Skip to content
This repository has been archived by the owner on Feb 16, 2023. It is now read-only.

Commit

Permalink
pass code sign secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
@dansiegel
dansiegel committed May 31, 2022
1 parent f651b3c commit fd426ca
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 15 deletions.
14 changes: 13 additions & 1 deletion .github/workflows/build-packages.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,15 @@ jobs:
if: ${{ github.event_name != 'pull_request' }}
with:
name: Deploy Internal
secrets:
secrets:
feedUrl: ${{ secrets.IN_HOUSE_NUGET_FEED }}
apiKey: ${{ secrets.IN_HOUSE_API_KEY }}
CodeSignTimestampUrl: ${{ secrets.CodeSignTimestampUrl }}
CodeSignKeyVault: ${{ secrets.CodeSignKeyVault }}
CodeSignClientId: ${{ secrets.CodeSignClientId }}
CodeSignTenantId: ${{ secrets.CodeSignTenantId }}
CodeSignClientSecret: ${{ secrets.CodeSignClientSecret }}
CodeSignCertificate: ${{ secrets.CodeSignCertificate }}

deploy-sponsors:
uses: ./.github/workflows/deploy.yml
Expand All @@ -85,3 +91,9 @@ jobs:
secrets:
feedUrl: ${{ secrets.SPONSOR_CONNECT_NUGET_FEED }}
apiKey: ${{ secrets.SPONSOR_CONNECT_TOKEN }}
CodeSignTimestampUrl: ${{ secrets.CodeSignTimestampUrl }}
CodeSignKeyVault: ${{ secrets.CodeSignKeyVault }}
CodeSignClientId: ${{ secrets.CodeSignClientId }}
CodeSignTenantId: ${{ secrets.CodeSignTenantId }}
CodeSignClientSecret: ${{ secrets.CodeSignClientSecret }}
CodeSignCertificate: ${{ secrets.CodeSignCertificate }}
41 changes: 27 additions & 14 deletions .github/workflows/deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,18 @@ on:
required: true
apiKey:
required: true
CodeSignTimestampUrl:
required: true
CodeSignKeyVault:
required: true
CodeSignClientId:
required: true
CodeSignTenantId:
required: true
CodeSignClientSecret:
required: true
CodeSignCertificate:
required: true

jobs:
deploy:
Expand All @@ -27,26 +39,27 @@ jobs:

# Known issue https://github.com/novotnyllc/NuGetKeyVaultSignTool/issues/95
- name: Sign NuGet Packages
working-directory: Artifacts/
run: |
dotnet tool install --global NuGetKeyVaultSignTool
NuGetKeyVaultSignTool sign ./Artifacts/*.nupkg `
NuGetKeyVaultSignTool sign *.nupkg `
--file-digest sha256 `
--timestamp-rfc3161 ${{ secrets.CodeSignTimestampUrl }} `
--timestamp-rfc3161 '${{ secrets.CodeSignTimestampUrl }}' `
--timestamp-digest sha256 `
--azure-key-vault-url ${{ secrets.CodeSignKeyVault }} `
--azure-key-vault-client-id ${{ secrets.CodeSignClientId }} `
--azure-key-vault-tenant-id ${{ secrets.CodeSignTenantId }} `
--azure-key-vault-client-secret ${{ secrets.CodeSignClientSecret }} `
--azure-key-vault-certificate ${{ secrets.CodeSignCertificate }}
NuGetKeyVaultSignTool sign ./Artifacts/*.snupkg `
--azure-key-vault-url '${{ secrets.CodeSignKeyVault }}' `
--azure-key-vault-client-id '${{ secrets.CodeSignClientId }}' `
--azure-key-vault-tenant-id '${{ secrets.CodeSignTenantId }}' `
--azure-key-vault-client-secret '${{ secrets.CodeSignClientSecret }}' `
--azure-key-vault-certificate '${{ secrets.CodeSignCertificate }}'
NuGetKeyVaultSignTool sign *.snupkg `
--file-digest sha256 `
--timestamp-rfc3161 ${{ secrets.CodeSignTimestampUrl }} `
--timestamp-rfc3161 '${{ secrets.CodeSignTimestampUrl }}' `
--timestamp-digest sha256 `
--azure-key-vault-url ${{ secrets.CodeSignKeyVault }} `
--azure-key-vault-client-id ${{ secrets.CodeSignClientId }} `
--azure-key-vault-tenant-id ${{ secrets.CodeSignTenantId }} `
--azure-key-vault-client-secret ${{ secrets.CodeSignClientSecret }} `
--azure-key-vault-certificate ${{ secrets.CodeSignCertificate }}
--azure-key-vault-url '${{ secrets.CodeSignKeyVault }}' `
--azure-key-vault-client-id '${{ secrets.CodeSignClientId }}' `
--azure-key-vault-tenant-id '${{ secrets.CodeSignTenantId }}' `
--azure-key-vault-client-secret '${{ secrets.CodeSignClientSecret }}' `
--azure-key-vault-certificate '${{ secrets.CodeSignCertificate }}'
- name: ${{ inputs.name }}
uses: dansiegel/publish-nuget@v1.01
Expand Down

0 comments on commit fd426ca

Please # to comment.