Skip to content

Commit

Permalink
Release 2.5.1 (#1648)
Browse files Browse the repository at this point in the history
**Changes:**

- Update MSAL and Avalonia to latest versions (#1640).
- Changes to release workflow to publish NuGet signing certificate
(#1594, #1644, #1647).
- Updates to Managed Identity and Service Principal docs.
  • Loading branch information
mjcheetham authored Jul 2, 2024
2 parents d349307 + a390637 commit 4b0808b
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 61 deletions.
83 changes: 34 additions & 49 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -177,10 +177,10 @@ jobs:
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Sign payload files with Azure Code Signing
uses: azure/azure-code-[email protected].1
uses: azure/trusted-[email protected].20
with:
endpoint: https://wus2.codesigning.azure.net/
code-signing-account-name: git-fundamentals-signing
trusted-signing-account-name: git-fundamentals-signing
certificate-profile-name: git-fundamentals-windows-signing
files-folder: ${{ github.workspace }}\payload
files-folder-filter: exe,dll
Expand All @@ -204,10 +204,10 @@ jobs:
-Destination $env:GITHUB_WORKSPACE\installers
- name: Sign installers with Azure Code Signing
uses: azure/azure-code-[email protected].1
uses: azure/trusted-[email protected].20
with:
endpoint: https://wus2.codesigning.azure.net/
code-signing-account-name: git-fundamentals-signing
trusted-signing-account-name: git-fundamentals-signing
certificate-profile-name: git-fundamentals-windows-signing
files-folder: ${{ github.workspace }}\installers
files-folder-filter: exe
Expand Down Expand Up @@ -349,31 +349,16 @@ jobs:
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Download/extract Sign CLI tool
env:
AST: ${{ secrets.AZURE_STORAGE_ACCOUNT }}
ASC: ${{ secrets.AZURE_STORAGE_CONTAINER }}
SCT: ${{ secrets.SIGN_CLI_TOOL }}
- name: Install sign CLI tool
run: |
az storage blob download --file sign-cli.zip --auth-mode login `
--account-name $env:AST --container-name $env:ASC --name $env:SCT
Expand-Archive -Path sign-cli.zip -DestinationPath .\sign-cli
dotnet tool install -g --version 0.9.1-beta.24325.5
- name: Sign payload
env:
ACST: ${{ secrets.AZURE_TENANT_ID }}
ACSI: ${{ secrets.AZURE_CLIENT_ID }}
ACSS: ${{ secrets.AZURE_CLIENT_SECRET }}
run: |
./sign-cli/sign.exe code azcodesign payload/* `
-acsu https://wus2.codesigning.azure.net/ `
-acsa git-fundamentals-signing `
-acscp git-fundamentals-windows-signing `
-d "Git Fundamentals Windows Signing Certificate" `
-u "https://github.com/git-ecosystem/git-credential-manager" `
-acst $env:ACST `
-acsi $env:ACSI `
-acss $env:ACSS
sign.exe code trusted-signing payload/* `
-tse https://wus2.codesigning.azure.net/ `
-tsa git-fundamentals-signing `
-tscp git-fundamentals-windows-signing
- name: Lay out signed payload, images, and symbols
shell: bash
Expand Down Expand Up @@ -440,37 +425,37 @@ jobs:
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Download/extract Sign CLI tool
env:
AST: ${{ secrets.AZURE_STORAGE_ACCOUNT }}
ASC: ${{ secrets.AZURE_STORAGE_CONTAINER }}
SCT: ${{ secrets.SIGN_CLI_TOOL }}
- name: Install sign CLI tool
run: |
az storage blob download --file sign-cli.zip --auth-mode login `
--account-name $env:AST --container-name $env:ASC --name $env:SCT
Expand-Archive -Path sign-cli.zip -DestinationPath .\sign-cli
dotnet tool install -g --version 0.9.1-beta.24325.5
- name: Sign package
env:
ACST: ${{ secrets.AZURE_TENANT_ID }}
ACSI: ${{ secrets.AZURE_CLIENT_ID }}
ACSS: ${{ secrets.AZURE_CLIENT_SECRET }}
run: |
./sign-cli/sign.exe code azcodesign nupkg/* `
-acsu https://wus2.codesigning.azure.net/ `
-acsa git-fundamentals-signing `
-acscp git-fundamentals-windows-signing `
-d "Git Fundamentals Windows Signing Certificate" `
-u "https://github.com/git-ecosystem/git-credential-manager" `
-acst $env:ACST `
-acsi $env:ACSI `
-acss $env:ACSS
- name: Publish signed package
sign.exe code trusted-signing nupkg/* `
-tse https://wus2.codesigning.azure.net/ `
-tsa git-fundamentals-signing `
-tscp git-fundamentals-windows-signing
mv nupkg/* .
# Remove this once NuGet supports the subscriber identity validation EKU:
# https://github.com/NuGet/NuGetGallery/issues/10027
- name: Extract signing certificate from package
shell: pwsh
run: |
dotnet tool install --global Knapcode.CertificateExtractor
$nupkg = gci *.nupkg
nuget-cert-extractor --file $nupkg --output certs --code-signing --author --leaf
$cert = gci certs\*.cer
mv $cert .\nuget-signing.cer
- name: Publish signed package and certificate
uses: actions/upload-artifact@v4
with:
name: dotnet-tool-sign
path: nupkg/*.nupkg
path: |
*.nupkg
*.cer
# ================================
# Validate
Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2.5.0.0
2.5.1.0
7 changes: 5 additions & 2 deletions docs/azrepos-misp.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,12 +49,15 @@ Value|Description
-|-
`system`|System-Assigned Managed Identity
`[guid]`|User-Assigned Managed Identity with the specified client ID
`id://[guid]`|User-Assigned Managed Identity with the specified client ID
`resource://[guid]`|User-Assigned Managed Identity for the associated resource
`id://[guid]` **|User-Assigned Managed Identity with the specified client ID
`resource://[guid]` **|User-Assigned Managed Identity for the associated resource

You can obtain the `[guid]` from the Azure Portal or by using the Azure CLI
to inspect the Managed Identity or resource.

** Note there is an open issue that prevents successfull authentication when
using these formats: https://github.com/git-ecosystem/git-credential-manager/issues/1570

## Service Principals

Azure Service Principals are used to authenticate and authorize applications and
Expand Down
18 changes: 9 additions & 9 deletions src/shared/Core/Core.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -13,25 +13,25 @@
<ItemGroup Condition="'$(TargetFramework)' == 'net472'">
<Reference Include="System.Net.Http" />
<Reference Include="System.Web" />
<PackageReference Include="Microsoft.Identity.Client.Broker" Version="4.60.3" />
<PackageReference Include="Avalonia.Win32" Version="11.0.10" />
<PackageReference Include="Microsoft.Identity.Client.Broker" Version="4.61.3" />
<PackageReference Include="Avalonia.Win32" Version="11.0.11" />
</ItemGroup>

<ItemGroup Condition="'$(TargetFramework)' != 'net472'">
<PackageReference Include="Avalonia.Desktop" Version="11.0.10" />
<PackageReference Include="Avalonia.Desktop" Version="11.0.11" />
</ItemGroup>

<ItemGroup>
<PackageReference Include="Microsoft.Identity.Client" Version="4.60.3" />
<PackageReference Include="Microsoft.Identity.Client.Extensions.Msal" Version="4.60.3" />
<PackageReference Include="Microsoft.Identity.Client" Version="4.61.3" />
<PackageReference Include="Microsoft.Identity.Client.Extensions.Msal" Version="4.61.3" />
<PackageReference Include="System.CommandLine" Version="2.0.0-beta4.22272.1" />
<PackageReference Include="Avalonia" Version="11.0.10" />
<PackageReference Include="Avalonia.Skia" Version="11.0.10" />
<PackageReference Include="Avalonia.Themes.Fluent" Version="11.0.10" />
<PackageReference Include="Avalonia" Version="11.0.11" />
<PackageReference Include="Avalonia.Skia" Version="11.0.11" />
<PackageReference Include="Avalonia.Themes.Fluent" Version="11.0.11" />
</ItemGroup>

<ItemGroup Condition="'$(Configuration)' == 'Debug'">
<PackageReference Include="Avalonia.Diagnostics" Version="11.0.10" />
<PackageReference Include="Avalonia.Diagnostics" Version="11.0.11" />
</ItemGroup>

</Project>

0 comments on commit 4b0808b

Please sign in to comment.