diff --git a/build/.cachesalt b/build/.cachesalt index df1d8c82aab641..d382d477ac6c74 100644 --- a/build/.cachesalt +++ b/build/.cachesalt @@ -1 +1 @@ -2026-06-19T12:30:00.000Z +2026-06-22T15:10:10.546Z diff --git a/build/azure-pipelines/alpine/product-build-alpine-cli.yml b/build/azure-pipelines/alpine/product-build-alpine-cli.yml index 4a8bc36e0ecf9f..3081390b6a8c2d 100644 --- a/build/azure-pipelines/alpine/product-build-alpine-cli.yml +++ b/build/azure-pipelines/alpine/product-build-alpine-cli.yml @@ -34,6 +34,13 @@ jobs: versionSource: fromFile versionFilePath: .nvmrc + - task: AzureKeyVault@2 + displayName: "Azure Key Vault: Get GitHub token" + inputs: + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" + - template: ../cli/cli-apply-patches.yml@self - script: | @@ -41,7 +48,7 @@ jobs: npm ci workingDirectory: build env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Install build dependencies - task: Npm@1 diff --git a/build/azure-pipelines/alpine/product-build-alpine-node-modules.yml b/build/azure-pipelines/alpine/product-build-alpine-node-modules.yml index 07f1545ca24835..7b560b328677b9 100644 --- a/build/azure-pipelines/alpine/product-build-alpine-node-modules.yml +++ b/build/azure-pipelines/alpine/product-build-alpine-node-modules.yml @@ -25,9 +25,9 @@ jobs: - task: AzureKeyVault@2 displayName: "Azure Key Vault: Get Secrets" inputs: - azureSubscription: vscode - KeyVaultName: vscode-build-secrets - SecretsFilter: "github-distro-mixin-password" + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" - script: node build/setup-npm-registry.ts $NPM_REGISTRY condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none')) @@ -88,11 +88,20 @@ jobs: mkdir -p .build/nodejs-musl NODE_VERSION=$(grep '^target=' remote/.npmrc | cut -d '"' -f 2) BUILD_ID=$(grep '^ms_build_id=' remote/.npmrc | cut -d '"' -f 2) - gh release download "v${NODE_VERSION}-${BUILD_ID}" -R microsoft/vscode-node -p "node-v${NODE_VERSION}-linux-${VSCODE_ARCH}-musl.tar.gz" --dir .build/nodejs-musl --clobber + az extension add --name azure-devops --upgrade --only-show-errors + az artifacts universal download \ + --organization "https://dev.azure.com/monacotools" \ + --project "Monaco" \ + --scope project \ + --feed "vscode-node" \ + --name "node-v${NODE_VERSION}-linux-${VSCODE_ARCH}-musl.tar" \ + --version "${NODE_VERSION}-${BUILD_ID}" \ + --path .build/nodejs-musl \ + --only-show-errors tar -xzf ".build/nodejs-musl/node-v${NODE_VERSION}-linux-${VSCODE_ARCH}-musl.tar.gz" -C ".build/nodejs-musl" --strip-components=1 rm ".build/nodejs-musl/node-v${NODE_VERSION}-linux-${VSCODE_ARCH}-musl.tar.gz" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + AZURE_DEVOPS_EXT_PAT: "$(System.AccessToken)" displayName: Download NodeJS MUSL condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true')) @@ -111,7 +120,7 @@ jobs: npm_config_arch: $(NPM_ARCH) ELECTRON_SKIP_BINARY_DOWNLOAD: 1 PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" VSCODE_REMOTE_DEPENDENCIES_CONTAINER_NAME: vscodehub.azurecr.io/vscode-linux-build-agent:alpine-$(VSCODE_ARCH) VSCODE_HOST_MOUNT: "/mnt/vss/_work/1/s" VSCODE_NPMRC_PATH: $(NPMRC_PATH) diff --git a/build/azure-pipelines/alpine/product-build-alpine.yml b/build/azure-pipelines/alpine/product-build-alpine.yml index 3359224d3ed8d9..8151a3397af5a8 100644 --- a/build/azure-pipelines/alpine/product-build-alpine.yml +++ b/build/azure-pipelines/alpine/product-build-alpine.yml @@ -67,9 +67,9 @@ jobs: - task: AzureKeyVault@2 displayName: "Azure Key Vault: Get Secrets" inputs: - azureSubscription: vscode - KeyVaultName: vscode-build-secrets - SecretsFilter: "github-distro-mixin-password" + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" - script: node build/setup-npm-registry.ts $NPM_REGISTRY condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none')) @@ -134,11 +134,20 @@ jobs: mkdir -p .build/nodejs-musl NODE_VERSION=$(grep '^target=' remote/.npmrc | cut -d '"' -f 2) BUILD_ID=$(grep '^ms_build_id=' remote/.npmrc | cut -d '"' -f 2) - gh release download "v${NODE_VERSION}-${BUILD_ID}" -R microsoft/vscode-node -p "node-v${NODE_VERSION}-linux-${VSCODE_ARCH}-musl.tar.gz" --dir .build/nodejs-musl --clobber + az extension add --name azure-devops --upgrade --only-show-errors + az artifacts universal download \ + --organization "https://dev.azure.com/monacotools" \ + --project "Monaco" \ + --scope project \ + --feed "vscode-node" \ + --name "node-v${NODE_VERSION}-linux-${VSCODE_ARCH}-musl.tar" \ + --version "${NODE_VERSION}-${BUILD_ID}" \ + --path .build/nodejs-musl \ + --only-show-errors tar -xzf ".build/nodejs-musl/node-v${NODE_VERSION}-linux-${VSCODE_ARCH}-musl.tar.gz" -C ".build/nodejs-musl" --strip-components=1 rm ".build/nodejs-musl/node-v${NODE_VERSION}-linux-${VSCODE_ARCH}-musl.tar.gz" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + AZURE_DEVOPS_EXT_PAT: "$(System.AccessToken)" displayName: Download NodeJS MUSL condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true')) @@ -157,7 +166,7 @@ jobs: npm_config_arch: $(NPM_ARCH) ELECTRON_SKIP_BINARY_DOWNLOAD: 1 PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" VSCODE_REMOTE_DEPENDENCIES_CONTAINER_NAME: vscodehub.azurecr.io/vscode-linux-build-agent:alpine-$(VSCODE_ARCH) VSCODE_HOST_MOUNT: "/mnt/vss/_work/1/s" VSCODE_NPMRC_PATH: $(NPMRC_PATH) @@ -194,7 +203,7 @@ jobs: - script: npm run gulp core-ci env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Compile - script: npx deemon --attach -- node build/azure-pipelines/common/downloadCopilotVsix.ts @@ -214,7 +223,8 @@ jobs: echo "##vso[task.setvariable variable=SERVER_DIR_PATH]$DIR_PATH" echo "##vso[task.setvariable variable=SERVER_PATH]$ARCHIVE_PATH" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) displayName: Build server - script: | @@ -229,5 +239,6 @@ jobs: echo "##vso[task.setvariable variable=WEB_DIR_PATH]$DIR_PATH" echo "##vso[task.setvariable variable=WEB_PATH]$ARCHIVE_PATH" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) displayName: Build server (web) diff --git a/build/azure-pipelines/cli/cli-compile.yml b/build/azure-pipelines/cli/cli-compile.yml index c3565a9bf4b236..9b92bfcd08389a 100644 --- a/build/azure-pipelines/cli/cli-compile.yml +++ b/build/azure-pipelines/cli/cli-compile.yml @@ -135,7 +135,7 @@ steps: env: CARGO_NET_GIT_FETCH_WITH_CLI: true VSCODE_CLI_COMMIT: $(Build.SourceVersion) - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" RUSTC_WRAPPER: sccache SCCACHE_DIR: $(Pipeline.Workspace)/sccache ${{ each pair in parameters.VSCODE_CLI_ENV }}: diff --git a/build/azure-pipelines/common/checkDistroCommit.ts b/build/azure-pipelines/common/checkDistroCommit.ts index 4003a10df317c0..f6bf4657b14721 100644 --- a/build/azure-pipelines/common/checkDistroCommit.ts +++ b/build/azure-pipelines/common/checkDistroCommit.ts @@ -5,10 +5,16 @@ import path from 'path'; import fs from 'fs'; -import { retry } from './retry.ts'; +import { execSync } from 'child_process'; const root = path.dirname(path.dirname(path.dirname(import.meta.dirname))); +// The microsoft/vscode-distro repository is checked out locally by +// download-distro.yml (into .build/distro) using the agent's GitHub App +// (Monaco) credentials, so we can resolve branch heads without a token that +// has private repository access. +const distroPath = path.join(root, '.build', 'distro'); + function getEnv(name: string): string { const result = process.env[name]; @@ -19,30 +25,14 @@ function getEnv(name: string): string { return result; } -interface GitHubBranchResponse { - commit: { - sha: string; - }; -} - -async function getDistroBranchHead(branch: string, token: string): Promise { - const url = `https://api.github.com/repos/microsoft/vscode-distro/branches/${encodeURIComponent(branch)}`; - - const response = await fetch(url, { - headers: { - 'Accept': 'application/vnd.github+json', - 'Authorization': `Bearer ${token}`, - 'X-GitHub-Api-Version': '2022-11-28', - 'User-Agent': 'VSCode Build' - } - }); - - if (!response.ok) { - throw new Error(`Failed to fetch branch ${branch} from vscode-distro: ${response.status} ${response.statusText}`); +function assertDistroCheckout(): void { + if (!fs.existsSync(path.join(distroPath, '.git'))) { + throw new Error(`Expected a vscode-distro checkout at ${distroPath} but found none. Ensure download-distro.yml ran before this check.`); } +} - const data = await response.json() as GitHubBranchResponse; - return data.commit.sha; +function getDistroBranchHead(branch: string): string { + return execSync(`git -C "${distroPath}" rev-parse "refs/remotes/origin/${branch}"`, { encoding: 'utf8' }).trim(); } async function checkDistroCommit(): Promise { @@ -71,16 +61,18 @@ async function checkDistroCommit(): Promise { const branch = branchMatch[1]; console.log(`Current branch: ${branch}`); - // Get the GitHub token - const token = getEnv('GITHUB_TOKEN'); + // Make sure the distro repository is actually checked out before we try to + // resolve a branch head from it; otherwise a missing checkout would be + // indistinguishable from a branch that simply doesn't exist in distro. + assertDistroCheckout(); - // Fetch the HEAD of the matching branch in vscode-distro + // Resolve the HEAD of the matching branch from the local distro checkout let distroBranchHead: string; try { - distroBranchHead = await retry(() => getDistroBranchHead(branch, token)); + distroBranchHead = getDistroBranchHead(branch); } catch (error) { // If the branch doesn't exist in distro, that's expected for feature branches - console.log(`Could not fetch branch '${branch}' from vscode-distro: ${error}`); + console.log(`Could not resolve branch '${branch}' from local vscode-distro checkout: ${error}`); console.log('This is expected for feature branches that have not been merged to distro'); return; } diff --git a/build/azure-pipelines/common/checkout.yml b/build/azure-pipelines/common/checkout.yml index 427f190480a534..d1313b5e2ed6d2 100644 --- a/build/azure-pipelines/common/checkout.yml +++ b/build/azure-pipelines/common/checkout.yml @@ -1,5 +1,10 @@ steps: + # Pin self to the default sources directory (`s`) so that adding a second + # checkout (e.g. the distro repository in download-distro.yml) does not relocate + # self into a repo-named subfolder, which would break every script that assumes + # self lives at $(Build.SourcesDirectory). - checkout: self + path: s fetchDepth: 1 fetchTags: false retryCountOnTaskFailure: 3 diff --git a/build/azure-pipelines/common/install-builtin-extensions.yml b/build/azure-pipelines/common/install-builtin-extensions.yml index f9cbfd4b0854a6..d431bff7fc10e4 100644 --- a/build/azure-pipelines/common/install-builtin-extensions.yml +++ b/build/azure-pipelines/common/install-builtin-extensions.yml @@ -19,6 +19,6 @@ steps: - script: node build/lib/builtInExtensions.ts env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" condition: and(succeeded(), ne(variables.BUILTIN_EXTENSIONS_RESTORED, 'true')) displayName: Download built-in extensions diff --git a/build/azure-pipelines/common/mixin-vscode-capi.yml b/build/azure-pipelines/common/mixin-vscode-capi.yml index 6acbd604ddd3a4..4d2a42f619dc6f 100644 --- a/build/azure-pipelines/common/mixin-vscode-capi.yml +++ b/build/azure-pipelines/common/mixin-vscode-capi.yml @@ -1,4 +1,13 @@ steps: + # Check out the private microsoft/vscode-capi repository using the agent's + # GitHub App (Monaco) credentials instead of cloning it with a PAT. The + # repository resource is declared in the top-level pipeline (resources.repositories). + - checkout: capi + path: s/.build/vscode-capi + fetchDepth: 1 + retryCountOnTaskFailure: 3 + displayName: Checkout microsoft/vscode-capi + - pwsh: | $ErrorActionPreference = 'Stop' @@ -10,25 +19,14 @@ steps: } } - $CapiPath = Join-Path '$(Agent.BuildDirectory)' 'vscode-capi' - if (Test-Path $CapiPath) { - Remove-Item -Recurse -Force $CapiPath - } + $CapiPath = Join-Path '$(Build.SourcesDirectory)' '.build/vscode-capi' + Push-Location $CapiPath try { - Invoke-CheckedCommand { git clone https://github.com/microsoft/vscode-capi.git --depth 1 $CapiPath } - Push-Location $CapiPath - - try { - Invoke-CheckedCommand { npm ci } - $env:BUILD_SOURCESDIRECTORY = '$(Build.SourcesDirectory)' - Invoke-CheckedCommand { npm run mixin_vscode } - } finally { - Pop-Location - } + Invoke-CheckedCommand { npm ci } + $env:BUILD_SOURCESDIRECTORY = '$(Build.SourcesDirectory)' + Invoke-CheckedCommand { npm run mixin_vscode } } finally { - if (Test-Path $CapiPath) { - Remove-Item -Recurse -Force $CapiPath - } + Pop-Location } displayName: Mixin vscode-capi diff --git a/build/azure-pipelines/copilot/build-steps.yml b/build/azure-pipelines/copilot/build-steps.yml index 6a0ae05d86d11c..4e4d8afd87ded5 100644 --- a/build/azure-pipelines/copilot/build-steps.yml +++ b/build/azure-pipelines/copilot/build-steps.yml @@ -1,10 +1,18 @@ steps: + # Check out the private microsoft/vscode-capi repository using the agent's + # GitHub App (Monaco) credentials instead of cloning it with a PAT. The + # repository resource is declared in the top-level pipeline (resources.repositories). + - checkout: capi + path: s/.build/vscode-capi + fetchDepth: 1 + retryCountOnTaskFailure: 3 + displayName: Checkout microsoft/vscode-capi + - script: | set -e - git clone https://github.com/microsoft/vscode-capi.git --depth 1 $(Agent.BuildDirectory)/vscode-capi - cd $(Agent.BuildDirectory)/vscode-capi - npm ci && BUILD_SOURCESDIRECTORY=$(Build.SourcesDirectory)/extensions/copilot npm run mixin - rm -rf $(Agent.BuildDirectory)/vscode-capi + cd $(Build.SourcesDirectory)/.build/vscode-capi + npm ci + BUILD_SOURCESDIRECTORY=$(Build.SourcesDirectory)/extensions/copilot npm run mixin displayName: Mixin vscode-capi - script: npm run build diff --git a/build/azure-pipelines/copilot/l10n-steps.yml b/build/azure-pipelines/copilot/l10n-steps.yml index 99d5b249d6fc85..a7857a69c8afee 100644 --- a/build/azure-pipelines/copilot/l10n-steps.yml +++ b/build/azure-pipelines/copilot/l10n-steps.yml @@ -1,21 +1,23 @@ steps: + # Check out the private microsoft/vscode-extensions-loc repository using the + # agent's GitHub App (Monaco) credentials instead of cloning it with a PAT. + # The repository resource is declared in the top-level pipeline (resources.repositories). + - checkout: vscode_loc + path: s/.build/vscode-extensions-loc + fetchDepth: 1 + sparseCheckoutDirectories: out/GitHub.copilot-chat + retryCountOnTaskFailure: 3 + displayName: Checkout microsoft/vscode-extensions-loc + - script: | set -e EXTENSION_ID="GitHub.copilot-chat" - L10N_REPO="https://github.com/microsoft/vscode-extensions-loc.git" - L10N_DIR="$(Agent.TempDirectory)/vscode-extensions-loc" - - echo "Cloning vscode-extensions-loc (sparse checkout)..." - git clone --depth 1 --filter=blob:none --sparse "$L10N_REPO" "$L10N_DIR" - cd "$L10N_DIR" - git sparse-checkout set "out/$EXTENSION_ID" - + L10N_DIR="$(Build.SourcesDirectory)/.build/vscode-extensions-loc" TRANSLATED_DIR="$L10N_DIR/out/$EXTENSION_ID" if [ ! -d "$TRANSLATED_DIR" ] || [ -z "$(ls -A "$TRANSLATED_DIR" 2>/dev/null)" ]; then echo "No translated strings found for $EXTENSION_ID, skipping l10n import." - rm -rf "$L10N_DIR" exit 0 fi @@ -36,7 +38,4 @@ steps: echo "Localized files:" ls -la package.nls.*.json 2>/dev/null || echo " (no package.nls.*.json)" ls -la "$L10N_ROOT"/bundle.l10n.*.json 2>/dev/null || echo " (no bundle.l10n.*.json)" - - # Cleanup - rm -rf "$L10N_DIR" displayName: Import localized strings diff --git a/build/azure-pipelines/copilot/setup-steps.yml b/build/azure-pipelines/copilot/setup-steps.yml index 83699f8152d632..e550d6ac696058 100644 --- a/build/azure-pipelines/copilot/setup-steps.yml +++ b/build/azure-pipelines/copilot/setup-steps.yml @@ -3,28 +3,6 @@ steps: inputs: versionSpec: "22.21.x" - - task: AzureKeyVault@2 - displayName: "Azure Key Vault: Get Secrets" - inputs: - azureSubscription: vscode - KeyVaultName: vscode-build-secrets - SecretsFilter: "github-distro-mixin-password" - - - pwsh: | - "machine github.com`nlogin vscode`npassword $(github-distro-mixin-password)" | Out-File "$Home/_netrc" -Encoding ASCII - condition: and(succeeded(), contains(variables['Agent.OS'], 'windows')) - displayName: Setup distro auth (Windows) - - - script: | - mkdir -p .build - cat << EOF | tee ~/.netrc .build/.netrc > /dev/null - machine github.com - login vscode - password $(github-distro-mixin-password) - EOF - condition: and(succeeded(), not(contains(variables['Agent.OS'], 'windows'))) - displayName: Setup distro auth (non-Windows) - - pwsh: node build/setup-npm-registry.ts $env:NPM_REGISTRY workingDirectory: $(Build.SourcesDirectory) condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'), contains(variables['Agent.OS'], 'windows')) diff --git a/build/azure-pipelines/darwin/product-build-darwin-cli.yml b/build/azure-pipelines/darwin/product-build-darwin-cli.yml index 5a705b43b8ef2f..1d68fe91613481 100644 --- a/build/azure-pipelines/darwin/product-build-darwin-cli.yml +++ b/build/azure-pipelines/darwin/product-build-darwin-cli.yml @@ -38,6 +38,13 @@ jobs: versionSource: fromFile versionFilePath: .nvmrc + - task: AzureKeyVault@2 + displayName: "Azure Key Vault: Get GitHub token" + inputs: + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" + - template: ../cli/cli-apply-patches.yml@self - task: Npm@1 diff --git a/build/azure-pipelines/darwin/product-build-darwin-node-modules.yml b/build/azure-pipelines/darwin/product-build-darwin-node-modules.yml index d70adbee0af010..e811c7397a72cd 100644 --- a/build/azure-pipelines/darwin/product-build-darwin-node-modules.yml +++ b/build/azure-pipelines/darwin/product-build-darwin-node-modules.yml @@ -28,7 +28,14 @@ jobs: inputs: azureSubscription: vscode KeyVaultName: vscode-build-secrets - SecretsFilter: "github-distro-mixin-password,macos-developer-certificate,macos-developer-certificate-key" + SecretsFilter: "macos-developer-certificate,macos-developer-certificate-key" + + - task: AzureKeyVault@2 + displayName: "Azure Key Vault: Get GitHub token" + inputs: + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" - script: node build/setup-npm-registry.ts $NPM_REGISTRY condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none')) @@ -78,7 +85,7 @@ jobs: npm_config_arch: $(VSCODE_ARCH) ELECTRON_SKIP_BINARY_DOWNLOAD: 1 PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" # Avoid using dlopen to load Kerberos on macOS which can cause missing libraries # https://github.com/mongodb-js/kerberos/commit/04044d2814ad1d01e77f1ce87f26b03d86692cf2 # flipped the default to support legacy linux distros which shouldn't happen diff --git a/build/azure-pipelines/darwin/product-build-darwin-universal.yml b/build/azure-pipelines/darwin/product-build-darwin-universal.yml index c5e4dfb588a845..455adf5e2cf581 100644 --- a/build/azure-pipelines/darwin/product-build-darwin-universal.yml +++ b/build/azure-pipelines/darwin/product-build-darwin-universal.yml @@ -36,7 +36,14 @@ jobs: inputs: azureSubscription: vscode KeyVaultName: vscode-build-secrets - SecretsFilter: "github-distro-mixin-password,macos-developer-certificate,macos-developer-certificate-key" + SecretsFilter: "macos-developer-certificate,macos-developer-certificate-key" + + - task: AzureKeyVault@2 + displayName: "Azure Key Vault: Get GitHub token" + inputs: + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" - script: node build/setup-npm-registry.ts $NPM_REGISTRY build condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none')) @@ -71,7 +78,7 @@ jobs: done workingDirectory: build env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Install build dependencies - pwsh: node -- build/azure-pipelines/common/waitForArtifacts.ts unsigned_vscode_client_darwin_x64_archive unsigned_vscode_client_darwin_arm64_archive diff --git a/build/azure-pipelines/darwin/steps/product-build-darwin-compile.yml b/build/azure-pipelines/darwin/steps/product-build-darwin-compile.yml index b7315e170ee629..41d4a30a133fd7 100644 --- a/build/azure-pipelines/darwin/steps/product-build-darwin-compile.yml +++ b/build/azure-pipelines/darwin/steps/product-build-darwin-compile.yml @@ -28,7 +28,14 @@ steps: inputs: azureSubscription: vscode KeyVaultName: vscode-build-secrets - SecretsFilter: "github-distro-mixin-password,macos-developer-certificate,macos-developer-certificate-key" + SecretsFilter: "macos-developer-certificate,macos-developer-certificate-key" + + - task: AzureKeyVault@2 + displayName: "Azure Key Vault: Get GitHub token" + inputs: + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" - script: node build/setup-npm-registry.ts $NPM_REGISTRY condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none')) @@ -82,7 +89,7 @@ steps: npm_config_arch: $(VSCODE_ARCH) ELECTRON_SKIP_BINARY_DOWNLOAD: 1 PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" # Avoid using dlopen to load Kerberos on macOS which can cause missing libraries # https://github.com/mongodb-js/kerberos/commit/04044d2814ad1d01e77f1ce87f26b03d86692cf2 # flipped the default to support legacy linux distros which shouldn't happen @@ -127,7 +134,7 @@ steps: - script: npm run gulp core-ci env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Compile - script: node build/azure-pipelines/common/extract-telemetry.ts @@ -156,7 +163,8 @@ steps: npm run gulp vscode-darwin-$(VSCODE_ARCH)-min-ci echo "##vso[task.setvariable variable=BUILT_CLIENT]true" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) displayName: Build client - script: | @@ -164,7 +172,8 @@ steps: npm run gulp vscode-reh-darwin-$(VSCODE_ARCH)-min-ci mv ../vscode-reh-darwin-$(VSCODE_ARCH) ../vscode-server-darwin-$(VSCODE_ARCH) # TODO@joaomoreno env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) displayName: Build server - script: | @@ -172,7 +181,8 @@ steps: npm run gulp vscode-reh-web-darwin-$(VSCODE_ARCH)-min-ci mv ../vscode-reh-web-darwin-$(VSCODE_ARCH) ../vscode-server-darwin-$(VSCODE_ARCH)-web # TODO@joaomoreno env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) displayName: Build server (web) - ${{ if ne(parameters.VSCODE_CIBUILD, true) }}: diff --git a/build/azure-pipelines/darwin/steps/product-build-darwin-test.yml b/build/azure-pipelines/darwin/steps/product-build-darwin-test.yml index 2cb75de8dddd69..e790f126a77294 100644 --- a/build/azure-pipelines/darwin/steps/product-build-darwin-test.yml +++ b/build/azure-pipelines/darwin/steps/product-build-darwin-test.yml @@ -9,7 +9,8 @@ parameters: steps: - script: npm exec -- npm-run-all2 -lp "electron $(VSCODE_ARCH)" "playwright-install" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) displayName: Download Electron and Playwright retryCountOnTaskFailure: 3 diff --git a/build/azure-pipelines/dependencies-check.yml b/build/azure-pipelines/dependencies-check.yml index d7d0d9f12b6dd8..78b74bc3425238 100644 --- a/build/azure-pipelines/dependencies-check.yml +++ b/build/azure-pipelines/dependencies-check.yml @@ -27,6 +27,13 @@ jobs: versionSource: fromFile versionFilePath: .nvmrc + - task: AzureKeyVault@2 + displayName: "Azure Key Vault: Get GitHub token" + inputs: + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" + - script: | set -e echo "Checking if package.json or package-lock.json files were modified..." @@ -102,7 +109,7 @@ jobs: npm_command: 'install --ignore-scripts' ELECTRON_SKIP_BINARY_DOWNLOAD: 1 PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Install dependencies with retries timeoutInMinutes: 1300 condition: and(succeeded(), eq(variables['SHOULD_VALIDATE'], 'true')) diff --git a/build/azure-pipelines/distro-build.yml b/build/azure-pipelines/distro-build.yml index 1d0a50b129778f..05ac00cec7db8f 100644 --- a/build/azure-pipelines/distro-build.yml +++ b/build/azure-pipelines/distro-build.yml @@ -7,7 +7,35 @@ trigger: include: ["main", "release/*"] pr: none +resources: + repositories: + - repository: distro + type: github + name: microsoft/vscode-distro + ref: main + endpoint: Monaco + - repository: encrypt + type: github + name: microsoft/vscode-encrypt + ref: main + endpoint: Monaco + - repository: vsda + type: github + name: microsoft/vsda + ref: main + endpoint: Monaco + - repository: regexp + type: github + name: microsoft/vscode-regexp-languagedetection + ref: main + endpoint: Monaco + steps: + - checkout: self + path: s + retryCountOnTaskFailure: 3 + displayName: Checkout microsoft/vscode + - task: NodeTool@0 inputs: versionSource: fromFile diff --git a/build/azure-pipelines/distro/download-distro.yml b/build/azure-pipelines/distro/download-distro.yml index b7c52dd36b41c0..7d6319ee0be73c 100644 --- a/build/azure-pipelines/distro/download-distro.yml +++ b/build/azure-pipelines/distro/download-distro.yml @@ -1,61 +1,90 @@ steps: - - task: AzureKeyVault@2 - displayName: "Azure Key Vault: Get Secrets" - inputs: - azureSubscription: vscode - KeyVaultName: vscode-build-secrets - SecretsFilter: "github-distro-mixin-password" - - # TODO@joaomoreno: Keep pwsh once we move out of running entire jobs in containers - - pwsh: | - "machine github.com`nlogin vscode`npassword $(github-distro-mixin-password)" | Out-File "$Home/_netrc" -Encoding ASCII - condition: and(succeeded(), contains(variables['Agent.OS'], 'windows')) - displayName: Setup distro auth (Windows) + # Check out the private microsoft/vscode-distro repository using the agent's + # GitHub App (Monaco) credentials. This avoids the need for a long-lived PAT. + # The repository resource is declared in the top-level pipeline (resources.repositories) + # and is checked out into .build/distro so that mixin-npm.ts / mixin-quality.ts can + # consume it from there (`.build/distro/npm`, `.build/distro/mixin/`). + - checkout: distro + path: s/.build/distro + fetchDepth: 0 + retryCountOnTaskFailure: 3 + displayName: Checkout microsoft/vscode-distro - pwsh: | $ErrorActionPreference = "Stop" - $ArchivePath = "$(Agent.TempDirectory)/distro.zip" - $PackageJson = Get-Content -Path package.json -Raw | ConvertFrom-Json - $DistroVersion = $PackageJson.distro - - Invoke-WebRequest -Uri "https://api.github.com/repos/microsoft/vscode-distro/zipball/$DistroVersion" ` - -OutFile $ArchivePath ` - -Headers @{ "Accept" = "application/vnd.github+json"; "Authorization" = "Bearer $(github-distro-mixin-password)"; "X-GitHub-Api-Version" = "2022-11-28" } + $DistroVersion = (Get-Content -Path package.json -Raw | ConvertFrom-Json).distro + Write-Host "Checking out distro commit $DistroVersion" + git -C .build/distro checkout $DistroVersion + displayName: Checkout distro commit - New-Item -ItemType Directory -Path .build -Force - Expand-Archive -Path $ArchivePath -DestinationPath .build - Rename-Item -Path ".build/microsoft-vscode-distro-$DistroVersion" -NewName distro - condition: and(succeeded(), contains(variables['Agent.OS'], 'windows')) - displayName: Download distro (Windows) + - script: git lfs install --local + displayName: Initialize Git LFS - - script: | - mkdir -p .build - cat << EOF | tee ~/.netrc .build/.netrc > /dev/null - machine github.com - login vscode - password $(github-distro-mixin-password) - EOF - condition: and(succeeded(), not(contains(variables['Agent.OS'], 'windows'))) - displayName: Setup distro auth (non-Windows) + - script: git lfs pull + displayName: Pull Git LFS objects - - script: | - set -e - ArchivePath="$(Agent.TempDirectory)/distro.zip" - DistroVersion=$(node -p "require('./package.json').distro") + # Check out the private microsoft/vscode-encrypt, microsoft/vsda and + # microsoft/vscode-regexp-languagedetection repositories using the agent's GitHub + # App (Monaco) credentials. The distro's npm dependencies reference vsda and + # vscode-regexp-languagedetection as git dependencies, and the CLI cargo patches + # reference vsda and vscode-encrypt; npm resolves these over ssh while cargo + # resolves them over https. We redirect both public GitHub URLs to these local + # checkouts via git's insteadOf so no PAT is required to resolve them. + - checkout: encrypt + path: s/.build/vscode-encrypt + fetchDepth: 0 + retryCountOnTaskFailure: 3 + displayName: Checkout microsoft/vscode-encrypt - curl -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $(github-distro-mixin-password)" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - -o $ArchivePath \ - -L "https://api.github.com/repos/microsoft/vscode-distro/zipball/$DistroVersion" + - checkout: vsda + path: s/.build/vsda + fetchDepth: 0 + retryCountOnTaskFailure: 3 + displayName: Checkout microsoft/vsda - unzip $ArchivePath -d .build - mv .build/microsoft-vscode-distro-$DistroVersion .build/distro - condition: and(succeeded(), not(contains(variables['Agent.OS'], 'windows'))) - displayName: Download distro (non-Windows) + - checkout: regexp + path: s/.build/vscode-regexp-languagedetection + fetchDepth: 0 + retryCountOnTaskFailure: 3 + displayName: Checkout microsoft/vscode-regexp-languagedetection - - script: git lfs install --local - displayName: Initialize Git LFS + # Redirect the private git dependencies to the local checkouts above, so no PAT + # is required to resolve them. npm resolves these over ssh while cargo resolves + # them over https, with and without a trailing `.git`, so we register every + # form. This step runs on the agent directly and must work in both bash and + # cmd.exe (Windows), so it uses plain `git config` invocations. + - script: | + git config --global url."file://$(Build.SourcesDirectory)/.build/vscode-encrypt".insteadOf "https://github.com/microsoft/vscode-encrypt" + git config --global --add url."file://$(Build.SourcesDirectory)/.build/vscode-encrypt".insteadOf "https://github.com/microsoft/vscode-encrypt.git" + git config --global --add url."file://$(Build.SourcesDirectory)/.build/vscode-encrypt".insteadOf "ssh://git@github.com/microsoft/vscode-encrypt" + git config --global --add url."file://$(Build.SourcesDirectory)/.build/vscode-encrypt".insteadOf "ssh://git@github.com/microsoft/vscode-encrypt.git" + git config --global url."file://$(Build.SourcesDirectory)/.build/vsda".insteadOf "https://github.com/microsoft/vsda" + git config --global --add url."file://$(Build.SourcesDirectory)/.build/vsda".insteadOf "https://github.com/microsoft/vsda.git" + git config --global --add url."file://$(Build.SourcesDirectory)/.build/vsda".insteadOf "ssh://git@github.com/microsoft/vsda" + git config --global --add url."file://$(Build.SourcesDirectory)/.build/vsda".insteadOf "ssh://git@github.com/microsoft/vsda.git" + git config --global url."file://$(Build.SourcesDirectory)/.build/vscode-regexp-languagedetection".insteadOf "https://github.com/microsoft/vscode-regexp-languagedetection" + git config --global --add url."file://$(Build.SourcesDirectory)/.build/vscode-regexp-languagedetection".insteadOf "https://github.com/microsoft/vscode-regexp-languagedetection.git" + git config --global --add url."file://$(Build.SourcesDirectory)/.build/vscode-regexp-languagedetection".insteadOf "ssh://git@github.com/microsoft/vscode-regexp-languagedetection" + git config --global --add url."file://$(Build.SourcesDirectory)/.build/vscode-regexp-languagedetection".insteadOf "ssh://git@github.com/microsoft/vscode-regexp-languagedetection.git" + displayName: Redirect private git dependencies to local checkouts - - script: git lfs pull - displayName: Pull Git LFS objects + # The Alpine server build installs the distro's npm dependencies inside a docker + # container that mounts the sources at /root/vscode, so the host redirects above + # (which use agent paths) do not apply there. Emit a container-pathed gitconfig + # that postinstall.ts bind-mounts as /root/.gitconfig. Only needed (and only + # bash-compatible) on Linux agents. + - script: | + set -e + CONTAINER_GITCONFIG="$(Build.SourcesDirectory)/.build/.gitconfig-distro" + rm -f "$CONTAINER_GITCONFIG" + for repo in vscode-encrypt vsda vscode-regexp-languagedetection; do + for url in \ + "https://github.com/microsoft/$repo" \ + "https://github.com/microsoft/$repo.git" \ + "ssh://git@github.com/microsoft/$repo" \ + "ssh://git@github.com/microsoft/$repo.git"; do + git config --file "$CONTAINER_GITCONFIG" --add url."file:///root/vscode/.build/$repo".insteadOf "$url" + done + done + condition: and(succeeded(), eq(variables['Agent.OS'], 'Linux')) + displayName: Write container git redirects for Alpine diff --git a/build/azure-pipelines/linux/product-build-linux-cli.yml b/build/azure-pipelines/linux/product-build-linux-cli.yml index a9107129b73b56..c84a1fd08e2733 100644 --- a/build/azure-pipelines/linux/product-build-linux-cli.yml +++ b/build/azure-pipelines/linux/product-build-linux-cli.yml @@ -34,6 +34,13 @@ jobs: versionSource: fromFile versionFilePath: .nvmrc + - task: AzureKeyVault@2 + displayName: "Azure Key Vault: Get GitHub token" + inputs: + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" + - template: ../cli/cli-apply-patches.yml@self - task: Npm@1 @@ -84,7 +91,7 @@ jobs: done workingDirectory: build env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Install build dependencies - script: | diff --git a/build/azure-pipelines/linux/product-build-linux-node-modules.yml b/build/azure-pipelines/linux/product-build-linux-node-modules.yml index ad0e149816014d..9be0c3f1daf40d 100644 --- a/build/azure-pipelines/linux/product-build-linux-node-modules.yml +++ b/build/azure-pipelines/linux/product-build-linux-node-modules.yml @@ -27,9 +27,9 @@ jobs: - task: AzureKeyVault@2 displayName: "Azure Key Vault: Get Secrets" inputs: - azureSubscription: vscode - KeyVaultName: vscode-build-secrets - SecretsFilter: "github-distro-mixin-password" + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" - script: | set -e @@ -93,7 +93,7 @@ jobs: done workingDirectory: build env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Install build dependencies condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true')) @@ -109,7 +109,7 @@ jobs: SYSROOT_ARCH="$SYSROOT_ARCH" VSCODE_SYSROOT_PREFIX="-glibc-2.28-gcc-8.5.0" node -e 'import { getVSCodeSysroot } from "./build/linux/debian/install-sysroot.ts"; (async () => { await getVSCodeSysroot(process.env["SYSROOT_ARCH"]); })()' env: VSCODE_ARCH: $(VSCODE_ARCH) - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Download vscode sysroots condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true')) @@ -135,7 +135,7 @@ jobs: VSCODE_ARCH: $(VSCODE_ARCH) ELECTRON_SKIP_BINARY_DOWNLOAD: 1 PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Install dependencies condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true')) diff --git a/build/azure-pipelines/linux/steps/product-build-linux-compile.yml b/build/azure-pipelines/linux/steps/product-build-linux-compile.yml index 4443e0cd869cc0..2f1df9d23c9148 100644 --- a/build/azure-pipelines/linux/steps/product-build-linux-compile.yml +++ b/build/azure-pipelines/linux/steps/product-build-linux-compile.yml @@ -34,9 +34,9 @@ steps: - task: AzureKeyVault@2 displayName: "Azure Key Vault: Get Secrets" inputs: - azureSubscription: vscode - KeyVaultName: vscode-build-secrets - SecretsFilter: "github-distro-mixin-password" + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" - script: | set -e @@ -104,7 +104,7 @@ steps: done workingDirectory: build env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Install build dependencies condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true')) @@ -120,7 +120,7 @@ steps: SYSROOT_ARCH="$SYSROOT_ARCH" VSCODE_SYSROOT_PREFIX="-glibc-2.28-gcc-8.5.0" node -e 'import { getVSCodeSysroot } from "./build/linux/debian/install-sysroot.ts"; (async () => { await getVSCodeSysroot(process.env["SYSROOT_ARCH"]); })()' env: VSCODE_ARCH: $(VSCODE_ARCH) - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Download vscode sysroots - script: | @@ -145,7 +145,7 @@ steps: VSCODE_ARCH: $(VSCODE_ARCH) ELECTRON_SKIP_BINARY_DOWNLOAD: 1 PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Install dependencies condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true')) @@ -186,7 +186,7 @@ steps: - script: npm run gulp core-ci env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Compile - ${{ if eq(parameters.VSCODE_ARCH, 'x64') }}: @@ -219,7 +219,8 @@ steps: echo "##vso[task.setvariable variable=CLIENT_PATH]$ARCHIVE_PATH" echo "##vso[task.setvariable variable=CLIENT_ARCHIVE_NAME]$(basename $ARCHIVE_PATH)" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) displayName: Build client - ${{ if ne(parameters.VSCODE_CIBUILD, true) }}: @@ -247,7 +248,7 @@ steps: set -e tar -czf $CLIENT_PATH -C .. VSCode-linux-$(VSCODE_ARCH) env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Archive client - ${{ if ne(parameters.VSCODE_ARCH, 'armhf') }}: @@ -262,7 +263,8 @@ steps: echo "##vso[task.setvariable variable=SERVER_PATH]$ARCHIVE_PATH" echo "##vso[task.setvariable variable=SERVER_UNARCHIVE_PATH]$UNARCHIVE_PATH" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) displayName: Build server - script: | @@ -274,7 +276,8 @@ steps: tar --owner=0 --group=0 -czf $ARCHIVE_PATH -C .. vscode-server-linux-$(VSCODE_ARCH)-web echo "##vso[task.setvariable variable=WEB_PATH]$ARCHIVE_PATH" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) displayName: Build server (web) - ${{ if or(eq(parameters.VSCODE_ARCH, 'x64'), eq(parameters.VSCODE_ARCH, 'arm64')) }}: @@ -296,7 +299,7 @@ steps: set -e npm run gulp "vscode-linux-$(VSCODE_ARCH)-prepare-deb" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Prepare deb package - script: | diff --git a/build/azure-pipelines/linux/steps/product-build-linux-test.yml b/build/azure-pipelines/linux/steps/product-build-linux-test.yml index 5c6223cf371d81..2dfd2a85d5adb8 100644 --- a/build/azure-pipelines/linux/steps/product-build-linux-test.yml +++ b/build/azure-pipelines/linux/steps/product-build-linux-test.yml @@ -9,7 +9,8 @@ parameters: steps: - script: npm exec -- npm-run-all2 -lp "electron $(VSCODE_ARCH)" "playwright-install" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) displayName: Download Electron and Playwright retryCountOnTaskFailure: 3 diff --git a/build/azure-pipelines/product-build.yml b/build/azure-pipelines/product-build.yml index db99e5013997d8..ec9a21700e4646 100644 --- a/build/azure-pipelines/product-build.yml +++ b/build/azure-pipelines/product-build.yml @@ -180,11 +180,49 @@ resources: type: git name: 1ESPipelineTemplates/1ESPipelineTemplates ref: refs/tags/release + - repository: distro + type: github + name: microsoft/vscode-distro + endpoint: Monaco + ref: main + - repository: capi + type: github + name: microsoft/vscode-capi + endpoint: Monaco + ref: main + - repository: encrypt + type: github + name: microsoft/vscode-encrypt + endpoint: Monaco + ref: main + - repository: vsda + type: github + name: microsoft/vsda + endpoint: Monaco + ref: main + - repository: regexp + type: github + name: microsoft/vscode-regexp-languagedetection + endpoint: Monaco + ref: main + - repository: vscode_loc + type: github + name: microsoft/vscode-extensions-loc + endpoint: Monaco + ref: main extends: template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines parameters: sdl: + sourceRepositoriesToScan: + exclude: + - repository: distro + - repository: capi + - repository: encrypt + - repository: vsda + - repository: regexp + - repository: vscode_loc tsa: enabled: true configFile: $(Build.SourcesDirectory)/build/azure-pipelines/config/tsaoptions.json diff --git a/build/azure-pipelines/product-copilot-recovery.yml b/build/azure-pipelines/product-copilot-recovery.yml index a0c52e68302470..6f7888e934c212 100644 --- a/build/azure-pipelines/product-copilot-recovery.yml +++ b/build/azure-pipelines/product-copilot-recovery.yml @@ -10,6 +10,16 @@ resources: name: microsoft/vscode-engineering ref: main endpoint: Monaco + - repository: capi + type: github + name: microsoft/vscode-capi + ref: main + endpoint: Monaco + - repository: vscode_loc + type: github + name: microsoft/vscode-extensions-loc + ref: main + endpoint: Monaco parameters: - name: customNPMRegistry @@ -24,6 +34,12 @@ parameters: variables: - name: VSCODE_QUALITY value: stable + # The 1ES extension template configures the NPM registry itself (via the + # customNPMRegistry / Terrapin parameter below). Set NPM_REGISTRY to 'none' + # so the shared copilot/setup-steps.yml skips its own registry rewrite, which + # would otherwise corrupt package-lock.json resolved URLs when unset. + - name: NPM_REGISTRY + value: none extends: template: azure-pipelines/extension/stable.yml@templates @@ -31,6 +47,24 @@ extends: workingDirectory: ./extensions/copilot l10nSourcePaths: ./extensions/copilot/src nodeVersion: 22.21.x + # The copilot extension is bundled with esbuild and vendors prebuilt native + # modules (e.g. @os-theme, @picovoice/pvrecorder-node) that depend on a + # newer GLIBC than the template's sysroot check allows. The main product + # build (product-copilot.yml) ships these natives without a sysroot or GLIBC + # check, so disable the sysroot here for parity; this also skips the GLIBC/ + # GLIBCXX verification that would otherwise fail on those vendored natives. + buildPlatforms: + - name: Linux + vsceTarget: "" + useSysroot: false + codesignPaths: [] + # Copilot handles localization itself via copilot/l10n-steps.yml (importing + # translated strings from the microsoft/vscode-extensions-loc checkout), + # mirroring product-copilot.yml. Disable the template's own l10n jobs and + # the import-localized-files step: the latter runs before buildSteps and + # expects an implicit self checkout, which is unavailable here because + # build-steps.yml checks out microsoft/vscode-capi. + l10nShouldProcess: false cgIgnoreDirectories: $(Build.SourcesDirectory)/extensions/copilot/script @@ -46,21 +80,17 @@ extends: exit 1 displayName: Validate release branch + - checkout: self + path: s + lfs: true + fetchDepth: 1 + fetchTags: false + retryCountOnTaskFailure: 3 + displayName: Checkout microsoft/vscode + - template: copilot/setup-steps.yml - template: copilot/build-steps.yml - - script: | - set -e - - # The GLIBC check (from the shared extension template) scans every .node - # under $PWD. @github/copilot vendors @picovoice/pvrecorder-node, whose - # linux/x86_64 prebuild depends on GLIBC > 2.28. The native is not - # shipped in the VSIX, so just remove the pvrecorder prebuilds before - # the check runs. - find "$(Build.SourcesDirectory)" \ - -type d -name pvrecorder-node \ - -path "*@picovoice/pvrecorder-node" \ - -print -exec rm -rf {} + - displayName: Remove pvrecorder native binaries before GLIBC check + - template: copilot/l10n-steps.yml uploadSourceMaps: enabled: true @@ -78,6 +108,18 @@ extends: serviceTreeID: '1788a767-5861-45fb-973b-c686b67c5541' enabled: true + # The Copilot build steps check out microsoft/vscode-capi and + # microsoft/vscode-extensions-loc (via the Monaco GitHub App instead of a + # PAT). Every checked-out repository must be declared for the 1ES SDL source + # analysis, so re-declare the template defaults plus capi and vscode_loc here. + sourceRepositoriesToScan: + exclude: + - repository: translations + - repository: vscode-copilot-cache + - repository: templates + - repository: capi + - repository: vscode_loc + ${{ if eq(parameters.customNPMRegistry, false) }}: customNPMRegistry: '' diff --git a/build/azure-pipelines/product-copilot.yml b/build/azure-pipelines/product-copilot.yml index cebe647882facf..cb3210e41cc618 100644 --- a/build/azure-pipelines/product-copilot.yml +++ b/build/azure-pipelines/product-copilot.yml @@ -17,6 +17,7 @@ jobs: value: true steps: - checkout: self + path: s lfs: true fetchDepth: 1 fetchTags: false diff --git a/build/azure-pipelines/product-publish.yml b/build/azure-pipelines/product-publish.yml index 0a0ada4ec3d41d..6403a6303a1592 100644 --- a/build/azure-pipelines/product-publish.yml +++ b/build/azure-pipelines/product-publish.yml @@ -39,9 +39,9 @@ jobs: - task: AzureKeyVault@2 displayName: "Azure Key Vault: Get Secrets" inputs: - azureSubscription: vscode - KeyVaultName: vscode-build-secrets - SecretsFilter: "github-distro-mixin-password" + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" - task: AzureKeyVault@2 displayName: "Azure Key Vault: Get ESRP Secrets" @@ -58,7 +58,7 @@ jobs: npm ci workingDirectory: build env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Install build dependencies - download: current diff --git a/build/azure-pipelines/product-quality-checks.yml b/build/azure-pipelines/product-quality-checks.yml index 792c70ebb38903..b7919b52e47ff6 100644 --- a/build/azure-pipelines/product-quality-checks.yml +++ b/build/azure-pipelines/product-quality-checks.yml @@ -20,9 +20,9 @@ jobs: - task: AzureKeyVault@2 displayName: "Azure Key Vault: Get Secrets" inputs: - azureSubscription: vscode - KeyVaultName: vscode-build-secrets - SecretsFilter: "github-distro-mixin-password" + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" - script: node build/setup-npm-registry.ts $NPM_REGISTRY condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none')) @@ -68,7 +68,7 @@ jobs: done workingDirectory: build env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Install build dependencies condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true')) @@ -78,7 +78,7 @@ jobs: SYSROOT_ARCH="amd64" VSCODE_SYSROOT_PREFIX="-glibc-2.28-gcc-8.5.0" node -e 'import { getVSCodeSysroot } from "./build/linux/debian/install-sysroot.ts"; (async () => { await getVSCodeSysroot(process.env["SYSROOT_ARCH"]); })()' env: VSCODE_ARCH: x64 - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Download vscode sysroots - script: | @@ -100,7 +100,7 @@ jobs: VSCODE_ARCH: x64 ELECTRON_SKIP_BINARY_DOWNLOAD: 1 PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Install dependencies condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true')) @@ -122,7 +122,6 @@ jobs: - script: node build/azure-pipelines/common/checkDistroCommit.ts displayName: Check distro commit env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" BUILD_SOURCEBRANCH: "$(Build.SourceBranch)" continueOnError: true condition: and(succeeded(), eq(lower(variables['VSCODE_PUBLISH']), 'true')) @@ -131,7 +130,7 @@ jobs: - script: npm exec -- npm-run-all2 -lp core-ci hygiene eslint valid-layers-check define-class-fields-check vscode-dts-compile-check tsec-compile-check test-build-scripts env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Compile & Hygiene - script: npm run download-builtin-extensions-cg diff --git a/build/azure-pipelines/web/product-build-web-node-modules.yml b/build/azure-pipelines/web/product-build-web-node-modules.yml index 75a0cc6cd6e750..fdd15d54f1a102 100644 --- a/build/azure-pipelines/web/product-build-web-node-modules.yml +++ b/build/azure-pipelines/web/product-build-web-node-modules.yml @@ -18,9 +18,9 @@ jobs: - task: AzureKeyVault@2 displayName: "Azure Key Vault: Get Secrets" inputs: - azureSubscription: vscode - KeyVaultName: vscode-build-secrets - SecretsFilter: "github-distro-mixin-password" + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" - script: node build/setup-npm-registry.ts $NPM_REGISTRY condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none')) @@ -73,7 +73,7 @@ jobs: env: ELECTRON_SKIP_BINARY_DOWNLOAD: 1 PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Install dependencies condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true')) diff --git a/build/azure-pipelines/web/product-build-web.yml b/build/azure-pipelines/web/product-build-web.yml index 86d6215f31cf0c..7666105b4d1474 100644 --- a/build/azure-pipelines/web/product-build-web.yml +++ b/build/azure-pipelines/web/product-build-web.yml @@ -30,9 +30,9 @@ jobs: - task: AzureKeyVault@2 displayName: "Azure Key Vault: Get Secrets" inputs: - azureSubscription: vscode - KeyVaultName: vscode-build-secrets - SecretsFilter: "github-distro-mixin-password" + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" - script: node build/setup-npm-registry.ts $NPM_REGISTRY condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none')) @@ -89,7 +89,7 @@ jobs: env: ELECTRON_SKIP_BINARY_DOWNLOAD: 1 PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Install dependencies condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true')) @@ -119,7 +119,7 @@ jobs: - script: npm run gulp core-ci env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Compile - script: npx deemon --attach -- node build/azure-pipelines/common/downloadCopilotVsix.ts @@ -135,7 +135,7 @@ jobs: tar --owner=0 --group=0 -czf $ARCHIVE_PATH -C .. vscode-web echo "##vso[task.setvariable variable=WEB_PATH]$ARCHIVE_PATH" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Build - task: AzureCLI@2 diff --git a/build/azure-pipelines/win32/product-build-win32-cli.yml b/build/azure-pipelines/win32/product-build-win32-cli.yml index c01e421e6d4437..fd56ba730a0858 100644 --- a/build/azure-pipelines/win32/product-build-win32-cli.yml +++ b/build/azure-pipelines/win32/product-build-win32-cli.yml @@ -35,6 +35,13 @@ jobs: versionSource: fromFile versionFilePath: .nvmrc + - task: AzureKeyVault@2 + displayName: "Azure Key Vault: Get GitHub token" + inputs: + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" + - template: ../cli/cli-apply-patches.yml@self - task: Npm@1 diff --git a/build/azure-pipelines/win32/product-build-win32-node-modules.yml b/build/azure-pipelines/win32/product-build-win32-node-modules.yml index 6780073f57af7d..9167e5b6a004b8 100644 --- a/build/azure-pipelines/win32/product-build-win32-node-modules.yml +++ b/build/azure-pipelines/win32/product-build-win32-node-modules.yml @@ -29,9 +29,9 @@ jobs: - task: AzureKeyVault@2 displayName: "Azure Key Vault: Get Secrets" inputs: - azureSubscription: vscode - KeyVaultName: vscode-build-secrets - SecretsFilter: "github-distro-mixin-password" + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" - powershell: node build/setup-npm-registry.ts $env:NPM_REGISTRY condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none')) @@ -76,7 +76,7 @@ jobs: npm_config_foreground_scripts: "true" ELECTRON_SKIP_BINARY_DOWNLOAD: 1 PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" retryCountOnTaskFailure: 5 displayName: Install dependencies condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true')) diff --git a/build/azure-pipelines/win32/sdl-scan-win32.yml b/build/azure-pipelines/win32/sdl-scan-win32.yml index 1d41892bf8d314..65c3423d648005 100644 --- a/build/azure-pipelines/win32/sdl-scan-win32.yml +++ b/build/azure-pipelines/win32/sdl-scan-win32.yml @@ -22,9 +22,9 @@ steps: - task: AzureKeyVault@2 displayName: "Azure Key Vault: Get Secrets" inputs: - azureSubscription: vscode - KeyVaultName: vscode-build-secrets - SecretsFilter: "github-distro-mixin-password" + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" - powershell: node build/setup-npm-registry.ts $env:NPM_REGISTRY condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none')) @@ -88,7 +88,7 @@ steps: npm_config_foreground_scripts: "true" ELECTRON_SKIP_BINARY_DOWNLOAD: 1 PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" retryCountOnTaskFailure: 5 displayName: Install dependencies @@ -106,12 +106,13 @@ steps: - powershell: npm run gulp core-ci env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Compile - powershell: npm run gulp "vscode-symbols-win32-${{ parameters.VSCODE_ARCH }}" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) displayName: Download Symbols - powershell: | diff --git a/build/azure-pipelines/win32/steps/product-build-win32-compile.yml b/build/azure-pipelines/win32/steps/product-build-win32-compile.yml index 2539ad4f9180c1..aec58636905390 100644 --- a/build/azure-pipelines/win32/steps/product-build-win32-compile.yml +++ b/build/azure-pipelines/win32/steps/product-build-win32-compile.yml @@ -33,9 +33,9 @@ steps: - task: AzureKeyVault@2 displayName: "Azure Key Vault: Get Secrets" inputs: - azureSubscription: vscode - KeyVaultName: vscode-build-secrets - SecretsFilter: "github-distro-mixin-password" + azureSubscription: vscode-oss-build-secrets + KeyVaultName: vscode-oss-build-secrets + SecretsFilter: "github-token-code-oss" - powershell: node build/setup-npm-registry.ts $env:NPM_REGISTRY condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none')) @@ -84,7 +84,7 @@ steps: npm_config_foreground_scripts: "true" ELECTRON_SKIP_BINARY_DOWNLOAD: 1 PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" retryCountOnTaskFailure: 5 displayName: Install dependencies condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true')) @@ -126,7 +126,7 @@ steps: - powershell: npm run gulp core-ci env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" displayName: Compile - script: node build/azure-pipelines/common/extract-telemetry.ts @@ -168,7 +168,8 @@ steps: echo "##vso[task.setvariable variable=BUILT_CLIENT]true" echo "##vso[task.setvariable variable=CodeSigningFolderPath]$(Agent.BuildDirectory)/VSCode-win32-$(VSCODE_ARCH)" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) displayName: Build client # Note: the appx prepare step has to follow Build client step since build step replaces the template @@ -199,7 +200,8 @@ steps: echo "##vso[task.setvariable variable=BUILT_SERVER]true" echo "##vso[task.setvariable variable=CodeSigningFolderPath]$(CodeSigningFolderPath),$(Agent.BuildDirectory)/vscode-server-win32-$(VSCODE_ARCH)" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) displayName: Build server - powershell: | @@ -213,7 +215,8 @@ steps: echo "##vso[task.setvariable variable=BUILT_WEB]true" echo "##vso[task.setvariable variable=CodeSigningFolderPath]$(CodeSigningFolderPath),$(Agent.BuildDirectory)/vscode-server-win32-$(VSCODE_ARCH)-web" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) displayName: Build server (web) - ${{ if ne(parameters.VSCODE_CIBUILD, true) }}: diff --git a/build/azure-pipelines/win32/steps/product-build-win32-test.yml b/build/azure-pipelines/win32/steps/product-build-win32-test.yml index 187856b227229f..128ff569ca03ee 100644 --- a/build/azure-pipelines/win32/steps/product-build-win32-test.yml +++ b/build/azure-pipelines/win32/steps/product-build-win32-test.yml @@ -11,7 +11,8 @@ parameters: steps: - powershell: npm exec -- npm-run-all2 -lp "electron $(VSCODE_ARCH)" "playwright-install" env: - GITHUB_TOKEN: "$(github-distro-mixin-password)" + GITHUB_TOKEN: "$(github-token-code-oss)" + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) displayName: Download Electron and Playwright retryCountOnTaskFailure: 3 diff --git a/build/gulpfile.reh.ts b/build/gulpfile.reh.ts index 62c30da5216af7..b00894781aee62 100644 --- a/build/gulpfile.reh.ts +++ b/build/gulpfile.reh.ts @@ -26,9 +26,11 @@ import { compileBuildWithManglingTask } from './gulpfile.compile.ts'; import { cleanExtensionsBuildTask, compileNonNativeExtensionsBuildTask, compileNativeExtensionsBuildTask, compileExtensionMediaBuildTask, compileCopilotExtensionBuildTask } from './gulpfile.extensions.ts'; import { vscodeWebResourceIncludes, createVSCodeWebFileContentMapper } from './gulpfile.vscode.web.ts'; import * as cp from 'child_process'; +import crypto from 'crypto'; import log from 'fancy-log'; import buildfile from './buildfile.ts'; -import { fetchUrls, fetchGithub } from './lib/fetch.ts'; +import { fetchUrls } from './lib/fetch.ts'; +import { downloadFeedPackage } from './lib/azureFeed.ts'; import { getCopilotExcludeFilter, getCopilotRuntimePrebuildFiles, getCopilotTgrepExcludeFilter, getRipgrepExcludeFilter, prepareBuiltInCopilotRipgrepShim } from './lib/copilot.ts'; import { readAgentSdkResults } from './agent-sdk/common.ts'; @@ -208,6 +210,44 @@ function patchElfLoadAlign(): NodeJS.ReadWriteStream { const { nodeVersion, internalNodeVersion } = getNodeVersion(); +// In product builds, the server (reh) Node.js binaries are fetched on demand +// from our Azure Artifacts feed named by `product.nodejsArtifactFeed` using the +// `az` CLI, instead of from nodejs.org (which is used by OSS builds when no feed +// is configured). Each universal package contains exactly one file, named after +// the asset minus its last extension, lowercased and sanitized (e.g. +// `node-v24.15.0-linux-x64.tar`, `win-x64-node`). +const nodejsArtifactFeed = product.nodejsArtifactFeed; + +function internalNodeFeedPackageName(assetName: string): string { + return assetName + .replace(/\.[^.]+$/, '') + .toLowerCase() + .replace(/[^a-z0-9._-]+/g, '-') + .replace(/^[._-]+/, '') + .replace(/[._-]+$/, ''); +} + +function fetchNodejsFromInternalFeed(feed: string, assetName: string, version: string, checksumSha256: string | undefined): NodeJS.ReadWriteStream { + const result = es.through(); + (async () => { + try { + const filePath = await downloadFeedPackage(REPO_ROOT, 'nodejs-feed', { feed, name: internalNodeFeedPackageName(assetName), version }); + const contents = await fs.promises.readFile(filePath); + if (checksumSha256) { + const actual = crypto.createHash('sha256').update(contents).digest('hex'); + if (actual !== checksumSha256) { + throw new Error(`Checksum mismatch for ${assetName} (expected ${checksumSha256}, actual ${actual})`); + } + } + result.emit('data', new File({ path: path.basename(filePath), contents })); + result.emit('end'); + } catch (err) { + result.emit('error', err); + } + })(); + return result; +} + BUILD_TARGETS.forEach(({ platform, arch }) => { task.task(task.define(`node-${platform}-${arch}`, () => { const nodePath = path.join('.build', 'node', `v${nodeVersion}`, `${platform}-${arch}`); @@ -237,13 +277,13 @@ function nodejs(platform: string, arch: string): NodeJS.ReadWriteStream | undefi arch = 'x64'; } - log(`Downloading node.js ${nodeVersion} ${platform} ${arch} from ${product.nodejsRepository}...`); + log(`Downloading node.js ${nodeVersion} ${platform} ${arch} from ${nodejsArtifactFeed || 'https://nodejs.org'}...`); const glibcPrefix = process.env['VSCODE_NODE_GLIBC'] ?? ''; let expectedName: string | undefined; switch (platform) { case 'win32': - expectedName = product.nodejsRepository !== 'https://nodejs.org' ? + expectedName = nodejsArtifactFeed ? `win-${arch}-node.exe` : `win-${arch}/node.exe`; break; @@ -267,14 +307,14 @@ function nodejs(platform: string, arch: string): NodeJS.ReadWriteStream | undefi switch (platform) { case 'win32': - return (product.nodejsRepository !== 'https://nodejs.org' ? - fetchGithub(product.nodejsRepository, { version: `${nodeVersion}-${internalNodeVersion}`, name: expectedName!, checksumSha256 }) : + return (nodejsArtifactFeed ? + fetchNodejs(expectedName!, checksumSha256) : fetchUrls(`/dist/v${nodeVersion}/win-${arch}/node.exe`, { base: 'https://nodejs.org', checksumSha256 })) .pipe(rename('node.exe')); case 'darwin': case 'linux': { - const downloaded = (product.nodejsRepository !== 'https://nodejs.org' ? - fetchGithub(product.nodejsRepository, { version: `${nodeVersion}-${internalNodeVersion}`, name: expectedName!, checksumSha256 }) : + const downloaded = (nodejsArtifactFeed ? + fetchNodejs(expectedName!, checksumSha256) : fetchUrls(`/dist/v${nodeVersion}/node-v${nodeVersion}-${platform}-${arch}.tar.gz`, { base: 'https://nodejs.org', checksumSha256 }) ).pipe(flatmap(stream => stream.pipe(gunzip()).pipe(untar()))) .pipe(filter('**/node')) @@ -283,8 +323,8 @@ function nodejs(platform: string, arch: string): NodeJS.ReadWriteStream | undefi return platform === 'linux' && arch === 'x64' ? downloaded.pipe(patchElfLoadAlign()) : downloaded; } case 'alpine': - return product.nodejsRepository !== 'https://nodejs.org' ? - fetchGithub(product.nodejsRepository, { version: `${nodeVersion}-${internalNodeVersion}`, name: expectedName!, checksumSha256 }) + return nodejsArtifactFeed ? + fetchNodejs(expectedName!, checksumSha256) .pipe(flatmap(stream => stream.pipe(gunzip()).pipe(untar()))) .pipe(filter('**/node')) .pipe(util.setExecutableBit('**')) @@ -293,6 +333,13 @@ function nodejs(platform: string, arch: string): NodeJS.ReadWriteStream | undefi } } +// Fetches a server (reh) Node.js asset from the Azure Artifacts feed named by +// `product.nodejsArtifactFeed`. Only called when that feed is configured. +function fetchNodejs(assetName: string, checksumSha256: string | undefined): NodeJS.ReadWriteStream { + const version = `${nodeVersion}-${internalNodeVersion}`; + return fetchNodejsFromInternalFeed(nodejsArtifactFeed, assetName, version, checksumSha256); +} + function packageTask(type: string, platform: string, arch: string, sourceFolderName: string, destinationFolderName: string) { const destination = path.join(BUILD_ROOT, destinationFolderName); diff --git a/build/lib/azureFeed.ts b/build/lib/azureFeed.ts new file mode 100644 index 00000000000000..f32fb21885daa0 --- /dev/null +++ b/build/lib/azureFeed.ts @@ -0,0 +1,71 @@ +/*--------------------------------------------------------------------------------------------- + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. See License.txt in the project root for license information. + *--------------------------------------------------------------------------------------------*/ + +import cp from 'child_process'; +import fs from 'fs'; +import path from 'path'; + +function getEnv(name: string): string { + const value = process.env[name]; + if (!value) { + throw new Error(`Missing required environment variable: ${name}`); + } + return value; +} + +function azExecFile(args: string[]): Promise { + return new Promise((resolve, reject) => { + const child = cp.spawn('az', args, { stdio: 'inherit', shell: process.platform === 'win32' }); + child.on('error', reject); + child.on('close', code => code === 0 ? resolve() : reject(new Error(`az ${args[0]} ${args[1] ?? ''} exited with code ${code}`))); + }); +} + +let azureDevOpsExtension: Promise | undefined; +function ensureAzureDevOpsExtension(): Promise { + if (!azureDevOpsExtension) { + azureDevOpsExtension = (async () => { + const result = cp.spawnSync('az', ['extension', 'show', '--name', 'azure-devops'], { stdio: 'ignore', shell: process.platform === 'win32' }); + if (result.status !== 0) { + await azExecFile(['extension', 'add', '--name', 'azure-devops', '--only-show-errors']); + } + })(); + } + return azureDevOpsExtension; +} + +export interface IFeedPackage { + readonly feed: string; + readonly name: string; + readonly version: string; +} + +/** + * Downloads a universal package from an Azure Artifacts feed into a cache + * directory under `/.build/` and returns the absolute path to + * the single file it contains. Subsequent requests for the same package are + * served from the cache. + * @param root the repository root + * @param cacheDir the `.build` sub directory used to cache downloaded packages + * @param pkg the feed, package name and version to download + */ +export async function downloadFeedPackage(root: string, cacheDir: string, pkg: IFeedPackage): Promise { + const dir = path.join(root, '.build', cacheDir, `${pkg.name}-${pkg.version}`); + if (!fs.existsSync(dir)) { + await ensureAzureDevOpsExtension(); + await azExecFile([ + 'artifacts', 'universal', 'download', + '--organization', getEnv('SYSTEM_COLLECTIONURI').replace(/\/+$/, ''), + '--project', getEnv('SYSTEM_TEAMPROJECT'), + '--scope', 'project', + '--feed', pkg.feed, + '--name', pkg.name, + '--version', pkg.version, + '--path', dir, + ]); + } + const [only] = await fs.promises.readdir(dir); + return path.join(dir, only); +} diff --git a/build/lib/electron.ts b/build/lib/electron.ts index 016c25f7553db0..e229b875f552c7 100644 --- a/build/lib/electron.ts +++ b/build/lib/electron.ts @@ -5,10 +5,12 @@ import fs from 'fs'; import path from 'path'; +import { Readable } from 'stream'; import vfs from 'vinyl-fs'; import { filter, jsonEditor } from './gulp/facade.ts'; import * as util from './util.ts'; import { getVersion } from './getVersion.ts'; +import { downloadFeedPackage } from './azureFeed.ts'; import electron from '@vscode/gulp-electron'; type DarwinDocumentSuffix = 'document' | 'script' | 'file' | 'source code'; @@ -101,11 +103,45 @@ function darwinBundleDocumentTypes(types: { [name: string]: string | string[] }, } const { msBuildId } = util.getElectronVersion(); -const electronVersion = '42.2.0'; +export const electronVersion = '42.2.0'; + +// In product builds, `@vscode/gulp-electron` is given an asset resolver (via the +// `repo` option) that fetches the prebuilt Electron archives on demand from the +// Azure Artifacts feed named by `product.electronArtifactFeed` using the `az` +// CLI, instead of downloading them from electron's official GitHub releases +// (which OSS builds use when no feed is configured). Each universal package +// contains exactly one file, which is streamed back as a `Response` and +// validated against the feed's `SHASUMS256.txt`. +const electronFeed: string | undefined = product.electronArtifactFeed; + +// Maps the artifact file name `@vscode/gulp-electron` requests to the matching +// universal package name in the feed, or `undefined` when it is not mirrored. +function feedPackageName(fileName: string): string | undefined { + if (fileName === 'SHASUMS256.txt') { + return 'shasums256'; + } + if (fileName.endsWith('-symbols.zip')) { + return undefined; + } + return fileName.replace(/\.zip$/, ''); +} + +const electronAssetResolver = electronFeed + ? async ({ fileName }: { url: string; fileName: string }): Promise => { + const name = feedPackageName(fileName); + if (!name) { + return new Response(null, { status: 404 }); + } + const version = `${electronVersion}-${msBuildId}`; + const filePath = await downloadFeedPackage(root, 'electron-feed', { feed: electronFeed, name, version }); + const size = (await fs.promises.stat(filePath)).size; + const body = Readable.toWeb(fs.createReadStream(filePath)) as ReadableStream; + return new Response(body, { status: 200, headers: { 'Content-Length': String(size) } }); + } + : undefined; export const config = { version: electronVersion, - tag: product.electronRepository ? `v${electronVersion}-${msBuildId}` : undefined, productAppName: product.nameLong, companyName: 'Microsoft Corporation', copyright: 'Copyright (C) 2026 Microsoft. All rights reserved', @@ -203,7 +239,7 @@ export const config = { linuxExecutableName: product.applicationName, winIcon: 'resources/win32/code.ico', token: process.env['GITHUB_TOKEN'], - repo: product.electronRepository || undefined, + repo: electronAssetResolver, validateChecksum: true, checksumFile: path.join(root, 'build', 'checksums', 'electron.txt'), createVersionedResources: useVersionedUpdate, diff --git a/build/npm/postinstall.ts b/build/npm/postinstall.ts index 0d00ac3926141f..5df04a796373f5 100644 --- a/build/npm/postinstall.ts +++ b/build/npm/postinstall.ts @@ -79,7 +79,7 @@ async function npmInstallAsync(dir: string, opts?: child_process.SpawnOptions): 'docker', 'run', '-e', 'GITHUB_TOKEN', '-v', `${process.env['VSCODE_HOST_MOUNT']}:/root/vscode`, - '-v', `${process.env['VSCODE_HOST_MOUNT']}/.build/.netrc:/root/.netrc`, + '-v', `${process.env['VSCODE_HOST_MOUNT']}/.build/.gitconfig-distro:/root/.gitconfig`, '-v', `${process.env['VSCODE_NPMRC_PATH']}:/root/.npmrc`, '-w', path.resolve('/root/vscode', dir), process.env['VSCODE_REMOTE_DEPENDENCIES_CONTAINER_NAME'], diff --git a/build/setup-npm-registry.ts b/build/setup-npm-registry.ts index 670c3e339db0f8..4560f2c0007286 100644 --- a/build/setup-npm-registry.ts +++ b/build/setup-npm-registry.ts @@ -37,6 +37,10 @@ async function setup(url: string, file: string): Promise { * Main function to set up custom NPM registry */ async function main(url: string, dir?: string): Promise { + if (!url) { + throw new Error('Usage: node setup-npm-registry.ts [dir]. A registry URL is required.'); + } + const root = dir ?? process.cwd(); for await (const file of getPackageLockFiles(root)) { @@ -45,4 +49,7 @@ async function main(url: string, dir?: string): Promise { } } -main(process.argv[2], process.argv[3]); +main(process.argv[2], process.argv[3]).catch(err => { + console.error(err.message); + process.exit(1); +}); diff --git a/package-lock.json b/package-lock.json index 5a343cdc62b701..450186b2b58199 100644 --- a/package-lock.json +++ b/package-lock.json @@ -108,7 +108,7 @@ "@typescript/native-preview": "^7.0.0-dev.20260609", "@vscode/component-explorer": "^0.2.1-58", "@vscode/component-explorer-cli": "^0.2.1-59", - "@vscode/gulp-electron": "1.41.3", + "@vscode/gulp-electron": "^1.42.0", "@vscode/l10n-dev": "0.0.35", "@vscode/telemetry-extractor": "^1.20.2", "@vscode/test-cli": "^0.0.6", @@ -1146,9 +1146,6 @@ "cpu": [ "arm64" ], - "libc": [ - "glibc" - ], "license": "SEE LICENSE IN LICENSE.md", "optional": true, "os": [ @@ -1165,9 +1162,6 @@ "cpu": [ "x64" ], - "libc": [ - "glibc" - ], "license": "SEE LICENSE IN LICENSE.md", "optional": true, "os": [ @@ -1184,9 +1178,6 @@ "cpu": [ "arm64" ], - "libc": [ - "musl" - ], "license": "SEE LICENSE IN LICENSE.md", "optional": true, "os": [ @@ -1203,9 +1194,6 @@ "cpu": [ "x64" ], - "libc": [ - "musl" - ], "license": "SEE LICENSE IN LICENSE.md", "optional": true, "os": [ @@ -2827,6 +2815,19 @@ "dev": true, "license": "MIT" }, + "node_modules/@sindresorhus/is": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-8.1.0.tgz", + "integrity": "sha512-2SX/1jW6CIMAiebvVv5ZInoCEuWQmMyBoJXXGC6Vjakjp/fpxP5eHs7/V6WKuPEIbuK06+VpjH+vjLQhr98rDQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=22" + }, + "funding": { + "url": "https://github.com/sindresorhus/is?sponsor=1" + } + }, "node_modules/@sinonjs/commons": { "version": "1.8.3", "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.3.tgz", @@ -3024,9 +3025,9 @@ } }, "node_modules/@types/http-cache-semantics": { - "version": "4.0.4", - "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", - "integrity": "sha512-1m0bIFVc7eJWyve9S0RnuRgcQqF/Xd5QsUZAZeQFr1Q3/p9JWoQQEqmVy+DPTNpGXwhgIetAoYF8JSc33q29QA==", + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.2.0.tgz", + "integrity": "sha512-L3LgimLHXtGkWikKnsPg0/VFx9OGZaC+eN1u4r+OB1XRqH3meBIAVC2zr1WdMH+RHmnRkqliQAOHNJ/E0j/e0Q==", "dev": true, "license": "MIT" }, @@ -3750,15 +3751,16 @@ "license": "MIT" }, "node_modules/@vscode/gulp-electron": { - "version": "1.41.3", - "resolved": "https://registry.npmjs.org/@vscode/gulp-electron/-/gulp-electron-1.41.3.tgz", - "integrity": "sha512-M+f3LqnZKyIf3k5fxAeKHtz5/0V9PALJqneVh7vDZ32wdbokhFmfVqzP8Z+alBjZViuL80cLe65znjELnsxUBw==", + "version": "1.42.0", + "resolved": "https://registry.npmjs.org/@vscode/gulp-electron/-/gulp-electron-1.42.0.tgz", + "integrity": "sha512-DQLhu7p3GnGAc1tvYtArqp3duHD+b7ddpWitqYckdioFJGAszUSf7o6KZ5szo6sjFBz+E8rvpu9EMYOjdAAMzg==", "dev": true, "license": "MIT", "dependencies": { - "@electron/get": "^4.0.1", + "@electron/get": "^5.0.0", "@octokit/rest": "^22.0.0", "event-stream": "3.3.4", + "got": "^15.0.5", "gulp-filter": "^5.1.0", "gulp-rename": "1.2.2", "gulp-symdest": "^1.2.0", @@ -3778,203 +3780,6 @@ "node": ">=22" } }, - "node_modules/@vscode/gulp-electron/node_modules/@electron/get": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@electron/get/-/get-4.0.1.tgz", - "integrity": "sha512-fTMFb/ZiK6xQace5YZlhT+vNR08ogat9SqpvwpaC9vD6hgx7ouz9cdcrSrFuNji4823Jmmy90/CDhJq0I4vRFA==", - "dev": true, - "license": "MIT", - "dependencies": { - "debug": "^4.1.1", - "env-paths": "^3.0.0", - "got": "^14.4.5", - "graceful-fs": "^4.2.11", - "progress": "^2.0.3", - "semver": "^7.6.3", - "sumchecker": "^3.0.1" - }, - "engines": { - "node": ">=22.12.0" - }, - "optionalDependencies": { - "global-agent": "^3.0.0" - } - }, - "node_modules/@vscode/gulp-electron/node_modules/@electron/get/node_modules/progress": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", - "integrity": "sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/@vscode/gulp-electron/node_modules/@sindresorhus/is": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-7.2.0.tgz", - "integrity": "sha512-P1Cz1dWaFfR4IR+U13mqqiGsLFf1KbayybWwdd2vfctdV6hDpUkgCY0nKOLLTMSoRd/jJNjtbqzf13K8DCCXQw==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=18" - }, - "funding": { - "url": "https://github.com/sindresorhus/is?sponsor=1" - } - }, - "node_modules/@vscode/gulp-electron/node_modules/cacheable-lookup": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", - "integrity": "sha512-+qJyx4xiKra8mZrcwhjMRMUhD5NR1R8esPkzIYxX96JiecFoxAXFuz/GpR3+ev4PE1WamHip78wV0vcmPQtp8w==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=14.16" - } - }, - "node_modules/@vscode/gulp-electron/node_modules/cacheable-request": { - "version": "13.0.18", - "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-13.0.18.tgz", - "integrity": "sha512-rFWadDRKJs3s2eYdXlGggnBZKG7MTblkFBB0YllFds+UYnfogDp2wcR6JN97FhRkHTvq59n2vhNoHNZn29dh/Q==", - "dev": true, - "license": "MIT", - "dependencies": { - "@types/http-cache-semantics": "^4.0.4", - "get-stream": "^9.0.1", - "http-cache-semantics": "^4.2.0", - "keyv": "^5.5.5", - "mimic-response": "^4.0.0", - "normalize-url": "^8.1.1", - "responselike": "^4.0.2" - }, - "engines": { - "node": ">=18" - } - }, - "node_modules/@vscode/gulp-electron/node_modules/decompress-response": { - "version": "10.0.0", - "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-10.0.0.tgz", - "integrity": "sha512-oj7KWToJuuxlPr7VV0vabvxEIiqNMo+q0NueIiL3XhtwC6FVOX7Hr1c0C4eD0bmf7Zr+S/dSf2xvkH3Ad6sU3Q==", - "dev": true, - "license": "MIT", - "dependencies": { - "mimic-response": "^4.0.0" - }, - "engines": { - "node": ">=20" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/@vscode/gulp-electron/node_modules/get-stream": { - "version": "9.0.1", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-9.0.1.tgz", - "integrity": "sha512-kVCxPF3vQM/N0B1PmoqVUqgHP+EeVjmZSQn+1oCRPxd2P21P2F19lIgbR3HBosbB1PUhOAoctJnfEn2GbN2eZA==", - "dev": true, - "license": "MIT", - "dependencies": { - "@sec-ant/readable-stream": "^0.4.1", - "is-stream": "^4.0.1" - }, - "engines": { - "node": ">=18" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/@vscode/gulp-electron/node_modules/got": { - "version": "14.6.6", - "resolved": "https://registry.npmjs.org/got/-/got-14.6.6.tgz", - "integrity": "sha512-QLV1qeYSo5l13mQzWgP/y0LbMr5Plr5fJilgAIwgnwseproEbtNym8xpLsDzeZ6MWXgNE6kdWGBjdh3zT/Qerg==", - "dev": true, - "license": "MIT", - "dependencies": { - "@sindresorhus/is": "^7.0.1", - "byte-counter": "^0.1.0", - "cacheable-lookup": "^7.0.0", - "cacheable-request": "^13.0.12", - "decompress-response": "^10.0.0", - "form-data-encoder": "^4.0.2", - "http2-wrapper": "^2.2.1", - "keyv": "^5.5.3", - "lowercase-keys": "^3.0.0", - "p-cancelable": "^4.0.1", - "responselike": "^4.0.2", - "type-fest": "^4.26.1" - }, - "engines": { - "node": ">=20" - }, - "funding": { - "url": "https://github.com/sindresorhus/got?sponsor=1" - } - }, - "node_modules/@vscode/gulp-electron/node_modules/http2-wrapper": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", - "integrity": "sha512-V5nVw1PAOgfI3Lmeaj2Exmeg7fenjhRUgz1lPSezy1CuhPYbgQtbQj4jZfEAEMlaL+vupsvhjqCyjzob0yxsmQ==", - "dev": true, - "license": "MIT", - "dependencies": { - "quick-lru": "^5.1.1", - "resolve-alpn": "^1.2.0" - }, - "engines": { - "node": ">=10.19.0" - } - }, - "node_modules/@vscode/gulp-electron/node_modules/is-stream": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-4.0.1.tgz", - "integrity": "sha512-Dnz92NInDqYckGEUJv689RbRiTSEHCQ7wOVeALbkOz999YpqT46yMRIGtSNl2iCL1waAZSx40+h59NV/EwzV/A==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=18" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/@vscode/gulp-electron/node_modules/keyv": { - "version": "5.6.0", - "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.6.0.tgz", - "integrity": "sha512-CYDD3SOtsHtyXeEORYRx2qBtpDJFjRTGXUtmNEMGyzYOKj1TE3tycdlho7kA1Ufx9OYWZzg52QFBGALTirzDSw==", - "dev": true, - "license": "MIT", - "dependencies": { - "@keyv/serialize": "^1.1.1" - } - }, - "node_modules/@vscode/gulp-electron/node_modules/lowercase-keys": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", - "integrity": "sha512-ozCC6gdQ+glXOQsveKD0YsDy8DSQFjDTz4zyzEHNV5+JP5D62LmfDZ6o1cycFx9ouG940M5dE8C8CTewdj2YWQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": "^12.20.0 || ^14.13.1 || >=16.0.0" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/@vscode/gulp-electron/node_modules/mimic-response": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", - "integrity": "sha512-e5ISH9xMYU0DzrT+jl8q2ze9D6eWBto+I8CNpe+VI+K2J/F/k3PdkdTdz4wvGVH4NTpo+NRYTVIuMQEMMcsLqg==", - "dev": true, - "license": "MIT", - "engines": { - "node": "^12.20.0 || ^14.13.1 || >=16.0.0" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, "node_modules/@vscode/gulp-electron/node_modules/mkdirp": { "version": "0.5.5", "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz", @@ -3987,29 +3792,6 @@ "mkdirp": "bin/cmd.js" } }, - "node_modules/@vscode/gulp-electron/node_modules/normalize-url": { - "version": "8.1.1", - "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.1.1.tgz", - "integrity": "sha512-JYc0DPlpGWB40kH5g07gGTrYuMqV653k3uBKY6uITPWds3M0ov3GaWGp9lbE3Bzngx8+XkfzgvASb9vk9JDFXQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=14.16" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/@vscode/gulp-electron/node_modules/p-cancelable": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-4.0.1.tgz", - "integrity": "sha512-wBowNApzd45EIKdO1LaU+LrMBwAcjfPaYtVzV3lmfM3gf8Z4CHZsiIqlM8TZZ8okYvh5A1cP6gTfCRQtwUpaUg==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=14.16" - } - }, "node_modules/@vscode/gulp-electron/node_modules/rcedit": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/rcedit/-/rcedit-4.0.1.tgz", @@ -4023,22 +3805,6 @@ "node": ">= 14.0.0" } }, - "node_modules/@vscode/gulp-electron/node_modules/responselike": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/responselike/-/responselike-4.0.2.tgz", - "integrity": "sha512-cGk8IbWEAnaCpdAt1BHzJ3Ahz5ewDJa0KseTsE3qIRMJ3C698W8psM7byCeWVpd/Ha7FUYzuRVzXoKoM6nRUbA==", - "dev": true, - "license": "MIT", - "dependencies": { - "lowercase-keys": "^3.0.0" - }, - "engines": { - "node": ">=20" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, "node_modules/@vscode/iconv-lite-umd": { "version": "0.7.1", "resolved": "https://registry.npmjs.org/@vscode/iconv-lite-umd/-/iconv-lite-umd-0.7.1.tgz", @@ -5595,13 +5361,6 @@ "integrity": "sha1-aN/1++YMUes3cl6p4+0xDcwed24= sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==", "dev": true }, - "node_modules/boolean": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/boolean/-/boolean-3.0.2.tgz", - "integrity": "sha512-RwywHlpCRc3/Wh81MiCKun4ydaIFyW5Ea6JbL6sRCVx5q5irDw7pMXBUFYF/jArQ6YrG36q0kpovc9P/Kd3I4g==", - "dev": true, - "optional": true - }, "node_modules/brace-expansion": { "version": "1.1.13", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz", @@ -5821,6 +5580,75 @@ "node": ">=0.10.0" } }, + "node_modules/cacheable-lookup": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", + "integrity": "sha512-+qJyx4xiKra8mZrcwhjMRMUhD5NR1R8esPkzIYxX96JiecFoxAXFuz/GpR3+ev4PE1WamHip78wV0vcmPQtp8w==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=14.16" + } + }, + "node_modules/cacheable-request": { + "version": "13.0.19", + "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-13.0.19.tgz", + "integrity": "sha512-SVXGH037+Mo1aIMO5B2UcleR43FGjFdN+M8JObSyEoQ2Mn4CODRWx28gN5jiTF0n5ItsgtIZfyargMNs8GX4kg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/http-cache-semantics": "^4.2.0", + "get-stream": "^9.0.1", + "http-cache-semantics": "^4.2.0", + "keyv": "^5.6.0", + "mimic-response": "^4.0.0", + "normalize-url": "^8.1.1", + "responselike": "^4.0.2" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/cacheable-request/node_modules/get-stream": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-9.0.1.tgz", + "integrity": "sha512-kVCxPF3vQM/N0B1PmoqVUqgHP+EeVjmZSQn+1oCRPxd2P21P2F19lIgbR3HBosbB1PUhOAoctJnfEn2GbN2eZA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@sec-ant/readable-stream": "^0.4.1", + "is-stream": "^4.0.1" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cacheable-request/node_modules/is-stream": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-4.0.1.tgz", + "integrity": "sha512-Dnz92NInDqYckGEUJv689RbRiTSEHCQ7wOVeALbkOz999YpqT46yMRIGtSNl2iCL1waAZSx40+h59NV/EwzV/A==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cacheable-request/node_modules/keyv": { + "version": "5.6.0", + "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.6.0.tgz", + "integrity": "sha512-CYDD3SOtsHtyXeEORYRx2qBtpDJFjRTGXUtmNEMGyzYOKj1TE3tycdlho7kA1Ufx9OYWZzg52QFBGALTirzDSw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@keyv/serialize": "^1.1.1" + } + }, "node_modules/call-bind": { "version": "1.0.9", "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.9.tgz", @@ -6029,6 +5857,19 @@ "integrity": "sha1-BKEGZywYsIWrd02YPfo+oTjyIgU= sha512-1R5Fho+jBq0DDydt+/vHWj5KJNJCKdARKOCwZUen84I5BreWoLqRLANH1U87eJy1tiASPtMnGqJJq0ZsLoRPOw==", "dev": true }, + "node_modules/chunk-data": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/chunk-data/-/chunk-data-0.1.0.tgz", + "integrity": "sha512-zFyPtyC0SZ6Zu79b9sOYtXZcgrsXe0RpePrzRyj52hYVFG1+Rk6rBqjjOEk+GNQwc3PIX+86teQMok970pod1g==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/ci-info": { "version": "1.6.0", "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-1.6.0.tgz", @@ -7075,13 +6916,6 @@ "node": ">=0.10.0" } }, - "node_modules/detect-node": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/detect-node/-/detect-node-2.0.4.tgz", - "integrity": "sha512-ZIzRpLJrOj7jjP2miAtgqIfmzbxa4ZOr5jJc601zklsfEx9oTzmmj2nVpIPRpNlRTIh8lc1kyViIY7BWSGNmKw==", - "dev": true, - "optional": true - }, "node_modules/devtools-protocol": { "version": "0.0.1173815", "resolved": "https://registry.npmjs.org/devtools-protocol/-/devtools-protocol-0.0.1173815.tgz", @@ -7568,13 +7402,6 @@ "node": ">=0.10" } }, - "node_modules/es6-error": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/es6-error/-/es6-error-4.1.1.tgz", - "integrity": "sha512-Um/+FxMr9CISWh0bi5Zv0iOD+4cFh5qLeks1qhAopKVAJw3drgKbKySikp7wGhDL0HPeaja0P5ULZrxLkniUVg==", - "dev": true, - "optional": true - }, "node_modules/es6-iterator": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/es6-iterator/-/es6-iterator-2.0.3.tgz", @@ -9063,16 +8890,6 @@ "node": ">= 6" } }, - "node_modules/form-data-encoder": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-4.1.0.tgz", - "integrity": "sha512-G6NsmEW15s0Uw9XnCg+33H3ViYRyiM0hMrMhhqQOR8NFc5GhYrI+6I3u7OTw7b91J2g8rtvMBZJDbcGb2YUniw==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">= 18" - } - }, "node_modules/forwarded": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", @@ -9769,24 +9586,6 @@ "node": ">=0.10.0" } }, - "node_modules/global-agent": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/global-agent/-/global-agent-3.0.0.tgz", - "integrity": "sha512-PT6XReJ+D07JvGoxQMkT6qji/jVNfX/h364XHZOWeRzy64sSFr+xJ5OX7LI3b4MPQzdL4H8Y8M0xzPpsVMwA8Q==", - "dev": true, - "optional": true, - "dependencies": { - "boolean": "^3.0.1", - "es6-error": "^4.1.1", - "matcher": "^3.0.0", - "roarr": "^2.15.3", - "semver": "^7.3.2", - "serialize-error": "^7.0.1" - }, - "engines": { - "node": ">=10.0" - } - }, "node_modules/global-modules": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/global-modules/-/global-modules-1.0.0.tgz", @@ -9883,6 +9682,59 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/got": { + "version": "15.0.5", + "resolved": "https://registry.npmjs.org/got/-/got-15.0.5.tgz", + "integrity": "sha512-PMIMaZuYUCK43+Z9JWEXea4kkX2b3301m81D5TS6QpfG4PmNyirzEdO/Oa2OHAN4GsjnPfvWCWsshKN2rq4/gQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@sindresorhus/is": "^8.0.0", + "byte-counter": "^0.1.0", + "cacheable-lookup": "^7.0.0", + "cacheable-request": "^13.0.18", + "chunk-data": "^0.1.0", + "decompress-response": "^10.0.0", + "http2-wrapper": "^2.2.1", + "keyv": "^5.6.0", + "lowercase-keys": "^4.0.1", + "responselike": "^4.0.2", + "type-fest": "^5.6.0", + "uint8array-extras": "^1.5.0" + }, + "engines": { + "node": ">=22" + }, + "funding": { + "url": "https://github.com/sindresorhus/got?sponsor=1" + } + }, + "node_modules/got/node_modules/decompress-response": { + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-10.0.0.tgz", + "integrity": "sha512-oj7KWToJuuxlPr7VV0vabvxEIiqNMo+q0NueIiL3XhtwC6FVOX7Hr1c0C4eD0bmf7Zr+S/dSf2xvkH3Ad6sU3Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "mimic-response": "^4.0.0" + }, + "engines": { + "node": ">=20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/got/node_modules/keyv": { + "version": "5.6.0", + "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.6.0.tgz", + "integrity": "sha512-CYDD3SOtsHtyXeEORYRx2qBtpDJFjRTGXUtmNEMGyzYOKj1TE3tycdlho7kA1Ufx9OYWZzg52QFBGALTirzDSw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@keyv/serialize": "^1.1.1" + } + }, "node_modules/graceful-fs": { "version": "4.2.11", "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", @@ -11459,6 +11311,20 @@ "node": ">= 14" } }, + "node_modules/http2-wrapper": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", + "integrity": "sha512-V5nVw1PAOgfI3Lmeaj2Exmeg7fenjhRUgz1lPSezy1CuhPYbgQtbQj4jZfEAEMlaL+vupsvhjqCyjzob0yxsmQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "quick-lru": "^5.1.1", + "resolve-alpn": "^1.2.0" + }, + "engines": { + "node": ">=10.19.0" + } + }, "node_modules/https-proxy-agent": { "version": "7.0.6", "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz", @@ -12741,14 +12607,6 @@ "integrity": "sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE= sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==", "dev": true }, - "node_modules/json-stringify-safe": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", - "integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==", - "dev": true, - "license": "ISC", - "optional": true - }, "node_modules/json5": { "version": "2.2.3", "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", @@ -13274,6 +13132,19 @@ "loose-envify": "cli.js" } }, + "node_modules/lowercase-keys": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-4.0.1.tgz", + "integrity": "sha512-wI9Nui/L8VfADa/cr/7NQruaASk1k23/Uh1khQ02BCVYiiy8F4AhOGnQzJy3Fl/c44GnYSbZHv8g7EcG3kJ1Qg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/lru-cache": { "version": "4.1.5", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz", @@ -13567,19 +13438,6 @@ "node": ">=0.10.0" } }, - "node_modules/matcher": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/matcher/-/matcher-3.0.0.tgz", - "integrity": "sha512-OkeDaAZ/bQCxeFAozM55PKcKU0yJMPGifLwV4Qgjitu+5MoAfSQN4lsLJeXZ1b8w0x+/Emda6MZgXS1jvsapng==", - "dev": true, - "optional": true, - "dependencies": { - "escape-string-regexp": "^4.0.0" - }, - "engines": { - "node": ">=10" - } - }, "node_modules/math-intrinsics": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", @@ -13750,6 +13608,19 @@ "node": ">=6" } }, + "node_modules/mimic-response": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", + "integrity": "sha512-e5ISH9xMYU0DzrT+jl8q2ze9D6eWBto+I8CNpe+VI+K2J/F/k3PdkdTdz4wvGVH4NTpo+NRYTVIuMQEMMcsLqg==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/minimatch": { "version": "3.1.5", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz", @@ -14389,6 +14260,19 @@ "node": ">=0.10.0" } }, + "node_modules/normalize-url": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.1.1.tgz", + "integrity": "sha512-JYc0DPlpGWB40kH5g07gGTrYuMqV653k3uBKY6uITPWds3M0ov3GaWGp9lbE3Bzngx8+XkfzgvASb9vk9JDFXQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/now-and-later": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/now-and-later/-/now-and-later-2.0.1.tgz", @@ -15808,6 +15692,7 @@ "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", "integrity": "sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==", "dev": true, + "license": "MIT", "engines": { "node": ">=10" }, @@ -16318,7 +16203,8 @@ "version": "1.2.1", "resolved": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", "integrity": "sha512-0a1F4l73/ZFZOakJnQ3FvkJ2+gSTQWz/r2KE5OdDY0TxPm5h4GkqkWWfM47T7HsbnOtcJVEF4epCVy6u7Q3K+g==", - "dev": true + "dev": true, + "license": "MIT" }, "node_modules/resolve-dir": { "version": "1.0.1", @@ -16420,6 +16306,35 @@ "deprecated": "https://github.com/lydell/resolve-url#deprecated", "dev": true }, + "node_modules/responselike": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/responselike/-/responselike-4.0.2.tgz", + "integrity": "sha512-cGk8IbWEAnaCpdAt1BHzJ3Ahz5ewDJa0KseTsE3qIRMJ3C698W8psM7byCeWVpd/Ha7FUYzuRVzXoKoM6nRUbA==", + "dev": true, + "license": "MIT", + "dependencies": { + "lowercase-keys": "^3.0.0" + }, + "engines": { + "node": ">=20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/responselike/node_modules/lowercase-keys": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", + "integrity": "sha512-ozCC6gdQ+glXOQsveKD0YsDy8DSQFjDTz4zyzEHNV5+JP5D62LmfDZ6o1cycFx9ouG940M5dE8C8CTewdj2YWQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/restore-cursor": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-4.0.0.tgz", @@ -16495,24 +16410,6 @@ "url": "https://github.com/sponsors/isaacs" } }, - "node_modules/roarr": { - "version": "2.15.4", - "resolved": "https://registry.npmjs.org/roarr/-/roarr-2.15.4.tgz", - "integrity": "sha512-CHhPh+UNHD2GTXNYhPWLnU8ONHdI+5DI+4EYIAOaiD63rHeYlZvyh8P+in5999TTSFgUYuKUAjzRI4mdh/p+2A==", - "dev": true, - "optional": true, - "dependencies": { - "boolean": "^3.0.1", - "detect-node": "^2.0.4", - "globalthis": "^1.0.1", - "json-stringify-safe": "^5.0.1", - "semver-compare": "^1.0.0", - "sprintf-js": "^1.1.2" - }, - "engines": { - "node": ">=8.0" - } - }, "node_modules/router": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/router/-/router-2.2.0.tgz", @@ -16690,13 +16587,6 @@ "node": ">=10" } }, - "node_modules/semver-compare": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/semver-compare/-/semver-compare-1.0.0.tgz", - "integrity": "sha1-De4hahyUGrN+nvsXiPavxf9VN/w= sha512-YM3/ITh2MJ5MtzaM429anh+x2jiLVjqILF4m4oyQB18W7Ggea7BfqdH/wGMK7dDiMghv/6WG7znWMwUDzJiXow==", - "dev": true, - "optional": true - }, "node_modules/semver-greatest-satisfied-range": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/semver-greatest-satisfied-range/-/semver-greatest-satisfied-range-1.1.0.tgz", @@ -16773,35 +16663,6 @@ "url": "https://opencollective.com/express" } }, - "node_modules/serialize-error": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/serialize-error/-/serialize-error-7.0.1.tgz", - "integrity": "sha512-8I8TjW5KMOKsZQTvoxjuSIa7foAwPWGOts+6o7sgjz41/qMD9VQHEDxi6PBvK2l0MXUmqZyNpUK+T2tQaaElvw==", - "dev": true, - "optional": true, - "dependencies": { - "type-fest": "^0.13.1" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/serialize-error/node_modules/type-fest": { - "version": "0.13.1", - "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.13.1.tgz", - "integrity": "sha512-34R7HTnG0XIJcBSn5XhDd7nNFPRcXYRZrBB2O2jdKqYODldSzBAqzsWoZYYvduky73toYS/ESqxPvkDf/F0XMg==", - "dev": true, - "optional": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, "node_modules/serialize-javascript": { "version": "7.0.5", "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-7.0.5.tgz", @@ -17515,13 +17376,6 @@ "node": ">=0.10.0" } }, - "node_modules/sprintf-js": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.3.tgz", - "integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA==", - "dev": true, - "optional": true - }, "node_modules/ssh2": { "version": "1.17.0", "resolved": "https://registry.npmjs.org/ssh2/-/ssh2-1.17.0.tgz", @@ -18175,6 +18029,19 @@ "url": "https://opencollective.com/unts" } }, + "node_modules/tagged-tag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/tagged-tag/-/tagged-tag-1.0.0.tgz", + "integrity": "sha512-yEFYrVhod+hdNyx7g5Bnkkb0G6si8HJurOoOEgC8B/O0uXLHlaey/65KRv6cuWBNhBgHKAROVpc7QyYqE5gFng==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/tapable": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.3.0.tgz", @@ -18723,13 +18590,16 @@ } }, "node_modules/type-fest": { - "version": "4.41.0", - "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.41.0.tgz", - "integrity": "sha512-TeTSQ6H5YHvpqVwBRcnLDCBnDOHWYu7IvGbHT6N8AOymcr9PJGjc1GTtiWZTYg0NCgYwvnYWEkVChQAr9bjfwA==", + "version": "5.7.0", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-5.7.0.tgz", + "integrity": "sha512-1URUxUqfHFM1c+zfSPsa3gnkO7Aq21qyH75SIduNYz4SzY964rn1X2vCMQaHSHhktiw+0kPa2iyb6PUpXqB6Vg==", "dev": true, "license": "(MIT OR CC0-1.0)", + "dependencies": { + "tagged-tag": "^1.0.0" + }, "engines": { - "node": ">=16" + "node": ">=20" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" @@ -18925,6 +18795,19 @@ "dev": true, "license": "MIT" }, + "node_modules/uint8array-extras": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/uint8array-extras/-/uint8array-extras-1.5.0.tgz", + "integrity": "sha512-rvKSBiC5zqCCiDZ9kAOszZcDvdAHwwIKJG33Ykj43OKcWsnmcBRL09YTU4nOeHZ8Y2a7l1MgTd08SBe9A8Qj6A==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/unbox-primitive": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.1.0.tgz", diff --git a/package.json b/package.json index afdde577903d6a..4ab0081fbd2a22 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "code-oss-dev", "version": "1.127.0", - "distro": "e6b302180cc8fecde16d482d0f2add78b067b6bf", + "distro": "0d726028b9bf2f38975a035474182955e771bccd", "author": { "name": "Microsoft Corporation" }, @@ -192,7 +192,7 @@ "@typescript/native-preview": "^7.0.0-dev.20260609", "@vscode/component-explorer": "^0.2.1-58", "@vscode/component-explorer-cli": "^0.2.1-59", - "@vscode/gulp-electron": "1.41.3", + "@vscode/gulp-electron": "^1.42.0", "@vscode/l10n-dev": "0.0.35", "@vscode/telemetry-extractor": "^1.20.2", "@vscode/test-cli": "^0.0.6", diff --git a/product.json b/product.json index 06ab8fcda8e8bc..9b7a7947ee3036 100644 --- a/product.json +++ b/product.json @@ -31,7 +31,8 @@ "linuxIconName": "code-oss", "licenseFileName": "LICENSE.txt", "reportIssueUrl": "https://github.com/microsoft/vscode/issues/new", - "nodejsRepository": "https://nodejs.org", + "nodejsArtifactFeed": "", + "electronArtifactFeed": "", "urlProtocol": "code-oss", "agentsTelemetryAppName": "agents", "webviewContentExternalBaseUrlTemplate": "https://{{uuid}}.vscode-cdn.net/insider/ef65ac1ba57f57f2a3961bfe94aa20481caca4c6/out/vs/workbench/contrib/webview/browser/pre/",