-
Notifications
You must be signed in to change notification settings - Fork 52
150 lines (125 loc) · 6.02 KB
/
publish.nuget.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: Publish to NuGet
on:
workflow_dispatch:
inputs:
publish:
description: 'Publish to NuGet (uncheck to build only)'
required: false
default: 'true'
type: boolean
jobs:
publish-nuget:
environment: prod
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./sdk/dotNet
steps:
- name: Get the source code
uses: actions/checkout@v4
- name: Setup .NET 6
uses: actions/setup-dotnet@v4
with:
dotnet-version: 6.0.x
- name: Retrieve secrets from KSM
id: ksmsecrets
uses: Keeper-Security/ksm-action@master
with:
keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }}
secrets: |
Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN
- name: Install dependencies
run: dotnet restore
- name: Build
run: dotnet build --configuration Release --no-restore
- name: Publish package
if: ${{ github.event.inputs.publish == 'true' }}
run: dotnet nuget push ./SecretsManager/bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json
- name: Upload non-strong-named binaries
if: ${{ github.event.inputs.publish == 'false' }}
uses: actions/upload-artifact@v4
with:
name: non-strong-named-binaries-${{ github.run_number }}
path: |
${{ github.workspace }}/sdk/dotNet/SecretsManager/bin/Release/*.nupkg
# 2024-08-30
# COMMENTING OUT FOR NOW BECAUSE PUBLISHIGN IS FALINING.
# TODO: Fix it and try to release in the next sdk version, or release indpenedently fromt he regular sdk
#
# publish-nuget-strongname:
# environment: prod
# runs-on: windows-latest
# defaults:
# run:
# shell: powershell
# working-directory: .\sdk\dotNet
# steps:
# - name: Get the source code
# uses: actions/checkout@v4
# - name: Setup .NET 6
# uses: actions/setup-dotnet@v4
# with:
# dotnet-version: 6.0.x
# - name: Retrieve secrets from KSM
# id: ksmsecrets
# uses: Keeper-Security/ksm-action@master
# with:
# keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }}
# secrets: |
# Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN
# Sq4nnb5HXXNp1l6KryXynw/file/sgKSM.snk > file:${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk
# - name: Extract and Update Public Key in SecretsManagerClient.cs
# run: |
# $snPath = "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\sn.exe"
# $snkPath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk"
# $publicKeyPath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.pub"
# & $snPath -p $snkPath $publicKeyPath
# $publicKeyInfo = & $snPath -tp $publicKeyPath
# # Filter and join the lines of the public key
# $publicKeyLines = $publicKeyInfo -split "`n" | Where-Object { $_ -match "^[a-f0-9\s]+$" }
# $publicKey = $publicKeyLines -join "" -replace "\s", ""
# if (-not $publicKey) {
# Write-Error "Failed to extract the full public key."
# exit 1
# }
# Write-Output "Extracted Public Key: $publicKey"
# $filePath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\SecretsManagerClient.cs"
# (Get-Content $filePath) -replace '\[assembly: InternalsVisibleTo\("SecretsManager.Test.Core"\)\]', "[assembly: InternalsVisibleTo(`"SecretsManager.Test.Core, PublicKey=$publicKey`")]" | Set-Content $filePath
# Write-Output "First 20 lines of the modified SecretsManagerClient.cs:"
# Get-Content $filePath -Head 20
# - name: Install dependencies
# run: dotnet restore
# - name: "Preparing package for strong naming"
# working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
# run: |
# pwd
# Get-ChildItem
# Copy-Item -Path "SecretsManager.csproj" -Destination "SecretsManager.StrongName.csproj"
# (Get-Content -Path "SecretsManager.StrongName.csproj") -replace '<PackageId>Keeper.SecretsManager</PackageId>', '<PackageId>Keeper.SecretsManager.StrongName</PackageId>' | Set-Content -Path "SecretsManager.StrongName.csproj"
# Get-Content "SecretsManager.StrongName.csproj"
# Copy-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk" -Destination "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk"
# Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\"
# - name: Build
# working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
# run: |
# pwd
# Get-ChildItem
# dotnet build "SecretsManager.StrongName.csproj" --configuration Release --no-restore -p:SignKSM=True
# - name: Cleanup secret files
# working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
# run: |
# Remove-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk"
# Remove-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk"
# - name: Publish package
# if: ${{ github.event.inputs.publish == 'true' }}
# working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
# run: |
# Get-ChildItem ".\bin\Release\"
# dotnet nuget push ".\bin\Release\*.nupkg" --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json
# - name: Upload strong-named binaries
# if: ${{ github.event.inputs.publish == 'false' }}
# uses: actions/upload-artifact@v4
# with:
# name: strong-named-binaries-${{ github.run_number }}
# path: |
# ${{ github.workspace }}\sdk\dotNet\SecretsManager\bin\Release\*.nupkg