# IMPORTANT: # Do not run BinSkim because we do not control producing the binaries. That process is owned by # Epic. We just provide source code. Since we do not control the build, BinSkim is not needed. # Manual trigger for now trigger: none pr: none parameters: - name: SignTypeOverride displayName: Signing Type (default is real for the main branch and test otherwise) type: string default: default values: - default - test - real variables: # MicroBuild requires TeamName to be set. - name: TeamName value: C++ Unreal Engine - name: TagName value: $[replace(variables['Build.SourceBranch'], 'refs/tags/', '')] # If the user didn't override the signing type, then only real-sign on main. - ${{ if ne(parameters.SignTypeOverride, 'default') }}: - name: SignType value: ${{ parameters.SignTypeOverride }} - ${{ if and(eq(parameters.SignTypeOverride, 'default'), or(eq(variables['Build.SourceBranchName'], 'main'), startsWith(variables['Build.SourceBranch'], 'refs/tags'))) }}: - name: SignType value: real - ${{ if and(eq(parameters.SignTypeOverride, 'default'), not(or(eq(variables['Build.SourceBranchName'], 'main'), startsWith(variables['Build.SourceBranch'], 'refs/tags')))) }}: - name: SignType value: test resources: repositories: - repository: 1ESPipelineTemplates type: git name: 1ESPipelineTemplates/1ESPipelineTemplates ref: refs/tags/release extends: template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates parameters: pool: name: VSEngSS-MicroBuild2022-1ES os: windows customBuildTags: - ES365AIMigrationTooling stages: - stage: stage jobs: - job: 'UnrealEngine_VisualStudioTools_Release' timeoutInMinutes: 1440 templateContext: outputParentDirectory: $(Agent.BuildDirectory)/out/ outputs: - output: pipelineArtifact displayName: 'Publish signed plugin files' targetPath: $(Agent.BuildDirectory)/out artifactName: SignedPlugin artifactType: container sbomEnabled: false steps: - powershell: | Write-Host "##vso[task.setVariable variable=SHA1]$(git rev-parse HEAD)" displayName: Save tag commit hash workingDirectory: '$(Build.SourcesDirectory)' - task: MicroBuildSigningPlugin@4 displayName: Install MicroBuild Signing inputs: signType: $(SignType) zipSources: true - task: PowerShell@2 displayName: "Create zip excluding .git folder" inputs: targetType: 'inline' script: | $destinationDirectory = "$(Agent.BuildDirectory)/out" New-Item -Path $destinationDirectory -ItemType Directory git archive -o "$destinationDirectory/VisualStudioTools.zip" $(SHA1) - powershell: New-FileCatalog -Path .\VisualStudioTools.zip -CatalogFilePath .\VisualStudioTools.zip.cat -CatalogVersion 2.0 displayName: Create standalone catalog workingDirectory: '$(Agent.BuildDirectory)\out' - task: NuGetToolInstaller@1 inputs: versionSpec: 5.7 - task: NuGetCommand@2 displayName: 'NuGet Restore MicroBuild Signing Extension' inputs: command: 'restore' restoreSolution: 'Scripts/SignDetached.proj' feedsToUse: 'config' restoreDirectory: '$(Build.SourcesDirectory)\Scripts\packages' - task: MSBuild@1 displayName: Sign catalogs inputs: solution: Scripts/SignDetached.proj msbuildArguments: /p:SignType=$(SignType) /p:BaseOutputDirectory=$(Agent.BuildDirectory)\out # === Disabled for now in favor of uploading the artifacts to the pipeline === # - task: GitHubRelease@1 # displayName: Pre-release to public repo # condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags')) # inputs: # gitHubConnection: GitHub-VSCodeExtensions # repositoryName: microsoft/vc-ue-extensions # action: create # target: $(SHA1) # tagSource: gitTag # tag: $(TagName) # title: $(TagName) # isDraft: true # isPreRelease: true # assets: | # $(Agent.BuildDirectory)\out\VisualStudioTools.zip # $(Agent.BuildDirectory)\out\VisualStudioTools.zip.cat