffmpeg.dll,libEGL.dll,Microsoft.SqlTools.Hosting.dll,Microsoft.SqlTools.ResourceProvider.Core.dll,Microsoft.SqlTools.ResourceProvider.DefaultImpl.dll,MicrosoftSqlToolsCredentials.dll,MicrosoftSqlToolsServiceLayer.dll,Newtonsoft.Json.dll,SqlSerializationService.dll,SqlToolsResourceProviderService.dll,Microsoft.SqlServer.*.dll,Microsoft.Data.Tools.Sql.BatchParser.dll'
signConfigType: inlineSignParams
inlineOperation: |
[
@@ -182,165 +182,19 @@ steps:
MaxRetryAttempts: 20
condition: and(succeeded(), eq(variables['signed'], true))
- task: CmdLine@1
displayName: 'Delete CodeSignSummary.md'
inputs:
filename: del
arguments: '$(Build.SourcesDirectory)\..\azuredatastudio-win32-x64\CodeSignSummary*.md'
condition: and(succeeded(), eq(variables['signed'], true))
- powershell: |
. build/azure-pipelines/win32/exec.ps1
$ErrorActionPreference = "Stop"
exec { yarn gulp "vscode-win32-x64-user-setup" }
displayName: User setup
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
displayName: 'ESRP CodeSigning - User Installer - sha256 only'
inputs:
ConnectedServiceName: 'Code Signing'
FolderPath: '$(Build.SourcesDirectory)/.build/win32-x64/user-setup'
signConfigType: inlineSignParams
inlineOperation: |
[
  {
    "keyCode": "CP-230012",
    "operationSetCode": "SigntoolSign",
    "parameters": [
    {
      "parameterName": "OpusName",
      "parameterValue": "Azure Data Studio"
    },
    {
      "parameterName": "OpusInfo",
      "parameterValue": "https://github.com/microsoft/azuredatastudio"
    },
    {
      "parameterName": "PageHash",
      "parameterValue": "/NPH"
    },
    {
      "parameterName": "FileDigest",
      "parameterValue": "/fd sha256"
    },
    {
      "parameterName": "TimeStamp",
      "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
    }
    ],
    "toolName": "signtool.exe",
    "toolVersion": "6.2.9304.0"
  },
  {
    "keyCode": "CP-230012",
    "operationSetCode": "SigntoolVerify",
    "parameters": [
    {
      "parameterName": "VerifyAll",
      "parameterValue": "/all"
    }
],
    "toolName": "signtool.exe",
    "toolVersion": "6.2.9304.0"
  }
]
SessionTimeout: 600
MaxConcurrency: 5
MaxRetryAttempts: 20
condition: and(succeeded(), eq(variables['signed'], true))
- task: CmdLine@1
displayName: 'Delete CodeSignSummary.md for user installer'
inputs:
filename: del
arguments: '$(Build.SourcesDirectory)\.build\win32-x64\user-setup\CodeSignSummary.md'
continueOnError: true
condition: and(succeeded(), eq(variables['signed'], true))
- powershell: |
. build/azure-pipelines/win32/exec.ps1
$ErrorActionPreference = "Stop"
exec { yarn gulp "vscode-win32-x64-system-setup" }
displayName: System setup
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
displayName: 'ESRP CodeSigning - Installer - sha256 only'
inputs:
ConnectedServiceName: 'Code Signing'
FolderPath: '$(Build.SourcesDirectory)/.build/win32-x64/system-setup'
signConfigType: inlineSignParams
inlineOperation: |
[
  {
    "keyCode": "CP-230012",
    "operationSetCode": "SigntoolSign",
    "parameters": [
    {
      "parameterName": "OpusName",
      "parameterValue": "Azure Data Studio"
    },
    {
      "parameterName": "OpusInfo",
      "parameterValue": "https://github.com/microsoft/azuredatastudio"
    },
    {
      "parameterName": "PageHash",
      "parameterValue": "/NPH"
    },
    {
      "parameterName": "FileDigest",
      "parameterValue": "/fd sha256"
    },
    {
      "parameterName": "TimeStamp",
      "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
    }
    ],
    "toolName": "signtool.exe",
    "toolVersion": "6.2.9304.0"
  },
  {
    "keyCode": "CP-230012",
    "operationSetCode": "SigntoolVerify",
    "parameters": [
    {
      "parameterName": "VerifyAll",
      "parameterValue": "/all"
    }
],
    "toolName": "signtool.exe",
    "toolVersion": "6.2.9304.0"
  }
]
SessionTimeout: 600
MaxConcurrency: 5
MaxRetryAttempts: 20
condition: and(succeeded(), eq(variables['signed'], true))
- task: CmdLine@1
displayName: 'Delete CodeSignSummary.md for installer'
inputs:
filename: del
arguments: '$(Build.SourcesDirectory)\.build\win32-x64\system-setup\CodeSignSummary.md'
continueOnError: true
condition: and(succeeded(), eq(variables['signed'], true))
- script: |
if exist $(Build.SourcesDirectory)\..\azuredatastudio-windows rmdir /s /q $(Build.SourcesDirectory)\..\azuredatastudio-windows
move $(Build.SourcesDirectory)\..\azuredatastudio-win32-x64 $(Build.SourcesDirectory)\..\azuredatastudio-windows
displayName: 'Rename Build Directory'
- task: ArchiveFiles@1
displayName: 'Archive files'
inputs:
rootFolder: '$(Build.SourcesDirectory)/../azuredatastudio-windows'
archiveFile: '$(Build.ArtifactStagingDirectory)/azuredatastudio-windows.zip'
exec { yarn gulp "vscode-win32-x64-archive" }
displayName: Archive & User & System setup
- task: CopyFiles@2
displayName: 'Copy System Install to: $(Build.ArtifactStagingDirectory)'
displayName: 'Copy Archive to: $(Build.ArtifactStagingDirectory)'
inputs:
SourceFolder: '$(Build.SourcesDirectory)/.build/win32-x64/system-setup/'
TargetFolder: '$(Build.ArtifactStagingDirectory)'
SourceFolder: '$(Build.SourcesDirectory)/.build/win32-x64/archive/'
TargetFolder: '$(Build.ArtifactStagingDirectory)' # our release scripts expect the archive to be in the root
- task: CopyFiles@2
displayName: 'Copy User Installer to: $(Build.ArtifactStagingDirectory)'
@@ -348,16 +202,75 @@ steps:
SourceFolder: '$(Build.SourcesDirectory)/.build/win32-x64/user-setup/'
TargetFolder: '$(Build.ArtifactStagingDirectory)/user-setup/'
- script: |
cd $(Build.ArtifactStagingDirectory)
ren *.zip *-UNSIGNED.zip
ren *.exe *-UNSIGNED.exe
displayName: 'Rename unsigned files'
condition: or(failed(), eq(variables['signed'], false))
- task: CopyFiles@2
displayName: 'Copy System Install to: $(Build.ArtifactStagingDirectory)'
inputs:
SourceFolder: '$(Build.SourcesDirectory)/.build/win32-x64/system-setup/'
TargetFolder: '$(Build.ArtifactStagingDirectory)/' # our release scripts except system exe to be in root and user setup to be under /user-setup
- task: CopyFiles@2
displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)/vsix'
inputs:
SourceFolder: '$(Build.SourcesDirectory)/../vsix'
TargetFolder: '$(Build.ArtifactStagingDirectory)/vsix'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
displayName: 'Sign installers'
inputs:
ConnectedServiceName: 'Code Signing'
FolderPath: '$(Build.ArtifactStagingDirectory)'
Pattern: '*.exe'
signConfigType: inlineSignParams
inlineOperation: |
[
  {
    "keyCode": "CP-230012",
    "operationSetCode": "SigntoolSign",
    "parameters": [
    {
      "parameterName": "OpusName",
      "parameterValue": "Azure Data Studio"
    },
    {
      "parameterName": "OpusInfo",
      "parameterValue": "https://github.com/microsoft/azuredatastudio"
    },
    {
      "parameterName": "PageHash",
      "parameterValue": "/NPH"
    },
    {
      "parameterName": "FileDigest",
      "parameterValue": "/fd sha256"
    },
    {
      "parameterName": "TimeStamp",
      "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
    }
    ],
    "toolName": "signtool.exe",
    "toolVersion": "6.2.9304.0"
  },
  {
    "keyCode": "CP-230012",
    "operationSetCode": "SigntoolVerify",
    "parameters": [
    {
      "parameterName": "VerifyAll",
      "parameterValue": "/all"
    }
],
    "toolName": "signtool.exe",
    "toolVersion": "6.2.9304.0"
  }
]
SessionTimeout: 600
MaxConcurrency: 5
MaxRetryAttempts: 20
condition: and(succeeded(), eq(variables['signed'], true))
- powershell: | # WHY!
$Build = "$(Build.SourcesDirectory)\..\azuredatastudio-windows"
$PackageJson = Get-Content -Raw -Path "$Build\resources\app\package.json" | ConvertFrom-Json
$PackageJson = Get-Content -Raw -Path "$(Build.SourcesDirectory)\package.json" | ConvertFrom-Json
$jsonResult = @{
version = $PackageJson.version