Skip to content

Commit

Permalink
KSM .NET SDK: GHA to publish strong named binary:
Browse files Browse the repository at this point in the history
- updated copyright year to 2024
- updated to the publish.nuget.strong.named.yml
- updates to the publish.nuget.yml
  • Loading branch information
maksimu committed Mar 27, 2024
1 parent c63b3c6 commit 908f3ee
Show file tree
Hide file tree
Showing 5 changed files with 121 additions and 24 deletions.
36 changes: 32 additions & 4 deletions .github/workflows/publish.nuget.strong.named.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,13 @@ name: Publish strong-named assemblies to NuGet

on:
workflow_dispatch:
inputs:
publish:
description: 'Publish to NuGet (uncheck to build only)'
required: false
default: 'true'
type: boolean


jobs:
publish-nuget:
Expand Down Expand Up @@ -29,16 +36,37 @@ jobs:
keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }}
secrets: |
Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN
AAAAAAAAAAAAAAAAAAAAAA/file/sgKSM.snk > file:${{ github.workspace }}/sdk/dotNet/SecretsManager/sgKSM.snk
Sq4nnb5HXXNp1l6KryXynw/file/sgKSM.snk > file:${{ github.workspace }}/sdk/dotNet/SecretsManager/sgKSM.snk
- name: Install dependencies
run: dotnet restore

- name: "Preparing package for strong naming"
working-directory: ./SecretsManager
run: |
pwd
ls -lah
cp -f SecretsManager.csproj SecretsManager.StrongName.csproj
ls -lah
sed -i 's/<PackageId>Keeper.SecretsManager<\/PackageId>/<PackageId>Keeper.SecretsManager.StrongName<\/PackageId>/g' SecretsManager.StrongName.csproj
cat SecretsManager.StrongName.csproj
- name: Build
run: dotnet build --configuration Release --no-restore -p:SignKSM=True
working-directory: ./SecretsManager
run: |
pwd
ls -lah
dotnet build SecretsManager.StrongName.csproj --configuration Release --no-restore -p:SignKSM=True
- name: Cleanup temp files
run: rm -f ./SecretsManager/sgKSM.snk
working-directory: ./SecretsManager
run: |
ls -lah
rm -f sgKSM.snk
- name: Publish package
run: dotnet nuget push ./SecretsManager/bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json
if: ${{ github.event.inputs.publish == 'true' }}
working-directory: ./SecretsManager
run: |
ls -lah ./bin/Release/
dotnet nuget push bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json
23 changes: 15 additions & 8 deletions .github/workflows/publish.nuget.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
name: Publish to NuGet

on:
workflow_dispatch:

Expand All @@ -9,23 +10,18 @@ jobs:

defaults:
run:

working-directory: ./sdk/dotNet

steps:
- name: Get the source code
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Setup .NET 6
uses: actions/setup-dotnet@v1
uses: actions/setup-dotnet@v4
with:
dotnet-version: 6.0.x

- name: Install dependencies
run: dotnet restore

- name: Build
run: dotnet build --configuration Release --no-restore

- name: Retrieve secrets from KSM
id: ksmsecrets
uses: Keeper-Security/ksm-action@master
Expand All @@ -34,5 +30,16 @@ jobs:
secrets: |
Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN
- name: Install dependencies
run: dotnet restore

- name: Build
run: dotnet build --configuration Release --no-restore





- name: Publish package
run: dotnet nuget push ./SecretsManager/bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json
79 changes: 68 additions & 11 deletions .github/workflows/test.publish.nuget.yml
Original file line number Diff line number Diff line change
@@ -1,35 +1,92 @@
name: TEST Publish to NuGet
name: Publish strong-named assemblies to NuGet

on:
workflow_dispatch:
inputs:
publish:
description: 'Publish to NuGet (uncheck to build only)'
required: false
default: 'true'
type: boolean

jobs:
publish-nuget:
environment: prod
runs-on: ubuntu-latest
runs-on: windows-latest

defaults:
run:
working-directory: ./sdk/dotNet
shell: powershell
working-directory: .\sdk\dotNet

steps:
- name: Get the source code
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Setup .NET 6
uses: actions/setup-dotnet@v1
uses: actions/setup-dotnet@v4
with:
dotnet-version: 6.0.x

- name: Install dependencies
run: dotnet restore

- name: Build
run: dotnet build --configuration Release --no-restore

- name: Retrieve secrets from KSM
id: ksmsecrets
uses: Keeper-Security/ksm-action@master
with:
keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }}
secrets: |
Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN
Sq4nnb5HXXNp1l6KryXynw/file/sgKSM.snk > file:${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk
- name: Extract and Update Public Key in SecretsManagerClient.cs
run: |
$snPath = "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\sn.exe"
$snkPath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk"
$publicKeyInfo = & $snPath -Tp $snkPath
$publicKey = $publicKeyInfo | Select-String "Public Key:" -Context 0, 1 | ForEach-Object { $_.Context.PostContext[0] }
$publicKey = $publicKey -replace "\s", "" # Remove any whitespace from the public key string
$filePath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\SecretsManagerClient.cs"
(Get-Content $filePath) -replace '\[assembly: InternalsVisibleTo\("SecretsManager.Test.Core"\)\]', "[assembly: InternalsVisibleTo(`"SecretsManager.Test.Core, PublicKey=$publicKey`")]" | Set-Content $filePath
Write-Output "First 20 lines of the modified SecretsManagerClient.cs:"
Get-Content $filePath -Head 20
- name: Install dependencies
run: dotnet restore

- name: "Preparing package for strong naming"
working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
run: |
pwd
Get-ChildItem
Copy-Item -Path "SecretsManager.csproj" -Destination "SecretsManager.StrongName.csproj"
(Get-Content -Path "SecretsManager.StrongName.csproj") -replace '<PackageId>Keeper.SecretsManager</PackageId>', '<PackageId>Keeper.SecretsManager.StrongName</PackageId>' | Set-Content -Path "SecretsManager.StrongName.csproj"
Get-Content "SecretsManager.StrongName.csproj"
Write-Output "Place the sgKSM.snk file in the SecretsManager.Test.Core directory"
Copy-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk" -Destination "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk"
Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\"
- name: Setup tmate session
uses: mxschmitt/action-tmate@v3

- name: Build
working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
run: |
pwd
Get-ChildItem
dotnet build "SecretsManager.StrongName.csproj" --configuration Release --no-restore -p:SignKSM=True
- name: Cleanup secret files
working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
run: |
Get-ChildItem
Remove-Item -Path ".\sgKSM.snk"
Get-ChildItem
Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\"
Remove-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk"
Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\"
- name: Publish package
if: ${{ github.event.inputs.publish == 'true' }}
working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
run: |
Get-ChildItem ".\bin\Release\"
dotnet nuget push ".\bin\Release\*.nupkg" --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,9 @@
<ProjectReference Include="..\SecretsManager\SecretsManager.csproj" />
</ItemGroup>

<PropertyGroup Condition="'$(SignKSM)'=='True'">
<SignAssembly>True</SignAssembly>
<AssemblyOriginatorKeyFile>sgKSM.snk</AssemblyOriginatorKeyFile>
</PropertyGroup>

</Project>
2 changes: 1 addition & 1 deletion sdk/dotNet/SecretsManager/SecretsManager.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
<RepositoryUrl>https://github.com/Keeper-Security/secrets-manager</RepositoryUrl>
<RepositoryType>GitHub</RepositoryType>
<PackageTags>keeper secrets manager passwords</PackageTags>
<Copyright2023 Keeper Security, Inc.</Copyright>
<Copyright2024 Keeper Security, Inc.</Copyright>
<License>https://raw.githubusercontent.com/Keeper-Security/secrets-manager/master/LICENSE?token=AACNMRVMD5L3PYT3C5MTNF3BEAFZY</License>
<GeneratePackageOnBuild>true</GeneratePackageOnBuild>
</PropertyGroup>
Expand Down

0 comments on commit 908f3ee

Please sign in to comment.