Skip to content

Commit f3aa617

Browse files
ldenningtonldennington
committed
release: consume auto-rotated SSL certificate
Update release workflows to consume new autorotated SSL certificate. There are two main parts: 1. Add the "SendX5c" : "true" key value pair to the contents of our ESRP Auth Json file. This allows us to use the new auto-rotating certificate without having to upload/manage it from our App Registration.i 2. Remove the AZURE_AAD_ID_SSL secret/environment variable. The new certificate was generated with our main AZURE_AAD_ID app registration, so this extra ID is no longer needed.
1 parent b83bf02 commit f3aa617

File tree

2 files changed

+3
-30
lines changed

2 files changed

+3
-30
lines changed

.github/run_esrp_signing.py

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,10 +18,6 @@
1818
esrp_tool = os.path.join("esrp", "tools", "EsrpClient.exe")
1919

2020
aad_id = os.environ['AZURE_AAD_ID'].strip()
21-
# We temporarily need two AAD IDs, as we're using an SSL certificate associated
22-
# with an older App Registration until we have the required hardware to approve
23-
# the new certificate in SSL Admin.
24-
aad_id_ssl = os.environ['AZURE_AAD_ID_SSL'].strip()
2521
workspace = os.environ['GITHUB_WORKSPACE'].strip()
2622

2723
source_location = args.path
@@ -36,9 +32,10 @@
3632
"TenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
3733
"ClientId": f"{aad_id}",
3834
"AuthCert": {
39-
"SubjectName": f"CN={aad_id_ssl}.microsoft.com",
35+
"SubjectName": f"CN={aad_id}.microsoft.com",
4036
"StoreLocation": "LocalMachine",
41-
"StoreName": "My"
37+
"StoreName": "My",
38+
"SendX5c" : "true"
4239
},
4340
"RequestSigningCert": {
4441
"SubjectName": f"CN={aad_id}",

.github/workflows/release.yml

Lines changed: 0 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -112,10 +112,6 @@ jobs:
112112
shell: pwsh
113113
env:
114114
AZURE_AAD_ID: ${{ secrets.AZURE_AAD_ID }}
115-
# We temporarily need two AAD IDs, as we're using an SSL certificate associated
116-
# with an older App Registration until we have the required hardware to approve
117-
# the new certificate in SSL Admin.
118-
AZURE_AAD_ID_SSL: ${{ secrets.AZURE_AAD_ID_SSL }}
119115
APPLE_KEY_CODE: ${{ secrets.APPLE_KEY_CODE }}
120116
APPLE_SIGNING_OP_CODE: ${{ secrets.APPLE_SIGNING_OPERATION_CODE }}
121117
run: |
@@ -226,10 +222,6 @@ jobs:
226222
shell: pwsh
227223
env:
228224
AZURE_AAD_ID: ${{ secrets.AZURE_AAD_ID }}
229-
# We temporarily need two AAD IDs, as we're using an SSL certificate associated
230-
# with an older App Registration until we have the required hardware to approve
231-
# the new certificate in SSL Admin.
232-
AZURE_AAD_ID_SSL: ${{ secrets.AZURE_AAD_ID_SSL }}
233225
APPLE_KEY_CODE: ${{ secrets.APPLE_KEY_CODE }}
234226
APPLE_SIGNING_OP_CODE: ${{ secrets.APPLE_SIGNING_OPERATION_CODE }}
235227
run: |
@@ -246,10 +238,6 @@ jobs:
246238
shell: pwsh
247239
env:
248240
AZURE_AAD_ID: ${{ secrets.AZURE_AAD_ID }}
249-
# We temporarily need two AAD IDs, as we're using an SSL certificate associated
250-
# with an older App Registration until we have the required hardware to approve
251-
# the new certificate in SSL Admin.
252-
AZURE_AAD_ID_SSL: ${{ secrets.AZURE_AAD_ID_SSL }}
253241
APPLE_KEY_CODE: ${{ secrets.APPLE_KEY_CODE }}
254242
APPLE_NOTARIZATION_OP_CODE: ${{ secrets.APPLE_NOTARIZATION_OPERATION_CODE }}
255243
run: |
@@ -319,10 +307,6 @@ jobs:
319307
shell: pwsh
320308
env:
321309
AZURE_AAD_ID: ${{ secrets.AZURE_AAD_ID }}
322-
# We temporarily need two AAD IDs, as we're using an SSL certificate associated
323-
# with an older App Registration until we have the required hardware to approve
324-
# the new certificate in SSL Admin.
325-
AZURE_AAD_ID_SSL: ${{ secrets.AZURE_AAD_ID_SSL }}
326310
WINDOWS_KEY_CODE: ${{ secrets.WINDOWS_KEY_CODE }}
327311
WINDOWS_OP_CODE: ${{ secrets.WINDOWS_OPERATION_CODE }}
328312
run: |
@@ -353,10 +337,6 @@ jobs:
353337
shell: pwsh
354338
env:
355339
AZURE_AAD_ID: ${{ secrets.AZURE_AAD_ID }}
356-
# We temporarily need two AAD IDs, as we're using an SSL certificate associated
357-
# with an older App Registration until we have the required hardware to approve
358-
# the new certificate in SSL Admin.
359-
AZURE_AAD_ID_SSL: ${{ secrets.AZURE_AAD_ID_SSL }}
360340
WINDOWS_KEY_CODE: ${{ secrets.WINDOWS_KEY_CODE }}
361341
WINDOWS_OP_CODE: ${{ secrets.WINDOWS_OPERATION_CODE }}
362342
run: |
@@ -445,10 +425,6 @@ jobs:
445425
shell: pwsh
446426
env:
447427
AZURE_AAD_ID: ${{ secrets.AZURE_AAD_ID }}
448-
# We temporarily need two AAD IDs, as we're using an SSL certificate associated
449-
# with an older App Registration until we have the required hardware to approve
450-
# the new certificate in SSL Admin.
451-
AZURE_AAD_ID_SSL: ${{ secrets.AZURE_AAD_ID_SSL }}
452428
LINUX_KEY_CODE: ${{ secrets.LINUX_KEY_CODE }}
453429
LINUX_OP_CODE: ${{ secrets.LINUX_OPERATION_CODE }}
454430
run: |

0 commit comments

Comments
 (0)