feat: add support for --azure-credential via `VSCE_AZURE_CREDENTIAL…

…` environment variable (#663) Co-authored-by: Felipe Santos <[email protected]>
felipecrs · Dec 27, 2024 · cccdd52 · cccdd52
1 parent 5e82907
commit cccdd52
Show file tree

Hide file tree

Showing 9 changed files with 508 additions and 1,023 deletions.
diff --git a/README.md b/README.md
@@ -96,11 +96,12 @@ The directory of the extension relative to the current working directory. Defaul
 
 The following environment variables are supported by this plugin:
 
-| Variable      | Description                                                                                                                                                                                                                                                                                                     |
-| ------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `OVSX_PAT`    | _Optional_. The personal access token to push to Open VSX Registry                                                                                                                                                                                                                                              |
-| `VSCE_PAT`    | _Optional_. The personal access token to publish to Visual Studio Marketplace                                                                                                                                                                                                                                   |
-| `VSCE_TARGET` | _Optional_. The target to use when packaging or publishing the extension (used as `vsce package --target ${VSCE_TARGET}`). When set to `universal`, behave as if `VSCE_TARGET` was not set (i.e. build the universal/generic `vsix`). See [the platform-specific example](#platform-specific-on-github-actions) |
+| Variable                | Description                                                                                                                                                                                                                                                                                                     |
+| ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `OVSX_PAT`              | _Optional_. The personal access token to push to Open VSX Registry                                                                                                                                                                                                                                              |
+| `VSCE_PAT`              | _Optional_. The personal access token to publish to Visual Studio Marketplace. _Note:_ Cannot be set at the same time as `VSCE_AZURE_CREDENTIAL`.                                                                                                                                                               |
+| `VSCE_AZURE_CREDENTIAL` | _Optional_. When set to `true` or `1`, `vsce` will use the `--azure-credential` flag to authenticate. _Note:_ Cannot be set at the same time as `VSCE_PAT`.                                                                                                                                                     |
+| `VSCE_TARGET`           | _Optional_. The target to use when packaging or publishing the extension (used as `vsce package --target ${VSCE_TARGET}`). When set to `universal`, behave as if `VSCE_TARGET` was not set (i.e. build the universal/generic `vsix`). See [the platform-specific example](#platform-specific-on-github-actions) |
 
 ### Configuring `vsce`
 
@@ -333,4 +334,37 @@ jobs:
           OVSX_PAT: ${{ secrets.OVSX_PAT }}
 ```
 
+### GitHub Actions - Release to VS Marketplace with Azure credentials
+
+```yaml
+name: release
+
+on:
+  push:
+    branches: [master]
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+      - run: npm ci
+
+      # Log into Azure CLI to get VSCE credentials
+      - name: Azure login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - run: npx semantic-release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VSCE_AZURE_CREDENTIAL: 'true'
+```
+
 A reference implementation can also be found in the [VS Code ShellCheck extension](https://github.com/vscode-shellcheck/vscode-shellcheck/pull/805).
diff --git a/lib/publish.js b/lib/publish.js
@@ -7,6 +7,7 @@ const {
   isOvsxPublishEnabled,
   isTargetEnabled,
   isVscePublishEnabled,
+  isAzureCredentialEnabled,
 } = require('./utils');
 
 module.exports = async (version, packagePath, logger, cwd) => {
@@ -33,6 +34,10 @@ module.exports = async (version, packagePath, logger, cwd) => {
     }
   }
 
+  if (isAzureCredentialEnabled()) {
+    options.push('--azure-credential');
+  }
+
   const releases = [];
   if (isVscePublishEnabled()) {
     logger.log(message + ' to Visual Studio Marketplace');

diff --git a/lib/utils.js b/lib/utils.js
@@ -1,11 +1,19 @@
 // @ts-check
 
+const envToBoolean = (name) => {
+  return process.env[name] === 'true' || process.env[name] === '1';
+};
+
 const isOvsxPublishEnabled = () => {
   return 'OVSX_PAT' in process.env;
 };
 
+const isAzureCredentialEnabled = () => {
+  return envToBoolean('VSCE_AZURE_CREDENTIAL');
+};
+
 const isVscePublishEnabled = () => {
-  return 'VSCE_PAT' in process.env;
+  return 'VSCE_PAT' in process.env || isAzureCredentialEnabled();
 };
 
 const isTargetEnabled = () => {
@@ -18,4 +26,5 @@ module.exports = {
   isTargetEnabled,
   isOvsxPublishEnabled,
   isVscePublishEnabled,
+  isAzureCredentialEnabled,
 };
diff --git a/lib/verify-vsce-auth.js b/lib/verify-vsce-auth.js
@@ -2,22 +2,36 @@
 
 const SemanticReleaseError = require('@semantic-release/error');
 const execa = require('execa');
+const { isAzureCredentialEnabled } = require('./utils');
 
 module.exports = async (logger, cwd) => {
-  logger.log('Verifying authentication for vsce');
+  const pat = 'VSCE_PAT' in process.env && process.env.VSCE_PAT;
+  const azureCredential = isAzureCredentialEnabled();
 
-  if (!process.env.VSCE_PAT) {
+  if (!pat && !azureCredential) {
     throw new SemanticReleaseError(
-      'Empty vsce personal access token (`VSCE_PAT` environment variable) specified.',
-      'EEMPTYVSCEPAT',
+      'Neither vsce personal access token (`VSCE_PAT` environment variable) or azure credential flag (`VSCE_AZURE_CREDENTIAL` environment variable) specified.',
+      'EVSCEAUTHNOTPROVIDED',
     );
   }
 
+  if (pat && azureCredential) {
+    throw new SemanticReleaseError(
+      'Both vsce personal access token (`VSCE_PAT` environment variable) and azure credential flag (`VSCE_AZURE_CREDENTIAL` environment variable) specified. Please use only one.',
+      'EVSCEDUPLICATEAUTHPROVIDED',
+    );
+  }
+
+  const vsceArgs = ['verify-pat'];
+  if (azureCredential) {
+    vsceArgs.push('--azure-credential');
+  }
+
   try {
-    await execa('vsce', ['verify-pat'], { preferLocal: true, cwd });
+    await execa('vsce', vsceArgs, { preferLocal: true, cwd });
   } catch (e) {
     throw new SemanticReleaseError(
-      `Invalid vsce personal access token. Additional information:\n\n${e}`,
+      `Invalid vsce personal access token or azure credential. Additional information:\n\n${e}`,
       'EINVALIDVSCEPAT',
     );
   }

diff --git a/lib/verify.js b/lib/verify.js
@@ -16,15 +16,15 @@ module.exports = async (pluginConfig, { logger, cwd }) => {
     const ovsxPublishEnabled = isOvsxPublishEnabled();
     if (!vscePublishEnabled && !ovsxPublishEnabled) {
       throw new SemanticReleaseError(
-        'No personal access token was detected. Set the `VSCE_PAT` or the `OVSX_PAT` environment variable, at least one of them must be present when publish is enabled.\nLearn more at https://github.com/felipecrs/semantic-release-vsce#publishing',
+        'No personal access token was detected. Set `VSCE_PAT`, `VSCE_AZURE_CREDENTIAL`, or the `OVSX_PAT` environment variable. At least one of them must be present when publish is enabled.\nLearn more at https://github.com/felipecrs/semantic-release-vsce#publishing',
         'ENOPAT',
       );
     }
     if (vscePublishEnabled) {
       await verifyVsceAuth(logger, cwd);
     } else {
       logger.log(
-        'Skipping verification of the vsce personal access token as the `VSCE_PAT` environment variable is not set.\n\nDid you know you can easily start publishing to Visual Studio Marketplace with `semantic-release-vsce`?\nLearn more at https://github.com/felipecrs/semantic-release-vsce#publishing-to-visual-studio-marketplace',
+        'Skipping verification of the vsce personal access token as the `VSCE_PAT` or `VSCE_AZURE_CREDENTIAL` environment variables are not set.\n\nDid you know you can easily start publishing to Visual Studio Marketplace with `semantic-release-vsce`?\nLearn more at https://github.com/felipecrs/semantic-release-vsce#publishing-to-visual-studio-marketplace',
       );
     }
     if (ovsxPublishEnabled) {