Skip to content

[debug-certificate-manager] Reimplement Certificate Manager VS Code Extension#5285

Merged
bmiddha merged 9 commits intomainfrom
bmiddha/tls-sync-v2
Jul 25, 2025
Merged

[debug-certificate-manager] Reimplement Certificate Manager VS Code Extension#5285
bmiddha merged 9 commits intomainfrom
bmiddha/tls-sync-v2

Conversation

@bmiddha
Copy link
Member

@bmiddha bmiddha commented Jul 24, 2025
edited
Loading

Summary

The previous implementation needed 2 separate VS Code extensions to sync certificates. One running on the local machine ("ui" extension) and one on the remote machine ("workspace" extension).
Running as 1 extension removes the ping-pong handshake and version checks that were used with the 2 extension version. This also simplifies the publishing story.

Rebranded to "Debug Certificate Manager" since this also works in non-remote scenarios to trust and untrust local certificates.

Details

The new implementation only runs as a "ui" extension and uses VS Code's remote file URIs to manipulate files in the remote workspace.

The new implementation now uses a config file to learn the certificate store path and filenames in the remote workspace. This change also updates CertificateStore to read the same config.

Updated publish pipeline:

  • Log user id used by the service connection.
  • Generate a manifest which will be used to sign the extension before publishing to the marketplace.

Removed tls-sync-vscode-extensions version policy. This was used to keep the multiple extension versions in lock-step so that the version could be verified during the ping-pong handshake. This is no longer needed with the 1 extension implementation.

Removed packages:

  • vscode-extensions/tls-sync-vscode-ui-extension
  • vscode-extensions/tls-sync-vscode-workspace-extension
  • vscode-extensions/tls-sync-vscode-extension-pack
  • vscode-extensions/tls-sync-vscode-shared

Added package:

  • vscode-extensions/debug-certificate-manager-vscode-extension

Updated vscode heft plugins to handle generating the extension manifest used for signing and publishing the vsix.

Update publishing pipeline to add a signing step (more work to do on the signing) and update publishing to use the heft plugin.

How it was tested

Tested CertificateStore config file changes with npx heft trust-dev-cert and npx heft untrust-dev-cert.
Tested extension changes by running the in VS Code extension development host using the launch.json config.

Impacted documentation

@github-project-automation github-project-automation bot moved this to Needs triage in Bug Triage Jul 24, 2025
@bmiddha bmiddha marked this pull request as ready for review July 24, 2025 22:46
dmichon-msft
dmichon-msft approved these changes Jul 25, 2025
View reviewed changes
dmichon-msft
dmichon-msft approved these changes Jul 25, 2025
View reviewed changes
@bmiddha bmiddha merged commit ac95c35 into main Jul 25, 2025
5 checks passed
@bmiddha bmiddha deleted the bmiddha/tls-sync-v2 branch July 25, 2025 22:08
@github-project-automation github-project-automation bot moved this from Needs triage to Closed in Bug Triage Jul 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmichon-msft dmichon-msft dmichon-msft approved these changes

@iclanton iclanton Awaiting requested review from iclanton iclanton is a code owner

@octogonz octogonz Awaiting requested review from octogonz octogonz is a code owner

@apostolisms apostolisms Awaiting requested review from apostolisms apostolisms is a code owner

@D4N14L D4N14L Awaiting requested review from D4N14L

@patmill patmill Awaiting requested review from patmill

Assignees

No one assigned

Labels

None yet

Projects

Bug Triage
Status: Closed

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bmiddha @dmichon-msft