Skip to content
Build and Release

Build and Release v1.0.1 #23

Sign in to view logs

Build and Release v1.0.1

Build and Release v1.0.1 #23

Workflow file for this run

.github/workflows/release.yml at 461f7f2
name: 'Build and Release'
run-name: 'Build and Release v${{ inputs.release_version }}'
on:
workflow_dispatch:
inputs:
certificate_sign:
description: 'Sign the binaries and packages using a certificate stored in Azure Key Vault?'
required: true
type: boolean
default: false
strong_name_sign:
description: 'Sign the assemblies using a strong name key stored in GitHub Secrets?'
required: true
type: boolean
default: false
create_github_release:
description: 'Create a GitHub Release?'
required: true
type: boolean
default: false
release_version:
description: 'Version'
required: true
type: string
default: '1.x'
permissions:
id-token: write
contents: write
jobs:
build:
name: 'Build'
runs-on: windows-latest
timeout-minutes: 10
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Restore Strong Name Key
if: ${{ github.event.inputs.strong_name_sign }}
working-directory: Keys
shell: powershell
env:
STRONG_NAME_KEY: ${{ secrets.STRONG_NAME_KEY }}
run: |
if($null -ne $env:STRONG_NAME_KEY)
{
Write-Host 'Creating file Keys/DSInternals.Private.snk...'
[byte[]] $privateKey = [System.Convert]::FromBase64String($env:STRONG_NAME_KEY)
[System.IO.File]::WriteAllBytes('DSInternals.Private.snk', $privateKey)
}
else
{
Write-Warning 'The STRONG_NAME_KEY secret is not available. Skipping SNK file creation.'
}
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: 8.x
cache: false
env:
DOTNET_INSTALL_DIR: 'C:\Program Files\dotnet'
- name: Cache NuGet Packages
uses: actions/cache@v4
with:
path: ~/.nuget/packages
# Heuristics: The current list of required packages is defined in the project files.
key: ${{ runner.os }}-DotNET-NuGet-Release-${{ hashFiles('**/**/*.csproj') }}
- name: Build
working-directory: Src
run: dotnet build --configuration Release --nologo
- name: Cache DotNet Global Tools
id: cache-dotnet-globaltools
uses: actions/cache@v4
if: ${{ github.event.inputs.certificate_sign }}
with:
path: ~/.dotnet/tools
# Heuristics: The current list of required global tools is defined in this workflow file.
key: ${{ runner.os }}-DotNET-GlobalTools-Release-${{ hashFiles('.github/workflows/release.yml') }}
- name: Install Azure KeyVault Code Signing Tools
if: ${{ github.event.inputs.certificate_sign && steps.cache-dotnet-globaltools.outputs.cache-hit != 'true' }}
run: |
dotnet tool install --global AzureSignTool
dotnet tool install --global NuGetKeyVaultSignTool
- name: Azure Login
uses: azure/login@v2
if: ${{ github.event.inputs.certificate_sign }}
with:
client-id: ${{ secrets.SIGNING_CLIENT_ID }}
tenant-id: ${{ secrets.SIGNING_TENANT_ID }}
allow-no-subscriptions: true
- name: Sign Binaries
if: ${{ github.event.inputs.certificate_sign }}
shell: cmd
env:
SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
SIGNING_CERTIFICATE_NAME: ${{ secrets.SIGNING_CERTIFICATE_NAME }}
working-directory: Build/bin/Release
timeout-minutes: 1
run: |
for /f %%i in ('az account get-access-token --resource "https://vault.azure.net" --query accessToken --output tsv') do set KEYVAULT_TOKEN=%%i
AzureSignTool sign ^
DSInternals.Win32.WebAuthn/net472/DSInternals.Win32.WebAuthn.dll ^
DSInternals.Win32.WebAuthn/net48/DSInternals.Win32.WebAuthn.dll ^
DSInternals.Win32.WebAuthn/netcoreapp3.1/DSInternals.Win32.WebAuthn.dll ^
DSInternals.Win32.WebAuthn/net5.0/DSInternals.Win32.WebAuthn.dll ^
DSInternals.Win32.WebAuthn/net6.0/DSInternals.Win32.WebAuthn.dll ^
DSInternals.Win32.WebAuthn/net7.0/DSInternals.Win32.WebAuthn.dll ^
DSInternals.Win32.WebAuthn.Adapter/net6.0/DSInternals.Win32.WebAuthn.Adapter.dll ^
DSInternals.Win32.WebAuthn.Adapter/net7.0/DSInternals.Win32.WebAuthn.Adapter.dll ^
Fido2UI/Fido2UI.exe ^
--file-digest sha256 ^
--timestamp-digest sha256 ^
--timestamp-rfc3161 http://timestamp.digicert.com ^
--azure-key-vault-url "%SIGNING_VAULT_URL%" ^
--azure-key-vault-accesstoken "%KEYVAULT_TOKEN%" ^
--azure-key-vault-certificate "%SIGNING_CERTIFICATE_NAME%"
xcopy "DSInternals.Win32.WebAuthn/net472/DSInternals.Win32.WebAuthn.dll" "Fido2UI/" /Y /I /F
- name: Upload Desktop App as Artifact
uses: actions/upload-artifact@v4
with:
name: Fido2UI
path: Build/bin/Release/Fido2UI/*
- name: Build PowerShell Module
working-directory: Scripts
shell: PowerShell
run: .\Build-PowerShellModule.ps1 -Configuration Release
- name: Sign PowerShell Module
if: ${{ github.event.inputs.certificate_sign }}
shell: cmd
env:
SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
SIGNING_CERTIFICATE_NAME: ${{ secrets.SIGNING_CERTIFICATE_NAME }}
working-directory: Build/bin/Release/DSInternals.Passkeys
timeout-minutes: 1
run: |
for /f %%i in ('az account get-access-token --resource "https://vault.azure.net" --query accessToken --output tsv') do set KEYVAULT_TOKEN=%%i
AzureSignTool sign ^
DSInternals.Passkeys.psd1 ^
DSInternals.Passkeys.psm1 ^
--file-digest sha256 ^
--timestamp-digest sha256 ^
--timestamp-rfc3161 http://timestamp.digicert.com ^
--azure-key-vault-url "%SIGNING_VAULT_URL%" ^
--azure-key-vault-accesstoken "%KEYVAULT_TOKEN%" ^
--azure-key-vault-certificate "%SIGNING_CERTIFICATE_NAME%"
- name: Upload PowerShell Module as Artifact
uses: actions/upload-artifact@v4
with:
name: PowerShell
path: Build/bin/Release/DSInternals.Passkeys
- name: Create NuGet Packages
working-directory: Src
run: dotnet pack --configuration Release --no-build --nologo
- name: Sign NuGet Packages
if: ${{ github.event.inputs.certificate_sign }}
shell: cmd
env:
SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
SIGNING_CERTIFICATE_NAME: ${{ secrets.SIGNING_CERTIFICATE_NAME }}
working-directory: Build/bin/Release/Packages
run: |
for /f %%i in ('az account get-access-token --resource "https://vault.azure.net" --query accessToken --output tsv') do set KEYVAULT_TOKEN=%%i
NuGetKeyVaultSignTool sign *.nupkg ^
--file-digest sha256 ^
--timestamp-digest sha256 ^
--timestamp-rfc3161 http://timestamp.digicert.com ^
--azure-key-vault-url "%SIGNING_VAULT_URL%" ^
--azure-key-vault-accesstoken "%KEYVAULT_TOKEN%" ^
--azure-key-vault-certificate "%SIGNING_CERTIFICATE_NAME%"
NuGetKeyVaultSignTool sign *.snupkg ^
--file-digest sha256 ^
--timestamp-digest sha256 ^
--timestamp-rfc3161 http://timestamp.digicert.com ^
--azure-key-vault-url "%SIGNING_VAULT_URL%" ^
--azure-key-vault-accesstoken "%KEYVAULT_TOKEN%" ^
--azure-key-vault-certificate "%SIGNING_CERTIFICATE_NAME%"
- name: Upload NuGet Packages as Artifacts
uses: actions/upload-artifact@v4
with:
name: NuGet
path: Build/bin/Release/Packages/*nupkg
- name: Create ZIP for GitHub Release
if: ${{ github.event.inputs.create_github_release }}
working-directory: Build/bin/Release
run: 7z a -tzip -mx=9 -r packages/Fido2UI.zip Fido2UI
- name: Create GitHub Release
if: ${{ github.event.inputs.create_github_release }}
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: v${{ github.event.inputs.release_version }}
release_name: WebAuthn Interop Assembly ${{ github.event.inputs.release_version }}
draft: true
prerelease: false
body: |
Changes in this Release
- First Change
- Second Change
- name: Upload Desktop App as Asset
if: ${{ github.event.inputs.create_github_release }}
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: Build/bin/Release/packages/Fido2UI.zip
asset_name: FIDO2UI.zip
asset_content_type: applicaion/zip