-
Notifications
You must be signed in to change notification settings - Fork 248
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Write unit tests for build and sign release #1521
base: main
Are you sure you want to change the base?
Changes from 58 commits
5ba46c8
021a9d8
43da682
9cd0bb1
aa00717
31f5706
1e35e16
6bc8651
db57541
b21b053
ee43e3c
a9bfb11
348bf9f
6699668
73ce101
703f157
6676866
7250133
426f4b2
2f900fd
55a2a38
84ed7c8
09e5c71
23d0b07
1c02f37
9580ab2
046f12d
0822608
41391b4
e42dddc
a103a41
5e3bc2c
abf8012
41951fc
e5885f6
f4ac865
3bfe37a
ce7096d
158cd49
71842f1
29410e4
f4776bd
69a7798
bba4576
46b0155
dd40f78
220f6ad
932bca3
96cca59
a4cb084
7c2c843
e786cbd
c99f5b7
28dfeb5
c0ec264
2568231
430a3c1
cfb9af2
c5a09b5
a6ecb8d
a377b12
decd14b
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,6 +10,10 @@ on: | |
description: "Release Name" | ||
required: true | ||
type: string | ||
# Note: This is NOT the ACTUAL release version for ScubaGear. | ||
# That value is found in ScubaGear.psd1. | ||
# This is only used for things like the release file name. | ||
# Yes, this is a disconnect that violates DRY. | ||
version: | ||
description: "Release Version (e.g., 1.2.4)" | ||
required: true | ||
|
@@ -27,8 +31,6 @@ jobs: | |
name: Build and Draft Release | ||
runs-on: windows-latest | ||
environment: Development | ||
env: | ||
RELEASE_VERSION: ${{ inputs.version }} | ||
permissions: | ||
id-token: write | ||
contents: write | ||
|
@@ -44,9 +46,10 @@ jobs: | |
path: repo | ||
- name: Install Azure Signing Tool | ||
run: | | ||
dotnet --version | ||
dotnet tool install --global AzureSignTool --version 5.0.0 | ||
# OIDC Login to Azure Public Cloud with AzPowershell (enableAzPSSession true) | ||
# Source the function | ||
. repo/utils/workflow/Install-AzureSignTool.ps1 | ||
Install-AzureSignTool | ||
# OpenID Connect (OIDC) login to Azure Public Cloud with AzPowershell | ||
- name: Login to Azure | ||
uses: azure/login@v2 | ||
with: | ||
|
@@ -64,25 +67,13 @@ jobs: | |
echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT | ||
- name: Sign Module | ||
run: | | ||
# Source the deploy utilities so the functions in it can be called. | ||
. repo/utils/workflow/Publish-ScubaGear.ps1 | ||
# Remove non-release files | ||
Remove-Item -Recurse -Force repo -Include .git* | ||
Write-Output "Creating an array of the files to sign..." | ||
$ArrayOfFilePaths = New-ArrayOfFilePaths ` | ||
-ModuleDestinationPath repo | ||
Write-Output "Creating a file with a list of the files to sign..." | ||
$FileListFileName = New-FileList ` | ||
-ArrayOfFilePaths $ArrayOfFilePaths | ||
Write-Output "Calling AzureSignTool function to sign scripts, manifest, and modules..." | ||
$AzureKeyVaultUrl = '${{ steps.key-vault-info.outputs.KeyVaultUrl }}' | ||
$CertificateName = '${{ steps.key-vault-info.outputs.KeyVaultCertificateName }}' | ||
Use-AzureSignTool ` | ||
-AzureKeyVaultUrl $AzureKeyVaultUrl ` | ||
-CertificateName $CertificateName ` | ||
-FileList $FileListFileName | ||
Move-Item -Path repo -Destination "ScubaGear-${env:RELEASE_VERSION}" -Force | ||
Compress-Archive -Path "ScubaGear-${env:RELEASE_VERSION}" -DestinationPath "ScubaGear-${env:RELEASE_VERSION}.zip" | ||
# Source the function. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This comment is unnecessary as it just restates in plain english what the next line does using standard PowerShell syntax. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Crying... |
||
. repo/utils/workflow/Build-SignRelease.ps1 | ||
New-ModuleSignature ` | ||
-AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} ` | ||
-CertificateName ${{ steps.key-vault-info.outputs.KeyVaultCertificateName }} ` | ||
-ReleaseVersion ${{ inputs.version }} ` | ||
-RootFolderName "repo" | ||
- name: Create Release | ||
uses: softprops/action-gh-release@v1 | ||
id: create-release | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -40,9 +40,10 @@ jobs: | |
path: repo | ||
- name: Install Azure Signing Tool | ||
run: | | ||
dotnet --version | ||
dotnet tool install --global AzureSignTool --version 5.0.0 | ||
# OIDC Login to Azure Public Cloud with AzPowershell (enableAzPSSession true) | ||
# Source the function | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This comment is unnecessary as it just restates in plain english what the next line does using standard PowerShell syntax. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. More pain and suffering. |
||
. repo/utils/workflow/Install-AzureSignTool.ps1 | ||
Install-AzureSignTool | ||
# OIDC Login to Azure Public Cloud with AzPowershell | ||
- name: Login to Azure | ||
uses: azure/login@v2 | ||
with: | ||
|
@@ -60,13 +61,13 @@ jobs: | |
echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT | ||
- name: Create Private Gallery | ||
run: | | ||
# Source the deploy utilities so the functions in it can be called. | ||
# Source the function. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This comment is unnecessary as it just restates in plain english what the next line does using standard PowerShell syntax. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Helpful comment removed. |
||
. repo/utils/workflow/Publish-ScubaGear.ps1 | ||
cd repo | ||
New-PrivateGallery -GalleryName $env:GalleryName -Trusted | ||
- name: Sign and Publish Module | ||
run: | | ||
# Source the deploy utilities so the functions in it can be called. | ||
# Source the function. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This comment is unnecessary as it just restates in plain english what the next line does using standard PowerShell syntax. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Helpful comment removed again. |
||
. repo/utils/workflow/Publish-ScubaGear.ps1 | ||
# Remove non-release files | ||
Remove-Item -Recurse -Force repo -Include .git* | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -46,9 +46,10 @@ jobs: | |
path: repo | ||
- name: Install Azure Signing Tool | ||
run: | | ||
dotnet --version | ||
dotnet tool install --global AzureSignTool --version 5.0.0 | ||
# OIDC Login to Azure Public Cloud with AzPowershell (enableAzPSSession true) | ||
# Source the function | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This comment is unnecessary as it just restates in plain english what the next line does using standard PowerShell syntax. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. More helpful comment removed. |
||
. repo/utils/workflow/Install-AzureSignTool.ps1 | ||
Install-AzureSignTool | ||
# OIDC Login to Azure Public Cloud with AzPowershell | ||
- name: Login to Azure | ||
uses: azure/login@v2 | ||
with: | ||
|
@@ -66,7 +67,7 @@ jobs: | |
echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT | ||
- name: Sign and Publish Module | ||
run: | | ||
# Source the deploy utilities so the functions in it can be called. | ||
# Source the function. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This comment is unnecessary as it just restates in plain english what the next line does using standard PowerShell syntax. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yet again having to painfully remove helpful comment. |
||
. repo/utils/workflow/Publish-ScubaGear.ps1 | ||
# Remove non-release files | ||
Remove-Item -Recurse -Force repo -Include .git* | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# The purpose of this test to ensure that the function fails | ||
# gracefully if the root folder name does not exist. | ||
# Note: Functional testing (not unit testing) should be used | ||
# to verify that AST itself actually works. | ||
|
||
Describe "Bad Inputs Check" { | ||
It "The root folder name should exist" { | ||
$ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve | ||
# Source the function | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This comment is unnecessary as it just restates in plain english what the next line does using standard PowerShell syntax. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. More sad removing of useful comments. |
||
. $ScriptPath | ||
# The function should throw an exception if the root folder name does not exist. | ||
{ New-ModuleSignature ` | ||
-AzureKeyVaultUrl "https://www.cisa.gov" ` | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. For the test, recommend you use a Vault URL using standard There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done. |
||
-CertificateName "certificate name" ` | ||
-ReleaseVersion "0.0.1" ` | ||
-RootFolderName "nonexistantfoldername" } | Should -Throw | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# The purpose of this test is to verify that Azure Sign Tool is working. | ||
|
||
BeforeDiscovery { | ||
$ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Install-AzureSignTool.ps1' -Resolve | ||
# Source the function | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This comment is unnecessary as it just restates in plain english what the next line does using standard PowerShell syntax. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. More more unhelpful removing of helpful comments. |
||
. $ScriptPath | ||
Install-AzureSignTool | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. A question. If yes, then would it beneficial to check if the AzureSignInTool is already installed before attempting to do another installation? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Functions that are in Can you think of any other (non-workflow) code that would want to use the |
||
|
||
Describe "AST Check" { | ||
It "Dotnet should be installed" { | ||
$ToolPath = (Get-Command dotnet).Path | ||
Write-Warning "The path to dotnet is $ToolPath" | ||
Test-Path -Path $ToolPath | Should -Be $true | ||
} | ||
It "AST should be installed" { | ||
$ToolPath = (Get-Command AzureSignTool).Path | ||
Write-Warning "The path to AzureSignTool is $ToolPath" | ||
Test-Path -Path $ToolPath | Should -Be $true | ||
} | ||
} |
Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
@@ -0,0 +1,65 @@ | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
function New-ModuleSignature { | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
<# | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
.SYNOPSIS | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sign the ScubaGear module. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
.PARAMETER $AzureKeyVaultUrl | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The URL for the KeyVault in Azure. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
.PARAMETER $CertificateName | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The name of the certificate stored in the KeyVault. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
.PARAMETER $ReleaseVersion | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The version number of the release (e.g., 1.5.1). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
.PARAMETER $RootFolderName | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The name of the root folder. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
.EXCEPTIONS | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
System.IO.DirectoryNotFoundException | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thrown if $RootFolderName does not exist. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
#> | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[CmdletBinding()] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
param( | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[Parameter(Mandatory = $true)] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[string] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
$AzureKeyVaultUrl, | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[Parameter(Mandatory = $true)] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[string] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
$CertificateName, | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[Parameter(Mandatory = $true)] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[string] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
$ReleaseVersion, | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[Parameter(Mandatory = $true)] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[string] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
$RootFolderName | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Comment on lines
+18
to
+31
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Recommend aligning parameters at same indent level for style consistency.
Suggested change
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Write-Warning "Signing the module with AzureSignTool..." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
# Verify that $RootFolderName exists | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Write-Warning "The root folder name is $RootFolderName" | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
if (Test-Path -Path $RootFolderName) { | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Write-Warning "Directory exists" | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
} else { | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Write-Warning "Directory does not exist; throwing an exception..." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
throw [System.IO.DirectoryNotFoundException] "Directory not found: $RootFolderName" | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
# Source the deploy utilities so the functions in it can be called. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
$PublishPath = Join-Path -Path $PSScriptRoot -ChildPath '..\..\utils\workflow\Publish-ScubaGear.ps1' -Resolve | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
. $PublishPath | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
# Remove non-release files, like the .git dir, required for non-Windows machines | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Remove-Item -Recurse -Force $RootFolderName -Include .git* | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Write-Warning "Creating an array of the files to sign..." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
$ArrayOfFilePaths = New-ArrayOfFilePaths ` | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-ModuleDestinationPath $RootFolderName | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Write-Warning "Creating a file with a list of the files to sign..." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
$FileListFileName = New-FileList ` | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-ArrayOfFilePaths $ArrayOfFilePaths | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Write-Warning "Calling AzureSignTool function to sign scripts, manifest, and modules..." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Use-AzureSignTool ` | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-AzureKeyVaultUrl $AzureKeyVaultUrl ` | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-CertificateName $CertificateName ` | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-FileList $FileListFileName | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Move-Item -Path $RootFolderName -Destination "ScubaGear-$ReleaseVersion" -Force | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Compress-Archive -Path "ScubaGear-$ReleaseVersion" -DestinationPath "ScubaGear-$ReleaseVersion.zip" | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
function Install-AzureSignTool { | ||
<# | ||
.SYNOPSIS | ||
Install Azure Signing Tool | ||
#> | ||
|
||
Write-Warning "Installing AST..." | ||
|
||
dotnet tool install --global AzureSignTool --version 5.0.0 | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the workflows are now in a position where we could refactor out having to using a slimmer version of this function to pull out the version number from the manifest. Future enhancement of course.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the concept, and I'm willing to use it, but I don't like the implementation. If pulling values from a "config file" requires a regex, we're doing it wrong. Surely there's a smarter way!? Or a different type of "config file" could be used for such values?
Well, whatever the implementation, I recommend creating an issue to do this work in the future.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a note to my code stating that this might be coming.