WIP

andyleejordan · andyleejordan · commit 7410837fdc4d · 2021-07-27T11:20:11.000-07:00
diff --git a/.vsts-ci/azure-pipelines-ci.yml b/.vsts-ci/azure-pipelines-ci.yml
@@ -13,6 +13,14 @@ trigger:
     include:
       - master
 
+resources:
+  repositories:
+  - repository: PowerShellEditorServices
+    type: github
+    endpoint: GitHub
+    name: PowerShell/PowerShellEditorServices
+    ref: master
+
 jobs:
 - job: Win2019
   displayName: Windows Server 2019
diff --git a/.vsts-ci/azure-pipelines-release.yml b/.vsts-ci/azure-pipelines-release.yml
@@ -14,21 +14,72 @@ resources:
   repositories:
   - repository: ComplianceRepo
     type: github
-    endpoint: ComplianceGHRepo
+    endpoint: GitHub
     name: PowerShell/Compliance
+
+  - repository: PowerShellEditorServices
+    type: git
+    name: PowerShellEditorServices
+    ref: release
+
   pipelines:
   - pipeline: PowerShellEditorServices
     source: PowerShellEditorServices
-    trigger: true
-
-
-jobs:
-- job: 'ReleaseBuild'
-  displayName: 'Build release'
-  pool:
-    name: '1ES'
-    demands: ImageOverride -equals MMS2019
-  variables:
-  - group: ESRP
-  steps:
-  - template: templates/release-general.yml
+    trigger:
+      stages:
+      - Build
+      - Sign
+
+stages:
+- stage: Build
+  displayName: Build the release
+  jobs:
+  - job: Build
+    pool:
+      vmImage: windows-2019
+    steps:
+    - template: templates/ci-general.yml
+      parameters:
+        usePipelineArtifact: true
+
+- stage: Sign
+  displayName: Sign the release
+  jobs:
+  - job: Sign
+    pool:
+      name: 1ES
+      demands: ImageOverride -equals MMS2019
+    variables:
+    - group: ESRP
+    steps:
+    - template: templates/release-general.yml
+
+- stage: PublishGitHub
+  displayName: Publish the draft release
+  jobs:
+  - deployment: Publish
+    environment: vscode-powershell-github
+    pool:
+      vmImage: ubuntu-latest
+    variables:
+    - group: Publish
+    strategy:
+      runOnce:
+        deploy:
+          steps:
+          - template: templates/publish-github.yml
+
+- stage: PublishMarkets
+  displayName: Publish to marketplace and gallery
+  jobs:
+  - deployment: Publish
+    environment: vscode-powershell-markets
+    pool:
+      vmImage: ubuntu-latest
+    variables:
+    - group: Publish
+    strategy:
+      runOnce:
+        deploy:
+          steps:
+          - template: templates/publish-markets.yml
diff --git a/.vsts-ci/templates/ci-general.yml b/.vsts-ci/templates/ci-general.yml
@@ -1,41 +1,57 @@
+parameters:
+  - name: usePipelineArtifact
+    type: boolean
+    default: false
+
 steps:
-  - pwsh: '$PSVersionTable'
+- pwsh: '$PSVersionTable'
   displayName: PowerShell version
 
-  - pwsh: Write-Host "##vso[build.updatebuildnumber]$env:BUILD_SOURCEBRANCHNAME-$env:BUILD_SOURCEVERSION-$((get-date).ToString("yyyyMMddhhmmss"))"
-    displayName: Set Build Name for Non-PR
-    condition: ne(variables['Build.Reason'], 'PullRequest')
+- checkout: self
+
+# NOTE: We either checkout the Git repo for PowerShellEditorServices, or we
+# download a pre-built artifact from the triggering pipeline and extract it to
+# the modules folder. In this way we do not accidentally build a release of the
+# server from this pipeline.
+- checkout: PowerShellEditorServices
+  condition: not(${{ parameters.usePipelineArtifact }})
+
+- task: DownloadPipelineArtifact@2
+  condition: ${{ parameters.usePipelineArtifact }}
+  displayName: Download PowerShellEditorServices
+  inputs:
+    source: specific
+    project: PowerShellEditorServices
+    pipeline: 36
+    preferTriggeringPipeline: true
+    allowPartiallySucceededBuilds: true
+    artifact: PowerShellEditorServices
+
+- task: ExtractFiles@1
+  condition: ${{ parameters.usePipelineArtifact }}
+  displayName: Extract PowerShellEditorServices module
+  inputs:
+    archiveFilePatterns: $(Pipeline.Workspace)/PowerShellEditorServices.zip
+    destinationFolder: $(Build.SourcesDirectory)/vscode-powershell/modules
+
+- pwsh: |
+    Install-Module InvokeBuild -Scope CurrentUser -Force
+    Invoke-Build
+    Write-Host "##vso[task.setvariable variable=vsixPath]$(Resolve-Path powershell-*.vsix)"
+  displayName: Build and test
+  workingDirectory: $(Build.SourcesDirectory)/vscode-powershell
 
-    # TODO: Use a submodule or some such so we can actually track a version here.
-  - pwsh: |
-      git clone https://github.com/PowerShell/PowerShellEditorServices.git ../PowerShellEditorServices
-      Install-Module InvokeBuild -Scope CurrentUser -Force
-      Install-Module PlatyPS -Scope CurrentUser -Force
-      New-Item -ItemType Directory $(Build.ArtifactStagingDirectory)/vscode-powershell
+- publish: $(vsixPath)
+  artifact: vscode-powershell-vsix
+  displayName: Publish extension artifact
 
-  # Build
-  - pwsh: Invoke-Build
+- publish: $(Build.SourcesDirectory)/vscode-powershell/scripts/Install-VSCode.ps1
+  artifact: vscode-powershell-unsigned-script
+  displayName: Publish unsigned script artifact
 
-  - task: PublishTestResults@2
+- task: PublishTestResults@2
   displayName: Publish test results
-    inputs:
-      testRunner: JUnit
-      testResultsFiles: '**/test-results.xml'
-    condition: succeededOrFailed()
-
-  - task: PublishBuildArtifacts@1
-    inputs:
-      ArtifactName: vscode-powershell
-      PathtoPublish: '$(Build.ArtifactStagingDirectory)/vscode-powershell'
-
-  # Rich Navigation
-  - task: RichCodeNavIndexer@0
-    # Note, for now, this is Windows only.
-    condition: and(succeededOrFailed(), eq(variables['Agent.OS'], 'Windows_NT'))
-    continueOnError: true
-    inputs:
-      serviceConnection: 'rich-nav'
-      nugetServiceConnection: 'rich-nav-nuget'
-      githubServiceConnection: 'PowerShell'
-      languages: 'typescript,csharp'
-      serviceEndpoint: 'https://prod.richnav.vsengsaas.visualstudio.com'
+  inputs:
+    testRunner: JUnit
+    testResultsFiles: '**/test-results.xml'
+  condition: succeededOrFailed()
diff --git a/.vsts-ci/templates/publish-github.yml b/.vsts-ci/templates/publish-github.yml
@@ -0,0 +1,11 @@
+steps:
+- checkout: self
+
+- download: current
+  artifact: vscode-powershell
+  displayName: Download signed artifacts
+
+- pwsh: |
+    $(Build.SourcesDirectory)/tools/setupReleaseTools.ps1 -Token $(GitHubToken)
+    New-DraftRelease -RepositoryName vscode-powershell -Assets $(Pipeline.Workspace)/vscode-powershell/powershell-*.vsix,$(Pipeline.Workspace)/vscode-powershell/Install-VSCode.ps1
+  displayName: Drafting a GitHub Release
diff --git a/.vsts-ci/templates/publish-markets.yml b/.vsts-ci/templates/publish-markets.yml
@@ -0,0 +1,14 @@
+steps:
+- checkout: self
+
+- download: current
+  artifact: vscode-powershell
+  displayName: Download signed artifacts
+
+- pwsh: |
+    vsce publish --packagePath '$(Pipeline.Workspace)/powershell-*.vsix' --pat '$(VsceToken)'
+  displayName: Publishing VSIX to VS Code Marketplace
+
+- pwsh: |
+    Publish-Script -Path '$(Pipeline.Workspace)/Install-VSCode.ps1' -NuGetApiKey '$(GalleryToken)'
+  displayName: Publishing Install-VSCode.ps1 to PowerShell Gallery
diff --git a/.vsts-ci/templates/release-general.yml b/.vsts-ci/templates/release-general.yml
@@ -1,70 +1,51 @@
 steps:
-- checkout: self
-
-- pwsh: |
-    Get-ChildItem -Path env:
-  displayName: Capture environment
-  condition: succeededOrFailed()
-
-- task: DownloadPipelineArtifact@2
-  displayName: 'Download Artifacts from PowerShellEditorServices'
-  inputs:
-    source: specific
-    project: 'PowerShellEditorServices'
-    pipeline: 36
-    preferTriggeringPipeline: true
-    allowPartiallySucceededBuilds: true
-    artifact: 'PowerShellEditorServices'
-    path: '$(Build.SourcesDirectory)/PowerShellEditorServices/module/'
-
-- pwsh: |
-    New-Item -ItemType Directory $(Build.ArtifactStagingDirectory)/vscode-powershell
-    Install-Module InvokeBuild -Force
-    Invoke-Build Release
-  workingDirectory: '$(Build.SourcesDirectory)/vscode-powershell'
-
-- task: PublishTestResults@2
-  inputs:
-    testRunner: JUnit
-    testResultsFiles: '**/test-results.xml'
-  condition: succeededOrFailed()
+- download: current
+  displayName: Download pipeline artifacts
 
 - checkout: ComplianceRepo
 
+# NOTE: The signing templates explicitly copy everything along as they run, so
+# the last output path has every signed (and intentionally unsigned) file.
 - template: EsrpSign.yml@ComplianceRepo
   parameters:
-    buildOutputPath: '$(Build.ArtifactStagingDirectory)/vscode-powershell'
-    signOutputPath: '$(Build.ArtifactStagingDirectory)/Signed'
-    alwaysCopy: true # So publishing works
-    certificateId: 'CP-230012' # Authenticode certificate
-    useMinimatch: true # This enables the use of globbing
+    buildOutputPath: $(Pipeline.Workspace)/vscode-powershell-unsigned-script
+    signOutputPath: $(Pipeline.Workspace)/signed
+    alwaysCopy: true
+    certificateId: CP-230012 # Authenticode certificate
     shouldSign: true # We always want to sign
     # NOTE: Code AKA *.vsix files are not signed
-    pattern: |
-      Install-VSCode.ps1
+    pattern: Install-VSCode.ps1
+
+# NOTE: Because the scan template doesn't copy (unlike the sign template), we do
+# it ourselves so that we can publish one finished artifact.
+- task: CopyFiles@2
+  inputs:
+    sourceFolder: $(Pipeline.Workspace)/vscode-powershell-vsix
+    targetFolder: $(Pipeline.Workspace)/signed
 
 - template: EsrpScan.yml@ComplianceRepo
   parameters:
-      scanPath: $(Build.ArtifactStagingDirectory)/Signed
-      pattern: |
-        *.vsix
+    scanPath: $(Pipeline.Workspace)/signed
+    pattern: powershell-*.vsix
 
-- publish: $(Build.ArtifactStagingDirectory)/Signed
-  artifact: vscode-powershell
-  displayName: 'Publish signed (and unsigned) artifacts'
+- checkout: self
 
 - template: script-module-compliance.yml@ComplianceRepo
   parameters:
     # component-governance
-    sourceScanPath: '$(Build.SourcesDirectory)/vscode-powershell'
+    sourceScanPath: $(Build.SourcesDirectory)/vscode-powershell
     # credscan
-    suppressionsFile: '$(Build.SourcesDirectory)/vscode-powershell/tools/credScan/suppress.json'
+    suppressionsFile: $(Build.SourcesDirectory)/vscode-powershell/tools/credScan/suppress.json
     # TermCheck AKA PoliCheck
-    targetArgument: '$(Build.SourcesDirectory)/vscode-powershell'
-    optionsUEPATH: '$(Build.SourcesDirectory)/vscode-powershell/tools/terms/UserExclusions.xml'
+    targetArgument: $(Build.SourcesDirectory)/vscode-powershell
+    optionsUEPATH: $(Build.SourcesDirectory)/vscode-powershell/tools/terms/UserExclusions.xml
     optionsRulesDBPath: ''
-    optionsFTPath: '$(Build.SourcesDirectory)/vscode-powershell/tools/terms/FileTypeSet.xml'
+    optionsFTPath: $(Build.SourcesDirectory)/vscode-powershell/tools/terms/FileTypeSet.xml
     # tsa-upload
-    codeBaseName: 'PowerShell_PowerShellEditorServices_20210201'
+    codeBaseName: PowerShell_PowerShellEditorServices_20210201
     # We don't use any Windows APIs directly, so we don't need API scan
     APIScan: false
+
+- publish: $(Pipeline.Workspace)/signed
+  artifact: vscode-powershell
+  displayName: Publish signed artifacts
diff --git a/vscode-powershell.build.ps1 b/vscode-powershell.build.ps1
