Add vsix sign (#1375)

jdneo · web-flow · commit fbf4129c3f0c · 2024-07-31T15:19:11.000+08:00
diff --git a/.azure-pipelines/nightly.yml b/.azure-pipelines/nightly.yml
@@ -68,7 +68,7 @@ extends:
               - task: CmdLine@2
                 displayName: VSCE package --pre-release
                 inputs:
-                  script: npx @vscode/vsce@latest package --pre-release
+                  script: npx @vscode/vsce@latest package --pre-release -o extension.vsix
               ### Copy files for APIScan
               - task: CopyFiles@2
                 displayName: "Copy Files for APIScan"
@@ -88,8 +88,41 @@ extends:
                 condition: and(succeeded(), ne(variables['DisableAPIScan'], 'true'))
                 env:
                   AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
+              - script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
+                displayName: 'Generate extension manifest'
+              - script: cp extension.manifest extension.signature.p7s
+                displayName: 'Prepare manifest for signing'
+              - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
+                inputs:
+                  ConnectedServiceName: $(ConnectedServiceName)
+                  AppRegistrationClientId: $(AppRegistrationClientId)
+                  AppRegistrationTenantId: $(AppRegistrationTenantId)
+                  AuthAKVName: $(AuthAKVName)
+                  AuthCertName: $(AuthCertName)
+                  AuthSignCertName: $(AuthSignCertName)
+                  FolderPath: '.'
+                  Pattern: 'extension.signature.p7s'
+                  signConfigType: inlineSignParams
+                  inlineOperation: |
+                    [
+                      {
+                        "keyCode": "CP-401405",
+                        "operationSetCode": "VSCodePublisherSign",
+                        "parameters" : [],
+                        "toolName": "sign",
+                        "toolVersion": "1.0"
+                      }
+                    ]
+                  SessionTimeout: 90
+                  MaxConcurrency: 25
+                  MaxRetryAttempts: 5
+                  PendingAnalysisWaitTimeoutMinutes: 5
+                displayName: 'Sign extension'
               - task: CopyFiles@2
                 displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)"
                 inputs:
-                  Contents: "*.vsix"
+                  Contents: |
+                    extension.vsix
+                    extension.manifest
+                    extension.signature.p7s
                   TargetFolder: $(Build.ArtifactStagingDirectory)
diff --git a/.azure-pipelines/rc.yml b/.azure-pipelines/rc.yml
@@ -56,7 +56,7 @@ extends:
               - task: CmdLine@2
                 displayName: VSCE package
                 inputs:
-                  script: npx @vscode/vsce@latest package
+                  script: npx @vscode/vsce@latest package -o extension.vsix
               ### Copy files for APIScan
               - task: CopyFiles@2
                 displayName: "Copy Files for APIScan"
@@ -76,8 +76,41 @@ extends:
                 condition: and(succeeded(), ne(variables['DisableAPIScan'], 'true'))
                 env:
                   AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
+              - script: npx @vscode/vsce@latest generate-manifest -i extension.vsix -o extension.manifest
+                displayName: 'Generate extension manifest'
+              - script: cp extension.manifest extension.signature.p7s
+                displayName: 'Prepare manifest for signing'
+              - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
+                inputs:
+                  ConnectedServiceName: $(ConnectedServiceName)
+                  AppRegistrationClientId: $(AppRegistrationClientId)
+                  AppRegistrationTenantId: $(AppRegistrationTenantId)
+                  AuthAKVName: $(AuthAKVName)
+                  AuthCertName: $(AuthCertName)
+                  AuthSignCertName: $(AuthSignCertName)
+                  FolderPath: '.'
+                  Pattern: 'extension.signature.p7s'
+                  signConfigType: inlineSignParams
+                  inlineOperation: |
+                    [
+                      {
+                        "keyCode": "CP-401405",
+                        "operationSetCode": "VSCodePublisherSign",
+                        "parameters" : [],
+                        "toolName": "sign",
+                        "toolVersion": "1.0"
+                      }
+                    ]
+                  SessionTimeout: 90
+                  MaxConcurrency: 25
+                  MaxRetryAttempts: 5
+                  PendingAnalysisWaitTimeoutMinutes: 5
+                displayName: 'Sign extension'
               - task: CopyFiles@2
                 displayName: "Copy Files to: $(Build.ArtifactStagingDirectory)"
                 inputs:
-                  Contents: "*.vsix"
+                  Contents: |
+                    extension.vsix
+                    extension.manifest
+                    extension.signature.p7s
                   TargetFolder: $(Build.ArtifactStagingDirectory)
