Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update automation and release process #153

Merged
merged 10 commits into from
Apr 9, 2024
Merged

Update automation and release process #153

merged 10 commits into from
Apr 9, 2024

Conversation

alexjhawk
Copy link
Collaborator

I updated the automation to use the latest available versions from https://github.com/hms-networks/sc-java-maven-starter-project. It was modified to build the Ignition module using the correct JDK.

alexjhawk added 6 commits April 2, 2024 10:39
@alexjhawk
Update code-format-test.yml
c2453af 
Updated the code-format-test.yml workflow to its
latest available version from the starter project.
@alexjhawk
Update commit-format-check.yml
883251d 
Updated the commit-format-check.yml workflow to its
latest available version from the starter project.
@alexjhawk
Update project-issue-automation.yml
fded030 
Updated the project-issue-automation.yml workflow to
its latest available version from the starter project.
@alexjhawk
Add release-make-branch.yml
fc8d9a4 
Added the release-make-branch.yml workflow to
allow for automatic release branch generation.
@alexjhawk
Add build-test.yml
79ce5ca 
Added the build-test.yml workflow to enable the
automatic testing of repository code state on
pull request and push to the main branch.
@alexjhawk
Add build-artifacts.yml
45aa5bf 
Added the build-artifacts.yml workflow to enable
the automatic building of artifacts when a push
is made to the main branch. This allows for the
artifacts to be built and temporarily available
regardless of whether a release is made.
@alexjhawk alexjhawk added the enhancement New feature or request label Apr 4, 2024
@alexjhawk alexjhawk self-assigned this Apr 4, 2024
@alexjhawk alexjhawk force-pushed the dev/automation branch 3 times, most recently from 964e0de to 315ec14 Compare April 4, 2024 13:30
alexjhawk added 3 commits April 4, 2024 14:09
@alexjhawk
Add release-build-outputs.yml
dcd7027 
Added the release-build-outputs.yml workflow to
enable an automatic, and more importantly,
consistent build of project releases. This also
enables an improved code signing process, which
occurs automatically. As with any project, an
adequate review of changes is crucially important
prior to a full release.
@alexjhawk
Remove MakeRelease.py
6116bb7 
Remove the old build script, MakeRelease.py, which
did not support a consistent or automatic build
process. This MakeRelease.py script was the basis
of our starter project workflows, and those can
be adapted for this project's use.
@alexjhawk
Update CHANGELOG headings
e3816b0 
Changed the headings in the 02-CHANGELOG.mdx
file to ensure compatibility with the new
automation/release process.
@alexjhawk alexjhawk requested review from TomKimsey and it-hms April 4, 2024 18:19
@alexjhawk alexjhawk marked this pull request as ready for review April 4, 2024 18:19
@alexjhawk
Copy link
Collaborator Author

These are primarily changes that align this repository with the workflows/automation in the starter project. A few modifications are made to use the necessary JDK version (11) and the proper module build process and file paths.

Of note, there is also a correction in the release-build-outputs.yml file to once and for all fix the regex evaluation to detect pre-release versus standard release. Following the merge of this PR, I will upstream the change to the starter project.

An example of a resulting release can be seen at https://github.com/hms-networks/IgnitionEwonConnector/releases/tag/v2.0.0-pre1.

In addition, following the merge of this PR, the release of v2.0.0 will be code-signed and published.

  • Because code signing is not possible in the automation, when a full release (non-pre-release) is published, the developer will have to download the unsigned modl file, sign it, and then replace the unsigned modl file with the signed one in the release.

Notes on Code Signing in Automation (Investigation)

I did spend some time looking into this, and the automation code was developed to support automated code signing here. For security reasons though, our code signing token does not permit exporting the private key.

  • While the public code signing certificate chain can be exported as desired, there is no option to export the private key in SafeNet Authentication Client.
  • I am unsure as to whether logging in as the token administrator allows export, but Sectigo does not provide token administration access. They only allow standard access to public components, and the private key is securely made available to the OS (and signtool) through a SafeNet cryptographic provider hosted by the SafeNet client.
  • The SafeNet cryptographic provider which hosts the private key in the operating system certificate store/system is protected and inaccessible through the operating system certificate management tools.

Windows Message when Attempting to Export Entire Certificate
image

SafeNet Authentication Client with no Management Buttons for Private Key
image

@alexjhawk alexjhawk merged commit 6028073 into main Apr 9, 2024
4 checks passed
@alexjhawk alexjhawk deleted the dev/automation branch April 9, 2024 13:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@it-hms it-hms it-hms approved these changes

@TomKimsey TomKimsey TomKimsey approved these changes

Assignees

@alexjhawk alexjhawk

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alexjhawk @TomKimsey @it-hms