ckaczor/azuredatastudio
1
0
Fork 0
mirror of https://github.com/ckaczor/azuredatastudio.git synced 2026-02-16 10:58:30 -05:00
Code Issues Packages Projects Releases Wiki Activity

Rework windows pipeline to sign less (and min builds) (#8472)

Browse Source 
* only sign windows once

* more scoping and add copy steps

* remove reh

* wip

* use min everywhere

* fix zip file name

* fix location of build file

* fix version.json production

* remove unneeded vars

* fix archive drop

* give mac more time

* fix location of windows archive

* fix system location and add comments

* fix installer signing

* remove unnecessary build step

* reduce the sign count

* fix dlls

* remove missing dlls
This commit is contained in:
Anthony Dresser
2019-11-27 13:01:55 -08:00
committed by GitHub
parent 39e6b9933d
commit 48b2cbb0bf
5 changed files with 84 additions and 171 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
build/azure-pipelines/darwin/sql-product-build-darwin.yml
View File

@@ -70,7 +70,7 @@ steps:
- script: | - script: |
set -e set -e
yarn gulp vscode-darwin yarn gulp vscode-darwin-min
displayName: Build displayName: Build
- task: ArchiveFiles@2 # WHY ARE WE DOING THIS? - task: ArchiveFiles@2 # WHY ARE WE DOING THIS?
@@ -141,8 +141,7 @@ steps:
- script: | # WHY ARE WE DOING THIS? - script: | # WHY ARE WE DOING THIS?
set -e set -e
BUILD="$(Build.SourcesDirectory)/../azuredatastudio-darwin" PACKAGEJSON=`ls $(Build.SourcesDirectory)/package.json`
PACKAGEJSON=`ls $BUILD/*.app/Contents/Resources/app/package.json`
VERSION=`node -p "require(\"$PACKAGEJSON\").version"` VERSION=`node -p "require(\"$PACKAGEJSON\").version"`
COMMIT_ID=`git rev-parse HEAD` COMMIT_ID=`git rev-parse HEAD`

5
build/azure-pipelines/linux/sql-product-build-linux.yml
View File

@@ -84,7 +84,7 @@ steps:
- script: | - script: |
set -e set -e
yarn gulp vscode-linux-x64 yarn gulp vscode-linux-x64-min
displayName: Build displayName: Build
- script: | - script: |
@@ -158,8 +158,7 @@ steps:
- script: | # WHY ARE WE DOING THIS? - script: | # WHY ARE WE DOING THIS?
set -e set -e
BUILD="$(Build.SourcesDirectory)/../azuredatastudio-linux-x64" PACKAGEJSON="$(Build.SourcesDirectory)/package.json"
PACKAGEJSON="$BUILD/resources/app/package.json"
VERSION=$(node -p "require(\"$PACKAGEJSON\").version") VERSION=$(node -p "require(\"$PACKAGEJSON\").version")
COMMIT_ID=$(git rev-parse HEAD) COMMIT_ID=$(git rev-parse HEAD)

4
build/azure-pipelines/sql-product-build.yml
View File

@@ -5,6 +5,8 @@ jobs:
vmImage: macOS 10.13 vmImage: macOS 10.13
steps: steps:
- template: darwin/sql-product-build-darwin.yml - template: darwin/sql-product-build-darwin.yml
timeoutInMinutes: 90
cancelTimeoutInMinutes: 5
- job: Linux - job: Linux
condition: eq(variables['VSCODE_BUILD_LINUX'], 'true') condition: eq(variables['VSCODE_BUILD_LINUX'], 'true')
@@ -19,7 +21,7 @@ jobs:
name: mssqltools name: mssqltools
steps: steps:
- template: win32/sql-product-build-win32.yml - template: win32/sql-product-build-win32.yml
timeoutInMinutes: 120 timeoutInMinutes: 90
cancelTimeoutInMinutes: 5 cancelTimeoutInMinutes: 5
- job: Release - job: Release

239
build/azure-pipelines/win32/sql-product-build-win32.yml
View File

@@ -76,7 +76,7 @@ steps:
- powershell: | - powershell: |
. build/azure-pipelines/win32/exec.ps1 . build/azure-pipelines/win32/exec.ps1
$ErrorActionPreference = "Stop" $ErrorActionPreference = "Stop"
exec { yarn gulp "vscode-win32-x64" } exec { yarn gulp "vscode-win32-x64-min" }
displayName: Build displayName: Build
- task: ArchiveFiles@2 # WHY - task: ArchiveFiles@2 # WHY
@@ -128,11 +128,11 @@ steps:
displayName: Run unstable integration tests displayName: Run unstable integration tests
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
displayName: 'ESRP CodeSigning - Build files - sha256 only' displayName: 'Sign out code'
inputs: inputs:
ConnectedServiceName: 'Code Signing' ConnectedServiceName: 'Code Signing'
FolderPath: '$(Build.SourcesDirectory)/../azuredatastudio-win32-x64' FolderPath: '$(agent.builddirectory)/azuredatastudio-win32-x64'
Pattern: 'azuredatastudio.exe,azuredatastudio-insider.exe,watcher.exe,inno_updater.exe,7z.exe,mksnapshot.exe,Compil32.exe,ISCC.exe,islzma32.exe,islzma64.exe,winpty-agent.exe,rcedit.exe,rg.exe,CodeHelper.exe,CodeHelper.exe,CodeHelper.exe,CodeHelper.exe,electron.exe,chromedriver.exe,launcher.exe,ffmpeg.dll,libEGL.dll,libGLESv2.dll,node.dll,7-zip.dll,7-zip32.dll,7z.dll,isbunzip.dll,isbzip.dll,ISCmplr.dll,islzma.dll,ISPP.dll,isscint.dll,isunzlib.dll,iszlib.dll,winpty.dll,ffmpeg.dll,libEGL.dll,libGLESv2.dll,node.dll,MicrosoftSqlToolsCredentials.exe,MicrosoftSqlToolsServiceLayer.exe,SqlSerializationService.exe,SqlToolsResourceProviderService.exe,Microsoft.SqlTools.Hosting.dll,Microsoft.SqlTools.ResourceProvider.Core.dll,Microsoft.SqlTools.ResourceProvider.DefaultImpl.dll,MicrosoftSqlToolsCredentials.dll,MicrosoftSqlToolsServiceLayer.dll,Newtonsoft.Json.dll,SqlSerializationService.dll,SqlToolsResourceProviderService.dll,Microsoft.SqlServer.*.dll,Microsoft.Data.Tools.Sql.BatchParser.dll' Pattern: '*.exe,*.node,resources/app/node_modules.asar.unpacked/*.dll,swiftshader/*.dll,d3dcompiler_47.dll,libGLESv2.dll,ffmpeg.dll,libEGL.dll,Microsoft.SqlTools.Hosting.dll,Microsoft.SqlTools.ResourceProvider.Core.dll,Microsoft.SqlTools.ResourceProvider.DefaultImpl.dll,MicrosoftSqlToolsCredentials.dll,MicrosoftSqlToolsServiceLayer.dll,Newtonsoft.Json.dll,SqlSerializationService.dll,SqlToolsResourceProviderService.dll,Microsoft.SqlServer.*.dll,Microsoft.Data.Tools.Sql.BatchParser.dll'
signConfigType: inlineSignParams signConfigType: inlineSignParams
inlineOperation: | inlineOperation: |
[ [
@@ -182,165 +182,19 @@ steps:
MaxRetryAttempts: 20 MaxRetryAttempts: 20
condition: and(succeeded(), eq(variables['signed'], true)) condition: and(succeeded(), eq(variables['signed'], true))
- task: CmdLine@1
displayName: 'Delete CodeSignSummary.md'
inputs:
filename: del
arguments: '$(Build.SourcesDirectory)\..\azuredatastudio-win32-x64\CodeSignSummary*.md'
condition: and(succeeded(), eq(variables['signed'], true))
- powershell: | - powershell: |
. build/azure-pipelines/win32/exec.ps1 . build/azure-pipelines/win32/exec.ps1
$ErrorActionPreference = "Stop" $ErrorActionPreference = "Stop"
exec { yarn gulp "vscode-win32-x64-user-setup" } exec { yarn gulp "vscode-win32-x64-user-setup" }
displayName: User setup
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
displayName: 'ESRP CodeSigning - User Installer - sha256 only'
inputs:
ConnectedServiceName: 'Code Signing'
FolderPath: '$(Build.SourcesDirectory)/.build/win32-x64/user-setup'
signConfigType: inlineSignParams
inlineOperation: |
[
  {
    "keyCode": "CP-230012",
    "operationSetCode": "SigntoolSign",
    "parameters": [
    {
      "parameterName": "OpusName",
      "parameterValue": "Azure Data Studio"
    },
    {
      "parameterName": "OpusInfo",
      "parameterValue": "https://github.com/microsoft/azuredatastudio"
    },
    {
      "parameterName": "PageHash",
      "parameterValue": "/NPH"
    },
    {
      "parameterName": "FileDigest",
      "parameterValue": "/fd sha256"
    },
    {
      "parameterName": "TimeStamp",
      "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
    }
    ],
    "toolName": "signtool.exe",
    "toolVersion": "6.2.9304.0"
  },
  {
    "keyCode": "CP-230012",
    "operationSetCode": "SigntoolVerify",
    "parameters": [
    {
      "parameterName": "VerifyAll",
      "parameterValue": "/all"
    }
],
    "toolName": "signtool.exe",
    "toolVersion": "6.2.9304.0"
  }
]
SessionTimeout: 600
MaxConcurrency: 5
MaxRetryAttempts: 20
condition: and(succeeded(), eq(variables['signed'], true))
- task: CmdLine@1
displayName: 'Delete CodeSignSummary.md for user installer'
inputs:
filename: del
arguments: '$(Build.SourcesDirectory)\.build\win32-x64\user-setup\CodeSignSummary.md'
continueOnError: true
condition: and(succeeded(), eq(variables['signed'], true))
- powershell: |
. build/azure-pipelines/win32/exec.ps1
$ErrorActionPreference = "Stop"
exec { yarn gulp "vscode-win32-x64-system-setup" } exec { yarn gulp "vscode-win32-x64-system-setup" }
displayName: System setup exec { yarn gulp "vscode-win32-x64-archive" }
displayName: Archive & User & System setup
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
displayName: 'ESRP CodeSigning - Installer - sha256 only'
inputs:
ConnectedServiceName: 'Code Signing'
FolderPath: '$(Build.SourcesDirectory)/.build/win32-x64/system-setup'
signConfigType: inlineSignParams
inlineOperation: |
[
  {
    "keyCode": "CP-230012",
    "operationSetCode": "SigntoolSign",
    "parameters": [
    {
      "parameterName": "OpusName",
      "parameterValue": "Azure Data Studio"
    },
    {
      "parameterName": "OpusInfo",
      "parameterValue": "https://github.com/microsoft/azuredatastudio"
    },
    {
      "parameterName": "PageHash",
      "parameterValue": "/NPH"
    },
    {
      "parameterName": "FileDigest",
      "parameterValue": "/fd sha256"
    },
    {
      "parameterName": "TimeStamp",
      "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
    }
    ],
    "toolName": "signtool.exe",
    "toolVersion": "6.2.9304.0"
  },
  {
    "keyCode": "CP-230012",
    "operationSetCode": "SigntoolVerify",
    "parameters": [
    {
      "parameterName": "VerifyAll",
      "parameterValue": "/all"
    }
],
    "toolName": "signtool.exe",
    "toolVersion": "6.2.9304.0"
  }
]
SessionTimeout: 600
MaxConcurrency: 5
MaxRetryAttempts: 20
condition: and(succeeded(), eq(variables['signed'], true))
- task: CmdLine@1
displayName: 'Delete CodeSignSummary.md for installer'
inputs:
filename: del
arguments: '$(Build.SourcesDirectory)\.build\win32-x64\system-setup\CodeSignSummary.md'
continueOnError: true
condition: and(succeeded(), eq(variables['signed'], true))
- script: |
if exist $(Build.SourcesDirectory)\..\azuredatastudio-windows rmdir /s /q $(Build.SourcesDirectory)\..\azuredatastudio-windows
move $(Build.SourcesDirectory)\..\azuredatastudio-win32-x64 $(Build.SourcesDirectory)\..\azuredatastudio-windows
displayName: 'Rename Build Directory'
- task: ArchiveFiles@1
displayName: 'Archive files'
inputs:
rootFolder: '$(Build.SourcesDirectory)/../azuredatastudio-windows'
archiveFile: '$(Build.ArtifactStagingDirectory)/azuredatastudio-windows.zip'
- task: CopyFiles@2 - task: CopyFiles@2
displayName: 'Copy System Install to: $(Build.ArtifactStagingDirectory)' displayName: 'Copy Archive to: $(Build.ArtifactStagingDirectory)'
inputs: inputs:
SourceFolder: '$(Build.SourcesDirectory)/.build/win32-x64/system-setup/' SourceFolder: '$(Build.SourcesDirectory)/.build/win32-x64/archive/'
TargetFolder: '$(Build.ArtifactStagingDirectory)' TargetFolder: '$(Build.ArtifactStagingDirectory)' # our release scripts expect the archive to be in the root
- task: CopyFiles@2 - task: CopyFiles@2
displayName: 'Copy User Installer to: $(Build.ArtifactStagingDirectory)' displayName: 'Copy User Installer to: $(Build.ArtifactStagingDirectory)'
@@ -348,16 +202,75 @@ steps:
SourceFolder: '$(Build.SourcesDirectory)/.build/win32-x64/user-setup/' SourceFolder: '$(Build.SourcesDirectory)/.build/win32-x64/user-setup/'
TargetFolder: '$(Build.ArtifactStagingDirectory)/user-setup/' TargetFolder: '$(Build.ArtifactStagingDirectory)/user-setup/'
- script: | - task: CopyFiles@2
cd $(Build.ArtifactStagingDirectory) displayName: 'Copy System Install to: $(Build.ArtifactStagingDirectory)'
ren *.zip *-UNSIGNED.zip inputs:
ren *.exe *-UNSIGNED.exe SourceFolder: '$(Build.SourcesDirectory)/.build/win32-x64/system-setup/'
displayName: 'Rename unsigned files' TargetFolder: '$(Build.ArtifactStagingDirectory)/' # our release scripts except system exe to be in root and user setup to be under /user-setup
condition: or(failed(), eq(variables['signed'], false))
- task: CopyFiles@2
displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)/vsix'
inputs:
SourceFolder: '$(Build.SourcesDirectory)/../vsix'
TargetFolder: '$(Build.ArtifactStagingDirectory)/vsix'
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
displayName: 'Sign installers'
inputs:
ConnectedServiceName: 'Code Signing'
FolderPath: '$(Build.ArtifactStagingDirectory)'
Pattern: '*.exe'
signConfigType: inlineSignParams
inlineOperation: |
[
  {
    "keyCode": "CP-230012",
    "operationSetCode": "SigntoolSign",
    "parameters": [
    {
      "parameterName": "OpusName",
      "parameterValue": "Azure Data Studio"
    },
    {
      "parameterName": "OpusInfo",
      "parameterValue": "https://github.com/microsoft/azuredatastudio"
    },
    {
      "parameterName": "PageHash",
      "parameterValue": "/NPH"
    },
    {
      "parameterName": "FileDigest",
      "parameterValue": "/fd sha256"
    },
    {
      "parameterName": "TimeStamp",
      "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
    }
    ],
    "toolName": "signtool.exe",
    "toolVersion": "6.2.9304.0"
  },
  {
    "keyCode": "CP-230012",
    "operationSetCode": "SigntoolVerify",
    "parameters": [
    {
      "parameterName": "VerifyAll",
      "parameterValue": "/all"
    }
],
    "toolName": "signtool.exe",
    "toolVersion": "6.2.9304.0"
  }
]
SessionTimeout: 600
MaxConcurrency: 5
MaxRetryAttempts: 20
condition: and(succeeded(), eq(variables['signed'], true))
- powershell: | # WHY! - powershell: | # WHY!
$Build = "$(Build.SourcesDirectory)\..\azuredatastudio-windows" $PackageJson = Get-Content -Raw -Path "$(Build.SourcesDirectory)\package.json" | ConvertFrom-Json
$PackageJson = Get-Content -Raw -Path "$Build\resources\app\package.json" | ConvertFrom-Json
$jsonResult = @{ $jsonResult = @{
version = $PackageJson.version version = $PackageJson.version

2
build/gulpfile.vscode.win32.js
View File

@@ -23,7 +23,7 @@ const repoPath = path.dirname(__dirname);
// {{SQL CARBON EDIT}} // {{SQL CARBON EDIT}}
const buildPath = arch => path.join(path.dirname(repoPath), `azuredatastudio-win32-${arch}`); const buildPath = arch => path.join(path.dirname(repoPath), `azuredatastudio-win32-${arch}`);
const zipDir = arch => path.join(repoPath, '.build', `win32-${arch}`, 'archive'); const zipDir = arch => path.join(repoPath, '.build', `win32-${arch}`, 'archive');
const zipPath = arch => path.join(zipDir(arch), `VSCode-win32-${arch}.zip`); const zipPath = arch => path.join(zipDir(arch), `azuredatastudio-win32-${arch}.zip`);
const setupDir = (arch, target) => path.join(repoPath, '.build', `win32-${arch}`, `${target}-setup`); const setupDir = (arch, target) => path.join(repoPath, '.build', `win32-${arch}`, `${target}-setup`);
const issPath = path.join(__dirname, 'win32', 'code.iss'); const issPath = path.join(__dirname, 'win32', 'code.iss');
const innoSetupPath = path.join(path.dirname(path.dirname(require.resolve('innosetup'))), 'bin', 'ISCC.exe'); const innoSetupPath = path.join(path.dirname(path.dirname(require.resolve('innosetup'))), 'bin', 'ISCC.exe');