Update azure-devdiv-pipeline.pre-release.yml for Azure Pipelines

build/azure-devdiv-pipeline.pre-release.yml

@@ -2,13 +2,13 @@
 trigger: none
 pr: none
 
-# schedules:
-#   - cron: '0 10 * * 1-5' # 10AM UTC (2AM PDT) MON-FRI (VS Code Pre-release builds at 9PM PDT)
-#     displayName: Nightly Pre-Release Schedule
-#     always: false # only run if there are source code changes
-#     branches:
-#       include:
-#         - main
+schedules:
+  - cron: '0 10 * * 1-5' # 10AM UTC (2AM PDT) MON-FRI (VS Code Pre-release builds at 9PM PDT)
+    displayName: Nightly Pre-Release Schedule
+    always: false # only run if there are source code changes
+    branches:
+      include:
+        - main
 
 resources:
   repositories:
@@ -17,11 +17,10 @@ resources:
       name: 1ESPipelineTemplates/MicroBuildTemplate
       ref: refs/tags/release
 variables:
-  - name: SigningType
-    value: 'real'
   - name: TeamName
     value: VSCode-autopep8
-
+  - name: VsixName
+    value: autopep8.vsix
 parameters:
   - name: publishExtension
     displayName: 🚀 Publish Extension
@@ -33,10 +32,13 @@ extends:
   parameters:
     sdl:
       sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES
+      codeSignValidation:
+        enabled: true
+      sbom:
+        enabled: false # Disable global SBOM generation; we'll enable selectively per artifact output
     pool:
       name: AzurePipelines-EO
-      image: 1ESPT-Ubuntu22.04
-      os: linux
+      os: windows
 
     customBuildTags:
       - ES365AIMigrationTooling
@@ -47,14 +49,26 @@ extends:
           - job: Build
             displayName: Build Job
             pool:
-            name: VSEngSS-MicroBuild2022-1ES # use windows for codesigning to make things easier https://dev.azure.com/devdiv/DevDiv/_wiki/wikis/DevDiv.wiki/650/MicroBuild-Signing
-            os: windows
+              name: VSEngSS-MicroBuild2022-1ES # use windows for codesigning to make things easier https://dev.azure.com/devdiv/DevDiv/_wiki/wikis/DevDiv.wiki/650/MicroBuild-Signing
+              os: windows
+            templateContext:
+              mb:
+                signing:
+                  enabled: true
+                  signType: real
+                  signWithProd: true
+              outputs:
+                - output: pipelineArtifact
+                  displayName: 'Publish Drop Artifact'
+                  targetPath: '$(Build.StagingDirectory)\drop'
+                  artifactName: drop
+                  sbomEnabled: true
             steps:
               - task: NodeTool@0
                 inputs:
                   versionSpec: '22.x'
-                  checkLatest: false
-                displayName: Select Node version
+                  checkLatest: true
+                displayName: Select Node 20 LTS
 
               - task: UsePythonVersion@0
                 inputs:
@@ -81,5 +95,29 @@ extends:
               - script: python ./build/update_ext_version.py --for-publishing
                 displayName: Update build number
 
-              - script: npm run package
-                displayName: Build extension
+              - script: npm run vsce-package
+                displayName: Build VSIX
+
+              - powershell: New-Item -ItemType Directory -Path "$(Build.StagingDirectory)\drop" -Force | Out-Null; Copy-Item "$(Build.SourcesDirectory)\$(VsixName)" "$(Build.StagingDirectory)\drop\$(VsixName)" -Force; if (!(Test-Path "$(Build.StagingDirectory)\drop\$(VsixName)")) { Write-Error 'VSIX copy failed'; exit 1 }; Get-Item "$(Build.StagingDirectory)\drop\$(VsixName)" | Format-Table Name,Length,LastWriteTime -AutoSize
+                displayName: Copy VSIX into drop
+
+              - script: npx vsce generate-manifest -i "$(Build.StagingDirectory)\drop\$(VsixName)" -o "$(Build.StagingDirectory)\drop\extension.manifest"
+                displayName: Generate extension manifest
+
+              - template: build/templates/sign.yml@self
+                parameters:
+                  vsixName: $(VsixName)
+                  workingDirectory: $(Build.StagingDirectory)\drop
+                  signType: real
+                  verifySignature: true
+
+              - ${{ if eq(parameters.publishExtension, true) }}:
+                  - template: build/templates/publish.yml@self
+                    parameters:
+                      azureSubscription: PylancePublishPipelineSecureConnectionWithManagedIdentity
+                      vsixName: $(VsixName)
+                      manifestName: extension.manifest
+                      signatureName: extension.signature.p7s
+                      publishFolder: drop
+                      preRelease: true
+                      noVerify: true

build/azure-devdiv-pipeline.stable.yml

@@ -0,0 +1,119 @@
+name: Publish Release
+trigger:
+  branches:
+    include:
+      - refs/tags/*
+
+resources:
+  repositories:
+    - repository: MicroBuildTemplate
+      type: git
+      name: 1ESPipelineTemplates/MicroBuildTemplate
+      ref: refs/tags/release
+variables:
+  - name: TeamName
+    value: VSCode-autopep8
+  - name: VsixName
+    value: autopep8.vsix
+
+parameters:
+  - name: publishExtension
+    displayName: 🚀 Publish Extension
+    type: boolean
+    default: false
+
+extends:
+  template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
+  parameters:
+    sdl:
+      sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES
+      codeSignValidation:
+        enabled: true
+      sbom:
+        enabled: false  # Disable global SBOM generation; we'll enable selectively per artifact output
+    pool:
+      name: AzurePipelines-EO
+      os: windows
+
+    customBuildTags:
+      - ES365AIMigrationTooling
+    stages:
+      - stage: Build
+        displayName: Build & Package Extension
+        jobs:
+          - job: Build
+            displayName: Build Job
+            pool:
+              name: VSEngSS-MicroBuild2022-1ES # use windows for codesigning to make things easier https://dev.azure.com/devdiv/DevDiv/_wiki/wikis/DevDiv.wiki/650/MicroBuild-Signing
+              os: windows
+            templateContext:
+              mb:
+                signing:
+                  enabled: true
+                  signType: real
+                  signWithProd: true
+              outputs:
+                - output: pipelineArtifact
+                  displayName: 'Publish Drop Artifact'
+                  targetPath: '$(Build.StagingDirectory)\drop'
+                  artifactName: drop
+                  sbomEnabled: true
+            steps:
+              - task: NodeTool@0
+                inputs:
+                  versionSpec: '22.x'
+                  checkLatest: true
+                displayName: Select Node 20 LTS
+              - task: UsePythonVersion@0
+                inputs:
+                  versionSpec: '3.13'
+                  addToPath: true
+                  architecture: 'x64'
+                displayName: Select Python version
+
+              - script: npm ci
+                displayName: Install NPM dependencies
+
+              - script: python -m pip install -U pip
+                displayName: Upgrade pip
+
+              - script: python -m pip install wheel
+                displayName: Install wheel
+
+              - script: python -m pip install nox
+                displayName: Install nox
+
+              - script: python -m nox --session install_bundled_libs
+                displayName: Install Python dependencies
+
+              - script: python ./build/update_ext_version.py --release --for-publishing
+                displayName: Update build number
+
+              - script: npm run package
+                displayName: Build extension
+
+               - powershell: |
+                  New-Item -ItemType Directory -Path "$(Build.StagingDirectory)\drop" -Force | Out-Null; Copy-Item "$(Build.SourcesDirectory)\$(VsixName)" "$(Build.StagingDirectory)\drop\$(VsixName)" -Force; if (!(Test-Path "$(Build.StagingDirectory)\drop\$(VsixName)")) { Write-Error 'VSIX copy failed'; exit 1 }; Get-Item "$(Build.StagingDirectory)\drop\$(VsixName)" | Format-Table Name,Length,LastWriteTime -AutoSize
+                displayName: Copy VSIX into drop
+
+              - script: npx vsce generate-manifest -i "$(Build.StagingDirectory)\drop\$(VsixName)" -o "$(Build.StagingDirectory)\drop\extension.manifest"
+                displayName: Generate extension manifest
+
+              - template: build/templates/sign.yml@self
+                parameters:
+                  vsixName: $(VsixName)
+                  workingDirectory: $(Build.StagingDirectory)\drop
+                  signType: real
+                  verifySignature: true
+
+              - ${{ if eq(parameters.publishExtension, true) }}:
+                - template: build/templates/publish.yml@self
+                  parameters:
+                    azureSubscription: PylancePublishPipelineSecureConnectionWithManagedIdentity
+                    vsixName: $(VsixName)
+                    manifestName: extension.manifest
+                    signatureName: extension.signature.p7s
+                    publishFolder: drop
+                    preRelease: false
+                    noVerify: true
+

build/azure-pipeline.pre-release.yml

@@ -2,13 +2,13 @@
 trigger: none
 pr: none
 
-schedules:
-  - cron: '0 10 * * 1-5' # 10AM UTC (2AM PDT) MON-FRI (VS Code Pre-release builds at 9PM PDT)
-    displayName: Nightly Pre-Release Schedule
-    always: false # only run if there are source code changes
-    branches:
-      include:
-        - main
+# schedules:
+#   - cron: '0 10 * * 1-5' # 10AM UTC (2AM PDT) MON-FRI (VS Code Pre-release builds at 9PM PDT)
+#     displayName: Nightly Pre-Release Schedule
+#     always: false # only run if there are source code changes
+#     branches:
+#       include:
+#         - main
 
 resources:
   repositories:

build/sign.proj

@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project InitialTargets="SetSigningProperties" DefaultTargets="SignFiles" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <!-- Adjusted package path to parent directory since NuGet restore places packages at repository root -->
+  <Import Project="..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.props" Condition="Exists('..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.props')" />
+
+
+  <Target Name="SetSigningProperties">
+    <PropertyGroup>
+      <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+      <!-- Emit signing outputs into BaseOutputDirectory; allow override from MSBuild /p:BaseOutputDirectory=... -->
+      <BaseOutputDirectory Condition="'$(BaseOutputDirectory)' == ''">.\</BaseOutputDirectory>
+      <!-- These properties are required by MicroBuild, which only signs files that are under these paths -->
+      <IntermediateOutputPath Condition="'$(IntermediateOutputPath)' == ''">$(BaseOutputDirectory)/intermediate</IntermediateOutputPath>
+      <OutDir Condition="'$(OutDir)' == ''">$(BaseOutputDirectory)</OutDir>
+    </PropertyGroup>
+  </Target>
+
+  <!-- Reintroduced CopySignatureFile & CopyBackSignatureFile so signing flow is self-contained -->
+
+  <Target Name="CopySignatureFile" BeforeTargets="GetFilesToSign">
+    <!-- Use manifest from OutDir (working directory passed via /p:OutDir) and ensure proper path joining with explicit backslash -->
+    <Error Condition="!Exists('$(OutDir)\\extension.manifest')" Text="Manifest not found at $(OutDir)\\extension.manifest. Ensure manifest generation precedes signing." />
+    <Copy SourceFiles="$(OutDir)\\extension.manifest" DestinationFiles="$(OutDir)\\extension.signature.p7s" SkipUnchangedFiles="true" />
+  </Target>
+
+  <Target Name="CopyBackSignatureFile" AfterTargets="SignFiles">
+    <Copy Condition="Exists('$(OutDir)extension.signature.p7s')" SourceFiles="$(OutDir)extension.signature.p7s" DestinationFiles="$(ProjectDir)extension.signature.p7s" />
+  </Target>
+
+
+  <!-- SignFiles now fails fast if MicroBuild signing targets are missing -->
+  <Target Name="SignFiles">
+    <Error Condition="!Exists('..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets')" Text="MicroBuild signing targets missing. Run NuGet restore before invoking MSBuild (packages.config)." />
+    <Message Condition="Exists('..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets')" Text="MicroBuild signing targets detected; delegating signing to imported targets." Importance="high" />
+  </Target>
+
+
+  <Target Name="GetFilesToSign" BeforeTargets="SignFiles">
+    <ItemGroup>
+      <FilesToSign Include="$(OutDir)\\extension.signature.p7s">
+        <Authenticode>VSCodePublisher</Authenticode>
+      </FilesToSign>
+    </ItemGroup>
+  </Target>
+
+  <Target Name="Build" BeforeTargets="CopySignatureFile">
+    <MakeDir Directories="$(OutDir)"/>
+  </Target>
+
+  <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="Build">
+    <PropertyGroup>
+      <ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
+    </PropertyGroup>
+    <Error Condition="!Exists('..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.props'))" />
+    <Error Condition="!Exists('..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets'))" />
+  </Target>
+
+  <Import Project="..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets" Condition="Exists('..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.1.0.0\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets')" />
+</Project>