diff --git a/build/azure-pipelines/darwin/codesign-darwin.yml b/build/azure-pipelines/darwin/codesign-darwin.yml new file mode 100644 index 0000000000000000000000000000000000000000..63dade01c66e20dc7d8c338599b211f05a50f417 --- /dev/null +++ b/build/azure-pipelines/darwin/codesign-darwin.yml @@ -0,0 +1,23 @@ +steps: +- task: AzureKeyVault@1 + displayName: 'Azure Key Vault: Get Secrets' + inputs: + azureSubscription: 'vscode-builds-subscription' + KeyVaultName: vscode + +- script: | + cat << EOF > $(agent.tempdirectory)/cert.p12 + $(macos-developer-certificate) + EOF + security import $(agent.tempdirectory)/cert.p12 -P "$(macos-developer-certificate-key)" + curl -o $(agent.tempdirectory)/VSCode-darwin.zip https://vscode.blob.core.windows.net/public/VSCode-darwin.zip + unzip $(agent.tempdirectory)/VSCode-darwin.zip -d $(agent.tempdirectory) + codesign -s 99FM488X57 --deep --force --options runtime --entitlements build/azure-pipelines/darwin/entitlements.plist $(agent.tempdirectory)/Visual\ Studio\ Code\ -\ Insiders.app + zip -r -X -y $(agent.stagingdirectory)/VSCode-darwin.zip $(agent.tempdirectory)/Visual\ Studio\ Code\ -\ Insiders.app + +- task: PublishPipelineArtifact@0 + displayName: 'Publish Pipeline Artifact' + inputs: + artifactName: darwin-hardened + targetPath: $(agent.stagingdirectory)/VSCode-darwin.zip + diff --git a/build/azure-pipelines/darwin/entitlements.plist b/build/azure-pipelines/darwin/entitlements.plist new file mode 100644 index 0000000000000000000000000000000000000000..969a62150fd59a4031d72d26b630b6d99283b86f --- /dev/null +++ b/build/azure-pipelines/darwin/entitlements.plist @@ -0,0 +1,22 @@ + + + + + com.apple.security.device.camera + + com.apple.security.device.audio-input + + com.apple.security.personal-information.location + + com.apple.security.automation.apple-events + + com.apple.security.cs.allow-jit + + com.apple.security.cs.allow-unsigned-executable-memory + + com.apple.security.cs.disable-library-validation + + com.apple.security.cs.disable-executable-page-protection + + + diff --git a/build/azure-pipelines/product-build.yml b/build/azure-pipelines/product-build.yml index cf44981f1e4c6e32d9cce0ba359d58b26d887d5a..558fdf8f059b1684d681577a9e1d3fd46111448f 100644 --- a/build/azure-pipelines/product-build.yml +++ b/build/azure-pipelines/product-build.yml @@ -7,140 +7,150 @@ resources: image: snapcore/snapcraft:stable jobs: -- job: Compile - pool: - vmImage: 'Ubuntu-16.04' - container: vscode-x64 - steps: - - template: product-compile.yml +# - job: Compile +# pool: +# vmImage: 'Ubuntu-16.04' +# container: vscode-x64 +# steps: +# - template: product-compile.yml -- job: Windows - condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_WIN32'], 'true')) - pool: - vmImage: VS2017-Win2016 - variables: - VSCODE_ARCH: x64 - dependsOn: - - Compile - steps: - - template: win32/product-build-win32.yml +# - job: Windows +# condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_WIN32'], 'true')) +# pool: +# vmImage: VS2017-Win2016 +# variables: +# VSCODE_ARCH: x64 +# dependsOn: +# - Compile +# steps: +# - template: win32/product-build-win32.yml -- job: Windows32 - condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_WIN32_32BIT'], 'true')) - pool: - vmImage: VS2017-Win2016 - variables: - VSCODE_ARCH: ia32 - dependsOn: - - Compile - steps: - - template: win32/product-build-win32.yml +# - job: Windows32 +# condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_WIN32_32BIT'], 'true')) +# pool: +# vmImage: VS2017-Win2016 +# variables: +# VSCODE_ARCH: ia32 +# dependsOn: +# - Compile +# steps: +# - template: win32/product-build-win32.yml -- job: Linux - condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_LINUX'], 'true')) - pool: - vmImage: 'Ubuntu-16.04' - container: vscode-x64 - dependsOn: - - Compile - steps: - - template: linux/product-build-linux.yml +# - job: Linux +# condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_LINUX'], 'true')) +# pool: +# vmImage: 'Ubuntu-16.04' +# container: vscode-x64 +# dependsOn: +# - Compile +# steps: +# - template: linux/product-build-linux.yml -- job: LinuxSnap - condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_LINUX'], 'true')) - pool: - vmImage: 'Ubuntu-16.04' - container: snapcraft - dependsOn: Linux - steps: - - template: linux/snap-build-linux.yml +# - job: LinuxSnap +# condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_LINUX'], 'true')) +# pool: +# vmImage: 'Ubuntu-16.04' +# container: snapcraft +# dependsOn: Linux +# steps: +# - template: linux/snap-build-linux.yml -- job: LinuxArmhf - condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_LINUX_ARMHF'], 'true')) - pool: - vmImage: 'Ubuntu-16.04' - variables: - VSCODE_ARCH: armhf - dependsOn: - - Compile - steps: - - template: linux/product-build-linux-multiarch.yml +# - job: LinuxArmhf +# condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_LINUX_ARMHF'], 'true')) +# pool: +# vmImage: 'Ubuntu-16.04' +# variables: +# VSCODE_ARCH: armhf +# dependsOn: +# - Compile +# steps: +# - template: linux/product-build-linux-multiarch.yml -- job: LinuxArm64 - condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_LINUX_ARM64'], 'true')) - pool: - vmImage: 'Ubuntu-16.04' - variables: - VSCODE_ARCH: arm64 - dependsOn: - - Compile - steps: - - template: linux/product-build-linux-multiarch.yml +# - job: LinuxArm64 +# condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_LINUX_ARM64'], 'true')) +# pool: +# vmImage: 'Ubuntu-16.04' +# variables: +# VSCODE_ARCH: arm64 +# dependsOn: +# - Compile +# steps: +# - template: linux/product-build-linux-multiarch.yml -- job: LinuxAlpine - condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_LINUX_ALPINE'], 'true')) - pool: - vmImage: 'Ubuntu-16.04' - variables: - VSCODE_ARCH: alpine - dependsOn: - - Compile - steps: - - template: linux/product-build-linux-multiarch.yml +# - job: LinuxAlpine +# condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_LINUX_ALPINE'], 'true')) +# pool: +# vmImage: 'Ubuntu-16.04' +# variables: +# VSCODE_ARCH: alpine +# dependsOn: +# - Compile +# steps: +# - template: linux/product-build-linux-multiarch.yml -- job: LinuxWeb - condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_WEB'], 'true')) - pool: - vmImage: 'Ubuntu-16.04' - variables: - VSCODE_ARCH: x64 - dependsOn: - - Compile - steps: - - template: web/product-build-web.yml +# - job: LinuxWeb +# condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_WEB'], 'true')) +# pool: +# vmImage: 'Ubuntu-16.04' +# variables: +# VSCODE_ARCH: x64 +# dependsOn: +# - Compile +# steps: +# - template: web/product-build-web.yml + +# - job: macOS +# condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_MACOS'], 'true')) +# timeoutInMinutes: 180 +# pool: +# vmImage: macOS-latest +# dependsOn: +# - Compile +# steps: +# - template: darwin/product-build-darwin.yml + +# - job: Release +# condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), or(eq(variables['VSCODE_RELEASE'], 'true'), and(or(eq(variables['VSCODE_QUALITY'], 'insider'), eq(variables['VSCODE_QUALITY'], 'exploration')), eq(variables['Build.Reason'], 'Schedule')))) +# pool: +# vmImage: 'Ubuntu-16.04' +# dependsOn: +# - Windows +# - Windows32 +# - Linux +# - LinuxSnap +# - LinuxArmhf +# - LinuxArm64 +# - LinuxAlpine +# - macOS +# steps: +# - template: release.yml + +# - job: Mooncake +# pool: +# vmImage: 'Ubuntu-16.04' +# condition: and(succeededOrFailed(), eq(variables['VSCODE_COMPILE_ONLY'], 'false')) +# dependsOn: +# - Windows +# - Windows32 +# - Linux +# - LinuxSnap +# - LinuxArmhf +# - LinuxArm64 +# - LinuxAlpine +# - LinuxWeb +# - macOS +# steps: +# - template: sync-mooncake.yml - job: macOS - condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), eq(variables['VSCODE_BUILD_MACOS'], 'true')) + condition: and(succeeded()) timeoutInMinutes: 180 pool: vmImage: macOS-latest dependsOn: - Compile steps: - - template: darwin/product-build-darwin.yml - -- job: Release - condition: and(succeeded(), eq(variables['VSCODE_COMPILE_ONLY'], 'false'), or(eq(variables['VSCODE_RELEASE'], 'true'), and(or(eq(variables['VSCODE_QUALITY'], 'insider'), eq(variables['VSCODE_QUALITY'], 'exploration')), eq(variables['Build.Reason'], 'Schedule')))) - pool: - vmImage: 'Ubuntu-16.04' - dependsOn: - - Windows - - Windows32 - - Linux - - LinuxSnap - - LinuxArmhf - - LinuxArm64 - - LinuxAlpine - - macOS - steps: - - template: release.yml - -- job: Mooncake - pool: - vmImage: 'Ubuntu-16.04' - condition: and(succeededOrFailed(), eq(variables['VSCODE_COMPILE_ONLY'], 'false')) - dependsOn: - - Windows - - Windows32 - - Linux - - LinuxSnap - - LinuxArmhf - - LinuxArm64 - - LinuxAlpine - - LinuxWeb - - macOS - steps: - - template: sync-mooncake.yml + - template: darwin/codesign-darwin.yml trigger: none pr: none diff --git a/build/gulpfile.hygiene.js b/build/gulpfile.hygiene.js index 9af81603c8ab7b83a3269a42139b2ca2349d3b2e..0aac6f08dcdc2305ce3bbea24c349586ba451989 100644 --- a/build/gulpfile.hygiene.js +++ b/build/gulpfile.hygiene.js @@ -82,7 +82,7 @@ const indentationFilter = [ '!src/vs/*/**/*.d.ts', '!src/typings/**/*.d.ts', '!extensions/**/*.d.ts', - '!**/*.{svg,exe,png,bmp,scpt,bat,cmd,cur,ttf,woff,eot,md,ps1,template,yaml,yml,d.ts.recipe,ico,icns}', + '!**/*.{svg,exe,png,bmp,scpt,bat,cmd,cur,ttf,woff,eot,md,ps1,template,yaml,yml,d.ts.recipe,ico,icns,plist}', '!build/{lib,download}/**/*.js', '!build/**/*.sh', '!build/azure-pipelines/**/*.js',