Skip to content

Commit

Permalink
full workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
ldennington committed Apr 8, 2024
1 parent 41b53a7 commit e973054
Showing 1 changed file with 92 additions and 4 deletions.
96 changes: 92 additions & 4 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -90,15 +90,13 @@ jobs:
-u "https://github.com/git-ecosystem/git-credential-manager" `
-acst ${{ secrets.AZURE_TENANT_ID }} `
-acsi ${{ secrets.AZURE_CLIENT_ID }} `
-acss ${{ secrets.AZURE_CLIENT_SECRET }} `
-acss ${{ secrets.AZURE_CLIENT_SECRET }}
- name: Lay out signed payload, images, and symbols
shell: bash
run: |
mkdir dotnet-tool-payload-sign
rm -rf payload
mv images payload.sym -t dotnet-tool-payload-sign
unzip signed/payload.zip -d dotnet-tool-payload-sign
mv images payload.sym payload -t dotnet-tool-payload-sign
- name: Upload signed payload
uses: actions/upload-artifact@v4
Expand Down Expand Up @@ -137,3 +135,93 @@ jobs:
name: tmp.dotnet-tool-package-unsigned
path: |
out/shared/DotnetTool/nupkg/Release/*.nupkg
dotnet-tool-sign:
name: Sign .NET tool package
runs-on: windows-latest
environment: release
needs: dotnet-tool-pack
steps:
- uses: actions/checkout@v4

- name: Download unsigned package
uses: actions/download-artifact@v4
with:
name: tmp.dotnet-tool-package-unsigned
path: nupkg

- name: Log into Azure
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Sign package
run: |
./sign-cli/sign.exe code azcodesign nupkg/* `
-acsu https://wus2.codesigning.azure.net/ `
-acsa git-fundamentals-signing `
-acscp git-fundamentals-windows-signing `
-d "Git Fundamentals Windows Signing Certificate" `
-u "https://github.com/git-ecosystem/git-credential-manager" `
-acst ${{ secrets.AZURE_TENANT_ID }} `
-acsi ${{ secrets.AZURE_CLIENT_ID }} `
-acss ${{ secrets.AZURE_CLIENT_SECRET }}
- name: Publish signed package
uses: actions/upload-artifact@v4
with:
name: dotnet-tool-sign
path: signed/*.nupkg

# ================================
# Validate
# ================================
validate:
name: Validate installers
strategy:
matrix:
component:
- os: ubuntu-latest
artifact: dotnet-tool-sign
command: git-credential-manager
description: dotnet-tool
runs-on: ${{ matrix.component.os }}
needs: dotnet-tool-sign
steps:
- uses: actions/checkout@v4

- name: Set up .NET
uses: actions/setup-dotnet@v4.0.0
with:
dotnet-version: 7.0.x

- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: ${{ matrix.component.artifact }}

- name: Install Windows
if: contains(matrix.component.description, 'windows')
shell: pwsh
run: |
$exePaths = Get-ChildItem -Path ./installers/*.exe | %{$_.FullName}
foreach ($exePath in $exePaths)
{
Start-Process -Wait -FilePath "$exePath" -ArgumentList "/SILENT /VERYSILENT /NORESTART"
}
- name: Install .NET tool
if: contains(matrix.component.description, 'dotnet-tool')
run: |
nupkgpath=$(find ./*.nupkg)
dotnet tool install -g --add-source $(dirname "$nupkgpath") git-credential-manager
"${{ matrix.component.command }}" configure
- name: Validate
shell: bash
run: |
"${{ matrix.component.command }}" --version | sed 's/+.*//' >actual
cat VERSION | sed -E 's/.[0-9]+$//' >expect
cmp expect actual || exit 1Q

0 comments on commit e973054

Please sign in to comment.