Skip to content

Commit

Permalink
temp
Browse files Browse the repository at this point in the history
  • Loading branch information
@ldennington
ldennington committed Mar 31, 2024
1 parent d255186 commit 4656939
Showing 1 changed file with 5 additions and 102 deletions.
107 changes: 5 additions & 102 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ name: release

on:
workflow_dispatch:
push:
branches:
- dotnet-tool-signing

permissions:
id-token: write
Expand All @@ -20,114 +23,14 @@ jobs:
run: echo "version=$(cat VERSION | sed -E 's/.[0-9]+$//')" >> $GITHUB_OUTPUT
id: version

# ================================
# .NET Tool
# ================================
dotnet-tool-build:
name: Build .NET tool
runs-on: ubuntu-latest
needs: prereqs
steps:
- uses: actions/checkout@v4

- name: Set up .NET
uses: actions/setup-dotnet@v4.0.0
with:
dotnet-version: 7.0.x

- name: Build .NET tool
run: |
src/shared/DotnetTool/layout.sh --configuration=Release
- name: Upload .NET tool artifacts
uses: actions/upload-artifact@v4
with:
name: tmp.dotnet-tool-build
path: |
out/shared/DotnetTool/nupkg/Release
dotnet-tool-payload-sign:
name: Sign .NET tool payload
# ESRP service requires signing to run on Windows
runs-on: windows-latest
environment: release
needs: dotnet-tool-build
steps:
- uses: actions/checkout@v4

- name: Download payload
uses: actions/download-artifact@v4
with:
name: tmp.dotnet-tool-build

- name: Log into Azure
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Download/extract Sign CLI tool
shell: pwsh
run: |
az storage blob download --file sign-cli.zip --auth-mode login `
--account-name $env:AZURE_STORAGE_ACCOUNT `
--container $env:AZURE_STORAGE_CONTAINER --name $env:SIGN_CLI_TOOL
echo $env:AZURE_STORAGE_ACCOUNT
az storage blob download --file sign-cli.zip --auth-mode login --account-name $env:AZURE_STORAGE_ACCOUNT --container-name $env:AZURE_STORAGE_CONTAINER --name $env:SIGN_CLI_TOOL
Expand-Archive -Path sign-cli.zip -DestinationPath .\sign-cli
- name: Sign payload
shell: pwsh
run: |
./sign-cli/sign.exe code azcodesign payload/* `
-acsu https://wus2.codesigning.azure.net/ `
-acsa git-fundamentals-signing `
-acscp git-fundamentals-windows-signing `
-d "Git Fundamentals Windows Signing Certificate" `
-u "https://github.com/git-ecosystem/git-credential-manager" `
-acsm true
- name: Lay out signed payload, images, and symbols
shell: bash
run: |
mkdir dotnet-tool-payload-sign
rm -rf payload
mv images payload.sym -t dotnet-tool-payload-sign
unzip signed/payload.zip -d dotnet-tool-payload-sign
- name: Upload signed payload
uses: actions/upload-artifact@v4
with:
name: dotnet-tool-payload-sign
path: |
dotnet-tool-payload-sign
dotnet-tool-pack:
name: Package .NET tool
runs-on: ubuntu-latest
needs: [prereqs, dotnet-tool-payload-sign]
steps:
- uses: actions/checkout@v4

- name: Download signed payload
uses: actions/download-artifact@v4
with:
name: dotnet-tool-payload-sign
path: signed

- name: Set up .NET
uses: actions/setup-dotnet@v4.0.0
with:
dotnet-version: 7.0.x

- name: Package tool
run: |
src/shared/DotnetTool/pack.sh --configuration=Release \
--version="${{ needs.prereqs.outputs.version }}" \
--publish-dir=$(pwd)/signed
- name: Upload unsigned package
uses: actions/upload-artifact@v4
with:
name: tmp.dotnet-tool-package-unsigned
path: |
out/shared/DotnetTool/nupkg/Release/*.nupkg

0 comments on commit 4656939

Please sign in to comment.