release: update Linux, macOS, and Windows signing #1431
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update .NET setup tasks to be titled "Set up .NET" instead of "Setup dotnet." Additionally, change from using a specific .NET version (6.0.201) to a more general version that aligns with the current version in use by the project (7.0.x).
Add required permissions for federated credentials [1] to the release workflow. Additionally, add a prereqs job to set the GCM version for the workflow. 1: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure#adding-permissions-settings
ldennington
force-pushed
the
signing-updates
branch
14 times, most recently
from
8dae2bd
to
0fd9d66
Compare
Update the Linux component of the release workflow to use GPG signing instead of ESRP.
ldennington
force-pushed
the
signing-updates
branch
from
0fd9d66
to
96db06d
Compare
ldennington
force-pushed
the
signing-updates
branch
from
96db06d
to
c3f46b5
Compare
Update macOS component of release workflow to use GitHub certificates for signing and notarization.
ldennington
force-pushed
the
signing-updates
branch
6 times, most recently
from
721f8e2
to
2a377a6
Compare
Update Windows component of release workflow to use Azure Code Signing.
Update the .NET tool release workflow to use the workflow's Federated credential for Azure access. Additionally, update ESRP setup to use secrets instead of storage account/resource names.
Upload GCM's public key as a release asset. Add instructions for users to import this key and use it to validate the latest Debian package and tarball.
ldennington
force-pushed
the
signing-updates
branch
from
2a377a6
to
8f93d56
Compare
mjcheetham
approved these changes
Oct 20, 2023
mjcheetham
added a commit
that referenced
this pull request
Nov 1, 2023
**Changes:** - Add support for managed identity and service principals in Azure Repos (#1372) - Support universal Gitea OAuth app configuration (#1442) - Set default generic OAuth redirect URI value (#1444) - Drop WPF helpers on Windows (#1417) - Add software rendering override for Windows (#1445, #1453) - Recognise GitLab hosts via WWW-Authenticate header (#1428) - Recognise Bitbucket hosts via WWW-Authenticate header (#1441) - Support GitHub Gist remote URLs (#1402) - Update to Avalonia 11.x (#1383) - Documentation updates (#1416) - Drop unnecessary .NET Framework-specific code (#1447) - Updates to release process (#1386, #1381) - Update code signing certificates (#1431)
mjcheetham
added a commit
that referenced
this pull request
Nov 1, 2023
**Changes:** _Since 2.4.0:_ - Fix macOS ARM64 tarball contents (#1458) _Since 2.3.x:_ - Add support for managed identity and service principals in Azure Repos (#1372) - Support universal Gitea OAuth app configuration (#1442) - Set default generic OAuth redirect URI value (#1444) - Drop WPF helpers on Windows (#1417) - Add software rendering override for Windows (#1445, #1453) - Recognise GitLab hosts via WWW-Authenticate header (#1428) - Recognise Bitbucket hosts via WWW-Authenticate header (#1441) - Support GitHub Gist remote URLs (#1402) - Update to Avalonia 11.x (#1383) - Documentation updates (#1416) - Drop unnecessary .NET Framework-specific code (#1447) - Updates to release process (#1386, #1381) - Update code signing certificates (#1431)
This was referenced Nov 2, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR migrates GCM's Linux, macOS, and Windows signing workflows off the ESRP service. This means:
Note: This PR does not include updates to migrate the .NET tool package signing off ESRP for two reasons:
An example run of release workflow with these changes can be found here.