[chore] Prep GitHub Action-based release process (#60)

- Port necessary scripts, files from EasyPost CL for new release process - Prep GitHub Action for release process
EasyPost · Feb 2, 2024 · 62b5926 · 62b5926
1 parent 5d4227f
commit 62b5926
Show file tree

Hide file tree

Showing 8 changed files with 101 additions and 17 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,77 @@
+name: Release
+
+on:
+  release:
+    types: [ published ]
+
+jobs:
+  publish:
+    name: Publish to NuGet
+    runs-on: windows-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install .NET SDK
+        uses: actions/setup-dotnet@v3
+        with:
+          # .NET Core 3.1 and .NET 5 are deprecated and removed from GitHub Actions, we need to manually install it
+          dotnet-version: |
+            3.1.x
+            5.x.x
+            8.x.x
+
+      - name: Setup Nuget
+        uses: NuGet/[email protected]
+
+      - name: Restore NuGet Packages
+        run: make restore
+
+      - name: Set up dotnet tools and dependencies
+        run: make install
+
+      - name: Set up authenticity certificate
+        run: |
+          echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
+        shell: bash
+
+      - name: Set variables
+        id: variables
+        run: |
+          echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
+          echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
+          echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV"
+          echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
+          echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
+          echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
+          echo "C:\Program Files\DigiCert\DigiCert Keylocker Tools" >> $GITHUB_PATH
+        shell: bash
+
+      - name: Setup Keylocker KSP on Windows
+        run: |
+          curl -X GET  https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o Keylockertools-windows-x64.msi
+          msiexec /i Keylockertools-windows-x64.msi /quiet /qn
+          smksp_registrar.exe list
+          smctl.exe keypair ls
+          C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
+        shell: cmd
+
+      - name: Sync Certificates
+        run: |
+          smctl windows certsync
+        shell: cmd
+
+      - name: Build and Sign NuGet package
+        run: |
+          call scripts\win\build_release_nuget.bat EasyVCR EasyPostNETStrongNameSigning.snk "${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}" Release
+        shell: cmd
+
+      - name: Publish to NuGet
+        run: make publish key=${{ secrets.NUGET_API_KEY }}
+
+      - name: Upload NuGet package to release
+        uses: AButler/[email protected]
+        with:
+          files: "*.nupkg"
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,8 +1,9 @@
 # CHANGELOG
 
-## Next Release 
+## Next Release
 
 - Add .NET 8.0 support
+- `AdvancedSettings` uses `MatchRules.Default` instead of a new instance of `MatchRules` if not provided during construction
 
 ## v0.9.0 (2023-05-17)
 

diff --git a/EasyPostNETStrongNameSigning.snk b/EasyPostNETStrongNameSigning.snk
diff --git a/scripts/unix/setup.sh b/scripts/unix/setup.sh
@@ -2,8 +2,15 @@
 
 # This script is used to download and install the required .NET versions
 
+# If running Apple Silicon, use brew instead
+if [[ $(sysctl -n machdep.cpu.brand_string) =~ "Apple" ]]; then
+    echo "Apple Silicon detected, using brew to install .NET..."
+    brew install dotnet
+    exit 0
+fi
+
 # .NET versions we want to install
-declare -a NetVersions=("Current" "7.0" "6.0" "5.0" "3.1")
+declare -a NetVersions=("Current" "8.0" "7.0" "6.0" "5.0" "3.1")
 
 # Download dotnet-install.sh
 echo "Downloading dotnet-install.sh script..."

diff --git a/scripts/win/build_release_nuget.bat b/scripts/win/build_release_nuget.bat
@@ -11,9 +11,8 @@
 :: Parse command line arguments
 SET projectName=%1
 SET strongNameCertFile=%2
-SET authCertFile=%3
-SET authCertPass=%4
-SET buildMode=%5
+SET authCertFingerprint=%3
+SET buildMode=%4
 
 :: Delete old files
 CALL "scripts\win\delete_old_assemblies.bat"
@@ -25,13 +24,13 @@ CALL "scripts\win\build_project.bat" %buildMode% || GOTO :commandFailed
 CALL "scripts\win\strong_name_dlls.bat" %strongNameCertFile% || GOTO :commandFailed
 
 :: Sign the DLLs for authenticity
-CALL "scripts\win\sign_dlls.bat" %authCertFile% %authCertPass% || GOTO :commandFailed
+CALL "scripts\win\sign_dlls.bat" %authCertFingerprint% || GOTO :commandFailed
 
 :: Package the DLLs in a NuGet package (will fail if DLLs are missing)
 CALL "scripts\win\pack_nuget.bat" %projectName% || GOTO :commandFailed
 
 :: Sign the NuGet package for authenticity
-CALL "scripts\win\sign_nuget.bat" %authCertFile% %authCertPass% || GOTO :commandFailed
+CALL "scripts\win\sign_nuget.bat" %authCertFingerprint% || GOTO :commandFailed
 SET nugetFileName=
 FOR /R %%F IN (*.nupkg) DO (
     SET nugetFileName="%%F"
@@ -50,7 +49,7 @@ GOTO :eof
 
 :usage
 @ECHO:
-@ECHO Usage: %0 <PROJECT_NAME> <PATH_TO_CERTIFICATE> <CERTIFICATE_PASSWORD> <CERT_CONTAINER_NAME> <BUILD_MODE>
+@ECHO Usage: %0 <PROJECT_NAME> <PATH_TO_STRONG_NAME_CERTIFICATE> <AUTH_CERTIFICATE_FINGERPRINT> <BUILD_MODE>
 GOTO :exitWithError
 
 :commandFailed

diff --git a/scripts/win/setup.bat b/scripts/win/setup.bat
@@ -10,7 +10,7 @@
 @ECHO OFF
 
 :: .NET Versions we want to install and destination
-SET NetVersions=Current 7.0 6.0 5.0 3.1
+SET NetVersions=Current 8.0 7.0 6.0 5.0 3.1
 SET InstallPath=C:\dotnet
 
 :: Dependency file

diff --git a/scripts/win/sign_dlls.bat b/scripts/win/sign_dlls.bat
@@ -7,14 +7,14 @@
 @ECHO OFF
 
 :: Parse command line arguments
-SET certFile=%1
-SET certPass=%2
+SET certFingerprint=%1
 
 :: Sign all DLLs found in the lib folder with our certificate to guarantee authenticity
 @ECHO:
-@ECHO Signing DLLs with %certFile% for authenticity...
+@ECHO Signing DLLs for authenticity...
 FOR /R "lib" %%F IN (*.dll) DO (
-    signtool sign /f %certFile% /p %certPass% /v /tr http://timestamp.digicert.com?alg=sha256 /td SHA256 /fd SHA256 "%%F" || GOTO :commandFailed
+    signtool sign /sha1 "%certFingerprint%" /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 "%%F" || GOTO :commandFailed
+    signtool verify /v /pa "%%F" || GOTO :commandFailed
 )
 
 EXIT /B 0

diff --git a/scripts/win/sign_nuget.bat b/scripts/win/sign_nuget.bat
@@ -6,15 +6,15 @@
 @ECHO OFF
 
 :: Parse command line arguments
-SET certFile=%1
-SET certPass=%2
+SET certFingerprint=%1
 
 :: Sign all NuGet packages found with our certificate to guarantee authenticity
 @ECHO:
-@ECHO Signing NuGet package with %certFile% for authenticity...
+@ECHO Signing NuGet package for authenticity...
 :: Should only be one .nupkg file at this point, since we deleted the old ones
 FOR /R %%F IN (*.nupkg) DO (
-    nuget sign "%%F" -Timestamper http://timestamp.digicert.com -CertificatePath "%certFile%" -CertificatePassword "%certPass%" || GOTO :commandFailed
+    nuget sign "%%F" -Timestamper http://timestamp.digicert.com -CertificateFingerprint "%certFingerprint%" -HashAlgorithm SHA256 -Verbosity detailed -Overwrite || GOTO :commandFailed
+    nuget verify -All "%%F" || GOTO :commandFailed
 )
 
 EXIT /B 0