From b2ab7bb9290d6d173ddcab103c6a0437124ca3f5 Mon Sep 17 00:00:00 2001 From: Max Ustinov Date: Tue, 26 Mar 2024 11:01:43 -0700 Subject: [PATCH] KSM .NET SDK: GHA to publish strong named binary: - updated copyright year to 2024 - updated to the publish.nuget.strong.named.yml - updates to the publish.nuget.yml --- .../workflows/publish.nuget.strong.named.yml | 36 +++++++- .github/workflows/publish.nuget.yml | 23 +++-- .github/workflows/test.publish.nuget.yml | 86 ++++++++++++++++--- .../SecretsManager.Test.Core.csproj | 5 ++ .../SecretsManager/SecretsManager.csproj | 2 +- 5 files changed, 129 insertions(+), 23 deletions(-) diff --git a/.github/workflows/publish.nuget.strong.named.yml b/.github/workflows/publish.nuget.strong.named.yml index 0a121cc2..9f1d3f5e 100644 --- a/.github/workflows/publish.nuget.strong.named.yml +++ b/.github/workflows/publish.nuget.strong.named.yml @@ -2,6 +2,13 @@ name: Publish strong-named assemblies to NuGet on: workflow_dispatch: + inputs: + publish: + description: 'Publish to NuGet (uncheck to build only)' + required: false + default: 'true' + type: boolean + jobs: publish-nuget: @@ -29,16 +36,37 @@ jobs: keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }} secrets: | Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN - AAAAAAAAAAAAAAAAAAAAAA/file/sgKSM.snk > file:${{ github.workspace }}/sdk/dotNet/SecretsManager/sgKSM.snk + Sq4nnb5HXXNp1l6KryXynw/file/sgKSM.snk > file:${{ github.workspace }}/sdk/dotNet/SecretsManager/sgKSM.snk - name: Install dependencies run: dotnet restore + - name: "Preparing package for strong naming" + working-directory: ./SecretsManager + run: | + pwd + ls -lah + cp -f SecretsManager.csproj SecretsManager.StrongName.csproj + ls -lah + sed -i 's/Keeper.SecretsManager<\/PackageId>/Keeper.SecretsManager.StrongName<\/PackageId>/g' SecretsManager.StrongName.csproj + cat SecretsManager.StrongName.csproj + - name: Build - run: dotnet build --configuration Release --no-restore -p:SignKSM=True + working-directory: ./SecretsManager + run: | + pwd + ls -lah + dotnet build SecretsManager.StrongName.csproj --configuration Release --no-restore -p:SignKSM=True - name: Cleanup temp files - run: rm -f ./SecretsManager/sgKSM.snk + working-directory: ./SecretsManager + run: | + ls -lah + rm -f sgKSM.snk - name: Publish package - run: dotnet nuget push ./SecretsManager/bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json + if: ${{ github.event.inputs.publish == 'true' }} + working-directory: ./SecretsManager + run: | + ls -lah ./bin/Release/ + dotnet nuget push bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json diff --git a/.github/workflows/publish.nuget.yml b/.github/workflows/publish.nuget.yml index 00e8c482..b9fa5d4a 100644 --- a/.github/workflows/publish.nuget.yml +++ b/.github/workflows/publish.nuget.yml @@ -1,4 +1,5 @@ name: Publish to NuGet + on: workflow_dispatch: @@ -9,23 +10,18 @@ jobs: defaults: run: + working-directory: ./sdk/dotNet steps: - name: Get the source code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup .NET 6 - uses: actions/setup-dotnet@v1 + uses: actions/setup-dotnet@v4 with: dotnet-version: 6.0.x - - name: Install dependencies - run: dotnet restore - - - name: Build - run: dotnet build --configuration Release --no-restore - - name: Retrieve secrets from KSM id: ksmsecrets uses: Keeper-Security/ksm-action@master @@ -34,5 +30,16 @@ jobs: secrets: | Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN + + - name: Install dependencies + run: dotnet restore + + - name: Build + run: dotnet build --configuration Release --no-restore + + + + + - name: Publish package run: dotnet nuget push ./SecretsManager/bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json diff --git a/.github/workflows/test.publish.nuget.yml b/.github/workflows/test.publish.nuget.yml index e455734f..0c700818 100644 --- a/.github/workflows/test.publish.nuget.yml +++ b/.github/workflows/test.publish.nuget.yml @@ -1,30 +1,46 @@ -name: TEST Publish to NuGet +name: Publish strong-named assemblies to NuGet + on: workflow_dispatch: + inputs: + publish: + description: 'Publish to NuGet (uncheck to build only)' + required: false + default: 'true' + type: boolean jobs: publish-nuget: environment: prod - runs-on: ubuntu-latest + runs-on: windows-latest defaults: run: - working-directory: ./sdk/dotNet + shell: powershell + working-directory: .\sdk\dotNet steps: - name: Get the source code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup .NET 6 - uses: actions/setup-dotnet@v1 + uses: actions/setup-dotnet@v4 with: dotnet-version: 6.0.x - - name: Install dependencies - run: dotnet restore - - - name: Build - run: dotnet build --configuration Release --no-restore + - name: Locate sn tool + run: | + $paths = @( + "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools", + "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.7.2 Tools" + ) + foreach ($path in $paths) { + $snPath = Join-Path -Path $path -ChildPath "sn.exe" + if (Test-Path $snPath) { + Write-Output "Found sn tool at: $snPath" + break + } + } - name: Retrieve secrets from KSM id: ksmsecrets @@ -33,3 +49,53 @@ jobs: keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }} secrets: | Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN + Sq4nnb5HXXNp1l6KryXynw/file/sgKSM.snk > file:${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk + + - name: Extract and Update Public Key in SecretsManagerClient.cs + run: | + $snkPath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk" + $publicKeyInfo = dotnet sn -Tp $snkPath + $publicKey = $publicKeyInfo | Select-String "Public Key:" -Context 0, 1 | ForEach-Object { $_.Context.PostContext[0] } + $filePath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\SecretsManagerClient.cs" + (Get-Content $filePath) -replace '\[assembly: InternalsVisibleTo\("SecretsManager.Test.Core"\)\]', "[assembly: InternalsVisibleTo(`"SecretsManager.Test.Core, PublicKey=$publicKey`")]" | Set-Content $filePath + Write-Output "First 20 lines of the modified SecretsManagerClient.cs:" + Get-Content $filePath -Head 20 + + - name: Install dependencies + run: dotnet restore + + - name: "Preparing package for strong naming" + working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\ + run: | + pwd + Get-ChildItem + Copy-Item -Path "SecretsManager.csproj" -Destination "SecretsManager.StrongName.csproj" + (Get-Content -Path "SecretsManager.StrongName.csproj") -replace 'Keeper.SecretsManager', 'Keeper.SecretsManager.StrongName' | Set-Content -Path "SecretsManager.StrongName.csproj" + Get-Content "SecretsManager.StrongName.csproj" + Write-Output "Place the sgKSM.snk file in the SecretsManager.Test.Core directory" + Copy-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk" -Destination "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk" + Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\" + + - name: Build + working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\ + run: | + pwd + Get-ChildItem + dotnet build "SecretsManager.StrongName.csproj" --configuration Release --no-restore -p:SignKSM=True + + - name: Cleanup secret files + working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\ + run: | + Get-ChildItem + Remove-Item -Path ".\sgKSM.snk" + Get-ChildItem + Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\" + Remove-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk" + Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\" + + - name: Publish package + if: ${{ github.event.inputs.publish == 'true' }} + working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\ + run: | + Get-ChildItem ".\bin\Release\" + dotnet nuget push ".\bin\Release\*.nupkg" --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json diff --git a/sdk/dotNet/SecretsManager.Test.Core/SecretsManager.Test.Core.csproj b/sdk/dotNet/SecretsManager.Test.Core/SecretsManager.Test.Core.csproj index 598ad363..b70d7b7b 100644 --- a/sdk/dotNet/SecretsManager.Test.Core/SecretsManager.Test.Core.csproj +++ b/sdk/dotNet/SecretsManager.Test.Core/SecretsManager.Test.Core.csproj @@ -19,4 +19,9 @@ + + True + sgKSM.snk + + diff --git a/sdk/dotNet/SecretsManager/SecretsManager.csproj b/sdk/dotNet/SecretsManager/SecretsManager.csproj index 64a11639..f2f7ab1c 100644 --- a/sdk/dotNet/SecretsManager/SecretsManager.csproj +++ b/sdk/dotNet/SecretsManager/SecretsManager.csproj @@ -16,7 +16,7 @@ https://github.com/Keeper-Security/secrets-manager GitHub keeper secrets manager passwords - © 2023 Keeper Security, Inc. + © 2024 Keeper Security, Inc. https://raw.githubusercontent.com/Keeper-Security/secrets-manager/master/LICENSE?token=AACNMRVMD5L3PYT3C5MTNF3BEAFZY true