Merge remote-tracking branch 'upstream/main'

THIS-IS-NOT-A-BACKUP · Nov 22, 2024 · 401ba6b · 401ba6b
2 parents e9499c7 + 7248aaa
commit 401ba6b
Show file tree

Hide file tree

Showing 143 changed files with 3,016 additions and 889 deletions.
diff --git a/build/azure-pipelines/common/sign.js b/build/azure-pipelines/common/sign.js
diff --git a/build/azure-pipelines/common/sign.ts b/build/azure-pipelines/common/sign.ts
@@ -138,6 +138,17 @@ export function main([esrpCliPath, type, folderPath, pattern]: string[]) {
 	const tmp = new Temp();
 	process.on('exit', () => tmp.dispose());
 
+	const key = crypto.randomBytes(32);
+	const iv = crypto.randomBytes(16);
+	const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
+	const encryptedToken = cipher.update(process.env['SYSTEM_ACCESSTOKEN']!.trim(), 'utf8', 'hex') + cipher.final('hex');
+
+	const encryptionDetailsPath = tmp.tmpNameSync();
+	fs.writeFileSync(encryptionDetailsPath, JSON.stringify({ key: key.toString('hex'), iv: iv.toString('hex') }));
+
+	const encryptedTokenPath = tmp.tmpNameSync();
+	fs.writeFileSync(encryptedTokenPath, encryptedToken);
+
 	const patternPath = tmp.tmpNameSync();
 	fs.writeFileSync(patternPath, pattern);
 
@@ -157,7 +168,8 @@ export function main([esrpCliPath, type, folderPath, pattern]: string[]) {
 		managedIdentityTenantId: process.env['VSCODE_ESRP_TENANT_ID'],
 		serviceConnectionId: process.env['VSCODE_ESRP_SERVICE_CONNECTION_ID'],
 		tempDirectory: os.tmpdir(),
-		systemAccessToken: process.env['SYSTEM_ACCESSTOKEN']
+		systemAccessToken: encryptedTokenPath,
+		encryptionKey: encryptionDetailsPath
 	};
 
 	const args = [