From 427d36e974ab286b217b49636f7ee967024f74b7 Mon Sep 17 00:00:00 2001 From: Luiz Henrique Cassettari Date: Wed, 4 Dec 2024 17:19:04 -0300 Subject: [PATCH] Add `INuGetKeyVaultSign` --- Build/.nuke/build.schema.json | 1 + Build/Build.cs | 2 +- Build/Build.csproj | 4 +- Build/INuGetKeyVaultSign.cs | 83 +++++++++++++++++++ Build/IShowNuGetKeyVaultSign.cs | 74 ----------------- .../AzureKeyVaultConfig.cs | 2 +- .../AzureKeyVaultConfigTests.cs | 2 +- .../GenerationToolsTests.cs | 2 +- .../NuGetKeyVaultSignToolTests.cs | 2 +- 9 files changed, 91 insertions(+), 81 deletions(-) create mode 100644 Build/INuGetKeyVaultSign.cs delete mode 100644 Build/IShowNuGetKeyVaultSign.cs diff --git a/Build/.nuke/build.schema.json b/Build/.nuke/build.schema.json index c17becd..2ad2f99 100644 --- a/Build/.nuke/build.schema.json +++ b/Build/.nuke/build.schema.json @@ -29,6 +29,7 @@ "Compile", "GenerateTools", "GitRelease", + "NuGetKeyVaultSign", "Release", "Sign", "Test" diff --git a/Build/Build.cs b/Build/Build.cs index 19ac1c5..ba1652b 100644 --- a/Build/Build.cs +++ b/Build/Build.cs @@ -3,7 +3,7 @@ using ricaun.Nuke; using ricaun.Nuke.Components; -class Build : NukeBuild, IPublish, ITest, IGenerateTools +class Build : NukeBuild, IPublish, ITest, IGenerateTools, INuGetKeyVaultSign { string ITest.TestProjectName => "Nuke.NuGetKeyVaultSignTool"; public static int Main() => Execute(x => x.From().Build); diff --git a/Build/Build.csproj b/Build/Build.csproj index b12f505..3d5011a 100644 --- a/Build/Build.csproj +++ b/Build/Build.csproj @@ -20,7 +20,7 @@ - + diff --git a/Build/INuGetKeyVaultSign.cs b/Build/INuGetKeyVaultSign.cs new file mode 100644 index 0000000..52d8a38 --- /dev/null +++ b/Build/INuGetKeyVaultSign.cs @@ -0,0 +1,83 @@ +using Nuke.Common; +using ricaun.Nuke.Components; +using Nuke.Common.Tools.AzureSignTool; +using System; +using Newtonsoft.Json; +using Nuke.Common.IO; +using System.IO; +using System.Reflection; +using Nuke.Common.Tools.NuGetKeyVaultSignTool; +using Nuke.NuGetKeyVaultSignTool; +using System.Linq; + +public interface INuGetKeyVaultSign : IClean, ICompile +{ + private static string AZURE_KEY_VAULT_FILE => Environment.GetEnvironmentVariable("AZURE_KEY_VAULT_FILE"); + private static string AZURE_KEY_VAULT_PASSWORD => Environment.GetEnvironmentVariable("AZURE_KEY_VAULT_PASSWORD"); + + Target NuGetKeyVaultSign => _ => _ + .TriggeredBy(Clean) + .Before(Compile) + .Executes(() => + { + Serilog.Log.Information(NuGetKeyVaultSignToolTasks.NuGetKeyVaultSignToolPath); + + if (string.IsNullOrEmpty(AZURE_KEY_VAULT_FILE)) + { + Serilog.Log.Warning("AZURE_KEY_VAULT_FILE is null"); + return; + } + + if (string.IsNullOrEmpty(AZURE_KEY_VAULT_PASSWORD)) + { + Serilog.Log.Warning("AZURE_KEY_VAULT_PASSWORD is null"); + return; + } + + var azureKeyVaultFile = JsonConvert.DeserializeObject(AZURE_KEY_VAULT_FILE); + var azureKeyVaultClientSecret = AZURE_KEY_VAULT_PASSWORD; + + if (azureKeyVaultFile is null) + { + Serilog.Log.Warning("AzureKeyVaultConfig is null"); + return; + } + + if (azureKeyVaultFile.IsValid() == false) + { + Serilog.Log.Warning($"{azureKeyVaultFile} is not valid"); + return; + } + + Serilog.Log.Information($"Sign package using AzureKeyVaultCertificate {azureKeyVaultFile.AzureKeyVaultCertificate}"); + + AbsolutePath rootAssembly = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location); + + var fileNameToSign = Globbing.GlobFiles(rootAssembly, "*/package.nupkg").FirstOrDefault(); + if (string.IsNullOrEmpty(fileNameToSign)) + { + Serilog.Log.Warning("package.nupkg is null"); + return; + } + + var fullPath = fileNameToSign.Copy(rootAssembly / "package-copy.nupkg", ExistsPolicy.FileOverwrite); + + var length = (double)new System.IO.FileInfo(fullPath).Length; + + NuGetKeyVaultSignToolTasks.NuGetKeyVaultSignTool(x => x + .SetFile(fullPath) + .SetKeyVaultCertificateName(azureKeyVaultFile.AzureKeyVaultCertificate) + .SetKeyVaultUrl(azureKeyVaultFile.AzureKeyVaultUrl) + .SetKeyVaultClientId(azureKeyVaultFile.AzureKeyVaultClientId) + .SetKeyVaultTenantId(azureKeyVaultFile.AzureKeyVaultTenantId) + .SetKeyVaultClientSecret(azureKeyVaultClientSecret) + .SetTimestampRfc3161Url(azureKeyVaultFile.TimestampUrl ?? "http://timestamp.digicert.com") + .SetTimestampDigest(azureKeyVaultFile.TimestampDigest ?? NuGetKeyVaultSignToolDigestAlgorithm.sha256) + .SetForce(true) + ); + + var lengthAfter = (double)new System.IO.FileInfo(fullPath).Length; + + Serilog.Log.Warning($"Sign package {fullPath.Name} - {lengthAfter} {length}"); + }); +} diff --git a/Build/IShowNuGetKeyVaultSign.cs b/Build/IShowNuGetKeyVaultSign.cs deleted file mode 100644 index 760825f..0000000 --- a/Build/IShowNuGetKeyVaultSign.cs +++ /dev/null @@ -1,74 +0,0 @@ -//using Nuke.Common; -//using ricaun.Nuke.Components; -//using Nuke.Common.Tools.AzureSignTool; -//using System; -//using Newtonsoft.Json; -//using Nuke.Common.IO; -//using System.IO; -//using System.Reflection; - -//public interface IShowNuGetKeyVaultSign : IClean, ICompile -//{ -// private static string AZURE_KEY_VAULT_FILE => Environment.GetEnvironmentVariable("AZURE_KEY_VAULT_FILE"); -// private static string AZURE_KEY_VAULT_PASSWORD => Environment.GetEnvironmentVariable("AZURE_KEY_VAULT_PASSWORD"); - -// Target ShowNuGetKeyVaultSign => _ => _ -// .TriggeredBy(Clean) -// .Before(Compile) -// .Executes(() => -// { -// Serilog.Log.Information(NuGetKeyVaultSignToolTasks.NuGetKeyVaultSignToolPath); - -// if (string.IsNullOrEmpty(AZURE_KEY_VAULT_FILE)) -// { -// Serilog.Log.Warning("AZURE_KEY_VAULT_FILE is null"); -// return; -// } - -// if (string.IsNullOrEmpty(AZURE_KEY_VAULT_PASSWORD)) -// { -// Serilog.Log.Warning("AZURE_KEY_VAULT_PASSWORD is null"); -// return; -// } - -// var azureKeyVaultFile = JsonConvert.DeserializeObject(AZURE_KEY_VAULT_FILE); -// var azureKeyVaultClientSecret = AZURE_KEY_VAULT_PASSWORD; - -// if (azureKeyVaultFile is null) -// { -// Serilog.Log.Warning("AzureKeyVaultConfig is null"); -// return; -// } - -// if (azureKeyVaultFile.IsValid() == false) -// { -// Serilog.Log.Warning($"{azureKeyVaultFile} is not valid"); -// return; -// } - -// Serilog.Log.Information($"Sign package using AzureKeyVaultCertificate {azureKeyVaultFile.AzureKeyVaultCertificate}"); - -// AbsolutePath rootAssembly = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location); -// var fileNameToSign = "file.nupkg"; -// var fullPath = Path.Combine(rootAssembly, fileNameToSign); - -// var length = (double) new System.IO.FileInfo(fullPath).Length; - -// NuGetKeyVaultSignToolTasks.NuGetKeyVaultSignTool(x => x -// .SetFile(fullPath) -// .SetKeyVaultCertificateName(azureKeyVaultFile.AzureKeyVaultCertificate) -// .SetKeyVaultUrl(azureKeyVaultFile.AzureKeyVaultUrl) -// .SetKeyVaultClientId(azureKeyVaultFile.AzureKeyVaultClientId) -// .SetKeyVaultTenantId(azureKeyVaultFile.AzureKeyVaultTenantId) -// .SetKeyVaultClientSecret(azureKeyVaultClientSecret) -// .SetTimestampRfc3161Url(azureKeyVaultFile.TimestampUrl ?? "http://timestamp.digicert.com") -// .SetTimestampDigest(azureKeyVaultFile.TimestampDigest ?? NuGetKeyVaultSignToolDigestAlgorithm.sha256) -// .SetForce(true) -// ); - -// var lengthAfter = (double) new System.IO.FileInfo(fullPath).Length; - -// Serilog.Log.Warning($"Sign package {fileNameToSign} - {lengthAfter} {length}"); - -// }); -//} diff --git a/Nuke.NuGetKeyVaultSignTool/AzureKeyVaultConfig.cs b/Nuke.NuGetKeyVaultSignTool/AzureKeyVaultConfig.cs index 7d7eb6c..96e530d 100644 --- a/Nuke.NuGetKeyVaultSignTool/AzureKeyVaultConfig.cs +++ b/Nuke.NuGetKeyVaultSignTool/AzureKeyVaultConfig.cs @@ -1,4 +1,4 @@ -namespace NuGetKeyVaultSignTool +namespace Nuke.NuGetKeyVaultSignTool { public class AzureKeyVaultConfig { diff --git a/Nuke.NuGetKeyVaultSignTool/AzureKeyVaultConfigTests.cs b/Nuke.NuGetKeyVaultSignTool/AzureKeyVaultConfigTests.cs index 1c6cde6..4d183ed 100644 --- a/Nuke.NuGetKeyVaultSignTool/AzureKeyVaultConfigTests.cs +++ b/Nuke.NuGetKeyVaultSignTool/AzureKeyVaultConfigTests.cs @@ -1,7 +1,7 @@ using NUnit.Framework; using Newtonsoft.Json; -namespace NuGetKeyVaultSignTool +namespace Nuke.NuGetKeyVaultSignTool { public class AzureKeyVaultConfigTests { diff --git a/Nuke.NuGetKeyVaultSignTool/GenerationToolsTests.cs b/Nuke.NuGetKeyVaultSignTool/GenerationToolsTests.cs index 98d71b8..58f3b4a 100644 --- a/Nuke.NuGetKeyVaultSignTool/GenerationToolsTests.cs +++ b/Nuke.NuGetKeyVaultSignTool/GenerationToolsTests.cs @@ -7,7 +7,7 @@ using System.Reflection; using static Nuke.CodeGeneration.CodeGenerator; -namespace NuGetKeyVaultSignTool +namespace Nuke.NuGetKeyVaultSignTool { public class GenerationToolsTests { diff --git a/Nuke.NuGetKeyVaultSignTool/NuGetKeyVaultSignToolTests.cs b/Nuke.NuGetKeyVaultSignTool/NuGetKeyVaultSignToolTests.cs index 04d9e23..9b7b8de 100644 --- a/Nuke.NuGetKeyVaultSignTool/NuGetKeyVaultSignToolTests.cs +++ b/Nuke.NuGetKeyVaultSignTool/NuGetKeyVaultSignToolTests.cs @@ -10,7 +10,7 @@ using Nuke.Common.Tooling; using System.Collections.Generic; -namespace NuGetKeyVaultSignTool +namespace Nuke.NuGetKeyVaultSignTool { public class NuGetKeyVaultSignToolTests {