Merge branch 'release/0.15.0'

* release/0.15.0: (GH-180) Switch to new SignTool * fixes #180 Update .NET SDK to 7.0.403 Update Microsoft.Extensions.Logging.Abstractions to 7.0.1 Update Microsoft.NET.Test.Sdk to 17.8.0 Update Basic.Reference.Assemblies.NetXX t o 1.4.5 Update xunit to 2.6.1 (GH-181) Updated Cake tool to version 3.2.0 * fixes #181
cake-build · Nov 13, 2023 · cf76a84 · cf76a84
2 parents 120bd21 + 603d417
commit cf76a84
Show file tree

Hide file tree

Showing 10 changed files with 111 additions and 66 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -26,8 +26,11 @@ jobs:
       TWITTER_CONSUMER_SECRET: ${{ secrets.TWITTER_CONSUMER_SECRET }}
       MYGET_API_KEY: ${{ secrets.MYGET_API_KEY }}
       MYGET_SOURCE: ${{ secrets.MYGET_SOURCE }}
-      SIGNING_SECRET: ${{ secrets.SIGNING_SECRET }}
-      SIGNING_USER: ${{ secrets.SIGNING_USER }}
+      SIGN_TENANT_ID: ${{ secrets.SIGN_TENANT_ID }}
+      SIGN_CLIENT_ID: ${{ secrets.SIGN_CLIENT_ID }}
+      SIGN_CLIENT_SECRET: ${{ secrets.SIGN_CLIENT_SECRET }}
+      SIGN_KEYVAULT_CERTIFICATE: ${{ secrets.SIGN_KEYVAULT_CERTIFICATE }}
+      SIGN_KEYVAULT_URL: ${{ secrets.SIGN_KEYVAULT_URL }}
       CHOCOLATEY_API_KEY: ${{ secrets.CHOCOLATEY_API_KEY }}
       CHOCOLATEY_SOURCE: ${{ secrets.CHOCOLATEY_SOURCE }}
       DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1

diff --git a/global.json b/global.json
@@ -1,6 +1,6 @@
 {
     "sdk": {
-        "version": "7.0.305",
+        "version": "7.0.403",
         "rollForward": "latestFeature"
     }
 }
diff --git a/recipe.cake b/recipe.cake
@@ -1,7 +1,29 @@
 #load nuget:https://api.nuget.org/v3/index.json?package=Cake.Recipe&version=2.2.0
-#tool nuget:https://api.nuget.org/v3/index.json?package=SignClient&version=0.9.0
+#tool "dotnet:https://api.nuget.org/v3/index.json?package=sign&version=0.9.1-beta.23530.1&prerelease"
 #tool nuget:https://api.nuget.org/v3/index.json?package=NuGet.CommandLine&version=5.11.0
 
+Setup<CodeSigningCredentials>(context => {
+    var shouldDeployBakery = (!BuildParameters.IsLocalBuild || BuildParameters.ForceContinuousIntegration) &&
+                        BuildParameters.IsTagged &&
+                        BuildParameters.PreferredBuildAgentOperatingSystem == BuildParameters.BuildAgentOperatingSystem &&
+                        BuildParameters.PreferredBuildProviderType == BuildParameters.BuildProvider.Type;
+
+    var testSigning = string.Equals(EnvironmentVariable("SIGNING_TEST"), "true", StringComparison.OrdinalIgnoreCase);
+
+    var shouldSign = testSigning || shouldDeployBakery;
+
+    var codeSigningCredentials =  shouldSign
+                                    ? CodeSigningCredentials.GetCodeSigningCredentials(context)
+                                    : new CodeSigningCredentials();
+
+    if(shouldSign && !codeSigningCredentials.HasCredentials)
+    {
+        throw new InvalidOperationException("Unable to sign Bakery as credentials are not available.");
+    }
+
+    return codeSigningCredentials;
+});
+
 Environment.SetVariableNames();
 
 var standardNotificationMessage = "Version {0} of {1} has just been released, this will be available here https://www.nuget.org/packages/{1}, once package indexing is complete.";
@@ -267,10 +289,7 @@ Task("Run-Bakery-Integration-Tests")
     }
 });
 
-var shouldDeployBakery = (!BuildParameters.IsLocalBuild || BuildParameters.ForceContinuousIntegration) &&
-                        BuildParameters.IsTagged &&
-                        BuildParameters.PreferredBuildAgentOperatingSystem == BuildParameters.BuildAgentOperatingSystem &&
-                        BuildParameters.PreferredBuildProviderType == BuildParameters.BuildProvider.Type;
+
 Task("Sign-Binaries")
     .IsDependentOn("Package")
     .IsDependeeOf("Upload-AppVeyor-Artifacts-Zip")
@@ -279,61 +298,46 @@ Task("Sign-Binaries")
     .IsDependeeOf("Publish-Release-Packages")
     .IsDependeeOf("Publish-GitHub-Release-Zip")
     .IsDependeeOf("Publish-GitHub-Release")
-    .WithCriteria(() => shouldDeployBakery || string.Equals(EnvironmentVariable("SIGNING_TEST"), "true", StringComparison.OrdinalIgnoreCase))
-    .Does(() =>
+    .WithCriteria<CodeSigningCredentials>((context, data) => data.HasCredentials, "Skipping signing as credentials are not available.")
+    .Does<CodeSigningCredentials>((context, data) =>
 {
-    // Get the secret.
-    var secret = EnvironmentVariable("SIGNING_SECRET");
-    if(string.IsNullOrWhiteSpace(secret)) {
-        throw new InvalidOperationException("Could not resolve signing secret.");
-    }
-
-    // Get the user.
-    var user = EnvironmentVariable("SIGNING_USER");
-    if(string.IsNullOrWhiteSpace(user)) {
-        throw new InvalidOperationException("Could not resolve signing user.");
-    }
-
-    // Resolve dotnet and version
-    var dotnetPath = Context.Tools.Resolve("dotnet.exe");
-    if(dotnetPath == null) {
-        throw new InvalidOperationException("Could not resolve dotnet.");
-    }
-
-    var client = File($"./tools/SignClient.0.9.0/tools/netcoreapp2.0/SignClient.dll");
-    var settings = File("./signclient.json");
-    var filter = File("./signclient.filter");
-
     // Get the files to sign.
     var files = GetFiles(string.Concat(BuildParameters.Paths.Directories.NuGetPackages, "/", "*.nupkg")) +
                 GetFiles(string.Concat(BuildParameters.Paths.Directories.ChocolateyPackages , "/", "*.nupkg")) +
                 GetFiles(string.Concat(zipArtifactsPath, "/", "*.zip"));
 
-    foreach(var file in files)
-    {
-        Information("Signing {0}...", file.FullPath);
+    var filter = File("./signclient.filter");
+
+     Parallel.ForEach(
+        files,
+        file => {
+        context.Information("Signing {0}...", file.FullPath);
 
         // Build the argument list.
         var arguments = new ProcessArgumentBuilder()
-            .AppendQuoted(MakeAbsolute(client.Path).FullPath)
-            .Append("sign")
-            .AppendSwitchQuoted("-c", MakeAbsolute(settings.Path).FullPath)
-            .AppendSwitchQuoted("-i", MakeAbsolute(file).FullPath)
-            .AppendSwitchQuoted("-f", MakeAbsolute(filter).FullPath)
-            .AppendSwitchQuotedSecret("-s", secret)
-            .AppendSwitchQuotedSecret("-r", user)
-            .AppendSwitchQuoted("-n", "Cake")
-            .AppendSwitchQuoted("-d", "Cake (C# Make) is a cross platform build automation system.")
-            .AppendSwitchQuoted("-u", "https://cakebuild.net");
+            .Append("code")
+            .Append("azure-key-vault")
+            .AppendQuoted(file.FullPath)
+            .AppendSwitchQuoted("--file-list", filter)
+            .AppendSwitchQuoted("--publisher-name", "Cake")
+            .AppendSwitchQuoted("--description", "Cake (C# Make) is a cross platform build automation system.")
+            .AppendSwitchQuoted("--description-url", "https://cakebuild.net")
+            .AppendSwitchQuotedSecret("--azure-key-vault-tenant-id", data.SignTenantId)
+            .AppendSwitchQuotedSecret("--azure-key-vault-client-id", data.SignClientId)
+            .AppendSwitchQuotedSecret("--azure-key-vault-client-secret", data.SignClientSecret)
+            .AppendSwitchQuotedSecret("--azure-key-vault-certificate", data.SignKeyVaultCertificate)
+            .AppendSwitchQuotedSecret("--azure-key-vault-url", data.SignKeyVaultUrl);
 
         // Sign the binary.
-        var result = StartProcess(dotnetPath, new ProcessSettings {  Arguments = arguments });
+        var result = StartProcess(data.SignPath, new ProcessSettings {  Arguments = arguments });
         if(result != 0)
         {
             // We should not recover from this.
             throw new InvalidOperationException("Signing failed!");
         }
-    }
+
+        context.Information("Done signing {0}.", file.FullPath);
+    });
 });
 
 // additional workaround for https://github.com/cake-contrib/Cake.Recipe/issues/862
@@ -364,3 +368,41 @@ BuildParameters.Tasks.AnalyzeTask.IsDependentOn("InspectCode2021");
 IssuesBuildTasks.ReadIssuesTask.IsDependentOn("InspectCode2021");
 
 Build.RunDotNetCore();
+
+
+public class CodeSigningCredentials
+{
+    public string SignTenantId {  get; private set; }
+    public string SignClientId {  get; private set; }
+    public string SignClientSecret {  get; private set; }
+    public string SignKeyVaultCertificate {  get; private set; }
+    public string SignKeyVaultUrl {  get; private set; }
+    public FilePath SignPath {  get; private set; }
+
+    public bool HasCredentials
+    {
+        get
+        {
+            return
+                !string.IsNullOrEmpty(SignTenantId) &&
+                !string.IsNullOrEmpty(SignClientId) &&
+                !string.IsNullOrEmpty(SignClientSecret) &&
+                !string.IsNullOrEmpty(SignKeyVaultCertificate) &&
+                !string.IsNullOrEmpty(SignKeyVaultUrl);
+        }
+    }
+
+    public static CodeSigningCredentials GetCodeSigningCredentials(ICakeContext context)
+    {
+        return new CodeSigningCredentials {
+            SignTenantId =  context.EnvironmentVariable("SIGN_TENANT_ID"),
+            SignClientId = context.EnvironmentVariable("SIGN_CLIENT_ID"),
+            SignClientSecret = context.EnvironmentVariable("SIGN_CLIENT_SECRET"),
+            SignKeyVaultCertificate = context.EnvironmentVariable("SIGN_KEYVAULT_CERTIFICATE"),
+            SignKeyVaultUrl = context.EnvironmentVariable("SIGN_KEYVAULT_URL"),
+            SignPath = context.Tools.Resolve("sign.exe")
+                        ?? context.Tools.Resolve("sign")
+                        ?? throw new InvalidOperationException("sign.exe could not be located.")
+        };
+    }
+}
diff --git a/src/Cake.Bakery.Tests/Cake.Bakery.Tests.csproj b/src/Cake.Bakery.Tests/Cake.Bakery.Tests.csproj
@@ -13,9 +13,9 @@
   <Import Project="..\Shared.props" />
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.6.3" />
-    <PackageReference Include="xunit" Version="2.5.0" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.0">
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
+    <PackageReference Include="xunit" Version="2.6.1" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.3">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>

diff --git a/src/Cake.Bakery/Cake.Bakery.csproj b/src/Cake.Bakery/Cake.Bakery.csproj
@@ -15,8 +15,8 @@
     <InternalsVisibleTo Include="Cake.Bakery.Tests" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Cake.Core" Version="3.1.0" />
-    <PackageReference Include="Cake.NuGet" Version="3.1.0" />
+    <PackageReference Include="Cake.Core" Version="3.2.0" />
+    <PackageReference Include="Cake.NuGet" Version="3.2.0" />
     <PackageReference Include="Microsoft.Extensions.Logging" Version="7.0.0" />
   </ItemGroup>
   <ItemGroup>

diff --git a/src/Cake.Scripting.Tests/Cake.Scripting.Tests.csproj b/src/Cake.Scripting.Tests/Cake.Scripting.Tests.csproj
@@ -107,12 +107,12 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Cake.Core" Version="3.1.0" />
-    <PackageReference Include="Cake.Testing" Version="3.1.0" />
+    <PackageReference Include="Cake.Core" Version="3.2.0" />
+    <PackageReference Include="Cake.Testing" Version="3.2.0" />
     <PackageReference Include="Mono.Cecil" Version="0.11.5" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.6.3" />
-    <PackageReference Include="xunit" Version="2.5.0" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.0">
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
+    <PackageReference Include="xunit" Version="2.6.1" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.3">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>

diff --git a/src/Cake.Scripting.Transport.Tests/Cake.Scripting.Transport.Tests.csproj b/src/Cake.Scripting.Transport.Tests/Cake.Scripting.Transport.Tests.csproj
@@ -27,9 +27,9 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.6.3" />
-    <PackageReference Include="xunit" Version="2.5.0" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.0">
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
+    <PackageReference Include="xunit" Version="2.6.1" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.3">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>

diff --git a/src/Cake.Scripting.Transport/Cake.Scripting.Transport.csproj b/src/Cake.Scripting.Transport/Cake.Scripting.Transport.csproj
@@ -21,7 +21,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="7.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="7.0.1" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/src/Cake.Scripting/Cake.Scripting.csproj b/src/Cake.Scripting/Cake.Scripting.csproj
@@ -12,11 +12,11 @@
     <InternalsVisibleTo Include="Cake.Scripting.Tests" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Cake.Core" Version="3.1.0" />
-    <PackageReference Include="Cake.Common" Version="3.1.0" />
+    <PackageReference Include="Cake.Core" Version="3.2.0" />
+    <PackageReference Include="Cake.Common" Version="3.2.0" />
     <PackageReference Include="Mono.Cecil" Version="0.11.5" />
-    <PackageReference Include="Basic.Reference.Assemblies.Net70" Version="1.4.2" Condition="'$(TargetFramework)' == 'net7.0'" />
-    <PackageReference Include="Basic.Reference.Assemblies.Net60" Version="1.4.2" Condition="'$(TargetFramework)' == 'net6.0'" />
+    <PackageReference Include="Basic.Reference.Assemblies.Net70" Version="1.4.5" Condition="'$(TargetFramework)' == 'net7.0'" />
+    <PackageReference Include="Basic.Reference.Assemblies.Net60" Version="1.4.5" Condition="'$(TargetFramework)' == 'net6.0'" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\Cake.Scripting.Abstractions\Cake.Scripting.Abstractions.csproj" />

diff --git a/tests/integration/Cake.Bakery.Tests.Integration.csproj b/tests/integration/Cake.Bakery.Tests.Integration.csproj
@@ -4,7 +4,7 @@
     <OutputType>Exe</OutputType>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Xunit.Assert" Version="2.5.0" />
+    <PackageReference Include="Xunit.Assert" Version="2.6.1" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="7.0.0" />
   </ItemGroup>
   <ItemGroup>