Add INuGetKeyVaultSign

Build/.nuke/build.schema.json

@@ -29,6 +29,7 @@
         "Compile",
         "GenerateTools",
         "GitRelease",
+        "NuGetKeyVaultSign",
         "Release",
         "Sign",
         "Test"

Build/Build.cs

@@ -3,7 +3,7 @@
 using ricaun.Nuke;
 using ricaun.Nuke.Components;
 
-class Build : NukeBuild, IPublish, ITest, IGenerateTools
+class Build : NukeBuild, IPublish, ITest, IGenerateTools, INuGetKeyVaultSign
 {
     string ITest.TestProjectName => "Nuke.NuGetKeyVaultSignTool";
     public static int Main() => Execute<Build>(x => x.From<IPublish>().Build);

Build/Build.csproj

@@ -20,7 +20,7 @@
     <None Include=".nuke\*" />
   </ItemGroup>
 
-  <!--<ItemGroup>
+  <ItemGroup>
     <ProjectReference Include="..\Nuke.NuGetKeyVaultSignTool\Nuke.NuGetKeyVaultSignTool.csproj" />
   </ItemGroup>
 
@@ -32,6 +32,6 @@
 
   <PropertyGroup>
     <NoWarn>$(NoWarn);NU1505</NoWarn>
-  </PropertyGroup>-->
+  </PropertyGroup>
 
 </Project>

Build/INuGetKeyVaultSign.cs

@@ -0,0 +1,83 @@
+using Nuke.Common;
+using ricaun.Nuke.Components;
+using Nuke.Common.Tools.AzureSignTool;
+using System;
+using Newtonsoft.Json;
+using Nuke.Common.IO;
+using System.IO;
+using System.Reflection;
+using Nuke.Common.Tools.NuGetKeyVaultSignTool;
+using Nuke.NuGetKeyVaultSignTool;
+using System.Linq;
+
+public interface INuGetKeyVaultSign : IClean, ICompile
+{
+    private static string AZURE_KEY_VAULT_FILE => Environment.GetEnvironmentVariable("AZURE_KEY_VAULT_FILE");
+    private static string AZURE_KEY_VAULT_PASSWORD => Environment.GetEnvironmentVariable("AZURE_KEY_VAULT_PASSWORD");
+
+    Target NuGetKeyVaultSign => _ => _
+        .TriggeredBy(Clean)
+        .Before(Compile)
+        .Executes(() =>
+        {
+            Serilog.Log.Information(NuGetKeyVaultSignToolTasks.NuGetKeyVaultSignToolPath);
+
+            if (string.IsNullOrEmpty(AZURE_KEY_VAULT_FILE))
+            {
+                Serilog.Log.Warning("AZURE_KEY_VAULT_FILE is null");
+                return;
+            }
+
+            if (string.IsNullOrEmpty(AZURE_KEY_VAULT_PASSWORD))
+            {
+                Serilog.Log.Warning("AZURE_KEY_VAULT_PASSWORD is null");
+                return;
+            }
+
+            var azureKeyVaultFile = JsonConvert.DeserializeObject<AzureKeyVaultConfig>(AZURE_KEY_VAULT_FILE);
+            var azureKeyVaultClientSecret = AZURE_KEY_VAULT_PASSWORD;
+
+            if (azureKeyVaultFile is null)
+            {
+                Serilog.Log.Warning("AzureKeyVaultConfig is null");
+                return;
+            }
+
+            if (azureKeyVaultFile.IsValid() == false)
+            {
+                Serilog.Log.Warning($"{azureKeyVaultFile} is not valid");
+                return;
+            }
+
+            Serilog.Log.Information($"Sign package using AzureKeyVaultCertificate {azureKeyVaultFile.AzureKeyVaultCertificate}");
+
+            AbsolutePath rootAssembly = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);
+
+            var fileNameToSign = Globbing.GlobFiles(rootAssembly, "*/package.nupkg").FirstOrDefault();
+            if (string.IsNullOrEmpty(fileNameToSign))
+            {
+                Serilog.Log.Warning("package.nupkg is null");
+                return;
+            }
+
+            var fullPath = fileNameToSign.Copy(rootAssembly / "package-copy.nupkg", ExistsPolicy.FileOverwrite);
+
+            var length = (double)new System.IO.FileInfo(fullPath).Length;
+
+            NuGetKeyVaultSignToolTasks.NuGetKeyVaultSignTool(x => x
+                .SetFile(fullPath)
+                .SetKeyVaultCertificateName(azureKeyVaultFile.AzureKeyVaultCertificate)
+                .SetKeyVaultUrl(azureKeyVaultFile.AzureKeyVaultUrl)
+                .SetKeyVaultClientId(azureKeyVaultFile.AzureKeyVaultClientId)
+                .SetKeyVaultTenantId(azureKeyVaultFile.AzureKeyVaultTenantId)
+                .SetKeyVaultClientSecret(azureKeyVaultClientSecret)
+                .SetTimestampRfc3161Url(azureKeyVaultFile.TimestampUrl ?? "http://timestamp.digicert.com")
+                .SetTimestampDigest(azureKeyVaultFile.TimestampDigest ?? NuGetKeyVaultSignToolDigestAlgorithm.sha256)
+                .SetForce(true)
+            );
+
+            var lengthAfter = (double)new System.IO.FileInfo(fullPath).Length;
+
+            Serilog.Log.Warning($"Sign package {fullPath.Name} - {lengthAfter} {length}");
+        });
+}

Nuke.NuGetKeyVaultSignTool/AzureKeyVaultConfig.cs

@@ -1,4 +1,4 @@
-namespace NuGetKeyVaultSignTool
+namespace Nuke.NuGetKeyVaultSignTool
 {
     public class AzureKeyVaultConfig
     {

Nuke.NuGetKeyVaultSignTool/AzureKeyVaultConfigTests.cs

@@ -1,7 +1,7 @@
 using NUnit.Framework;
 using Newtonsoft.Json;
 
-namespace NuGetKeyVaultSignTool
+namespace Nuke.NuGetKeyVaultSignTool
 {
     public class AzureKeyVaultConfigTests
     {

Nuke.NuGetKeyVaultSignTool/GenerationToolsTests.cs

@@ -7,7 +7,7 @@
 using System.Reflection;
 using static Nuke.CodeGeneration.CodeGenerator;
 
-namespace NuGetKeyVaultSignTool
+namespace Nuke.NuGetKeyVaultSignTool
 {
     public class GenerationToolsTests
     {

Nuke.NuGetKeyVaultSignTool/NuGetKeyVaultSignToolTests.cs

@@ -10,7 +10,7 @@
 using Nuke.Common.Tooling;
 using System.Collections.Generic;
 
-namespace NuGetKeyVaultSignTool
+namespace Nuke.NuGetKeyVaultSignTool
 {
     public class NuGetKeyVaultSignToolTests
     {