Keeper-Security · maksimu · Jul 30, 2024 · May 31, 2024 · Jun 7, 2024 · Jun 7, 2024
@@ -0,0 +1,72 @@
+name: Publish strong-named assemblies to NuGet
+
+on:
+  workflow_dispatch:
+    inputs:
+      publish:
+        description: 'Publish to NuGet (uncheck to build only)'
+        required: false
+        default: 'true'
+        type: boolean
+
+
+jobs:
+  publish-nuget:
+    environment: prod
+    runs-on: ubuntu-latest
+
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./sdk/dotNet
+
+    steps:
+      - name: Get the source code
+        uses: actions/checkout@v4
+
+      - name: Setup .NET 6
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: 6.0.x
+
+      - name: Retrieve secrets from KSM
+        id: ksmsecrets
+        uses: Keeper-Security/ksm-action@master
+        with:
+          keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }}
+          secrets: |
+            Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN
+            Sq4nnb5HXXNp1l6KryXynw/file/sgKSM.snk > file:${{ github.workspace }}/sdk/dotNet/SecretsManager/sgKSM.snk
+
+      - name: Install dependencies
+        run: dotnet restore
+
+      - name: "Preparing package for strong naming"
+        working-directory: ./SecretsManager
+        run: |
+          pwd
+          ls -lah
+          cp -f SecretsManager.csproj SecretsManager.StrongName.csproj
+          ls -lah
+          sed -i 's/<PackageId>Keeper.SecretsManager<\/PackageId>/<PackageId>Keeper.SecretsManager.StrongName<\/PackageId>/g' SecretsManager.StrongName.csproj
+          cat SecretsManager.StrongName.csproj
+
+      - name: Build
+        working-directory: ./SecretsManager
+        run: |
+          pwd
+          ls -lah
+          dotnet build SecretsManager.StrongName.csproj --configuration Release --no-restore -p:SignKSM=True
+
+      - name: Cleanup temp files
+        working-directory: ./SecretsManager
+        run: |
+          ls -lah
+          rm -f sgKSM.snk
+
+      - name: Publish package
+        if: ${{ github.event.inputs.publish == 'true' }}
+        working-directory: ./SecretsManager
+        run: |
+          ls -lah ./bin/Release/
+          dotnet nuget push bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json
@@ -1,6 +1,13 @@
 name: Publish to NuGet
+
 on:
   workflow_dispatch:
+    inputs:
+      publish:
+        description: 'Publish to NuGet (uncheck to build only)'
+        required: false
+        default: 'true'
+        type: boolean
 
 jobs:
   publish-nuget:
@@ -9,30 +16,131 @@ jobs:
 
     defaults:
       run:
+
         working-directory: ./sdk/dotNet
 
     steps:
       - name: Get the source code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup .NET 6
-        uses: actions/setup-dotnet@v1
+        uses: actions/setup-dotnet@v4
         with:
           dotnet-version: 6.0.x
 
+      - name: Retrieve secrets from KSM
+        id: ksmsecrets
+        uses: Keeper-Security/ksm-action@master
+        with:
+          keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }}
+          secrets: |
+            Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN
+
       - name: Install dependencies
         run: dotnet restore
 
       - name: Build
         run: dotnet build --configuration Release --no-restore
 
+      - name: Publish package
+        if: ${{ github.event.inputs.publish == 'true' }}
+        run: dotnet nuget push ./SecretsManager/bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json
+
+      - name: Upload non-strong-named binaries
+        if: ${{ github.event.inputs.publish == 'false' }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: non-strong-named-binaries-${{ github.run_number }}
+          path: |
+            ${{ github.workspace }}/sdk/dotNet/SecretsManager/bin/Release/*.nupkg
+
+  publish-nuget-strongname:
+    environment: prod
+    runs-on: windows-latest
+
+    defaults:
+      run:
+        shell: powershell
+        working-directory: .\sdk\dotNet
+
+    steps:
+      - name: Get the source code
+        uses: actions/checkout@v4
+
+      - name: Setup .NET 6
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: 6.0.x
+
       - name: Retrieve secrets from KSM
         id: ksmsecrets
         uses: Keeper-Security/ksm-action@master
         with:
           keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }}
           secrets: |
             Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN
+            Sq4nnb5HXXNp1l6KryXynw/file/sgKSM.snk > file:${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk
+
+      - name: Extract and Update Public Key in SecretsManagerClient.cs
+        run: |
+          $snPath = "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\sn.exe"
+          $snkPath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk"
+          $publicKeyPath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.pub"
+          & $snPath -p $snkPath $publicKeyPath
+          $publicKeyInfo = & $snPath -tp $publicKeyPath
+          # Filter and join the lines of the public key
+          $publicKeyLines = $publicKeyInfo -split "`n" | Where-Object { $_ -match "^[a-f0-9\s]+$" }
+          $publicKey = $publicKeyLines -join "" -replace "\s", ""
+
+          if (-not $publicKey) {
+            Write-Error "Failed to extract the full public key."
+            exit 1
+          }
+
+          Write-Output "Extracted Public Key: $publicKey"
+          $filePath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\SecretsManagerClient.cs"
+          (Get-Content $filePath) -replace '\[assembly: InternalsVisibleTo\("SecretsManager.Test.Core"\)\]', "[assembly: InternalsVisibleTo(`"SecretsManager.Test.Core, PublicKey=$publicKey`")]" | Set-Content $filePath
+          Write-Output "First 20 lines of the modified SecretsManagerClient.cs:"
+          Get-Content $filePath -Head 20
+
+      - name: Install dependencies
+        run: dotnet restore
+
+      - name: "Preparing package for strong naming"
+        working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
+        run: |
+          pwd
+          Get-ChildItem
+          Copy-Item -Path "SecretsManager.csproj" -Destination "SecretsManager.StrongName.csproj"
+          (Get-Content -Path "SecretsManager.StrongName.csproj") -replace '<PackageId>Keeper.SecretsManager</PackageId>', '<PackageId>Keeper.SecretsManager.StrongName</PackageId>' | Set-Content -Path "SecretsManager.StrongName.csproj"
+          Get-Content "SecretsManager.StrongName.csproj"
+          Copy-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk" -Destination "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk"
+          Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\"
+
+      - name: Build
+        working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
+        run: |
+          pwd
+          Get-ChildItem
+          dotnet build "SecretsManager.StrongName.csproj" --configuration Release --no-restore -p:SignKSM=True
+
+      - name: Cleanup secret files
+        working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
+        run: |
+          Remove-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk"
+          Remove-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk"
 
       - name: Publish package
-        run: dotnet nuget push ./SecretsManager/bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json
+        if: ${{ github.event.inputs.publish == 'true' }}
+        working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
+        run: |
+          Get-ChildItem ".\bin\Release\"
+          dotnet nuget push ".\bin\Release\*.nupkg" --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json
+
+      - name: Upload strong-named binaries
+        if: ${{ github.event.inputs.publish == 'false' }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: strong-named-binaries-${{ github.run_number }}
+          path: |
+            ${{ github.workspace }}\sdk\dotNet\SecretsManager\bin\Release\*.nupkg
@@ -6,7 +6,7 @@
     </PropertyGroup>
 
     <ItemGroup>
-      <PackageReference Include="Keeper.SecretsManager" Version="16.5.1" />
+      <PackageReference Include="Keeper.SecretsManager" Version="16.6.5" />
     </ItemGroup>
 
 </Project>
@@ -0,0 +1,10 @@
+[*]
+
+# Indentation and spacing
+indent_size = 4
+indent_style = space
+tab_width = 4
+
+# New line preferences
+end_of_line = lf
+insert_final_newline = true
@@ -3,6 +3,15 @@
 
 # Change Log
 
+## 16.6.6
+
+* KSM-360 - GHA to build and release strong named assemblies
+* KSM-490 - Switch some internal classes to public - for use in plugins
+* KSM-515 - Update to Bouncy Castle 2.4.0
+* KSM-536 - Update to System.Text.Json 8.0.4
+* KSM-517 - Add support for netstandard2.0 target
+* KSM-542 - Fix PowerShell module to allow dot in title
+
 ## 16.6.5
 
 * KSM-476 - fix public key parsing

@@ -1,14 +1,14 @@
 @{
-    ModuleVersion = '16.6.4'
+    ModuleVersion = '16.6.6'
     RootModule = 'SecretManagement.Keeper.Extension.psm1'
     RequiredAssemblies = '../SecretManagement.Keeper.dll'    
     CompatiblePSEditions = @('Core')
     GUID = '7ad471fa-c303-4e0f-8da7-4b4b6da380f9'
     Author = 'Sergey Aldoukhov'
     CompanyName = 'Keeper Security'
-    Copyright = '(c) 2023 Keeper Security, Inc.'
+    Copyright = '(c) 2024 Keeper Security, Inc.'
     FunctionsToExport = 'Set-Secret', 'Get-Secret', 'Remove-Secret', 'Get-SecretInfo', 'Test-SecretVault', 'Set-KeeperVault', 'Get-Notation'
     CmdletsToExport = @()    
     VariablesToExport = @()
     AliasesToExport = @()
-}
+}
@@ -3,14 +3,15 @@ function Get-Config {
         [string] $LocalVaultName
     )
     $vaults = Microsoft.Powershell.SecretManagement\Get-SecretVault
-    $localVault = $vaults.Where( { $_.Name -eq $LocalVaultName } )
+    $localVault = $vaults.Where( { $_.Name -eq $LocalVaultName } ) # SecretStore/LocalStore
     if (!$localVault) {
         return $null
     }
+
     $moduleInstance = Import-Module -Name $localVault.ModuleName -PassThru
-    $configSecretName = 'KeeperVault.' + $VaultName
+    $configSecretName = 'KeeperVault.' + $VaultName # passed by SecretStore while enumerating registered vaults
     $config = & $moduleInstance Get-Secret -Name $configSecretName -VaultName $localVault.Name
-    if ($config -isnot [Hashtable]) { 
+    if ($config -isnot [Hashtable]) {
         $config = $config[0] # SecretStore returns a List
     }
     return $config

@@ -1,11 +1,11 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFramework>netstandard2.1</TargetFramework>
+        <TargetFramework>netstandard2.0</TargetFramework>
         <AssemblyName>SecretManagement.Keeper</AssemblyName>
         <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
-        <AssemblyVersion>16.6.4</AssemblyVersion>
-        <FileVersion>16.6.4</FileVersion>
+        <AssemblyVersion>16.6.6</AssemblyVersion>
+        <FileVersion>16.6.6</FileVersion>
     </PropertyGroup>
 
     <ItemGroup>

@@ -1,10 +1,10 @@
 @{
-    ModuleVersion = '16.6.4'
+    ModuleVersion = '16.6.6'
     CompatiblePSEditions = @('Core')
     GUID = '20ab89cb-f0dd-4e8e-b276-f3a7708c1eb2'
     Author = 'Sergey Aldoukhov'
     CompanyName = 'Keeper Security'
-    Copyright = '(c) 2023 Keeper Security, Inc.'
+    Copyright = '(c) 2024 Keeper Security, Inc.'
     Description = 'SecretManagement extension vault for Keeper'
     RootModule = './SecretManagement.Keeper.psm1'
     NestedModules = @('./SecretManagement.Keeper.Extension')
@@ -22,4 +22,4 @@
             ReleaseNotes = 'Bug fixes and improvements'
         }
     }
-}
+}
@@ -28,9 +28,19 @@ if ($Package) {
     }
 
     @(
-        './bin/Release/netstandard2.1/SecretManagement.Keeper.dll'
-        './bin/Release/netstandard2.1/SecretsManager.dll'
-        './bin/Release/netstandard2.1/BouncyCastle.Cryptography.dll'
+        './bin/Release/netstandard2.0/SecretsManager.dll'
+        './bin/Release/netstandard2.0/SecretManagement.Keeper.dll'
+        './bin/Release/netstandard2.0/SecretManagement.Keeper.deps.json'
+        './bin/Release/netstandard2.0/BouncyCastle.Cryptography.dll'
+        './bin/Release/netstandard2.0/Microsoft.Bcl.AsyncInterfaces.dll'
+        './bin/Release/netstandard2.0/System.Buffers.dll'
+        './bin/Release/netstandard2.0/System.Management.Automation.dll'
+        './bin/Release/netstandard2.0/System.Memory.dll'
+        './bin/Release/netstandard2.0/System.Numerics.Vectors.dll'
+        './bin/Release/netstandard2.0/System.Runtime.CompilerServices.Unsafe.dll'
+        './bin/Release/netstandard2.0/System.Text.Encodings.Web.dll'
+        './bin/Release/netstandard2.0/System.Text.Json.dll'
+        './bin/Release/netstandard2.0/System.Threading.Tasks.Extensions.dll'
     ) | ForEach-Object {
         Copy-Item -Path $_ -Destination $outDir -Force
     }
@@ -45,4 +55,4 @@ if ($Publish) {
     Publish-Module -Path ./out/SecretManagement.Keeper -NuGetApiKey $APIKey -Verbose
 }
 
-Pop-Location
+Pop-Location