From b1d12998de9315e64868855e2cc575f20fb9978b Mon Sep 17 00:00:00 2001 From: Eduardo Villalpando Mello Date: Thu, 23 Apr 2026 16:06:38 -0700 Subject: [PATCH 1/5] Use ESRP for publishig --- {pythonEnvironmentsApi => api}/.npmignore | 0 {pythonEnvironmentsApi => api}/LICENSE.md | 0 {pythonEnvironmentsApi => api}/README.md | 0 {pythonEnvironmentsApi => api}/SECURITY.md | 0 .../package-lock.json | 0 {pythonEnvironmentsApi => api}/package.json | 2 +- {pythonEnvironmentsApi => api}/src/main.ts | 0 {pythonEnvironmentsApi => api}/tsconfig.json | 0 build/azure-pipeline.npm.yml | 177 +++--------------- tsconfig.json | 2 +- 10 files changed, 33 insertions(+), 148 deletions(-) rename {pythonEnvironmentsApi => api}/.npmignore (100%) rename {pythonEnvironmentsApi => api}/LICENSE.md (100%) rename {pythonEnvironmentsApi => api}/README.md (100%) rename {pythonEnvironmentsApi => api}/SECURITY.md (100%) rename {pythonEnvironmentsApi => api}/package-lock.json (100%) rename {pythonEnvironmentsApi => api}/package.json (96%) rename {pythonEnvironmentsApi => api}/src/main.ts (100%) rename {pythonEnvironmentsApi => api}/tsconfig.json (100%) diff --git a/pythonEnvironmentsApi/.npmignore b/api/.npmignore similarity index 100% rename from pythonEnvironmentsApi/.npmignore rename to api/.npmignore diff --git a/pythonEnvironmentsApi/LICENSE.md b/api/LICENSE.md similarity index 100% rename from pythonEnvironmentsApi/LICENSE.md rename to api/LICENSE.md diff --git a/pythonEnvironmentsApi/README.md b/api/README.md similarity index 100% rename from pythonEnvironmentsApi/README.md rename to api/README.md diff --git a/pythonEnvironmentsApi/SECURITY.md b/api/SECURITY.md similarity index 100% rename from pythonEnvironmentsApi/SECURITY.md rename to api/SECURITY.md diff --git a/pythonEnvironmentsApi/package-lock.json b/api/package-lock.json similarity index 100% rename from pythonEnvironmentsApi/package-lock.json rename to api/package-lock.json diff --git a/pythonEnvironmentsApi/package.json b/api/package.json similarity index 96% rename from pythonEnvironmentsApi/package.json rename to api/package.json index d99c50ba..cd792cee 100644 --- a/pythonEnvironmentsApi/package.json +++ b/api/package.json @@ -18,7 +18,7 @@ "vscode": "^1.110.0" }, "license": "MIT", - "homepage": "https://github.com/microsoft/vscode-python-environments/tree/main/pythonEnvironmentsApi", + "homepage": "https://github.com/microsoft/vscode-python-environments/tree/main/api", "repository": { "type": "git", "url": "https://github.com/microsoft/vscode-python-environments" diff --git a/pythonEnvironmentsApi/src/main.ts b/api/src/main.ts similarity index 100% rename from pythonEnvironmentsApi/src/main.ts rename to api/src/main.ts diff --git a/pythonEnvironmentsApi/tsconfig.json b/api/tsconfig.json similarity index 100% rename from pythonEnvironmentsApi/tsconfig.json rename to api/tsconfig.json diff --git a/build/azure-pipeline.npm.yml b/build/azure-pipeline.npm.yml index 9d37e131..e77fe0c1 100644 --- a/build/azure-pipeline.npm.yml +++ b/build/azure-pipeline.npm.yml @@ -24,58 +24,21 @@ parameters: type: boolean default: false - - name: publishToConsumptionFeed - displayName: 📡 Publish to msft_consumption feed - type: boolean - default: false - - - name: buildSteps - type: stepList - default: - - task: NodeTool@0 - inputs: - versionSpec: '22.21.1' - displayName: Select Node version - - - script: npm install - workingDirectory: $(Build.SourcesDirectory)/pythonEnvironmentsApi - displayName: Install package dependencies - - - script: npm run compile - workingDirectory: $(Build.SourcesDirectory)/pythonEnvironmentsApi - displayName: Compile TypeScript - - - script: npm pack --ignore-scripts - workingDirectory: $(Build.SourcesDirectory)/pythonEnvironmentsApi - displayName: Pack npm package - variables: - name: TeamName value: vscode-python-environments - name: PackageName value: '@vscode/python-environments' - name: PackageDir - value: pythonEnvironmentsApi + value: api - name: npmTag ${{ if eq(parameters.quality, 'preview') }}: value: next ${{ else }}: value: latest - - name: AzureArtifactsFeedUrl - value: 'https://pkgs.dev.azure.com/azure-public/vside/_packaging/python-environments/npm/registry/' - # Same URL without the https:// prefix (used in .npmrc auth lines) - - name: AzureArtifactsFeedUrlNoProtocol - value: 'pkgs.dev.azure.com/azure-public/vside/_packaging/python-environments/npm/registry/' - # Managed Identity service connection for Azure Artifacts auth (shared with Pylance) - - name: AzureServiceConnection - value: 'PylanceSecureVsIdePublishWithManagedIdentity' - - name: ConsumptionFeedUrl - value: 'https://pkgs.dev.azure.com/azure-public/vside/_packaging/msft_consumption/npm/registry/' - - name: ConsumptionFeedUrlNoProtocol - value: 'pkgs.dev.azure.com/azure-public/vside/_packaging/msft_consumption/npm/registry/' extends: - template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate + template: azure-pipelines/MicroBuild.1ES.Official.Publish.yml@MicroBuildTemplate parameters: sdl: sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES @@ -103,122 +66,44 @@ extends: targetPath: $(Build.ArtifactStagingDirectory) artifactName: npm-package steps: - - ${{ each step in parameters.buildSteps }}: - - ${{ step }} + - task: NodeTool@0 + inputs: + versionSpec: '22.21.1' + displayName: Select Node version + + - script: npm install + workingDirectory: $(Build.SourcesDirectory)/api + displayName: Install package dependencies + + - script: npm run compile + workingDirectory: $(Build.SourcesDirectory)/api + displayName: Compile TypeScript + + - script: npm pack --ignore-scripts + workingDirectory: $(Build.SourcesDirectory)/api + displayName: Pack npm package - task: CopyFiles@2 displayName: Copy package tarball to staging inputs: - sourceFolder: $(Build.SourcesDirectory)/pythonEnvironmentsApi + sourceFolder: $(Build.SourcesDirectory)/api contents: '*.tgz' targetFolder: $(Build.ArtifactStagingDirectory) - - stage: Publish - displayName: Publish to Azure Artifacts + - stage: PublishNPM + displayName: Publish to NPM dependsOn: Build condition: and(succeeded(), eq('${{ parameters.publishPackage }}', 'true')) jobs: - job: PublishPackage - displayName: Publish $(PackageName) - templateContext: - type: releaseJob - isProduction: true - inputs: - - input: pipelineArtifact - artifactName: npm-package - targetPath: $(Pipeline.Workspace)/npm-package + displayName: Publish npm package steps: - - checkout: none - - - task: NodeTool@0 - inputs: - versionSpec: '22.21.1' - displayName: Select Node version - - # Acquire a short-lived AAD token via Managed Identity (no stored secrets) - # SEE https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-security-configuration/configuration-guides/pat-burndown-guidance - - task: AzureCLI@2 - displayName: Acquire AAD token via Managed Identity - inputs: - azureSubscription: '$(AzureServiceConnection)' - scriptType: 'pscore' - scriptLocation: 'inlineScript' - inlineScript: | - $token = az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv - Write-Host "##vso[task.setvariable variable=AzdoToken;issecret=true]$token" - - - powershell: | - @" - registry=$(AzureArtifactsFeedUrl) - always-auth=true - "@ | Out-File -FilePath .npmrc - - @" - ; begin auth token - //$(AzureArtifactsFeedUrlNoProtocol):username=VssSessionToken - //$(AzureArtifactsFeedUrlNoProtocol):_authToken=$env:AZDO_TOKEN - //$(AzureArtifactsFeedUrlNoProtocol):email=not-used@example.com - ; end auth token - "@ | Out-File -FilePath $HOME/.npmrc - env: - AZDO_TOKEN: $(AzdoToken) - displayName: Create .npmrc files - - - powershell: | - $tgz = Get-ChildItem "$(Pipeline.Workspace)/npm-package/*.tgz" | Select-Object -First 1 - if (-not $tgz) { - Write-Error "No .tgz file found in $(Pipeline.Workspace)/npm-package/" - exit 1 - } - Write-Host "Publishing: $($tgz.FullName)" - if ("$(npmTag)" -eq "next") { - npm publish $tgz.FullName --registry $(AzureArtifactsFeedUrl) --tag next --ignore-scripts - } else { - npm publish $tgz.FullName --registry $(AzureArtifactsFeedUrl) --ignore-scripts - } - displayName: npm publish (${{ parameters.quality }}) - - - stage: PublishConsumption - displayName: Publish package to msft_consumption feed - dependsOn: Publish - condition: and(not(failed()), eq('${{ parameters.publishToConsumptionFeed }}', 'true')) - jobs: - - job: PullToConsumption - displayName: Pull $(PackageName) to msft_consumption - steps: - - checkout: none - - - task: NodeTool@0 - inputs: - versionSpec: '22.21.1' - displayName: Select Node version - - - task: AzureCLI@2 - displayName: Acquire AAD token via Managed Identity - inputs: - azureSubscription: '$(AzureServiceConnection)' - scriptType: 'pscore' - scriptLocation: 'inlineScript' - inlineScript: | - $token = az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv - Write-Host "##vso[task.setvariable variable=AzdoToken;issecret=true]$token" - - - powershell: | - @" - registry=$(ConsumptionFeedUrl) - always-auth=true - "@ | Out-File -FilePath .npmrc - - @" - ; begin auth token - //$(ConsumptionFeedUrlNoProtocol):username=VssSessionToken - //$(ConsumptionFeedUrlNoProtocol):_authToken=$env:AZDO_TOKEN - //$(ConsumptionFeedUrlNoProtocol):email=not-used@example.com - ; end auth token - "@ | Out-File -FilePath $HOME/.npmrc - env: - AZDO_TOKEN: $(AzdoToken) - displayName: Create .npmrc files - - - script: npm i -g $(PackageName)@$(npmTag) --registry $(ConsumptionFeedUrl) - displayName: Pull to msft_consumption + - template: MicroBuild.Publish.yml@MicroBuildTemplate + parameters: + intent: 'PackageDistribution' + contentType: 'npm' + contentSource: 'Folder' + folderLocation: '$(Build.ArtifactStagingDirectory)' + waitForReleaseCompletion: true + owners: 'plseng@microsoft.com' + approvers: 'eduardovil@microsoft.com;grwheele@microsoft.com' diff --git a/tsconfig.json b/tsconfig.json index 9465f002..93f4be50 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -17,5 +17,5 @@ "resolveJsonModule": true, "removeComments": true }, - "exclude": ["examples", "pythonEnvironmentsApi"] + "exclude": ["examples", "api"] } From d15c14755e93d0dcc766491b750a63c7b067542d Mon Sep 17 00:00:00 2001 From: Eduardo Villalpando Mello Date: Thu, 23 Apr 2026 16:39:03 -0700 Subject: [PATCH 2/5] Fix emails --- build/azure-pipeline.npm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/azure-pipeline.npm.yml b/build/azure-pipeline.npm.yml index e77fe0c1..40b8f472 100644 --- a/build/azure-pipeline.npm.yml +++ b/build/azure-pipeline.npm.yml @@ -106,4 +106,4 @@ extends: folderLocation: '$(Build.ArtifactStagingDirectory)' waitForReleaseCompletion: true owners: 'plseng@microsoft.com' - approvers: 'eduardovil@microsoft.com;grwheele@microsoft.com' + approvers: 'eduardovil@microsoft.com grwheele@microsoft.com' From 4cda323afb6421f542af83b45e8fc0e755f4a12a Mon Sep 17 00:00:00 2001 From: Eduardo Villalpando Mello Date: Thu, 23 Apr 2026 17:30:15 -0700 Subject: [PATCH 3/5] Update owners and approvers --- build/azure-pipeline.npm.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/azure-pipeline.npm.yml b/build/azure-pipeline.npm.yml index 40b8f472..a7de20be 100644 --- a/build/azure-pipeline.npm.yml +++ b/build/azure-pipeline.npm.yml @@ -105,5 +105,5 @@ extends: contentSource: 'Folder' folderLocation: '$(Build.ArtifactStagingDirectory)' waitForReleaseCompletion: true - owners: 'plseng@microsoft.com' - approvers: 'eduardovil@microsoft.com grwheele@microsoft.com' + owners: 'grwheele@microsoft.com' + approvers: 'eduardovil@microsoft.com,stellahuang@microsoft.com' From 2aff428826689357b94fb3aa58d69ff652d758f3 Mon Sep 17 00:00:00 2001 From: Eduardo Villalpando Mello Date: Thu, 23 Apr 2026 17:52:41 -0700 Subject: [PATCH 4/5] Update permissions --- build/azure-pipeline.npm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/azure-pipeline.npm.yml b/build/azure-pipeline.npm.yml index a7de20be..06761552 100644 --- a/build/azure-pipeline.npm.yml +++ b/build/azure-pipeline.npm.yml @@ -106,4 +106,4 @@ extends: folderLocation: '$(Build.ArtifactStagingDirectory)' waitForReleaseCompletion: true owners: 'grwheele@microsoft.com' - approvers: 'eduardovil@microsoft.com,stellahuang@microsoft.com' + approvers: 'eduardovil@microsoft.com' From 9756ffd338430f8022bb796e828bd2ed7f97ae61 Mon Sep 17 00:00:00 2001 From: Eduardo Villalpando Mello Date: Thu, 23 Apr 2026 18:12:15 -0700 Subject: [PATCH 5/5] Download artifact --- build/azure-pipeline.npm.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/build/azure-pipeline.npm.yml b/build/azure-pipeline.npm.yml index 06761552..9237ab25 100644 --- a/build/azure-pipeline.npm.yml +++ b/build/azure-pipeline.npm.yml @@ -98,12 +98,16 @@ extends: - job: PublishPackage displayName: Publish npm package steps: + - download: current + artifact: npm-package + displayName: Download npm-package artifact + - template: MicroBuild.Publish.yml@MicroBuildTemplate parameters: intent: 'PackageDistribution' contentType: 'npm' contentSource: 'Folder' - folderLocation: '$(Build.ArtifactStagingDirectory)' + folderLocation: '$(Pipeline.Workspace)/npm-package' waitForReleaseCompletion: true owners: 'grwheele@microsoft.com' approvers: 'eduardovil@microsoft.com'