-
Notifications
You must be signed in to change notification settings - Fork 52
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
KSM .NET SDK: GHA to publish strong named binary:
- updated copyright year to 2024 - updated to the publish.nuget.strong.named.yml - updates to the publish.nuget.yml
- Loading branch information
Showing
5 changed files
with
121 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,35 +1,92 @@ | ||
name: TEST Publish to NuGet | ||
name: Publish strong-named assemblies to NuGet | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
publish: | ||
description: 'Publish to NuGet (uncheck to build only)' | ||
required: false | ||
default: 'true' | ||
type: boolean | ||
|
||
jobs: | ||
publish-nuget: | ||
environment: prod | ||
runs-on: ubuntu-latest | ||
runs-on: windows-latest | ||
|
||
defaults: | ||
run: | ||
working-directory: ./sdk/dotNet | ||
shell: powershell | ||
working-directory: .\sdk\dotNet | ||
|
||
steps: | ||
- name: Get the source code | ||
uses: actions/checkout@v3 | ||
uses: actions/checkout@v4 | ||
|
||
- name: Setup .NET 6 | ||
uses: actions/setup-dotnet@v1 | ||
uses: actions/setup-dotnet@v4 | ||
with: | ||
dotnet-version: 6.0.x | ||
|
||
- name: Install dependencies | ||
run: dotnet restore | ||
|
||
- name: Build | ||
run: dotnet build --configuration Release --no-restore | ||
|
||
- name: Retrieve secrets from KSM | ||
id: ksmsecrets | ||
uses: Keeper-Security/ksm-action@master | ||
with: | ||
keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }} | ||
secrets: | | ||
Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN | ||
Sq4nnb5HXXNp1l6KryXynw/file/sgKSM.snk > file:${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk | ||
- name: Extract and Update Public Key in SecretsManagerClient.cs | ||
run: | | ||
$snPath = "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\sn.exe" | ||
$snkPath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk" | ||
$publicKeyInfo = & $snPath -Tp $snkPath | ||
$publicKey = $publicKeyInfo | Select-String "Public Key:" -Context 0, 1 | ForEach-Object { $_.Context.PostContext[0] } | ||
$publicKey = $publicKey -replace "\s", "" # Remove any whitespace from the public key string | ||
$filePath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\SecretsManagerClient.cs" | ||
(Get-Content $filePath) -replace '\[assembly: InternalsVisibleTo\("SecretsManager.Test.Core"\)\]', "[assembly: InternalsVisibleTo(`"SecretsManager.Test.Core, PublicKey=$publicKey`")]" | Set-Content $filePath | ||
Write-Output "First 20 lines of the modified SecretsManagerClient.cs:" | ||
Get-Content $filePath -Head 20 | ||
- name: Install dependencies | ||
run: dotnet restore | ||
|
||
- name: "Preparing package for strong naming" | ||
working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\ | ||
run: | | ||
pwd | ||
Get-ChildItem | ||
Copy-Item -Path "SecretsManager.csproj" -Destination "SecretsManager.StrongName.csproj" | ||
(Get-Content -Path "SecretsManager.StrongName.csproj") -replace '<PackageId>Keeper.SecretsManager</PackageId>', '<PackageId>Keeper.SecretsManager.StrongName</PackageId>' | Set-Content -Path "SecretsManager.StrongName.csproj" | ||
Get-Content "SecretsManager.StrongName.csproj" | ||
Write-Output "Place the sgKSM.snk file in the SecretsManager.Test.Core directory" | ||
Copy-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk" -Destination "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk" | ||
Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\" | ||
- name: Setup tmate session | ||
uses: mxschmitt/action-tmate@v3 | ||
|
||
- name: Build | ||
working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\ | ||
run: | | ||
pwd | ||
Get-ChildItem | ||
dotnet build "SecretsManager.StrongName.csproj" --configuration Release --no-restore -p:SignKSM=True | ||
- name: Cleanup secret files | ||
working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\ | ||
run: | | ||
Get-ChildItem | ||
Remove-Item -Path ".\sgKSM.snk" | ||
Get-ChildItem | ||
Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\" | ||
Remove-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk" | ||
Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\" | ||
- name: Publish package | ||
if: ${{ github.event.inputs.publish == 'true' }} | ||
working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\ | ||
run: | | ||
Get-ChildItem ".\bin\Release\" | ||
dotnet nuget push ".\bin\Release\*.nupkg" --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters