Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
microsoft
GitHub Repository: microsoft/vscode
Path: blob/main/build/azure-pipelines/darwin/product-build-darwin-universal.yml
5413 views
1
jobs:
2
- job: macOSUniversal
3
displayName: macOS (UNIVERSAL)
4
timeoutInMinutes: 90
5
variables:
6
VSCODE_ARCH: universal
7
BUILDS_API_URL: $(System.CollectionUri)$(System.TeamProject)/_apis/build/builds/$(Build.BuildId)/
8
templateContext:
9
outputs:
10
- output: pipelineArtifact
11
targetPath: $(Build.ArtifactStagingDirectory)/out/vscode_client_darwin_$(VSCODE_ARCH)_archive/VSCode-darwin-universal.zip
12
artifactName: vscode_client_darwin_$(VSCODE_ARCH)_archive
13
displayName: Publish client archive
14
sbomBuildDropPath: $(Build.ArtifactStagingDirectory)/VSCode-darwin-$(VSCODE_ARCH)
15
sbomPackageName: "VS Code macOS $(VSCODE_ARCH)"
16
sbomPackageVersion: $(Build.SourceVersion)
17
- output: pipelineArtifact
18
targetPath: $(Build.ArtifactStagingDirectory)/out/vscode_client_darwin_$(VSCODE_ARCH)_dmg/VSCode-darwin-$(VSCODE_ARCH).dmg
19
artifactName: vscode_client_darwin_$(VSCODE_ARCH)_dmg
20
displayName: Publish client DMG
21
sbomBuildDropPath: $(Build.ArtifactStagingDirectory)/VSCode-darwin-$(VSCODE_ARCH)
22
sbomPackageName: "VS Code macOS $(VSCODE_ARCH)"
23
sbomPackageVersion: $(Build.SourceVersion)
24
steps:
25
- template: ../common/checkout.yml@self
26
27
- task: NodeTool@0
28
inputs:
29
versionSource: fromFile
30
versionFilePath: .nvmrc
31
32
- template: ../distro/download-distro.yml@self
33
34
- task: AzureKeyVault@2
35
displayName: "Azure Key Vault: Get Secrets"
36
inputs:
37
azureSubscription: vscode
38
KeyVaultName: vscode-build-secrets
39
SecretsFilter: "github-distro-mixin-password,macos-developer-certificate,macos-developer-certificate-key"
40
41
- script: node build/setup-npm-registry.ts $NPM_REGISTRY build
42
condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'))
43
displayName: Setup NPM Registry
44
45
- script: |
46
set -e
47
# Set the private NPM registry to the global npmrc file
48
# so that authentication works for subfolders like build/, remote/, extensions/ etc
49
# which does not have their own .npmrc file
50
npm config set registry "$NPM_REGISTRY"
51
echo "##vso[task.setvariable variable=NPMRC_PATH]$(npm config get userconfig)"
52
condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'))
53
displayName: Setup NPM
54
55
- task: npmAuthenticate@0
56
inputs:
57
workingFile: $(NPMRC_PATH)
58
condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'))
59
displayName: Setup NPM Authentication
60
61
- script: |
62
set -e
63
64
for i in {1..5}; do # try 5 times
65
npm ci && break
66
if [ $i -eq 5 ]; then
67
echo "Npm install failed too many times" >&2
68
exit 1
69
fi
70
echo "Npm install failed $i, trying again..."
71
done
72
workingDirectory: build
73
env:
74
GITHUB_TOKEN: "$(github-distro-mixin-password)"
75
displayName: Install build dependencies
76
77
- pwsh: node -- build/azure-pipelines/common/waitForArtifacts.ts unsigned_vscode_client_darwin_x64_archive unsigned_vscode_client_darwin_arm64_archive
78
env:
79
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
80
displayName: Wait for x64 and arm64 artifacts
81
82
- download: current
83
artifact: unsigned_vscode_client_darwin_x64_archive
84
displayName: Download x64 artifact
85
86
- download: current
87
artifact: unsigned_vscode_client_darwin_arm64_archive
88
displayName: Download arm64 artifact
89
90
- script: node build/azure-pipelines/distro/mixin-quality.ts
91
displayName: Mixin distro quality
92
93
- script: |
94
set -e
95
unzip $(Pipeline.Workspace)/unsigned_vscode_client_darwin_x64_archive/VSCode-darwin-x64.zip -d $(agent.builddirectory)/VSCode-darwin-x64 &
96
unzip $(Pipeline.Workspace)/unsigned_vscode_client_darwin_arm64_archive/VSCode-darwin-arm64.zip -d $(agent.builddirectory)/VSCode-darwin-arm64 &
97
wait
98
DEBUG=* node build/darwin/create-universal-app.ts $(agent.builddirectory)
99
displayName: Create Universal App
100
101
- script: |
102
set -e
103
APP_ROOT="$(Agent.BuildDirectory)/VSCode-darwin-$(VSCODE_ARCH)"
104
APP_NAME="`ls $APP_ROOT | head -n 1`"
105
APP_PATH="$APP_ROOT/$APP_NAME"
106
EXEC_NAME=$(node -p "require(\"$APP_PATH/Contents/Resources/app/product.json\").nameShort")
107
# Create a symlink from 'Electron' to the actual executable for backward compatibility
108
# This ensures apps that relied on the hardcoded path 'Contents/MacOS/Electron' continue to work
109
# Remove this step once main branch is on 1.112 release.
110
if [ "$EXEC_NAME" != "Electron" ] && [ ! -L "$APP_PATH/Contents/MacOS/Electron" ]; then
111
ln -s "$EXEC_NAME" "$APP_PATH/Contents/MacOS/Electron"
112
fi
113
displayName: Create Electron symlink for backward compatibility
114
115
- script: |
116
set -e
117
APP_ROOT="$(Agent.BuildDirectory)/VSCode-darwin-$(VSCODE_ARCH)"
118
APP_NAME="`ls $APP_ROOT | head -n 1`"
119
APP_PATH="$APP_ROOT/$APP_NAME" node build/darwin/verify-macho.ts universal
120
displayName: Verify arch of Mach-O objects
121
122
- script: |
123
set -e
124
security create-keychain -p pwd $(agent.tempdirectory)/buildagent.keychain
125
security default-keychain -s $(agent.tempdirectory)/buildagent.keychain
126
security unlock-keychain -p pwd $(agent.tempdirectory)/buildagent.keychain
127
echo "$(macos-developer-certificate)" | base64 -D > $(agent.tempdirectory)/cert.p12
128
security import $(agent.tempdirectory)/cert.p12 -k $(agent.tempdirectory)/buildagent.keychain -P "$(macos-developer-certificate-key)" -T /usr/bin/codesign
129
export CODESIGN_IDENTITY=$(security find-identity -v -p codesigning $(agent.tempdirectory)/buildagent.keychain | grep -oEi "([0-9A-F]{40})" | head -n 1)
130
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k pwd $(agent.tempdirectory)/buildagent.keychain
131
DEBUG=electron-osx-sign* node build/darwin/sign.ts $(agent.builddirectory)
132
displayName: Set Hardened Entitlements
133
134
- script: |
135
set -e
136
DMG_OUT="$(Pipeline.Workspace)/vscode_client_darwin_$(VSCODE_ARCH)_dmg"
137
mkdir -p $DMG_OUT
138
node build/darwin/create-dmg.ts $(agent.builddirectory) $DMG_OUT
139
python3 build/darwin/patch-dmg.py $DMG_OUT/VSCode-darwin-$(VSCODE_ARCH).dmg resources/darwin/disk.icns
140
echo "##vso[task.setvariable variable=DMG_PATH]$DMG_OUT/VSCode-darwin-$(VSCODE_ARCH).dmg"
141
displayName: Create DMG installer
142
143
- script: |
144
set -e
145
mkdir -p $(Pipeline.Workspace)/vscode_client_darwin_$(VSCODE_ARCH)_archive
146
pushd $(agent.builddirectory)/VSCode-darwin-$(VSCODE_ARCH) && zip -r -X -y $(Pipeline.Workspace)/vscode_client_darwin_$(VSCODE_ARCH)_archive/VSCode-darwin-$(VSCODE_ARCH).zip * && popd
147
displayName: Archive build
148
149
- task: UseDotNet@2
150
inputs:
151
version: 6.x
152
153
- task: EsrpCodeSigning@5
154
inputs:
155
UseMSIAuthentication: true
156
ConnectedServiceName: vscode-esrp
157
AppRegistrationClientId: $(ESRP_CLIENT_ID)
158
AppRegistrationTenantId: $(ESRP_TENANT_ID)
159
AuthAKVName: vscode-esrp
160
AuthSignCertName: esrp-sign
161
FolderPath: .
162
Pattern: noop
163
displayName: 'Install ESRP Tooling'
164
165
- pwsh: |
166
. build/azure-pipelines/win32/exec.ps1
167
$ErrorActionPreference = "Stop"
168
$EsrpCodeSigningTool = (gci -directory -filter EsrpCodeSigning_* $(Agent.RootDirectory)/_tasks | Select-Object -last 1).FullName
169
$Version = (gci -directory $EsrpCodeSigningTool | Select-Object -last 1).FullName
170
echo "##vso[task.setvariable variable=EsrpCliDllPath]$Version/net6.0/esrpcli.dll"
171
displayName: Find ESRP CLI
172
173
- script: node build/azure-pipelines/darwin/codesign.ts
174
env:
175
EsrpCliDllPath: $(EsrpCliDllPath)
176
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
177
displayName: Codesign & Notarize
178
179
- script: unzip $(Pipeline.Workspace)/vscode_client_darwin_$(VSCODE_ARCH)_archive/VSCode-darwin-$(VSCODE_ARCH).zip -d $(Build.ArtifactStagingDirectory)/VSCode-darwin-$(VSCODE_ARCH)
180
displayName: Extract signed app
181
182
- script: |
183
set -e
184
APP_ROOT="$(Build.ArtifactStagingDirectory)/VSCode-darwin-$(VSCODE_ARCH)"
185
APP_NAME="`ls $APP_ROOT | head -n 1`"
186
APP_PATH="$APP_ROOT/$APP_NAME"
187
codesign -dv --deep --verbose=4 "$APP_PATH"
188
"$APP_PATH/Contents/Resources/app/bin/code" --export-default-configuration=.build
189
displayName: Verify signature
190
191
- script: |
192
set -e
193
mkdir -p $(Build.ArtifactStagingDirectory)/out/vscode_client_darwin_$(VSCODE_ARCH)_archive
194
mv $(Pipeline.Workspace)/vscode_client_darwin_$(VSCODE_ARCH)_archive/VSCode-darwin-$(VSCODE_ARCH).zip $(Build.ArtifactStagingDirectory)/out/vscode_client_darwin_$(VSCODE_ARCH)_archive/VSCode-darwin-$(VSCODE_ARCH).zip
195
196
mkdir -p $(Build.ArtifactStagingDirectory)/out/vscode_client_darwin_$(VSCODE_ARCH)_dmg
197
mv $(DMG_PATH) $(Build.ArtifactStagingDirectory)/out/vscode_client_darwin_$(VSCODE_ARCH)_dmg/VSCode-darwin-$(VSCODE_ARCH).dmg
198
displayName: Move artifact to out directory
199
200