Path: blob/main/build/azure-pipelines/product-publish.yml
3520 views
parameters:1- name: VSCODE_QUALITY2type: string3- name: VSCODE_SCHEDULEDBUILD4type: boolean56steps:7- template: ./common/checkout.yml@self89- task: NodeTool@010inputs:11versionSource: fromFile12versionFilePath: .nvmrc1314- task: AzureKeyVault@215displayName: "Azure Key Vault: Get Secrets"16inputs:17azureSubscription: vscode18KeyVaultName: vscode-build-secrets19SecretsFilter: "github-distro-mixin-password"2021- task: AzureKeyVault@222displayName: "Azure Key Vault: Get ESRP Secrets"23inputs:24azureSubscription: vscode-esrp25KeyVaultName: vscode-esrp26SecretsFilter: esrp-auth,esrp-sign2728# allow-any-unicode-next-line29- pwsh: Write-Host "##vso[build.addbuildtag]🚀"30displayName: Add build tag3132- pwsh: |33npm ci34workingDirectory: build35env:36GITHUB_TOKEN: "$(github-distro-mixin-password)"37displayName: Install build dependencies3839- download: current40patterns: "**/artifacts_processed_*.txt"41displayName: Download all artifacts_processed text files4243- task: AzureCLI@244displayName: Fetch secrets45inputs:46azureSubscription: vscode47scriptType: pscore48scriptLocation: inlineScript49addSpnToEnvironment: true50inlineScript: |51Write-Host "##vso[task.setvariable variable=AZURE_TENANT_ID]$env:tenantId"52Write-Host "##vso[task.setvariable variable=AZURE_CLIENT_ID]$env:servicePrincipalId"53Write-Host "##vso[task.setvariable variable=AZURE_ID_TOKEN;issecret=true]$env:idToken"5455- pwsh: |56. build/azure-pipelines/win32/exec.ps15758if (Test-Path "$(Pipeline.Workspace)/artifacts_processed_*/artifacts_processed_*.txt") {59Write-Host "Artifacts already processed so a build must have already been created."60return61}6263$VERSION = node -p "require('./package.json').version"64Write-Host "Creating build with version: $VERSION"65exec { node build/azure-pipelines/common/createBuild.js $VERSION }66env:67AZURE_TENANT_ID: "$(AZURE_TENANT_ID)"68AZURE_CLIENT_ID: "$(AZURE_CLIENT_ID)"69AZURE_ID_TOKEN: "$(AZURE_ID_TOKEN)"70displayName: Create build if it hasn't been created before7172- pwsh: |73$publishAuthTokens = (node build/azure-pipelines/common/getPublishAuthTokens)74Write-Host "##vso[task.setvariable variable=PUBLISH_AUTH_TOKENS;issecret=true]$publishAuthTokens"75env:76AZURE_TENANT_ID: "$(AZURE_TENANT_ID)"77AZURE_CLIENT_ID: "$(AZURE_CLIENT_ID)"78AZURE_ID_TOKEN: "$(AZURE_ID_TOKEN)"79displayName: Get publish auth tokens8081- pwsh: node build/azure-pipelines/common/publish.js82env:83GITHUB_TOKEN: "$(github-distro-mixin-password)"84AZURE_TENANT_ID: "$(AZURE_TENANT_ID)"85AZURE_CLIENT_ID: "$(AZURE_CLIENT_ID)"86AZURE_ID_TOKEN: "$(AZURE_ID_TOKEN)"87SYSTEM_ACCESSTOKEN: $(System.AccessToken)88PUBLISH_AUTH_TOKENS: "$(PUBLISH_AUTH_TOKENS)"89RELEASE_TENANT_ID: "$(ESRP_TENANT_ID)"90RELEASE_CLIENT_ID: "$(ESRP_CLIENT_ID)"91RELEASE_AUTH_CERT: "$(esrp-auth)"92RELEASE_REQUEST_SIGNING_CERT: "$(esrp-sign)"93displayName: Process artifacts94retryCountOnTaskFailure: 39596- template: common/publish-artifact.yml@self97parameters:98targetPath: $(Pipeline.Workspace)/artifacts_processed_$(System.StageAttempt)/artifacts_processed_$(System.StageAttempt).txt99artifactName: artifacts_processed_$(System.StageAttempt)100displayName: Publish the artifacts processed for this stage attempt101sbomEnabled: false102condition: always()103104- ${{ if and(in(parameters.VSCODE_QUALITY, 'insider', 'exploration'), eq(parameters.VSCODE_SCHEDULEDBUILD, true)) }}:105- script: node build/azure-pipelines/common/releaseBuild.js106env:107AZURE_TENANT_ID: "$(AZURE_TENANT_ID)"108AZURE_CLIENT_ID: "$(AZURE_CLIENT_ID)"109AZURE_ID_TOKEN: "$(AZURE_ID_TOKEN)"110displayName: Release build111112113