Skip to content

Commit bb4601a

Browse files
BorisDogBorisDog
authored
VS-155: Migrate signing to Garasign (#83)
1 parent a4249bf commit bb4601a

File tree

2 files changed

+10
-18
lines changed

2 files changed

+10
-18
lines changed

evergreen/evergreen.yml

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -149,9 +149,8 @@ functions:
149149
env:
150150
ARTIFACTORY_PASSWORD: ${ARTIFACTORY_PASSWORD}
151151
ARTIFACTORY_USERNAME: ${ARTIFACTORY_USERNAME}
152-
AZURE_NUGET_SIGN_TENANT_ID: ${AZURE_NUGET_SIGN_TENANT_ID}
153-
AZURE_NUGET_SIGN_CLIENT_ID: ${AZURE_NUGET_SIGN_CLIENT_ID}
154-
AZURE_NUGET_SIGN_CLIENT_SECRET: ${AZURE_NUGET_SIGN_CLIENT_SECRET}
152+
GRS_USERNAME: ${GRS_USERNAME}
153+
GRS_PASSWORD: ${GRS_PASSWORD}
155154
PACKAGE_VERSION: ${PACKAGE_VERSION}
156155
script: |
157156
${PREPARE_SHELL}

evergreen/run-pack.sh

Lines changed: 8 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,8 @@ set +o xtrace # Disable tracing.
55
# Environment variables used as input:
66
# ARTIFACTORY_PASSWORD
77
# ARTIFACTORY_USERNAME
8-
# AZURE_NUGET_SIGN_TENANT_ID
9-
# AZURE_NUGET_SIGN_CLIENT_ID
10-
# AZURE_NUGET_SIGN_CLIENT_SECRET
8+
# GRS_USERNAME
9+
# GRS_PASSWORD
1110
# PACKAGE_VERSION
1211

1312
if [ -z "$PACKAGE_VERSION" ]; then
@@ -23,15 +22,9 @@ dotnet pack ./src/MongoDB.Analyzer.Package/MongoDB.Analyzer.Package.csproj -o ./
2322

2423
echo "${ARTIFACTORY_PASSWORD}" | docker login --password-stdin --username "${ARTIFACTORY_USERNAME}" artifactory.corp.mongodb.com
2524

26-
docker run --platform="linux/amd64" --rm -v $(pwd):/workdir -w /workdir \
27-
artifactory.corp.mongodb.com/release-tools-container-registry-local/azure-keyvault-nuget \
28-
NuGetKeyVaultSignTool sign "artifacts/nuget/*"."$PACKAGE_VERSION".nupkg \
29-
--force \
30-
--file-digest=sha256 \
31-
--timestamp-rfc3161=http://timestamp.digicert.com \
32-
--timestamp-digest=sha256 \
33-
--azure-key-vault-url=https://mdb-authenticode.vault.azure.net \
34-
--azure-key-vault-tenant-id="$AZURE_NUGET_SIGN_TENANT_ID" \
35-
--azure-key-vault-client-secret="$AZURE_NUGET_SIGN_CLIENT_SECRET" \
36-
--azure-key-vault-client-id="$AZURE_NUGET_SIGN_CLIENT_ID" \
37-
--azure-key-vault-certificate=authenticode-2021
25+
echo "GRS_CONFIG_USER1_USERNAME=${GRS_USERNAME}" >> "signing-envfile"
26+
echo "GRS_CONFIG_USER1_PASSWORD=${GRS_PASSWORD}" >> "signing-envfile"
27+
28+
docker run --platform="linux/amd64" --env-file=signing-envfile --rm -v $(pwd):/workdir -w /workdir \
29+
artifactory.corp.mongodb.com/release-tools-container-registry-local/garasign-jsign \
30+
/bin/bash -c "jsign --tsaurl "http://timestamp.digicert.com" -a mongo-authenticode-2021 "./artifacts/nuget/*.$PACKAGE_VERSION.nupkg""

0 commit comments

Comments
 (0)