From e3facc5bf45b84a4ec346cf9398c3ffcc500cce0 Mon Sep 17 00:00:00 2001 From: Matthew John Cheetham Date: Wed, 26 Jun 2024 14:40:58 -0700 Subject: [PATCH] release: use custom Sign.Cli tool for signing Use our customised version of the dotnet/sign tool for Trusted Signing, including export of the certificate. --- .github/workflows/release.yml | 38 +++++++++++------------------------ 1 file changed, 12 insertions(+), 26 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6c83d7ba8..1f5df7936 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -353,27 +353,20 @@ jobs: env: AST: ${{ secrets.AZURE_STORAGE_ACCOUNT }} ASC: ${{ secrets.AZURE_STORAGE_CONTAINER }} - SCT: ${{ secrets.SIGN_CLI_TOOL }} + SCT: 'Sign.Cli-alpha.zip' run: | az storage blob download --file sign-cli.zip --auth-mode login ` --account-name $env:AST --container-name $env:ASC --name $env:SCT Expand-Archive -Path sign-cli.zip -DestinationPath .\sign-cli - name: Sign payload - env: - ACST: ${{ secrets.AZURE_TENANT_ID }} - ACSI: ${{ secrets.AZURE_CLIENT_ID }} - ACSS: ${{ secrets.AZURE_CLIENT_SECRET }} run: | - ./sign-cli/sign.exe code azcodesign payload/* ` - -acsu https://wus2.codesigning.azure.net/ ` - -acsa git-fundamentals-signing ` - -acscp git-fundamentals-windows-signing ` + ./sign-cli/sign.exe code trusted-signing payload/* ` + -tse https://wus2.codesigning.azure.net/ ` + -tsa git-fundamentals-signing ` + -tscp git-fundamentals-windows-signing ` -d "Git Fundamentals Windows Signing Certificate" ` - -u "https://github.com/git-ecosystem/git-credential-manager" ` - -acst $env:ACST ` - -acsi $env:ACSI ` - -acss $env:ACSS + -u "https://github.com/git-ecosystem/git-credential-manager" - name: Lay out signed payload, images, and symbols shell: bash @@ -444,28 +437,21 @@ jobs: env: AST: ${{ secrets.AZURE_STORAGE_ACCOUNT }} ASC: ${{ secrets.AZURE_STORAGE_CONTAINER }} - SCT: ${{ secrets.SIGN_CLI_TOOL }} + SCT: 'Sign.Cli-alpha.zip' run: | az storage blob download --file sign-cli.zip --auth-mode login ` --account-name $env:AST --container-name $env:ASC --name $env:SCT Expand-Archive -Path sign-cli.zip -DestinationPath .\sign-cli - name: Sign package - env: - ACST: ${{ secrets.AZURE_TENANT_ID }} - ACSI: ${{ secrets.AZURE_CLIENT_ID }} - ACSS: ${{ secrets.AZURE_CLIENT_SECRET }} run: | - ./sign-cli/sign.exe code azcodesign nupkg/* ` - -acsu https://wus2.codesigning.azure.net/ ` - -acsa git-fundamentals-signing ` - -acscp git-fundamentals-windows-signing ` + ./sign-cli/sign.exe code trusted-signing nupkg/* ` + -tse https://wus2.codesigning.azure.net/ ` + -tsa git-fundamentals-signing ` + -tscp git-fundamentals-windows-signing ` -d "Git Fundamentals Windows Signing Certificate" ` -u "https://github.com/git-ecosystem/git-credential-manager" ` - -acst $env:ACST ` - -acsi $env:ACSI ` - -acss $env:ACSS ` - -acsc nuget-signing-certificate.cer + -co nuget-signing-certificate.cer mv nupkg/* .