Merge branch 'develop' into feature/new-piv-keys-2

Author: DennisDyallo

.github/scripts/commit-and-push.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [[ -z "${GITOPS_BRANCH:-}" ]]; then
+  echo "GITOPS_BRANCH must be set."
+  exit 1
+fi
+
+if [[ -z "${IMAGE_TAG:-}" ]]; then
+  echo "IMAGE_TAG must be set."
+  exit 1
+fi
+
+kustomization_path="k8s/yesdk/kustomization.yaml"
+
+commit_msg=$(
+cat <<EOF
+Update $kustomization_path
+
+Using image tag $IMAGE_TAG
+
+Triggered by workflow: https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}
+Triggered by actor: ${GITHUB_ACTOR}
+EOF
+)
+
+if git diff --exit-code --quiet; then
+  echo "Nothing to commit. Skipped git commit/push."
+  exit 0
+fi
+
+git add "$kustomization_path"
+git commit --message "$commit_msg"
+
+max_retries=10
+retry_count=0
+while [ $retry_count -lt $max_retries ]; do
+  git fetch origin "$GITOPS_BRANCH"
+  git rebase "origin/$GITOPS_BRANCH"
+
+  if git push; then
+    echo "Push successful"
+    break
+  else
+    ((retry_count += 1))
+    if [ $retry_count -ge $max_retries ]; then
+      echo "Max retries reached. Exiting with failure."
+      exit 1
+    fi
+
+    echo "Failed to push. Retrying..."
+    sleep 5
+  fi
+done

.github/scripts/configure-git-pgp.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [[ -z "${PGP_KEY:-}" ]]; then
+  echo "PGP_KEY must be set."
+  exit 1
+fi
+
+echo "$PGP_KEY" | gpg --import
+
+key_id=$(gpg --list-secret-keys --with-colons | awk -F: '$1 == "sec" {print $5}')
+git config --global commit.gpgsign "true"
+git config --global user.signingKey "${key_id}"
+echo "Using PGP key for git commit signing: ${key_id}"
+
+pgp_user_id=$(gpg --list-keys --with-colons "$key_id" | awk -F: '$1 == "uid" {print $10}')
+pgp_name=$(echo "$pgp_user_id" | cut --delimiter '<' --fields 1)
+pgp_email=$(echo "$pgp_user_id" | cut --delimiter '<' --fields 2 | cut --delimiter '>' --fields 1)
+git config --global user.name "${pgp_name}"
+git config --global user.email "${pgp_email}"
+
+echo "Git name: ${pgp_name}"
+echo "Git email: ${pgp_email}"

.github/scripts/wait-for-commit-status.sh

@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [[ -z "${GITHUB_TOKEN:-}" ]]; then
+  echo "GITHUB_TOKEN must be set."
+  exit 1
+fi
+
+if [[ -z "${REF:-}" ]]; then
+  echo "REF must be set."
+  exit 1
+fi
+
+ORG=${ORG:-Yubico}
+REPO=${REPO:-docs-gitops}
+KUSTOMIZATION_NAME=${KUSTOMIZATION_NAME:-docs}
+
+timeout_minutes=15
+end_time=$(date -ud "+$timeout_minutes minutes" +%s)
+
+echo "Looking for status:"
+echo "  Repo: $ORG/$REPO"
+echo "  Ref: $REF"
+echo "  Status context: kustomization/$KUSTOMIZATION_NAME"
+echo
+
+state=""
+message_printed=false
+while [[ -z "$state" ]]; do
+  state=$(gh api "/repos/$ORG/$REPO/commits/$REF/status" | jq -r ".statuses[] | select(.context | startswith(\"kustomization/$KUSTOMIZATION_NAME/\")).state")
+
+  if [[ -n "$state" ]]; then
+    echo "Status: $state"
+    break
+  fi
+
+  if [[ $(date -u +%s) -ge $end_time ]]; then
+    echo "Deployment was not complete after $timeout_minutes minutes."
+    exit 1
+  fi
+
+  if [[ "$message_printed" == "false" ]]; then
+    echo "Waiting for deployment to complete (timeout: $timeout_minutes minutes)..."
+    message_printed=true
+  fi
+  sleep 10
+done
+
+if [[ "$state" != "success" ]]; then
+  exit 1
+fi
+
+exit 0

.github/workflows/build-pull-requests.yml

@@ -56,20 +56,20 @@ jobs:
         run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/Yubico/index.json"
 
       - name: Build Yubico.NET.SDK.sln
-        run: dotnet build --configuration ReleaseWithDocs --nologo --verbosity minimal Yubico.NET.SDK.sln
+        run: dotnet build --configuration Release --nologo --verbosity minimal Yubico.NET.SDK.sln
 
       - name: Save build artifacts
         uses: actions/upload-artifact@v4
         with:
-          name: Nuget Packages ReleaseWithDocs
+          name: Nuget Packages Release
           path: |
-            Yubico.Core/src/bin/ReleaseWithDocs/*.nupkg
-            Yubico.YubiKey/src/bin/ReleaseWithDocs/*.nupkg
+            Yubico.Core/src/bin/Release/*.nupkg
+            Yubico.YubiKey/src/bin/Release/*.nupkg
 
       - name: Save build artifacts
         uses: actions/upload-artifact@v4
         with:
-          name: Assemblies ReleaseWithDocs
+          name: Assemblies Release
           path: |
-            Yubico.Core/src/bin/ReleaseWithDocs/**/*.dll
-            Yubico.YubiKey/src/bin/ReleaseWithDocs/**/*.dll
+            Yubico.Core/src/bin/Release/**/*.dll
+            Yubico.YubiKey/src/bin/Release/**/*.dll

.github/workflows/build.yml

@@ -35,6 +35,11 @@ on:
         required: false
         default: false
         type: boolean
+      push-to-docs:
+        description: 'Push docs to internal GCP'
+        required: false
+        default: false
+        type: boolean
       version:
         description: 'Version'
         required: false
@@ -43,8 +48,6 @@ on:
   schedule:
     - cron: '0 0 * * *' # Every day at midnight
 
-
-
 jobs:
   run-tests:
     name: Run tests
@@ -86,71 +89,75 @@ jobs:
 
       # Build the project
       - name: Build Yubico.NET.SDK.sln
-        run: dotnet build --configuration ReleaseWithDocs --nologo --verbosity minimal Yubico.NET.SDK.sln
+        run: dotnet pack --configuration Release --nologo --verbosity minimal Yubico.NET.SDK.sln
+
+      # Build the documentation
+      - name: Build docs
+        run: |
+          dotnet tool install --global docfx --version "2.*"
+          docfx docfx.json --logLevel warning --log docfx.log --warningsAsErrors
 
-      # Upload artifacts
-      - name: Save documentation artifacts
+      # Upload documentation log
+      - name: "Save build artifacts: Docs log"
         uses: actions/upload-artifact@v4
         with:
-          name: Documentation
-          path: Yubico.YubiKey/docs/_site/
+          name: Documentation log
+          path: docfx.log
+          if-no-files-found: error
 
-      - name: Save build artifacts
+      # Upload documentation
+      - name: "Save build artifacts: Docs"
+        uses: actions/upload-artifact@v4
+        with:
+          name: Documentation
+          path: docs/_site/
+          if-no-files-found: error
+          
+      # Upload NuGet packages
+      - name: "Save build artifacts: Nuget Packages"
         uses: actions/upload-artifact@v4
         with:
           name: Nuget Packages
           path: |
-            Yubico.Core/src/bin/ReleaseWithDocs/*.nupkg
-            Yubico.YubiKey/src/bin/ReleaseWithDocs/*.nupkg
+            Yubico.Core/src/bin/Release/*.nupkg
+            Yubico.YubiKey/src/bin/Release/*.nupkg
+          if-no-files-found: error
 
-      - name: Save build artifacts
+      # Upload symbols
+      - name: "Save build artifacts: Symbols Packages"
         uses: actions/upload-artifact@v4
         with:
           name: Symbols Packages
           path: |
-            Yubico.Core/src/bin/ReleaseWithDocs/*.snupkg
-            Yubico.YubiKey/src/bin/ReleaseWithDocs/*.snupkg
-
-      - name: Save build artifacts
+            Yubico.Core/src/bin/Release/*.snupkg
+            Yubico.YubiKey/src/bin/Release/*.snupkg
+          if-no-files-found: error
+      
+      # Upload assemblies
+      - name: "Save build artifacts: Assemblies"
         uses: actions/upload-artifact@v4
         with:
           name: Assemblies
           path: |
-            Yubico.Core/src/bin/ReleaseWithDocs/**/*.dll
-            Yubico.YubiKey/src/bin/ReleaseWithDocs/**/*.dll
-
+            Yubico.Core/src/bin/Release/**/*.dll
+            Yubico.YubiKey/src/bin/Release/**/*.dll
+          if-no-files-found: error
+      
+      # Generate artifact attestation
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v2
         with:
           subject-path: |
-            Yubico.Core/src/bin/ReleaseWithDocs/*.nupkg
-            Yubico.YubiKey/src/bin/ReleaseWithDocs/*.nupkg
-            Yubico.Core/src/bin/ReleaseWithDocs/*.snupkg
-            Yubico.YubiKey/src/bin/ReleaseWithDocs/*.snupkg
-            Yubico.Core/src/bin/ReleaseWithDocs/**/*.dll
-            Yubico.YubiKey/src/bin/ReleaseWithDocs/**/*.dll
-
-      # Package the OATH sample code source
-      - name: Save build artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: OATH Sample Code
-          path: |
-            Yubico.YubiKey/examples/OathSampleCode
-            Yubico.YubiKey/examples/SharedSampleCode
-
-      # Package the PIV sample code source
-      - name: Save build artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: PIV Sample Code
-          path: |
-            Yubico.YubiKey/examples/PivSampleCode
-            Yubico.YubiKey/examples/SharedSampleCode
+            Yubico.Core/src/bin/Release/*.nupkg
+            Yubico.YubiKey/src/bin/Release/*.nupkg
+            Yubico.Core/src/bin/Release/*.snupkg
+            Yubico.YubiKey/src/bin/Release/*.snupkg
+            Yubico.Core/src/bin/Release/**/*.dll
+            Yubico.YubiKey/src/bin/Release/**/*.dll
       
   upload-docs:
     name: Upload docs
-    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
+    if: ${{ github.event.inputs.push-to-docs == 'true' }}
     permissions:
       id-token: write
       contents: read
@@ -161,7 +168,7 @@ jobs:
     name: Publish to internal NuGet
     runs-on: windows-2019
     needs: build-artifacts
-    if: ${{ github.event.inputs.push-to-dev }}
+    if: ${{ github.event.inputs.push-to-dev == 'true' }}
     permissions:
       contents: read
       packages: write

.github/workflows/codeql-analysis.yml

@@ -68,7 +68,7 @@ jobs:
         run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/Yubico/index.json"
 
       - name: Build Yubico.NET.SDK.sln
-        run: dotnet build --configuration Release --nologo --verbosity normal Yubico.NET.SDK.sln
+        run: dotnet build --configuration Release --nologo --verbosity minimal Yubico.NET.SDK.sln
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v3