Build and Release v1.0.4 #40

Workflow file for this run

.github/workflows/release.yml at c692354

	name: 'Build and Release'
	run-name: 'Build and Release v${{ inputs.release_version }}'

	on:
	workflow_dispatch:
	inputs:
	certificate_sign:
	description: 'Sign the binaries and packages using a certificate stored in Azure Key Vault?'
	required: true
	type: boolean
	default: false
	strong_name_sign:
	description: 'Sign the assemblies using a strong name key stored in GitHub Secrets?'
	required: true
	type: boolean
	default: false
	create_github_release:
	description: 'Create a GitHub Release?'
	required: true
	type: boolean
	default: false
	publish_nuget:
	description: 'Publish packages to NuGet Gallery?'
	required: true
	type: boolean
	default: false
	publish_powershell:
	description: 'Publish module to PowerShell Gallery?'
	required: true
	type: boolean
	default: false
	release_version:
	description: 'Version'
	required: true
	type: string
	default: '1.x'

	permissions:
	id-token: write
	contents: write

	env:
	DOTNET_NOLOGO: true
	DOTNET_CLI_TELEMETRY_OPTOUT: true

	jobs:
	build:
	name: 'Build'
	runs-on: windows-latest
	timeout-minutes: 10
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Restore Strong Name Key
	if: ${{ inputs.strong_name_sign }}
	working-directory: Keys
	shell: powershell
	env:
	STRONG_NAME_KEY: ${{ secrets.STRONG_NAME_KEY }}
	run: \|
	if($null -ne $env:STRONG_NAME_KEY)
	{
	Write-Host 'Creating file Keys/DSInternals.Private.snk...'
	[byte[]] $privateKey = [System.Convert]::FromBase64String($env:STRONG_NAME_KEY)
	[System.IO.File]::WriteAllBytes('DSInternals.Private.snk', $privateKey)
	}
	else
	{
	Write-Warning 'The STRONG_NAME_KEY secret is not available. Skipping SNK file creation.'
	}

	- name: Setup .NET
	uses: actions/setup-dotnet@v4
	with:
	cache: true
	cache-dependency-path: 'Src/*/packages.lock.json'

	- name: Restore NuGet Packages
	working-directory: Src
	run: dotnet restore --locked-mode

	- name: Build Binaries
	working-directory: Src
	run: dotnet build --configuration Release --no-restore

	- name: Build PowerShell Module
	working-directory: Scripts
	shell: powershell
	run: .\Build-PowerShellModule.ps1 -Configuration Release

	- name: Cache DotNet Global Tools
	id: cache-dotnet-globaltools
	uses: actions/cache@v4
	if: ${{ inputs.certificate_sign }}
	with:
	path: ~/.dotnet/tools
	# Heuristics: The current list of required global tools is defined in this workflow file.
	key: ${{ runner.os }}-DotNET-GlobalTools-Release-${{ hashFiles('.github/workflows/release.yml') }}

	- name: Install Code Signing Tools
	if: ${{ inputs.certificate_sign && steps.cache-dotnet-globaltools.outputs.cache-hit != 'true' }}
	run: \|
	dotnet tool install --global --prerelease sign

	- name: Azure Login
	uses: azure/login@v2
	if: ${{ inputs.certificate_sign }}
	with:
	client-id: ${{ secrets.SIGNING_CLIENT_ID }}
	tenant-id: ${{ secrets.SIGNING_TENANT_ID }}
	allow-no-subscriptions: true

	- name: Sign PowerShell Scripts
	shell: cmd
	run: >
	sign code trusted-signing
	DSInternals.Passkeys.ps*1
	--base-directory "${{ github.workspace }}/Build/bin/PSModule/Release/DSInternals.Passkeys"
	--trusted-signing-endpoint "${{ secrets.SIGNING_ENDPOINT }}"
	--trusted-signing-account "${{ secrets.SIGNING_ACCOUNT_NAME }}"
	--trusted-signing-certificate-profile "${{ secrets.SIGNING_PROFILE_NAME }}"
	--file-digest SHA256
	--timestamp-digest SHA256
	--timestamp-url "http://timestamp.acs.microsoft.com"
	--verbosity Information

	- name: Sign DSInternals.Win32.WebAuthn Libraries
	shell: cmd
	run: >
	sign code trusted-signing
	release_*/DSInternals.Win32.WebAuthn.dll
	--base-directory "${{ github.workspace }}/Build/bin/DSInternals.Win32.WebAuthn"
	--trusted-signing-endpoint "${{ secrets.SIGNING_ENDPOINT }}"
	--trusted-signing-account "${{ secrets.SIGNING_ACCOUNT_NAME }}"
	--trusted-signing-certificate-profile "${{ secrets.SIGNING_PROFILE_NAME }}"
	--file-digest SHA256
	--timestamp-digest SHA256
	--timestamp-url "http://timestamp.acs.microsoft.com"
	--verbosity Information

	- name: Sign DSInternals.Win32.WebAuthn.Adapter Libraries
	shell: cmd
	run: >
	sign code trusted-signing
	release_*/DSInternals.Win32.WebAuthn.Adapter.dll
	--base-directory "${{ github.workspace }}/Build/bin/DSInternals.Win32.WebAuthn.Adapter"
	--trusted-signing-endpoint "${{ secrets.SIGNING_ENDPOINT }}"
	--trusted-signing-account "${{ secrets.SIGNING_ACCOUNT_NAME }}"
	--trusted-signing-certificate-profile "${{ secrets.SIGNING_PROFILE_NAME }}"
	--file-digest SHA256
	--timestamp-digest SHA256
	--timestamp-url "http://timestamp.acs.microsoft.com"
	--verbosity Information

	- name: Sign Fido2UI Binary
	shell: cmd
	run: >
	sign code trusted-signing
	Fido2UI.exe
	--base-directory "${{ github.workspace }}/Build/bin/Fido2UI/release"
	--trusted-signing-endpoint "${{ secrets.SIGNING_ENDPOINT }}"
	--trusted-signing-account "${{ secrets.SIGNING_ACCOUNT_NAME }}"
	--trusted-signing-certificate-profile "${{ secrets.SIGNING_PROFILE_NAME }}"
	--file-digest SHA256
	--timestamp-digest SHA256
	--timestamp-url "http://timestamp.acs.microsoft.com"
	--verbosity Information

	- name: Copy Signed Libraries to Module and App Directories
	shell: cmd
	if: ${{ inputs.certificate_sign }}
	working-directory: Build/bin
	timeout-minutes: 1
	run: \|
	xcopy "DSInternals.Win32.WebAuthn/release_net48/DSInternals.Win32.WebAuthn.dll" "Fido2UI/release/" /Y /I /F
	xcopy "DSInternals.Win32.WebAuthn/release_net48/DSInternals.Win32.WebAuthn.dll" "PSModule/Release/DSInternals.Passkeys/net48/" /Y /I /F
	xcopy "DSInternals.Win32.WebAuthn/release_net6.0/DSInternals.Win32.WebAuthn.dll" "PSModule/Release/DSInternals.Passkeys/net6.0/" /Y /I /F

	- name: Upload Desktop App as Artifact
	uses: actions/upload-artifact@v4
	with:
	name: Fido2UI
	path: Build/bin/Fido2UI/release/*

	- name: Upload PowerShell Module as Artifact
	uses: actions/upload-artifact@v4
	with:
	name: PowerShell
	path: Build/bin/PSModule/Release

	- name: Create NuGet Packages
	working-directory: Src
	run: dotnet pack --configuration Release --no-build

	- name: Sign NuGet Packages
	shell: cmd
	run: >
	sign code trusted-signing
	.nupkg
	--base-directory "${{ github.workspace }}/Build/package/release"
	--trusted-signing-endpoint "${{ secrets.SIGNING_ENDPOINT }}"
	--trusted-signing-account "${{ secrets.SIGNING_ACCOUNT_NAME }}"
	--trusted-signing-certificate-profile "${{ secrets.SIGNING_PROFILE_NAME }}"
	--file-digest SHA256
	--timestamp-digest SHA256
	--timestamp-url "http://timestamp.acs.microsoft.com"
	--verbosity Information

	- name: Upload NuGet Packages as Artifacts
	uses: actions/upload-artifact@v4
	with:
	name: NuGet
	path: Build/package/release/*nupkg

	nuget:
	name: 'Publish to NuGet Gallery'
	if: ${{ inputs.publish_nuget }}
	runs-on: ubuntu-latest
	needs: build
	steps:
	- name: Download NuGet Packages
	uses: actions/download-artifact@v4
	with:
	name: NuGet

	- name: Setup .NET
	uses: actions/setup-dotnet@v4
	with:
	dotnet-version: 8.x

	- name: Publish NuGet Packages
	run: \|
	dotnet nuget push *.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_GALLERY_APIKEY }} --skip-duplicate

	psgallery:
	name: 'Publish to PowerShell Gallery'
	if: ${{ inputs.publish_powershell }}
	runs-on: ubuntu-latest
	needs: build
	steps:
	- name: Download PowerShell Module
	uses: actions/download-artifact@v4
	with:
	name: PowerShell

	- name: Publish PowerShell Module
	shell: pwsh
	run: \|
	Publish-Module -Path .\DSInternals.Passkeys -NuGetApiKey ${{ secrets.POWERSHELL_GALLERY_APIKEY }} -Repository PSGallery -Force

	release:
	name: 'Create GitHub Release Draft'
	if: ${{ inputs.create_github_release }}
	runs-on: ubuntu-latest
	needs: build
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Download PowerShell Module
	uses: actions/download-artifact@v4
	with:
	name: PowerShell
	path: GitHub/Module

	- name: Download Desktop App
	uses: actions/download-artifact@v4
	with:
	name: Fido2UI
	path: GitHub/Fido2UI

	- name: Create Module ZIP for GitHub Release
	shell: pwsh
	working-directory: GitHub
	run: Compress-Archive -Path ./Module/* -DestinationPath ./DSInternals.Passkeys_v${{ inputs.release_version }}.zip -CompressionLevel Optimal -Force

	- name: Create Application ZIP for GitHub Release
	shell: pwsh
	working-directory: GitHub
	run: Compress-Archive -Path ./Fido2UI/* -DestinationPath ./FIDO2UI_v${{ inputs.release_version }}.zip -CompressionLevel Optimal -Force

	- name: Create GitHub Release
	shell: pwsh
	working-directory: GitHub
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	@'
	## Notable Changes
	TODO

	## DSInternals.Passkeys PowerShell Module

	- The module is available in the [PowerShell Gallery](https://www.powershellgallery.com/packages/DSInternals.Passkeys).
	- As an alternative, the attached `DSInternals.Passkeys_v${{ inputs.release_version }}.zip` file can be used for offline module installation.

	## FIDO2 UI Desktop Application

	- Application binaries are in the attached `FIDO2UI_v${{ inputs.release_version }}.zip` file.

	## NuGet Packages

	- Packages are [published in the NuGet Gallery](https://www.nuget.org/packages?q=DSInternals.Win32.WebAuthn).
	'@ > release-notes.md
	gh release create v${{ inputs.release_version }} ./*.zip --draft --latest --title "WebAuthn Interop Assembly ${{ inputs.release_version }}" --notes-file release-notes.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build and Release v1.0.4 #40

Workflow file

Build and Release v1.0.4 #40

Jobs

Run details

Workflow file for this run