-
Notifications
You must be signed in to change notification settings - Fork 2
55 lines (50 loc) · 2.3 KB
/
test-nuget.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
name: run-action
on:
pull_request:
push:
branches:
- main
- "releases/*"
# Run this action only once on a single runner. Multiple consecutive runs on the same runner could cause issues.
jobs:
run-action:
runs-on: windows-2022
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Certificate Windows
run: |
echo "${{ secrets.CODE_SIGNING_CLIENT_CERT }}" | base64 --decode > /d/cognite_code_signing_github_actions.p12
if: runner.os == 'Windows'
shell: bash
- name: Set variables
id: variables
run: |
echo "SM_HOST=${{ secrets.CODE_SIGNING_CERT_HOST }}" >> "$GITHUB_ENV"
echo "SM_API_KEY=${{ secrets.CODE_SIGNING_CERT_HOST_API_KEY }}" >> "$GITHUB_ENV"
echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.CODE_SIGNING_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
echo "SM_CODE_SIGNING_CERT_SHA1_HASH=${{ secrets.CODE_SIGNING_CERT_SHA1_HASH }}" >> "$GITHUB_ENV"
if [ "${{ runner.os }}" == "Windows" ]
then
echo "SM_CLIENT_CERT_FILE=D:\\cognite_code_signing_github_actions.p12" >> "$GITHUB_ENV"
elif [ "${{ runner.os }}" == "Linux" ]
then
echo "SM_CLIENT_CERT_FILE=/d/cognite_code_signing_github_actions.p12" >> "$GITHUB_ENV"
echo "PKCS11_CONFIG=/tmp/DigiCert One Signing Manager Tools/smtools-linux-x64/pkcs11properties.cfg" >> "$GITHUB_ENV"
echo "/tmp/DigiCert One Signing Manager Tools/smtools-linux-x64" >> $GITHUB_PATH
fi
shell: bash
- name: Code signing with Secure Software Manager
uses: digicert/[email protected]
env:
SM_API_KEY: ${{ env.SM_API_KEY }}
SM_CLIENT_CERT_PASSWORD: ${{ env.SM_CLIENT_CERT_PASSWORD }}
SM_CLIENT_CERT_FILE: ${{ env.SM_CLIENT_CERT_FILE }}
- name: Sign with smctl windows
run: |
curl -o nuget-package.nupkg https://globalcdn.nuget.org/packages/microsoft.bcl.asyncinterfaces.8.0.0-preview.6.23329.7.nupkg
smctl windows certsync --keypair-alias="key_464138416"
smctl sign --fingerprint ${{ env.SM_CODE_SIGNING_CERT_SHA1_HASH }} --input nuget-package.nupkg
smctl sign verify --input nuget-package.nupkg
if: runner.os == 'Windows'
shell: bash