Use new nuget signing key

DuendeSoftware · Jan 13, 2025 · 3c9eeb3 · 3c9eeb3
1 parent c90bc4a
commit 3c9eeb3
Show file tree

Hide file tree

Showing 9 changed files with 15 additions and 15 deletions.
diff --git a/.github/workflow-gen/Program.cs b/.github/workflow-gen/Program.cs
@@ -247,13 +247,13 @@ public static void StepPack(this Job job, string project)
 
     public static void StepSign(this Job job)
     {
-        var flags = "--file-digest sha256 "                                             +
-                    "--timestamp-rfc3161 http://timestamp.digicert.com "                +
-                    "--azure-key-vault-url https://duendecodesigning.vault.azure.net/ " +
-                    "--azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 " +
-                    "--azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 " +
-                    "--azure-key-vault-client-secret ${{ secrets.SignClientSecret }} "  +
-                    "--azure-key-vault-certificate CodeSigning";
+        var flags = "--file-digest sha256 "                                                +
+                    "--timestamp-rfc3161 http://timestamp.digicert.com "                   +
+                    "--azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ " +
+                    "--azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 "    +
+                    "--azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 "    +
+                    "--azure-key-vault-client-secret ${{ secrets.SignClientSecret }} "     +
+                    "--azure-key-vault-certificate NuGetPackageSigning";
         job.Step()
             .Name("Sign packages")
             .Run($"""

diff --git a/.github/workflows/access-token-management-ci.yml b/.github/workflows/access-token-management-ci.yml
@@ -69,7 +69,7 @@ jobs:
     - name: Sign packages
       run: |-
         for file in artifacts/*.nupkg; do
-           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning
+           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
         done
     - name: Push packages to MyGet
       if: github.ref == 'refs/heads/main'

diff --git a/.github/workflows/access-token-management-release.yml b/.github/workflows/access-token-management-release.yml
@@ -57,7 +57,7 @@ jobs:
     - name: Sign packages
       run: |-
         for file in artifacts/*.nupkg; do
-           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning
+           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
         done
     - name: Push packages to MyGet
       if: github.ref == 'refs/heads/main'

diff --git a/.github/workflows/identity-model-ci.yml b/.github/workflows/identity-model-ci.yml
@@ -67,7 +67,7 @@ jobs:
     - name: Sign packages
       run: |-
         for file in artifacts/*.nupkg; do
-           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning
+           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
         done
     - name: Push packages to MyGet
       if: github.ref == 'refs/heads/main'

diff --git a/.github/workflows/identity-model-oidc-client-ci.yml b/.github/workflows/identity-model-oidc-client-ci.yml
@@ -69,7 +69,7 @@ jobs:
     - name: Sign packages
       run: |-
         for file in artifacts/*.nupkg; do
-           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning
+           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
         done
     - name: Push packages to MyGet
       if: github.ref == 'refs/heads/main'

diff --git a/.github/workflows/identity-model-oidc-client-release.yml b/.github/workflows/identity-model-oidc-client-release.yml
@@ -57,7 +57,7 @@ jobs:
     - name: Sign packages
       run: |-
         for file in artifacts/*.nupkg; do
-           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning
+           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
         done
     - name: Push packages to MyGet
       if: github.ref == 'refs/heads/main'

diff --git a/.github/workflows/identity-model-release.yml b/.github/workflows/identity-model-release.yml
@@ -55,7 +55,7 @@ jobs:
     - name: Sign packages
       run: |-
         for file in artifacts/*.nupkg; do
-           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning
+           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
         done
     - name: Push packages to MyGet
       if: github.ref == 'refs/heads/main'

diff --git a/.github/workflows/ignore-this-ci.yml b/.github/workflows/ignore-this-ci.yml
@@ -67,7 +67,7 @@ jobs:
     - name: Sign packages
       run: |-
         for file in artifacts/*.nupkg; do
-           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning
+           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
         done
     - name: Push packages to MyGet
       if: github.ref == 'refs/heads/main'

diff --git a/.github/workflows/ignore-this-release.yml b/.github/workflows/ignore-this-release.yml
@@ -55,7 +55,7 @@ jobs:
     - name: Sign packages
       run: |-
         for file in artifacts/*.nupkg; do
-           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning
+           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
         done
     - name: Push packages to MyGet
       if: github.ref == 'refs/heads/main'