-
Notifications
You must be signed in to change notification settings - Fork 53
146 lines (121 loc) · 5.68 KB
/
publish.nuget.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: Publish to NuGet
on:
workflow_dispatch:
inputs:
publish:
description: 'Publish to NuGet (uncheck to build only)'
required: false
default: 'true'
type: boolean
jobs:
publish-nuget:
environment: prod
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./sdk/dotNet
steps:
- name: Get the source code
uses: actions/checkout@v4
- name: Setup .NET 6
uses: actions/setup-dotnet@v4
with:
dotnet-version: 6.0.x
- name: Retrieve secrets from KSM
id: ksmsecrets
uses: Keeper-Security/ksm-action@master
with:
keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }}
secrets: |
Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN
- name: Install dependencies
run: dotnet restore
- name: Build
run: dotnet build --configuration Release --no-restore
- name: Publish package
if: ${{ github.event.inputs.publish == 'true' }}
run: dotnet nuget push ./SecretsManager/bin/Release/*.nupkg --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json
- name: Upload non-strong-named binaries
if: ${{ github.event.inputs.publish == 'false' }}
uses: actions/upload-artifact@v4
with:
name: non-strong-named-binaries-${{ github.run_number }}
path: |
${{ github.workspace }}/sdk/dotNet/SecretsManager/bin/Release/*.nupkg
publish-nuget-strongname:
environment: prod
runs-on: windows-latest
defaults:
run:
shell: powershell
working-directory: .\sdk\dotNet
steps:
- name: Get the source code
uses: actions/checkout@v4
- name: Setup .NET 6
uses: actions/setup-dotnet@v4
with:
dotnet-version: 6.0.x
- name: Retrieve secrets from KSM
id: ksmsecrets
uses: Keeper-Security/ksm-action@master
with:
keeper-secret-config: ${{ secrets.KSM_KSM_CONFIG }}
secrets: |
Sq4nnb5HXXNp1l6KryXynw/field/password > NUGET_AUTH_TOKEN
Sq4nnb5HXXNp1l6KryXynw/file/sgKSM.snk > file:${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk
- name: Extract and Update Public Key in SecretsManagerClient.cs
run: |
$snPath = "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\sn.exe"
$snkPath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk"
$publicKeyPath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.pub"
& $snPath -p $snkPath $publicKeyPath
$publicKeyInfo = & $snPath -tp $publicKeyPath
# Filter and join the lines of the public key
$publicKeyLines = $publicKeyInfo -split "`n" | Where-Object { $_ -match "^[a-f0-9\s]+$" }
$publicKey = $publicKeyLines -join "" -replace "\s", ""
if (-not $publicKey) {
Write-Error "Failed to extract the full public key."
exit 1
}
Write-Output "Extracted Public Key: $publicKey"
$filePath = "${{ github.workspace }}\sdk\dotNet\SecretsManager\SecretsManagerClient.cs"
(Get-Content $filePath) -replace '\[assembly: InternalsVisibleTo\("SecretsManager.Test.Core"\)\]', "[assembly: InternalsVisibleTo(`"SecretsManager.Test.Core, PublicKey=$publicKey`")]" | Set-Content $filePath
Write-Output "First 20 lines of the modified SecretsManagerClient.cs:"
Get-Content $filePath -Head 20
- name: Install dependencies
run: dotnet restore
- name: "Preparing package for strong naming"
working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
run: |
pwd
Get-ChildItem
Copy-Item -Path "SecretsManager.csproj" -Destination "SecretsManager.StrongName.csproj"
(Get-Content -Path "SecretsManager.StrongName.csproj") -replace '<PackageId>Keeper.SecretsManager</PackageId>', '<PackageId>Keeper.SecretsManager.StrongName</PackageId>' | Set-Content -Path "SecretsManager.StrongName.csproj"
Get-Content "SecretsManager.StrongName.csproj"
Copy-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk" -Destination "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk"
Get-ChildItem "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\"
- name: Build
working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
run: |
pwd
Get-ChildItem
dotnet build "SecretsManager.StrongName.csproj" --configuration Release --no-restore -p:SignKSM=True
- name: Cleanup secret files
working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
run: |
Remove-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager\sgKSM.snk"
Remove-Item -Path "${{ github.workspace }}\sdk\dotNet\SecretsManager.Test.Core\sgKSM.snk"
- name: Publish package
if: ${{ github.event.inputs.publish == 'true' }}
working-directory: ${{ github.workspace }}\sdk\dotNet\SecretsManager\
run: |
Get-ChildItem ".\bin\Release\"
dotnet nuget push ".\bin\Release\*.nupkg" --api-key ${{steps.ksmsecrets.outputs.NUGET_AUTH_TOKEN}} --source https://api.nuget.org/v3/index.json
- name: Upload strong-named binaries
if: ${{ github.event.inputs.publish == 'false' }}
uses: actions/upload-artifact@v4
with:
name: strong-named-binaries-${{ github.run_number }}
path: |
${{ github.workspace }}\sdk\dotNet\SecretsManager\bin\Release\*.nupkg