Merge pull request #4 from Keyfactor/main

updated workflows for release 1.0.0

Author: doebrowsk

.github/workflows/keyfactor-extension-prerelease.yml

@@ -1,20 +1,25 @@
-# This is a basic workflow to help you get started with Actions
+# This workflow will build a Release Candidate (pre-release)
+# It runs automatically when attempting a PR from pre-release branch to the release branch
 
-name: Keyfactor Extension - Pre Release
+name: Keyfactor Extension - Release Candidate
+
+env:
+  SOLUTION_FOLDER: '.'
+  PROJECT_FOLDER: 'GCPAnyAgent'
 
 # Controls when the action will run. 
 on:
-  # Triggers the workflow on push
-  push:
-    #only run this workflow when pushing to a branch that has the prerelease suffix
+  # Triggers the workflow on PR open
+  pull_request:
+    types: [opened, synchronize]
+    # only run this workflow when opening PR to release branch
     branches: 
-        - 'release-[0-9]+.[0-9]+.[0-9]+-pre' 
-        - '!release-[0-9]+.[0-9]+.[0-9]+' 
+        - '!release-[0-9]+.[0-9]+-pre' 
+        - 'release-[0-9]+.[0-9]+' 
 
-  # Allows you to run this workflow manually from the Actions tab
+  # Release Candidate can be triggered manually
   workflow_dispatch:
 
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   # This workflow contains a single job called "build"
   build:
@@ -32,14 +37,17 @@ jobs:
             echo "Setup Envrionment Variables for Workflow"
             echo "Working Path: ${Env:GITHUB_WORKSPACE}"
             $slnPath = (Get-ChildItem -Include *.sln -File -Recurse).fullname
-            $relName = "${{ github.ref }}".Split("/")
+            $relName = "${{ github.base_ref }}".Split("/")
             $repoName = "${{ github.repository }}".Split("/")
+            $relVersion = "${{ github.base_ref }}".Split("-")
             echo "Solution File Path: ${slnPath}"
             echo "SOLUTION_PATH=${slnPath}" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append
             echo "Release Name: $($relName[-1])"
             echo "RELEASE_NAME=$($relName[-1])" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append
             echo "Repo Name: $($repoName[-1])"
             echo "REPO_NAME=$($repoName[-1])" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append
+            echo "Release Version: $($relVersion[-1])"
+            echo "RELEASE_VERSION=$($relVersion[-1])" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append
         
       - uses: actions/setup-dotnet@v1
         with:
@@ -58,6 +66,65 @@ jobs:
       - name: restore nuget packages
         run: |
           nuget restore ${{ env.SOLUTION_PATH  }}
+          
+      - name: GitHub Script checks for existing version tags
+        id: existing_version
+        uses: actions/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VERSION_NUMBER: ${{ env.RELEASE_VERSION }}
+        with:
+          script: |
+            // check for existing tags on this major.minor version
+            const tagsList = await github.git.listMatchingRefs({
+             owner: context.repo.owner,
+             repo: context.repo.repo,
+             ref: 'tags'
+            });
+            
+            const { VERSION_NUMBER } = process.env;
+            const tags = tagsList.data.reverse();
+            
+            // assume linear release pattern - i.e. always working on latest major.minor version
+            // if there are no tags, or latest tag does not start with VERSION_NUMBER, set a manual version for release
+            if (tags.length < 1
+                || !tags.shift().ref.startsWith(`refs/tags/${VERSION_NUMBER}`)) {
+              core.exportVariable('MANUAL_VERSION', `${VERSION_NUMBER}.0-rc.0`);
+            }
+            
+      # Create a new release to auto-increment (or use manual version number)
+      - name: Create new release
+        id: create_release
+        #uses: zendesk/action-create-release@v1
+        uses: keyfactor/action-create-release@786b73035fa09790f9eb11bb86834a6d7af1c256
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          MANUAL_VERSION: ${{ env.MANUAL_VERSION }}
+        with:
+          release_name: Release Candidate ${{ env.REPO_NAME }} ${{ env.RELEASE_VERSION }} 
+          body: |
+            [Changelog](../CHANGELOG.MD)
+          draft: false
+          prerelease: true
+          prerelease_suffix: rc
+          tag_name: ${{ env.MANUAL_VERSION }}
+          auto_increment_type: prerelease
+          tag_schema: semantic
+          commitish: ${{ github.sha }}          
+                    
+      # update version number of AssemblyInfo.cs file
+      - name: Increment Assembly Version
+        run: |
+            $VersionRegex = "\d+\.\d+\.\d+"
+            $assemblyInfoFiles = (Get-ChildItem -Include AssemblyInfo.cs -File -Recurse).fullname
+            $newVer = "${{ steps.create_release.outputs.current_tag }}".TrimStart('v').Split('-')[0]
+            echo "Prepared to overwrite Assembly version to: ${newVer}"
+            foreach ($assemblyInfoFile in $assemblyInfoFiles)
+            {
+              $filecontent = Get-Content($assemblyInfoFile)
+              attrib $assemblyInfoFile -r
+              $filecontent -replace $VersionRegex, $newVer | Out-File $assemblyInfoFile
+            }
       
       # Runs a set of commands using the runners shell
       - name: Execute MSBuild Commands
@@ -67,36 +134,22 @@ jobs:
       - name: Archive Files
         run: |
            md ${{ github.workspace }}\zip\Keyfactor
-           Compress-Archive -Path ${{ github.workspace }}\GCPAnyAgent\bin\Release\*.dll,${{ github.workspace }}\GCPAnyAgent\bin\Release\GCPAnyAgent.dll.config -DestinationPath ${{ github.workspace }}\zip\Keyfactor\$Env:REPO_NAME.zip -Force
+           Compress-Archive -Path `
+           ${{ env.SOLUTION_FOLDER }}\${{ env.PROJECT_FOLDER }}\bin\Release\* `
+           -DestinationPath ${{ github.workspace }}\zip\Keyfactor\$Env:REPO_NAME.zip -Force
       
 
       - name: Upload a Build Artifact
         uses: actions/[email protected]
         with:
           # Artifact name
-          name: ${{ env.REPO_NAME}}.zip
+          name: ${{ env.REPO_NAME }}.zip
           # A file, directory or wildcard pattern that describes what to upload
           path: |
             ${{ github.workspace }}\zip\Keyfactor\${{ env.REPO_NAME}}.zip
           # The desired behavior if no files are found using the provided path.
           if-no-files-found: error # optional, default is warn
-
-      - name: Create Release
-        id: create_release
-        #uses: zendesk/action-create-release@v1 - Update when PR is approved
-        uses: keyfactor/action-create-release@786b73035fa09790f9eb11bb86834a6d7af1c256
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          release_name: Release ${{ env.RELEASE_NAME  }}
-          body: |
-            [Changelog](../CHANGELOG.MD)
-          draft: false
-          prerelease: true
-          auto_increment_type: patch
-          tag_schema: semantic
-          commitish: ${{ github.sha }}
-      
+    
       - name: Upload Release Asset (x64)
         id: upload-release-asset-x64
         uses: actions/upload-release-asset@v1
@@ -105,5 +158,5 @@ jobs:
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }}
           asset_path: ${{ github.workspace }}\zip\Keyfactor\${{ env.REPO_NAME}}.zip
-          asset_name: ${{ env.REPO_NAME}}.zip
+          asset_name: ${{ env.REPO_NAME}}_${{ steps.create_release.outputs.current_tag }}.zip
           asset_content_type: application/zip                 

.github/workflows/keyfactor-extension-release.yml

@@ -3,8 +3,8 @@
 name: Keyfactor Extension - Release
 
 env:
-  SOLUTION_FOLDER: '<SOLUTION_FOLDER_NAME>'
-  PROJECT_FOLDER: '<PROJECT_FOLDER_NAME>'
+  SOLUTION_FOLDER: '.'
+  PROJECT_FOLDER: 'GCPAnyAgent'
 
 # Controls when the action will run. 
 on:
@@ -109,9 +109,7 @@ jobs:
         run: |
            md ${{ github.workspace }}\zip\Keyfactor
            Compress-Archive -Path `
-           ${{ env.SOLUTION_FOLDER }}\${{ env.PROJECT_FOLDER }}\bin\Release\*.dll, `
-           ${{ env.SOLUTION_FOLDER }}\${{ env.PROJECT_FOLDER }}\bin\Release\*.json, `
-           ${{ env.SOLUTION_FOLDER }}\${{ env.PROJECT_FOLDER }}\bin\Release\*.config `
+           ${{ env.SOLUTION_FOLDER }}\${{ env.PROJECT_FOLDER }}\bin\Release\* `
            -DestinationPath ${{ github.workspace }}\zip\Keyfactor\$Env:REPO_NAME.zip -Force      
       
       - name: Upload Release Asset (x64)

CHANGELOG.md

@@ -0,0 +1,2 @@
+v1.0
+- Original Version

README.md

@@ -1,15 +1,68 @@
-# GCP AnyAgent
-## Gcp
-
-This integration is used to inventory and manage certificates in GCP. 
+# GCP Load Balancer
+## Orchestrator
 
 <!-- add integration specific information below -->
-*** 
+
+***
 
 # Introduction 
-- TODO:
+- The GCP Load Balancer Orchestrator allows for the management of Google Cloud Platform Load Balancer certificate stores.  Inventory, Management-Add, and Management-Remove functions are supported.  Also, re-binding to endpoints IS supported for certificate renewals (but NOT adding new certificates).  The orchestrator uses the Google Cloud Compute Engine API to manage stores.
 
 # Setting up GCP Cert Store Type
+The certificate store type set up for the GCP Load Balancer Orchestrator should have the following options set:
+
+**Name:** A descriptive name for the certificate store type
+
+**Short Name:** Must be **GCP**
+
+**Needs Server:** Unchecked
+
+**Blueprint Allowed:** Unchecked
+
+**Requires Store Password:** Unchecked
+
+**Supports Entry Password:** Unchecked
+
+**Supports Custom Alias:** Optional (If unselected, a random alias will be generated by the GCP LB Orchestrator)
+
+**Uses PowerShell: ** Unchecked
+
+**Store Path Type:** FreeForm
+
+**Private Keys: ** Required (Adding a certificate to a GCP Load Balancer certificate store without the private key is not a valid use case)
+
+**PFX Password Style:** Default
+
+**Job Types:** Check Inventory, Add, and Remove.  Leave Create, Discovery, and Reenrollment unchecked
+
+**Parameters:** Add 1 custom parameter if authenticating to the GCP API library by passing the GCP service account key from Keyfactor Command (see Authentication):
+
+- Name: Must be **jsonKey**
+- Display Name: Desired custom display name
+- Type: Secret
+- Change Default Value: Unchecked
+- Default Value: Leave blank
+
+
+
+# Setting up GCP Cert Store
+When creating a GCP certificate store in Keyfactor, the various options should be set up a follows:
+
+**Category:** Must be GCP
+
+**Container:** Optional container name if using this feature.  Please consult the Keyfactor Command Reference Guide for more information on this feature.
+
+**Client Machine:** The name or IP address of the Orchestrator server that will be handling GCP jobs.
+
+**Store Path:** This should be your Google Cloud project ID.  This will work against GCP Global resources.  Optionally, you can append "/" with the region you wish to process against.  Please refer to the following page for a list of valid region codes (GCP code column): https://gist.github.com/rpkim/084046e02fd8c452ba6ddef3a61d5d59.
+
+**Service Account Key:** If you will be authenticating via passing credentials from Keyfactor Command, you must add this value as follows:
+- No Service Account Key: Unchecked
+- Secret Source: "Keyfactor Secrets" if you wish to store the GCP service account key in the Keyfactor secrets engine or "Load From PAM Provider" if you have set up a PAM provider integration within Keyfactor Command and wish to store this value there.
+- Enter and Confirm Service Account Key: The JSON-based service account key you acquired from GCP (See Authentication).
+
+**Inventory Schedule:** Set whether to schedule Inventory jobs for this certificate store, and if so, the frequency here.
+
 
 # Authentication
 A service account is necessary for authentication to GCP.  The following are the required permissions:
@@ -26,12 +79,16 @@ Remember to assign the appropriate role/permissions for the service account.
 Afterwards inside Keyfactor Command copy and paste the contents of the service account key in the password field for the GCP Certificate Store Type.
 
 # Supported Functionality
-- Inventory, Management
+- Inventory
+- Management-Add (including re-binding of existing bindings for certificate renewals, no binding functionality available for new certificate adds)
+- Management-Remove
 
 # Not Implemented/Supported
-- Binding
+- Discovery
+- Management-Create
+- Reenrollment
 
- ***
+***
 
 ### License
 [Apache](https://apache.org/licenses/LICENSE-2.0)

README.md.tpl

@@ -1,15 +1,68 @@
 # {{ name }}
 ## {{ integration_type | capitalize }}
 
-{{ description }}
-
 <!-- add integration specific information below -->
-*** 
+
+***
 
 # Introduction 
-- TODO:
+- {{ description }}
 
 # Setting up GCP Cert Store Type
+The certificate store type set up for the GCP Load Balancer Orchestrator should have the following options set:
+
+**Name:** A descriptive name for the certificate store type
+
+**Short Name:** Must be **GCP**
+
+**Needs Server:** Unchecked
+
+**Blueprint Allowed:** Unchecked
+
+**Requires Store Password:** Unchecked
+
+**Supports Entry Password:** Unchecked
+
+**Supports Custom Alias:** Optional (If unselected, a random alias will be generated by the GCP LB Orchestrator)
+
+**Uses PowerShell: ** Unchecked
+
+**Store Path Type:** FreeForm
+
+**Private Keys: ** Required (Adding a certificate to a GCP Load Balancer certificate store without the private key is not a valid use case)
+
+**PFX Password Style:** Default
+
+**Job Types:** Check Inventory, Add, and Remove.  Leave Create, Discovery, and Reenrollment unchecked
+
+**Parameters:** Add 1 custom parameter if authenticating to the GCP API library by passing the GCP service account key from Keyfactor Command (see Authentication):
+
+- Name: Must be **jsonKey**
+- Display Name: Desired custom display name
+- Type: Secret
+- Change Default Value: Unchecked
+- Default Value: Leave blank
+
+
+
+# Setting up GCP Cert Store
+When creating a GCP certificate store in Keyfactor, the various options should be set up a follows:
+
+**Category:** Must be GCP
+
+**Container:** Optional container name if using this feature.  Please consult the Keyfactor Command Reference Guide for more information on this feature.
+
+**Client Machine:** The name or IP address of the Orchestrator server that will be handling GCP jobs.
+
+**Store Path:** This should be your Google Cloud project ID.  This will work against GCP Global resources.  Optionally, you can append "/" with the region you wish to process against.  Please refer to the following page for a list of valid region codes (GCP code column): https://gist.github.com/rpkim/084046e02fd8c452ba6ddef3a61d5d59.
+
+**Service Account Key:** If you will be authenticating via passing credentials from Keyfactor Command, you must add this value as follows:
+- No Service Account Key: Unchecked
+- Secret Source: "Keyfactor Secrets" if you wish to store the GCP service account key in the Keyfactor secrets engine or "Load From PAM Provider" if you have set up a PAM provider integration within Keyfactor Command and wish to store this value there.
+- Enter and Confirm Service Account Key: The JSON-based service account key you acquired from GCP (See Authentication).
+
+**Inventory Schedule:** Set whether to schedule Inventory jobs for this certificate store, and if so, the frequency here.
+
 
 # Authentication
 A service account is necessary for authentication to GCP.  The following are the required permissions:
@@ -26,12 +79,16 @@ Remember to assign the appropriate role/permissions for the service account.
 Afterwards inside Keyfactor Command copy and paste the contents of the service account key in the password field for the GCP Certificate Store Type.
 
 # Supported Functionality
-- Inventory, Management
+- Inventory
+- Management-Add (including re-binding of existing bindings for certificate renewals, no binding functionality available for new certificate adds)
+- Management-Remove
 
 # Not Implemented/Supported
-- Binding
+- Discovery
+- Management-Create
+- Reenrollment
 
- ***
+***
 
 ### License
 [Apache](https://apache.org/licenses/LICENSE-2.0)

integration-manifest.json

@@ -1,8 +1,8 @@
-  
 {
   "$schema": "https://keyfactor.github.io/integration-manifest-schema.json",
-  "integration_type": "gcp",
-  "name": "GCP AnyAgent",
-  "status": "pilot",
-  "description": "This integration is used to inventory and manage certificates in GCP. "
+  "integration_type": "orchestrator",
+  "name": "GCP Load Balancer",
+  "status": "production",
+  "link_github": true,
+  "description": "The GCP Load Balancer Orchestrator allows for the management of Google Cloud Platform Load Balancer certificate stores.  Inventory, Management-Add, and Management-Remove functions are supported.  Also, re-binding to endpoints IS supported for certificate renewals (but NOT adding new certificates).  The orchestrator uses the Google Cloud Compute Engine API to manage stores."
 }