Merge pull request #6 from DuendeSoftware/dh/identitymodel-import

Import IdentityModel

.github/workflows/identity-model-ci.yml

@@ -0,0 +1,96 @@
+name: identity-model\ci
+
+permissions:
+  contents: read
+  checks: write
+  packages: write
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+    - main
+    paths:
+    - .github/workflows/identity-model-ci.yml
+    - identity-model/*
+  pull_request:
+    paths:
+    - .github/workflows/identity-model-ci.yml
+    - identity-model/*
+
+env:
+  DOTNET_NOLOGO: true
+  DOTNET_CLI_TELEMETRY_OPTOUT: true
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        runs-on: [ubuntu-latest, windows-latest]
+    name: ${{ matrix.runs-on }}
+    runs-on: ${{ matrix.runs-on }}
+    defaults:
+      run:
+        working-directory: identity-model
+        shell: pwsh
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Setup dotnet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: |
+          8.0.x
+
+    - name: Build
+      run: ./build.ps1
+
+    - name: Test report
+      id: test-report
+      uses: dorny/test-reporter@v1
+      if: success() || failure()    # run this step even if previous step failed
+      with:
+        name: Test results
+        path: identity-model/test/IdentityModel.Tests/TestResults/Test.trx
+        reporter: dotnet-trx
+        fail-on-error: true
+        fail-on-empty: true
+
+    - name: Install Sectigo CodeSiging CA certificates
+      if: contains(matrix.runs-on, 'ubuntu')
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y ca-certificates
+        sudo cp build/SectigoPublicCodeSigningRootCrossAAA.crt /usr/local/share/ca-certificates/
+        sudo update-ca-certificates
+
+    - name: Sign
+      if: github.ref == 'refs/heads/main' && contains(matrix.runs-on, 'ubuntu')
+      env:
+        SignClientSecret: ${{ secrets.SignClientSecret }}
+      run: ./build.ps1 sign
+
+    - name: Push packages to MyGet
+      if: github.ref == 'refs/heads/main' && contains(matrix.runs-on, 'ubuntu')
+      run: dotnet nuget push artifacts\*.nupkg -s https://www.myget.org/F/duende_identityserver/api/v2/package -k ${{ secrets.MYGET }} --skip-duplicate
+
+    - name: Push NuGet package to GitHub Packages
+      if: github.ref == 'refs/heads/main' && contains(matrix.runs-on, 'ubuntu')
+      run: dotnet nuget push artifacts\*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      if: github.ref == 'refs/heads/main' && contains(matrix.runs-on, 'ubuntu')
+      with:
+        path: access-token-management/artifacts/*.nupkg
+        compression-level: 0
+        overwrite: true
+        retention-days: 15

.github/workflows/identity-model-codeql.yml

@@ -0,0 +1,44 @@
+name: identity-model\codeql
+
+on:
+  push:
+    branches: 
+    - main
+    paths:
+    - .github/workflows/identity-model-codeql.yml
+    - identity-model/*
+  pull_request:
+    paths:
+    - .github/workflows/identity-model-codeql.yml
+    - identity-model/*
+  schedule:
+    - cron: '38 15 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    defaults:
+      run:
+        working-directory: identity-model
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Initialize CodeQL
+      uses:  github/codeql-action/init@v3
+      with:
+        languages: csharp
+
+    - name: Auto build
+      uses: github/codeql-action/autobuild@v3
+
+    - name: Perform CodeQL analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:csharp"

.github/workflows/identity-model-release.yml

@@ -0,0 +1,102 @@
+name: identity-model\release
+
+on:
+  workflow_dispatch:
+   inputs:
+      version:
+        type: string
+        description: "Version in format X.Y.Z or X.Y.Z-preview.N"
+        required: true
+        default: '0.0.0'
+
+env:
+  DOTNET_NOLOGO: true
+  DOTNET_CLI_TELEMETRY_OPTOUT: true
+
+jobs:
+  tag:
+    name: Tag and Pack
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+    defaults:
+      run:
+        working-directory: identity-model
+        shell: pwsh
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: |
+          8.0.x
+
+    - name: Tag
+      run: |
+        git config --global user.email "[email protected]"
+        git config --global user.name "Duende Software"
+        git tag -a idm-${{ github.event.inputs.version }} -m "Release v${{ github.event.inputs.version }}"
+        git push origin idm-${{ github.event.inputs.version }}
+
+    - name: Pack
+      run: ./build.ps1 pack
+
+    # Need to add Sectigo CodeSiging CA certificates to the trust store to prevent the following error:
+    # NU3018: PartialChain: unable to get local issuer certificate
+    - name: Install Sectigo CodeSiging CA certificates
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y ca-certificates
+        sudo cp build/SectigoPublicCodeSigningRootCrossAAA.crt /usr/local/share/ca-certificates/
+        sudo update-ca-certificates
+
+    - name: Sign
+      env:
+        SignClientSecret: ${{ secrets.SignClientSecret }}
+      run: ./build.ps1 sign
+
+    - name: Push packages to MyGet
+      run: dotnet nuget push artifacts\*.nupkg -s https://www.myget.org/F/duende_identityserver/api/v2/package -k ${{ secrets.MYGET }}
+
+    - name: Push packages to GitHub
+      run: dotnet nuget push artifacts\*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        path: identity-model/artifacts/*.nupkg
+        name: identity-model-artifacts
+        compression-level: 0
+        overwrite: true
+        retention-days: 15
+
+  publish:
+    name: Publish to NuGet
+    runs-on: ubuntu-latest
+    environment: nuget.org
+    needs: tag
+
+    steps:
+    - uses: actions/download-artifact@v4
+      with:
+        name: identity-model-artifacts
+        path: artifacts
+
+    - uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: |
+          8.0.x
+
+    - name: List files
+      shell: bash
+      run: tree
+
+    - name: Push to nuget.org
+      run: dotnet nuget push artifacts/*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_ORG_API_KEY }} --skip-duplicate

access-token-management/src/AccessTokenManagement/AccessTokenManagement.csproj

@@ -9,6 +9,7 @@
         <AssemblyName>$(PackageId)</AssemblyName>
         <RootNamespace>$(PackageId)</RootNamespace>
         <Description>Automatic access token management for OAuth client credential flows</Description>
+        <MinVerTagPrefix>idm-</MinVerTagPrefix>
     </PropertyGroup>
 
     <ItemGroup>

identity-model/.config/dotnet-tools.json

@@ -0,0 +1,12 @@
+{
+  "version": 1,
+  "isRoot": true,
+  "tools": {
+    "NuGetKeyVaultSignTool": {
+      "version": "3.2.3",
+      "commands": [
+        "NuGetKeyVaultSignTool"
+      ]
+    }
+  }
+}