Release Current .NET Core for Windows Version #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This creates a new release on GitHub | |
| name: Release Current .NET Core for Windows Version | |
| # Controls when the action will run. Workflow runs when manually triggered using the UI | |
| # or API. | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| environment: AzureC4A8CodeSigning | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: write # This is required for creating a release (as using 'permissions:' will reset the default rights to 'none') | |
| steps: | |
| - name: Download artifact | |
| uses: dawidd6/action-download-artifact@v6 | |
| with: | |
| # Optional, GitHub token | |
| github_token: ${{secrets.GITHUB_TOKEN}} | |
| # Required, workflow file name or ID | |
| workflow: build-windows-core.yml | |
| # Optional, the conclusion of a completed workflow to search for | |
| # Can be one of: | |
| # "failure", "success", "neutral", "cancelled", "skipped", "timed_out", "action_required" | |
| # Ignores conclusion by default (thus using the most recent completed run when no other option is specified, regardless of conclusion) | |
| workflow_conclusion: success | |
| # Optional, will use the branch | |
| branch: main | |
| # Optional, directory where to extract artifact | |
| path: publish | |
| - name: Install AzureSignTool | |
| run: dotnet tool install --no-cache --global AzureSignTool | |
| - name: Azure CLI login | |
| uses: azure/login@v2 | |
| with: | |
| tenant-id: a53834b7-42bc-46a3-b004-369735c3acf9 # c4a8.onmicrosoft.com | |
| client-id: 97676fd8-6001-4096-be4a-fbed37f1355b # from Entra ID app registration | |
| allow-no-subscriptions: true | |
| - name: Azure CLI get token | |
| run: | | |
| kv_token=$(az account get-access-token --scope https://vault.azure.net/.default --query accessToken --output tsv) | |
| echo "::add-mask::$kv_token" | |
| echo "CODE_SIGN_AKV_ACCESS_TOKEN=$kv_token" >> $GITHUB_ENV | |
| - name: Code-sign the extracted exe | |
| run: | | |
| azuresigntool.exe sign --verbose ` | |
| --azure-key-vault-url "https://kv-c4a8-code-signing-prd.vault.azure.net" ` | |
| --azure-key-vault-accesstoken ${{ env.CODE_SIGN_AKV_ACCESS_TOKEN }} ` | |
| --azure-key-vault-certificate "glueckkanja-ag-202311" ` | |
| --timestamp-rfc3161 "http://timestamp.digicert.com" ` | |
| publish/scepclient-win-x64/ScepClient.exe | |
| # Now we do not have the ZIP anymore, so we must re-zip the extracted exe | |
| - name: ZIP EXE for download | |
| run: zip --junk-paths scepclient-core-win-x64 publish/scepclient-win-x64/ScepClient.exe | |
| - name: Create tag | |
| id: create_tag | |
| run: | | |
| tag=$(date +"%Y%m%d-%H%M-windows-core") | |
| echo "::set-output name=tag::$tag" | |
| - name: Create Draft Release | |
| id: create_release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: ${{ steps.create_tag.outputs.tag }} | |
| release_name: ${{ steps.create_tag.outputs.tag }} | |
| draft: true | |
| prerelease: false | |
| # Some debug output | |
| - name: "[Debug] Where Are We" | |
| run: pwd | |
| - name: "[Debug] List Files" | |
| run: ls -Rs | |
| - name: Upload Artifacts to Release | |
| uses: actions/upload-release-asset@v1.0.2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| asset_path: ./scepclient-core-win-x64.zip | |
| asset_name: scepclient-core-win-x64.zip | |
| asset_content_type: application/zip | |
| - name: Publish Release | |
| uses: eregon/publish-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| release_id: ${{ steps.create_release.outputs.id }} |