Skip to content

Commit

Permalink
KSM-360 - .Net SDK: GHA to build and release strong named assemblies (#…
Browse files Browse the repository at this point in the history
…564)

* KSM-360 .Net SDK GHA to build and release strong named assemblies
- updated copyright year to 2024
- updated to the publish.nuget.strong.named.yml
- updates to the publish.nuget.yml
  • Loading branch information
idimov-keeper authored Jun 7, 2024
1 parent 3090e94 commit b038738
Show file tree
Hide file tree
Showing 5 changed files with 195 additions and 4 deletions.
72 changes: 72 additions & 0 deletions .github/workflows/publish.nuget.strong.named.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
name: Publish strong-named assemblies to NuGet

on:
workflow_dispatch:
inputs:
publish:
description: 'Publish to NuGet (uncheck to build only)'
required: false
default: 'true'
type: boolean


jobs:
publish-nuget:
environment: prod
runs-on: ubuntu-latest

defaults:
run:
shell: bash
working-directory: ./sdk/dotNet

steps:
- name: Get the source code
uses: actions/checkout@v4

- name: Setup .NET 6
uses: actions/setup-dotnet@v4
with:
dotnet-version: 6.0.x

- name: Retrieve secrets from KSM
id: ksmsecrets
uses: Keeper-Security/ksm-action@master
with:
keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }}
secrets: |
Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN
Sq4nnb5HXXNp1l6KryXynw/file/sgKSM.snk > file:${{ github.workspace }}/sdk/dotNet/SecretsManager/sgKSM.snk
- name: Install dependencies
run: dotnet restore

- name: "Preparing package for strong naming"
working-directory: ./SecretsManager
run: |
pwd
ls -lah
cp -f SecretsManager.csproj SecretsManager.StrongName.csproj
ls -lah
sed -i 's/<PackageId>Keeper.SecretsManager<\/PackageId>/<PackageId>Keeper.SecretsManager.StrongName<\/PackageId>/g' SecretsManager.StrongName.csproj
cat SecretsManager.StrongName.csproj
- name: Build
working-directory: ./SecretsManager
run: |
pwd
ls -lah
dotnet build SecretsManager.StrongName.csproj --configuration Release --no-restore -p:SignKSM=True
- name: Cleanup temp files
working-directory: ./SecretsManager
run: |
ls -lah
rm -f sgKSM.snk
- name: Publish package
if: ${{ github.event.inputs.publish == 'true' }}
working-directory: ./SecretsManager
run: |
ls -lah ./bin/Release/
dotnet nuget push bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json
114 changes: 111 additions & 3 deletions .github/workflows/publish.nuget.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,13 @@
name: Publish to NuGet

on:
workflow_dispatch:
inputs:
publish:
description: 'Publish to NuGet (uncheck to build only)'
required: false
default: 'true'
type: boolean

jobs:
publish-nuget:
Expand All @@ -9,30 +16,131 @@ jobs:

defaults:
run:

working-directory: ./sdk/dotNet

steps:
- name: Get the source code
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Setup .NET 6
uses: actions/setup-dotnet@v1
uses: actions/setup-dotnet@v4
with:
dotnet-version: 6.0.x

- name: Retrieve secrets from KSM
id: ksmsecrets
uses: Keeper-Security/ksm-action@master
with:
keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }}
secrets: |
Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN
- name: Install dependencies
run: dotnet restore

- name: Build
run: dotnet build --configuration Release --no-restore

- name: Publish package
if: ${{ github.event.inputs.publish == 'true' }}
run: dotnet nuget push ./SecretsManager/bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json

- name: Upload non-strong-named binaries
if: ${{ github.event.inputs.publish == 'false' }}
uses: actions/upload-artifact@v4
with:
name: non-strong-named-binaries-${{ github.run_number }}
path: |
${{ github.workspace }}/sdk/dotNet/SecretsManager/bin/Release/*.nupkg
publish-nuget-strongname:
environment: prod
runs-on: windows-latest

defaults:
run:
shell: powershell
working-directory: .\sdk\dotNet

steps:
- name: Get the source code
uses: actions/checkout@v4

- name: Setup .NET 6
uses: actions/setup-dotnet@v4
with:
dotnet-version: 6.0.x

- name: Retrieve secrets from KSM
id: ksmsecrets
uses: Keeper-Security/ksm-action@master
with:
keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }}
secrets: |
Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN
Sq4nnb5HXXNp1l6KryXynw/file/sgKSM.snk > file:${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk
- name: Extract and Update Public Key in SecretsManagerClient.cs
run: |
$snPath = "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\sn.exe"
$snkPath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk"
$publicKeyPath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.pub"
& $snPath -p $snkPath $publicKeyPath
$publicKeyInfo = & $snPath -tp $publicKeyPath
# Filter and join the lines of the public key
$publicKeyLines = $publicKeyInfo -split "`n" | Where-Object { $_ -match "^[a-f0-9\s]+$" }
$publicKey = $publicKeyLines -join "" -replace "\s", ""
if (-not $publicKey) {
Write-Error "Failed to extract the full public key."
exit 1
}
Write-Output "Extracted Public Key: $publicKey"
$filePath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\SecretsManagerClient.cs"
(Get-Content $filePath) -replace '\[assembly: InternalsVisibleTo\("SecretsManager.Test.Core"\)\]', "[assembly: InternalsVisibleTo(`"SecretsManager.Test.Core, PublicKey=$publicKey`")]" | Set-Content $filePath
Write-Output "First 20 lines of the modified SecretsManagerClient.cs:"
Get-Content $filePath -Head 20
- name: Install dependencies
run: dotnet restore

- name: "Preparing package for strong naming"
working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
run: |
pwd
Get-ChildItem
Copy-Item -Path "SecretsManager.csproj" -Destination "SecretsManager.StrongName.csproj"
(Get-Content -Path "SecretsManager.StrongName.csproj") -replace '<PackageId>Keeper.SecretsManager</PackageId>', '<PackageId>Keeper.SecretsManager.StrongName</PackageId>' | Set-Content -Path "SecretsManager.StrongName.csproj"
Get-Content "SecretsManager.StrongName.csproj"
Copy-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk" -Destination "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk"
Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\"
- name: Build
working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
run: |
pwd
Get-ChildItem
dotnet build "SecretsManager.StrongName.csproj" --configuration Release --no-restore -p:SignKSM=True
- name: Cleanup secret files
working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
run: |
Remove-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk"
Remove-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk"
- name: Publish package
run: dotnet nuget push ./SecretsManager/bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json
if: ${{ github.event.inputs.publish == 'true' }}
working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
run: |
Get-ChildItem ".\bin\Release\"
dotnet nuget push ".\bin\Release\*.nupkg" --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json
- name: Upload strong-named binaries
if: ${{ github.event.inputs.publish == 'false' }}
uses: actions/upload-artifact@v4
with:
name: strong-named-binaries-${{ github.run_number }}
path: |
${{ github.workspace }}\sdk\dotNet\SecretsManager\bin\Release\*.nupkg
1 change: 1 addition & 0 deletions sdk/dotNet/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

## 16.6.6

* KSM-360 - GHA to build and release strong named assemblies
* KSM-490 - Switch some internal classes to public - for use in plugins
* KSM-515 - Update to Bouncy Castle 2.4.0

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,9 @@
<ProjectReference Include="..\SecretsManager\SecretsManager.csproj" />
</ItemGroup>

<PropertyGroup Condition="'$(SignKSM)'=='True'">
<SignAssembly>True</SignAssembly>
<AssemblyOriginatorKeyFile>sgKSM.snk</AssemblyOriginatorKeyFile>
</PropertyGroup>

</Project>
7 changes: 6 additions & 1 deletion sdk/dotNet/SecretsManager/SecretsManager.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
<RepositoryUrl>https://github.com/Keeper-Security/secrets-manager</RepositoryUrl>
<RepositoryType>GitHub</RepositoryType>
<PackageTags>keeper secrets manager passwords</PackageTags>
<Copyright2023 Keeper Security, Inc.</Copyright>
<Copyright2024 Keeper Security, Inc.</Copyright>
<License>https://raw.githubusercontent.com/Keeper-Security/secrets-manager/master/LICENSE?token=AACNMRVMD5L3PYT3C5MTNF3BEAFZY</License>
<GeneratePackageOnBuild>true</GeneratePackageOnBuild>
</PropertyGroup>
Expand All @@ -26,4 +26,9 @@
<PackageReference Include="System.Text.Json" Version="8.0.0" />
<PackageReference Include="System.Text.Encodings.Web" Version="8.0.0" />
</ItemGroup>

<PropertyGroup Condition="'$(SignKSM)'=='True'">
<SignAssembly>True</SignAssembly>
<AssemblyOriginatorKeyFile>sgKSM.snk</AssemblyOriginatorKeyFile>
</PropertyGroup>
</Project>

0 comments on commit b038738

Please sign in to comment.