Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DEVOPS-1333] Add code signing to the Windows bws CLI #534

Merged
merged 17 commits into from
Feb 27, 2024
Merged

[DEVOPS-1333] Add code signing to the Windows bws CLI #534

Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
59d2dd4
Add cli singning for windows
michalchecinski Jan 24, 2024
1ccfd16
Remove windows from build matrix
michalchecinski Jan 24, 2024
803b27a
Remove unnecessary ifs
michalchecinski Jan 24, 2024
404a2df
Display if the windows exe is signed
michalchecinski Jan 24, 2024
f0427b9
change signtool
michalchecinski Jan 24, 2024
2db7183
maybe fix check
michalchecinski Jan 24, 2024
54cb711
Remove cert check
michalchecinski Jan 24, 2024
8600593
Add conditional signing
michalchecinski Jan 25, 2024
98d7963
Ran prettier
michalchecinski Jan 25, 2024
ee90da7
Update .github/workflows/build-cli.yml
michalchecinski Jan 26, 2024
01bc7c3
change check for signing
michalchecinski Jan 26, 2024
04e745a
Update .github/workflows/build-cli.yml
michalchecinski Jan 31, 2024
8e7bcb6
Merge branch 'main' into DEVOPS-1333-Add-code-signing-to-the-bws-CLI-…
michalchecinski Feb 22, 2024
e9c7ff7
Fix
michalchecinski Feb 23, 2024
61fbc92
Merge branch 'main' into DEVOPS-1333-Add-code-signing-to-the-bws-CLI-…
michalchecinski Feb 23, 2024
75c28f3
Merge branch 'main' into DEVOPS-1333-Add-code-signing-to-the-bws-CLI-…
michalchecinski Feb 23, 2024
a602d0e
lint
michalchecinski Feb 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .github/workflows/build-cli.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ jobs:
runs-on: ubuntu-22.04
outputs:
package_version: ${{ steps.retrieve-version.outputs.package_version }}
sign: ${{ steps.sign.outputs.sign }}
steps:
- name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Expand All @@ -30,6 +31,16 @@ jobs:
VERSION=$(grep -o '^version = ".*"' crates/bws/Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+")
echo "package_version=$VERSION" >> $GITHUB_OUTPUT

- name: Sign if repo is owned by Bitwarden
id: sign
env:
REPO_OWNER: ${{ github.repository_owner }}
run: |
if [[ $REPO_OWNER == bitwarden ]]; then
echo "sign=true" >> $GITHUB_OUTPUT
fi
echo "sign=false" >> $GITHUB_OUTPUT

build-windows:
name: Building CLI for - ${{ matrix.settings.os }} - ${{ matrix.settings.target }}
runs-on: ${{ matrix.settings.os || 'ubuntu-latest' }}
Expand Down Expand Up @@ -66,11 +77,13 @@ jobs:
run: cargo build ${{ matrix.features }} -p bws --release --target=${{ matrix.settings.target }}

- name: Login to Azure
if: ${{ needs.setup.outputs.sign == 'true' }}
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

- name: Retrieve secrets
if: ${{ needs.setup.outputs.sign == 'true' }}
id: retrieve-secrets-windows
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
Expand All @@ -82,9 +95,11 @@ jobs:
code-signing-cert-name"

- name: Install AST
if: ${{ needs.setup.outputs.sign == 'true' }}
run: dotnet tool install --global AzureSignTool --version 4.0.1

- name: Sign windows binary
if: ${{ needs.setup.outputs.sign == 'true' }}
env:
SIGNING_VAULT_URL: ${{ steps.retrieve-secrets-windows.outputs.code-signing-vault-url }}
SIGNING_CLIENT_ID: ${{ steps.retrieve-secrets-windows.outputs.code-signing-client-id }}
Expand Down
Loading