Skip to content
release

Extract trusted signing certificate #44

Sign in to view logs

Extract trusted signing certificate

Extract trusted signing certificate #44

Workflow file for this run

.github/workflows/release.yml at c95a541
name: release
on:
push:
branches:
- 'dev/build_workflow_**'
tags:
- 'v*.*.*'
permissions:
id-token: write
contents: read
jobs:
release:
environment: production
runs-on: windows-2022
strategy:
matrix:
configuration: [Debug, Release]
env:
DOTNET_NOLOGO: 1
DOTNET_CLI_TELEMETRY_OPTOUT: 1
DOTNET_GENERATE_ASPNET_CERTIFICATE: 0
ContinuousIntegrationBuild: true
RestoreLockedMode: true
RepositoryBranch: '${{ github.ref_name }}'
RepositoryCommit: '${{ github.sha }}'
Configuration: '${{ matrix.configuration }}'
steps:
- name: Checkout
uses: actions/checkout@v5
- name: Setup dotnet
uses: actions/setup-dotnet@v5
with:
dotnet-version: 8
- name: Setup MSBuild
uses: microsoft/setup-msbuild@v2
- name: Cache dotnet tools
uses: actions/cache@v4
id: cache-dotnettools
with:
path: ~/.dotnet/tools
key: dotnettools
- name: Setup dotnet sign tool
if: steps.cache-dotnettools.outputs.cache-hit != 'true'
run: dotnet tool install --verbosity minimal --global sign --version 0.9.1-beta.25379.1
- name: Setup Knapcode.CertificateExtractor tool
if: steps.cache-dotnettools.outputs.cache-hit != 'true'
run: dotnet tool install --verbosity minimal --global Knapcode.CertificateExtractor --version 0.1.1
- name: Cache packages
uses: actions/cache@v4
with:
path: ~/.nuget/packages
key: NetOffice-nuget-${{ hashFiles('**/packages.lock.json') }}
restore-keys: |
NetOffice-nuget-
- name: Build information
id: build
run: .\.github\Get-BuildInfo.ps1 -ref '${{ github.ref }}' -event_name '${{ github.event_name }}' -configuration '${{ matrix.configuration }}'
- name: Build NetOffice
run: |
dotnet build Source\NetOffice.sln
env:
VersionSuffix: ${{ steps.build.outputs.app_version_suffix }}
- name: Sign Files Catalog
run: |
$content = Get-Content obj/signlist.txt
$content = $content.Replace('${{ github.workspace }}', '..')
$content | Set-Content obj/signlist.txt
- name: azure login
uses: azure/login@v2
with:
client-id: ${{ secrets.TRUSTED_SIGNING_CLIENT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- name: Sign NetOffice libraries
if: success() && steps.build.outputs.sign_binaries == 'true'
uses: azure/trusted-signing-action@v0.5.10
with:
endpoint: ${{ secrets.TRUSTED_SIGNING_ENDPOINT }}
trusted-signing-account-name: ${{ secrets.TRUSTED_SIGNING_ACCOUNT_NAME }}
certificate-profile-name: ${{ secrets.TRUSTED_SIGNING_CERTIFICATE_PROFILE }}
files-catalog: '${{ github.workspace }}/obj/signlist.txt'
files: |
${{ github.workspace }}/Source/ClientApplication/bin/${{ matrix.configuration }}/AccessApi.dll
${{ github.workspace }}/Source/ClientApplication/bin/${{ matrix.configuration }}/ADODBApi.dll
${{ github.workspace }}/Source/ClientApplication/bin/${{ matrix.configuration }}/DAOApi.dll
${{ github.workspace }}/Source/ClientApplication/bin/${{ matrix.configuration }}/ExcelApi.dll
${{ github.workspace }}/Source/ClientApplication/bin/${{ matrix.configuration }}/MSComctlLibApi.dll
${{ github.workspace }}/Source/ClientApplication/bin/${{ matrix.configuration }}/MSDATASRCApi.dll
${{ github.workspace }}/Source/ClientApplication/bin/${{ matrix.configuration }}/NetOffice.dll
${{ github.workspace }}/Source/ClientApplication/bin/${{ matrix.configuration }}/OfficeApi.dll
${{ github.workspace }}/Source/ClientApplication/bin/${{ matrix.configuration }}/OfficeApi.Extensions.dll
${{ github.workspace }}/Source/ClientApplication/bin/${{ matrix.configuration }}/OutlookApi.dll
${{ github.workspace }}/Source/ClientApplication/bin/${{ matrix.configuration }}/OWC10Api.dll
${{ github.workspace }}/Source/ClientApplication/bin/${{ matrix.configuration }}/PowerPointApi.dll
${{ github.workspace }}/Source/ClientApplication/bin/${{ matrix.configuration }}/VBIDEApi.dll
${{ github.workspace }}/Source/ClientApplication/bin/${{ matrix.configuration }}/WordApi.dll
file-digest: SHA256
timestamp-rfc3161: http://timestamp.acs.microsoft.com
timestamp-digest: SHA256
- name: Archive NetOffice binaries
uses: actions/upload-artifact@v5
with:
name: NetOffice_binaries_v${{ steps.build.outputs.app_version_full }}_${{ matrix.configuration }}
path: '${{ github.workspace }}\Source\ClientApplication\bin\${{ matrix.configuration }}'
- name: Pack NetOffice
run: |
dotnet pack --no-build --no-restore Source\NetOffice.sln -c ${{ matrix.configuration }} -o dist
env:
VersionSuffix: ${{ steps.build.outputs.app_version_suffix }}
- name: Sign NetOffice packages
if: success() && steps.build.outputs.sign_binaries == 'true'
working-directory: '${{ github.workspace}}\dist'
run: |
sign code trusted-signing *.nupkg `
--publisher-name "NetOffice" `
--description "NetOffice" `
--description-url "https://github.com/NetOfficeFw/NetOffice" `
--trusted-signing-endpoint "${{ secrets.TRUSTED_SIGNING_ENDPOINT }}" `
--trusted-signing-account "${{ secrets.TRUSTED_SIGNING_ACCOUNT_NAME }}" `
--trusted-signing-certificate-profile "${{ secrets.TRUSTED_SIGNING_CERTIFICATE_PROFILE }}" `
--file-digest SHA256 `
--timestamp-url http://timestamp.acs.microsoft.com `
--timestamp-digest SHA256
- name: Publish packages
if: success() && steps.build.outputs.publish_nuget == 'true'
working-directory: '${{ github.workspace}}\dist'
run: |
dotnet nuget push *.nupkg --api-key $env:NUGET_TOKEN --source https://api.nuget.org/v3/index.json
env:
NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}
- name: Extract trusted signing certificate
run: |
$nupkg = Get-ChildItem -Path '${{ github.workspace}}\dist' -Filter '*.nupkg' | Select-Object -First 1
nuget-cert-extractor --file $nupkg --output '${{ github.workspace}}\dist' --code-signing --author --leaf
- name: Archive NetOffice packages
if: success() && matrix.configuration == 'Release'
uses: actions/upload-artifact@v5
with:
name: NetOffice_packages_v${{ steps.build.outputs.app_version_full }}
path: '${{ github.workspace }}\dist'