Merge branch 'main' into dependabot/npm_and_yarn/multi-b3740a5222

Author: rzhao271

.gitignore

@@ -3,6 +3,7 @@ dist
 node_modules
 .vscode-test/
 *.vsix
+*.tsbuildinfo
 .nox/
 .venv/
 **/__pycache__/

build/azure-pipeline.npm.yml

@@ -0,0 +1,170 @@
+name: $(Date:yyyyMMdd)$(Rev:.r)
+
+trigger: none
+pr: none
+
+resources:
+  repositories:
+    - repository: MicroBuildTemplate
+      type: git
+      name: 1ESPipelineTemplates/MicroBuildTemplate
+      ref: refs/tags/release
+
+parameters:
+  - name: quality
+    displayName: 📦 Release Quality
+    type: string
+    default: stable
+    values:
+      - stable
+      - preview
+
+  - name: publishPackage
+    displayName: 🚀 Publish to npm
+    type: boolean
+    default: false
+
+  - name: buildSteps
+    type: stepList
+    default:
+      - task: NodeTool@0
+        inputs:
+          versionSpec: '22.21.1'
+        displayName: Select Node version
+
+      - script: npm install
+        workingDirectory: $(Build.SourcesDirectory)/pythonEnvironmentsApi
+        displayName: Install package dependencies
+
+      - script: npm run compile
+        workingDirectory: $(Build.SourcesDirectory)/pythonEnvironmentsApi
+        displayName: Compile TypeScript
+
+      - script: npm pack --ignore-scripts
+        workingDirectory: $(Build.SourcesDirectory)/pythonEnvironmentsApi
+        displayName: Pack npm package
+
+variables:
+  - name: TeamName
+    value: vscode-python-environments
+  - name: PackageName
+    value: '@vscode/python-environments'
+  - name: PackageDir
+    value: pythonEnvironmentsApi
+  - name: npmTag
+    ${{ if eq(parameters.quality, 'preview') }}:
+      value: next
+    ${{ else }}:
+      value: latest
+  - name: AzureArtifactsFeedUrl
+    value: 'https://pkgs.dev.azure.com/azure-public/vside/_packaging/python-environments/npm/registry/'
+  # Same URL without the https:// prefix (used in .npmrc auth lines)
+  - name: AzureArtifactsFeedUrlNoProtocol
+    value: 'pkgs.dev.azure.com/azure-public/vside/_packaging/python-environments/npm/registry/'
+  # Managed Identity service connection for Azure Artifacts auth (shared with Pylance)
+  - name: AzureServiceConnection
+    value: 'PylanceSecureVsIdePublishWithManagedIdentity'
+
+extends:
+  template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
+  parameters:
+    sdl:
+      sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES
+      codeSignValidation:
+        enabled: true
+      sbom:
+        enabled: true
+    pool:
+      name: AzurePipelines-EO
+      image: 1ESPT-Ubuntu22.04
+      os: linux
+
+    customBuildTags:
+      - ES365AIMigrationTooling
+
+    stages:
+      - stage: Build
+        displayName: Build & Pack
+        jobs:
+          - job: BuildPackage
+            displayName: Build npm package
+            templateContext:
+              outputs:
+                - output: pipelineArtifact
+                  targetPath: $(Build.ArtifactStagingDirectory)
+                  artifactName: npm-package
+            steps:
+              - ${{ each step in parameters.buildSteps }}:
+                  - ${{ step }}
+
+              - task: CopyFiles@2
+                displayName: Copy package tarball to staging
+                inputs:
+                  sourceFolder: $(Build.SourcesDirectory)/pythonEnvironmentsApi
+                  contents: '*.tgz'
+                  targetFolder: $(Build.ArtifactStagingDirectory)
+
+      - stage: Publish
+        displayName: Publish to Azure Artifacts
+        dependsOn: Build
+        condition: and(succeeded(), eq('${{ parameters.publishPackage }}', 'true'))
+        jobs:
+          - job: PublishPackage
+            displayName: Publish $(PackageName)
+            templateContext:
+              type: releaseJob
+              isProduction: true
+              inputs:
+                - input: pipelineArtifact
+                  artifactName: npm-package
+                  targetPath: $(Pipeline.Workspace)/npm-package
+            steps:
+              - checkout: none
+
+              - task: NodeTool@0
+                inputs:
+                  versionSpec: '22.21.1'
+                displayName: Select Node version
+
+              # Acquire a short-lived AAD token via Managed Identity (no stored secrets)
+              # SEE https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-security-configuration/configuration-guides/pat-burndown-guidance
+              - task: AzureCLI@2
+                displayName: Acquire AAD token via Managed Identity
+                inputs:
+                  azureSubscription: '$(AzureServiceConnection)'
+                  scriptType: 'pscore'
+                  scriptLocation: 'inlineScript'
+                  inlineScript: |
+                    $token = az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv
+                    Write-Host "##vso[task.setvariable variable=AzdoToken;issecret=true]$token"
+
+              - powershell: |
+                  @"
+                  registry=$(AzureArtifactsFeedUrl)
+                  always-auth=true
+                  "@ | Out-File -FilePath .npmrc
+
+                  @"
+                  ; begin auth token
+                  //$(AzureArtifactsFeedUrlNoProtocol):username=VssSessionToken
+                  //$(AzureArtifactsFeedUrlNoProtocol):_authToken=$env:AZDO_TOKEN
+                  //$(AzureArtifactsFeedUrlNoProtocol):email=not-used@example.com
+                  ; end auth token
+                  "@ | Out-File -FilePath $HOME/.npmrc
+                env:
+                  AZDO_TOKEN: $(AzdoToken)
+                displayName: Create .npmrc files
+
+              - powershell: |
+                  $tgz = Get-ChildItem "$(Pipeline.Workspace)/npm-package/*.tgz" | Select-Object -First 1
+                  if (-not $tgz) {
+                      Write-Error "No .tgz file found in $(Pipeline.Workspace)/npm-package/"
+                      exit 1
+                  }
+                  Write-Host "Publishing: $($tgz.FullName)"
+                  if ("$(npmTag)" -eq "next") {
+                      npm publish $tgz.FullName --registry $(AzureArtifactsFeedUrl) --tag next --ignore-scripts
+                  } else {
+                      npm publish $tgz.FullName --registry $(AzureArtifactsFeedUrl) --ignore-scripts
+                  }
+                displayName: npm publish (${{ parameters.quality }})

package-lock.json

@@ -2,7 +2,7 @@
     "name": "vscode-python-envs",
     "displayName": "Python Environments",
     "description": "Provides a unified python environment experience",
-    "version": "1.21.0",
+    "version": "1.23.0",
     "publisher": "ms-python",
     "preview": true,
     "engines": {

package.json

@@ -0,0 +1,5 @@
+node_modules/
+src/
+out/**/*.map
+*.tsbuildinfo
+tsconfig*.json

pythonEnvironmentsApi/.npmignore

@@ -0,0 +1,21 @@
+Copyright (c) Microsoft Corporation. All rights reserved.
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED _AS IS_, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

pythonEnvironmentsApi/LICENSE.md

@@ -0,0 +1,37 @@
+# @vscode/python-environments
+
+This package provides type declarations and a helper to access the API exposed by the [Python Environments](https://marketplace.visualstudio.com/items?itemName=ms-python.vscode-python-envs) extension for VS Code.
+
+## Usage
+
+1. Install the package and add an `extensionDependencies` entry in your extension's `package.json`:
+
+```jsonc
+// package.json
+{
+    "extensionDependencies": ["ms-python.vscode-python-envs"]
+}
+```
+
+2. Install the npm package:
+
+```
+npm install @vscode/python-environments
+```
+
+3. Import and use the API in your extension:
+
+```typescript
+import { PythonEnvironments } from '@vscode/python-environments';
+
+export async function activate() {
+    const api = await PythonEnvironments.api();
+
+    // Get all discovered environments
+    const envs = await api.getEnvironments('all');
+    for (const env of envs) {
+        console.log(env.displayName, env.version);
+    }
+}
+```
+

pythonEnvironmentsApi/README.md

@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.3 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets Microsoft's [Microsoft's definition of a security vulnerability](<https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)>) of a security vulnerability, please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+-   Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+-   Full paths of source file(s) related to the manifestation of the issue
+-   The location of the affected source code (tag/branch/commit or direct URL)
+-   Any special configuration required to reproduce the issue
+-   Step-by-step instructions to reproduce the issue
+-   Proof-of-concept or exploit code (if possible)
+-   Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->

pythonEnvironmentsApi/SECURITY.md

@@ -0,0 +1,41 @@
+{
+    "name": "@vscode/python-environments",
+    "description": "An API facade for the Python Environments extension in VS Code",
+    "version": "1.0.0",
+    "author": {
+        "name": "Microsoft Corporation"
+    },
+    "keywords": [
+        "Python",
+        "VSCode",
+        "API",
+        "Environments"
+    ],
+    "main": "./out/main.js",
+    "types": "./out/main.d.ts",
+    "engines": {
+        "node": ">=22.21.1",
+        "vscode": "^1.110.0"
+    },
+    "license": "MIT",
+    "homepage": "https://github.com/microsoft/vscode-python-environments/tree/main/pythonEnvironmentsApi",
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/microsoft/vscode-python-environments"
+    },
+    "bugs": {
+        "url": "https://github.com/microsoft/vscode-python-environments/issues"
+    },
+    "scripts": {
+        "prepublishOnly": "echo \"⛔ Can only publish from a secure pipeline ⛔\" && node -e \"process.exitCode = 1\"",
+        "prepack": "npm run all:publish",
+        "all:publish": "git clean -xfd . && npm install && npm run compile",
+        "compile": "tsc -b ./tsconfig.json",
+        "clean": "node -e \"const fs = require('fs'); fs.rmSync('./out', { recursive: true, force: true });\""
+    },
+    "devDependencies": {
+        "@types/node": "^22.0.0",
+        "@types/vscode": "^1.99.0",
+        "typescript": "^5.1.3"
+    }
+}