Add support for caching dependencies (#31)

* Add support for caching dependencies to optimize perf * Debugging - list env vars * Deugging - missing shell * Fix path to appdata * Cache module * Fix missing shell * Experimenting with proper way to set env vars * Experiment with outputs * Use bash instead of pwsh * Switch back to pwsh * Get only 1 path from psmodulepath * Add new input and conditionals * Delete whitespace * Add description for input * Delete trusted-signing-module-0.3.18.zip * Add new input to README * Fix documentation for cache-dependencies in README * Update cache-dependencies documentation in action.yml * Introduce variables for controlling dependency versions * Debug why variables aren't working 1 * Use outputs instead of env * Fix var in install-module step
Azure · Jun 6, 2024 · 3656866 · 3656866
1 parent 17ec44f
commit 3656866
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -230,6 +230,9 @@ timeout: 600
 
 # The summed length of file paths that can be signed with each signtool call. This parameter should only be relevant if you are signing a large number of files. Increasing the value may result in performance gains at the risk of potentially hitting your system's maximum command length limit. The minimum value is 0 and the maximum value is 30000. A value of 0 means that every file will be signed with an individual call to signtool.
 batch-size: 10000
+
+# A boolean value (true/false) that indicates if the dependencies for this action should be cached by GitHub or not. The default value is true. When using self-hosted runners, caches from workflow runs are stored on GitHub-owned cloud storage. A customer-owned storage solution is only available with GitHub Enterprise Server. When enabled, this option can reduce the duration of the action by at least 1 minute. More info: https://docs.github.com/actions/using-workflows/caching-dependencies-to-speed-up-workflows
+cache-dependencies: true
 ```
 
 ## Best Practices

diff --git a/action.yml b/action.yml
@@ -172,10 +172,65 @@ inputs:
                  command length limit. The minimum value is 0 and the maximum value is 30000. A value of
                  0 means that every file will be signed with an individual call to signtool.
     required: false
+  cache-dependencies:
+    description: A boolean value (true/false) that indicates if the dependencies for this action should be cached
+                 by GitHub or not. The default value is true. When using self-hosted runners, caches from workflow
+                 runs are stored on GitHub-owned cloud storage. A customer-owned storage solution is only available
+                 with GitHub Enterprise Server. When enabled, this option can reduce the duration of the action by
+                 at least 1 minute.
+    required: false
+    default: 'true'
 
 runs:
   using: 'composite'
   steps:
+    - name: Set variables
+      id: set-variables
+      shell: 'pwsh'
+      run: |
+        $defaultPath = $env:PSModulePath -split ';' | Select-Object -First 1
+        "PSMODULEPATH=$defaultPath" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
+        
+        "TRUSTED_SIGNING_MODULE_VERSION=0.3.18" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
+        "BUILD_TOOLS_NUGET_VERSION=10.0.22621.3233" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
+        "TRUSTED_SIGNING_NUGET_VERSION=1.0.53" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
+
+    - name: Cache TrustedSigning PowerShell module
+      id: cache-module
+      uses: actions/cache@v3
+      env:
+        cache-name: cache-module
+      with:
+        path: ${{ steps.set-variables.outputs.PSMODULEPATH }}\TrustedSigning\${{ steps.set-variables.outputs.TRUSTED_SIGNING_MODULE_VERSION }}
+        key: TrustedSigning-${{ steps.set-variables.outputs.TRUSTED_SIGNING_MODULE_VERSION }}
+      if: ${{ inputs.cache-dependencies == 'true' }}
+
+    - name: Cache Microsoft.Windows.SDK.BuildTools NuGet package
+      id: cache-buildtools
+      uses: actions/cache@v3
+      env:
+        cache-name: cache-buildtools
+      with:
+        path: ~\AppData\Local\TrustedSigning\Microsoft.Windows.SDK.BuildTools\Microsoft.Windows.SDK.BuildTools.${{ steps.set-variables.outputs.BUILD_TOOLS_NUGET_VERSION }}
+        key: Microsoft.Windows.SDK.BuildTools-${{ steps.set-variables.outputs.BUILD_TOOLS_NUGET_VERSION }}
+      if: ${{ inputs.cache-dependencies == 'true' }}
+
+    - name: Cache Microsoft.Trusted.Signing.Client NuGet package
+      id: cache-tsclient
+      uses: actions/cache@v3
+      env:
+        cache-name: cache-tsclient
+      with:
+        path: ~\AppData\Local\TrustedSigning\Microsoft.Trusted.Signing.Client\Microsoft.Trusted.Signing.Client.${{ steps.set-variables.outputs.TRUSTED_SIGNING_NUGET_VERSION }}
+        key: Microsoft.Trusted.Signing.Client-${{ steps.set-variables.outputs.TRUSTED_SIGNING_NUGET_VERSION }}
+      if: ${{ inputs.cache-dependencies == 'true' }}
+
+    - name: Install Trusted Signing module
+      shell: 'pwsh'
+      run: |
+        Install-Module -Name TrustedSigning -RequiredVersion ${{ steps.set-variables.outputs.TRUSTED_SIGNING_MODULE_VERSION }} -Force -Repository PSGallery
+      if: ${{ inputs.cache-dependencies != 'true' || steps.cache-module.outputs.cache-hit != 'true' }}
+
     - name: Invoke signing
       env:
         AZURE_TENANT_ID: ${{ inputs.azure-tenant-id }}
@@ -186,11 +241,6 @@ runs:
         AZURE_USERNAME: ${{ inputs.azure-username }}
         AZURE_PASSWORD: ${{ inputs.azure-password }}
       run: |
-        $modulePath = "${{ github.action_path }}/trusted-signing-module-0.3.18.zip"
-        $installPath = "${{ github.action_path }}/TrustedSigning"
-        Expand-Archive -Path $modulePath -DestinationPath $installPath
-        Import-Module -Name $installPath
-
         $params = @{}
 
         $endpoint = "${{ inputs.endpoint }}"

diff --git a/trusted-signing-module-0.3.18.zip b/trusted-signing-module-0.3.18.zip