From a3200d7a381eff2c42c9775602e7c6a7d1c409b4 Mon Sep 17 00:00:00 2001 From: Max Ustinov Date: Tue, 26 Mar 2024 11:01:43 -0700 Subject: [PATCH] KSM .NET SDK: GHA to publish strong named binary: - updated copyright year to 2024 - updated to the publish.nuget.strong.named.yml - updates to the publish.nuget.yml --- .../workflows/publish.nuget.strong.named.yml | 36 ++++++++-- .github/workflows/publish.nuget.yml | 23 ++++--- .github/workflows/test.publish.nuget.yml | 68 ++++++++++++++++--- .../SecretsManager.Test.Core.csproj | 5 ++ .../SecretsManager/SecretsManager.csproj | 2 +- .../SecretsManager/SecretsManagerClient.cs | 2 +- 6 files changed, 112 insertions(+), 24 deletions(-) diff --git a/.github/workflows/publish.nuget.strong.named.yml b/.github/workflows/publish.nuget.strong.named.yml index 0a121cc2..9f1d3f5e 100644 --- a/.github/workflows/publish.nuget.strong.named.yml +++ b/.github/workflows/publish.nuget.strong.named.yml @@ -2,6 +2,13 @@ name: Publish strong-named assemblies to NuGet on: workflow_dispatch: + inputs: + publish: + description: 'Publish to NuGet (uncheck to build only)' + required: false + default: 'true' + type: boolean + jobs: publish-nuget: @@ -29,16 +36,37 @@ jobs: keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }} secrets: | Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN - AAAAAAAAAAAAAAAAAAAAAA/file/sgKSM.snk > file:${{ github.workspace }}/sdk/dotNet/SecretsManager/sgKSM.snk + Sq4nnb5HXXNp1l6KryXynw/file/sgKSM.snk > file:${{ github.workspace }}/sdk/dotNet/SecretsManager/sgKSM.snk - name: Install dependencies run: dotnet restore + - name: "Preparing package for strong naming" + working-directory: ./SecretsManager + run: | + pwd + ls -lah + cp -f SecretsManager.csproj SecretsManager.StrongName.csproj + ls -lah + sed -i 's/Keeper.SecretsManager<\/PackageId>/Keeper.SecretsManager.StrongName<\/PackageId>/g' SecretsManager.StrongName.csproj + cat SecretsManager.StrongName.csproj + - name: Build - run: dotnet build --configuration Release --no-restore -p:SignKSM=True + working-directory: ./SecretsManager + run: | + pwd + ls -lah + dotnet build SecretsManager.StrongName.csproj --configuration Release --no-restore -p:SignKSM=True - name: Cleanup temp files - run: rm -f ./SecretsManager/sgKSM.snk + working-directory: ./SecretsManager + run: | + ls -lah + rm -f sgKSM.snk - name: Publish package - run: dotnet nuget push ./SecretsManager/bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json + if: ${{ github.event.inputs.publish == 'true' }} + working-directory: ./SecretsManager + run: | + ls -lah ./bin/Release/ + dotnet nuget push bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json diff --git a/.github/workflows/publish.nuget.yml b/.github/workflows/publish.nuget.yml index 00e8c482..b9fa5d4a 100644 --- a/.github/workflows/publish.nuget.yml +++ b/.github/workflows/publish.nuget.yml @@ -1,4 +1,5 @@ name: Publish to NuGet + on: workflow_dispatch: @@ -9,23 +10,18 @@ jobs: defaults: run: + working-directory: ./sdk/dotNet steps: - name: Get the source code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup .NET 6 - uses: actions/setup-dotnet@v1 + uses: actions/setup-dotnet@v4 with: dotnet-version: 6.0.x - - name: Install dependencies - run: dotnet restore - - - name: Build - run: dotnet build --configuration Release --no-restore - - name: Retrieve secrets from KSM id: ksmsecrets uses: Keeper-Security/ksm-action@master @@ -34,5 +30,16 @@ jobs: secrets: | Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN + + - name: Install dependencies + run: dotnet restore + + - name: Build + run: dotnet build --configuration Release --no-restore + + + + + - name: Publish package run: dotnet nuget push ./SecretsManager/bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json diff --git a/.github/workflows/test.publish.nuget.yml b/.github/workflows/test.publish.nuget.yml index e455734f..a45aced8 100644 --- a/.github/workflows/test.publish.nuget.yml +++ b/.github/workflows/test.publish.nuget.yml @@ -1,31 +1,33 @@ -name: TEST Publish to NuGet +name: Publish strong-named assemblies to NuGet + on: workflow_dispatch: + inputs: + publish: + description: 'Publish to NuGet (uncheck to build only)' + required: false + default: 'true' + type: boolean jobs: publish-nuget: environment: prod - runs-on: ubuntu-latest + runs-on: windows-latest defaults: run: + shell: powershell working-directory: ./sdk/dotNet steps: - name: Get the source code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup .NET 6 - uses: actions/setup-dotnet@v1 + uses: actions/setup-dotnet@v4 with: dotnet-version: 6.0.x - - name: Install dependencies - run: dotnet restore - - - name: Build - run: dotnet build --configuration Release --no-restore - - name: Retrieve secrets from KSM id: ksmsecrets uses: Keeper-Security/ksm-action@master @@ -33,3 +35,49 @@ jobs: keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }} secrets: | Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN + Sq4nnb5HXXNp1l6KryXynw/file/sgKSM.snk > file:${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk + + - name: "Test File Copy" + working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\ + run: | + Copy-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk" -Destination "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk" + Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\" + + - name: Install dependencies + run: dotnet restore + + - name: "Preparing package for strong naming" + working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\ + run: | + pwd + ls -lah + Copy-Item -Path "SecretsManager.csproj" -Destination "SecretsManager.StrongName.csproj" + (Get-Content -path "SecretsManager.StrongName.csproj") -replace 'Keeper.SecretsManager', 'Keeper.SecretsManager.StrongName' | Set-Content -Path "SecretsManager.StrongName.csproj" + Get-Content "SecretsManager.StrongName.csproj" + Write-Output "Place the sgKSM.snk file in the SecretsManager.Test.Core directory" + Copy-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk" -Destination "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk" + Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\" + + - name: Build + working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\ + run: | + pwd + ls -lah + dotnet build "SecretsManager.StrongName.csproj" --configuration Release --no-restore -p:SignKSM=True + + - name: Cleanup secret files + working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\ + run: | + Get-ChildItem ".\" + Remove-Item -Path ".\sgKSM.snk" + Get-ChildItem ".\" + Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\" + Remove-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk" + Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\" + + - name: Publish package + if: ${{ github.event.inputs.publish == 'true' }} + working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\ + run: | + Get-ChildItem "./bin/Release/" + dotnet nuget push "bin\Release\*.nupkg" --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json diff --git a/sdk/dotNet/SecretsManager.Test.Core/SecretsManager.Test.Core.csproj b/sdk/dotNet/SecretsManager.Test.Core/SecretsManager.Test.Core.csproj index 598ad363..b70d7b7b 100644 --- a/sdk/dotNet/SecretsManager.Test.Core/SecretsManager.Test.Core.csproj +++ b/sdk/dotNet/SecretsManager.Test.Core/SecretsManager.Test.Core.csproj @@ -19,4 +19,9 @@ + + True + sgKSM.snk + + diff --git a/sdk/dotNet/SecretsManager/SecretsManager.csproj b/sdk/dotNet/SecretsManager/SecretsManager.csproj index 64a11639..f2f7ab1c 100644 --- a/sdk/dotNet/SecretsManager/SecretsManager.csproj +++ b/sdk/dotNet/SecretsManager/SecretsManager.csproj @@ -16,7 +16,7 @@ https://github.com/Keeper-Security/secrets-manager GitHub keeper secrets manager passwords - © 2023 Keeper Security, Inc. + © 2024 Keeper Security, Inc. https://raw.githubusercontent.com/Keeper-Security/secrets-manager/master/LICENSE?token=AACNMRVMD5L3PYT3C5MTNF3BEAFZY true diff --git a/sdk/dotNet/SecretsManager/SecretsManagerClient.cs b/sdk/dotNet/SecretsManager/SecretsManagerClient.cs index 44202c7a..b390044b 100644 --- a/sdk/dotNet/SecretsManager/SecretsManagerClient.cs +++ b/sdk/dotNet/SecretsManager/SecretsManagerClient.cs @@ -11,7 +11,7 @@ using System.Text.RegularExpressions; using System.Threading.Tasks; -[assembly: InternalsVisibleTo("SecretsManager.Test.Core")] +[assembly: InternalsVisibleTo("SecretsManager.Test.Core, PublicKey=0024000004800000940000000602000000240000525341310004000001000100099b9cc5b60ed9355032e89191157119ad7ca8b717e50e49a2fc5adf5cd94de851e4366356594c10e5c0335743cbdb7c72d6e35c65bb4d01d54c24b7eb15e685af4619a2c97a8d5b04effae3c87510319a4b6d3a2fd121001bbd57c42d29f1592402bace83f7c86d2f085f0e13539938016d4f851aeb1b8d01ff39135fa210b7")] namespace SecretsManager {