parameters: - name: VSCODE_PUBLISH type: boolean - name: VSCODE_QUALITY type: string - name: VSCODE_RUN_UNIT_TESTS type: boolean - name: VSCODE_RUN_INTEGRATION_TESTS type: boolean - name: VSCODE_RUN_SMOKE_TESTS type: boolean steps: - ${{ if eq(parameters.VSCODE_QUALITY, 'oss') }}: - checkout: self fetchDepth: 1 retryCountOnTaskFailure: 3 - task: NodeTool@0 inputs: versionSpec: "16.x" - ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}: - task: AzureKeyVault@1 displayName: "Azure Key Vault: Get Secrets" inputs: azureSubscription: "vscode-builds-subscription" KeyVaultName: vscode SecretsFilter: "github-distro-mixin-password,ESRP-PKI,esrp-aad-username,esrp-aad-password" - ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}: - task: DownloadPipelineArtifact@2 inputs: artifact: Compilation path: $(Build.ArtifactStagingDirectory) displayName: Download compilation output - ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}: - task: DownloadPipelineArtifact@2 inputs: artifact: reh_node_modules-$(VSCODE_ARCH) path: $(Build.ArtifactStagingDirectory) displayName: Download server build dependencies condition: and(succeeded(), ne(variables['VSCODE_ARCH'], 'armhf')) - ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}: - script: | set -e # Start X server /etc/init.d/xvfb start # Start dbus session DBUS_LAUNCH_RESULT=$(sudo dbus-daemon --config-file=/usr/share/dbus-1/system.conf --print-address) echo "##vso[task.setvariable variable=DBUS_SESSION_BUS_ADDRESS]$DBUS_LAUNCH_RESULT" displayName: Setup system services condition: and(succeeded(), eq(variables['VSCODE_ARCH'], 'x64')) - ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}: - script: | set -e tar -xzf $(Build.ArtifactStagingDirectory)/compilation.tar.gz displayName: Extract compilation output - ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}: - script: | set -e cat << EOF > ~/.netrc machine github.com login vscode password $(github-distro-mixin-password) EOF git config user.email "vscode@microsoft.com" git config user.name "VSCode" displayName: Prepare tooling - ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}: - script: | set -e git fetch https://github.com/$(VSCODE_MIXIN_REPO).git $VSCODE_DISTRO_REF echo "##vso[task.setvariable variable=VSCODE_DISTRO_COMMIT;]$(git rev-parse FETCH_HEAD)" git checkout FETCH_HEAD condition: and(succeeded(), ne(variables.VSCODE_DISTRO_REF, ' ')) displayName: Checkout override commit - ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}: - script: | set -e git pull --no-rebase https://github.com/$(VSCODE_MIXIN_REPO).git $(node -p "require('./package.json').distro") displayName: Merge distro - script: | mkdir -p .build node build/azure-pipelines/common/computeNodeModulesCacheKey.js $VSCODE_ARCH $ENABLE_TERRAPIN > .build/yarnlockhash displayName: Prepare yarn cache flags - ${{ if eq(parameters.VSCODE_QUALITY, 'oss') }}: - task: Cache@2 inputs: key: "genericNodeModules | $(Agent.OS) | .build/yarnlockhash" path: .build/node_modules_cache cacheHitVar: NODE_MODULES_RESTORED displayName: Restore node_modules cache - ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}: - task: Cache@2 inputs: key: "nodeModules | $(Agent.OS) | .build/yarnlockhash" path: .build/node_modules_cache cacheHitVar: NODE_MODULES_RESTORED displayName: Restore node_modules cache - script: | set -e tar -xzf .build/node_modules_cache/cache.tgz condition: and(succeeded(), eq(variables.NODE_MODULES_RESTORED, 'true')) displayName: Extract node_modules cache - script: | set -e npx https://aka.ms/enablesecurefeed standAlone timeoutInMinutes: 5 retryCountOnTaskFailure: 3 condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'), eq(variables['ENABLE_TERRAPIN'], 'true')) displayName: Switch to Terrapin packages - script: | set -e node build/npm/setupBuildYarnrc for i in {1..3}; do # try 3 times, for Terrapin yarn --cwd build --frozen-lockfile --check-files && break if [ $i -eq 3 ]; then echo "Yarn failed too many times" >&2 exit 1 fi echo "Yarn failed $i, trying again..." done displayName: Install build dependencies - script: | set -e if [ "$NPM_ARCH" = "armv7l" ]; then # There is no target_arch="armv7l" supported by node_gyp, # arm versions for compilation are decided based on the CC # macros. # Mapping value is based on # https://github.com/nodejs/node/blob/0903515e126c2697042d6546c6aa4b72e1a4b33e/configure.py#L49-L50 export npm_config_arch="arm" else export npm_config_arch=$(NPM_ARCH) fi if [ -z "$CC" ] || [ -z "$CXX" ]; then # Download clang based on chromium revision used by vscode curl -s https://raw.githubusercontent.com/chromium/chromium/98.0.4758.109/tools/clang/scripts/update.py | python - --output-dir=$PWD/.build/CR_Clang --host-os=linux # Download libcxx headers and objects from upstream electron releases DEBUG=libcxx-fetcher \ VSCODE_LIBCXX_OBJECTS_DIR=$PWD/.build/libcxx-objects \ VSCODE_LIBCXX_HEADERS_DIR=$PWD/.build/libcxx_headers \ VSCODE_LIBCXXABI_HEADERS_DIR=$PWD/.build/libcxxabi_headers \ VSCODE_ARCH="$(NPM_ARCH)" \ node build/linux/libcxx-fetcher.js # Set compiler toolchain # Flags for the client build are based on # https://source.chromium.org/chromium/chromium/src/+/refs/tags/98.0.4758.109:build/config/arm.gni # https://source.chromium.org/chromium/chromium/src/+/refs/tags/98.0.4758.109:build/config/compiler/BUILD.gn # https://source.chromium.org/chromium/chromium/src/+/refs/tags/98.0.4758.109:build/config/c++/BUILD.gn export CC=$PWD/.build/CR_Clang/bin/clang export CXX=$PWD/.build/CR_Clang/bin/clang++ export CXXFLAGS="-nostdinc++ -D__NO_INLINE__ -isystem$PWD/.build/libcxx_headers -isystem$PWD/.build/libcxx_headers/include -isystem$PWD/.build/libcxxabi_headers/include -fPIC -flto=thin -fsplit-lto-unit" export LDFLAGS="-stdlib=libc++ -fuse-ld=lld -flto=thin -L$PWD/.build/libcxx-objects -lc++abi -Wl,--lto-O0" export VSCODE_REMOTE_CC=$(which gcc) export VSCODE_REMOTE_CXX=$(which g++) fi for i in {1..3}; do # try 3 times, for Terrapin yarn --frozen-lockfile --check-files && break if [ $i -eq 3 ]; then echo "Yarn failed too many times" >&2 exit 1 fi echo "Yarn failed $i, trying again..." done env: ELECTRON_SKIP_BINARY_DOWNLOAD: 1 PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 GITHUB_TOKEN: "$(github-distro-mixin-password)" displayName: Install dependencies condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true')) - ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}: - script: | set -e rm -rf remote/node_modules tar -xzf $(Build.ArtifactStagingDirectory)/reh_node_modules-$(VSCODE_ARCH).tar.gz --directory $(Build.SourcesDirectory)/remote displayName: Extract server node_modules output condition: and(succeeded(), ne(variables['VSCODE_ARCH'], 'armhf')) - script: | set -e node build/azure-pipelines/common/listNodeModules.js .build/node_modules_list.txt mkdir -p .build/node_modules_cache tar -czf .build/node_modules_cache/cache.tgz --files-from .build/node_modules_list.txt condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true')) displayName: Create node_modules archive - ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}: - script: | set -e node build/azure-pipelines/mixin displayName: Mix in quality - ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}: - script: | set -e VSCODE_MIXIN_PASSWORD="$(github-distro-mixin-password)" \ yarn gulp vscode-linux-$(VSCODE_ARCH)-min-ci displayName: Build - ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}: - script: | set -e node build/azure-pipelines/mixin --server displayName: Mix in server quality - ${{ if ne(parameters.VSCODE_QUALITY, 'oss') }}: - script: | set -e VSCODE_MIXIN_PASSWORD="$(github-distro-mixin-password)" \ yarn gulp vscode-reh-linux-$(VSCODE_ARCH)-min-ci VSCODE_MIXIN_PASSWORD="$(github-distro-mixin-password)" \ yarn gulp vscode-reh-web-linux-$(VSCODE_ARCH)-min-ci displayName: Build Server - ${{ if eq(parameters.VSCODE_QUALITY, 'oss') }}: - script: | set -e VSCODE_MIXIN_PASSWORD="$(github-distro-mixin-password)" \ yarn gulp "transpile-client" "transpile-extensions" displayName: Transpile - ${{ if or(eq(parameters.VSCODE_RUN_UNIT_TESTS, true), eq(parameters.VSCODE_RUN_INTEGRATION_TESTS, true), eq(parameters.VSCODE_RUN_SMOKE_TESTS, true)) }}: - template: product-build-linux-client-test.yml parameters: VSCODE_QUALITY: ${{ parameters.VSCODE_QUALITY }} VSCODE_RUN_UNIT_TESTS: ${{ parameters.VSCODE_RUN_UNIT_TESTS }} VSCODE_RUN_INTEGRATION_TESTS: ${{ parameters.VSCODE_RUN_INTEGRATION_TESTS }} VSCODE_RUN_SMOKE_TESTS: ${{ parameters.VSCODE_RUN_SMOKE_TESTS }} - ${{ if eq(parameters.VSCODE_PUBLISH, true) }}: - script: | set -e yarn gulp "vscode-linux-$(VSCODE_ARCH)-build-deb" yarn gulp "vscode-linux-$(VSCODE_ARCH)-build-rpm" displayName: Build deb, rpm packages - ${{ if eq(parameters.VSCODE_PUBLISH, true) }}: - script: | set -e yarn gulp "vscode-linux-$(VSCODE_ARCH)-prepare-snap" displayName: Prepare snap package - ${{ if eq(parameters.VSCODE_PUBLISH, true) }}: - task: UseDotNet@2 inputs: version: 2.x - ${{ if eq(parameters.VSCODE_PUBLISH, true) }}: - task: EsrpClientTool@1 displayName: Download ESRPClient - ${{ if eq(parameters.VSCODE_PUBLISH, true) }}: - script: | set -e node build/azure-pipelines/common/sign "$(esrpclient.toolpath)/$(esrpclient.toolname)" rpm $(ESRP-PKI) $(esrp-aad-username) $(esrp-aad-password) .build/linux/rpm '*.rpm' displayName: Codesign rpm - ${{ if eq(parameters.VSCODE_PUBLISH, true) }}: - script: | set -e VSCODE_ARCH="$(VSCODE_ARCH)" \ ./build/azure-pipelines/linux/prepare-publish.sh displayName: Prepare for Publish - ${{ if eq(parameters.VSCODE_PUBLISH, true) }}: - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 displayName: Generate SBOM (client) inputs: BuildDropPath: $(agent.builddirectory)/VSCode-linux-$(VSCODE_ARCH) PackageName: Visual Studio Code - ${{ if eq(parameters.VSCODE_PUBLISH, true) }}: - publish: $(agent.builddirectory)/VSCode-linux-$(VSCODE_ARCH)/_manifest displayName: Publish SBOM (client) artifact: vscode_client_linux_$(VSCODE_ARCH)_sbom - ${{ if eq(parameters.VSCODE_PUBLISH, true) }}: - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 displayName: Generate SBOM (server) inputs: BuildDropPath: $(agent.builddirectory)/vscode-server-linux-$(VSCODE_ARCH) PackageName: Visual Studio Code Server - ${{ if eq(parameters.VSCODE_PUBLISH, true) }}: - publish: $(agent.builddirectory)/vscode-server-linux-$(VSCODE_ARCH)/_manifest displayName: Publish SBOM (server) artifact: vscode_server_linux_$(VSCODE_ARCH)_sbom - ${{ if eq(parameters.VSCODE_PUBLISH, true) }}: - publish: $(DEB_PATH) artifact: vscode_client_linux_$(VSCODE_ARCH)_deb-package displayName: Publish deb package - ${{ if eq(parameters.VSCODE_PUBLISH, true) }}: - publish: $(RPM_PATH) artifact: vscode_client_linux_$(VSCODE_ARCH)_rpm-package displayName: Publish rpm package - ${{ if eq(parameters.VSCODE_PUBLISH, true) }}: - publish: $(TARBALL_PATH) artifact: vscode_client_linux_$(VSCODE_ARCH)_archive-unsigned displayName: Publish client archive - ${{ if eq(parameters.VSCODE_PUBLISH, true) }}: - publish: $(Agent.BuildDirectory)/vscode-server-linux-$(VSCODE_ARCH).tar.gz artifact: vscode_server_linux_$(VSCODE_ARCH)_archive-unsigned displayName: Publish server archive - ${{ if eq(parameters.VSCODE_PUBLISH, true) }}: - publish: $(Agent.BuildDirectory)/vscode-server-linux-$(VSCODE_ARCH)-web.tar.gz artifact: vscode_web_linux_$(VSCODE_ARCH)_archive-unsigned displayName: Publish web server archive - ${{ if eq(parameters.VSCODE_PUBLISH, true) }}: - task: PublishPipelineArtifact@0 displayName: "Publish Pipeline Artifact" inputs: artifactName: "snap-$(VSCODE_ARCH)" targetPath: .build/linux/snap-tarball