Skip to content

Commit

Permalink
Merge pull request #797 from ldennington/ssl-cert-updates
Browse files Browse the repository at this point in the history 
release: consume auto-rotated SSL certificate
  • Loading branch information
@ldennington
ldennington committed Jul 21, 2022
2 parents e209b3d + f3aa617 commit 2d79a03
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 30 deletions.
9 changes: 3 additions & 6 deletions .github/run_esrp_signing.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,6 @@
esrp_tool = os.path.join("esrp", "tools", "EsrpClient.exe")

aad_id = os.environ['AZURE_AAD_ID'].strip()
# We temporarily need two AAD IDs, as we're using an SSL certificate associated
# with an older App Registration until we have the required hardware to approve
# the new certificate in SSL Admin.
aad_id_ssl = os.environ['AZURE_AAD_ID_SSL'].strip()
workspace = os.environ['GITHUB_WORKSPACE'].strip()

source_location = args.path
Expand All @@ -36,9 +32,10 @@
"TenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"ClientId": f"{aad_id}",
"AuthCert": {
"SubjectName": f"CN={aad_id_ssl}.microsoft.com",
"SubjectName": f"CN={aad_id}.microsoft.com",
"StoreLocation": "LocalMachine",
"StoreName": "My"
"StoreName": "My",
"SendX5c" : "true"
},
"RequestSigningCert": {
"SubjectName": f"CN={aad_id}",
Expand Down
24 changes: 0 additions & 24 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,10 +112,6 @@ jobs:
shell: pwsh
env:
AZURE_AAD_ID: ${{ secrets.AZURE_AAD_ID }}
# We temporarily need two AAD IDs, as we're using an SSL certificate associated
# with an older App Registration until we have the required hardware to approve
# the new certificate in SSL Admin.
AZURE_AAD_ID_SSL: ${{ secrets.AZURE_AAD_ID_SSL }}
APPLE_KEY_CODE: ${{ secrets.APPLE_KEY_CODE }}
APPLE_SIGNING_OP_CODE: ${{ secrets.APPLE_SIGNING_OPERATION_CODE }}
run: |
Expand Down Expand Up @@ -226,10 +222,6 @@ jobs:
shell: pwsh
env:
AZURE_AAD_ID: ${{ secrets.AZURE_AAD_ID }}
# We temporarily need two AAD IDs, as we're using an SSL certificate associated
# with an older App Registration until we have the required hardware to approve
# the new certificate in SSL Admin.
AZURE_AAD_ID_SSL: ${{ secrets.AZURE_AAD_ID_SSL }}
APPLE_KEY_CODE: ${{ secrets.APPLE_KEY_CODE }}
APPLE_SIGNING_OP_CODE: ${{ secrets.APPLE_SIGNING_OPERATION_CODE }}
run: |
Expand All @@ -246,10 +238,6 @@ jobs:
shell: pwsh
env:
AZURE_AAD_ID: ${{ secrets.AZURE_AAD_ID }}
# We temporarily need two AAD IDs, as we're using an SSL certificate associated
# with an older App Registration until we have the required hardware to approve
# the new certificate in SSL Admin.
AZURE_AAD_ID_SSL: ${{ secrets.AZURE_AAD_ID_SSL }}
APPLE_KEY_CODE: ${{ secrets.APPLE_KEY_CODE }}
APPLE_NOTARIZATION_OP_CODE: ${{ secrets.APPLE_NOTARIZATION_OPERATION_CODE }}
run: |
Expand Down Expand Up @@ -319,10 +307,6 @@ jobs:
shell: pwsh
env:
AZURE_AAD_ID: ${{ secrets.AZURE_AAD_ID }}
# We temporarily need two AAD IDs, as we're using an SSL certificate associated
# with an older App Registration until we have the required hardware to approve
# the new certificate in SSL Admin.
AZURE_AAD_ID_SSL: ${{ secrets.AZURE_AAD_ID_SSL }}
WINDOWS_KEY_CODE: ${{ secrets.WINDOWS_KEY_CODE }}
WINDOWS_OP_CODE: ${{ secrets.WINDOWS_OPERATION_CODE }}
run: |
Expand Down Expand Up @@ -353,10 +337,6 @@ jobs:
shell: pwsh
env:
AZURE_AAD_ID: ${{ secrets.AZURE_AAD_ID }}
# We temporarily need two AAD IDs, as we're using an SSL certificate associated
# with an older App Registration until we have the required hardware to approve
# the new certificate in SSL Admin.
AZURE_AAD_ID_SSL: ${{ secrets.AZURE_AAD_ID_SSL }}
WINDOWS_KEY_CODE: ${{ secrets.WINDOWS_KEY_CODE }}
WINDOWS_OP_CODE: ${{ secrets.WINDOWS_OPERATION_CODE }}
run: |
Expand Down Expand Up @@ -445,10 +425,6 @@ jobs:
shell: pwsh
env:
AZURE_AAD_ID: ${{ secrets.AZURE_AAD_ID }}
# We temporarily need two AAD IDs, as we're using an SSL certificate associated
# with an older App Registration until we have the required hardware to approve
# the new certificate in SSL Admin.
AZURE_AAD_ID_SSL: ${{ secrets.AZURE_AAD_ID_SSL }}
LINUX_KEY_CODE: ${{ secrets.LINUX_KEY_CODE }}
LINUX_OP_CODE: ${{ secrets.LINUX_OPERATION_CODE }}
run: |
Expand Down

0 comments on commit 2d79a03

Please sign in to comment.