Skip to content

Merge extension-provided policy#306874

Merged
joshspicer merged 24 commits intomainfrom
joshspicer/extension-policy-merge-script
Apr 1, 2026
Merged

Merge extension-provided policy#306874
joshspicer merged 24 commits intomainfrom
joshspicer/extension-policy-merge-script

Conversation

@joshspicer
Copy link
Copy Markdown
Member

@joshspicer joshspicer commented Mar 31, 2026
edited
Loading

tracking https://github.com/microsoft/vscode-internalbacklog/issues/7245

Summary

Adds a merge script that fetches extensionConfigurationPolicy entries from the distro's product.json and merges them into policyData.jsonc during the policy export workflow.

fyi @pwang347

Problem

The --export-policy-data command runs in the OSS dev build, which has no access to extensionConfigurationPolicy data — that lives only in vscode-distro's product.json. Extension policies for settings like github.copilot.nextEditSuggestions.enabled therefore never appear in the exported policyData.jsonc, which means they're missing from:

  • Windows Group Policy ADMX/ADML artifacts
  • macOS .mobileconfig profiles
  • Linux policy.json
  • The enterprise policy reference page on code.visualstudio.com

Solution

New build script build/lib/policies/mergeExtensionPolicies.ts that:

  1. Reads package.json to get the pinned distro commit ("distro": "3de67a...")
  2. Fetches the distro's mixin/stable/product.json at that exact commit (via local .build/distro/ or GitHub API with GITHUB_TOKEN)
  3. Reads extensionConfigurationPolicy entries
  4. Merges them into policyData.jsonc, skipping any already present

New workflow

npm run transpile-client && ./scripts/code.sh --export-policy-data && GITHUB_TOKEN=... node build/lib/policies/mergeExtensionPolicies.ts

Changes

File Change
build/lib/policies/mergeExtensionPolicies.ts New — merge script
src/.../policyExport.contribution.ts Updated disclaimer comment
src/.../policyExport.integrationTest.ts Runs merge step after export; fails hard if distro unavailable
.github/skills/add-policy/SKILL.md Documented extension policy lifecycle, distro format, downstream consumers

Dependencies

Companion PR: https://github.com/microsoft/vscode-distro/pull/1376 (adds localization format to extensionConfigurationPolicy entries in all three quality product.json files)

@joshspicer
Add merge script for extension configuration policies from distro
e484335 
Adds build/lib/policies/mergeExtensionPolicies.ts which fetches the
distro's product.json (at the commit pinned in package.json) and merges
extensionConfigurationPolicy entries into policyData.jsonc.

The --export-policy-data step only captures policies from the OSS
configuration registry. Extension policies (e.g., Copilot settings)
are defined in vscode-distro's product.json and are not available in
the OSS dev build. This merge script bridges that gap.

Workflow: ./scripts/code.sh --export-policy-data && node build/lib/policies/mergeExtensionPolicies.ts

Also updates:
- policyExport integration test to run the merge step
- add-policy skill documentation with extension policy lifecycle
Copilot AI review requested due to automatic review settings March 31, 2026 17:23
Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a post-processing step to the policy export workflow so that extension-provided extensionConfigurationPolicy entries (which only exist in vscode-distro’s product.json) are merged into the exported build/lib/policies/policyData.jsonc, ensuring downstream policy artifacts include extension settings.

Changes:

  • Introduces build/lib/policies/mergeExtensionPolicies.ts to fetch distro product.json (local .build/distro or GitHub API) and merge extensionConfigurationPolicy into policyData.jsonc.
  • Updates the policy export integration test to run the merge step after --export-policy-data.
  • Updates policy export messaging/docs to reflect the new two-step generation workflow.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
build/lib/policies/mergeExtensionPolicies.ts New merge script that pulls extensionConfigurationPolicy from distro product.json and appends missing policies to exported policy data.
src/vs/workbench/contrib/policyExport/electron-browser/policyExport.contribution.ts Updates the generated-file disclaimer string shown in exported policyData.jsonc.
src/vs/workbench/contrib/policyExport/test/node/policyExport.integrationTest.ts Runs the merge script after export so the comparison includes extension policies.
.github/skills/add-policy/SKILL.md Documents extension policy lifecycle and the new regeneration workflow including the merge step.

@joshspicer joshspicer marked this pull request as draft March 31, 2026 17:44
@joshspicer
Copy link
Copy Markdown
Member Author

joshspicer commented Mar 31, 2026

test build https://dev.azure.com/monacotools/Monaco/_build/results?buildId=426269&view=results

@joshspicer joshspicer changed the title Add merge script for extension configuration policies from distro Merge extension-provided policy Mar 31, 2026
@joshspicer
fix: revert extension policies from policyData.jsonc, remove console.…
af711fa 
…log from test

Extension policies should only be added after the distro PR merges.
Test runner disallows console output in tests.
@joshspicer
Add mock distro test for mergeExtensionPolicies, remove merge from ex…
0db10e0 
…port test

- mergeExtensionPolicies.ts: add DISTRO_PRODUCT_JSON env var to
  override the distro path (for testing without private repo access)
- New test: creates a mock product.json, runs the merge script,
  verifies policies are added correctly and idempotently
- Export test: no longer runs the merge step (avoids needing
  distro access or GITHUB_TOKEN in CI)
@joshspicer joshspicer marked this pull request as ready for review March 31, 2026 20:10
@joshspicer joshspicer force-pushed the joshspicer/extension-policy-merge-script branch from 472daa2 to 905a12d Compare March 31, 2026 20:20
@joshspicer joshspicer enabled auto-merge (squash) March 31, 2026 20:23
@joshspicer
Fix CI: add extension policy fixture for export test
a15d9d9 
The export test now runs mergeExtensionPolicies using a checked-in
fixture file instead of requiring distro access or GITHUB_TOKEN.
When extension policies change in the distro, regenerate both
policyData.jsonc and the fixture file.
pwang347
pwang347 reviewed Mar 31, 2026
View reviewed changes
@joshspicer joshspicer disabled auto-merge March 31, 2026 21:08
@joshspicer joshspicer marked this pull request as draft March 31, 2026 21:08
@joshspicer
Integrate extension policy merge into --export-policy-data
55f200d 
- Removed mergeExtensionPolicies.ts — no separate CLI tool needed
- --export-policy-data now reads build/lib/policies/extensionPolicies.json
  and merges extension policies into the output automatically
- Single command workflow: ./scripts/code.sh --export-policy-data
- Simplified test — no merge step, no GITHUB_TOKEN, no distro access
- Updated SKILL.md to document the simplified workflow
@joshspicer
Dynamic distro reading: --export-policy-data fetches from distro dire…
32486f9 
…ctly

- policyExport.contribution.ts reads distro product.json dynamically:
  1. DISTRO_PRODUCT_JSON env var (for testing)
  2. .build/distro/mixin/stable/product.json (local checkout)
  3. GitHub API with GITHUB_TOKEN (remote fetch)
- New scripts/export-policy-data.sh wrapper: sets up GITHUB_TOKEN
  via gh CLI and runs the export
- Deleted build/lib/policies/extensionPolicies.json (no static copy)
- Test uses DISTRO_PRODUCT_JSON with a fixture file
- Uses sandbox process.env and VSBuffer (renderer-safe)
@joshspicer
Replace bash wrapper with cross-platform TS script
7730372 
- New build/lib/policies/exportPolicyData.ts: handles transpilation,
  GITHUB_TOKEN setup via gh CLI, and runs --export-policy-data
- Added 'npm run export-policy-data' script to package.json
- Removed scripts/export-policy-data.sh
- Updated SKILL.md and test error message
@joshspicer
Use OAuth device flow for GitHub token acquisition
48a1370 
exportPolicyData.ts now acquires tokens via:
1. GITHUB_TOKEN env var (if set)
2. gh CLI (fast, non-interactive)
3. GitHub OAuth device flow (interactive, no dependencies)

Based on vscode-copilot-chat's getToken.mts pattern.
@joshspicer
Fix error messages to reference npm run export-policy-data
cb96bc3
@joshspicer
Fix disclaimer to reference npm run export-policy-data, clean up stal…
99b6952 
…e refs
@joshspicer joshspicer marked this pull request as ready for review March 31, 2026 23:05
pwang347
pwang347 previously approved these changes Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@pwang347 pwang347 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thank you for making this change!

@joshspicer joshspicer enabled auto-merge (squash) March 31, 2026 23:49
@joshspicer joshspicer merged commit fcbabe4 into main Apr 1, 2026
18 checks passed
@joshspicer joshspicer deleted the joshspicer/extension-policy-merge-script branch April 1, 2026 00:07
@vs-code-engineering vs-code-engineering bot added this to the 1.115.0 milestone Apr 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pwang347 pwang347 pwang347 approved these changes

@Yoyokrazy Yoyokrazy Yoyokrazy approved these changes

@rebornix rebornix Awaiting requested review from rebornix rebornix is a code owner

@joaomoreno joaomoreno Awaiting requested review from joaomoreno joaomoreno is a code owner

@sandy081 sandy081 Awaiting requested review from sandy081 sandy081 is a code owner

Assignees

@joshspicer joshspicer

Labels

None yet

Projects

None yet

Milestone

1.115.0

Development

Successfully merging this pull request may close these issues.

4 participants

@joshspicer @pwang347 @Yoyokrazy