From 3c9eeb3ea477a827c8eb82998e700c96a2365ac5 Mon Sep 17 00:00:00 2001 From: Damian Hickey <57436+damianh@users.noreply.github.com> Date: Mon, 13 Jan 2025 22:03:03 +0100 Subject: [PATCH] Use new nuget signing key --- .github/workflow-gen/Program.cs | 14 +++++++------- .github/workflows/access-token-management-ci.yml | 2 +- .../workflows/access-token-management-release.yml | 2 +- .github/workflows/identity-model-ci.yml | 2 +- .../workflows/identity-model-oidc-client-ci.yml | 2 +- .../identity-model-oidc-client-release.yml | 2 +- .github/workflows/identity-model-release.yml | 2 +- .github/workflows/ignore-this-ci.yml | 2 +- .github/workflows/ignore-this-release.yml | 2 +- 9 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflow-gen/Program.cs b/.github/workflow-gen/Program.cs index 44748172..903b22c9 100644 --- a/.github/workflow-gen/Program.cs +++ b/.github/workflow-gen/Program.cs @@ -247,13 +247,13 @@ public static void StepPack(this Job job, string project) public static void StepSign(this Job job) { - var flags = "--file-digest sha256 " + - "--timestamp-rfc3161 http://timestamp.digicert.com " + - "--azure-key-vault-url https://duendecodesigning.vault.azure.net/ " + - "--azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 " + - "--azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 " + - "--azure-key-vault-client-secret ${{ secrets.SignClientSecret }} " + - "--azure-key-vault-certificate CodeSigning"; + var flags = "--file-digest sha256 " + + "--timestamp-rfc3161 http://timestamp.digicert.com " + + "--azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ " + + "--azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 " + + "--azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 " + + "--azure-key-vault-client-secret ${{ secrets.SignClientSecret }} " + + "--azure-key-vault-certificate NuGetPackageSigning"; job.Step() .Name("Sign packages") .Run($""" diff --git a/.github/workflows/access-token-management-ci.yml b/.github/workflows/access-token-management-ci.yml index e60539b0..e9b876b7 100644 --- a/.github/workflows/access-token-management-ci.yml +++ b/.github/workflows/access-token-management-ci.yml @@ -69,7 +69,7 @@ jobs: - name: Sign packages run: |- for file in artifacts/*.nupkg; do - dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning + dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning done - name: Push packages to MyGet if: github.ref == 'refs/heads/main' diff --git a/.github/workflows/access-token-management-release.yml b/.github/workflows/access-token-management-release.yml index 84e74bac..5e2ae0c0 100644 --- a/.github/workflows/access-token-management-release.yml +++ b/.github/workflows/access-token-management-release.yml @@ -57,7 +57,7 @@ jobs: - name: Sign packages run: |- for file in artifacts/*.nupkg; do - dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning + dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning done - name: Push packages to MyGet if: github.ref == 'refs/heads/main' diff --git a/.github/workflows/identity-model-ci.yml b/.github/workflows/identity-model-ci.yml index 0786abe1..46ea048c 100644 --- a/.github/workflows/identity-model-ci.yml +++ b/.github/workflows/identity-model-ci.yml @@ -67,7 +67,7 @@ jobs: - name: Sign packages run: |- for file in artifacts/*.nupkg; do - dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning + dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning done - name: Push packages to MyGet if: github.ref == 'refs/heads/main' diff --git a/.github/workflows/identity-model-oidc-client-ci.yml b/.github/workflows/identity-model-oidc-client-ci.yml index 90adf5b2..47999175 100644 --- a/.github/workflows/identity-model-oidc-client-ci.yml +++ b/.github/workflows/identity-model-oidc-client-ci.yml @@ -69,7 +69,7 @@ jobs: - name: Sign packages run: |- for file in artifacts/*.nupkg; do - dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning + dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning done - name: Push packages to MyGet if: github.ref == 'refs/heads/main' diff --git a/.github/workflows/identity-model-oidc-client-release.yml b/.github/workflows/identity-model-oidc-client-release.yml index fa71feca..61aca004 100644 --- a/.github/workflows/identity-model-oidc-client-release.yml +++ b/.github/workflows/identity-model-oidc-client-release.yml @@ -57,7 +57,7 @@ jobs: - name: Sign packages run: |- for file in artifacts/*.nupkg; do - dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning + dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning done - name: Push packages to MyGet if: github.ref == 'refs/heads/main' diff --git a/.github/workflows/identity-model-release.yml b/.github/workflows/identity-model-release.yml index cf91d1eb..ccfc4479 100644 --- a/.github/workflows/identity-model-release.yml +++ b/.github/workflows/identity-model-release.yml @@ -55,7 +55,7 @@ jobs: - name: Sign packages run: |- for file in artifacts/*.nupkg; do - dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning + dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning done - name: Push packages to MyGet if: github.ref == 'refs/heads/main' diff --git a/.github/workflows/ignore-this-ci.yml b/.github/workflows/ignore-this-ci.yml index f1598fee..aa457e9d 100644 --- a/.github/workflows/ignore-this-ci.yml +++ b/.github/workflows/ignore-this-ci.yml @@ -67,7 +67,7 @@ jobs: - name: Sign packages run: |- for file in artifacts/*.nupkg; do - dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning + dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning done - name: Push packages to MyGet if: github.ref == 'refs/heads/main' diff --git a/.github/workflows/ignore-this-release.yml b/.github/workflows/ignore-this-release.yml index 755e9052..9cccaa5d 100644 --- a/.github/workflows/ignore-this-release.yml +++ b/.github/workflows/ignore-this-release.yml @@ -55,7 +55,7 @@ jobs: - name: Sign packages run: |- for file in artifacts/*.nupkg; do - dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning + dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning done - name: Push packages to MyGet if: github.ref == 'refs/heads/main'