chore: try signing again

algorandfoundation · Jul 15, 2024 · a8acf25 · a8acf25 · github-actions · Jul 15, 2024
1 parent 7fd9def
commit a8acf25
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 50 deletions.
diff --git a/.github/actions/build-binaries/windows/action.yaml b/.github/actions/build-binaries/windows/action.yaml
@@ -12,14 +12,14 @@ inputs:
   production_release:
     description: "Flag to determine if this is a production release"
     required: true
-  code_signing_cert:
-    description: "The base64 encoded code signing certificate"
+  azure_tenant_id:
+    description: ""
     required: true
-  code_signing_cert_sha1_hash:
-    description: "The SHA1 hash of the code signing certificate"
+  azure_client_id:
+    description: ""
     required: true
-  code_signing_cert_password:
-    description: "The password for the code signing certificate"
+  azure_client_secret:
+    description: ""
     required: true
 
 runs:
@@ -57,29 +57,6 @@ runs:
         timestamp-rfc3161: http://timestamp.acs.microsoft.com
         timestamp-digest: SHA256
 
-    # We only sign the release artifacts, as each signing request will use up the HSM quota
-    # - name: Download signing certificate
-    #   if: ${{ inputs.production_release == 'true' }}
-    #   run: |
-    #     signing_cert="${{ runner.temp }}\code_signing_cert.pfx"
-    #     echo "SIGNING_CERT=${signing_cert}" >> $GITHUB_ENV
-    #     echo '${{ inputs.code_signing_cert }}' | base64 -d > $signing_cert
-    #   shell: bash
-
-    # - name: Import signing certificate
-    #   if: ${{ inputs.production_release == 'true' }}
-    #   shell: pwsh
-    #   run: |
-    #     Import-PfxCertificate -FilePath ${{ env.SIGNING_CERT }} -Password (ConvertTo-SecureString -String ${{ inputs.code_signing_cert_password }} -AsPlainText -Force) -CertStoreLocation Cert:\CurrentUser\My | Out-Null
-
-    # - name: Sign executable
-    #   if: ${{ inputs.production_release == 'true' }}
-    #   shell: pwsh
-    #   run: |
-    #     $executablePath = '${{ env.BINARY_BUILD_DIR }}\algokit.exe'
-    #     signtool sign /sha1 ${{ inputs.code_signing_cert_sha1_hash }} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 $executablePath
-    #     # signtool verify /v /pa $executablePath
-
     - name: Build winget installer
       shell: pwsh
       run: |
@@ -91,9 +68,9 @@ runs:
     - name: Sign winget installer
       uses: azure/[email protected]
       with:
-        azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-        azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
-        azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+        azure-tenant-id: ${{ inputs.azure_tenant_id }}
+        azure-client-id: ${{ inputs.azure_client_id }}
+        azure-client-secret: ${{ inputs.azure_client_secret }}
         endpoint: https://weu.codesigning.azure.net/
         trusted-signing-account-name: "Algorand Foundation"
         certificate-profile-name: algokit
@@ -103,21 +80,6 @@ runs:
         timestamp-rfc3161: http://timestamp.acs.microsoft.com
         timestamp-digest: SHA256
 
-    # - name: Sign winget installer
-    #   if: ${{ inputs.production_release == 'true' }}
-    #   shell: pwsh
-    #   run: |
-    #     signtool sign /sha1 ${{ inputs.code_signing_cert_sha1_hash }} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 ${{ env.WINGET_INSTALLER }}
-    #     # signtool verify /v /pa ${{ env.WINGET_INSTALLER }}
-
-    # - name: Remove signing certificate
-    #   if: ${{ inputs.production_release == 'true' }}
-    #   shell: pwsh
-    #   run: |
-    #     $cert = Get-ChildItem -Path Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq '${{ inputs.code_signing_cert_sha1_hash }}' }
-    #     Remove-Item -Path $cert.PSPath
-    #     Remove-Item -Path ${{ env.SIGNING_CERT }}
-
     - name: Upload winget artifact
       uses: actions/upload-artifact@v4
       with:

diff --git a/.github/workflows/build-binaries.yaml b/.github/workflows/build-binaries.yaml
@@ -67,9 +67,9 @@ jobs:
           version: ${{ env.RELEASE_VERSION }}
           artifacts_dir: ${{ env.ARTIFACTS_DIR }}
           production_release: ${{ inputs.production_release }}
-          code_signing_cert: ${{ secrets.SM_CODE_SIGNING_CERT }}
-          code_signing_cert_sha1_hash: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}
-          code_signing_cert_password: ${{ secrets.SM_CODE_SIGNING_CERT_PASSWORD }}
+          azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          azure_client_id: ${{ secrets.AZURE_CLIENT_ID }}
+          azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
 
       - name: Build linux binary
         if: ${{ runner.os == 'Linux' }}
File	Stmts	Miss	Cover	Missing
src/algokit
__init__.py	15	7	53%	6–13, 17–24, 32–34
__main__.py	4	4	0%	1–7
src/algokit/cli
__init__.py	47	3	94%	31–34
codespace.py	50	9	82%	28, 114, 137, 150–155
completions.py	108	9	92%	63–64, 83, 93–99
dispenser.py	121	1	99%	77
doctor.py	53	3	94%	146–148
explore.py	56	15	73%	34–39, 41–46, 80–81, 90
generate.py	70	3	96%	76–77, 155
goal.py	47	1	98%	79
init.py	311	24	92%	497–498, 503–504, 507, 528, 531–533, 544, 548, 606, 632, 661, 694, 703–705, 708–713, 726, 745, 757–758
localnet.py	152	32	79%	65, 86–113, 133–137, 170, 182, 197–207, 220, 271, 292–293
task.py	34	3	91%	25–28
src/algokit/cli/project
bootstrap.py	32	1	97%	33
deploy.py	99	20	80%	47, 49, 101, 124, 146–148, 227, 234, 248–256, 259–268
link.py	89	16	82%	60, 65–66, 101–105, 115–120, 148–149, 218–219, 223
list.py	33	5	85%	21–23, 51–56
run.py	46	3	93%	38, 71, 160
src/algokit/cli/tasks
analyze.py	81	1	99%	81
assets.py	82	13	84%	65–66, 72, 74–75, 105, 119, 125–126, 132, 134, 136–137
ipfs.py	51	8	84%	52, 80, 92, 94–95, 105–107
mint.py	66	4	94%	48, 70, 91, 250
send_transaction.py	65	10	85%	52–53, 57, 89, 158, 170–174
sign_transaction.py	59	8	86%	21, 28–30, 71–72, 109, 123
transfer.py	39	3	92%	26, 90, 117
utils.py	99	45	55%	26–34, 40–43, 75–76, 100–101, 125–133, 152–162, 209, 258–259, 279–290, 297–299
vanity_address.py	56	10	82%	41, 45–48, 112, 114, 121–123
wallet.py	79	4	95%	21, 66, 136, 162
src/algokit/core
codespace.py	175	68	61%	34–37, 41–44, 48–71, 111–112, 125–133, 191, 200–202, 210, 216–217, 229–236, 251–298, 311–313, 338–344, 348, 395
conf.py	57	9	84%	12, 24, 28, 36, 38, 73–75, 80
dispenser.py	202	26	87%	91, 123–124, 141–149, 191–192, 198–200, 218–219, 259–260, 318, 332–334, 345–346, 356, 369, 384
doctor.py	65	7	89%	67–69, 92–94, 134
generate.py	50	3	94%	44, 85, 103
goal.py	65	4	94%	21, 36–37, 47
init.py	67	10	85%	53, 57–62, 70, 81, 88, 108–109
log_handlers.py	68	7	90%	50–51, 63, 112–116, 125
proc.py	45	1	98%	99
sandbox.py	263	23	91%	32, 89–92, 97, 101–103, 153, 201–208, 219, 590, 606, 631, 639
typed_client_generation.py	170	20	88%	62–64, 103–108, 132, 135–138, 156, 159–162, 229, 232–235
utils.py	148	40	73%	50–51, 57–69, 125–131, 155, 158, 164–177, 198–200, 229–232, 254
src/algokit/core/compilers
python.py	28	5	82%	19–20, 25, 49–50
src/algokit/core/config_commands
container_engine.py	41	21	49%	24, 29–31, 47–76
version_prompt.py	92	14	85%	37–38, 68, 87–90, 108, 118–125, 148
src/algokit/core/project
__init__.py	53	3	94%	50, 86, 145
bootstrap.py	120	8	93%	47, 126–127, 149, 176, 207–209
deploy.py	69	9	87%	108–111, 120–122, 126, 131
run.py	125	15	88%	83, 88, 97–98, 133–134, 138–139, 143, 147, 261–269, 284
src/algokit/core/tasks
analyze.py	93	3	97%	105–112, 187
ipfs.py	63	7	89%	58–64, 140, 144, 146, 152
nfd.py	49	13	73%	25, 31, 34–41, 70–72, 99–101
vanity_address.py	90	34	62%	49–50, 54, 59–75, 92–108, 128–131
wallet.py	71	5	93%	37, 129, 155–157
src/algokit/core/tasks/mint
mint.py	78	10	87%	123–133, 187
models.py	90	11	88%	50, 52, 57, 71–74, 85–88
TOTAL	4652	641	86%