Issue #653 (#654)

Bug in preview, Sign cannot run due to a mandatory parameter not being transferred. --------- Co-authored-by: freddydk <freddydk@users.noreply.github.com>
microsoft · Aug 11, 2023 · 7efe5a3 · 7efe5a3
1 parent d15c25e
commit 7efe5a3
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 24 deletions.
diff --git a/Actions/Sign/Sign.ps1 b/Actions/Sign/Sign.ps1
@@ -1,16 +1,12 @@
 param(
-    [Parameter(HelpMessage = "Azure Key Vault URI.", Mandatory = $true)]
+    [Parameter(HelpMessage = "Azure Credentials secret", Mandatory = $true)]
     [string] $AzureCredentialsJson,
-    [Parameter(HelpMessage = "'OBSOLETE: Settings from repository in compressed Json format'", Mandatory = $true)]
-    [string] $settingsJson,
-    [Parameter(HelpMessage = "Paths to the files to be signed.", Mandatory = $true)]
+    [Parameter(HelpMessage = "The path to the files to be signed", Mandatory = $true)]
     [String] $PathToFiles,
-    [Parameter(HelpMessage = "Timestamp service.", Mandatory = $false)]
+    [Parameter(HelpMessage = "The URI of the timestamp server", Mandatory = $false)]
     [string] $TimestampService = "http://timestamp.digicert.com",
-    [Parameter(HelpMessage = "Timestamp digest algorithm.", Mandatory = $false)]
-    [string] $TimestampDigest = "sha256",
-    [Parameter(HelpMessage = "File digest algorithm.", Mandatory = $false)]
-    [string] $FileDigest = "sha256",
+    [Parameter(HelpMessage = "The digest algorithm to use for signing and timestamping", Mandatory = $false)]
+    [string] $digestAlgorithm = "sha256",
     [Parameter(HelpMessage = "Specifies the parent telemetry scope for the telemetry signal", Mandatory = $false)]
     [string] $ParentTelemetryScopeJson = '7b7d'
 )
@@ -36,7 +32,7 @@ try {
     }
 
     $AzureCredentials = ConvertFrom-Json $AzureCredentialsJson
-    $settings = ConvertFrom-Json $settingsJson
+    $settings = $env:Settings | ConvertFrom-Json
     if ($AzureCredentials.PSobject.Properties.name -eq "keyVaultName") {
         $AzureKeyVaultName = $AzureCredentials.keyVaultName
     } elseif ($settings.PSobject.Properties.name -eq "keyVaultName") {
@@ -50,14 +46,14 @@ try {
         Register-NavSip 
         Write-Host "::endgroup::"
 
-        AzureSignTool sign --file-digest $FileDigest `
+        AzureSignTool sign --file-digest $digestAlgorithm `
             --azure-key-vault-url "https://$AzureKeyVaultName.vault.azure.net/" `
             --azure-key-vault-client-id $AzureCredentials.clientId `
             --azure-key-vault-tenant-id $AzureCredentials.tenantId `
             --azure-key-vault-client-secret $AzureCredentials.clientSecret `
             --azure-key-vault-certificate $Settings.keyVaultCodesignCertificateName `
             --timestamp-rfc3161 "$TimestampService" `
-            --timestamp-digest $TimestampDigest `
+            --timestamp-digest $digestAlgorithm `
             $Files
     } -MaxRetries 3
 

diff --git a/Actions/Sign/action.yaml b/Actions/Sign/action.yaml
@@ -8,6 +8,9 @@ inputs:
   azureCredentialsJson:
     description: Azure Credentials secret
     required: true
+  pathToFiles:
+    description: The path to the files to be signed
+    required: true
   timestampService:
     description: The URI of the timestamp server
     required: false
@@ -16,9 +19,6 @@ inputs:
     description: The digest algorithm to use for signing and timestamping
     required: false
     default: SHA256
-  pathToFiles:
-    description: The path to the files to be signed
-    required: true
   parentTelemetryScopeJson:
     description: Specifies the parent telemetry scope for the telemetry signal
     required: false
@@ -30,20 +30,14 @@ runs:
       shell: ${{ inputs.shell }}
       env:
         _azureCredentialsJson: ${{ inputs.azureCredentialsJson }}
+        _pathToFiles: ${{ inputs.pathToFiles }}
         _timestampService: ${{ inputs.timestampService }}
         _digestAlgorithm: ${{ inputs.digestAlgorithm }}
-        _pathToFiles: ${{ inputs.pathToFiles }}
         _parentTelemetryScopeJson: ${{ inputs.parentTelemetryScopeJson }}
-      id: Sign
       run: |
         $errorActionPreference = "Stop"; $ProgressPreference = "SilentlyContinue"; Set-StrictMode -Version 2.0
-        try { 
-          ${{ github.action_path }}/Sign.ps1 -AzureCredentialsJson $ENV:_azureCredentialsJson `
-                                      -TimestampService $ENV:_timestampService `
-                                      -TimestampDigest $ENV:_digestAlgorithm `
-                                      -FileDigest $ENV:_digestAlgorithm `
-                                      -PathToFiles $ENV:_pathToFiles `
-                                      -ParentTelemetryScopeJson $ENV:_parentTelemetryScopeJson
+        try {
+          ${{ github.action_path }}/Sign.ps1 -AzureCredentialsJson $ENV:_azureCredentialsJson -PathToFiles $ENV:_pathToFiles -TimestampService $ENV:_timestampService -digestAlgorithm $ENV:_digestAlgorithm -ParentTelemetryScopeJson $ENV:_parentTelemetryScopeJson
         }
         catch {
           Write-Host "::ERROR::Unexpected error when running action. Error Message: $($_.Exception.Message.Replace("`r",'').Replace("`n",' ')), StackTrace: $($_.ScriptStackTrace.Replace("`r",'').Replace("`n",' <- '))";

diff --git a/Tests/Sign.Test.ps1 b/Tests/Sign.Test.ps1
@@ -0,0 +1,27 @@
+Get-Module TestActionsHelper | Remove-Module -Force
+Import-Module (Join-Path $PSScriptRoot 'TestActionsHelper.psm1')
+
+Describe "Sign Action Tests" {
+    BeforeAll {
+        $actionName = "Sign"
+        $scriptRoot = Join-Path $PSScriptRoot "..\Actions\$actionName" -Resolve
+        $scriptName = "$actionName.ps1"
+        $scriptPath = Join-Path $scriptRoot $scriptName
+        $actionScript = GetActionScript -scriptRoot $scriptRoot -scriptName $scriptName
+    }
+
+    It 'Compile Action' {
+        Invoke-Expression $actionScript
+    }
+
+    It 'Test action.yaml matches script' {
+        $permissions = [ordered]@{
+        }
+        $outputs = [ordered]@{
+        }
+        YamlTest -scriptRoot $scriptRoot -actionName $actionName -actionScript $actionScript -permissions $permissions -outputs $outputs
+    }
+
+    # Call action
+
+}