Merge branch 'main' into copilot/fix-env-variable-multi-line

Author: rchiodo

.github/copilot-instructions.md

@@ -0,0 +1,5 @@
+# Copilot Instructions for vscode-python-debugger
+
+## Learnings
+
+-   Always use `run.executable` (the actual Python binary path) instead of `activatedRun.executable` for interpreter identification in `getInterpreterDetails`, `getSettingsPythonPath`, and `getExecutableCommand`. `activatedRun.executable` may be a wrapper command (e.g. `pixi run python`) set by environment managers like pixi or conda, which breaks the debugger if used as a replacement for the binary. (1)

.vscode/settings.json

@@ -22,4 +22,6 @@
     },
     "git.branchProtection": ["main"],
     "git.branchRandomName.enable": true,
-}
+    "python-envs.defaultEnvManager": "ms-python.python:venv",
+    "python-envs.pythonProjects": []
+}

build/azure-devdiv-pipeline.pre-release.yml

@@ -108,6 +108,7 @@ extends:
               buildSteps: ${{ parameters.buildSteps }}
               isPreRelease: true
               standardizedVersioning: true
+              customNPMRegistry: $(AZURE_ARTIFACTS_FEED)
 
       - stage: Publish
         displayName: Publish Extension
@@ -122,3 +123,4 @@ extends:
               ghCreateTag: true
               ghCreateRelease: true
               ghReleaseAddChangeLog: true
+              customNPMRegistry: $(AZURE_ARTIFACTS_FEED)

build/azure-devdiv-pipeline.stable.yml

@@ -105,6 +105,7 @@ extends:
               buildPlatforms: ${{ parameters.buildPlatforms }}
               buildSteps: ${{ parameters.buildSteps }}
               isPreRelease: false
+              customNPMRegistry: $(AZURE_ARTIFACTS_FEED)
 
       - stage: Publish
         displayName: Publish Extension
@@ -116,3 +117,4 @@ extends:
               publishExtension: ${{ parameters.publishExtension }}
               preRelease: false
               teamName: $(TeamName)
+              customNPMRegistry: $(AZURE_ARTIFACTS_FEED)

build/templates/package.yml

@@ -10,6 +10,16 @@ parameters:
     type: object
     displayName: 'List of platforms to build'
 
+  - name: customNPMRegistry
+    type: string
+    default: ''
+    displayName: 'Custom NPM registry (optional)'
+
+  - name: nodeVersion
+    type: string
+    default: '22.17.0'
+    displayName: 'Node version to install'
+
   - name: buildSteps
     type: stepList
     default: []
@@ -73,6 +83,9 @@ jobs:
 
         steps:
           - template: setup.yml@self
+            parameters:
+              customNPMRegistry: ${{ parameters.customNPMRegistry }}
+              nodeVersion: ${{ parameters.nodeVersion }}
 
           - ${{ if and(eq(parameters.isPreRelease, true), eq(parameters.standardizedVersioning, true)) }}:
               - template: modify-extension-version.yml@self

build/templates/publish-extension.yml

@@ -26,6 +26,16 @@ parameters:
     type: object
     displayName: 'List of platforms to sign and publish'
 
+  - name: customNPMRegistry
+    type: string
+    default: ''
+    displayName: 'Custom NPM registry (optional)'
+
+  - name: nodeVersion
+    type: string
+    default: '22.17.0'
+    displayName: 'Node version to install'
+
   # Signing parameters
   - name: signType
     type: string
@@ -151,6 +161,8 @@ jobs:
           signType: ${{ parameters.signType }}
           verifySignature: ${{ parameters.verifySignature }}
           teamName: ${{ parameters.teamName }}
+          customNPMRegistry: ${{ parameters.customNPMRegistry }}
+          nodeVersion: ${{ parameters.nodeVersion }}
 
   # Job 2: Publish to marketplace
   - ${{ if eq(parameters.publishExtension, true) }}:
@@ -165,17 +177,19 @@ jobs:
           type: releaseJob # This makes a job a release job
           isProduction: true # Indicates a production release
         steps:
-          - template: setup.yml
-            parameters:
-              installNode: true
-              installPython: false
-
           - task: 1ES.DownloadPipelineArtifact@1
             inputs:
               artifactName: extension
               targetPath: $(Build.ArtifactStagingDirectory)/${{ parameters.publishFolder }}
             displayName: 🚛 Download signed extension
 
+          - template: setup.yml
+            parameters:
+              installNode: true
+              installPython: false
+              customNPMRegistry: ${{ parameters.customNPMRegistry }}
+              nodeVersion: ${{ parameters.nodeVersion }}
+
           # Extract VSIX to read publisher/version for GitHub release tagging.
           # Use Agent.TempDirectory to avoid reusing Build.ArtifactStagingDirectory which
           # is reserved for final artifact staging.
@@ -199,6 +213,13 @@ jobs:
               }
 
               $package = Get-Content $packageJsonPath -Raw | ConvertFrom-Json
+              $enabledApiProposals = @()
+              if ($null -ne $package.enabledApiProposals) {
+                $enabledApiProposals = @($package.enabledApiProposals)
+              }
+              $enabledApiProposalsJson = ($enabledApiProposals | ConvertTo-Json -Compress)
+              Write-Host "##vso[task.setvariable variable=EnabledApiProposalsJson]$enabledApiProposalsJson"
+              Write-Host ("enabledApiProposals: " + ($(if ($enabledApiProposals.Count -gt 0) { $enabledApiProposals -join ', ' } else { '<none>' })))
               Write-Host "##vso[task.setvariable variable=publisher;isOutput=true]$($package.publisher)"
               Write-Host "##vso[task.setvariable variable=version;isOutput=true]$($package.version)"
             name: SetPublisherAndVersion
@@ -218,6 +239,7 @@ jobs:
               azureSubscription: ${{ parameters.azureSubscription }}
               buildPlatforms: ${{ parameters.buildPlatforms }}
               manifestName: ${{ parameters.manifestName }}
+              enabledApiProposalsJson: $(EnabledApiProposalsJson)
               signatureName: ${{ parameters.signatureName }}
               publishFolder: ${{ parameters.publishFolder }}
               preRelease: ${{ parameters.preRelease }}

build/templates/publish.yml

@@ -42,6 +42,9 @@ parameters:
   - name: preRelease
     type: boolean
     default: false
+  - name: enabledApiProposalsJson
+    type: string
+    default: ''
 
 steps:
   # Node & vsce expected to be prepared by parent pipeline; omit local installation.
@@ -102,12 +105,14 @@ steps:
 
             if ('${{ parameters.preRelease }}' -eq 'True') {
               Write-Host 'Publishing as pre-release'
-              Write-Host "Executing: npx vsce publish --pat *** --packagePath $vsixPath --manifestPath $manifestPath --signaturePath $signaturePath --pre-release"
-              npx vsce publish --pat $aadToken --packagePath $vsixPath --manifestPath $manifestPath --signaturePath $signaturePath --pre-release
+              $displayCmd = "Executing: npx @vscode/vsce@latest publish --pat *** --packagePath $vsixPath --manifestPath $manifestPath --signaturePath $signaturePath --no-verify --pre-release"
+              Write-Host $displayCmd
+              npx @vscode/vsce@latest publish --pat $aadToken --packagePath $vsixPath --manifestPath $manifestPath --signaturePath $signaturePath --no-verify --pre-release
             } else {
               Write-Host 'Publishing as stable release'
-              Write-Host "Executing: npx vsce publish --pat *** --packagePath $vsixPath --manifestPath $manifestPath --signaturePath $signaturePath"
-              npx vsce publish --pat $aadToken --packagePath $vsixPath --manifestPath $manifestPath --signaturePath $signaturePath
+              $displayCmd = "Executing: npx @vscode/vsce@latest publish --pat *** --packagePath $vsixPath --manifestPath $manifestPath --signaturePath $signaturePath --no-verify"
+              Write-Host $displayCmd
+              npx @vscode/vsce@latest publish --pat $aadToken --packagePath $vsixPath --manifestPath $manifestPath --signaturePath $signaturePath --no-verify
             }
 
             if ($LASTEXITCODE -ne 0) {

build/templates/setup.yml

@@ -1,41 +1,145 @@
 # DevDiv pipeline setup steps
+#
+# Notes on custom registry support:
+# - Custom npm registry setup is implemented inline below (no external scripts).
+# - The template creates a temp .npmrc, sets NPM_CONFIG_USERCONFIG/REGISTRY, and
+#   rewrites lockfiles via a transient JS helper emitted into Agent.TempDirectory.
 parameters:
   - name: installNode
     type: boolean
     default: true
   - name: installPython
     type: boolean
     default: true
+  - name: customNPMRegistry
+    type: string
+    default: ''
+  - name: nodeVersion
+    type: string
+    default: '22.17.0'
+  - name: pythonVersion
+    type: string
+    default: '3.9'
+  - name: npmrcPath
+    type: string
+    default: '$(Agent.TempDirectory)/.npmrc'
 
 steps:
   - ${{ if eq(parameters.installNode, true) }}:
-      - pwsh: |
-          if (-not (Test-Path '.npmrc')) {
-            Write-Host 'No .npmrc found, creating one with public npm registry'
-            @"
-          # Force public npm registry to avoid CI auth (E401) when no token is provided
-          registry=https://registry.npmjs.org/
-          # Do not require auth for public installs
-          always-auth=false
-          "@ | Out-File -FilePath '.npmrc' -Encoding utf8
-          } else {
-            Write-Host '.npmrc already exists'
-          }
-        displayName: Ensure .npmrc exists
-
-      - task: npmAuthenticate@0
+      - task: NodeTool@0
         inputs:
-          workingFile: .npmrc
+          versionSpec: ${{ parameters.nodeVersion }}
+          checkLatest: true
+        displayName: 🛠 Install Node ${{ parameters.nodeVersion }}
+
+      - ${{ if ne(parameters.customNPMRegistry, '') }}:
+          # When using a private/custom registry, configure npm to read auth/config from a temp user config
+          # instead of relying on a checked-in project .npmrc.
+          - pwsh: |
+              $path = "${{ parameters.npmrcPath }}"
+
+              if (Test-Path -LiteralPath $path -PathType Container) {
+                throw "npmrcPath points to a directory (expected a file): $path"
+              }
+
+              $parent = Split-Path -Parent $path
+              if ($parent -and -not (Test-Path -LiteralPath $parent)) {
+                New-Item -ItemType Directory -Path $parent -Force | Out-Null
+              }
+
+              if (-not (Test-Path -LiteralPath $path -PathType Leaf)) {
+                New-Item -ItemType File -Path $path -Force | Out-Null
+              }
+
+              Write-Host "##vso[task.setvariable variable=NPM_CONFIG_USERCONFIG]$path"
+              Write-Host "##vso[task.setvariable variable=NPM_CONFIG_REGISTRY]${{ parameters.customNPMRegistry }}"
+            displayName: 📦 Setup NPM User Config
+
+          # Configure npm/yarn to use the custom registry and ensure auth headers are sent.
+          - pwsh: |
+              $path = "${{ parameters.npmrcPath }}"
+              $registry = "${{ parameters.customNPMRegistry }}"
+
+              $env:NPM_CONFIG_USERCONFIG = $path
+              $env:NPM_CONFIG_REGISTRY = $registry
+
+              npm config set registry "$registry"
+
+              # npm >v7 deprecated the `always-auth` config option, refs npm/cli@72a7eeb
+              # following is a workaround for yarn-like clients to send authorization header for GET
+              # requests to the registry.
+              "always-auth=true" | Out-File -FilePath $path -Append -Encoding utf8
+
+              $yarn = Get-Command yarn -ErrorAction SilentlyContinue
+              if ($null -ne $yarn) {
+                yarn config set registry "$registry"
+              } else {
+                Write-Host "yarn not found; skipping yarn registry configuration"
+              }
+            displayName: 📦 Setup NPM & Yarn
+
+          # Populate the temp .npmrc with auth for the configured registry.
+          - task: npmAuthenticate@0
+            inputs:
+              workingFile: ${{ parameters.npmrcPath }}
+            displayName: 📦 Setup NPM Authentication
+
+          # Some lockfiles contain hardcoded references to public registries. Rewrite them so installs
+          # and `npx` resolve from the custom registry consistently.
+          - pwsh: |
+              $registry = "${{ parameters.customNPMRegistry }}"
+              $env:NPM_CONFIG_REGISTRY = $registry
+              $scriptPath = Join-Path "$(Agent.TempDirectory)" 'setup-npm-registry.js'
+              $lines = @(
+                "const fs = require('fs').promises;",
+                "const path = require('path');",
+                "",
+                "async function* getLockFiles(dir) {",
+                "  const files = await fs.readdir(dir);",
+                "",
+                "  for (const file of files) {",
+                "    const fullPath = path.join(dir, file);",
+                "    const stat = await fs.stat(fullPath);",
+                "",
+                "    if (stat.isDirectory()) {",
+                "      if (file === 'node_modules' || file === '.git') {",
+                "        continue;",
+                "      }",
+                "      yield* getLockFiles(fullPath);",
+                "    } else if (file === 'yarn.lock' || file === 'package-lock.json') {",
+                "      yield fullPath;",
+                "    }",
+                "  }",
+                "}",
+                "",
+                "async function rewrite(file, registry) {",
+                "  let contents = await fs.readFile(file, 'utf8');",
+                "  const re = new RegExp('https://registry\\.[^.]+\\.(com|org)/', 'g');",
+                "  contents = contents.replace(re, registry);",
+                "  await fs.writeFile(file, contents);",
+                "}",
+                "",
+                "async function main() {",
+                "  const root = process.cwd();",
+                "  const registry = process.env.NPM_CONFIG_REGISTRY;",
+                "  if (!registry) { throw new Error('NPM_CONFIG_REGISTRY is not set'); }",
+                "",
+                "  for await (const file of getLockFiles(root)) {",
+                "    await rewrite(file, registry);",
+                "    console.log('Updated node registry:', file);",
+                "  }",
+                "}",
+                "",
+                "main();"
+              )
+
+              Set-Content -LiteralPath $scriptPath -Value ($lines -join "`n") -Encoding utf8
+              node $scriptPath
+            displayName: 📦 Setup NPM Registry
 
       - script: npm config get registry
         displayName: Verify NPM Registry
 
-      - task: NodeTool@0
-        inputs:
-          versionSpec: '22.17.0'
-          checkLatest: true
-        displayName: Select Node 22 LTS
-
   - ${{ if eq(parameters.installPython, true) }}:
       - task: PipAuthenticate@1
         displayName: 'Pip Authenticate'
@@ -44,7 +148,7 @@ steps:
 
       - task: UsePythonVersion@0
         inputs:
-          versionSpec: '3.9' # note Install Python dependencies step below relies on Python 3.9
+          versionSpec: ${{ parameters.pythonVersion }}
           addToPath: true
           architecture: 'x64'
-        displayName: Select Python version
+        displayName: Select Python ${{ parameters.pythonVersion }}

build/templates/sign.yml

@@ -13,9 +13,15 @@ parameters:
   - name: buildPlatforms
     type: object
     displayName: 'List of platforms to sign'
+  - name: customNPMRegistry
+    type: string
+    default: ''
   - name: workingDirectory
     type: string
     default: '$(Build.StagingDirectory)'
+  - name: nodeVersion
+    type: string
+    default: '22.17.0'
   - name: signType
     type: string
     default: real
@@ -73,15 +79,30 @@ steps:
       restoreDirectory: '$(Build.SourcesDirectory)/packages'
       nugetConfigPath: '$(Build.SourcesDirectory)/build/NuGet.config'
 
-  # Setup Node.js and npm authentication
   - template: setup.yml@self
+    parameters:
+      customNPMRegistry: ${{ parameters.customNPMRegistry }}
+      nodeVersion: ${{ parameters.nodeVersion }}
 
   - task: Npm@1
     displayName: 'npm ci (install vsce)'
     inputs:
       command: ci
       workingDir: '$(Build.SourcesDirectory)'
 
+  # Workaround for intermittent MicroBuild plugin install collisions
+  # (e.g. "An item with the specified name ...\\MicroBuild\\Plugins\\Az.Accounts already exists")
+  - powershell: |
+      $pluginsRoot = "$(Agent.TempDirectory)/MicroBuild/Plugins"
+      $azAccountsDir = Join-Path $pluginsRoot "Az.Accounts"
+
+      Write-Host "MicroBuild plugins root: $pluginsRoot"
+      if (Test-Path $azAccountsDir) {
+        Write-Host "Removing existing MicroBuild plugin directory: $azAccountsDir"
+        Remove-Item -LiteralPath $azAccountsDir -Recurse -Force -ErrorAction SilentlyContinue
+      }
+    displayName: '🧹 Clean MicroBuild Az.Accounts plugin cache'
+
   # ✅ Enable MicroBuildSigningPlugin for PME enforcement (once for all platforms)
   - task: MicroBuildSigningPlugin@4
     displayName: Enable MicroBuild Signing