GitHub-Bitwarden
/
gh-actions
mirror of https://github.com/bitwarden/gh-actions.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add AST installation action (#7) 

* Adding an action that installs AST

* fixing the indention error

* fixing typos
pull/8/head
Joseph Flinn 4 years ago committed by GitHub
parent
9f2b33f2af
commit
f135c42c85
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 53 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      install-ast/README.md
  2. 41
      install-ast/action.yml

12
install-ast/README.md
Unescape View File

@ -0,0 +1,12 @@ @@ -0,0 +1,12 @@
# Install Azure Sign Tool (AST)
We use an EV SSL cert on an HSM in an Azure Key Vault to sign our Windows executables that we distribute outside of the
Windows Store. We use the [AzureSignTool](https://github.com/vcsjones/AzureSignTool) to do this. Since it is a pretty
involved process to install, needs a pinned commit version, and is in multiple projects, a composite action is the best
way of keeping uniformity in our actions.
See the [AzureSignTool README](https://github.com/vcsjones/AzureSignTool) or our [Desktop sign.js](https://github.com/bitwarden/desktop/blob/hotfix/pinning-ast-version/sign.js)
for usage examples.
## Requirements
- Windows OS

41
install-ast/action.yml
Unescape View File

@ -0,0 +1,41 @@ @@ -0,0 +1,41 @@
name: "Install Azure Sign Tool"
inputs: {}
outputs: {}
runs:
using: "composite"
steps:
- name: Check Runner OS
shell: bash
run: |
if ["$RUNNER_OS" != "Windows"]; then
echo "[!] This workflow only supports Windows runners"
exit 1
fi
- name: Set up dotnet
uses: actions/setup-dotnet@a71d1eb2c86af85faa8c772c03fb365e377e45ea # v1.8.0
with:
dotnet-version: "3.1.x"
- name: Install AST
shell: pwsh
env:
AST_PINNED_COMMIT: "ce87e84a58dff318f62ffe5177bf3e179d815108"
run: |
cd $HOME
git clone https://github.com/vcsjones/AzureSignTool.git
cd AzureSignTool
git switch --detach $env:AST_PINNED_COMMIT
$pinned_short_commit = $env:AST_PINNED_COMMIT[0..9] -join ""
$ast_version = "0.0.0-g$pinned_short_commit"
Write-Host "--------"
Write-Host "pinned git commit - $env:AST_PINNED_COMMIT"
Write-Host "pinned short git commit - $pinned_short_commit"
Write-Host "PACKAGE VERSION TO BUILD - $ast_version"
Write-Host "--------"
dotnet restore
dotnet pack --output ./nupkg
dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $ast_version azuresigntool
Write Preview
Loading…
Cancel
Save