move sign code into function

cisagov · Dec 16, 2024 · 5ba46c8 · 5ba46c8
1 parent 1205106
commit 5ba46c8
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 19 deletions.
diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml
@@ -64,25 +64,31 @@ jobs:
           echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT
       - name: Sign Module
         run: |
-          # Source the deploy utilities so the functions in it can be called.
-          . repo/utils/workflow/Publish-ScubaGear.ps1
-          # Remove non-release files
-          Remove-Item -Recurse -Force repo -Include .git*
-          Write-Output "Creating an array of the files to sign..."
-          $ArrayOfFilePaths = New-ArrayOfFilePaths `
-            -ModuleDestinationPath repo
-          Write-Output "Creating a file with a list of the files to sign..."
-          $FileListFileName = New-FileList `
-            -ArrayOfFilePaths $ArrayOfFilePaths
-          Write-Output "Calling AzureSignTool function to sign scripts, manifest, and modules..."
-          $AzureKeyVaultUrl = '${{ steps.key-vault-info.outputs.KeyVaultUrl }}'
-          $CertificateName = '${{ steps.key-vault-info.outputs.KeyVaultCertificateName }}'
-          Use-AzureSignTool `
-            -AzureKeyVaultUrl $AzureKeyVaultUrl `
-            -CertificateName $CertificateName `
-            -FileList $FileListFileName
-          Move-Item  -Path repo -Destination "ScubaGear-${env:RELEASE_VERSION}" -Force
-          Compress-Archive -Path "ScubaGear-${env:RELEASE_VERSION}" -DestinationPath "ScubaGear-${env:RELEASE_VERSION}.zip"
+          # Source the function
+          . ./utils/workflow/Build-SignRelease.ps1
+          New-ModuleSignature `
+            -AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} ` 
+            -CertificateName ${{ steps.key-vault-info.outputs.KeyVaultCertificateName }} `
+            -ReleaseVersion ${env:RELEASE_VERSION}
+          # # Source the deploy utilities so the functions in it can be called.
+          # . repo/utils/workflow/Publish-ScubaGear.ps1
+          # # Remove non-release files
+          # Remove-Item -Recurse -Force repo -Include .git*
+          # Write-Output "Creating an array of the files to sign..."
+          # $ArrayOfFilePaths = New-ArrayOfFilePaths `
+          #   -ModuleDestinationPath repo
+          # Write-Output "Creating a file with a list of the files to sign..."
+          # $FileListFileName = New-FileList `
+          #   -ArrayOfFilePaths $ArrayOfFilePaths
+          # Write-Output "Calling AzureSignTool function to sign scripts, manifest, and modules..."
+          # $AzureKeyVaultUrl = '${{ steps.key-vault-info.outputs.KeyVaultUrl }}'
+          # $CertificateName = '${{ steps.key-vault-info.outputs.KeyVaultCertificateName }}'
+          # Use-AzureSignTool `
+          #   -AzureKeyVaultUrl $AzureKeyVaultUrl `
+          #   -CertificateName $CertificateName `
+          #   -FileList $FileListFileName
+          # Move-Item  -Path repo -Destination "ScubaGear-${env:RELEASE_VERSION}" -Force
+          # Compress-Archive -Path "ScubaGear-${env:RELEASE_VERSION}" -DestinationPath "ScubaGear-${env:RELEASE_VERSION}.zip"
       - name: Create Release
         uses: softprops/action-gh-release@v1
         id: create-release

diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1
@@ -0,0 +1,47 @@
+function New-ModuleSignature {
+  <#
+    .SYNOPSIS
+      Sign the ScubaGear module.
+    .PARAMETER $AzureKeyVaultUrl
+      The URL for the KeyVault in Azure.
+    .PARAMETER $CertificateName
+      The name of the certificate stored in the KeyVault.
+    .PARAMETER $ReleaseVersion
+      The version number of the release (e.g., 1.5.1).
+  #>
+  [CmdletBinding()]
+	param(
+		[Parameter(Mandatory = $true)]
+		[string]
+		$AzureKeyVaultUrl,
+		[Parameter(Mandatory = $true)]
+		[string]
+		$CertificateName,
+    [Parameter(Mandatory = $true)]
+    [string]
+    $ReleaseVersion
+	)
+
+  Write-Warning "Signing the module with AzureSignTool..."
+
+  # Source the deploy utilities so the functions in it can be called.
+  . ./Publish-ScubaGear.ps1
+
+  # Remove non-release files
+  Remove-Item -Recurse -Force repo -Include .git*
+  Write-Warning "Creating an array of the files to sign..."
+  $ArrayOfFilePaths = New-ArrayOfFilePaths `
+    -ModuleDestinationPath repo
+
+  Write-Warning "Creating a file with a list of the files to sign..."
+  $FileListFileName = New-FileList `
+    -ArrayOfFilePaths $ArrayOfFilePaths
+
+  Write-Warning "Calling AzureSignTool function to sign scripts, manifest, and modules..."
+  Use-AzureSignTool `
+    -AzureKeyVaultUrl $AzureKeyVaultUrl `
+    -CertificateName $CertificateName `
+    -FileList $FileListFileName
+  Move-Item  -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force
+  Compress-Archive -Path "ScubaGear-$ReleaseVersion" -DestinationPath "ScubaGear-$ReleaseVersion.zip"
+}