diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 20bb7c0..0ea0edd 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -118,21 +118,27 @@ jobs: ARCHITECTURE: ${{ matrix.platform }} SNAP_STORE_LOGIN: ${{ secrets.SNAP_STORE_LOGIN }} - - uses: docker/setup-qemu-action@v1 - if: env.SHOULD_DEPLOY == 'yes' + # - uses: docker/setup-qemu-action@v1 + # if: env.SHOULD_DEPLOY == 'yes' - - uses: diddlesnaps/snapcraft-multiarch-action@v1 + # - uses: diddlesnaps/snapcraft-multiarch-action@v1 + # with: + # path: stores/snapcraft + # architecture: ${{ matrix.platform }} + # id: build + # if: env.SHOULD_DEPLOY == 'yes' + + # - uses: diddlesnaps/snapcraft-review-action@v1 + # with: + # snap: ${{ steps.build.outputs.snap }} + # isClassic: 'true' + # if: env.SHOULD_DEPLOY == 'yes' + - uses: snapcore/action-build@v1 with: path: stores/snapcraft - architecture: ${{ matrix.platform }} id: build if: env.SHOULD_DEPLOY == 'yes' - - uses: diddlesnaps/snapcraft-review-action@v1 - with: - snap: ${{ steps.build.outputs.snap }} - isClassic: 'true' - if: env.SHOULD_DEPLOY == 'yes' - uses: snapcore/action-publish@v1 with: diff --git a/.gitignore b/.gitignore index 49de55f..8c6fe1e 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ VS*/* build/linux/appimage/out build/linux/appimage/pkg2appimage.AppDir build/linux/appimage/pkg2appimage-*.AppImage +build/linux/appimage/squashfs-root build/linux/appimage/VSCodium build/windows/msi/releasedir build/windows/rtf/Readme (Abridged).txt diff --git a/patches/cleanup-archive.patch b/patches/cleanup-archive.patch index 7b70d5c..4b07e98 100644 --- a/patches/cleanup-archive.patch +++ b/patches/cleanup-archive.patch @@ -1,9 +1,9 @@ diff --git a/build/gulpfile.vscode.win32.js b/build/gulpfile.vscode.win32.js -index 1a73ae9..1b87189 100644 +index 81ba509..59041e2 100644 --- a/build/gulpfile.vscode.win32.js +++ b/build/gulpfile.vscode.win32.js -@@ -126,7 +126,7 @@ defineWin32SetupTasks('arm64', 'user'); - +@@ -137,7 +137,7 @@ defineWin32SetupTasks('arm64', 'user'); + */ function archiveWin32Setup(arch) { return cb => { - const args = ['a', '-tzip', zipPath(arch), '-x!CodeSignSummary*.md', '.', '-r']; diff --git a/patches/use-github-pat.patch b/patches/use-github-pat.patch index 4d93c0c..bccbffc 100644 --- a/patches/use-github-pat.patch +++ b/patches/use-github-pat.patch @@ -1,12 +1,9 @@ diff --git a/extensions/github-authentication/src/githubServer.ts b/extensions/github-authentication/src/githubServer.ts -index 92313d0..a69da37 100644 +index 49a523b..d68588e 100644 --- a/extensions/github-authentication/src/githubServer.ts +++ b/extensions/github-authentication/src/githubServer.ts -@@ -3,41 +3,13 @@ - * Licensed under the MIT License. See License.txt in the project root for license information. - *--------------------------------------------------------------------------------------------*/ - --import * as nls from 'vscode-nls'; +@@ -6,23 +6,14 @@ + import * as nls from 'vscode-nls'; import * as vscode from 'vscode'; import fetch, { Response } from 'node-fetch'; -import { v4 as uuid } from 'uuid'; @@ -15,91 +12,58 @@ index 92313d0..a69da37 100644 import { AuthProviderType } from './github'; import { Log } from './common/logger'; -import { isSupportedEnvironment } from './common/env'; -- --const localize = nls.loadMessageBundle(); --const CLIENT_ID = '01ab8ac9400c4e429b23'; + const localize = nls.loadMessageBundle(); + const CLIENT_ID = '01ab8ac9400c4e429b23'; +-const GITHUB_AUTHORIZE_URL = 'https://github.com/login/oauth/authorize'; +-// TODO: change to stable when that happens +-const GITHUB_TOKEN_URL = 'https://vscode.dev/codeExchangeProxyEndpoints/github/login/oauth/access_token'; const NETWORK_ERROR = 'network error'; --const AUTH_RELAY_SERVER = 'vscode-auth.github.com'; --// const AUTH_RELAY_STAGING_SERVER = 'client-auth-staging-14a768b.herokuapp.com'; -- --class UriEventHandler extends vscode.EventEmitter implements vscode.UriHandler { -- constructor(private readonly Logger: Log) { -- super(); -- } -- -- public handleUri(uri: vscode.Uri) { -- this.Logger.trace('Handling Uri...'); -- this.fire(uri); -- } --} -- --function parseQuery(uri: vscode.Uri) { -- return uri.query.split('&').reduce((prev: any, current) => { -- const queryString = current.split('='); -- prev[queryString[0]] = queryString[1]; -- return prev; -- }, {}); --} - export interface IGitHubServer extends vscode.Disposable { - login(scopes: string): Promise; -@@ -47,13 +19,6 @@ export interface IGitHubServer extends vscode.Disposable { - type: AuthProviderType; - } - --interface IGitHubDeviceCodeResponse { -- device_code: string; -- user_code: string; -- verification_uri: string; -- interval: number; --} +-const REDIRECT_URL_STABLE = 'https://vscode.dev/redirect'; +-const REDIRECT_URL_INSIDERS = 'https://insiders.vscode.dev/redirect'; - - async function getScopes(token: string, serverUri: vscode.Uri, logger: Log): Promise { - try { - logger.info('Getting token scopes...'); -@@ -115,315 +80,49 @@ async function getUserInfo(token: string, serverUri: vscode.Uri, logger: Log): P + class UriEventHandler extends vscode.EventEmitter implements vscode.UriHandler { + constructor(private readonly Logger: Log) { + super(); +@@ -110,10 +101,7 @@ async function getUserInfo(token: string, serverUri: vscode.Uri, logger: Log): P export class GitHubServer implements IGitHubServer { friendlyName = 'GitHub'; type = AuthProviderType.github; -- private _statusBarItem: vscode.StatusBarItem | undefined; - private _onDidManuallyProvideToken = new vscode.EventEmitter(); -- -- private _pendingStates = new Map(); -- private _codeExchangePromises = new Map; cancel: vscode.EventEmitter }>(); -- private _statusBarCommandId = `${this.type}.provide-manually`; -- private _disposable: vscode.Disposable; -- private _uriHandler = new UriEventHandler(this._logger); - constructor(private readonly _supportDeviceCodeFlow: boolean, private readonly _logger: Log, private readonly _telemetryReporter: ExperimentationTelemetry) { -- this._disposable = vscode.Disposable.from( -- vscode.commands.registerCommand(this._statusBarCommandId, () => this.manuallyProvideUri()), -- vscode.window.registerUriHandler(this._uriHandler)); -+ this._supportDeviceCodeFlow; +- private _pendingNonces = new Map(); +- private _codeExchangePromises = new Map; cancel: vscode.EventEmitter }>(); + private _disposable: vscode.Disposable; + private _uriHandler = new UriEventHandler(this._logger); + +@@ -125,87 +113,31 @@ export class GitHubServer implements IGitHubServer { + this._disposable.dispose(); } - dispose() { -- this._disposable.dispose(); -- } -- - // TODO@joaomoreno TODO@TylerLeonhardt - private async isNoCorsEnvironment(): Promise { - const uri = await vscode.env.asExternalUri(vscode.Uri.parse(`${vscode.env.uriScheme}://vscode.github-authentication/dummy`)); - return (uri.scheme === 'https' && /^((insiders\.)?vscode|github)\./.test(uri.authority)) || (uri.scheme === 'http' && /^localhost/.test(uri.authority)); - } - +- } +- public async login(scopes: string): Promise { this._logger.info(`Logging in for the following scopes: ${scopes}`); -- const callbackUri = await vscode.env.asExternalUri(vscode.Uri.parse(`${vscode.env.uriScheme}://vscode.github-authentication/did-authenticate`)); +- const nonce = uuid(); +- const callbackUri = await vscode.env.asExternalUri(vscode.Uri.parse(`${vscode.env.uriScheme}://vscode.github-authentication/did-authenticate?nonce=${encodeURIComponent(nonce)}`)); - - if (!isSupportedEnvironment(callbackUri)) { - const token = this._supportDeviceCodeFlow - ? await this.doDeviceCodeFlow(scopes) - : await vscode.window.showInputBox({ prompt: 'GitHub Personal Access Token', ignoreFocusOut: true }); -- ++ const token = this._supportDeviceCodeFlow ++ ? await this.doDeviceCodeFlow(scopes) ++ : await vscode.window.showInputBox({ prompt: 'GitHub Personal Access Token', ignoreFocusOut: true }); + - if (!token) { throw new Error('No token provided'); } -- ++ if (!token) { throw new Error('No token provided'); } + - const tokenScopes = await getScopes(token, this.getServerUri('/'), this._logger); // Example: ['repo', 'user'] - const scopesList = scopes.split(' '); // Example: 'read:user repo user:email' - if (!scopesList.every(scope => { @@ -113,131 +77,6 @@ index 92313d0..a69da37 100644 - }); - })) { - throw new Error(`The provided token does not match the requested scopes: ${scopes}`); -- } -- -- return token; -- } -- -- this.updateStatusBarItem(true); -- -- const state = uuid(); -- const existingStates = this._pendingStates.get(scopes) || []; -- this._pendingStates.set(scopes, [...existingStates, state]); -- -- const uri = vscode.Uri.parse(`https://${AUTH_RELAY_SERVER}/authorize/?callbackUri=${encodeURIComponent(callbackUri.toString())}&scope=${scopes}&state=${state}&responseType=code&authServer=https://github.com`); -- await vscode.env.openExternal(uri); -- -- // Register a single listener for the URI callback, in case the user starts the login process multiple times -- // before completing it. -- let codeExchangePromise = this._codeExchangePromises.get(scopes); -- if (!codeExchangePromise) { -- codeExchangePromise = promiseFromEvent(this._uriHandler.event, this.exchangeCodeForToken(scopes)); -- this._codeExchangePromises.set(scopes, codeExchangePromise); -- } -- -- return Promise.race([ -- codeExchangePromise.promise, -- promiseFromEvent(this._onDidManuallyProvideToken.event, (token: string | undefined, resolve, reject): void => { -- if (!token) { -- reject('Cancelled'); -- } else { -- resolve(token); -- } -- }).promise, -- new Promise((_, reject) => setTimeout(() => reject('Cancelled'), 60000)) -- ]).finally(() => { -- this._pendingStates.delete(scopes); -- codeExchangePromise?.cancel.fire(); -- this._codeExchangePromises.delete(scopes); -- this.updateStatusBarItem(false); -- }); -- } -- -- private async doDeviceCodeFlow(scopes: string): Promise { -- // Get initial device code -- const uri = `https://github.com/login/device/code?client_id=${CLIENT_ID}&scope=${scopes}`; -- const result = await fetch(uri, { -- method: 'POST', -- headers: { -- Accept: 'application/json' -- } -- }); -- if (!result.ok) { -- throw new Error(`Failed to get one-time code: ${await result.text()}`); -- } -- -- const json = await result.json() as IGitHubDeviceCodeResponse; -- -- -- const modalResult = await vscode.window.showInformationMessage( -- localize('code.title', "Your Code: {0}", json.user_code), -- { -- modal: true, -- detail: localize('code.detail', "To finish authenticating, navigate to GitHub and paste in the above one-time code.") -- }, 'Copy & Continue to GitHub'); -- -- if (modalResult !== 'Copy & Continue to GitHub') { -- throw new Error('Cancelled'); -- } -- -- await vscode.env.clipboard.writeText(json.user_code); -- -- const uriToOpen = await vscode.env.asExternalUri(vscode.Uri.parse(json.verification_uri)); -- await vscode.env.openExternal(uriToOpen); -- -- return await vscode.window.withProgress({ -- location: vscode.ProgressLocation.Notification, -- cancellable: true, -- title: localize( -- 'progress', -- "Open [{0}]({0}) in a new tab and paste your one-time code: {1}", -- json.verification_uri, -- json.user_code) -- }, async (_, token) => { -- return await this.waitForDeviceCodeAccessToken(json, token); -- }); -- } -- -- private async waitForDeviceCodeAccessToken( -- json: IGitHubDeviceCodeResponse, -- token: vscode.CancellationToken -- ): Promise { -- -- const refreshTokenUri = `https://github.com/login/oauth/access_token?client_id=${CLIENT_ID}&device_code=${json.device_code}&grant_type=urn:ietf:params:oauth:grant-type:device_code`; -- -- // Try for 2 minutes -- const attempts = 120 / json.interval; -- for (let i = 0; i < attempts; i++) { -- await new Promise(resolve => setTimeout(resolve, json.interval * 1000)); -- if (token.isCancellationRequested) { -- throw new Error('Cancelled'); -- } -- let accessTokenResult; -- try { -- accessTokenResult = await fetch(refreshTokenUri, { -- method: 'POST', -- headers: { -- Accept: 'application/json' -- } -- }); -- } catch { -- continue; -- } -- -- if (!accessTokenResult.ok) { -- continue; -- } -+ const token = await vscode.window.showInputBox({ prompt: 'GitHub Personal Access Token', ignoreFocusOut: true }); - -- const accessTokenJson = await accessTokenResult.json(); -+ if (!token) { throw new Error('No token provided'); } - -- if (accessTokenJson.error === 'authorization_pending') { -- continue; -- } -- -- if (accessTokenJson.error) { -- throw new Error(accessTokenJson.error_description); + const tokenScopes = await getScopes(token, this.getServerUri('/'), this._logger); // Example: ['repo', 'user'] + const scopesList = scopes.split(' '); // Example: 'read:user repo user:email' + if (!scopesList.every(scope => { @@ -246,7 +85,7 @@ index 92313d0..a69da37 100644 + return included; } -- return accessTokenJson.access_token; +- return token; + return scope.split(':').some(splitScopes => { + return tokenScopes.includes(splitScopes); + }); @@ -254,35 +93,95 @@ index 92313d0..a69da37 100644 + throw new Error(`The provided token does not match the requested scopes: ${scopes}`); } -- throw new Error('Cancelled'); +- const existingNonces = this._pendingNonces.get(scopes) || []; +- this._pendingNonces.set(scopes, [...existingNonces, nonce]); +- +- const proxyEndpoints: { [providerId: string]: string } | undefined = await vscode.commands.executeCommand('workbench.getCodeExchangeProxyEndpoints'); +- // If we are running in insiders vscode.dev, then ensure we use the redirect route on that. +- const redirectUri = proxyEndpoints?.github?.includes('https://insiders.vscode.dev') ? REDIRECT_URL_INSIDERS : REDIRECT_URL_STABLE; +- const searchParams = new URLSearchParams([ +- ['client_id', CLIENT_ID], +- ['redirect_uri', redirectUri], +- ['scope', scopes], +- ['state', encodeURIComponent(callbackUri.toString(true))] +- ]); +- const uri = vscode.Uri.parse(`${GITHUB_AUTHORIZE_URL}?${searchParams.toString()}`); +- +- return vscode.window.withProgress({ +- location: vscode.ProgressLocation.Window, +- title: localize('signingIn', " $(mark-github) Signing in to github.com..."), +- }, async () => { +- await vscode.env.openExternal(uri); +- +- // Register a single listener for the URI callback, in case the user starts the login process multiple times +- // before completing it. +- let codeExchangePromise = this._codeExchangePromises.get(scopes); +- if (!codeExchangePromise) { +- codeExchangePromise = promiseFromEvent(this._uriHandler.event, this.exchangeCodeForToken(scopes)); +- this._codeExchangePromises.set(scopes, codeExchangePromise); +- } +- +- return Promise.race([ +- codeExchangePromise.promise, +- promiseFromEvent(this._onDidManuallyProvideToken.event, (token: string | undefined, resolve, reject): void => { +- if (!token) { +- reject('Cancelled'); +- } else { +- resolve(token); +- } +- }).promise, +- new Promise((_, reject) => setTimeout(() => reject('Cancelled'), 60000)) +- ]).finally(() => { +- this._pendingNonces.delete(scopes); +- codeExchangePromise?.cancel.fire(); +- this._codeExchangePromises.delete(scopes); +- }); +- }); + return token; } + private async doDeviceCodeFlow(scopes: string): Promise { +@@ -299,57 +231,6 @@ export class GitHubServer implements IGitHubServer { + throw new Error('Cancelled'); + } + - private exchangeCodeForToken: (scopes: string) => PromiseAdapter = - (scopes) => async (uri, resolve, reject) => { -- const query = parseQuery(uri); -- const code = query.code; +- const query = new URLSearchParams(uri.query); +- const code = query.get('code'); - -- const acceptedStates = this._pendingStates.get(scopes) || []; -- if (!acceptedStates.includes(query.state)) { +- const acceptedNonces = this._pendingNonces.get(scopes) || []; +- const nonce = query.get('nonce'); +- if (!nonce) { +- this._logger.error('No nonce in response.'); +- return; +- } +- if (!acceptedNonces.includes(nonce)) { - // A common scenario of this happening is if you: - // 1. Trigger a sign in with one set of scopes - // 2. Before finishing 1, you trigger a sign in with a different set of scopes - // In this scenario we should just return and wait for the next UriHandler event - // to run as we are probably still waiting on the user to hit 'Continue' -- this._logger.info('State not found in accepted state. Skipping this execution...'); +- this._logger.info('Nonce not found in accepted nonces. Skipping this execution...'); - return; - } - -- const url = `https://${AUTH_RELAY_SERVER}/token?code=${code}&state=${query.state}`; - this._logger.info('Exchanging code for token...'); - +- const proxyEndpoints: { [providerId: string]: string } | undefined = await vscode.commands.executeCommand('workbench.getCodeExchangeProxyEndpoints'); +- const endpointUrl = proxyEndpoints?.github ? `${proxyEndpoints.github}login/oauth/access_token` : GITHUB_TOKEN_URL; +- - try { -- const result = await fetch(url, { +- const body = `code=${code}`; +- const result = await fetch(endpointUrl, { - method: 'POST', - headers: { -- Accept: 'application/json' -- } +- Accept: 'application/json', +- 'Content-Type': 'application/x-www-form-urlencoded', +- 'Content-Length': body.toString() +- +- }, +- body - }); - - if (result.ok) { @@ -300,51 +199,7 @@ index 92313d0..a69da37 100644 private getServerUri(path: string = '') { const apiUri = vscode.Uri.parse('https://api.github.com'); return vscode.Uri.parse(`${apiUri.scheme}://${apiUri.authority}${path}`); - } - -- private updateStatusBarItem(isStart?: boolean) { -- if (isStart && !this._statusBarItem) { -- this._statusBarItem = vscode.window.createStatusBarItem('status.git.signIn', vscode.StatusBarAlignment.Left); -- this._statusBarItem.name = localize('status.git.signIn.name', "GitHub Sign-in"); -- this._statusBarItem.text = localize('signingIn', "$(mark-github) Signing in to github.com..."); -- this._statusBarItem.command = this._statusBarCommandId; -- this._statusBarItem.show(); -- } -- -- if (!isStart && this._statusBarItem) { -- this._statusBarItem.dispose(); -- this._statusBarItem = undefined; -- } -- } -- -- private async manuallyProvideUri() { -- const uri = await vscode.window.showInputBox({ -- prompt: 'Uri', -- ignoreFocusOut: true, -- validateInput(value) { -- if (!value) { -- return undefined; -- } -- const error = localize('validUri', "Please enter a valid Uri from the GitHub login page."); -- try { -- const uri = vscode.Uri.parse(value.trim()); -- if (!uri.scheme || uri.scheme === 'file') { -- return error; -- } -- } catch (e) { -- return error; -- } -- return undefined; -- } -- }); -- if (!uri) { -- return; -- } -- -- this._uriHandler.handleUri(vscode.Uri.parse(uri.trim())); -- } -- - public getUserInfo(token: string): Promise<{ id: string; accountName: string }> { +@@ -359,44 +240,7 @@ export class GitHubServer implements IGitHubServer { return getUserInfo(token, this.getServerUri('/user'), this._logger); } @@ -390,3 +245,59 @@ index 92313d0..a69da37 100644 } public async checkEnterpriseVersion(token: string): Promise { +diff --git a/src/vs/workbench/browser/parts/activitybar/activitybarActions.ts b/src/vs/workbench/browser/parts/activitybar/activitybarActions.ts +index 36647e6..55e722b 100644 +--- a/src/vs/workbench/browser/parts/activitybar/activitybarActions.ts ++++ b/src/vs/workbench/browser/parts/activitybar/activitybarActions.ts +@@ -271,7 +271,7 @@ export class AccountsActivityActionViewItem extends MenuActivityActionViewItem { + } + }); + +- if (providers.length && !menus.length) { ++ if (!menus.length) { + const noAccountsAvailableAction = disposables.add(new Action('noAccountsAvailable', localize('noAccounts', "You are not signed in to any accounts"), undefined, false)); + menus.push(noAccountsAvailableAction); + } +diff --git a/src/vs/workbench/services/authentication/browser/authenticationService.ts b/src/vs/workbench/services/authentication/browser/authenticationService.ts +index 5f7431d..278cd3d 100644 +--- a/src/vs/workbench/services/authentication/browser/authenticationService.ts ++++ b/src/vs/workbench/services/authentication/browser/authenticationService.ts +@@ -13,7 +13,6 @@ import { isString } from 'vs/base/common/types'; + import * as nls from 'vs/nls'; + import { MenuId, MenuRegistry } from 'vs/platform/actions/common/actions'; + import { CommandsRegistry } from 'vs/platform/commands/common/commands'; +-import { ContextKeyExpr } from 'vs/platform/contextkey/common/contextkey'; + import { ICredentialsService } from 'vs/platform/credentials/common/credentials'; + import { IDialogService } from 'vs/platform/dialogs/common/dialogs'; + import { registerSingleton } from 'vs/platform/instantiation/common/extensions'; +@@ -197,13 +196,6 @@ export class AuthenticationService extends Disposable implements IAuthentication + @IQuickInputService private readonly quickInputService: IQuickInputService + ) { + super(); +- this._placeholderMenuItem = MenuRegistry.appendMenuItem(MenuId.AccountsContext, { +- command: { +- id: 'noAuthenticationProviders', +- title: nls.localize('loading', "Loading..."), +- precondition: ContextKeyExpr.false() +- }, +- }); + + authenticationExtPoint.setHandler((extensions, { added, removed }) => { + added.forEach(point => { +@@ -272,16 +264,6 @@ export class AuthenticationService extends Disposable implements IAuthentication + this.removeAccessRequest(id, extensionId); + }); + } +- +- if (!this._authenticationProviders.size) { +- this._placeholderMenuItem = MenuRegistry.appendMenuItem(MenuId.AccountsContext, { +- command: { +- id: 'noAuthenticationProviders', +- title: nls.localize('loading', "Loading..."), +- precondition: ContextKeyExpr.false() +- }, +- }); +- } + } + + async sessionsUpdate(id: string, event: AuthenticationSessionsChangeEvent): Promise { diff --git a/stores/snapcraft/snap/snapcraft.yaml b/stores/snapcraft/snap/snapcraft.yaml index 0499719..68e0c06 100644 --- a/stores/snapcraft/snap/snapcraft.yaml +++ b/stores/snapcraft/snap/snapcraft.yaml @@ -8,9 +8,9 @@ base: core18 grade: stable confinement: classic compression: lzo -architectures: - - build-on: amd64 - - build-on: arm64 +# architectures: +# - build-on: amd64 +# - build-on: arm64 parts: codium: