Pinning ast version (#1080)
* Pinning version of AST instead of using latest * adding the pinned version of the commit * adding an array join * pinning version of dotnet * trying the AST pin of the version we started using * disabling jobs and adding test step to window job * adding dotnet 2.1.x to see if that fixes the issue * removing the test code and testing the addition of .net 2.1.x * repinning to last successful sign * trying the newest version of AST * disabling the non-windows jobs again * disabling the windows build job and added a test job * removing stray comma * changing the multiline delimiter * pivoting away from our EV cert and testing with a test one * switching back to the EV cert and adding a verbose flag * disabling some steps that are breaking * swithing back to the test cert * testing new format for the ast command * removing the node portions of the test since they are not needed * trying AST without the tenat-id * rolling back to original commit * switching to custom AST for better troubleshooting * removing the ast commit logic and forcing latest * fixing up the pwsh sign command * fixing the AST verison * making sure that the secrets are not blank * trying the EV cert for signing * Using pinned commit from AST instead of custom code * fixing env * building the actually pinned commit instead of whatever the other thing was... * testing the windows job * removing the dotnet 2.1.x dependency since the older AST version shouldn't need it * reenabling the test ast job since something is failing * moving the git switch command * testing new gh-action * fixing the gh-action path * updating the hash of the new action * enabling the build jobs again * updating the hash for the new Install AST action * fixing linter issues
This commit is contained in:
parent
eac84128ed
commit
c99a543030
|
@ -10,7 +10,7 @@ on:
|
|||
jobs:
|
||||
cloc:
|
||||
name: CLOC
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
||||
|
@ -23,9 +23,10 @@ jobs:
|
|||
- name: Print lines of code
|
||||
run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git
|
||||
|
||||
|
||||
linux:
|
||||
name: Linux Build
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
||||
|
@ -115,18 +116,14 @@ jobs:
|
|||
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.AppImage
|
||||
if-no-files-found: error
|
||||
|
||||
|
||||
windows:
|
||||
name: Windows Build
|
||||
runs-on: windows-latest
|
||||
runs-on: windows-2019
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
||||
|
||||
- name: Set up dotnet
|
||||
uses: actions/setup-dotnet@a71d1eb2c86af85faa8c772c03fb365e377e45ea # v1.8.0
|
||||
with:
|
||||
dotnet-version: "3.1.x"
|
||||
|
||||
- name: Set up Node
|
||||
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
|
||||
with:
|
||||
|
@ -150,24 +147,7 @@ jobs:
|
|||
node-gyp install $(node -v)
|
||||
|
||||
- name: Install AST
|
||||
shell: pwsh
|
||||
run: |
|
||||
cd $HOME
|
||||
|
||||
git clone https://github.com/vcsjones/AzureSignTool.git
|
||||
cd AzureSignTool
|
||||
$latest_head = $(git rev-parse HEAD)[0..9] -join ""
|
||||
$latest_version = "0.0.0-g$latest_head"
|
||||
|
||||
Write-Host "--------"
|
||||
Write-Host "git commit - $(git rev-parse HEAD)"
|
||||
Write-Host "latest_head - $latest_head"
|
||||
Write-Host "PACKAGE VERSION TO BUILD - $latest_version"
|
||||
Write-Host "--------"
|
||||
|
||||
dotnet restore
|
||||
dotnet pack --output ./nupkg
|
||||
dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool
|
||||
uses: bitwarden/gh-actions/install-ast@f135c42c8596cb535c5bcb7523c0b2eef89709ac
|
||||
|
||||
- name: Set up environment
|
||||
shell: pwsh
|
||||
|
@ -267,7 +247,7 @@ jobs:
|
|||
|
||||
macos-build:
|
||||
name: MacOS Build
|
||||
runs-on: macos-latest
|
||||
runs-on: macos-11
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
||||
|
@ -368,7 +348,7 @@ jobs:
|
|||
|
||||
macos-package-github:
|
||||
name: MacOS Package GitHub Release Assets
|
||||
runs-on: macos-latest
|
||||
runs-on: macos-11
|
||||
needs: macos-build
|
||||
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
||||
steps:
|
||||
|
@ -498,7 +478,7 @@ jobs:
|
|||
|
||||
macos-package-mas:
|
||||
name: MacOS Package Prod Release Asset
|
||||
runs-on: macos-latest
|
||||
runs-on: macos-11
|
||||
needs: macos-build
|
||||
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
||||
steps:
|
||||
|
@ -624,7 +604,7 @@ jobs:
|
|||
macos-package-dev:
|
||||
name: MacOS Package Dev Release Asset
|
||||
if: false # We need to look into how code signing works for dev
|
||||
runs-on: macos-latest
|
||||
runs-on: macos-11
|
||||
needs: macos-build
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
|
|
|
@ -11,7 +11,7 @@ on:
|
|||
jobs:
|
||||
setup:
|
||||
name: Setup
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
outputs:
|
||||
package_version: ${{ steps.create_tags.outputs.package_version }}
|
||||
tag_version: ${{ steps.create_tags.outputs.tag_version }}
|
||||
|
@ -45,7 +45,7 @@ jobs:
|
|||
|
||||
snap:
|
||||
name: Deploy Snap
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
needs: setup
|
||||
env:
|
||||
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
|
||||
|
@ -81,7 +81,7 @@ jobs:
|
|||
|
||||
choco:
|
||||
name: Deploy Choco
|
||||
runs-on: windows-latest
|
||||
runs-on: windows-2019
|
||||
needs: setup
|
||||
env:
|
||||
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
|
||||
|
@ -124,7 +124,7 @@ jobs:
|
|||
|
||||
macos:
|
||||
name: Deploy MacOS
|
||||
runs-on: macos-latest
|
||||
runs-on: macos-11
|
||||
needs: setup
|
||||
env:
|
||||
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
|
||||
|
@ -153,7 +153,7 @@ jobs:
|
|||
|
||||
auto-updater-deploy:
|
||||
name: Release auto-updater files
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
needs:
|
||||
- setup
|
||||
- snap
|
||||
|
@ -178,7 +178,8 @@ jobs:
|
|||
#cat release.json
|
||||
|
||||
RELEASE_UPLOAD_URL=$(cat release.json | jq -r ' .upload_url ' | cut -d { -f 1)
|
||||
cat release.json | jq -rc ' .assets[] | select( .name | test("prerelease-latest.*[yml|json]")) | {name: .name, url: .url, content_type: .content_type}' > release_assets.jsonl
|
||||
cat release.json \
|
||||
| jq -rc ' .assets[] | select( .name | test("prerelease-latest.*[yml|json]")) | {name: .name, url: .url, content_type: .content_type}' > release_assets.jsonl
|
||||
|
||||
echo "=====ASSETS====="
|
||||
echo Release Upload URL: $RELEASE_UPLOAD_URL
|
||||
|
|
|
@ -14,7 +14,7 @@ on:
|
|||
jobs:
|
||||
setup:
|
||||
name: Setup
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
outputs:
|
||||
release_upload_url: ${{ steps.create_release.outputs.upload_url }}
|
||||
steps:
|
||||
|
@ -62,7 +62,7 @@ jobs:
|
|||
|
||||
linux:
|
||||
name: Linux
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
needs: setup
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
|
@ -117,17 +117,12 @@ jobs:
|
|||
|
||||
windows-signed:
|
||||
name: Windows Signed
|
||||
runs-on: windows-latest
|
||||
runs-on: windows-2019
|
||||
needs: setup
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
||||
|
||||
- name: Set up dotnet
|
||||
uses: actions/setup-dotnet@a71d1eb2c86af85faa8c772c03fb365e377e45ea # v1.8.0
|
||||
with:
|
||||
dotnet-version: "3.1.x"
|
||||
|
||||
- name: Set up Node
|
||||
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
|
||||
with:
|
||||
|
@ -151,24 +146,7 @@ jobs:
|
|||
node-gyp install $(node -v)
|
||||
|
||||
- name: Install AST
|
||||
shell: pwsh
|
||||
run: |
|
||||
cd $HOME
|
||||
|
||||
git clone https://github.com/vcsjones/AzureSignTool.git
|
||||
cd AzureSignTool
|
||||
$latest_head = $(git rev-parse HEAD)[0..9] -join ""
|
||||
$latest_version = "0.0.0-g$latest_head"
|
||||
|
||||
Write-Host "--------"
|
||||
Write-Host "git commit - $(git rev-parse HEAD)"
|
||||
Write-Host "latest_head - $latest_head"
|
||||
Write-Host "PACKAGE VERSION TO BUILD - $latest_version"
|
||||
Write-Host "--------"
|
||||
|
||||
dotnet restore
|
||||
dotnet pack --output ./nupkg
|
||||
dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool
|
||||
uses: bitwarden/gh-actions/install-ast@f135c42c8596cb535c5bcb7523c0b2eef89709ac
|
||||
|
||||
- name: Set up environment
|
||||
shell: pwsh
|
||||
|
@ -231,7 +209,7 @@ jobs:
|
|||
|
||||
windows-store:
|
||||
name: Windows Store
|
||||
runs-on: windows-latest
|
||||
runs-on: windows-2019
|
||||
needs: setup
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
|
@ -316,7 +294,7 @@ jobs:
|
|||
|
||||
macos:
|
||||
name: MacOS
|
||||
runs-on: macos-latest
|
||||
runs-on: macos-11
|
||||
needs: setup
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
|
@ -437,7 +415,7 @@ jobs:
|
|||
|
||||
update-release-assets:
|
||||
name: Update Release Assets
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
needs:
|
||||
- setup
|
||||
- linux
|
||||
|
|
2
sign.js
2
sign.js
|
@ -5,7 +5,7 @@ exports.default = async function(configuration) {
|
|||
) {
|
||||
console.log(`[*] Signing file: ${configuration.path}`)
|
||||
require("child_process").execSync(
|
||||
`azuresigntool sign ` +
|
||||
`azuresigntool sign -v ` +
|
||||
`-kvu ${process.env.SIGNING_VAULT_URL} ` +
|
||||
`-kvi ${process.env.SIGNING_CLIENT_ID} ` +
|
||||
`-kvt ${process.env.SIGNING_TENANT_ID} ` +
|
||||
|
|
Loading…
Reference in New Issue