Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Artifact Signing #4117

Merged
merged 2 commits into from
Jul 5, 2024
Merged

Update Artifact Signing #4117

merged 2 commits into from
Jul 5, 2024

Conversation

techman83
Copy link
Member

Version 4 of SignPath/github-action-submit-signing-request required the following to be addressed:

Id of the Github Actions artifact. Must be uploaded using the actions/upload-artifact v4+ action before it can be signed. Use {{ steps..outputs.artifact-id }} from the preceding actions/upload-artifact action step.

We now have outputs to be able to pass that artifact id through the workflows to the signing action. Results of this working can be seen here -> https://github.com/KSP-CKAN/CKAN/actions/runs/9804590624

Extra

  • Bumped actions/cache to v4

techman83 added 2 commits July 5, 2024 15:07
@techman83
chore: Bump cache action version
829b4d3
@techman83
feat: Update Sign Release
c24fa56 
There has been a bump in the sign release action version, with a breaking
change. This passes through the artifact id, which is now a requirement.

#1354
@techman83 techman83 requested a review from HebaruSan July 5, 2024 07:36
@techman83 techman83 added Enhancement New features or functionality Build Issues affecting the build system Infrastructure Issues affecting everything around CKAN (the GitHub repos, build process, CI, ...) labels Jul 5, 2024
@HebaruSan
Copy link
Member

How do we attach the signed artifact to the release?

HebaruSan
HebaruSan approved these changes Jul 5, 2024
View reviewed changes
Copy link
Member

@HebaruSan HebaruSan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess this is just an API-compatibility update with no new or changed functionality.
Looks fine so far. 👍

@HebaruSan HebaruSan merged commit dd61d9c into master Jul 5, 2024
6 checks passed
@HebaruSan HebaruSan deleted the update/artifact-signing branch July 5, 2024 21:30
@techman83
Copy link
Member Author

techman83 commented Jul 7, 2024
edited
Loading

There is either an url we can call, but we'd just set an output path

    output-artifact-directory: './_build-signed'

Then attach it to the release

        run: gh release upload ${{ github.event.release.tag_name }} _build-signed/Release/ckan.exe
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

We'd probably also upload it as an artifact we can use for the rest of release artifacts to consume, and just switch everything out. It's the same directory structure as the repack-unsigned, so in theory if we upload it as 'repack-signed', we can just change everything from '-unsigned' to '-signed' with no other changes.

For the nuget package, we'll have to sign that separately, but I think that's reasonable in the scheme of things.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HebaruSan HebaruSan HebaruSan approved these changes

Assignees
No one assigned
Labels
Build Issues affecting the build system Enhancement New features or functionality Infrastructure Issues affecting everything around CKAN (the GitHub repos, build process, CI, ...)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@techman83 @HebaruSan