From a9afd985149514997a20f2ad7accd94dbbd8e3e4 Mon Sep 17 00:00:00 2001 From: Lessley Date: Sat, 30 Mar 2024 21:36:19 -0600 Subject: [PATCH] temp --- .github/workflows/release.yml | 125 +++------------------------------- 1 file changed, 10 insertions(+), 115 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5656f134a8..9e5abd328e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,132 +2,27 @@ name: release on: workflow_dispatch: + push: + branches: + - dotnet-tool-signing permissions: id-token: write contents: write jobs: - prereqs: - name: Prerequisites - runs-on: ubuntu-latest - outputs: - version: ${{ steps.version.outputs.version }} - steps: - - uses: actions/checkout@v4 - - - name: Set version - run: echo "version=$(cat VERSION | sed -E 's/.[0-9]+$//')" >> $GITHUB_OUTPUT - id: version - - # ================================ - # .NET Tool - # ================================ - dotnet-tool-build: - name: Build .NET tool - runs-on: ubuntu-latest - needs: prereqs - steps: - - uses: actions/checkout@v4 - - - name: Set up .NET - uses: actions/setup-dotnet@v4.0.0 - with: - dotnet-version: 7.0.x - - - name: Build .NET tool - run: | - src/shared/DotnetTool/layout.sh --configuration=Release - - - name: Upload .NET tool artifacts - uses: actions/upload-artifact@v4 - with: - name: tmp.dotnet-tool-build - path: | - out/shared/DotnetTool/nupkg/Release - dotnet-tool-payload-sign: name: Sign .NET tool payload # ESRP service requires signing to run on Windows runs-on: windows-latest environment: release - needs: dotnet-tool-build steps: - - uses: actions/checkout@v4 - - - name: Download payload - uses: actions/download-artifact@v4 - with: - name: tmp.dotnet-tool-build - - - name: Log into Azure - uses: azure/login@v1 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - name: Download/extract Sign CLI tool - shell: pwsh run: | - az storage blob download --file sign-cli.zip --auth-mode login ` - --account-name $env:AZURE_STORAGE_ACCOUNT ` - --container $env:AZURE_STORAGE_CONTAINER --name $env:SIGN_CLI_TOOL - Expand-Archive -Path sign-cli.zip -DestinationPath .\sign-cli - - - name: Sign payload - shell: pwsh - run: | - ./sign-cli/sign.exe code azcodesign payload/* ` - -acsu https://wus2.codesigning.azure.net/ ` - -acsa git-fundamentals-signing ` - -acscp git-fundamentals-windows-signing ` - -d "Git Fundamentals Windows Signing Certificate" ` - -u "https://github.com/git-ecosystem/git-credential-manager" ` - -acsm true - - - name: Lay out signed payload, images, and symbols - shell: bash - run: | - mkdir dotnet-tool-payload-sign - rm -rf payload - mv images payload.sym -t dotnet-tool-payload-sign - unzip signed/payload.zip -d dotnet-tool-payload-sign - - - name: Upload signed payload - uses: actions/upload-artifact@v4 - with: - name: dotnet-tool-payload-sign - path: | - dotnet-tool-payload-sign - - dotnet-tool-pack: - name: Package .NET tool - runs-on: ubuntu-latest - needs: [prereqs, dotnet-tool-payload-sign] - steps: - - uses: actions/checkout@v4 - - - name: Download signed payload - uses: actions/download-artifact@v4 - with: - name: dotnet-tool-payload-sign - path: signed - - - name: Set up .NET - uses: actions/setup-dotnet@v4.0.0 - with: - dotnet-version: 7.0.x - - - name: Package tool - run: | - src/shared/DotnetTool/pack.sh --configuration=Release \ - --version="${{ needs.prereqs.outputs.version }}" \ - --publish-dir=$(pwd)/signed - - - name: Upload unsigned package - uses: actions/upload-artifact@v4 - with: - name: tmp.dotnet-tool-package-unsigned - path: | - out/shared/DotnetTool/nupkg/Release/*.nupkg + echo $env:AZURE_STORAGE_ACCOUNT + echo $env:NUGET_KEY_CODE + # az storage blob download --file sign-cli.zip --auth-mode login ` + # --account-name $env:AZURE_STORAGE_ACCOUNT ` + # --container-name $env:AZURE_STORAGE_CONTAINER ` + # --name $env:SIGN_CLI_TOOL + # Expand-Archive -Path sign-cli.zip -DestinationPath .\sign-cli