Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release 2.5.1 #1648

Merged
merged 13 commits into from
Jul 2, 2024
Merged

Release 2.5.1 #1648

merged 13 commits into from
Jul 2, 2024

Conversation

mjcheetham
Copy link
Collaborator

Changes:

ldennington and others added 13 commits April 19, 2024 17:43
@ldennington
release: capture nuget signing cert
09bd04c 
NuGet requires that signed packages have a matching registered signing
certificate [1]. Update release workflow to capture this certificate from the Sign
CLI tool and upload it as a release artifact.

1: https://learn.microsoft.com/en-us/nuget/create-packages/sign-a-package#register-the-certificate-on-nugetorg
@ldennington
release: capture nuget signing cert (#1594)
87b3a1a 
NuGet requires that signed packages have a matching [registered signing
certificate](https://learn.microsoft.com/en-us/nuget/create-packages/sign-a-package#register-the-certificate-on-nugetorg).
Update release workflow to capture this certificate from the Sign CLI
tool and upload it as a release artifact. Note that this means we will
need to manually update this certificate to the
[`git-credential-manager`
organization](https://www.nuget.org/profiles/git-credential-manager) in
nuget.org prior to publishing the .NET tool version for each release.

Tested the end-to-end flow in [my
fork](https://github.com/ldennington/git-credential-manager) which
resulted in publication of [this
package](https://int.nugettest.org/packages/git-credential-manager) to
the NuGet QA Gallery.
@mjcheetham
docs: update MISP docs with open issue
85dab25 
Update the Managed Identity and Service Principal docs
to include the reference to a known issue with some MI formats.
@mjcheetham
core: update all dependencies
c7d3b5b 
Update all our dependencies to the latest verisons:

- MSAL 4.61.3
- Avalonia 11.0.11
@mjcheetham
Update all dependencies (#1640)
e124b8b 
Update all our dependencies to the latest versions:

- MSAL 4.61.3
- Avalonia 11.0.11
@mjcheetham
release: use trusted-signing-action
c724c8d 
Use the new azure/trusted-signing-action in place of the now deprecated
azure/azure-code-signing-action.

https://github.com/azure/azure-code-signing-action
https://github.com/azure/trusted-signing-action
@mjcheetham
release: use custom Sign.Cli tool for signing
e3facc5 
Use our customised version of the dotnet/sign tool for Trusted Signing,
including export of the certificate.
@mjcheetham
Update code signing with latest Azure Trusted Signing tools/tasks (#1644
61000ad 
)

- Update to the latest version of the GitHub Action (the
`azure/azure-code-signing-action` action has been replaced by the
`azure/trusted-signing-action` one).

- Deploy a forked version of the `Sign.Cli` tool for Trusted Signing,
which includes the ability to export the certificate. The fork can be
found here https://github.com/mjcheetham/sign/tree/export-opt, and the
PR to submit this change upstream here
dotnet/sign#734.

With these changes we are now completely secret/credential free, and
rely on federation only.
@mjcheetham
release: use 3rd party tool to extract nuget cert
f8c2c34 
Use a 3rd party tool to extract the NuGet signing certificate for upload
rather than relying on an option added to the sign.exe tool in a private
fork.
@mjcheetham
release: use dotnet tool install to get sign CLI
5c6d808 
Use the `dotnet tool install` command to acquire the code signing tool,
rather than rely on our Azure blob store.
@mjcheetham
release: drop no longer required sign.exe options
ddba796 
Drop the `-d` and `-u` options from the sign.exe CLI; they are no longer
required.
@mjcheetham
Use published sign.exe CLI and 3rd part certificate extractor tools (#…
07e579d 
…1647)

Use a 3rd party tool to extract the NuGet signing certificate for upload
rather than relying on an option added to the sign.exe tool in a private
fork. At the same time let's use the `dotnet tool install` command to
acquire the code signing tool, rather than rely on our Azure blob store.

Also let's drop the `-d` and `-u` options from the sign.exe CLI; they
are no longer required
([source](dotnet/sign#734 (comment))).
@mjcheetham
VERSION: update version to 2.5.1
a390637
@mjcheetham mjcheetham requested review from dscho and vdye July 2, 2024 21:08
@mjcheetham
Copy link
Collaborator Author

Failing centos 8 error is related to:
https://serverfault.com/questions/1161816/mirrorlist-centos-org-no-longer-resolve

cc @dscho

dscho
dscho approved these changes Jul 2, 2024
View reviewed changes
Copy link
Collaborator

@dscho dscho left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure what is going on with the CentOS build, but changes look good to me!

@dscho
Copy link
Collaborator

dscho commented Jul 2, 2024

Failing centos 8 error is related to:
https://serverfault.com/questions/1161816/mirrorlist-centos-org-no-longer-resolve

cc @dscho

Ah. That explains it all right!

@mjcheetham
Copy link
Collaborator Author

This version of CentOS is out of date, so I'm not going to bother investigating much further for this point-1 release. Until I have enough 'budget' to work on issues like this in GCM, I'm afraid I'll just need to merge with this check continuing to fail.

@mjcheetham mjcheetham merged commit 4b0808b into release Jul 2, 2024
16 of 17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dscho dscho dscho approved these changes

@vdye vdye vdye approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mjcheetham @dscho @vdye @ldennington