Path: blob/main/build/azure-pipelines/linux/steps/product-build-linux-compile.yml
4774 views
parameters:1- name: VSCODE_ARCH2type: string3- name: VSCODE_CIBUILD4type: boolean5- name: VSCODE_QUALITY6type: string7- name: VSCODE_BUILD_LINUX_SNAP8type: boolean9default: false10- name: VSCODE_RUN_ELECTRON_TESTS11type: boolean12default: false13- name: VSCODE_RUN_BROWSER_TESTS14type: boolean15default: false16- name: VSCODE_RUN_REMOTE_TESTS17type: boolean18default: false1920steps:21- template: ../../common/checkout.yml@self2223- task: NodeTool@024inputs:25versionSource: fromFile26versionFilePath: .nvmrc2728- template: ../../distro/download-distro.yml@self2930- task: AzureKeyVault@231displayName: "Azure Key Vault: Get Secrets"32inputs:33azureSubscription: vscode34KeyVaultName: vscode-build-secrets35SecretsFilter: "github-distro-mixin-password"3637- task: DownloadPipelineArtifact@238inputs:39artifact: Compilation40path: $(Build.ArtifactStagingDirectory)41displayName: Download compilation output4243- script: tar -xzf $(Build.ArtifactStagingDirectory)/compilation.tar.gz44displayName: Extract compilation output4546- script: |47set -e48# Start X server49./build/azure-pipelines/linux/apt-retry.sh sudo apt-get update50./build/azure-pipelines/linux/apt-retry.sh sudo apt-get install -y pkg-config \51xvfb \52libgtk-3-0 \53libxkbfile-dev \54libkrb5-dev \55libgbm1 \56rpm57sudo cp build/azure-pipelines/linux/xvfb.init /etc/init.d/xvfb58sudo chmod +x /etc/init.d/xvfb59sudo update-rc.d xvfb defaults60sudo service xvfb start61displayName: Setup system services6263- script: node build/setup-npm-registry.ts $NPM_REGISTRY64condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'))65displayName: Setup NPM Registry6667- script: mkdir -p .build && node build/azure-pipelines/common/computeNodeModulesCacheKey.ts linux $VSCODE_ARCH $(node -p process.arch) > .build/packagelockhash68displayName: Prepare node_modules cache key6970- task: Cache@271inputs:72key: '"node_modules" | .build/packagelockhash'73path: .build/node_modules_cache74cacheHitVar: NODE_MODULES_RESTORED75displayName: Restore node_modules cache7677- script: tar -xzf .build/node_modules_cache/cache.tgz78condition: and(succeeded(), eq(variables.NODE_MODULES_RESTORED, 'true'))79displayName: Extract node_modules cache8081- script: |82set -e83# Set the private NPM registry to the global npmrc file84# so that authentication works for subfolders like build/, remote/, extensions/ etc85# which does not have their own .npmrc file86npm config set registry "$NPM_REGISTRY"87echo "##vso[task.setvariable variable=NPMRC_PATH]$(npm config get userconfig)"88condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'), ne(variables['NPM_REGISTRY'], 'none'))89displayName: Setup NPM9091- task: npmAuthenticate@092inputs:93workingFile: $(NPMRC_PATH)94condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'), ne(variables['NPM_REGISTRY'], 'none'))95displayName: Setup NPM Authentication9697- script: |98set -e99100for i in {1..5}; do # try 5 times101npm ci && break102if [ $i -eq 5 ]; then103echo "Npm install failed too many times" >&2104exit 1105fi106echo "Npm install failed $i, trying again..."107done108workingDirectory: build109env:110GITHUB_TOKEN: "$(github-distro-mixin-password)"111displayName: Install build dependencies112condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'))113114# Step will be used by both verify glibcxx version for remote server and building rpm package,115# hence avoid adding it behind NODE_MODULES_RESTORED condition.116- script: |117set -e118SYSROOT_ARCH=$VSCODE_ARCH119if [ "$SYSROOT_ARCH" == "x64" ]; then120SYSROOT_ARCH="amd64"121fi122export VSCODE_SYSROOT_DIR=$(Build.SourcesDirectory)/.build/sysroots/glibc-2.28-gcc-8.5.0123SYSROOT_ARCH="$SYSROOT_ARCH" VSCODE_SYSROOT_PREFIX="-glibc-2.28-gcc-8.5.0" node -e 'import { getVSCodeSysroot } from "./build/linux/debian/install-sysroot.ts"; (async () => { await getVSCodeSysroot(process.env["SYSROOT_ARCH"]); })()'124env:125VSCODE_ARCH: $(VSCODE_ARCH)126GITHUB_TOKEN: "$(github-distro-mixin-password)"127displayName: Download vscode sysroots128129- script: |130set -e131132source ./build/azure-pipelines/linux/setup-env.sh133134# Run preinstall script before root dependencies are installed135# so that v8 headers are patched correctly for native modules.136node build/npm/preinstall.ts137138for i in {1..5}; do # try 5 times139npm ci && break140if [ $i -eq 5 ]; then141echo "Npm install failed too many times" >&2142exit 1143fi144echo "Npm install failed $i, trying again..."145done146env:147npm_config_arch: $(NPM_ARCH)148VSCODE_ARCH: $(VSCODE_ARCH)149ELECTRON_SKIP_BINARY_DOWNLOAD: 1150PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1151GITHUB_TOKEN: "$(github-distro-mixin-password)"152displayName: Install dependencies153condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'))154155- script: node build/azure-pipelines/distro/mixin-npm.ts156condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'))157displayName: Mixin distro node modules158159- script: |160set -e161node build/azure-pipelines/common/listNodeModules.ts .build/node_modules_list.txt162mkdir -p .build/node_modules_cache163tar -czf .build/node_modules_cache/cache.tgz --files-from .build/node_modules_list.txt164condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'))165displayName: Create node_modules archive166167- script: node build/azure-pipelines/distro/mixin-quality.ts168displayName: Mixin distro quality169170- template: ../../common/install-builtin-extensions.yml@self171172- ${{ if ne(parameters.VSCODE_CIBUILD, true) }}:173- script: npm run copy-policy-dto --prefix build && node build/lib/policies/policyGenerator.ts build/lib/policies/policyData.jsonc linux174displayName: Generate policy definitions175retryCountOnTaskFailure: 3176177- script: |178set -e179npm run gulp vscode-linux-$(VSCODE_ARCH)-min-ci180ARCHIVE_PATH=".build/linux/client/code-${{ parameters.VSCODE_QUALITY }}-$(VSCODE_ARCH)-$(date +%s).tar.gz"181mkdir -p $(dirname $ARCHIVE_PATH)182echo "##vso[task.setvariable variable=CLIENT_PATH]$ARCHIVE_PATH"183echo "##vso[task.setvariable variable=CLIENT_ARCHIVE_NAME]$(basename $ARCHIVE_PATH)"184env:185GITHUB_TOKEN: "$(github-distro-mixin-password)"186displayName: Build client187188- ${{ if ne(parameters.VSCODE_CIBUILD, true) }}:189- task: DownloadPipelineArtifact@2190inputs:191artifact: $(ARTIFACT_PREFIX)vscode_cli_linux_$(VSCODE_ARCH)_cli192patterns: "**"193path: $(Build.ArtifactStagingDirectory)/cli194displayName: Download VS Code CLI195196- script: |197set -e198tar -xzvf $(Build.ArtifactStagingDirectory)/cli/*.tar.gz -C $(Build.ArtifactStagingDirectory)/cli199CLI_APP_NAME=$(node -p "require(\"$(agent.builddirectory)/VSCode-linux-$(VSCODE_ARCH)/resources/app/product.json\").tunnelApplicationName")200APP_NAME=$(node -p "require(\"$(agent.builddirectory)/VSCode-linux-$(VSCODE_ARCH)/resources/app/product.json\").applicationName")201mv $(Build.ArtifactStagingDirectory)/cli/$APP_NAME $(agent.builddirectory)/VSCode-linux-$(VSCODE_ARCH)/bin/$CLI_APP_NAME202displayName: Mix in CLI203204- script: |205set -e206tar -czf $CLIENT_PATH -C .. VSCode-linux-$(VSCODE_ARCH)207env:208GITHUB_TOKEN: "$(github-distro-mixin-password)"209displayName: Archive client210211- script: |212set -e213npm run gulp vscode-reh-linux-$(VSCODE_ARCH)-min-ci214mv ../vscode-reh-linux-$(VSCODE_ARCH) ../vscode-server-linux-$(VSCODE_ARCH) # TODO@joaomoreno215ARCHIVE_PATH=".build/linux/server/vscode-server-linux-$(VSCODE_ARCH).tar.gz"216UNARCHIVE_PATH="`pwd`/../vscode-server-linux-$(VSCODE_ARCH)"217mkdir -p $(dirname $ARCHIVE_PATH)218tar --owner=0 --group=0 -czf $ARCHIVE_PATH -C .. vscode-server-linux-$(VSCODE_ARCH)219echo "##vso[task.setvariable variable=SERVER_PATH]$ARCHIVE_PATH"220echo "##vso[task.setvariable variable=SERVER_UNARCHIVE_PATH]$UNARCHIVE_PATH"221env:222GITHUB_TOKEN: "$(github-distro-mixin-password)"223displayName: Build server224225- script: |226set -e227npm run gulp vscode-reh-web-linux-$(VSCODE_ARCH)-min-ci228mv ../vscode-reh-web-linux-$(VSCODE_ARCH) ../vscode-server-linux-$(VSCODE_ARCH)-web # TODO@joaomoreno229ARCHIVE_PATH=".build/linux/web/vscode-server-linux-$(VSCODE_ARCH)-web.tar.gz"230mkdir -p $(dirname $ARCHIVE_PATH)231tar --owner=0 --group=0 -czf $ARCHIVE_PATH -C .. vscode-server-linux-$(VSCODE_ARCH)-web232echo "##vso[task.setvariable variable=WEB_PATH]$ARCHIVE_PATH"233env:234GITHUB_TOKEN: "$(github-distro-mixin-password)"235displayName: Build server (web)236237- ${{ if or(eq(parameters.VSCODE_ARCH, 'x64'), eq(parameters.VSCODE_ARCH, 'arm64')) }}:238- script: |239set -e240241EXPECTED_GLIBC_VERSION="2.28" \242EXPECTED_GLIBCXX_VERSION="3.4.25" \243VSCODE_SYSROOT_DIR="$(Build.SourcesDirectory)/.build/sysroots/glibc-2.28-gcc-8.5.0" \244./build/azure-pipelines/linux/verify-glibc-requirements.sh245env:246SEARCH_PATH: $(SERVER_UNARCHIVE_PATH)247npm_config_arch: $(NPM_ARCH)248VSCODE_ARCH: $(VSCODE_ARCH)249displayName: Check GLIBC and GLIBCXX dependencies in server archive250251- ${{ else }}:252- script: |253set -e254255EXPECTED_GLIBC_VERSION="2.28" \256EXPECTED_GLIBCXX_VERSION="3.4.26" \257VSCODE_SYSROOT_DIR="$(Build.SourcesDirectory)/.build/sysroots/glibc-2.28-gcc-8.5.0" \258./build/azure-pipelines/linux/verify-glibc-requirements.sh259env:260SEARCH_PATH: $(SERVER_UNARCHIVE_PATH)261npm_config_arch: $(NPM_ARCH)262VSCODE_ARCH: $(VSCODE_ARCH)263displayName: Check GLIBC and GLIBCXX dependencies in server archive264265- ${{ if ne(parameters.VSCODE_CIBUILD, true) }}:266- script: |267set -e268npm run gulp "vscode-linux-$(VSCODE_ARCH)-prepare-deb"269env:270GITHUB_TOKEN: "$(github-distro-mixin-password)"271displayName: Prepare deb package272273- script: |274set -e275npm run gulp "vscode-linux-$(VSCODE_ARCH)-build-deb"276mkdir -p .build/linux/deb277cp .build/linux/deb/*/deb/*.deb .build/linux/deb/278file_output=$(file $(ls .build/linux/deb/*.deb))279if [[ "$file_output" != *"data compression xz"* ]]; then280echo "Error: unknown compression. $file_output"281exit 1282fi283echo "##vso[task.setvariable variable=DEB_PATH]$(ls .build/linux/deb/*.deb)"284echo "##vso[task.setvariable variable=DEB_PACKAGE_NAME]$(basename $(ls .build/linux/deb/*.deb))"285displayName: Build deb package286287- script: |288set -e289TRIPLE=""290if [ "$VSCODE_ARCH" == "x64" ]; then291TRIPLE="x86_64-linux-gnu"292elif [ "$VSCODE_ARCH" == "arm64" ]; then293TRIPLE="aarch64-linux-gnu"294elif [ "$VSCODE_ARCH" == "armhf" ]; then295TRIPLE="arm-rpi-linux-gnueabihf"296fi297export VSCODE_SYSROOT_DIR=$(Build.SourcesDirectory)/.build/sysroots/glibc-2.28-gcc-10.5.0298export STRIP="$VSCODE_SYSROOT_DIR/$TRIPLE/$TRIPLE/bin/strip"299npm run gulp "vscode-linux-$(VSCODE_ARCH)-prepare-rpm"300env:301VSCODE_ARCH: $(VSCODE_ARCH)302displayName: Prepare rpm package303304- script: |305set -e306npm run gulp "vscode-linux-$(VSCODE_ARCH)-build-rpm"307mkdir -p .build/linux/rpm308cp .build/linux/rpm/*/*.rpm .build/linux/rpm/309echo "##vso[task.setvariable variable=RPM_PATH]$(ls .build/linux/rpm/*.rpm)"310echo "##vso[task.setvariable variable=RPM_PACKAGE_NAME]$(basename $(ls .build/linux/rpm/*.rpm))"311displayName: Build rpm package312313- ${{ if eq(parameters.VSCODE_ARCH, 'x64') }}:314- task: Docker@1315inputs:316azureSubscriptionEndpoint: vscode317azureContainerRegistry: vscodehub.azurecr.io318command: login319displayName: Login to Container Registry320321- ${{ if eq(parameters.VSCODE_BUILD_LINUX_SNAP, true) }}:322- script: |323set -e324npm run gulp "vscode-linux-$(VSCODE_ARCH)-prepare-snap"325sudo -E docker run -e VSCODE_ARCH -e VSCODE_QUALITY -v $(pwd):/work -w /work vscodehub.azurecr.io/vscode-linux-build-agent:snapcraft-x64 /bin/bash -c "./build/azure-pipelines/linux/build-snap.sh"326327SNAP_ROOT="$(pwd)/.build/linux/snap/$(VSCODE_ARCH)"328SNAP_EXTRACTED_PATH=$(find $SNAP_ROOT -maxdepth 1 -type d -name 'code-*')329330mkdir -p .build/linux/snap331cp $(find $SNAP_ROOT -maxdepth 1 -type f -name '*.snap') .build/linux/snap/332333# SBOM tool doesn't like recursive symlinks334sudo find $SNAP_EXTRACTED_PATH -type l -delete335336echo "##vso[task.setvariable variable=SNAP_EXTRACTED_PATH]$SNAP_EXTRACTED_PATH"337echo "##vso[task.setvariable variable=SNAP_PATH]$(ls .build/linux/snap/*.snap)"338echo "##vso[task.setvariable variable=SNAP_PACKAGE_NAME]$(basename $(ls .build/linux/snap/*.snap))"339env:340VSCODE_ARCH: $(VSCODE_ARCH)341displayName: Build snap package342343- task: UseDotNet@2344inputs:345version: 6.x346347- task: EsrpCodeSigning@5348inputs:349UseMSIAuthentication: true350ConnectedServiceName: vscode-esrp351AppRegistrationClientId: $(ESRP_CLIENT_ID)352AppRegistrationTenantId: $(ESRP_TENANT_ID)353AuthAKVName: vscode-esrp354AuthSignCertName: esrp-sign355FolderPath: .356Pattern: noop357displayName: 'Install ESRP Tooling'358359- pwsh: |360. build/azure-pipelines/win32/exec.ps1361$ErrorActionPreference = "Stop"362$EsrpCodeSigningTool = (gci -directory -filter EsrpCodeSigning_* $(Agent.RootDirectory)/_tasks | Select-Object -last 1).FullName363$Version = (gci -directory $EsrpCodeSigningTool | Select-Object -last 1).FullName364echo "##vso[task.setvariable variable=EsrpCliDllPath]$Version/net6.0/esrpcli.dll"365displayName: Find ESRP CLI366367- script: npx deemon --detach --wait node build/azure-pipelines/linux/codesign.ts368env:369EsrpCliDllPath: $(EsrpCliDllPath)370SYSTEM_ACCESSTOKEN: $(System.AccessToken)371displayName: ✍️ Codesign deb & rpm372373- ${{ if or(eq(parameters.VSCODE_RUN_ELECTRON_TESTS, true), eq(parameters.VSCODE_RUN_BROWSER_TESTS, true), eq(parameters.VSCODE_RUN_REMOTE_TESTS, true)) }}:374- template: product-build-linux-test.yml@self375parameters:376VSCODE_RUN_ELECTRON_TESTS: ${{ parameters.VSCODE_RUN_ELECTRON_TESTS }}377VSCODE_RUN_BROWSER_TESTS: ${{ parameters.VSCODE_RUN_BROWSER_TESTS }}378VSCODE_RUN_REMOTE_TESTS: ${{ parameters.VSCODE_RUN_REMOTE_TESTS }}379380- ${{ if ne(parameters.VSCODE_CIBUILD, true) }}:381- script: npx deemon --attach node build/azure-pipelines/linux/codesign.ts382condition: succeededOrFailed()383displayName: "✍️ Post-job: Codesign deb & rpm"384385- script: |386set -e387388mkdir -p $(Build.ArtifactStagingDirectory)/out/client389mv $(CLIENT_PATH) $(Build.ArtifactStagingDirectory)/out/client/$(CLIENT_ARCHIVE_NAME)390391mkdir -p $(Build.ArtifactStagingDirectory)/out/server392mv $(SERVER_PATH) $(Build.ArtifactStagingDirectory)/out/server/$(basename $(SERVER_PATH))393394mkdir -p $(Build.ArtifactStagingDirectory)/out/web395mv $(WEB_PATH) $(Build.ArtifactStagingDirectory)/out/web/$(basename $(WEB_PATH))396397mkdir -p $(Build.ArtifactStagingDirectory)/out/deb398mv $(DEB_PATH) $(Build.ArtifactStagingDirectory)/out/deb/$(DEB_PACKAGE_NAME)399400mkdir -p $(Build.ArtifactStagingDirectory)/out/rpm401mv $(RPM_PATH) $(Build.ArtifactStagingDirectory)/out/rpm/$(RPM_PACKAGE_NAME)402403if [ -n "$SNAP_PATH" ]; then404mkdir -p $(Build.ArtifactStagingDirectory)/out/snap405mv $(SNAP_PATH) $(Build.ArtifactStagingDirectory)/out/snap/$(SNAP_PACKAGE_NAME)406fi407408# SBOM generation uses hard links which are not supported by the Linux kernel409# for files that have the SUID bit set, so we need to remove the SUID bit from410# the chrome-sandbox file.411sudo ls -l $(Agent.BuildDirectory)/VSCode-linux-$(VSCODE_ARCH)/chrome-sandbox412sudo chmod u-s $(Agent.BuildDirectory)/VSCode-linux-$(VSCODE_ARCH)/chrome-sandbox413sudo ls -l $(Agent.BuildDirectory)/VSCode-linux-$(VSCODE_ARCH)/chrome-sandbox414displayName: Move artifacts to out directory415416417