Merge pull request #400 from petrsnd/issue-398-gss-api-mutual-auth #23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will build a .NET project | |
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-net | |
| name: .NET | |
| on: | |
| push: | |
| branches: [ "develop" ] | |
| pull_request: | |
| branches: [ "develop" ] | |
| jobs: | |
| build: | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # avoid shallow clone so nbgv can do its work. | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: 8.0.x | |
| - name: Restore dependencies | |
| run: dotnet restore | |
| - name: Build | |
| run: dotnet build --no-restore -c release | |
| - name: Test | |
| run: dotnet test --no-build -c release --verbosity normal | |
| - name: Package | |
| run: dotnet pack --no-build | |
| - name: Upload signing file list | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: config | |
| path: config | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: BuildArtifacts | |
| path: ./**/*.nupkg | |
| sign: | |
| needs: build | |
| runs-on: windows-latest # Code signing must run on a Windows agent for Authenticode signing (dll/exe) | |
| if: ${{ github.ref == 'refs/heads/develop' }} # Only run this job on pushes to the develop branch | |
| permissions: | |
| id-token: write # Required for requesting the JWT | |
| steps: | |
| # Download signing configuration and artifacts | |
| - name: Download signing config | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: config | |
| path: config | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: BuildArtifacts | |
| path: BuildArtifacts | |
| # .NET is required on the agent for the tool to run | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v3 | |
| with: | |
| dotnet-version: '9.x' | |
| # Install the code signing tool | |
| - name: Install Sign CLI tool | |
| run: dotnet tool install --tool-path . --prerelease sign | |
| # Login to Azure using a ServicePrincipal configured to authenticate agaist a GitHub Action | |
| - name: 'Az CLI login' | |
| uses: azure/login@v1 | |
| with: | |
| allow-no-subscriptions: true | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} # This does not need to be a secret and is just a placeholder | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} # This does not need to be a secret and is just a placeholder | |
| # Run the signing command | |
| - name: Sign Kerberos.NET artifacts | |
| shell: pwsh | |
| run: > | |
| .\sign code azure-key-vault ` | |
| "**/*.nupkg" ` | |
| --base-directory "${{ github.workspace }}/BuildArtifacts" | |
| --file-list "${{ github.workspace }}/config/filelist.txt" | |
| --publisher-name "Kerberos.NET" ` | |
| --description "Kerberos.NET" ` | |
| --description-url "https://github.com/dotnet/Kerberos.NET" ` | |
| --azure-credential-type "azure-cli" | |
| --azure-key-vault-url "${{ secrets.KEY_VAULT_URL }}" | |
| --azure-key-vault-certificate "${{ secrets.KEY_VAULT_CERTIFICATE_ID }}" | |
| # - name: Sign Bruce artifacts | |
| # shell: pwsh | |
| # run: > | |
| # .\sign code azure-key-vault ` | |
| # "**/*.nupkg" ` | |
| # --base-directory "$(github.workspace)\drop" ` | |
| # --file-list "${{ github.workspace }}/config/filelist.txt" | |
| # --publisher-name "Bruce" ` | |
| # --description "Command line client for Kerberos.NET" ` | |
| # --description-url "https://github.com/dotnet/Kerberos.NET" ` | |
| # --azure-credential-type "azure-cli" | |
| # --azure-key-vault-url "${{ secrets.KEY_VAULT_URL }}" | |
| # --azure-key-vault-certificate "${{ secrets.KEY_VAULT_CERTIFICATE_ID }}" | |
| # Publish the signed packages | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: SignedArtifacts | |
| path: BuildArtifacts |