From 373e79b1704468076ffa6922c4f34594d6fd7f74 Mon Sep 17 00:00:00 2001 From: Allen Byrne <50328838+byrnHDF@users.noreply.github.com> Date: Mon, 19 Aug 2024 07:31:26 -0500 Subject: [PATCH] Add secrets to release workflow (#314) --- .github/workflows/ant-app.yml | 7 ++++--- .github/workflows/ant.yml | 6 +++--- .github/workflows/release.yml | 6 ++++++ 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ant-app.yml b/.github/workflows/ant-app.yml index a01a2243..7c83a6bf 100644 --- a/.github/workflows/ant-app.yml +++ b/.github/workflows/ant-app.yml @@ -232,7 +232,7 @@ jobs: Invoke-WebRequest -Uri https://dist.nuget.org/win-x86-commandline/latest/nuget.exe -OutFile .\nuget.exe .\nuget.exe install Microsoft.Windows.SDK.BuildTools -Version 10.0.22621.3233 -x .\nuget.exe install Microsoft.Trusted.Signing.Client -Version 1.0.53 -x - Install-Module -Name TrustedSigning -RequiredVersion 0.3.8 +# Install-Module -Name TrustedSigning -RequiredVersion 0.4.1 shell: pwsh if: ${{ needs.check-secret.outputs.sign-state == 'exists' }} @@ -248,13 +248,14 @@ jobs: env: HDFLIBS: ${{ steps.set-hdflib-name.outputs.HDFLIB_ENV }} HDF5LIBS: ${{ steps.set-hdf5lib-name.outputs.HDF5LIB_ENV }} - BINSIGN: ${{ steps.set-signing-state.outputs.BINSIGN }} + BINSIGN: ${{ needs.check-secret.outputs.sign-state }} AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} AZURE_ENDPOINT: ${{ secrets.AZURE_ENDPOINT }} AZURE_CODE_SIGNING_NAME: ${{ secrets.AZURE_CODE_SIGNING_NAME }} AZURE_CERT_PROFILE_NAME: ${{ secrets.AZURE_CERT_PROFILE_NAME }} + SIGNTOOLDIR: ${{ runner.workspace }}/Microsoft.Windows.SDK.BuildTools.10.0.22621.3233/tools/sign run: | ant -noinput -buildfile build.xml binaryAppPackage shell: bash @@ -621,7 +622,7 @@ jobs: env: HDFLIBS: ${{ steps.set-hdflib-name.outputs.HDFLIB_ENV }} HDF5LIBS: ${{ steps.set-hdf5lib-name.outputs.HDF5LIB_ENV }} - BINSIGN: ${{ steps.set-signing-state.outputs.BINSIGN }} + BINSIGN: ${{ needs.check-secret.outputs.sign-state }} KEYCHAIN_PASSWD: ${{ secrets.KEYCHAIN_PASSWD }} KEYCHAIN_NAME: ${{ vars.KEYCHAIN_NAME }} SIGNER: ${{ vars.SIGNER }} diff --git a/.github/workflows/ant.yml b/.github/workflows/ant.yml index f4c021a0..87081e8b 100644 --- a/.github/workflows/ant.yml +++ b/.github/workflows/ant.yml @@ -232,7 +232,7 @@ jobs: Invoke-WebRequest -Uri https://dist.nuget.org/win-x86-commandline/latest/nuget.exe -OutFile .\nuget.exe .\nuget.exe install Microsoft.Windows.SDK.BuildTools -Version 10.0.22621.3233 -x .\nuget.exe install Microsoft.Trusted.Signing.Client -Version 1.0.53 -x - Install-Module -Name TrustedSigning -RequiredVersion 0.3.8 +# Install-Module -Name TrustedSigning -RequiredVersion 0.4.1 shell: pwsh if: ${{ needs.check-secret.outputs.sign-state == 'exists' }} @@ -248,7 +248,7 @@ jobs: env: HDFLIBS: ${{ steps.set-hdflib-name.outputs.HDFLIB_ENV }} HDF5LIBS: ${{ steps.set-hdf5lib-name.outputs.HDF5LIB_ENV }} - BINSIGN: ${{ steps.set-signing-state.outputs.BINSIGN }} + BINSIGN: ${{ needs.check-secret.outputs.sign-state }} AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} @@ -606,7 +606,7 @@ jobs: env: HDFLIBS: ${{ steps.set-hdflib-name.outputs.HDFLIB_ENV }} HDF5LIBS: ${{ steps.set-hdf5lib-name.outputs.HDF5LIB_ENV }} - BINSIGN: ${{ steps.set-signing-state.outputs.BINSIGN }} + BINSIGN: ${{ needs.check-secret.outputs.sign-state }} KEYCHAIN_PASSWD: ${{ secrets.KEYCHAIN_PASSWD }} KEYCHAIN_NAME: ${{ vars.KEYCHAIN_NAME }} SIGNER: ${{ vars.SIGNER }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cf0d9e33..43be26f3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -70,6 +70,12 @@ jobs: APPLE_CERTS_BASE64: ${{ secrets.APPLE_CERTS_BASE64 }} APPLE_CERTS_BASE64_PASSWD: ${{ secrets.APPLE_CERTS_BASE64_PASSWD }} KEYCHAIN_PASSWD: ${{ secrets.KEYCHAIN_PASSWD }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + AZURE_ENDPOINT: ${{ secrets.AZURE_ENDPOINT }} + AZURE_CODE_SIGNING_NAME: ${{ secrets.AZURE_CODE_SIGNING_NAME }} + AZURE_CERT_PROFILE_NAME: ${{ secrets.AZURE_CERT_PROFILE_NAME }} call-workflow-ant-app: needs: [log-the-inputs, call-workflow-tarball]