Sign nuget packages

NetOfficeFw · Jun 8, 2024 · 8f26ce0 · 8f26ce0
1 parent ee9ae64
commit 8f26ce0
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 21 deletions.
diff --git a/.github/Get-BuildInfo.ps1 b/.github/Get-BuildInfo.ps1
@@ -42,7 +42,7 @@ if ($configuration -ieq 'release') {
 
   if ($ref -like 'refs/heads/releases/*') {
     $sign_binaries = 'true'
-    $publish_nuget = 'false'
+    $publish_nuget = 'true'
   }
 
   # if ($ref -like 'refs/heads/dev/github_actions') {

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -108,26 +108,27 @@ jobs:
         VersionSuffix: ${{ steps.build.outputs.app_version_suffix }}
 
     - name: Sign NetOffice packages
-      if: success() && steps.build.outputs.publish_nuget == 'true' && steps.build.outputs.sign_binaries == 'true'
-      working-directory: '${{ github.workspace}}\dist'
-      run: |
-          NuGetKeyVaultSignTool.exe sign *.nupkg `
-          --file-digest sha256 `
-          --timestamp-rfc3161 http://timestamp.digicert.com `
-          --timestamp-digest sha256 `
-          --azure-key-vault-url https://opensourcesigning.vault.azure.net `
-          --azure-key-vault-tenant-id "${{ secrets.KEYVAULT_TENANT_ID }}" `
-          --azure-key-vault-client-id "${{ secrets.KEYVAULT_CLIENT_ID }}" `
-          --azure-key-vault-client-secret "${{ secrets.KEYVAULT_CLIENT_SECRET }}" `
-          --azure-key-vault-certificate "goITSolutions-until-2024-01"
-
-    - name: Publish packages
-      if: success()  && steps.build.outputs.publish_nuget == 'true'
-      working-directory: '${{ github.workspace}}\dist'
-      run: |
-        dotnet nuget push *.nupkg --api-key $env:NUGET_TOKEN --source https://api.nuget.org/v3/index.json
-      env:
-        NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}
+      if: success() && steps.build.outputs.sign_binaries == 'true'
+      uses: azure/[email protected]
+      with:
+          azure-tenant-id: ${{ secrets.KEYVAULT_TENANT_ID }}
+          azure-client-id: ${{ secrets.KEYVAULT_CLIENT_ID }}
+          azure-client-secret: ${{ secrets.KEYVAULT_CLIENT_SECRET }}
+          endpoint: ${{ vars.KEYVAULT_ENDPOINT }}
+          trusted-signing-account-name: ${{ vars.KEYVAULT_ACCOUNT_NAME }}
+          certificate-profile-name: ${{ secrets.KEYVAULT_CERTIFICATE_PROFILE }}
+          files-folder: '${{ github.workspace}}\dist'
+          files-folder-filter: nupkg
+          timestamp-rfc3161: http://timestamp.acs.microsoft.com
+          timestamp-digest: SHA256
+
+    # - name: Publish packages
+    #   if: success()  && steps.build.outputs.publish_nuget == 'true'
+    #   working-directory: '${{ github.workspace}}\dist'
+    #   run: |
+    #     dotnet nuget push *.nupkg --api-key $env:NUGET_TOKEN --source https://api.nuget.org/v3/index.json
+    #   env:
+    #     NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}
 
     - name: Archive NetOffice packages
       if: success() && steps.build.outputs.publish_nuget == 'true'