diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d8d6367..9f3fe9d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -70,56 +70,3 @@ jobs: path: | ${{ runner.temp }}/ci ${{ runner.temp }}/release - - sign_nuget: - name: Sign NuGet packages on Windows - runs-on: windows-latest - needs: package_nuget - if: ${{ github.event_name != 'pull_request' }} - - env: - sourceArtifactName: 'activelogin-identity-nuget-windows' - targetArtifactName: 'activelogin-identity-nuget-windows-signed' - pathToNugetPackages: '**/*.nupkg' - - steps: - - uses: actions/checkout@v2 - - - name: Download artifact - uses: actions/download-artifact@v2 - with: - name: ${{ env.sourceArtifactName }} - path: ${{ env.sourceArtifactName }} - - - name: Install NuGet - uses: nuget/setup-nuget@v1 - with: - nuget-version: '5.x' - - - name: Create file codesigning-cert.pfx - run: | - $certFile = Join-Path -Path $env:RUNNER_TEMP -ChildPath "codesigning-cert.pfx"; - $encodedBytes = [System.Convert]::FromBase64String($env:cert_fileb64); - Set-Content $certFile -Value $encodedBytes -AsByteStream; - shell: pwsh - env: - cert_fileb64: ${{ secrets.CODESIGNING_CERT_FILEB64 }} - - - name: NuGet sign - run: nuget sign $env:GITHUB_WORKSPACE"/"${{ env.pathToNugetPackages }} -CertificatePath ${{ env.codesigning_cert_path }} -CertificatePassword ${{ env.codesigning_cert_password }} -Timestamper ${{ env.codesigning_timestamper_url }} - env: - codesigning_cert_path: ${{ runner.temp }}/codesigning-cert.pfx - codesigning_cert_password: ${{ secrets.CODESIGNING_CERT_PASSWORD }} - codesigning_timestamper_url: ${{ secrets.CODESIGNING_TIMESTAMPERURL }} - shell: pwsh - - - name: Delete file codesigning-cert.pfx - run: | - $certFile = Join-Path -Path $env:RUNNER_TEMP -ChildPath "codesigning-cert.pfx"; - Remove-Item $certFile - - - name: Upload signed packages - uses: actions/upload-artifact@v2 - with: - name: ${{ env.targetArtifactName }} - path: ${{ github.workspace }}\${{ env.sourceArtifactName }} diff --git a/azure-pipelines.yml b/azure-pipelines.yml index a5e2b4b..74cdc48 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -85,49 +85,3 @@ stages: - publish: '$(Build.ArtifactStagingDirectory)' artifact: '$(artifactName)' - -- stage: SignNuget - displayName: 'Sign NuGet packages' - dependsOn: BuildNuget - condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest')) - jobs: - - job: SignNuGet - displayName: 'Sign Windows' - pool: - vmImage: 'windows-latest' - - variables: - - group: Active Login # Contains codesigningCertPassword: Password for code signing cert - - - name: sourceArtifactName - value: 'nuget-windows' - - - name: targetArtifactName - value: 'nuget-windows-signed' - - - name: pathToNugetPackages - value: '**/*.nupkg' - - steps: - - download: current - artifact: '$(sourceArtifactName)' - - - task: DownloadSecureFile@1 - displayName: 'Download secure file: activesolution-codesigning-cert.pfx' - name: codesigningCert - inputs: - secureFile: 'activesolution-codesigning-cert.pfx' - - - task: NuGetToolInstaller@1 - displayName: 'Install: NuGet' - inputs: - versionSpec: 5.x - - - task: NuGetCommand@2 - displayName: 'nuget sign' - inputs: - command: custom - arguments: 'sign "$(Pipeline.Workspace)/$(pathToNugetPackages)" -CertificatePath "$(codesigningCert.secureFilePath)" -CertificatePassword "$(codesigningCertPassword)" -Timestamper "$(codesigningTimestamperUrl)"' - - - publish: '$(Pipeline.Workspace)/$(sourceArtifactName)' - artifact: '$(targetArtifactName)'