From 28e4917e056c89f11c75c71290bad3e633b95646 Mon Sep 17 00:00:00 2001 From: Hassan Sufi Date: Tue, 17 Feb 2026 23:33:14 +0000 Subject: [PATCH 1/9] ESRP signing for non-windows requires dotnet 8 installed --- .azure/steps/sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure/steps/sign.yml b/.azure/steps/sign.yml index 1225c0f..dc876d9 100644 --- a/.azure/steps/sign.yml +++ b/.azure/steps/sign.yml @@ -7,7 +7,7 @@ steps: displayName: "Install dotnet SDK" inputs: packageType: "sdk" - version: "6.0.x" + version: "8.0.x" # Need this to run signing plugins - task: UseDotNet@2 From 1ed662205e2028e11b3e098e581fe77d3efdb8d8 Mon Sep 17 00:00:00 2001 From: Hassan Sufi Date: Wed, 18 Feb 2026 00:03:56 +0000 Subject: [PATCH 2/9] Set signWithProd depending on sign type --- .azure/steps/sign.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.azure/steps/sign.yml b/.azure/steps/sign.yml index dc876d9..cecbc9b 100644 --- a/.azure/steps/sign.yml +++ b/.azure/steps/sign.yml @@ -20,6 +20,11 @@ steps: - task: MicroBuildSigningPlugin@4 displayName: "Install Signing Plugin" inputs: + ${{ if eq(parameters.signType, 'real') }}: + signType: real + signWithProd: true + ${{ else }}: + signType: test signType: ${{ parameters.signType }} azureSubscription: "MicroBuild Signing Task (DevDiv)" feedSource: "https://devdiv.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json" From 88625ce34f6caec0829d9b966bcf2112b3b3b662 Mon Sep 17 00:00:00 2001 From: Hassan Sufi Date: Wed, 18 Feb 2026 00:04:29 +0000 Subject: [PATCH 3/9] Change azureSubscription to ConnectedServiceName --- .azure/steps/sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure/steps/sign.yml b/.azure/steps/sign.yml index cecbc9b..c09b8bb 100644 --- a/.azure/steps/sign.yml +++ b/.azure/steps/sign.yml @@ -26,7 +26,7 @@ steps: ${{ else }}: signType: test signType: ${{ parameters.signType }} - azureSubscription: "MicroBuild Signing Task (DevDiv)" + ConnectedServiceName: "MicroBuild Signing Task (DevDiv)" feedSource: "https://devdiv.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json" env: TeamName: "$(TeamName)" From d902b9fcdf5da7cc4e1a14967675bda152eecffe Mon Sep 17 00:00:00 2001 From: Hassan Sufi Date: Wed, 18 Feb 2026 00:05:40 +0000 Subject: [PATCH 4/9] Set ConnectedPMEServiceName depending on sign type --- .azure/steps/sign.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.azure/steps/sign.yml b/.azure/steps/sign.yml index c09b8bb..4ad1a0a 100644 --- a/.azure/steps/sign.yml +++ b/.azure/steps/sign.yml @@ -23,8 +23,10 @@ steps: ${{ if eq(parameters.signType, 'real') }}: signType: real signWithProd: true + ConnectedPMEServiceName: beb8cb23-b303-4c95-ab26-9e44bc958d39 ${{ else }}: signType: test + ConnectedPMEServiceName: '' signType: ${{ parameters.signType }} ConnectedServiceName: "MicroBuild Signing Task (DevDiv)" feedSource: "https://devdiv.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json" From b9332d61b1f21de2ebc80daa23e414a3de74c015 Mon Sep 17 00:00:00 2001 From: Hassan Sufi Date: Wed, 18 Feb 2026 00:06:51 +0000 Subject: [PATCH 5/9] Only set ConnectedPMEServiceName on real sign builds --- .azure/steps/sign.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.azure/steps/sign.yml b/.azure/steps/sign.yml index 4ad1a0a..7fbed56 100644 --- a/.azure/steps/sign.yml +++ b/.azure/steps/sign.yml @@ -26,7 +26,6 @@ steps: ConnectedPMEServiceName: beb8cb23-b303-4c95-ab26-9e44bc958d39 ${{ else }}: signType: test - ConnectedPMEServiceName: '' signType: ${{ parameters.signType }} ConnectedServiceName: "MicroBuild Signing Task (DevDiv)" feedSource: "https://devdiv.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json" From db9fef6adca68b7b72c8f359ff52300cccf0376e Mon Sep 17 00:00:00 2001 From: Hassan Sufi Date: Wed, 18 Feb 2026 00:08:13 +0000 Subject: [PATCH 6/9] Pass system access token to able to download signing tool --- .azure/steps/sign.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.azure/steps/sign.yml b/.azure/steps/sign.yml index 7fbed56..729a0e7 100644 --- a/.azure/steps/sign.yml +++ b/.azure/steps/sign.yml @@ -31,6 +31,7 @@ steps: feedSource: "https://devdiv.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json" env: TeamName: "$(TeamName)" + SYSTEM_ACCESSTOKEN: $(System.AccessToken) - script: npx @vscode/vsce@latest generate-manifest -i $(SetExtensionName.VSIX) -o $(SetExtensionName.VSIX).manifest displayName: 'Generate extension manifest' From fea6416450319138c3e77aa48bc78ad8a7abe4eb Mon Sep 17 00:00:00 2001 From: Hassan Sufi Date: Wed, 18 Feb 2026 00:24:46 +0000 Subject: [PATCH 7/9] Create pre-release template for new pipeline --- .azure/azure-pipelines-prelease.yml | 47 +++++++++++++++++++++++++++++ .azure/azure-pipelines-release.yml | 4 +-- 2 files changed, 49 insertions(+), 2 deletions(-) create mode 100644 .azure/azure-pipelines-prelease.yml diff --git a/.azure/azure-pipelines-prelease.yml b/.azure/azure-pipelines-prelease.yml new file mode 100644 index 0000000..1100ffb --- /dev/null +++ b/.azure/azure-pipelines-prelease.yml @@ -0,0 +1,47 @@ +name: vscode-makecode Release + +# Currently only run this pipeline on request +trigger: none +pr: none + +parameters: +- name: nodeVersion + type: string + default: '20.x' + +resources: + repositories: + - repository: CustomPipelineTemplates + type: git + name: 1ESPipelineTemplates/MicroBuildTemplate + +variables: +- group: 'makecode-marketplace-pat' + +extends: + template: azure-pipelines/MicroBuild.1ES.Official.yml@CustomPipelineTemplates + parameters: + pool: + name: AzurePipelines-EO + image: 1ESPT-Ubuntu22.04 + os: linux + sdl: + sourceAnalysisPool: + name: AzurePipelines-EO + image: 1ESPT-Windows2022 + stages: + # Stage to build the VSIX and publish it + - template: stages/build.yml + parameters: + isPreRelease: true + nodeVersion: ${{ parameters.nodeVersion }} + signType: 'test' + + # Stage provides a manual approval step before the publish stage is run + - template: stages/approval.yml + + # Publish the VSIX to the extension marketplace + - template: stages/publish.yml + parameters: + isPreRelease: true + nodeVersion: ${{ parameters.nodeVersion }} diff --git a/.azure/azure-pipelines-release.yml b/.azure/azure-pipelines-release.yml index b0ef74a..ee4452d 100644 --- a/.azure/azure-pipelines-release.yml +++ b/.azure/azure-pipelines-release.yml @@ -36,7 +36,7 @@ extends: # Stage to build the VSIX and publish it - template: stages/build.yml parameters: - isPreRelease: ${{ parameters.isPreRelease }} + isPreRelease: false nodeVersion: ${{ parameters.nodeVersion }} signType: 'real' @@ -46,5 +46,5 @@ extends: # Publish the VSIX to the extension marketplace - template: stages/publish.yml parameters: - isPreRelease: ${{ parameters.isPreRelease }} + isPreRelease: false nodeVersion: ${{ parameters.nodeVersion }} From aa005e9ee5467010ce7ae52057d49837bf6acf96 Mon Sep 17 00:00:00 2001 From: Hassan Sufi Date: Wed, 18 Feb 2026 00:25:08 +0000 Subject: [PATCH 8/9] Extend common template for release/pre-release --- .azure/azure-pipelines-prelease.yml | 40 ++++--------------------- .azure/azure-pipelines-release.yml | 41 +++---------------------- .azure/pipeline-template.yml | 46 +++++++++++++++++++++++++++++ 3 files changed, 55 insertions(+), 72 deletions(-) create mode 100644 .azure/pipeline-template.yml diff --git a/.azure/azure-pipelines-prelease.yml b/.azure/azure-pipelines-prelease.yml index 1100ffb..cec72d7 100644 --- a/.azure/azure-pipelines-prelease.yml +++ b/.azure/azure-pipelines-prelease.yml @@ -1,4 +1,4 @@ -name: vscode-makecode Release +name: vscode-makecode Pre-Release # Currently only run this pipeline on request trigger: none @@ -9,39 +9,9 @@ parameters: type: string default: '20.x' -resources: - repositories: - - repository: CustomPipelineTemplates - type: git - name: 1ESPipelineTemplates/MicroBuildTemplate - -variables: -- group: 'makecode-marketplace-pat' - extends: - template: azure-pipelines/MicroBuild.1ES.Official.yml@CustomPipelineTemplates + template: pipeline-template.yml parameters: - pool: - name: AzurePipelines-EO - image: 1ESPT-Ubuntu22.04 - os: linux - sdl: - sourceAnalysisPool: - name: AzurePipelines-EO - image: 1ESPT-Windows2022 - stages: - # Stage to build the VSIX and publish it - - template: stages/build.yml - parameters: - isPreRelease: true - nodeVersion: ${{ parameters.nodeVersion }} - signType: 'test' - - # Stage provides a manual approval step before the publish stage is run - - template: stages/approval.yml - - # Publish the VSIX to the extension marketplace - - template: stages/publish.yml - parameters: - isPreRelease: true - nodeVersion: ${{ parameters.nodeVersion }} + nodeVersion: ${{ parameters.nodeVersion }} + isPreRelease: true + signType: 'test' diff --git a/.azure/azure-pipelines-release.yml b/.azure/azure-pipelines-release.yml index ee4452d..362f31f 100644 --- a/.azure/azure-pipelines-release.yml +++ b/.azure/azure-pipelines-release.yml @@ -8,43 +8,10 @@ parameters: - name: nodeVersion type: string default: '20.x' -- name: isPreRelease - type: boolean - default: false - -resources: - repositories: - - repository: CustomPipelineTemplates - type: git - name: 1ESPipelineTemplates/MicroBuildTemplate - -variables: -- group: 'makecode-marketplace-pat' extends: - template: azure-pipelines/MicroBuild.1ES.Official.yml@CustomPipelineTemplates + template: pipeline-template.yml parameters: - pool: - name: AzurePipelines-EO - image: 1ESPT-Ubuntu22.04 - os: linux - sdl: - sourceAnalysisPool: - name: AzurePipelines-EO - image: 1ESPT-Windows2022 - stages: - # Stage to build the VSIX and publish it - - template: stages/build.yml - parameters: - isPreRelease: false - nodeVersion: ${{ parameters.nodeVersion }} - signType: 'real' - - # Stage provides a manual approval step before the publish stage is run - - template: stages/approval.yml - - # Publish the VSIX to the extension marketplace - - template: stages/publish.yml - parameters: - isPreRelease: false - nodeVersion: ${{ parameters.nodeVersion }} + nodeVersion: ${{ parameters.nodeVersion }} + isPreRelease: false + signType: 'real' diff --git a/.azure/pipeline-template.yml b/.azure/pipeline-template.yml new file mode 100644 index 0000000..fcc332a --- /dev/null +++ b/.azure/pipeline-template.yml @@ -0,0 +1,46 @@ +# Shared template for release and pre-release pipelines +parameters: +- name: nodeVersion + type: string + default: '20.x' +- name: isPreRelease + type: boolean +- name: signType + type: string + +resources: + repositories: + - repository: CustomPipelineTemplates + type: git + name: 1ESPipelineTemplates/MicroBuildTemplate + +variables: +- group: 'makecode-marketplace-pat' + +extends: + template: azure-pipelines/MicroBuild.1ES.Official.yml@CustomPipelineTemplates + parameters: + pool: + name: AzurePipelines-EO + image: 1ESPT-Ubuntu22.04 + os: linux + sdl: + sourceAnalysisPool: + name: AzurePipelines-EO + image: 1ESPT-Windows2022 + stages: + # Stage to build the VSIX and publish it + - template: stages/build.yml + parameters: + isPreRelease: ${{ parameters.isPreRelease }} + nodeVersion: ${{ parameters.nodeVersion }} + signType: ${{ parameters.signType }} + + # Stage provides a manual approval step before the publish stage is run + - template: stages/approval.yml + + # Publish the VSIX to the extension marketplace + - template: stages/publish.yml + parameters: + isPreRelease: ${{ parameters.isPreRelease }} + nodeVersion: ${{ parameters.nodeVersion }} From a29c0125c5f5378ef299e55832006d2be54ed096 Mon Sep 17 00:00:00 2001 From: Hassan Sufi Date: Wed, 18 Feb 2026 00:48:38 +0000 Subject: [PATCH 9/9] Update upload artifact to v4 --- .github/workflows/build-main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-main.yml b/.github/workflows/build-main.yml index 4bc468b..239b4db 100644 --- a/.github/workflows/build-main.yml +++ b/.github/workflows/build-main.yml @@ -33,7 +33,7 @@ jobs: - name: Build vsix run: npx -p=vsce vsce package --yarn --out vscode-makecode-arcade.vsix - name: Upload artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: extension path: vscode-makecode-arcade.vsix