diff --git a/.github/workflows/access-token-management-ci.yml b/.github/workflows/access-token-management-ci.yml index 2f1c2630..c74eaeda 100644 --- a/.github/workflows/access-token-management-ci.yml +++ b/.github/workflows/access-token-management-ci.yml @@ -10,8 +10,6 @@ on: push: branches: - main - tags: - - access-token-management-v* paths: - .github/workflows/access-token-management-ci.yml - access-token-management/* @@ -22,16 +20,16 @@ on: env: DOTNET_NOLOGO: true - -defaults: - run: - working-directory: access-token-management - shell: pwsh + DOTNET_CLI_TELEMETRY_OPTOUT: true jobs: build: name: Build runs-on: ubuntu-latest + defaults: + run: + working-directory: access-token-management + shell: pwsh steps: - uses: actions/checkout@v4 @@ -65,24 +63,25 @@ jobs: sudo update-ca-certificates - name: Sign - if: (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/')) + if: (github.ref == 'refs/heads/main') env: SignClientSecret: ${{ secrets.SignClientSecret }} run: ./build.ps1 sign - name: Push packages to MyGet - if: (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/')) - run: dotnet nuget push artifacts\*.nupkg -s https://www.myget.org/F/duende_identityserver/api/v2/package -k ${{ secrets.MYGET }} + if: (github.ref == 'refs/heads/main') + run: dotnet nuget push artifacts\*.nupkg -s https://www.myget.org/F/duende_identityserver/api/v2/package -k ${{ secrets.MYGET }} --skip-duplicate - name: Push NuGet package to GitHub Packages - run: dotnet nuget push artifacts\*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} + if: (github.ref == 'refs/heads/main') + run: dotnet nuget push artifacts\*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload artifacts uses: actions/upload-artifact@v4 - if: (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/')) + if: (github.ref == 'refs/heads/main') with: path: access-token-management/artifacts/*.nupkg compression-level: 0 diff --git a/.github/workflows/access-token-management-release.yml b/.github/workflows/access-token-management-release.yml index 2bc2f935..d18d4100 100644 --- a/.github/workflows/access-token-management-release.yml +++ b/.github/workflows/access-token-management-release.yml @@ -11,11 +11,7 @@ on: env: DOTNET_NOLOGO: true - -defaults: - run: - working-directory: access-token-management - shell: pwsh + DOTNET_CLI_TELEMETRY_OPTOUT: true jobs: tag: @@ -24,6 +20,10 @@ jobs: permissions: contents: write packages: write + defaults: + run: + working-directory: access-token-management + shell: pwsh steps: - uses: actions/checkout@v4 @@ -45,6 +45,8 @@ jobs: - name: Pack run: ./build.ps1 pack + # Need to add Sectigo CodeSiging CA certificates to the trust store to prevent the following error: + # NU3018: PartialChain: unable to get local issuer certificate - name: Install Sectigo CodeSiging CA certificates run: | sudo apt-get update @@ -70,6 +72,7 @@ jobs: uses: actions/upload-artifact@v4 with: path: access-token-management/artifacts/*.nupkg + name: access-token-management-artifacts compression-level: 0 overwrite: true retention-days: 15 @@ -82,12 +85,18 @@ jobs: steps: - uses: actions/download-artifact@v4 + with: + name: access-token-management-artifacts + path: artifacts - uses: actions/setup-dotnet@v4 with: dotnet-version: | 8.0.x - - name: Release - #run: dotnet nuget push artifacts\*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGETORG_TOKEN }} - run: Write-Host "Release.." \ No newline at end of file + - name: List files + shell: bash + run: tree + + - name: Push to nuget.org + run: dotnet nuget push artifacts/*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_ORG_API_KEY }} --skip-duplicate \ No newline at end of file diff --git a/.github/workflows/ignore-this-ci.yml b/.github/workflows/ignore-this-ci.yml new file mode 100644 index 00000000..611e8928 --- /dev/null +++ b/.github/workflows/ignore-this-ci.yml @@ -0,0 +1,88 @@ +name: ignore-this\ci + +permissions: + contents: read + checks: write + packages: write + +on: + workflow_dispatch: + push: + branches: + - main + paths: + - .github/workflows/ignore-this-ci.yml + - ignore-this/* + pull_request: + paths: + - .github/workflows/ignore-this-ci.yml + - ignore-this/* + +env: + DOTNET_NOLOGO: true + DOTNET_CLI_TELEMETRY_OPTOUT: true + +jobs: + build: + name: Build + runs-on: ubuntu-latest + defaults: + run: + working-directory: ignore-this + shell: pwsh + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - uses: actions/setup-dotnet@v4 + with: + dotnet-version: | + 8.0.x + + - name: Build + run: ./build.ps1 + + - name: Test report + id: test-report + uses: dorny/test-reporter@v1 + if: success() || failure() # run this step even if previous step failed + with: + name: Test results + path: ignore-this/test/IgnoreThis.Tests/TestResults/Test.trx + reporter: dotnet-trx + fail-on-error: true + fail-on-empty: true + + - name: Install Sectigo CodeSiging CA certificates + run: | + sudo apt-get update + sudo apt-get install -y ca-certificates + sudo cp build/SectigoPublicCodeSigningRootCrossAAA.crt /usr/local/share/ca-certificates/ + sudo update-ca-certificates + + - name: Sign + if: (github.ref == 'refs/heads/main') + env: + SignClientSecret: ${{ secrets.SignClientSecret }} + run: ./build.ps1 sign + + - name: Push packages to MyGet + if: (github.ref == 'refs/heads/main') + run: dotnet nuget push artifacts\*.nupkg -s https://www.myget.org/F/duende_identityserver/api/v2/package -k ${{ secrets.MYGET }} --skip-duplicate + + - name: Push NuGet package to GitHub Packages + run: dotnet nuget push artifacts\*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Upload artifacts + uses: actions/upload-artifact@v4 + if: (github.ref == 'refs/heads/main') + with: + path: ignore-this/artifacts/*.nupkg + compression-level: 0 + overwrite: true + retention-days: 15 \ No newline at end of file diff --git a/.github/workflows/ignore-this-codeql.yml b/.github/workflows/ignore-this-codeql.yml new file mode 100644 index 00000000..3c2ab152 --- /dev/null +++ b/.github/workflows/ignore-this-codeql.yml @@ -0,0 +1,41 @@ +name: ignore-this\codeql + +on: + push: + branches: + - main + paths: + - .github/workflows/ignore-this-codeql.yml + - ignore-this/* + pull_request: + paths: + - .github/workflows/ignore-this-codeql.yml + - ignore-this/* + schedule: + - cron: '38 15 * * 0' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: csharp + + - name: Auto build + uses: github/codeql-action/autobuild@v3 + + - name: Perform CodeQL analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:csharp" diff --git a/.github/workflows/ignore-this-release.yml b/.github/workflows/ignore-this-release.yml new file mode 100644 index 00000000..c0d7990e --- /dev/null +++ b/.github/workflows/ignore-this-release.yml @@ -0,0 +1,102 @@ +name: ignore-this\release + +on: + workflow_dispatch: + inputs: + version: + type: string + description: "Version in format X.Y.Z or X.Y.Z-preview.N" + required: true + default: '0.0.0' + +env: + DOTNET_NOLOGO: true + DOTNET_CLI_TELEMETRY_OPTOUT: true + +jobs: + tag: + name: Tag and Pack + runs-on: ubuntu-latest + permissions: + contents: write + packages: write + defaults: + run: + working-directory: ignore-this + shell: pwsh + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - uses: actions/setup-dotnet@v4 + with: + dotnet-version: | + 8.0.x + + - name: Tag + run: | + git config --global user.email "github-bot@duendesoftware.com" + git config --global user.name "Duende Software GitHub Bot" + git tag -a it-${{ github.event.inputs.version }} -m "Release v${{ github.event.inputs.version }}" + git push origin it-${{ github.event.inputs.version }} + + - name: Pack + run: ./build.ps1 pack + + # Need to add Sectigo CodeSiging CA certificates to the trust store to prevent the following error: + # NU3018: PartialChain: unable to get local issuer certificate + - name: Install Sectigo CodeSiging CA certificates + run: | + sudo apt-get update + sudo apt-get install -y ca-certificates + sudo cp build/SectigoPublicCodeSigningRootCrossAAA.crt /usr/local/share/ca-certificates/ + sudo update-ca-certificates + + - name: Sign + env: + SignClientSecret: ${{ secrets.SignClientSecret }} + run: ./build.ps1 sign + + - name: Push packages to MyGet + run: dotnet nuget push artifacts\*.nupkg -s https://www.myget.org/F/duende_identityserver/api/v2/package -k ${{ secrets.MYGET }} --skip-duplicate + + - name: Push packages to GitHub + run: dotnet nuget push artifacts\*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + path: ignore-this/artifacts/*.nupkg + name: ignore-this-artifacts + compression-level: 0 + overwrite: true + retention-days: 15 + + publish: + name: Publish to NuGet + runs-on: ubuntu-latest + environment: nuget.org + needs: tag + + steps: + - uses: actions/download-artifact@v4 + with: + name: ignore-this-artifacts + path: artifacts + + - uses: actions/setup-dotnet@v4 + with: + dotnet-version: | + 8.0.x + + - name: List files + shell: bash + run: tree + + - name: Push to nuget.org + run: dotnet nuget push artifacts/*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_ORG_API_KEY }} --skip-duplicate \ No newline at end of file diff --git a/ignore-this/.config/dotnet-tools.json b/ignore-this/.config/dotnet-tools.json new file mode 100644 index 00000000..1ea25945 --- /dev/null +++ b/ignore-this/.config/dotnet-tools.json @@ -0,0 +1,12 @@ +{ + "version": 1, + "isRoot": true, + "tools": { + "NuGetKeyVaultSignTool": { + "version": "3.2.3", + "commands": [ + "NuGetKeyVaultSignTool" + ] + } + } +} \ No newline at end of file diff --git a/ignore-this/.gitignore b/ignore-this/.gitignore new file mode 100644 index 00000000..60e14c62 --- /dev/null +++ b/ignore-this/.gitignore @@ -0,0 +1,222 @@ +# MacOS +.DS_Store + +# Rider +.idea + +# User-specific files +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +x64/ +x86/ + +bld/ +[Bb]in/ +[Oo]bj/ + +# Visual Studio 2015 cache/options directory +.vs/ +project.lock.json + + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUNIT +*.VisualState.xml +TestResult.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +*_i.c +*_p.c +*_i.h +*.ilk +*.meta +*.obj +*.pch +*.pdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*.log +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opensdf +*.sdf +*.cachefile + +# Visual Studio profiler +*.psess +*.vsp +*.vspx + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# JustCode is a .NET coding addin-in +.JustCode + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# NCrunch +_NCrunch_* +.*crunch*.local.xml + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml +# TODO: Comment the next line if you want to checkin your web deploy settings +# but database connection strings (with potential passwords) will be unencrypted +*.pubxml +*.publishproj + +# NuGet Packages +*.nupkg +# The packages folder can be ignored because of Package Restore +**/packages/* +# except build/, which is used as an MSBuild target. +!**/packages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/packages/repositories.config + +# Windows Azure Build Output +csx/ +*.build.csdef + +# Windows Store app package directory +AppPackages/ + +# Others +*.[Cc]ache +ClientBin/ +[Ss]tyle[Cc]op.* +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.publishsettings +node_modules/ +bower_components/ + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm + +# SQL Server files +*.mdf +*.ldf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings + +# Microsoft Fakes +FakesAssemblies/ + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt +docs/_build/ + +# Local .NET CLI tools +tools/ + +# Visual Studio Code workspace options +.vscode/settings.json + +# IdentityServer temp files +identityserver4_log.txt +tempkey.rsa +samples/KeyManagement/FileSystem/dataprotectionkeys/ +samples/KeyManagement/FileSystem/signingkeys/ +workspace.xml + +src/IdentityServer4/host/identityserver.db +tempkey.jwk +keys +*.key +Duende.BFF.db +*.db-shm +*.db-wal diff --git a/ignore-this/Directory.Build.props b/ignore-this/Directory.Build.props new file mode 100644 index 00000000..55c73821 --- /dev/null +++ b/ignore-this/Directory.Build.props @@ -0,0 +1,29 @@ + + + test + Duende Software + Duende Software + Duende Software + Duende Ignore This + + Apache-2.0 + + icon.png + https://github.com/DuendeSoftware/Duende.AccessTokenManagement + https://github.com/DuendeSoftware/Duende.AccessTokenManagement/releases + + true + true + embedded + True + + + + + + + + minor + it- + + \ No newline at end of file diff --git a/ignore-this/Directory.Build.targets b/ignore-this/Directory.Build.targets new file mode 100644 index 00000000..a4ce6b93 --- /dev/null +++ b/ignore-this/Directory.Build.targets @@ -0,0 +1,26 @@ + + + 8.0.1 + 8.0.0 + 7.1.2 + 7.0.6 + + + + + + + + + + + + + + + + + + + + diff --git a/ignore-this/IgnoreThis.sln b/ignore-this/IgnoreThis.sln new file mode 100644 index 00000000..0e137050 --- /dev/null +++ b/ignore-this/IgnoreThis.sln @@ -0,0 +1,48 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# 17 +VisualStudioVersion = 17.11.35312.102 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{F65AC342-86DC-4548-883A-61DB34626203}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{0B14DE7B-43BD-4570-B6AB-37EDA32032FF}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "build", "build", "{CF071876-039F-4DF7-92A3-B0209A7CD27F}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "build", "build\build.csproj", "{3EE4C5AF-7DC5-42DC-93F7-C9F8BEF2E5C8}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "IgnoreThis", "src\IgnoreThis\IgnoreThis.csproj", "{A0587E7B-D1C0-4469-BD1C-6690C4008127}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "IgnoreThis.Tests", "test\IgnoreThis.Tests\IgnoreThis.Tests.csproj", "{795A0020-1BCE-45D4-A9F9-EB43EE1CF575}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Any CPU = Debug|Any CPU + Release|Any CPU = Release|Any CPU + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {3EE4C5AF-7DC5-42DC-93F7-C9F8BEF2E5C8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {3EE4C5AF-7DC5-42DC-93F7-C9F8BEF2E5C8}.Debug|Any CPU.Build.0 = Debug|Any CPU + {3EE4C5AF-7DC5-42DC-93F7-C9F8BEF2E5C8}.Release|Any CPU.ActiveCfg = Release|Any CPU + {3EE4C5AF-7DC5-42DC-93F7-C9F8BEF2E5C8}.Release|Any CPU.Build.0 = Release|Any CPU + {A0587E7B-D1C0-4469-BD1C-6690C4008127}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {A0587E7B-D1C0-4469-BD1C-6690C4008127}.Debug|Any CPU.Build.0 = Debug|Any CPU + {A0587E7B-D1C0-4469-BD1C-6690C4008127}.Release|Any CPU.ActiveCfg = Release|Any CPU + {A0587E7B-D1C0-4469-BD1C-6690C4008127}.Release|Any CPU.Build.0 = Release|Any CPU + {795A0020-1BCE-45D4-A9F9-EB43EE1CF575}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {795A0020-1BCE-45D4-A9F9-EB43EE1CF575}.Debug|Any CPU.Build.0 = Debug|Any CPU + {795A0020-1BCE-45D4-A9F9-EB43EE1CF575}.Release|Any CPU.ActiveCfg = Release|Any CPU + {795A0020-1BCE-45D4-A9F9-EB43EE1CF575}.Release|Any CPU.Build.0 = Release|Any CPU + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(NestedProjects) = preSolution + {3EE4C5AF-7DC5-42DC-93F7-C9F8BEF2E5C8} = {CF071876-039F-4DF7-92A3-B0209A7CD27F} + {A0587E7B-D1C0-4469-BD1C-6690C4008127} = {F65AC342-86DC-4548-883A-61DB34626203} + {795A0020-1BCE-45D4-A9F9-EB43EE1CF575} = {0B14DE7B-43BD-4570-B6AB-37EDA32032FF} + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {A8AE52DE-E234-417E-8152-95C30CD71A7A} + EndGlobalSection +EndGlobal diff --git a/ignore-this/README.md b/ignore-this/README.md new file mode 100644 index 00000000..0009901a --- /dev/null +++ b/ignore-this/README.md @@ -0,0 +1,3 @@ +# Ignore This + +Ignore this package; it's used internally to test our package publishing process. \ No newline at end of file diff --git a/ignore-this/build.ps1 b/ignore-this/build.ps1 new file mode 100644 index 00000000..650f67a8 --- /dev/null +++ b/ignore-this/build.ps1 @@ -0,0 +1,2 @@ +$ErrorActionPreference = "Stop"; +dotnet run --project build -- $args diff --git a/ignore-this/build/Program.cs b/ignore-this/build/Program.cs new file mode 100644 index 00000000..19e52d44 --- /dev/null +++ b/ignore-this/build/Program.cs @@ -0,0 +1,99 @@ +using System; +using System.IO; +using System.Threading.Tasks; + +using static Bullseye.Targets; +using static SimpleExec.Command; + +namespace build +{ + internal static class Program + { + private const string packOutput = "./artifacts"; + private const string envVarMissing = " environment variable is missing. Aborting."; + + private static class Targets + { + public const string RestoreTools = "restore-tools"; + public const string CleanBuildOutput = "clean-build-output"; + public const string CleanPackOutput = "clean-pack-output"; + public const string Build = "build"; + public const string Test = "test"; + public const string Pack = "pack"; + public const string Sign = "sign"; + } + + internal static async Task Main(string[] args) + { + Target(Targets.RestoreTools, () => + { + Run("dotnet", "tool restore"); + }); + + Target(Targets.CleanBuildOutput, () => + { + Run("dotnet", "clean -c Release -v m --nologo"); + }); + + Target(Targets.Build, DependsOn(Targets.CleanBuildOutput), () => + { + Run("dotnet", "build -c Release --nologo"); + }); + + Target(Targets.Test, DependsOn(Targets.Build), () => + { + Run("dotnet", + $"test test/IgnoreThis.Tests -c Release --nologo " + + $"--blame-hang " + + $"--blame-hang-timeout=120sec " + + $"--logger \"console;verbosity=normal\" --logger \"trx;LogFileName=Test.trx\""); + }); + + Target(Targets.CleanPackOutput, () => + { + if (Directory.Exists(packOutput)) + { + Directory.Delete(packOutput, true); + } + }); + + Target(Targets.Pack, DependsOn(Targets.Build, Targets.CleanPackOutput), () => + { + Run("dotnet", $"pack src/IgnoreThis/IgnoreThis.csproj -c Release -o {Directory.CreateDirectory(packOutput).FullName} --no-build --nologo"); + }); + + Target(Targets.Sign, DependsOn(Targets.RestoreTools), SignNuGet); + + Target("default", DependsOn(Targets.Test, Targets.Pack)); + + await RunTargetsAndExitAsync(args, ex => ex is SimpleExec.ExitCodeException || ex.Message.EndsWith(envVarMissing)); + } + + private static void SignNuGet() + { + var signClientSecret = Environment.GetEnvironmentVariable("SignClientSecret"); + + if (string.IsNullOrWhiteSpace(signClientSecret)) + { + throw new Exception($"SignClientSecret{envVarMissing}"); + } + + foreach (var file in Directory.GetFiles(packOutput, "*.nupkg", SearchOption.AllDirectories)) + { + Console.WriteLine($" Signing {file}"); + + Run("dotnet", + "NuGetKeyVaultSignTool " + + $"sign {file} " + + "--file-digest sha256 " + + "--timestamp-rfc3161 http://timestamp.digicert.com " + + "--azure-key-vault-url https://duendecodesigning.vault.azure.net/ " + + "--azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 " + + "--azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 " + + $"--azure-key-vault-client-secret {signClientSecret} " + + "--azure-key-vault-certificate CodeSigning" + ,noEcho: true); + } + } + } +} diff --git a/ignore-this/build/SectigoPublicCodeSigningRootCrossAAA.crt b/ignore-this/build/SectigoPublicCodeSigningRootCrossAAA.crt new file mode 100644 index 00000000..c2f2350b --- /dev/null +++ b/ignore-this/build/SectigoPublicCodeSigningRootCrossAAA.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFbzCCBFegAwIBAgIQSPyTtGBVlI02p8mKidaUFjANBgkqhkiG9w0BAQwFADB7 +MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD +VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE +AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTIxMDUyNTAwMDAwMFoXDTI4 +MTIzMTIzNTk1OVowVjELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGlt +aXRlZDEtMCsGA1UEAxMkU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5nIFJvb3Qg +UjQ2MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjeeUEiIEJHQu/xYj +ApKKtq42haxH1CORKz7cfeIxoFFvrISR41KKteKW3tCHYySJiv/vEpM7fbu2ir29 +BX8nm2tl06UMabG8STma8W1uquSggyfamg0rUOlLW7O4ZDakfko9qXGrYbNzszwL +DO/bM1flvjQ345cbXf0fEj2CA3bm+z9m0pQxafptszSswXp43JJQ8mTHqi0Eq8Nq +6uAvp6fcbtfo/9ohq0C/ue4NnsbZnpnvxt4fqQx2sycgoda6/YDnAdLv64IplXCN +/7sVz/7RDzaiLk8ykHRGa0c1E3cFM09jLrgt4b9lpwRrGNhx+swI8m2JmRCxrds+ +LOSqGLDGBwF1Z95t6WNjHjZ/aYm+qkU+blpfj6Fby50whjDoA7NAxg0POM1nqFOI ++rgwZfpvx+cdsYN0aT6sxGg7seZnM5q2COCABUhA7vaCZEao9XOwBpXybGWfv1Vb +HJxXGsd4RnxwqpQbghesh+m2yQ6BHEDWFhcp/FycGCvqRfXvvdVnTyheBe6QTHrn +xvTQ/PrNPjJGEyA2igTqt6oHRpwNkzoJZplYXCmjuQymMDg80EY2NXycuu7D1fkK +dvp+BRtAypI16dV60bV/AK6pkKrFfwGcELEW/MxuGNxvYv6mUKe4e7idFT/+IAx1 +yCJaE5UZkADpGtXChvHjjuxf9OUCAwEAAaOCARIwggEOMB8GA1UdIwQYMBaAFKAR +CiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQy65Ka/zWWSC8oQEJwIDaRXBeF +5jAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSUEDDAKBggr +BgEFBQcDAzAbBgNVHSAEFDASMAYGBFUdIAAwCAYGZ4EMAQQBMEMGA1UdHwQ8MDow +OKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0FBQUNlcnRpZmljYXRlU2Vy +dmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29j +c3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4IBAQASv6Hvi3SamES4aUa1 +qyQKDKSKZ7g6gb9Fin1SB6iNH04hhTmja14tIIa/ELiueTtTzbT72ES+BtlcY2fU +QBaHRIZyKtYyFfUSg8L54V0RQGf2QidyxSPiAjgaTCDi2wH3zUZPJqJ8ZsBRNraJ +AlTH/Fj7bADu/pimLpWhDFMpH2/YGaZPnvesCepdgsaLr4CnvYFIUoQx2jLsFeSm +TD1sOXPUC4U5IOCFGmjhp0g4qdE2JXfBjRkWxYhMZn0vY86Y6GnfrDyoXZ3JHFuu +2PMvdM+4fvbXg50RlmKarkUT2n/cR/vfw1Kf5gZV6Z2M8jpiUbzsJA8p1FiAhORF +e1rY +-----END CERTIFICATE----- + diff --git a/ignore-this/build/build.csproj b/ignore-this/build/build.csproj new file mode 100644 index 00000000..5fc82dca --- /dev/null +++ b/ignore-this/build/build.csproj @@ -0,0 +1,13 @@ + + + + Exe + net8.0 + + + + + + + + diff --git a/ignore-this/global.json b/ignore-this/global.json new file mode 100644 index 00000000..72d38cd2 --- /dev/null +++ b/ignore-this/global.json @@ -0,0 +1,7 @@ +{ + "sdk": { + "version": "8.0.100", + "rollForward": "latestMajor", + "allowPrerelease": false + } +} \ No newline at end of file diff --git a/ignore-this/icon.png b/ignore-this/icon.png new file mode 100644 index 00000000..e00fb92e Binary files /dev/null and b/ignore-this/icon.png differ diff --git a/ignore-this/src/IgnoreThis/IgnoreThis.csproj b/ignore-this/src/IgnoreThis/IgnoreThis.csproj new file mode 100644 index 00000000..5a0dbf37 --- /dev/null +++ b/ignore-this/src/IgnoreThis/IgnoreThis.csproj @@ -0,0 +1,22 @@ + + + + net8.0 + enable + true + README.md + Duende.IgnoreThis + $(PackageId) + $(PackageId) + Automatic access token management for OAuth client credential flows + + + + + + + + + + + diff --git a/ignore-this/src/IgnoreThis/README.md b/ignore-this/src/IgnoreThis/README.md new file mode 100644 index 00000000..87064aea --- /dev/null +++ b/ignore-this/src/IgnoreThis/README.md @@ -0,0 +1,3 @@ +# Ignore This + +Ignore this package - it is used internally to test our package publishing process. \ No newline at end of file diff --git a/ignore-this/src/README.md b/ignore-this/src/README.md new file mode 100644 index 00000000..daa9dc1c --- /dev/null +++ b/ignore-this/src/README.md @@ -0,0 +1,3 @@ +# Ignore This + +Ignore this project - it is used internally to test our package publishing process. \ No newline at end of file diff --git a/ignore-this/test/IgnoreThis.Tests/Class1.cs b/ignore-this/test/IgnoreThis.Tests/Class1.cs new file mode 100644 index 00000000..9ad2ecf1 --- /dev/null +++ b/ignore-this/test/IgnoreThis.Tests/Class1.cs @@ -0,0 +1,11 @@ +// Copyright (c) Duende Software. All rights reserved. +// See LICENSE in the project root for license information. + +namespace Duende.IgnoreThis; + +public class Class1 +{ + [Fact] + public void Test1() + { } +} \ No newline at end of file diff --git a/ignore-this/test/IgnoreThis.Tests/IgnoreThis.Tests.csproj b/ignore-this/test/IgnoreThis.Tests/IgnoreThis.Tests.csproj new file mode 100644 index 00000000..e1703280 --- /dev/null +++ b/ignore-this/test/IgnoreThis.Tests/IgnoreThis.Tests.csproj @@ -0,0 +1,29 @@ + + + + net8.0 + enable + enable + Duende.IgnoreThis + false + + + + + + + runtime; build; native; contentfiles; analyzers; buildtransitive + all + + + runtime; build; native; contentfiles; analyzers; buildtransitive + all + + + + + + + + + diff --git a/ignore-this/test/IgnoreThis.Tests/Usings.cs b/ignore-this/test/IgnoreThis.Tests/Usings.cs new file mode 100644 index 00000000..42ff96b9 --- /dev/null +++ b/ignore-this/test/IgnoreThis.Tests/Usings.cs @@ -0,0 +1,5 @@ +// Copyright (c) Duende Software. All rights reserved. +// See LICENSE in the project root for license information. + +global using Xunit; +global using Shouldly; \ No newline at end of file