Skip to content

Comments

Fix dotnet-sign auth: add GitHub environment + remove redundant WIF flags#389

Merged
Aaronontheweb merged 1 commit intodevfrom
fix/release-wif-signing
Feb 24, 2026
Merged

Fix dotnet-sign auth: add GitHub environment + remove redundant WIF flags#389
Aaronontheweb merged 1 commit intodevfrom
fix/release-wif-signing

Conversation

@Aaronontheweb
Copy link
Member

@Aaronontheweb Aaronontheweb commented Feb 24, 2026

Summary

  • Add environment: signing to the release job so the OIDC token subject matches the federated credential (repo:petabridge/TurboMqtt:environment:signing)
  • Remove --azure-key-vault-client-id and --azure-key-vault-tenant-id from the sign step — azure/login handles OIDC auth and dotnet sign picks up credentials automatically via DefaultAzureCredential/AzureCliCredential
  • Add -v Information for signing step visibility

Azure-side prerequisites (already completed):

  • GitHub environment signing created on petabridge/TurboMqtt
  • Federated credential gha-turbomqtt-signing created on the CodeSigner managed identity with subject repo:petabridge/TurboMqtt:environment:signing

Test plan

  • Push a bare version tag (e.g. 1.0.0) to trigger the release workflow
  • Confirm the job shows the signing environment badge in the Actions UI
  • Confirm Azure login step succeeds (OIDC exchange)
  • Confirm Sign NuGet packages step completes without auth errors
  • Confirm signed .nupkg files are pushed to NuGet.org and attached to the GitHub Release

@Aaronontheweb
Fix dotnet-sign auth: use GitHub environment + DefaultAzureCredential
c4a918b 
- Add `environment: signing` to the release job so the OIDC token subject
  matches the federated credential subject
  (repo:petabridge/TurboMqtt:environment:signing)
- Remove --azure-key-vault-client-id and --azure-key-vault-tenant-id flags
  from the Sign step; azure/login handles OIDC auth and dotnet sign picks
  up credentials automatically via DefaultAzureCredential/AzureCliCredential
- Add -v Information for better signing step visibility
@github-actions
Copy link

github-actions bot commented Feb 24, 2026

Test Results

  2 files  ±0    2 suites  ±0   1m 51s ⏱️ +21s
519 tests ±0  519 ✅ ±0  0 💤 ±0  0 ❌ ±0 
520 runs  ±0  520 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit c4a918b. ± Comparison against base commit 78345b3.

@Aaronontheweb Aaronontheweb merged commit 2421626 into dev Feb 24, 2026
4 checks passed
@Aaronontheweb Aaronontheweb deleted the fix/release-wif-signing branch February 24, 2026 00:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Aaronontheweb