From 5ccd217aa86d5d60f376f425d216bc344de7787b Mon Sep 17 00:00:00 2001 From: Chuy Zarate Date: Mon, 27 Apr 2026 12:34:03 -0600 Subject: [PATCH 1/2] Add catalog signing for JS/XML content files Generate .cat files covering all JS and XML content shipped in the NodejsTools and TestAdapter VSIXes. This fixes VS signing compliance for 32 unsigned files (31 .js + 1 .xml) flagged by the SignVerify scan. - Add GenerateContentCatalog target in ProjectAfter.targets - Add IncludeCatalogInVsix target to ship .cat in VSIX - Update signWhiteList.txt to remove .js and .xml exclusions Bug: https://devdiv.visualstudio.com/DevDiv/_workitems/edit/2982241 --- Nodejs/Product/ProjectAfter.targets | 78 +++++++++++++++++++++++++++++ signWhiteList.txt | 2 - 2 files changed, 78 insertions(+), 2 deletions(-) diff --git a/Nodejs/Product/ProjectAfter.targets b/Nodejs/Product/ProjectAfter.targets index a9e1e97b5..1e38a5e43 100644 --- a/Nodejs/Product/ProjectAfter.targets +++ b/Nodejs/Product/ProjectAfter.targets @@ -8,4 +8,82 @@ + + + + + + <_CatBaseName>$(MSBuildProjectName)-content + <_CdfFile>$(IntermediateOutputPath)$(_CatBaseName).cdf + <_CatFile>$(OutDir)$(_CatBaseName).cat + + + + + + <_CatalogSourceDir Condition="'$(MSBuildProjectName)' == 'NodejsToolsVsix'" + Include="$(MSBuildThisFileDirectory)..\Nodejs\ProjectTemplates;$(MSBuildThisFileDirectory)..\Nodejs\Templates\Files;$(MSBuildThisFileDirectory)..\..\Extras" /> + + <_CatalogSourceDir Condition="'$(MSBuildProjectName)' == 'TestAdapterVsix'" + Include="$(MSBuildThisFileDirectory)..\TestAdapter\TestFrameworks" /> + + + + <_CatSourceFile Include="%(_CatalogSourceDir.Identity)\**\*.js" /> + <_CatSourceFile Include="%(_CatalogSourceDir.Identity)\**\*.xml" + Exclude="%(_CatalogSourceDir.Identity)\**\*.vstemplate" /> + + + + + + + + + + + + + + + + + + + + + + + Microsoft400 + + + + + + + + <_CatBaseName>$(MSBuildProjectName)-content + <_CatFile>$(OutDir)$(_CatBaseName).cat + + + + + diff --git a/signWhiteList.txt b/signWhiteList.txt index cec6908c5..73ef7c374 100644 --- a/signWhiteList.txt +++ b/signWhiteList.txt @@ -1,3 +1 @@ -*.js, ignore js files *.vsman, ignore vsman files -*.xml, ignore template files From 2d2cf486435902c65988a2d31ca89cf40b0f3b42 Mon Sep 17 00:00:00 2001 From: Chuy Zarate Date: Wed, 29 Apr 2026 12:26:47 -0600 Subject: [PATCH 2/2] Gate catalog signing on SignType to skip local dev builds Only run GenerateContentCatalog and IncludeCatalogInVsix when MicroBuild sets SignType (real on CI, test on PR builds). Local builds have empty SignType, so makecat.exe is never invoked and developers don't need the Windows SDK installed. --- Nodejs/Product/ProjectAfter.targets | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Nodejs/Product/ProjectAfter.targets b/Nodejs/Product/ProjectAfter.targets index 1e38a5e43..ed25443e5 100644 --- a/Nodejs/Product/ProjectAfter.targets +++ b/Nodejs/Product/ProjectAfter.targets @@ -17,7 +17,7 @@ --> + Condition="'$(CreateVsixContainer)' == 'true' AND '$(SignType)' != ''"> <_CatBaseName>$(MSBuildProjectName)-content @@ -76,7 +76,7 @@ --> <_CatBaseName>$(MSBuildProjectName)-content