From 893398ff4bfd996606022a0322974301fa163069 Mon Sep 17 00:00:00 2001 From: nwithan8 Date: Wed, 19 Jul 2023 14:46:52 -0600 Subject: [PATCH 01/12] - New scripts to base64 encode/decode files (used for GitHub Secrets in GitHub Actions-powered release process) --- scripts/unix/base64_decode.sh | 12 ++++++++++++ scripts/unix/base64_encode.sh | 13 +++++++++++++ scripts/unix/write_string_to_file.sh | 12 ++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 scripts/unix/base64_decode.sh create mode 100644 scripts/unix/base64_encode.sh create mode 100644 scripts/unix/write_string_to_file.sh diff --git a/scripts/unix/base64_decode.sh b/scripts/unix/base64_decode.sh new file mode 100644 index 000000000..089cb1eeb --- /dev/null +++ b/scripts/unix/base64_decode.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +# This script will decode a base64 string to a file. + +INPUT_FILE=$1 +OUTPUT_FILE=$2 + +# Decode the file contents from base64 in the output file +base64 -d -i "$INPUT_FILE" -o "$OUTPUT_FILE" + +# Exit with success +exit 0 diff --git a/scripts/unix/base64_encode.sh b/scripts/unix/base64_encode.sh new file mode 100644 index 000000000..03e129d34 --- /dev/null +++ b/scripts/unix/base64_encode.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +# This script will encode the contents of a file to a base64 string. + +INPUT_FILE=$1 +OUTPUT_FILE="$INPUT_FILE.base64" + +# Encode the file contents to base64 in the output file +base64 -i "$INPUT_FILE" -o "$OUTPUT_FILE" + +# Exit with success +exit 0 + diff --git a/scripts/unix/write_string_to_file.sh b/scripts/unix/write_string_to_file.sh new file mode 100644 index 000000000..bed09cf04 --- /dev/null +++ b/scripts/unix/write_string_to_file.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +# This script will write a string to a file. + +INPUT_STRING=$1 +OUTPUT_FILE=$2 + +# Write the string to the file +echo "$INPUT_STRING" > "$OUTPUT_FILE" + +# Exit with success +exit 0 \ No newline at end of file From c8fea1144d773c04488bf285792cfa29cf403383 Mon Sep 17 00:00:00 2001 From: nwithan8 Date: Wed, 19 Jul 2023 14:53:01 -0600 Subject: [PATCH 02/12] - New script to prepare a certificate (stored in GitHub Secrets) for use in GitHub Actions --- scripts/unix/prepare_release_certificate.sh | 29 +++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 scripts/unix/prepare_release_certificate.sh diff --git a/scripts/unix/prepare_release_certificate.sh b/scripts/unix/prepare_release_certificate.sh new file mode 100644 index 000000000..ba346c6aa --- /dev/null +++ b/scripts/unix/prepare_release_certificate.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# This script will prepare a certificate needed for the release process on GitHub Actions, by decoding a base64 version of the certificate to a file. + +CERT_BASE64_STRING=$1 +CERT_FILE_NAME=$2 + +if [ -z "$CERT_BASE64_STRING" ]; then + echo "No certificate provided" + exit 1 +fi + +echo "Preparing $CERT_FILE_NAME certificate..." + +TEMP_INPUT_FILE="$CERT_FILE_NAME.base64" + +# Copy the base64 string to a temporary file +echo "$CERT_BASE64_STRING" > "$TEMP_INPUT_FILE" + +# Decode the file contents from base64 in the output file +base64 -d -i "$TEMP_INPUT_FILE" -o "$CERT_FILE_NAME" + +echo "Certificate $CERT_FILE_NAME prepared" + +# Delete the temporary file +rm "$TEMP_INPUT_FILE" + +# Exit with success +exit 0 From 99df6371c1fa78bda005a71421dd4a8300604d5a Mon Sep 17 00:00:00 2001 From: nwithan8 Date: Fri, 28 Jul 2023 10:32:36 -0600 Subject: [PATCH 03/12] - Add NuGet publish step to Makefile --- Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Makefile b/Makefile index 8494a0c20..f5cd11ed0 100644 --- a/Makefile +++ b/Makefile @@ -78,6 +78,14 @@ lint-scripts: prep-release: bash scripts/unix/build_release_nuget.sh EasyPost ${sncert} ${cert} ${pass} Release +## publish - Publish the project to NuGet +# @parameters: +# key= - The NuGet API key to use for publishing. +# ref: https://learn.microsoft.com/en-us/nuget/reference/cli-reference/cli-ref-push +publish: + # Verify that no extraneous .nupkg files exist + dotnet nuget push *.nupkg -Source https://api.nuget.org/v3/index.json -k ${key} -SkipDuplicate # -NonInteractive + ## release - Cuts a release for the project on GitHub (requires GitHub CLI) # tag = The associated tag title of the release release: From 42955d145ab9856dca1483f0063d478152c3d77c Mon Sep 17 00:00:00 2001 From: nwithan8 Date: Fri, 25 Aug 2023 10:56:45 -0600 Subject: [PATCH 04/12] - Use GPG encryption rather than base64 decoding for storing certs in GitHub Actions - New GitHub Action config to automate release process on pushing to a tag --- .github/workflows/release.yml | 80 +++++++++++++++++++++ Makefile | 12 ++++ RELEASE_NOTES.md | 1 + scripts/unix/base64_decode.sh | 12 ---- scripts/unix/base64_encode.sh | 13 ---- scripts/unix/gpg_decrypt.sh | 14 ++++ scripts/unix/gpg_decrypt_dir.sh | 18 +++++ scripts/unix/gpg_encrypt.sh | 14 ++++ scripts/unix/gpg_encrypt_dir.sh | 16 +++++ scripts/unix/prepare_release_certificate.sh | 29 -------- scripts/unix/write_string_to_file.sh | 12 ---- 11 files changed, 155 insertions(+), 66 deletions(-) create mode 100644 .github/workflows/release.yml create mode 100644 RELEASE_NOTES.md delete mode 100644 scripts/unix/base64_decode.sh delete mode 100644 scripts/unix/base64_encode.sh create mode 100755 scripts/unix/gpg_decrypt.sh create mode 100644 scripts/unix/gpg_decrypt_dir.sh create mode 100755 scripts/unix/gpg_encrypt.sh create mode 100644 scripts/unix/gpg_encrypt_dir.sh delete mode 100644 scripts/unix/prepare_release_certificate.sh delete mode 100644 scripts/unix/write_string_to_file.sh diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000..e7ecea840 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,80 @@ +name: Release + +on: + push: + tags: + # ex. "v1.2.3", "v1.2.3-rc1" + - "v[0-9]+.[0-9]+.*" + +jobs: + publish: + name: Publish to NuGet + runs-on: ubuntu-22.04 + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # todo: unneeded? + - name: Establish variables + id: vars + run: | + VERSION=${{ github.event.inputs.version || github.ref_name }} + echo ::set-output name=version::${VERSION} + + - name: Install .NET SDK + uses: actions/setup-dotnet@v3 + with: + # .NET 3.1 and 5 are deprecated and removed from GitHub Actions, we need to manually install them + dotnet-version: | + 3.1.x + 5.x.x + 7.x.x + + - name: Setup Nuget + uses: NuGet/setup-nuget@v1.1.1 + + - name: Load NuGet package cache + uses: actions/cache@v3 + with: + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ matrix.framework }}-${{ hashFiles('**/packages.lock.json') }} + restore-keys: | + ${{ runner.os }}-nuget- + + - name: Restore NuGet Packages + run: make restore + + - name: Set up dotnet tools and dependencies + run: make install + + - name: Prep certificate imports + run: mkdir -p certs + + - name: Import authenticity certificate + run: echo "${{ secrets.AUTHENTICITY_CERT_ENC }}" > certs/authenticity_cert.pfx.enc + + - name: Import signing certificate + run: echo "${{ secrets.SIGNING_CERT_ENC }}" > cert/signing_cert.snk.enc + + - name: Decrypt certificates + run: make github-actions-certs-decrypt pass=${{ secrets.ENCRYPTION_KEY }} + + - name: Delete straggling .nupkg files + run: rm -f *.nupkg || true + + - name: Build NuGet package + run: make prep-release cert=certs/authenticity_cert.pfx sncert=certs/signing_cert.snk pass=${{ secrets.CERT_PASSWORD }} + + - name: Delete certificates + run: rm -rf certs + + - name: Publish to NuGet + run: make publish key=${{ secrets.NUGET_API_KEY }} + + - name: Create a GitHub release + uses: softprops/action-gh-release@v1 + # ref: https://github.com/softprops/action-gh-release#-customizing + with: + body_path: RELEASE_NOTES.md + files: | + "*.nupkg" \ No newline at end of file diff --git a/Makefile b/Makefile index f5cd11ed0..6d3a50967 100644 --- a/Makefile +++ b/Makefile @@ -37,6 +37,18 @@ coverage-check: docs: dotnet tool run docfx docs/docfx.json +## github-actions-certs-decrypt - Decrypt the certificates for GitHub Actions +# @parameters: +# pass= - The password used for decrypting the certificates. +github-actions-certs-decrypt: + bash scripts/unix/gpg_decrypt_dir.sh certs ${pass} "gpg" + +## github-actions-certs-encrypt - Encrypt the certificates for GitHub Actions +# @parameters: +# pass= - The password used for encrypting the certificates. +github-actions-certs-encrypt: + bash scripts/unix/gpg_encrypt_dir.sh certs ${pass} "gpg" + ## install-tools - Install required dotnet tools install-tools: dotnet new tool-manifest || exit 0 diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md new file mode 100644 index 000000000..08cc9e8be --- /dev/null +++ b/RELEASE_NOTES.md @@ -0,0 +1 @@ +- Notes copied from the CHANGELOG that will be included on the Release page of GitHub \ No newline at end of file diff --git a/scripts/unix/base64_decode.sh b/scripts/unix/base64_decode.sh deleted file mode 100644 index 089cb1eeb..000000000 --- a/scripts/unix/base64_decode.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# This script will decode a base64 string to a file. - -INPUT_FILE=$1 -OUTPUT_FILE=$2 - -# Decode the file contents from base64 in the output file -base64 -d -i "$INPUT_FILE" -o "$OUTPUT_FILE" - -# Exit with success -exit 0 diff --git a/scripts/unix/base64_encode.sh b/scripts/unix/base64_encode.sh deleted file mode 100644 index 03e129d34..000000000 --- a/scripts/unix/base64_encode.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -# This script will encode the contents of a file to a base64 string. - -INPUT_FILE=$1 -OUTPUT_FILE="$INPUT_FILE.base64" - -# Encode the file contents to base64 in the output file -base64 -i "$INPUT_FILE" -o "$OUTPUT_FILE" - -# Exit with success -exit 0 - diff --git a/scripts/unix/gpg_decrypt.sh b/scripts/unix/gpg_decrypt.sh new file mode 100755 index 000000000..f85adbd4d --- /dev/null +++ b/scripts/unix/gpg_decrypt.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# This script will decrypt a GPG encrypted file. + +# Usage: gpg_decrypt.sh + +INPUT_FILE=$1 +PASSWORD=$2 +OUTPUT_FILE=$3 + +gpg --decrypt --passphrase "$PASSWORD" --batch --output "$OUTPUT_FILE" "$INPUT_FILE" + +# Exit with success +exit 0 diff --git a/scripts/unix/gpg_decrypt_dir.sh b/scripts/unix/gpg_decrypt_dir.sh new file mode 100644 index 000000000..72a3356a6 --- /dev/null +++ b/scripts/unix/gpg_decrypt_dir.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# This script will encrypt all the files in a directory using GPG. + +# Usage: gpg_encrypt_dir.sh + +INPUT_DIR=$1 +PASSWORD=$2 +ENCRYPTED_SUFFIX=$3 + +# Loop through all the files in the input directory +for file in "$INPUT_DIR"/* +do + # Output is file name minus the ENCRYPTED_SUFFIX + output_file=${file%.$ENCRYPTED_SUFFIX} + # Decrypt the file + gpg --decrypt --passphrase "$PASSWORD" --batch --output "$output_file" "$file" 2>/dev/null # Ignore stderr +done \ No newline at end of file diff --git a/scripts/unix/gpg_encrypt.sh b/scripts/unix/gpg_encrypt.sh new file mode 100755 index 000000000..071db2c45 --- /dev/null +++ b/scripts/unix/gpg_encrypt.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# This script will encrypt a file using GPG. + +# Usage: gpg_encrypt.sh + +INPUT_FILE=$1 +PASSWORD=$2 +OUTPUT_FILE=$3 + +gpg --symmetric --cipher-algo AES256 --passphrase "$PASSWORD" --batch --armor --yes --output "$OUTPUT_FILE" "$INPUT_FILE" + +# Exit with success +exit 0 diff --git a/scripts/unix/gpg_encrypt_dir.sh b/scripts/unix/gpg_encrypt_dir.sh new file mode 100644 index 000000000..c92ddc958 --- /dev/null +++ b/scripts/unix/gpg_encrypt_dir.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +# This script will encrypt all the files in a directory using GPG. + +# Usage: gpg_encrypt_dir.sh + +INPUT_DIR=$1 +PASSWORD=$2 +OUTPUT_SUFFIX=$3 + +# Loop through all the files in the input directory +for file in "$INPUT_DIR"/* +do + # Encrypt the file + gpg --symmetric --passphrase "$PASSWORD" --batch --output "$file.$OUTPUT_SUFFIX" "$file" +done \ No newline at end of file diff --git a/scripts/unix/prepare_release_certificate.sh b/scripts/unix/prepare_release_certificate.sh deleted file mode 100644 index ba346c6aa..000000000 --- a/scripts/unix/prepare_release_certificate.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -# This script will prepare a certificate needed for the release process on GitHub Actions, by decoding a base64 version of the certificate to a file. - -CERT_BASE64_STRING=$1 -CERT_FILE_NAME=$2 - -if [ -z "$CERT_BASE64_STRING" ]; then - echo "No certificate provided" - exit 1 -fi - -echo "Preparing $CERT_FILE_NAME certificate..." - -TEMP_INPUT_FILE="$CERT_FILE_NAME.base64" - -# Copy the base64 string to a temporary file -echo "$CERT_BASE64_STRING" > "$TEMP_INPUT_FILE" - -# Decode the file contents from base64 in the output file -base64 -d -i "$TEMP_INPUT_FILE" -o "$CERT_FILE_NAME" - -echo "Certificate $CERT_FILE_NAME prepared" - -# Delete the temporary file -rm "$TEMP_INPUT_FILE" - -# Exit with success -exit 0 diff --git a/scripts/unix/write_string_to_file.sh b/scripts/unix/write_string_to_file.sh deleted file mode 100644 index bed09cf04..000000000 --- a/scripts/unix/write_string_to_file.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# This script will write a string to a file. - -INPUT_STRING=$1 -OUTPUT_FILE=$2 - -# Write the string to the file -echo "$INPUT_STRING" > "$OUTPUT_FILE" - -# Exit with success -exit 0 \ No newline at end of file From 8ffa580e8e37f2823704803fe37f9782e057ff29 Mon Sep 17 00:00:00 2001 From: nwithan8 Date: Fri, 25 Aug 2023 12:40:31 -0600 Subject: [PATCH 05/12] - Remove unnecessary CI step --- .github/workflows/release.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e7ecea840..3958f8421 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,13 +14,6 @@ jobs: - name: Checkout repository uses: actions/checkout@v3 - # todo: unneeded? - - name: Establish variables - id: vars - run: | - VERSION=${{ github.event.inputs.version || github.ref_name }} - echo ::set-output name=version::${VERSION} - - name: Install .NET SDK uses: actions/setup-dotnet@v3 with: From 8fcbc99234d3ca89b5dfa79547c7865b3f3bc6c3 Mon Sep 17 00:00:00 2001 From: nwithan8 Date: Mon, 20 Nov 2023 14:38:58 -0700 Subject: [PATCH 06/12] - Prep CI release process - Migrate release worker to Windows instead of Ubuntu - Remove unused Unix scripts --- .github/workflows/release.yml | 87 +++++++++++++++------------ EasyPost.Integration/TestUtils.cs | 4 +- Makefile | 8 --- scripts/unix/build_project.sh | 13 ---- scripts/unix/build_release_nuget.sh | 39 ------------ scripts/unix/delete_old_assemblies.sh | 8 --- scripts/unix/gpg_decrypt.sh | 14 ----- scripts/unix/gpg_decrypt_dir.sh | 18 ------ scripts/unix/gpg_encrypt.sh | 14 ----- scripts/unix/gpg_encrypt_dir.sh | 16 ----- scripts/unix/install_osslsigncode.sh | 38 ------------ scripts/unix/pack_nuget.sh | 13 ---- scripts/unix/sign_dlls.sh | 23 ------- scripts/unix/sign_nuget.sh | 22 ------- scripts/unix/strong_name_dlls.sh | 20 ------ scripts/win/build_release_nuget.bat | 11 ++-- scripts/win/sign_nuget.bat | 6 +- 17 files changed, 58 insertions(+), 296 deletions(-) delete mode 100755 scripts/unix/build_project.sh delete mode 100755 scripts/unix/build_release_nuget.sh delete mode 100755 scripts/unix/delete_old_assemblies.sh delete mode 100755 scripts/unix/gpg_decrypt.sh delete mode 100644 scripts/unix/gpg_decrypt_dir.sh delete mode 100755 scripts/unix/gpg_encrypt.sh delete mode 100644 scripts/unix/gpg_encrypt_dir.sh delete mode 100644 scripts/unix/install_osslsigncode.sh delete mode 100755 scripts/unix/pack_nuget.sh delete mode 100755 scripts/unix/sign_dlls.sh delete mode 100755 scripts/unix/sign_nuget.sh delete mode 100755 scripts/unix/strong_name_dlls.sh diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3958f8421..2b1aff6b4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,6 +1,8 @@ name: Release on: + workflow_dispatch: ~ + pull_request: ~ push: tags: # ex. "v1.2.3", "v1.2.3-rc1" @@ -9,7 +11,7 @@ on: jobs: publish: name: Publish to NuGet - runs-on: ubuntu-22.04 + runs-on: windows-latest steps: - name: Checkout repository uses: actions/checkout@v3 @@ -26,48 +28,55 @@ jobs: - name: Setup Nuget uses: NuGet/setup-nuget@v1.1.1 - - name: Load NuGet package cache - uses: actions/cache@v3 - with: - path: ~/.nuget/packages - key: ${{ runner.os }}-nuget-${{ matrix.framework }}-${{ hashFiles('**/packages.lock.json') }} - restore-keys: | - ${{ runner.os }}-nuget- - - name: Restore NuGet Packages run: make restore - name: Set up dotnet tools and dependencies run: make install - - name: Prep certificate imports - run: mkdir -p certs - - - name: Import authenticity certificate - run: echo "${{ secrets.AUTHENTICITY_CERT_ENC }}" > certs/authenticity_cert.pfx.enc - - - name: Import signing certificate - run: echo "${{ secrets.SIGNING_CERT_ENC }}" > cert/signing_cert.snk.enc - - - name: Decrypt certificates - run: make github-actions-certs-decrypt pass=${{ secrets.ENCRYPTION_KEY }} - - - name: Delete straggling .nupkg files - run: rm -f *.nupkg || true - - - name: Build NuGet package - run: make prep-release cert=certs/authenticity_cert.pfx sncert=certs/signing_cert.snk pass=${{ secrets.CERT_PASSWORD }} - - - name: Delete certificates - run: rm -rf certs - - - name: Publish to NuGet - run: make publish key=${{ secrets.NUGET_API_KEY }} - - - name: Create a GitHub release - uses: softprops/action-gh-release@v1 + - name: Set up authenticity certificate + run: | + echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12 + shell: bash + + - name: Set variables + id: variables + run: | + echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" + echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" + echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" + echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" + echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH + echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH + echo "C:\Program Files\DigiCert\DigiCert Keylocker Tools" >> $GITHUB_PATH + shell: bash + + - name: Setup Keylocker KSP on Windows + run: | + curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o Keylockertools-windows-x64.msi + msiexec /i Keylockertools-windows-x64.msi /quiet /qn + smksp_registrar.exe list + smctl.exe keypair ls + C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user + shell: cmd + + - name: Sync Certificates + run: | + smctl windows certsync + shell: cmd + + - name: Build and Sign NuGet package + run: | + call scripts\win\build_release_nuget.bat EasyPost certs\signing_cert.snk "${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}" Release + shell: cmd + + # - name: Publish to NuGet + # run: make publish key=${{ secrets.NUGET_API_KEY }} + + # - name: Create a GitHub release + # uses: softprops/action-gh-release@v1 # ref: https://github.com/softprops/action-gh-release#-customizing - with: - body_path: RELEASE_NOTES.md - files: | - "*.nupkg" \ No newline at end of file + # with: + # body_path: RELEASE_NOTES.md + # files: | + # "*.nupkg" \ No newline at end of file diff --git a/EasyPost.Integration/TestUtils.cs b/EasyPost.Integration/TestUtils.cs index 19fec6e79..a133185b4 100644 --- a/EasyPost.Integration/TestUtils.cs +++ b/EasyPost.Integration/TestUtils.cs @@ -63,7 +63,7 @@ internal static string GetApiKey(ApiKey apiKey) } // ReSharper disable once InconsistentNaming - internal static Client GetBasicVCRClient(string apiKey, HttpClient? vcrClient = null) => new(new ClientConfiguration(apiKey) + internal static Client GetBasicVCRClient(string apiKey, System.Net.Http.HttpClient? vcrClient = null) => new(new ClientConfiguration(apiKey) { CustomHttpClient = vcrClient, }); @@ -138,7 +138,7 @@ public VCR(string? testCassettesFolder = null, ApiKey apiKey = ApiKey.Test) internal bool IsRecording() => _vcr.Mode == Mode.Record; - internal Client SetUpTest(string cassetteName, Func getClientFunc, string? overrideApiKey = null) + internal Client SetUpTest(string cassetteName, Func getClientFunc, string? overrideApiKey = null) { // override api key if needed string apiKey = overrideApiKey ?? _apiKey; diff --git a/Makefile b/Makefile index 6d3a50967..5730b7b38 100644 --- a/Makefile +++ b/Makefile @@ -82,14 +82,6 @@ lint-fix: lint-scripts: scripts\win\lint_scripts.bat -## prep-release - Build, sign and package the project for distribution, signing with the provided certificate -# @parameters: -# sncert= - The strong-name certificate to use for signing the built assets. -# cert= - The authenticity certificate to use for signing the built assets. -# pass= - The password for the authenticity certificate. -prep-release: - bash scripts/unix/build_release_nuget.sh EasyPost ${sncert} ${cert} ${pass} Release - ## publish - Publish the project to NuGet # @parameters: # key= - The NuGet API key to use for publishing. diff --git a/scripts/unix/build_project.sh b/scripts/unix/build_project.sh deleted file mode 100755 index cb63f2610..000000000 --- a/scripts/unix/build_project.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -# This script will restore and build a .NET project in a specified mode and platform. - -# Requirements: -# - dotnet is installed on the machine and is accessible everywhere (added to PATH) - -# Parse command line arguments -BUILD_MODE=$1 - -# Restore dependencies and build solution -echo "Restoring and building project..." -dotnet msbuild -property:Configuration="$BUILD_MODE" -target:Rebuild -restore || exit 1 diff --git a/scripts/unix/build_release_nuget.sh b/scripts/unix/build_release_nuget.sh deleted file mode 100755 index dfee0e74c..000000000 --- a/scripts/unix/build_release_nuget.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -# This script will build a .NET project in Release mode, sign the generated DLLs with a provided PFX certificate, -# package the DLLs into a NuGet package, and sign the NuGet package with the provided PFX certificate. -# This script also handles pre-run cleanup (will delete old DLLs and NuGet package files) - -# Requirements: -# - NuGet is installed on the machine and is accessible everywhere (added to PATH) -# - dotnet is installed on the machine and is accessible everywhere (added to PATH) -# - osslsigncode (https://github.com/mtrojnar/osslsigncode) is installed on the machine and is accessible everywhere (added to PATH) - -# Parse command line arguments -PROJECT_NAME=$1 -STRONG_NAME_CERT_FILE=$2 -AUTH_CERT_FILE=$3 -AUTH_CERT_PASSWORD=$4 -BUILD_MODE=$5 - -# Delete old files -bash scripts/unix/delete_old_assemblies.sh - -# Restore dependencies and build solution -bash scripts/unix/build_project.sh "$BUILD_MODE" || exit 1 - -# Strong-name sign the DLLs -bash scripts/unix/strong_name_dlls.sh "$STRONG_NAME_CERT_FILE" || exit 1 - -# Sign the DLLs for authenticity -bash scripts/unix/sign_dlls.sh "$AUTH_CERT_FILE" "$AUTH_CERT_PASSWORD" || exit 1 - -# Package the DLLs into a NuGet package (will fail if DLLs are missing) -bash scripts/unix/pack_nuget.sh "$PROJECT_NAME" || exit 1 - -# Sign the NuGet package for authenticity -bash scripts/unix/sign_nuget.sh "$AUTH_CERT_FILE" "$AUTH_CERT_PASSWORD" || exit 1 - -# Preset final information -NUGET_PACKAGE_FILE=$(find . -name "*.nupkg") -echo "NuGet file $NUGET_PACKAGE_FILE is ready." diff --git a/scripts/unix/delete_old_assemblies.sh b/scripts/unix/delete_old_assemblies.sh deleted file mode 100755 index de420d3df..000000000 --- a/scripts/unix/delete_old_assemblies.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -# This script will delete any DLLs and NuGet packages - -# Delete old DLLs -echo "Cleaning old files..." -rm -rf lib -rm -rf "*.nupkg" diff --git a/scripts/unix/gpg_decrypt.sh b/scripts/unix/gpg_decrypt.sh deleted file mode 100755 index f85adbd4d..000000000 --- a/scripts/unix/gpg_decrypt.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -# This script will decrypt a GPG encrypted file. - -# Usage: gpg_decrypt.sh - -INPUT_FILE=$1 -PASSWORD=$2 -OUTPUT_FILE=$3 - -gpg --decrypt --passphrase "$PASSWORD" --batch --output "$OUTPUT_FILE" "$INPUT_FILE" - -# Exit with success -exit 0 diff --git a/scripts/unix/gpg_decrypt_dir.sh b/scripts/unix/gpg_decrypt_dir.sh deleted file mode 100644 index 72a3356a6..000000000 --- a/scripts/unix/gpg_decrypt_dir.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -# This script will encrypt all the files in a directory using GPG. - -# Usage: gpg_encrypt_dir.sh - -INPUT_DIR=$1 -PASSWORD=$2 -ENCRYPTED_SUFFIX=$3 - -# Loop through all the files in the input directory -for file in "$INPUT_DIR"/* -do - # Output is file name minus the ENCRYPTED_SUFFIX - output_file=${file%.$ENCRYPTED_SUFFIX} - # Decrypt the file - gpg --decrypt --passphrase "$PASSWORD" --batch --output "$output_file" "$file" 2>/dev/null # Ignore stderr -done \ No newline at end of file diff --git a/scripts/unix/gpg_encrypt.sh b/scripts/unix/gpg_encrypt.sh deleted file mode 100755 index 071db2c45..000000000 --- a/scripts/unix/gpg_encrypt.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -# This script will encrypt a file using GPG. - -# Usage: gpg_encrypt.sh - -INPUT_FILE=$1 -PASSWORD=$2 -OUTPUT_FILE=$3 - -gpg --symmetric --cipher-algo AES256 --passphrase "$PASSWORD" --batch --armor --yes --output "$OUTPUT_FILE" "$INPUT_FILE" - -# Exit with success -exit 0 diff --git a/scripts/unix/gpg_encrypt_dir.sh b/scripts/unix/gpg_encrypt_dir.sh deleted file mode 100644 index c92ddc958..000000000 --- a/scripts/unix/gpg_encrypt_dir.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -# This script will encrypt all the files in a directory using GPG. - -# Usage: gpg_encrypt_dir.sh - -INPUT_DIR=$1 -PASSWORD=$2 -OUTPUT_SUFFIX=$3 - -# Loop through all the files in the input directory -for file in "$INPUT_DIR"/* -do - # Encrypt the file - gpg --symmetric --passphrase "$PASSWORD" --batch --output "$file.$OUTPUT_SUFFIX" "$file" -done \ No newline at end of file diff --git a/scripts/unix/install_osslsigncode.sh b/scripts/unix/install_osslsigncode.sh deleted file mode 100644 index f5c6eb389..000000000 --- a/scripts/unix/install_osslsigncode.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -# This script will install the osslsigncode dependency (https://github.com/mtrojnar/osslsigncode) required to release this project - -PATH_STORAGE=/usr/local/bin - -# Create a temporary folder -TEMP_FOLDER="temp" -mkdir -p "$TEMP_FOLDER" -cd "$TEMP_FOLDER" || exit - -# Download the latest macOS release -# Courtesy: https://gist.github.com/steinwaywhw/a4cd19cda655b8249d908261a62687f8 -REPO="mtrojnar/osslsigncode" -curl -s https://api.github.com/repos/$REPO/releases/latest \ -| grep "browser_download_url.*macOS.zip" \ -| cut -d : -f 2,3 \ -| tr -d \" \ -| wget -qi - - -# Find the file name of the downloaded file -ZIP_FILE=$(find . -name "*macOS.zip") - -# Unzip the file -unzip "$ZIP_FILE" - -# Find the executable -OSSLSIGNCODE_EXE=$(find . -name "osslsigncode") - -# Make the executable executable -chmod +x "$OSSLSIGNCODE_EXE" - -# Move the executable to the PATH_STORAGE folder -mv "$OSSLSIGNCODE_EXE" "$PATH_STORAGE" - -# Clean up -cd .. -rm -rf "$TEMP_FOLDER" diff --git a/scripts/unix/pack_nuget.sh b/scripts/unix/pack_nuget.sh deleted file mode 100755 index 186efb33b..000000000 --- a/scripts/unix/pack_nuget.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -# This script will generate a NuGet package according the the project's .nuspec file. - -# Requirements: -# - NuGet is installed on the machine and is accessible everywhere (added to PATH) - -# Parse command line arguments -PROJECT_NAME=$1 - -# Generate the NuGet package (will fail if assemblies are missing) -echo "Generating NuGet package..." -nuget pack "$PROJECT_NAME.nuspec" || exit 1 diff --git a/scripts/unix/sign_dlls.sh b/scripts/unix/sign_dlls.sh deleted file mode 100755 index c4e2f293c..000000000 --- a/scripts/unix/sign_dlls.sh +++ /dev/null @@ -1,23 +0,0 @@ -# Parse command line arguments -CERT_FILE=$1 -CERT_PASSWORD=$2 - -# Set variables -AUTHOR_NAME="EasyPost" -AUTHOR_URL="http://www.easypost.com" -TIMESTAMP_SERVER="http://timestamp.digicert.com?alg=sha256" -FOLDER="lib" -SUFFIX=".signed" -FILE_PATTERN="*.dll" - -# Sign all DLLs found with our certificate to guarantee authenticity -echo "Signing DLLs with $CERT_FILE for authenticity..." -for file in $(find "$FOLDER" -name "$FILE_PATTERN"); do - echo "Signing $file..." - # Sign the file to a new file with added suffix - osslsigncode sign -pkcs12 "$CERT_FILE" -pass "$CERT_PASSWORD" -n "$AUTHOR_NAME" -i "$AUTHOR_URL" -ts "$TIMESTAMP_SERVER" -in "$file" -out "$file$SUFFIX" - # Delete original file - rm -f "$file" - # Rename signed file to original name - mv "$file$SUFFIX" "$file" -done diff --git a/scripts/unix/sign_nuget.sh b/scripts/unix/sign_nuget.sh deleted file mode 100755 index 87fcd16bf..000000000 --- a/scripts/unix/sign_nuget.sh +++ /dev/null @@ -1,22 +0,0 @@ -# This script will find and sign any NuGet packages with a provided PFX certificate for authenticity - -# Requirements: -# - NuGet is installed on the machine and is accessible everywhere (added to PATH) - -# Parse command line arguments -CERT_FILE=$1 -CERT_PASSWORD=$2 - -# Set variables -TIMESTAMP_SERVER="http://timestamp.digicert.com?alg=sha256" -FOLDER="." -FILE_PATTERN="*.nupkg" - -# Sign all NuGet packages found with our certificate to guarantee authenticity -echo "Signing NuGet packages with $CERT_FILE for authenticity..." -# Should only be one .nupkg file at this point, since we deleted the old ones -for file in $(find "$FOLDER" -name "$FILE_PATTERN"); do - # Sign the file in-place - echo "Signing $file..." - dotnet nuget sign "$file" --timestamper "$TIMESTAMP_SERVER" --certificate-path "$CERT_FILE" --certificate-password "$CERT_PASSWORD" -done diff --git a/scripts/unix/strong_name_dlls.sh b/scripts/unix/strong_name_dlls.sh deleted file mode 100755 index b6920de29..000000000 --- a/scripts/unix/strong_name_dlls.sh +++ /dev/null @@ -1,20 +0,0 @@ -# This script will find and finish strong-naming any DLLs with a provided PFX certificate - -# Requirements: -# - dotnet is installed on the machine and is accessible everywhere (added to PATH) -# - sn is installed on the machine and is accessible everywhere (added to PATH) - -# Parse command line arguments -CERT_FILE=$1 - -# Set variables -FOLDER="lib" -FILE_PATTERN="*.dll" - -# Strong-name all DLLs found in the lib folder -echo "Strong-naming (finishing delayed signing) DLLs with $CERT_FILE..." -for file in $(find "$FOLDER" -name "$FILE_PATTERN"); do - echo "Strong-naming $file..." - # Strong-name the file to a new file with added suffix - sn -R "$file" "$CERT_FILE" -done diff --git a/scripts/win/build_release_nuget.bat b/scripts/win/build_release_nuget.bat index 2ee1f2ecf..8965c2a94 100644 --- a/scripts/win/build_release_nuget.bat +++ b/scripts/win/build_release_nuget.bat @@ -11,9 +11,8 @@ :: Parse command line arguments SET projectName=%1 SET strongNameCertFile=%2 -SET authCertFile=%3 -SET authCertPass=%4 -SET buildMode=%5 +SET authCertFingerprint=%3 +SET buildMode=%4 :: Delete old files CALL "scripts\win\delete_old_assemblies.bat" @@ -25,13 +24,13 @@ CALL "scripts\win\build_project.bat" %buildMode% || GOTO :commandFailed CALL "scripts\win\strong_name_dlls.bat" %strongNameCertFile% || GOTO :commandFailed :: Sign the DLLs for authenticity -CALL "scripts\win\sign_dlls.bat" %authCertFile% %authCertPass% || GOTO :commandFailed +CALL "scripts\win\sign_dlls.bat" %authCertFingerprint% || GOTO :commandFailed :: Package the DLLs in a NuGet package (will fail if DLLs are missing) CALL "scripts\win\pack_nuget.bat" %projectName% || GOTO :commandFailed :: Sign the NuGet package for authenticity -CALL "scripts\win\sign_nuget.bat" %authCertFile% %authCertPass% || GOTO :commandFailed +CALL "scripts\win\sign_nuget.bat" %authCertFingerprint% || GOTO :commandFailed SET nugetFileName= FOR /R %%F IN (*.nupkg) DO ( SET nugetFileName="%%F" @@ -50,7 +49,7 @@ GOTO :eof :usage @ECHO: -@ECHO Usage: %0 +@ECHO Usage: %0 GOTO :exitWithError :commandFailed diff --git a/scripts/win/sign_nuget.bat b/scripts/win/sign_nuget.bat index c7190c3bf..aa99d55dd 100644 --- a/scripts/win/sign_nuget.bat +++ b/scripts/win/sign_nuget.bat @@ -6,15 +6,15 @@ @ECHO OFF :: Parse command line arguments -SET certFile=%1 -SET certPass=%2 +SET certFingerprint=%1 :: Sign all NuGet packages found with our certificate to guarantee authenticity @ECHO: @ECHO Signing NuGet package with %certFile% for authenticity... :: Should only be one .nupkg file at this point, since we deleted the old ones FOR /R %%F IN (*.nupkg) DO ( - nuget sign "%%F" -Timestamper http://timestamp.digicert.com -CertificatePath "%certFile%" -CertificatePassword "%certPass%" || GOTO :commandFailed + nuget sign "%%F" -Timestamper http://timestamp.digicert.com -CertificateFingerprint "%certFingerprint%" -HashAlgorithm SHA256 -Verbosity detailed -Overwrite || GOTO :commandFailed + nuget verify -All "%%F" || GOTO :commandFailed ) EXIT /B 0 From 9e72e6ac04b876107ba276ae0ec520c107b4e2a6 Mon Sep 17 00:00:00 2001 From: nwithan8 Date: Mon, 20 Nov 2023 15:24:22 -0700 Subject: [PATCH 07/12] - Add strong-name certificate to repo (NO SECURITY RISK) --- .github/workflows/release.yml | 3 ++- EasyPostNETStrongNameSigning.snk | Bin 0 -> 596 bytes scripts/win/sign_dlls.bat | 8 ++++---- scripts/win/sign_nuget.bat | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) create mode 100644 EasyPostNETStrongNameSigning.snk diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2b1aff6b4..1cdb91e57 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -66,8 +66,9 @@ jobs: shell: cmd - name: Build and Sign NuGet package + # TODO: Need to keep signing_cert.snk in the repo run: | - call scripts\win\build_release_nuget.bat EasyPost certs\signing_cert.snk "${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}" Release + call scripts\win\build_release_nuget.bat EasyPost EasyPostNETStrongNameSigning.snk "${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}" Release shell: cmd # - name: Publish to NuGet diff --git a/EasyPostNETStrongNameSigning.snk b/EasyPostNETStrongNameSigning.snk new file mode 100644 index 0000000000000000000000000000000000000000..648cfd6ca5764d83b531db645a281a4399fb5c3c GIT binary patch literal 596 zcmV-a0;~N80ssI2Bme+XQ$aES1ONa500966>dvBgl<2##+)R)WjGCxkbis|zrKz>` z!Qv_2&XR)T9yI6Xaz-j$86onmV+Z07gx5C3mUER4C)CcOW6FhkIitp~e~p>V!v1Md zX=X}rU5@0SFEdP!63?mc3`D*UY(8SdXM<++n}TM|cq$*7{o!~P zFwC{~V8_b~n8xrMFajIC{h%|uHdmQ0{ZWpz*n$!)XEDyA-;8+Da#G%`f&vn6+PJ|N zelzEjdLF;I$$-k<;m^Gd(lT#D9z)Nq^NemvEBZE3!Cn+#@On8}m)E#PuUiZwS$|n} ze?rxY#Eeud$C=Xq)HG$@nrekMp?wAoV|Q(10orLH4(4!!?7+0??GMN_Ef=6G8M$|m zL_5@KiLmyd*#+S3odop$wx0~z@~C(9(l#vESc@@VXX^S^$~8?hM7NCYqgi3aTczz^Zc9erjrfgLW^}> iw_(Yg%|Zg>nj54bb|$&HiIafvjrQ#_ Date: Mon, 20 Nov 2023 15:43:46 -0700 Subject: [PATCH 08/12] - Remove unused Makefile steps now --- Makefile | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/Makefile b/Makefile index 5730b7b38..9cf7d7d9a 100644 --- a/Makefile +++ b/Makefile @@ -23,7 +23,6 @@ build-prod: ## clean - Clean the project clean: dotnet clean - rm -rf *.nupkg ## coverage - Generate coverage reports (unit tests, not integration) for the project coverage: @@ -37,18 +36,6 @@ coverage-check: docs: dotnet tool run docfx docs/docfx.json -## github-actions-certs-decrypt - Decrypt the certificates for GitHub Actions -# @parameters: -# pass= - The password used for decrypting the certificates. -github-actions-certs-decrypt: - bash scripts/unix/gpg_decrypt_dir.sh certs ${pass} "gpg" - -## github-actions-certs-encrypt - Encrypt the certificates for GitHub Actions -# @parameters: -# pass= - The password used for encrypting the certificates. -github-actions-certs-encrypt: - bash scripts/unix/gpg_encrypt_dir.sh certs ${pass} "gpg" - ## install-tools - Install required dotnet tools install-tools: dotnet new tool-manifest || exit 0 @@ -147,4 +134,4 @@ fs-compat-test: vb-compat-test: dotnet test EasyPost.Compatibility.VB/EasyPost.Compatibility.VB.vbproj -f ${fw} -restore -.PHONY: help analyze build build-fw build-prod clean coverage coverage-check docs format install-styleguide install-tools install-release-tools install lint lint-scripts prep-release release restore scan setup-win setup-unix test update-examples-submodule unit-test integration-test fs-compat-test vb-compat-test +.PHONY: help analyze build build-fw build-prod clean coverage coverage-check docs format install-styleguide install-tools install-release-tools install lint lint-scripts release restore scan setup-win setup-unix test update-examples-submodule unit-test integration-test fs-compat-test vb-compat-test From 6291cf263b939ba3c120ea285a1448d4b1e255bc Mon Sep 17 00:00:00 2001 From: nwithan8 Date: Mon, 20 Nov 2023 15:47:31 -0700 Subject: [PATCH 09/12] - Limit Release CI to only on tag push --- .github/workflows/release.yml | 2 -- EasyPost.Integration/TestUtils.cs | 4 ++-- Makefile | 4 ---- 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1cdb91e57..379d36760 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,8 +1,6 @@ name: Release on: - workflow_dispatch: ~ - pull_request: ~ push: tags: # ex. "v1.2.3", "v1.2.3-rc1" diff --git a/EasyPost.Integration/TestUtils.cs b/EasyPost.Integration/TestUtils.cs index a133185b4..19fec6e79 100644 --- a/EasyPost.Integration/TestUtils.cs +++ b/EasyPost.Integration/TestUtils.cs @@ -63,7 +63,7 @@ internal static string GetApiKey(ApiKey apiKey) } // ReSharper disable once InconsistentNaming - internal static Client GetBasicVCRClient(string apiKey, System.Net.Http.HttpClient? vcrClient = null) => new(new ClientConfiguration(apiKey) + internal static Client GetBasicVCRClient(string apiKey, HttpClient? vcrClient = null) => new(new ClientConfiguration(apiKey) { CustomHttpClient = vcrClient, }); @@ -138,7 +138,7 @@ public VCR(string? testCassettesFolder = null, ApiKey apiKey = ApiKey.Test) internal bool IsRecording() => _vcr.Mode == Mode.Record; - internal Client SetUpTest(string cassetteName, Func getClientFunc, string? overrideApiKey = null) + internal Client SetUpTest(string cassetteName, Func getClientFunc, string? overrideApiKey = null) { // override api key if needed string apiKey = overrideApiKey ?? _apiKey; diff --git a/Makefile b/Makefile index 9cf7d7d9a..5a2171863 100644 --- a/Makefile +++ b/Makefile @@ -43,10 +43,6 @@ install-tools: dotnet tool install --local dotnet-format || exit 0 dotnet tool install --local docfx --version 2.60.2 || exit 0 -## install-release-tools - Install required tools for release -install-release-tools: - bash scripts/unix/install_osslsigncode.sh - ## install-styleguide - Import style guide (Unix only) install-styleguide: | update-examples-submodule sh examples/symlink_directory_files.sh examples/style_guides/csharp . From a371357e73fb0009e5386412f8868b3a69c47306 Mon Sep 17 00:00:00 2001 From: nwithan8 Date: Fri, 1 Dec 2023 13:22:36 -0700 Subject: [PATCH 10/12] - Address feedback --- .github/workflows/ci.yml | 20 ++++++++++---------- .github/workflows/release.yml | 7 +++---- Makefile | 4 ++-- 3 files changed, 15 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ce58e3057..2dee241df 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,7 +10,7 @@ jobs: lint: runs-on: windows-2022 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install .NET SDK uses: actions/setup-dotnet@v3 @@ -26,7 +26,7 @@ jobs: Roslyn_Static_Analysis: runs-on: windows-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install .NET SDK uses: actions/setup-dotnet@v3 @@ -46,7 +46,7 @@ jobs: Security_Code_Scan: runs-on: windows-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install .NET SDK uses: actions/setup-dotnet@v3 @@ -62,7 +62,7 @@ jobs: Coverage_Requirements: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install .NET SDK uses: actions/setup-dotnet@v3 @@ -79,7 +79,7 @@ jobs: if: github.ref == 'refs/heads/master' runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up dotnet tools and dependencies run: make install @@ -97,7 +97,7 @@ jobs: if: github.ref == 'refs/heads/master' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install .NET SDK uses: actions/setup-dotnet@v3 @@ -140,7 +140,7 @@ jobs: - name: Net80 framework: net8.0 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: submodules: true @@ -180,7 +180,7 @@ jobs: Integration_Tests: runs-on: windows-2022 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: submodules: true @@ -212,7 +212,7 @@ jobs: FSharp_Compatibility_Tests: runs-on: windows-2022 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: submodules: true @@ -245,7 +245,7 @@ jobs: runs-on: windows-2022 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: submodules: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 379d36760..2e2c848ce 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,16 +12,15 @@ jobs: runs-on: windows-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install .NET SDK uses: actions/setup-dotnet@v3 with: - # .NET 3.1 and 5 are deprecated and removed from GitHub Actions, we need to manually install them + # .NET 5 is deprecated and removed from GitHub Actions, we need to manually install it dotnet-version: | - 3.1.x 5.x.x - 7.x.x + 8.x.x - name: Setup Nuget uses: NuGet/setup-nuget@v1.1.1 diff --git a/Makefile b/Makefile index 5a2171863..cba340269 100644 --- a/Makefile +++ b/Makefile @@ -71,7 +71,7 @@ lint-scripts: # ref: https://learn.microsoft.com/en-us/nuget/reference/cli-reference/cli-ref-push publish: # Verify that no extraneous .nupkg files exist - dotnet nuget push *.nupkg -Source https://api.nuget.org/v3/index.json -k ${key} -SkipDuplicate # -NonInteractive + dotnet nuget push *.nupkg -Source https://api.nuget.org/v3/index.json -k ${key} -SkipDuplicate ## release - Cuts a release for the project on GitHub (requires GitHub CLI) # tag = The associated tag title of the release @@ -130,4 +130,4 @@ fs-compat-test: vb-compat-test: dotnet test EasyPost.Compatibility.VB/EasyPost.Compatibility.VB.vbproj -f ${fw} -restore -.PHONY: help analyze build build-fw build-prod clean coverage coverage-check docs format install-styleguide install-tools install-release-tools install lint lint-scripts release restore scan setup-win setup-unix test update-examples-submodule unit-test integration-test fs-compat-test vb-compat-test +.PHONY: help analyze build build-fw build-prod clean coverage coverage-check docs format install-styleguide install-tools install lint lint-scripts release restore scan setup-win setup-unix test update-examples-submodule unit-test integration-test fs-compat-test vb-compat-test From ff10064a58975ef157365b80b123ad3ae81052c4 Mon Sep 17 00:00:00 2001 From: nwithan8 Date: Wed, 6 Dec 2023 11:34:19 -0700 Subject: [PATCH 11/12] - Enable NuGet push --- .github/workflows/release.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2e2c848ce..d60f232da 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -68,13 +68,13 @@ jobs: call scripts\win\build_release_nuget.bat EasyPost EasyPostNETStrongNameSigning.snk "${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}" Release shell: cmd - # - name: Publish to NuGet - # run: make publish key=${{ secrets.NUGET_API_KEY }} + - name: Publish to NuGet + run: make publish key=${{ secrets.NUGET_API_KEY }} - # - name: Create a GitHub release - # uses: softprops/action-gh-release@v1 + - name: Create a GitHub release + uses: softprops/action-gh-release@v1 # ref: https://github.com/softprops/action-gh-release#-customizing - # with: - # body_path: RELEASE_NOTES.md - # files: | - # "*.nupkg" \ No newline at end of file + with: + body_path: RELEASE_NOTES.md + files: | + "*.nupkg" \ No newline at end of file From f7d0cec5b6105922e7996cb5f846bef8c5878d99 Mon Sep 17 00:00:00 2001 From: nwithan8 Date: Wed, 6 Dec 2023 11:41:15 -0700 Subject: [PATCH 12/12] - Remove GitHub auto-release redundancy --- .github/workflows/release.yml | 8 -------- RELEASE_NOTES.md | 1 - 2 files changed, 9 deletions(-) delete mode 100644 RELEASE_NOTES.md diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d60f232da..811783fd6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -70,11 +70,3 @@ jobs: - name: Publish to NuGet run: make publish key=${{ secrets.NUGET_API_KEY }} - - - name: Create a GitHub release - uses: softprops/action-gh-release@v1 - # ref: https://github.com/softprops/action-gh-release#-customizing - with: - body_path: RELEASE_NOTES.md - files: | - "*.nupkg" \ No newline at end of file diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md deleted file mode 100644 index 08cc9e8be..000000000 --- a/RELEASE_NOTES.md +++ /dev/null @@ -1 +0,0 @@ -- Notes copied from the CHANGELOG that will be included on the Release page of GitHub \ No newline at end of file