Skip to content

Verify certificate signed #1535

Verify certificate signed

Verify certificate signed #1535

Workflow file for this run

name: CI
on:
push:
branches:
- master
- release-*
pull_request:
workflow_dispatch:
env:
DOTNET_NOLOGO: true
jobs:
build:
name: ${{ matrix.name }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
#- os: windows-2022
# name: Windows
- os: ubuntu-22.04
name: Linux
fail-fast: false
steps:
- name: Check for secrets
env:
SECRETS_AVAILABLE: ${{ secrets.SECRETS_AVAILABLE }}
shell: pwsh
run: exit $(If ($env:SECRETS_AVAILABLE -eq 'true') { 0 } Else { 1 })
- name: Checkout
uses: actions/[email protected]
with:
fetch-depth: 0
- name: Setup .NET SDK
uses: actions/[email protected]
with:
dotnet-version: 8.0.x
dotnet-quality: 'preview'
- name: Build
run: dotnet build src --configuration Release
- name: Sign NuGet packages
uses: Particular/[email protected]
with:
client-id: ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }}
#client-id: 123456
tenant-id: ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }}
client-secret: ${{ secrets.AZURE_KEY_VAULT_CLIENT_SECRET }}
certificate-name: ${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_NAME }}
- name: Verify Signed NuGet Packages
shell: pwsh
run: |
Get-ChildItem -Path nugets -Filter *.nupkg | ForEach-Object {
NuGetKeyVaultSignTool verify $_.FullName `
--file-digest sha256 `
--timestamp-rfc3161 http://timestamp.digicert.com `
--timestamp-digest sha256 `
--azure-key-vault-url https://particularcodesigning.vault.azure.net `
--azure-key-vault-client-id 123456 `
--azure-key-vault-tenant-id ${{ inputs.tenant-id }} `
--azure-key-vault-client-secret ${{ inputs.client-secret }} `
--azure-key-vault-certificate ${{ inputs.certificate-name }}
}
# --azure-key-vault-client-id ${{ inputs.client-id }} `
- name: test next step after signing
run: echo "Hello world"
#- name: Upload packages
# if: matrix.name == 'Windows'
# uses: actions/[email protected]
# with:
# name: NuGet packages
# path: nugets/
# retention-days: 7
#- name: Azure login
# uses: azure/[email protected]
# with:
# creds: ${{ secrets.AZURE_ACI_CREDENTIALS }}
# enable-AzPSSession: true
#- name: Setup RabbitMQ
# uses: Particular/[email protected]
# with:
# connection-string-name: RabbitMQTransport_ConnectionString
# tag: RabbitMQTransport
#- name: Run tests
# uses: Particular/[email protected]
# with:
# reset-script: dotnet run --project src/targets