Skip to content

Commit

Permalink
Merge pull request #13 from cognitedata/investigate-multi-run
Browse files Browse the repository at this point in the history 
Make multiple runs on same runner possible
  • Loading branch information
@sondresolbakken
sondresolbakken authored Sep 5, 2023
2 parents 7cbce34 + a372379 commit ce6e4a9
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 33 deletions.
48 changes: 23 additions & 25 deletions .github/workflows/run-action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,15 @@ on:
- main
- "releases/*"

# Run this action only once on a single runner. Multiple consecutive runs on the same runner could cause issues.
jobs:
run-action:
run-action-windows:
runs-on: windows-2022
environment: CD
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Run the action for a single binary
- name: Sign single file
env:
CERTIFICATE_HOST: ${{ secrets.CODE_SIGNING_CERT_HOST }}
CERTIFICATE_HOST_API_KEY: ${{ secrets.CODE_SIGNING_CERT_HOST_API_KEY }}
Expand All @@ -25,17 +24,16 @@ jobs:
with:
path-to-binary: 'test\test.dll'

# - name: Run the action for multiple binaries in a directory
# env:
# CERTIFICATE_HOST: ${{ secrets.CODE_SIGNING_CERT_HOST }}
# CERTIFICATE_HOST_API_KEY: ${{ secrets.CODE_SIGNING_CERT_HOST_API_KEY }}
# CERTIFICATE_SHA1_HASH: ${{ secrets.CODE_SIGNING_CERT_SHA1_HASH }}
# CLIENT_CERTIFICATE: ${{ secrets.CODE_SIGNING_CLIENT_CERT }}
# CLIENT_CERTIFICATE_PASSWORD: ${{ secrets.CODE_SIGNING_CLIENT_CERT_PASSWORD }}
# uses: cognitedata/code-sign-action/@v2
# with:
# path-to-binary: 'test'

- name: Sign multiple files in a directory
env:
CERTIFICATE_HOST: ${{ secrets.CODE_SIGNING_CERT_HOST }}
CERTIFICATE_HOST_API_KEY: ${{ secrets.CODE_SIGNING_CERT_HOST_API_KEY }}
CERTIFICATE_SHA1_HASH: ${{ secrets.CODE_SIGNING_CERT_SHA1_HASH }}
CLIENT_CERTIFICATE: ${{ secrets.CODE_SIGNING_CLIENT_CERT }}
CLIENT_CERTIFICATE_PASSWORD: ${{ secrets.CODE_SIGNING_CLIENT_CERT_PASSWORD }}
uses: cognitedata/code-sign-action/@v2
with:
path-to-binary: "test"

run-action-linux:
runs-on: ubuntu-22.04
Expand All @@ -44,7 +42,7 @@ jobs:
- name: Checkout code
uses: actions/checkout@v3

- name: Run the action for a single binary
- name: Sign single file
env:
CERTIFICATE_HOST: ${{ secrets.CODE_SIGNING_CERT_HOST }}
CERTIFICATE_HOST_API_KEY: ${{ secrets.CODE_SIGNING_CERT_HOST_API_KEY }}
Expand All @@ -55,13 +53,13 @@ jobs:
with:
path-to-binary: "test/test.dll"

# - name: Run the action for multiple binaries in a directory
# env:
# CERTIFICATE_HOST: ${{ secrets.CODE_SIGNING_CERT_HOST }}
# CERTIFICATE_HOST_API_KEY: ${{ secrets.CODE_SIGNING_CERT_HOST_API_KEY }}
# CERTIFICATE_SHA1_HASH: ${{ secrets.CODE_SIGNING_CERT_SHA1_HASH }}
# CLIENT_CERTIFICATE: ${{ secrets.CODE_SIGNING_CLIENT_CERT }}
# CLIENT_CERTIFICATE_PASSWORD: ${{ secrets.CODE_SIGNING_CLIENT_CERT_PASSWORD }}
# uses: cognitedata/code-sign-action/@v2
# with:
# path-to-binary: "test"
- name: Sign multiple files in a directory
env:
CERTIFICATE_HOST: ${{ secrets.CODE_SIGNING_CERT_HOST }}
CERTIFICATE_HOST_API_KEY: ${{ secrets.CODE_SIGNING_CERT_HOST_API_KEY }}
CERTIFICATE_SHA1_HASH: ${{ secrets.CODE_SIGNING_CERT_SHA1_HASH }}
CLIENT_CERTIFICATE: ${{ secrets.CODE_SIGNING_CLIENT_CERT }}
CLIENT_CERTIFICATE_PASSWORD: ${{ secrets.CODE_SIGNING_CLIENT_CERT_PASSWORD }}
uses: cognitedata/code-sign-action/@v2
with:
path-to-binary: "test"
29 changes: 21 additions & 8 deletions action.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: "Sign binary"
description: "Sign a binary using a code signing certificate"
name: "Sign file"
description: "Sign a file using a code signing certificate"
inputs:
path-to-binary:
description: "The folder that contains the files to sign"
Expand All @@ -10,16 +10,16 @@ runs:
- name: Setup Certificate Windows
run: |
echo "${{env.CLIENT_CERTIFICATE }}" | base64 --decode > /d/cognite_code_signing_github_actions.p12
if: runner.os == 'Windows'
if: ${{ runner.os == 'Windows' && (!contains(env.DEPS_INSTALLED, 'TRUE')) }}
shell: bash

- name: Setup Certificate Linux
run: |
echo "${{env.CLIENT_CERTIFICATE }}" | base64 --decode | sudo install -D /dev/stdin /d/cognite_code_signing_github_actions.p12
if: runner.os == 'Linux'
if: ${{ runner.os == 'Linux' && (!contains(env.DEPS_INSTALLED, 'TRUE')) }}
shell: bash

- name: Set variables
- name: Set required variables
id: variables
run: |
echo "SM_HOST=${{ env.CERTIFICATE_HOST }}" >> "$GITHUB_ENV"
Expand All @@ -35,14 +35,16 @@ runs:
echo "PKCS11_CONFIG=/tmp/DigiCert One Signing Manager Tools/smtools-linux-x64/pkcs11properties.cfg" >> "$GITHUB_ENV"
echo "/tmp/DigiCert One Signing Manager Tools/smtools-linux-x64" >> $GITHUB_PATH
fi
if: ${{ !contains(env.DEPS_INSTALLED, 'TRUE') }}
shell: bash

- name: Code signing with Secure Software Manager
- name: Configure Digicert Secure Software Manager
uses: digicert/[email protected]
env:
SM_API_KEY: ${{ env.SM_API_KEY }}
SM_CLIENT_CERT_PASSWORD: ${{ env.SM_CLIENT_CERT_PASSWORD }}
SM_CLIENT_CERT_FILE: ${{ env.SM_CLIENT_CERT_FILE }}
if: ${{ !contains(env.DEPS_INSTALLED, 'TRUE') }}

- name: Sign with smctl Windows
env:
Expand All @@ -66,15 +68,26 @@ runs:
if: runner.os == 'Windows'
shell: powershell


- name: Sign with smctl Linux
- name: Install Jsign for Linux signing
run: |
curl -fSslL https://github.com/ebourg/jsign/releases/download/3.1/jsign_3.1_all.deb -o jsign_3.1_all.deb
sudo dpkg --install jsign_3.1_all.deb
if: ${{ runner.os == 'Linux' && (!contains(env.DEPS_INSTALLED, 'TRUE')) }}
shell: bash

- name: Sign with smctl Linux
run: |
file_path="${{ inputs.path-to-binary }}"
for f in $(find $file_path -type f); do
echo $f
smctl sign -v --keypair-alias="key_464138416" --config-file="/tmp/DigiCert One Signing Manager Tools/smtools-linux-x64/pkcs11properties.cfg" --fingerprint "${{ env.SM_CODE_SIGNING_CERT_SHA1_HASH }}" --input "$f"
done
if: runner.os == 'Linux'
shell: bash

- name: Mark dependencies as installed
id: dependency-variable
run: |
echo "DEPS_INSTALLED=TRUE" >> "$GITHUB_ENV"
if: ${{ !contains(env.DEPS_INSTALLED, 'TRUE') }}
shell: bash

0 comments on commit ce6e4a9

Please sign in to comment.