Merge pull request #209 from tannergooding/main

Updating repo infrastructure and use new sign client
dotnet · Feb 12, 2023 · b10edc6 · b10edc6
2 parents 6e8e5de + 543a972
commit b10edc6
Show file tree

Hide file tree

Showing 6 changed files with 59 additions and 41 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -2,9 +2,10 @@ name: ci
 
 on:
   push:
-    branches: [ main ]
+    branches: [ main, v* ]
   pull_request:
-    branches: [ main ]
+    branches: [ main, v* ]
+  workflow_dispatch:
 
 jobs:
   windows-x64:
@@ -40,7 +41,7 @@ jobs:
       shell: cmd
     - uses: actions/upload-artifact@v3
       with:
-        name: ${{ matrix.os }}_${{ matrix.configuration }}_x86
+        name: ${{ matrix.os }}_${{ matrix.configuration }}_${{ matrix.architecture }}
         path: |
           ./artifacts/bin/**/*
           ./artifacts/log/**/*
@@ -96,14 +97,6 @@ jobs:
       env:
         EXCLUDE_RUN_ID_FROM_PACKAGE: true
         EXCLUDE_SUFFIX_FROM_VERSION: false
-    - uses: actions/setup-dotnet@v2
-      if: ${{ github.event_name == 'push' }}
-      with:
-        dotnet-version: '6.0.x'
-    - run: dotnet tool install --tool-path ./artifacts/tools SignClient
-      if: ${{ github.event_name == 'push' }}
-    - run: ./artifacts/tools/SignClient "Sign" --baseDirectory "${{ github.workspace }}/artifacts/pkg" --input "**/*.nupkg" --config "${{ github.workspace }}/scripts/SignClientSettings.json" --filelist "${{ github.workspace }}/scripts/SignClientFileList.txt" --user "${{ secrets.SC_USER }}" --secret "${{ secrets.SC_PASS }}" --name "ClangSharp" --description "ClangSharp" --descriptionUrl "https://github.com/dotnet/clangsharp"
-      if: ${{ github.event_name == 'push' }}
     - uses: actions/upload-artifact@v3
       with:
         name: nuget_preview
@@ -113,6 +106,29 @@ jobs:
           ./artifacts/pkg/**/*
           ./artifacts/tst/**/*
         if-no-files-found: error
+  sign-nuget-preview:
+    runs-on: windows-latest
+    if: ${{ github.event_name == 'push' }}
+    needs: [ build-nuget-preview ]
+    permissions:
+      id-token: write
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/download-artifact@v3
+      with:
+        name: nuget_preview
+        path: ./artifacts
+    - uses: actions/setup-dotnet@v3
+      with:
+        dotnet-version: '6.0.x'
+    - run: dotnet tool install --tool-path ./artifacts/tools sign --version 0.9.0-beta.23063.3
+    - run: ./artifacts/tools/sign code azure-key-vault "**/*.nupkg" --timestamp-url "http://timestamp.digicert.com" --base-directory "${{ github.workspace }}/artifacts/pkg" --file-list "${{ github.workspace }}/scripts/SignClientFileList.txt" --publisher-name ".NET Foundation" --description "LLVMSharp" --description-url "https://github.com/dotnet/llvmsharp" --azure-key-vault-certificate "${{ secrets.SC_KEY_VAULT_CERTIFICATE_ID }}" --azure-key-vault-client-id "${{ secrets.SC_AZURE_CLIENT_ID }}" --azure-key-vault-client-secret "${{ secrets.SC_AZURE_CLIENT_SECRET }}" --azure-key-vault-tenant-id "${{ secrets.SC_AZURE_TENANT_ID }}" --azure-key-vault-url "${{ secrets.SC_KEY_VAULT_URL }}"
+    - uses: actions/upload-artifact@v3
+      with:
+        name: sign_nuget_preview
+        path: |
+          ./artifacts/pkg/**/*
+        if-no-files-found: error
   build-nuget-release:
     runs-on: windows-latest
     steps:
@@ -122,14 +138,6 @@ jobs:
       env:
         EXCLUDE_RUN_ID_FROM_PACKAGE: true
         EXCLUDE_SUFFIX_FROM_VERSION: true
-    - uses: actions/setup-dotnet@v2
-      if: ${{ github.event_name == 'push' }}
-      with:
-        dotnet-version: '6.0.x'
-    - run: dotnet tool install --tool-path ./artifacts/tools SignClient
-      if: ${{ github.event_name == 'push' }}
-    - run: ./artifacts/tools/SignClient "Sign" --baseDirectory "${{ github.workspace }}/artifacts/pkg" --input "**/*.nupkg" --config "${{ github.workspace }}/scripts/SignClientSettings.json" --filelist "${{ github.workspace }}/scripts/SignClientFileList.txt" --user "${{ secrets.SC_USER }}" --secret "${{ secrets.SC_PASS }}" --name "ClangSharp" --description "ClangSharp" --descriptionUrl "https://github.com/dotnet/clangsharp"
-      if: ${{ github.event_name == 'push' }}
     - uses: actions/upload-artifact@v3
       with:
         name: nuget_release
@@ -139,12 +147,35 @@ jobs:
           ./artifacts/pkg/**/*
           ./artifacts/tst/**/*
         if-no-files-found: error
+  sign-nuget-release:
+    runs-on: windows-latest
+    if: ${{ github.event_name == 'push' }}
+    needs: [ build-nuget-release ]
+    permissions:
+      id-token: write
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/download-artifact@v3
+      with:
+        name: nuget_release
+        path: ./artifacts
+    - uses: actions/setup-dotnet@v3
+      with:
+        dotnet-version: '6.0.x'
+    - run: dotnet tool install --tool-path ./artifacts/tools sign --version 0.9.0-beta.23063.3
+    - run: ./artifacts/tools/sign code azure-key-vault "**/*.nupkg" --timestamp-url "http://timestamp.digicert.com" --base-directory "${{ github.workspace }}/artifacts/pkg" --file-list "${{ github.workspace }}/scripts/SignClientFileList.txt" --publisher-name ".NET Foundation" --description "LLVMSharp" --description-url "https://github.com/dotnet/llvmsharp" --azure-key-vault-certificate "${{ secrets.SC_KEY_VAULT_CERTIFICATE_ID }}" --azure-key-vault-client-id "${{ secrets.SC_AZURE_CLIENT_ID }}" --azure-key-vault-client-secret "${{ secrets.SC_AZURE_CLIENT_SECRET }}" --azure-key-vault-tenant-id "${{ secrets.SC_AZURE_TENANT_ID }}" --azure-key-vault-url "${{ secrets.SC_KEY_VAULT_URL }}"
+    - uses: actions/upload-artifact@v3
+      with:
+        name: sign_nuget_release
+        path: |
+          ./artifacts/pkg/**/*
+        if-no-files-found: error
   publish-nightlies-azure:
     runs-on: ubuntu-latest
     if: ${{ github.event_name == 'push' }}
-    needs: [ windows-x64, windows-x86, linux-x64, macos-x64, build-nuget-preview ]
+    needs: [ windows-x64, windows-x86, linux-x64, macos-x64, sign-nuget-preview, sign-nuget-release ]
     steps:
-    - uses: actions/download-artifact@v2
+    - uses: actions/download-artifact@v3
       with:
         name: windows_release_x64
         path: ./artifacts
@@ -158,9 +189,9 @@ jobs:
   publish-nightlies-github:
     runs-on: ubuntu-latest
     if: false
-    needs: [ windows-x64, windows-x86, linux-x64, macos-x64, build-nuget-preview ]
+    needs: [ windows-x64, windows-x86, linux-x64, macos-x64, sign-nuget-preview, sign-nuget-release ]
     steps:
-    - uses: actions/download-artifact@v2
+    - uses: actions/download-artifact@v3
       with:
         name: windows_release_x64
         path: ./artifacts

diff --git a/Directory.Build.props b/Directory.Build.props
@@ -46,7 +46,7 @@
     <Product>LLVMSharp</Product>
     <RootNamespace>LLVMSharp</RootNamespace>
     <VersionPrefix>15.0.0</VersionPrefix>
-    <VersionSuffix Condition="'$(EXCLUDE_SUFFIX_FROM_VERSION)' != 'true'">beta2</VersionSuffix>
+    <VersionSuffix Condition="'$(EXCLUDE_SUFFIX_FROM_VERSION)' != 'true'">rc1</VersionSuffix>
     <VersionSuffix Condition="'$(GITHUB_EVENT_NAME)' == 'pull_request'">pr</VersionSuffix>
   </PropertyGroup>
 

diff --git a/Directory.Packages.props b/Directory.Packages.props
@@ -14,10 +14,10 @@
   <ItemGroup>
     <PackageVersion Include="libLLVM" Version="15.0.0" />
     <PackageVersion Include="Microsoft.Bcl.HashCode" Version="1.1.1" />
-    <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.3.1" />
+    <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.4.1" />
     <PackageVersion Include="Microsoft.SourceLink.GitHub" Version="1.1.1" />
     <PackageVersion Include="NUnit" Version="3.13.3" />
-    <PackageVersion Include="NUnit3TestAdapter" Version="4.2.1" />
+    <PackageVersion Include="NUnit3TestAdapter" Version="4.3.1" />
     <PackageVersion Include="System.Memory" Version="4.5.5" />
   </ItemGroup>
 

diff --git a/scripts/SignClientSettings.json b/scripts/SignClientSettings.json
diff --git a/scripts/build.ps1 b/scripts/build.ps1
@@ -124,7 +124,7 @@ try {
     Create-Directory -Path $DotNetInstallDirectory
 
     & $DotNetInstallScript -Channel 6.0 -Version latest -InstallDir $DotNetInstallDirectory -Architecture $architecture
-    & $DotNetInstallScript -Channel 7.0 -Version latest -InstallDir $DotNetInstallDirectory -Architecture $architecture -Quality preview
+    & $DotNetInstallScript -Channel 7.0 -Version latest -InstallDir $DotNetInstallDirectory -Architecture $architecture
 
     $env:PATH="$DotNetInstallDirectory;$env:PATH"
   }

diff --git a/scripts/build.sh b/scripts/build.sh
@@ -205,7 +205,7 @@ if [[ ! -z "$architecture" ]]; then
   CreateDirectory "$DotNetInstallDirectory"
 
   . "$DotNetInstallScript" --channel 6.0 --version latest --install-dir "$DotNetInstallDirectory" --architecture "$architecture"
-  . "$DotNetInstallScript" --channel 7.0 --version latest --install-dir "$DotNetInstallDirectory" --architecture "$architecture" --quality preview
+  . "$DotNetInstallScript" --channel 7.0 --version latest --install-dir "$DotNetInstallDirectory" --architecture "$architecture"
 
   PATH="$DotNetInstallDirectory:$PATH:"
 fi