diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 524b3a1a5..c5b1586e8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,9 +17,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: Set up dotnet tools - run: make setup-tools - - name: Install security-code-scan - run: make install-scanner + run: make install-tools - name: Run security analysis run: make scan # TODO: In the future, we can collect the output logs by enabling Code Scanning and using the pre-built GitHub Action: https://github.com/marketplace/actions/securitycodescan diff --git a/Makefile b/Makefile index 74d1cdee0..23cfc2359 100644 --- a/Makefile +++ b/Makefile @@ -36,12 +36,13 @@ format: install-cert: scripts\install_cert.bat ${cert} ${pass} -## install-scanner - Install SecurityCodeScan to your system -install-scanner: - dotnet tool install --local security-scan --version 5.6.3 +## install-tools - Install tools to your system +install-tools: + dotnet new tool-manifest || true + dotnet tool install --local security-scan --version 5.6.3 || true ## install - Install requirements -install: +install: | install-tools git submodule init git submodule update @@ -93,10 +94,6 @@ scan: setup: scripts\setup.bat -## setup-tools - Set up the manifest files for dotnet tools -setup-tools: - dotnet new tool-manifest - ## sign - Sign all generated DLLs and NuGet packages with the provided certificate (Windows only) # @parameters: # cert= - The certificate to use for signing the built assets. @@ -120,4 +117,4 @@ test-fw: uninstall-scanner: dotnet tool uninstall security-scan -.PHONY: help build build-test-fw build-prod clean format install-cert install-scanner install lint lint-scripts pre-release publish-all publish release restore scan setup setup-tools sign test test-fw uninstall-scanner +.PHONY: help build build-test-fw build-prod clean format install-cert install-tools install lint lint-scripts pre-release publish-all publish release restore scan setup sign test test-fw uninstall-scanner diff --git a/VM_SETUP_HELP.md b/VM_SETUP_HELP.md new file mode 100644 index 000000000..a0663dfcc --- /dev/null +++ b/VM_SETUP_HELP.md @@ -0,0 +1,40 @@ +This file is a catch-all for (non-proprietary) notes about setting up a Windows system/VM to build the .NET client library. + +### General Notes + +- If you are starting a VM from scratch, it's recommended you "de-bloat" Windows 10/11. [Chris Titus's utility](https://christitus.com/windows-tool/) is quite effective and well-tested. +- If you are starting a VM from scratch, follow this process: + - Start up the VM + - Debloat Windows (optional) + - Open PowerShell as Administrator and [install Chocolatey](https://docs.chocolatey.org/en-us/choco/setup#install-with-powershell.exe) + - Install `git` and `make` via Chocolatey: `choco install git make` + - Open Command Prompt and clone the .NET client library repo: `git clone https://github.com/EasyPost/easypost-csharp.git` + - Command Prompt should open to your user directory by default, so you do not need to navigate to a different directory first + - Enter the repo directory: `cd easypost-csharp` + - Set up your system: `make setup` +- All Batch scripts in the `scripts` folder can be run via the Makefile (e.g. `make setup`, `make prep-release`). You should never need to run any Batch script directly; some are designed with the expectation that you are running them from the root of the repository. +- If you can, don't shut down your VM. Instead, suspend it via "Save Machine State". This will improve startup time and preserve any open applications. +- You can [pass through folders](https://pureinfotech.com/create-shared-folder-virtual-machine-virtualbox/) into your VM to transfer files between your host and guest OS. + +### Troubleshooting + +#### Windows VM can't find my network drive +- Make sure the folder exists on your host OS *prior* to starting the VM. If you need to create the folder, shut down the VM first and then start it again after creating the folder. + - If you are passing through folders to files stored in 1Password cache, those files are temporary and may need to be re-cached on your host machine. Navigate to the file in 1Password, click the dropdown arrow next to "Quick Look" and select "Show in Finder" (MacOS). This will re-cache the file and make the folder available to the VM. + +#### Text won't paste into the VM + +- Try opening Notepad on the Windows VM and pasting into that first. If it works, try pasting into the application you want to use. +- In Command Prompt, you "paste" with a right-click on the mouse. Do not + +#### Restoring NuGet packages fails + +- **"No packages exist with this id in source(s): Microsoft Visual Studio Offline Packages"** + - You need to add nuget.org as a package source. + - Via Visual Studio: + - Open Visual Studio -> Debug -> Options -> NuGet Package Manager -> General. Click "Clear All NuGet Cache(s)". + - Click "Package Sources" and add `https://api.nuget.org/v3/index.json` as a package source. + - Via the command line: + - Open a command prompt and run `nuget sources add -Name nuget.org -Source https://api.nuget.org/v3/index.json` + - The scripts in this repository are configured to use the `nuget.config` file in the root of the repository, which should avoid this issue. + - If you would like to use this config file, include `-configFile nuget.config` in your `nuget` command. diff --git a/nuget.config b/nuget.config new file mode 100644 index 000000000..c29b021fc --- /dev/null +++ b/nuget.config @@ -0,0 +1,6 @@ + + + + + + diff --git a/scripts/dependencies.txt b/scripts/dependencies.txt new file mode 100644 index 000000000..09b2bb0c0 --- /dev/null +++ b/scripts/dependencies.txt @@ -0,0 +1,5 @@ +7z.exe,1CNp7hK2e6sOg1rdB8f0iEr6CWAPAj1JD +nuget.exe,1GdqLDyLiavrJ7A8IYSbGDJmRQQA-ld6n +signtool.exe,1R2Ozruv6b67wVzHd6pzuS7snkJuUqB3N +sn.exe,1kN-pj2D_PnbRqWuXgBbC6fy7k39Zpo94 +SnInstallPfx.exe,1QznnBIj4cKDLDSdYTQEAuC6SDzaqoXnP diff --git a/scripts/setup.bat b/scripts/setup.bat index 780a173fe..13a95e1da 100644 --- a/scripts/setup.bat +++ b/scripts/setup.bat @@ -13,9 +13,8 @@ SET NetVersions=Current 6.0 5.0 3.1 SET InstallPath=C:\dotnet -:: Dependencies for these scripts -SET DepFiles=SnInstallPfx.exe nuget.exe 7z.exe -SET FileHost=https://files.nateharr.is/netdeps/ +:: Dependency file +SET DependencyFile=scripts\dependencies.txt :: Install each .NET version @ECHO Installing .NET SDKs ... @@ -29,9 +28,9 @@ ENDLOCAL :: Download dependencies to the same directory as 'dotnet' @ECHO Downloading third-party tools ... SETLOCAL - for %%x IN (%DepFiles%) DO ( + for /f "tokens=1-2 delims=," %%x in (%DependencyFile%) DO ( @ECHO Downloading %%x ... - powershell -NoProfile -ExecutionPolicy unrestricted -Command "Invoke-WebRequest -Uri '%FileHost%%%x' -OutFile '%InstallPath%\%%x'" + powershell -NoProfile -ExecutionPolicy unrestricted -Command "Invoke-WebRequest -Uri 'https://drive.google.com/uc?export=download&id=%%y' -OutFile '%InstallPath%\%%x'" ) ENDLOCAL diff --git a/scripts/sign_dlls.bat b/scripts/sign_dlls.bat index ceb30dc4d..6e7a15296 100644 --- a/scripts/sign_dlls.bat +++ b/scripts/sign_dlls.bat @@ -15,7 +15,8 @@ SET containerName=%3 @ECHO Signing DLLs with certificate... FOR /R "lib" %%F IN (*.dll) DO ( REM We need to run the DLLs through both sn.exe and signtool to get complete the signing process - sn -Rca "%%F" %containerName% || GOTO :commandFailed + REM sn erroneously triggers command failed if we put a fallback on this + sn -Rca "%%F" %containerName% signtool sign /f %certFile% /p %certPass% /v /tr http://timestamp.digicert.com?alg=sha256 /td SHA256 /fd SHA256 "%%F" || GOTO :commandFailed )