From 5ba46c81a2076747e34d043565b6af8f796c55bf Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Mon, 16 Dec 2024 14:22:57 -0500 Subject: [PATCH 01/62] move sign code into function --- .github/workflows/build_sign_release.yaml | 44 ++++++++++++--------- utils/workflow/Build-SignRelease.ps1 | 47 +++++++++++++++++++++++ 2 files changed, 72 insertions(+), 19 deletions(-) create mode 100644 utils/workflow/Build-SignRelease.ps1 diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index 85adf7b322..83496138bd 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -64,25 +64,31 @@ jobs: echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT - name: Sign Module run: | - # Source the deploy utilities so the functions in it can be called. - . repo/utils/workflow/Publish-ScubaGear.ps1 - # Remove non-release files - Remove-Item -Recurse -Force repo -Include .git* - Write-Output "Creating an array of the files to sign..." - $ArrayOfFilePaths = New-ArrayOfFilePaths ` - -ModuleDestinationPath repo - Write-Output "Creating a file with a list of the files to sign..." - $FileListFileName = New-FileList ` - -ArrayOfFilePaths $ArrayOfFilePaths - Write-Output "Calling AzureSignTool function to sign scripts, manifest, and modules..." - $AzureKeyVaultUrl = '${{ steps.key-vault-info.outputs.KeyVaultUrl }}' - $CertificateName = '${{ steps.key-vault-info.outputs.KeyVaultCertificateName }}' - Use-AzureSignTool ` - -AzureKeyVaultUrl $AzureKeyVaultUrl ` - -CertificateName $CertificateName ` - -FileList $FileListFileName - Move-Item -Path repo -Destination "ScubaGear-${env:RELEASE_VERSION}" -Force - Compress-Archive -Path "ScubaGear-${env:RELEASE_VERSION}" -DestinationPath "ScubaGear-${env:RELEASE_VERSION}.zip" + # Source the function + . ./utils/workflow/Build-SignRelease.ps1 + New-ModuleSignature ` + -AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} ` + -CertificateName ${{ steps.key-vault-info.outputs.KeyVaultCertificateName }} ` + -ReleaseVersion ${env:RELEASE_VERSION} + # # Source the deploy utilities so the functions in it can be called. + # . repo/utils/workflow/Publish-ScubaGear.ps1 + # # Remove non-release files + # Remove-Item -Recurse -Force repo -Include .git* + # Write-Output "Creating an array of the files to sign..." + # $ArrayOfFilePaths = New-ArrayOfFilePaths ` + # -ModuleDestinationPath repo + # Write-Output "Creating a file with a list of the files to sign..." + # $FileListFileName = New-FileList ` + # -ArrayOfFilePaths $ArrayOfFilePaths + # Write-Output "Calling AzureSignTool function to sign scripts, manifest, and modules..." + # $AzureKeyVaultUrl = '${{ steps.key-vault-info.outputs.KeyVaultUrl }}' + # $CertificateName = '${{ steps.key-vault-info.outputs.KeyVaultCertificateName }}' + # Use-AzureSignTool ` + # -AzureKeyVaultUrl $AzureKeyVaultUrl ` + # -CertificateName $CertificateName ` + # -FileList $FileListFileName + # Move-Item -Path repo -Destination "ScubaGear-${env:RELEASE_VERSION}" -Force + # Compress-Archive -Path "ScubaGear-${env:RELEASE_VERSION}" -DestinationPath "ScubaGear-${env:RELEASE_VERSION}.zip" - name: Create Release uses: softprops/action-gh-release@v1 id: create-release diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 new file mode 100644 index 0000000000..3cfdb21c01 --- /dev/null +++ b/utils/workflow/Build-SignRelease.ps1 @@ -0,0 +1,47 @@ +function New-ModuleSignature { + <# + .SYNOPSIS + Sign the ScubaGear module. + .PARAMETER $AzureKeyVaultUrl + The URL for the KeyVault in Azure. + .PARAMETER $CertificateName + The name of the certificate stored in the KeyVault. + .PARAMETER $ReleaseVersion + The version number of the release (e.g., 1.5.1). + #> + [CmdletBinding()] + param( + [Parameter(Mandatory = $true)] + [string] + $AzureKeyVaultUrl, + [Parameter(Mandatory = $true)] + [string] + $CertificateName, + [Parameter(Mandatory = $true)] + [string] + $ReleaseVersion + ) + + Write-Warning "Signing the module with AzureSignTool..." + + # Source the deploy utilities so the functions in it can be called. + . ./Publish-ScubaGear.ps1 + + # Remove non-release files + Remove-Item -Recurse -Force repo -Include .git* + Write-Warning "Creating an array of the files to sign..." + $ArrayOfFilePaths = New-ArrayOfFilePaths ` + -ModuleDestinationPath repo + + Write-Warning "Creating a file with a list of the files to sign..." + $FileListFileName = New-FileList ` + -ArrayOfFilePaths $ArrayOfFilePaths + + Write-Warning "Calling AzureSignTool function to sign scripts, manifest, and modules..." + Use-AzureSignTool ` + -AzureKeyVaultUrl $AzureKeyVaultUrl ` + -CertificateName $CertificateName ` + -FileList $FileListFileName + Move-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force + Compress-Archive -Path "ScubaGear-$ReleaseVersion" -DestinationPath "ScubaGear-$ReleaseVersion.zip" +} \ No newline at end of file From 021a9d8d426a2eeb0a34844abc7362d2884a86d2 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Mon, 16 Dec 2024 14:24:43 -0500 Subject: [PATCH 02/62] fix lint --- .github/workflows/build_sign_release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index 83496138bd..1aa9947c91 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -67,7 +67,7 @@ jobs: # Source the function . ./utils/workflow/Build-SignRelease.ps1 New-ModuleSignature ` - -AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} ` + -AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} ` -CertificateName ${{ steps.key-vault-info.outputs.KeyVaultCertificateName }} ` -ReleaseVersion ${env:RELEASE_VERSION} # # Source the deploy utilities so the functions in it can be called. From 43da682620894ef31f0556e5c8d182ea4ec50dd6 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Mon, 16 Dec 2024 15:36:09 -0500 Subject: [PATCH 03/62] fix path --- .github/workflows/build_sign_release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index 1aa9947c91..ba5ee0aacc 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -65,7 +65,7 @@ jobs: - name: Sign Module run: | # Source the function - . ./utils/workflow/Build-SignRelease.ps1 + . repo/utils/workflow/Build-SignRelease.ps1 New-ModuleSignature ` -AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} ` -CertificateName ${{ steps.key-vault-info.outputs.KeyVaultCertificateName }} ` From 9cd0bb14140cfb539921656b429c64afd6256980 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Mon, 16 Dec 2024 15:39:26 -0500 Subject: [PATCH 04/62] fix path --- utils/workflow/Build-SignRelease.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 3cfdb21c01..44b6a63421 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -25,7 +25,7 @@ function New-ModuleSignature { Write-Warning "Signing the module with AzureSignTool..." # Source the deploy utilities so the functions in it can be called. - . ./Publish-ScubaGear.ps1 + . Publish-ScubaGear.ps1 # Remove non-release files Remove-Item -Recurse -Force repo -Include .git* From aa00717ed5f2940a73092dc00c92396832d43d64 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Mon, 16 Dec 2024 15:46:08 -0500 Subject: [PATCH 05/62] fix path --- utils/workflow/Build-SignRelease.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 44b6a63421..e0b89107b0 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -24,8 +24,10 @@ function New-ModuleSignature { Write-Warning "Signing the module with AzureSignTool..." + # Source the deploy utilities so the functions in it can be called. - . Publish-ScubaGear.ps1 + $PublishPath = Join-Path -Path $PSScriptRoot -ChildPath '..\..\utils\workflow\Publish-ScubaGear.ps1' -Resolve + . $PublishPath # Remove non-release files Remove-Item -Recurse -Force repo -Include .git* From 31f57061da67eb076942b1258c41dd9895b64859 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Mon, 16 Dec 2024 16:01:51 -0500 Subject: [PATCH 06/62] remove commented out code --- .github/workflows/build_sign_release.yaml | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index ba5ee0aacc..0937ed29a2 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -70,25 +70,6 @@ jobs: -AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} ` -CertificateName ${{ steps.key-vault-info.outputs.KeyVaultCertificateName }} ` -ReleaseVersion ${env:RELEASE_VERSION} - # # Source the deploy utilities so the functions in it can be called. - # . repo/utils/workflow/Publish-ScubaGear.ps1 - # # Remove non-release files - # Remove-Item -Recurse -Force repo -Include .git* - # Write-Output "Creating an array of the files to sign..." - # $ArrayOfFilePaths = New-ArrayOfFilePaths ` - # -ModuleDestinationPath repo - # Write-Output "Creating a file with a list of the files to sign..." - # $FileListFileName = New-FileList ` - # -ArrayOfFilePaths $ArrayOfFilePaths - # Write-Output "Calling AzureSignTool function to sign scripts, manifest, and modules..." - # $AzureKeyVaultUrl = '${{ steps.key-vault-info.outputs.KeyVaultUrl }}' - # $CertificateName = '${{ steps.key-vault-info.outputs.KeyVaultCertificateName }}' - # Use-AzureSignTool ` - # -AzureKeyVaultUrl $AzureKeyVaultUrl ` - # -CertificateName $CertificateName ` - # -FileList $FileListFileName - # Move-Item -Path repo -Destination "ScubaGear-${env:RELEASE_VERSION}" -Force - # Compress-Archive -Path "ScubaGear-${env:RELEASE_VERSION}" -DestinationPath "ScubaGear-${env:RELEASE_VERSION}.zip" - name: Create Release uses: softprops/action-gh-release@v1 id: create-release From 1e35e1617d24d8c34236220590b2c5c022b23942 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 18 Dec 2024 08:47:30 -0500 Subject: [PATCH 07/62] run test release method --- .github/workflows/build_sign_release.yaml | 14 +++++++++----- Testing/workflow/Build-SignRelease.Tests.ps1 | 0 utils/workflow/Build-SignRelease.ps1 | 18 +++++++++++++++++- 3 files changed, 26 insertions(+), 6 deletions(-) create mode 100644 Testing/workflow/Build-SignRelease.Tests.ps1 diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index 0937ed29a2..9507e0e164 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -90,8 +90,12 @@ jobs: - name: Quick Check Release if: ${{ inputs.runQuickCheck }} run: | - Expand-Archive -Path "ScubaGear-${{ inputs.version }}.zip" - Get-ChildItem - Set-Location -Path "ScubaGear-${{ inputs.version }}" - Import-Module -Name .\PowerShell\ScubaGear\ScubaGear.psd1 - Invoke-SCuBA -Version + # Source the function + . repo/utils/workflow/Build-SignRelease.ps1 + Test-Release -Version ${{ inputs.version }} + + # Expand-Archive -Path "ScubaGear-${{ inputs.version }}.zip" + # Get-ChildItem + # Set-Location -Path "ScubaGear-${{ inputs.version }}" + # Import-Module -Name .\PowerShell\ScubaGear\ScubaGear.psd1 + # Invoke-SCuBA -Version diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 new file mode 100644 index 0000000000..e69de29bb2 diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index e0b89107b0..28fa6888d4 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -23,7 +23,6 @@ function New-ModuleSignature { ) Write-Warning "Signing the module with AzureSignTool..." - # Source the deploy utilities so the functions in it can be called. $PublishPath = Join-Path -Path $PSScriptRoot -ChildPath '..\..\utils\workflow\Publish-ScubaGear.ps1' -Resolve @@ -46,4 +45,21 @@ function New-ModuleSignature { -FileList $FileListFileName Move-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force Compress-Archive -Path "ScubaGear-$ReleaseVersion" -DestinationPath "ScubaGear-$ReleaseVersion.zip" +} + +function Test-Release { + <# + .SYNOPSIS + Tests a release of ScubaGear from GitHub by executing it. + .PARAMETER $Version + The version of ScubaGear expand and test. + #> + + Write-Warning "Testing the release..." + + Expand-Archive -Path "ScubaGear-$Version.zip" + Get-ChildItem + Set-Location -Path "ScubaGear-$Version" + Import-Module -Name .\PowerShell\ScubaGear\ScubaGear.psd1 + Invoke-SCuBA -Version } \ No newline at end of file From 6bc8651435e052cb8f7918208fd03c48c199295e Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 18 Dec 2024 09:25:17 -0500 Subject: [PATCH 08/62] Add debugging --- utils/workflow/Publish-ScubaGear.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/workflow/Publish-ScubaGear.ps1 b/utils/workflow/Publish-ScubaGear.ps1 index 9a860b5d7d..021e939525 100644 --- a/utils/workflow/Publish-ScubaGear.ps1 +++ b/utils/workflow/Publish-ScubaGear.ps1 @@ -429,7 +429,7 @@ function Use-AzureSignTool { Write-Warning "The path to AzureSignTool is $ToolPath" # & is the call operator that executes a command, script, or function. $Results = & $ToolPath $SignArguments - + Write-Host $Results # Temp testing... # Test the results for failures. # If there are no failures, the $SuccessPattern string will be the last # line in the results. From db575418212bd6d7cd0c18cfd0f899613a2f3f5f Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 18 Dec 2024 09:39:14 -0500 Subject: [PATCH 09/62] Add temp pester test --- Testing/workflow/Build-SignRelease.Tests.ps1 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index e69de29bb2..e4aa037a27 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -0,0 +1,6 @@ +# temp placeholder for a real test +Describe "Build Sign Release Check" { + It "Should Have Trivial Test" { + $false | Should -BeFalse + } +} \ No newline at end of file From b21b05309e595b8e76aa2321a6c30c60200391fc Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 18 Dec 2024 12:35:08 -0500 Subject: [PATCH 10/62] test file --- .github/workflows/build_sign_release.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index 9507e0e164..48c7ea0634 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -10,6 +10,10 @@ on: description: "Release Name" required: true type: string + # Note: This is NOT the ACTUAL release version for ScubaGear. + # That value is found in ScubaGear.psd1. + # This is only used for things like the file name. + # Yes, this is a disconnect that violates DRY. version: description: "Release Version (e.g., 1.2.4)" required: true @@ -90,6 +94,7 @@ jobs: - name: Quick Check Release if: ${{ inputs.runQuickCheck }} run: | + Test-Path -path repo/utils/workflow/Build-SignRelease.ps1 # Source the function . repo/utils/workflow/Build-SignRelease.ps1 Test-Release -Version ${{ inputs.version }} From ee43e3c71b04ead5eb8b0f5b331992d0ae146fd4 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 18 Dec 2024 12:44:22 -0500 Subject: [PATCH 11/62] add more debug --- .github/workflows/build_sign_release.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index 48c7ea0634..1a531981e6 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -94,7 +94,8 @@ jobs: - name: Quick Check Release if: ${{ inputs.runQuickCheck }} run: | - Test-Path -path repo/utils/workflow/Build-SignRelease.ps1 + Test-Path -path repo + Test-Path -path repo/workflow # Source the function . repo/utils/workflow/Build-SignRelease.ps1 Test-Release -Version ${{ inputs.version }} From a9bfb11f13d23cc88b45ab04ac42c33bd6718a2e Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 18 Dec 2024 12:48:50 -0500 Subject: [PATCH 12/62] debug path --- .github/workflows/build_sign_release.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index 1a531981e6..7270483f63 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -74,6 +74,7 @@ jobs: -AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} ` -CertificateName ${{ steps.key-vault-info.outputs.KeyVaultCertificateName }} ` -ReleaseVersion ${env:RELEASE_VERSION} + Test-Path -path repo - name: Create Release uses: softprops/action-gh-release@v1 id: create-release From 348bf9f19a9569ca5a1d53ad2a22bc61c24a19d0 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 18 Dec 2024 13:06:56 -0500 Subject: [PATCH 13/62] use copy instead of move --- .github/workflows/build_sign_release.yaml | 3 --- utils/workflow/Build-SignRelease.ps1 | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index 7270483f63..e7f5925e61 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -74,7 +74,6 @@ jobs: -AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} ` -CertificateName ${{ steps.key-vault-info.outputs.KeyVaultCertificateName }} ` -ReleaseVersion ${env:RELEASE_VERSION} - Test-Path -path repo - name: Create Release uses: softprops/action-gh-release@v1 id: create-release @@ -95,8 +94,6 @@ jobs: - name: Quick Check Release if: ${{ inputs.runQuickCheck }} run: | - Test-Path -path repo - Test-Path -path repo/workflow # Source the function . repo/utils/workflow/Build-SignRelease.ps1 Test-Release -Version ${{ inputs.version }} diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 28fa6888d4..62147351cd 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -43,7 +43,7 @@ function New-ModuleSignature { -AzureKeyVaultUrl $AzureKeyVaultUrl ` -CertificateName $CertificateName ` -FileList $FileListFileName - Move-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force + Copy-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force Compress-Archive -Path "ScubaGear-$ReleaseVersion" -DestinationPath "ScubaGear-$ReleaseVersion.zip" } From 669966891745f93959a5aab1421e8b06ac8a8081 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 18 Dec 2024 13:14:18 -0500 Subject: [PATCH 14/62] remove debug --- utils/workflow/Publish-ScubaGear.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/utils/workflow/Publish-ScubaGear.ps1 b/utils/workflow/Publish-ScubaGear.ps1 index 021e939525..053a8ea969 100644 --- a/utils/workflow/Publish-ScubaGear.ps1 +++ b/utils/workflow/Publish-ScubaGear.ps1 @@ -429,7 +429,6 @@ function Use-AzureSignTool { Write-Warning "The path to AzureSignTool is $ToolPath" # & is the call operator that executes a command, script, or function. $Results = & $ToolPath $SignArguments - Write-Host $Results # Temp testing... # Test the results for failures. # If there are no failures, the $SuccessPattern string will be the last # line in the results. From 73ce1011a767efba1cb3311618ed3df1ed7eb85f Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 18 Dec 2024 13:20:50 -0500 Subject: [PATCH 15/62] Back to move --- utils/workflow/Build-SignRelease.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 62147351cd..28fa6888d4 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -43,7 +43,7 @@ function New-ModuleSignature { -AzureKeyVaultUrl $AzureKeyVaultUrl ` -CertificateName $CertificateName ` -FileList $FileListFileName - Copy-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force + Move-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force Compress-Archive -Path "ScubaGear-$ReleaseVersion" -DestinationPath "ScubaGear-$ReleaseVersion.zip" } From 703f157ac97d4bb21813180355155fd1e5d9101c Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 18 Dec 2024 13:24:52 -0500 Subject: [PATCH 16/62] restore --- .github/workflows/build_sign_release.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index e7f5925e61..defa3983a6 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -95,11 +95,11 @@ jobs: if: ${{ inputs.runQuickCheck }} run: | # Source the function - . repo/utils/workflow/Build-SignRelease.ps1 - Test-Release -Version ${{ inputs.version }} + # . repo/utils/workflow/Build-SignRelease.ps1 + # Test-Release -Version ${{ inputs.version }} - # Expand-Archive -Path "ScubaGear-${{ inputs.version }}.zip" - # Get-ChildItem - # Set-Location -Path "ScubaGear-${{ inputs.version }}" - # Import-Module -Name .\PowerShell\ScubaGear\ScubaGear.psd1 - # Invoke-SCuBA -Version + Expand-Archive -Path "ScubaGear-${{ inputs.version }}.zip" + Get-ChildItem + Set-Location -Path "ScubaGear-${{ inputs.version }}" + Import-Module -Name .\PowerShell\ScubaGear\ScubaGear.psd1 + Invoke-SCuBA -Version From 6676866a8e0c7890abfe301a58fcf2f455262b7a Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 18 Dec 2024 15:12:02 -0500 Subject: [PATCH 17/62] create Pester test for installing AST --- .github/workflows/build_sign_release.yaml | 13 +++++---- Testing/workflow/Build-SignRelease.Tests.ps1 | 8 ++++-- utils/workflow/Build-SignRelease.ps1 | 29 ++++++++------------ utils/workflow/Publish-ScubaGear.ps1 | 2 +- 4 files changed, 25 insertions(+), 27 deletions(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index defa3983a6..349217a24b 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -48,8 +48,11 @@ jobs: path: repo - name: Install Azure Signing Tool run: | - dotnet --version - dotnet tool install --global AzureSignTool --version 5.0.0 + # Source the function + . repo/utils/workflow/Build-SignRelease.ps1 + Install-AzureSigningTool + # dotnet --version + # dotnet tool install --global AzureSignTool --version 5.0.0 # OIDC Login to Azure Public Cloud with AzPowershell (enableAzPSSession true) - name: Login to Azure uses: azure/login@v2 @@ -94,10 +97,8 @@ jobs: - name: Quick Check Release if: ${{ inputs.runQuickCheck }} run: | - # Source the function - # . repo/utils/workflow/Build-SignRelease.ps1 - # Test-Release -Version ${{ inputs.version }} - + # Note: Cannot move this code to a function in the utils/workflow folder + # because the Sign Module code above relocates that folder Expand-Archive -Path "ScubaGear-${{ inputs.version }}.zip" Get-ChildItem Set-Location -Path "ScubaGear-${{ inputs.version }}" diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index e4aa037a27..f73edecb57 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -1,6 +1,8 @@ # temp placeholder for a real test -Describe "Build Sign Release Check" { - It "Should Have Trivial Test" { - $false | Should -BeFalse +Describe "Install AST Check" { + It "Should be installed" { + $ToolPath = (Get-Command AzureSignTool).Path + Write-Warning "The path to AzureSignTool is $ToolPath" + Test-Path -Path $TooPath | Should -Be -True } } \ No newline at end of file diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 28fa6888d4..850c431064 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -1,3 +1,15 @@ +function Install-AzureSigningTool { + <# + .SYNOPSIS + Install Azure Signing Tool + #> + + Write-Warning "Installing AST..." + + dotnet --version + dotnet tool install --global AzureSignTool --version 5.0.0 +} + function New-ModuleSignature { <# .SYNOPSIS @@ -46,20 +58,3 @@ function New-ModuleSignature { Move-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force Compress-Archive -Path "ScubaGear-$ReleaseVersion" -DestinationPath "ScubaGear-$ReleaseVersion.zip" } - -function Test-Release { - <# - .SYNOPSIS - Tests a release of ScubaGear from GitHub by executing it. - .PARAMETER $Version - The version of ScubaGear expand and test. - #> - - Write-Warning "Testing the release..." - - Expand-Archive -Path "ScubaGear-$Version.zip" - Get-ChildItem - Set-Location -Path "ScubaGear-$Version" - Import-Module -Name .\PowerShell\ScubaGear\ScubaGear.psd1 - Invoke-SCuBA -Version -} \ No newline at end of file diff --git a/utils/workflow/Publish-ScubaGear.ps1 b/utils/workflow/Publish-ScubaGear.ps1 index 053a8ea969..70f8b6c46d 100644 --- a/utils/workflow/Publish-ScubaGear.ps1 +++ b/utils/workflow/Publish-ScubaGear.ps1 @@ -381,7 +381,7 @@ function New-FileList { function Use-AzureSignTool { <# - .DESCRIPTION + .SYNOPSIS AzureSignTool is a utility for signing code that is used to secure ScubaGear. https://github.com/vcsjones/AzureSignTool Throws an error if there was an error signing the files. From 72501335d9d665ea6e4bce973fb3a602500891bc Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 18 Dec 2024 15:26:55 -0500 Subject: [PATCH 18/62] install before checking for install --- Testing/workflow/Build-SignRelease.Tests.ps1 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index f73edecb57..852f9fb640 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -1,5 +1,9 @@ # temp placeholder for a real test Describe "Install AST Check" { + $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve + # Source the function + . $ScriptPath + Install-AzureSigningTool It "Should be installed" { $ToolPath = (Get-Command AzureSignTool).Path Write-Warning "The path to AzureSignTool is $ToolPath" From 426f4b221fcf8612840c143a5baee97f2b260c02 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 18 Dec 2024 15:48:04 -0500 Subject: [PATCH 19/62] verify commands --- Testing/workflow/Build-SignRelease.Tests.ps1 | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index 852f9fb640..614092cea1 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -1,10 +1,19 @@ -# temp placeholder for a real test -Describe "Install AST Check" { +# The purpose of this test is to verify that Azure Sign Tool is working. + +BeforeDiscovery { $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve # Source the function . $ScriptPath Install-AzureSigningTool - It "Should be installed" { +} + +Describe "AST Check" { + It "AST should be installed" { + $Commands = Get-Command AzureSignTool + Write-Warning "The commands are" + Write-Warning $Commands + Write-Warning "The type of commands" + Write-Warning $Commands.GetType() $ToolPath = (Get-Command AzureSignTool).Path Write-Warning "The path to AzureSignTool is $ToolPath" Test-Path -Path $TooPath | Should -Be -True From 2f900fdf8982eb9529825eae41a6202ddf3563c5 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 18 Dec 2024 16:21:15 -0500 Subject: [PATCH 20/62] Spell toolpath with a L --- Testing/workflow/Build-SignRelease.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index 614092cea1..8a1bf27317 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -16,6 +16,6 @@ Describe "AST Check" { Write-Warning $Commands.GetType() $ToolPath = (Get-Command AzureSignTool).Path Write-Warning "The path to AzureSignTool is $ToolPath" - Test-Path -Path $TooPath | Should -Be -True + Test-Path -Path $ToolPath | Should -Be -True } } \ No newline at end of file From 55a2a388e6e36775b074021faf85bd3b83eae2d6 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 18 Dec 2024 17:08:14 -0500 Subject: [PATCH 21/62] Spell $true as $true --- Testing/workflow/Build-SignRelease.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index 8a1bf27317..b1855c0cd8 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -16,6 +16,6 @@ Describe "AST Check" { Write-Warning $Commands.GetType() $ToolPath = (Get-Command AzureSignTool).Path Write-Warning "The path to AzureSignTool is $ToolPath" - Test-Path -Path $ToolPath | Should -Be -True + Test-Path -Path $ToolPath | Should -Be $true } } \ No newline at end of file From 84ed7c8aed1ece378559d8e559082059003522a4 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Thu, 19 Dec 2024 06:39:05 -0500 Subject: [PATCH 22/62] remove debug --- Testing/workflow/Build-SignRelease.Tests.ps1 | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index b1855c0cd8..518b988764 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -10,10 +10,6 @@ BeforeDiscovery { Describe "AST Check" { It "AST should be installed" { $Commands = Get-Command AzureSignTool - Write-Warning "The commands are" - Write-Warning $Commands - Write-Warning "The type of commands" - Write-Warning $Commands.GetType() $ToolPath = (Get-Command AzureSignTool).Path Write-Warning "The path to AzureSignTool is $ToolPath" Test-Path -Path $ToolPath | Should -Be $true From 09e5c71fdbc524d14c29a8b81755bf6294f96e4e Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Thu, 19 Dec 2024 06:42:59 -0500 Subject: [PATCH 23/62] fix lint --- Testing/workflow/Build-SignRelease.Tests.ps1 | 1 - utils/workflow/Build-SignRelease.ps1 | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index 518b988764..1643020d6e 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -9,7 +9,6 @@ BeforeDiscovery { Describe "AST Check" { It "AST should be installed" { - $Commands = Get-Command AzureSignTool $ToolPath = (Get-Command AzureSignTool).Path Write-Warning "The path to AzureSignTool is $ToolPath" Test-Path -Path $ToolPath | Should -Be $true diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 850c431064..3a078ef6f1 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -39,17 +39,17 @@ function New-ModuleSignature { # Source the deploy utilities so the functions in it can be called. $PublishPath = Join-Path -Path $PSScriptRoot -ChildPath '..\..\utils\workflow\Publish-ScubaGear.ps1' -Resolve . $PublishPath - + # Remove non-release files Remove-Item -Recurse -Force repo -Include .git* Write-Warning "Creating an array of the files to sign..." $ArrayOfFilePaths = New-ArrayOfFilePaths ` -ModuleDestinationPath repo - + Write-Warning "Creating a file with a list of the files to sign..." $FileListFileName = New-FileList ` -ArrayOfFilePaths $ArrayOfFilePaths - + Write-Warning "Calling AzureSignTool function to sign scripts, manifest, and modules..." Use-AzureSignTool ` -AzureKeyVaultUrl $AzureKeyVaultUrl ` From 23d0b07798048608209f912f907a2717b360aabc Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Thu, 19 Dec 2024 14:34:40 -0500 Subject: [PATCH 24/62] test for dotnet --- Testing/workflow/Build-SignRelease.Tests.ps1 | 5 +++++ utils/workflow/Build-SignRelease.ps1 | 1 - 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index 1643020d6e..b6a4a3866a 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -8,6 +8,11 @@ BeforeDiscovery { } Describe "AST Check" { + It "Dotnet should be installed" { + $ToolPath = (Get-Command dotnet).Path + Write-Warning "The path to dotnet is $ToolPath" + Test-Path -Path $ToolPath | Should -Be $true + } It "AST should be installed" { $ToolPath = (Get-Command AzureSignTool).Path Write-Warning "The path to AzureSignTool is $ToolPath" diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 3a078ef6f1..0fd4f46f28 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -6,7 +6,6 @@ function Install-AzureSigningTool { Write-Warning "Installing AST..." - dotnet --version dotnet tool install --global AzureSignTool --version 5.0.0 } From 1c02f3735034b096fa2c9c1d8b8911b735b1ae1b Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Thu, 19 Dec 2024 14:48:12 -0500 Subject: [PATCH 25/62] Replace env --- .github/workflows/build_sign_release.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index 349217a24b..c50bcad6eb 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -12,7 +12,7 @@ on: type: string # Note: This is NOT the ACTUAL release version for ScubaGear. # That value is found in ScubaGear.psd1. - # This is only used for things like the file name. + # This is only used for things like the release file name. # Yes, this is a disconnect that violates DRY. version: description: "Release Version (e.g., 1.2.4)" @@ -31,6 +31,7 @@ jobs: name: Build and Draft Release runs-on: windows-latest environment: Development + # TODO get rid of this env variable env: RELEASE_VERSION: ${{ inputs.version }} permissions: @@ -51,8 +52,6 @@ jobs: # Source the function . repo/utils/workflow/Build-SignRelease.ps1 Install-AzureSigningTool - # dotnet --version - # dotnet tool install --global AzureSignTool --version 5.0.0 # OIDC Login to Azure Public Cloud with AzPowershell (enableAzPSSession true) - name: Login to Azure uses: azure/login@v2 @@ -63,10 +62,11 @@ jobs: enable-AzPSSession: true - name: Get Key Vault info id: key-vault-info - env: - KEY_VAULT_INFO: ${{ secrets.SCUBA_KEY_VAULT_PROD}} + # env: + # KEY_VAULT_INFO: ${{ secrets.SCUBA_KEY_VAULT_PROD}} run: | - $KeyVaultInfo = ${env:KEY_VAULT_INFO} | ConvertFrom-Json + # $KeyVaultInfo = ${env:KEY_VAULT_INFO} | ConvertFrom-Json + $KeyVaultInfo = ${{ secrets.SCUBA_KEY_VAULT_PROD}} | ConvertFrom-Json echo "KeyVaultUrl=$($KeyVaultInfo.KeyVault.URL)" >> $env:GITHUB_OUTPUT echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT - name: Sign Module From 9580ab20a3d3b84328e811d6c06a4dfb6ce7537b Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Thu, 19 Dec 2024 15:12:28 -0500 Subject: [PATCH 26/62] test azure login --- .github/workflows/build_sign_release.yaml | 25 ++++++++++------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index c50bcad6eb..43f3692f69 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -32,8 +32,8 @@ jobs: runs-on: windows-latest environment: Development # TODO get rid of this env variable - env: - RELEASE_VERSION: ${{ inputs.version }} + # env: + # RELEASE_VERSION: ${{ inputs.version }} permissions: id-token: write contents: write @@ -52,20 +52,17 @@ jobs: # Source the function . repo/utils/workflow/Build-SignRelease.ps1 Install-AzureSigningTool - # OIDC Login to Azure Public Cloud with AzPowershell (enableAzPSSession true) - - name: Login to Azure - uses: azure/login@v2 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - enable-AzPSSession: true + # OpenID Connect (OIDC) login to Azure Public Cloud with AzPowershell + # - name: Login to Azure + # uses: azure/login@v2 + # with: + # client-id: ${{ secrets.AZURE_CLIENT_ID }} + # tenant-id: ${{ secrets.AZURE_TENANT_ID }} + # subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + # enable-AzPSSession: true - name: Get Key Vault info id: key-vault-info - # env: - # KEY_VAULT_INFO: ${{ secrets.SCUBA_KEY_VAULT_PROD}} run: | - # $KeyVaultInfo = ${env:KEY_VAULT_INFO} | ConvertFrom-Json $KeyVaultInfo = ${{ secrets.SCUBA_KEY_VAULT_PROD}} | ConvertFrom-Json echo "KeyVaultUrl=$($KeyVaultInfo.KeyVault.URL)" >> $env:GITHUB_OUTPUT echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT @@ -76,7 +73,7 @@ jobs: New-ModuleSignature ` -AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} ` -CertificateName ${{ steps.key-vault-info.outputs.KeyVaultCertificateName }} ` - -ReleaseVersion ${env:RELEASE_VERSION} + -ReleaseVersion ${{ inputs.version }} - name: Create Release uses: softprops/action-gh-release@v1 id: create-release From 046f12d62dcdb0c1578b56884d6d0f925c77726c Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Thu, 19 Dec 2024 15:25:51 -0500 Subject: [PATCH 27/62] Remove dead code, test copy folder again --- .github/workflows/build_sign_release.yaml | 8 -------- utils/workflow/Build-SignRelease.ps1 | 2 +- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index 43f3692f69..c1030d900c 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -52,14 +52,6 @@ jobs: # Source the function . repo/utils/workflow/Build-SignRelease.ps1 Install-AzureSigningTool - # OpenID Connect (OIDC) login to Azure Public Cloud with AzPowershell - # - name: Login to Azure - # uses: azure/login@v2 - # with: - # client-id: ${{ secrets.AZURE_CLIENT_ID }} - # tenant-id: ${{ secrets.AZURE_TENANT_ID }} - # subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - # enable-AzPSSession: true - name: Get Key Vault info id: key-vault-info run: | diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 0fd4f46f28..6345586668 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -54,6 +54,6 @@ function New-ModuleSignature { -AzureKeyVaultUrl $AzureKeyVaultUrl ` -CertificateName $CertificateName ` -FileList $FileListFileName - Move-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force + Copy-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force Compress-Archive -Path "ScubaGear-$ReleaseVersion" -DestinationPath "ScubaGear-$ReleaseVersion.zip" } From 0822608bf45f348d1e0038255d2f3dcb81eecd8b Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Thu, 19 Dec 2024 15:27:08 -0500 Subject: [PATCH 28/62] Restore code for a test --- .github/workflows/build_sign_release.yaml | 8 ++++++++ utils/workflow/Build-SignRelease.ps1 | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index c1030d900c..43f3692f69 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -52,6 +52,14 @@ jobs: # Source the function . repo/utils/workflow/Build-SignRelease.ps1 Install-AzureSigningTool + # OpenID Connect (OIDC) login to Azure Public Cloud with AzPowershell + # - name: Login to Azure + # uses: azure/login@v2 + # with: + # client-id: ${{ secrets.AZURE_CLIENT_ID }} + # tenant-id: ${{ secrets.AZURE_TENANT_ID }} + # subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + # enable-AzPSSession: true - name: Get Key Vault info id: key-vault-info run: | diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 6345586668..0fd4f46f28 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -54,6 +54,6 @@ function New-ModuleSignature { -AzureKeyVaultUrl $AzureKeyVaultUrl ` -CertificateName $CertificateName ` -FileList $FileListFileName - Copy-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force + Move-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force Compress-Archive -Path "ScubaGear-$ReleaseVersion" -DestinationPath "ScubaGear-$ReleaseVersion.zip" } From 41391b4d04e58f508af4783166e7a3b99c859957 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Thu, 19 Dec 2024 15:30:27 -0500 Subject: [PATCH 29/62] Restore login --- .github/workflows/build_sign_release.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index 43f3692f69..a1aaaa09a5 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -53,13 +53,13 @@ jobs: . repo/utils/workflow/Build-SignRelease.ps1 Install-AzureSigningTool # OpenID Connect (OIDC) login to Azure Public Cloud with AzPowershell - # - name: Login to Azure - # uses: azure/login@v2 - # with: - # client-id: ${{ secrets.AZURE_CLIENT_ID }} - # tenant-id: ${{ secrets.AZURE_TENANT_ID }} - # subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - # enable-AzPSSession: true + - name: Login to Azure + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + enable-AzPSSession: true - name: Get Key Vault info id: key-vault-info run: | From e42dddce696ebbc611fef4d91e690b0c688f7384 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Thu, 19 Dec 2024 15:36:03 -0500 Subject: [PATCH 30/62] restore env --- .github/workflows/build_sign_release.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index a1aaaa09a5..78c69294b1 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -62,8 +62,10 @@ jobs: enable-AzPSSession: true - name: Get Key Vault info id: key-vault-info + env: + KEY_VAULT_INFO: ${{ secrets.SCUBA_KEY_VAULT_PROD}} run: | - $KeyVaultInfo = ${{ secrets.SCUBA_KEY_VAULT_PROD}} | ConvertFrom-Json + $KeyVaultInfo = ${env:KEY_VAULT_INFO} | ConvertFrom-Json echo "KeyVaultUrl=$($KeyVaultInfo.KeyVault.URL)" >> $env:GITHUB_OUTPUT echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT - name: Sign Module From a103a418a92cf449182e798881bc751b47f185f3 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Thu, 19 Dec 2024 15:50:29 -0500 Subject: [PATCH 31/62] try copy item again --- utils/workflow/Build-SignRelease.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 0fd4f46f28..6345586668 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -54,6 +54,6 @@ function New-ModuleSignature { -AzureKeyVaultUrl $AzureKeyVaultUrl ` -CertificateName $CertificateName ` -FileList $FileListFileName - Move-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force + Copy-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force Compress-Archive -Path "ScubaGear-$ReleaseVersion" -DestinationPath "ScubaGear-$ReleaseVersion.zip" } From 5e3bc2c03ba7b36da39a7898292322d6270968dd Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Fri, 20 Dec 2024 07:06:49 -0500 Subject: [PATCH 32/62] restore move --- utils/workflow/Build-SignRelease.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 6345586668..0fd4f46f28 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -54,6 +54,6 @@ function New-ModuleSignature { -AzureKeyVaultUrl $AzureKeyVaultUrl ` -CertificateName $CertificateName ` -FileList $FileListFileName - Copy-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force + Move-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force Compress-Archive -Path "ScubaGear-$ReleaseVersion" -DestinationPath "ScubaGear-$ReleaseVersion.zip" } From abf801236cd7530645954fa47296ac13e43f2843 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Tue, 24 Dec 2024 09:59:06 -0500 Subject: [PATCH 33/62] set to copy --- utils/workflow/Build-SignRelease.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 0fd4f46f28..6345586668 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -54,6 +54,6 @@ function New-ModuleSignature { -AzureKeyVaultUrl $AzureKeyVaultUrl ` -CertificateName $CertificateName ` -FileList $FileListFileName - Move-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force + Copy-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force Compress-Archive -Path "ScubaGear-$ReleaseVersion" -DestinationPath "ScubaGear-$ReleaseVersion.zip" } From 41951fc84810f45cab1acfa92626ad874553ea0e Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Tue, 24 Dec 2024 10:19:35 -0500 Subject: [PATCH 34/62] test for zip --- utils/workflow/Build-SignRelease.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 6345586668..86b1146f0f 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -56,4 +56,6 @@ function New-ModuleSignature { -FileList $FileListFileName Copy-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force Compress-Archive -Path "ScubaGear-$ReleaseVersion" -DestinationPath "ScubaGear-$ReleaseVersion.zip" + Write-Warning "DOES THE ZIP EXIST????" + Test-Path -Path "ScubaGear-$ReleaseVersion.zip" } From e5885f68d8d105c7d7c794c15ca07a76d5b0876f Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Tue, 24 Dec 2024 10:21:41 -0500 Subject: [PATCH 35/62] add debug --- utils/workflow/Build-SignRelease.ps1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 86b1146f0f..d89be10a9e 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -57,5 +57,8 @@ function New-ModuleSignature { Copy-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force Compress-Archive -Path "ScubaGear-$ReleaseVersion" -DestinationPath "ScubaGear-$ReleaseVersion.zip" Write-Warning "DOES THE ZIP EXIST????" - Test-Path -Path "ScubaGear-$ReleaseVersion.zip" + Write-Warning "ScubaGear-$ReleaseVersion.zip" + $Result = Test-Path -Path "ScubaGear-$ReleaseVersion.zip" + Write-Warning "The RESULT is" + Write-Warning $Result } From f4ac8654b73cf8e419b32e5ed564f5578c359cb6 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Tue, 24 Dec 2024 10:58:10 -0500 Subject: [PATCH 36/62] Return to move --- utils/workflow/Build-SignRelease.ps1 | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index d89be10a9e..ca68b3e847 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -39,7 +39,7 @@ function New-ModuleSignature { $PublishPath = Join-Path -Path $PSScriptRoot -ChildPath '..\..\utils\workflow\Publish-ScubaGear.ps1' -Resolve . $PublishPath - # Remove non-release files + # Remove non-release files (required for non-Windows machines) Remove-Item -Recurse -Force repo -Include .git* Write-Warning "Creating an array of the files to sign..." $ArrayOfFilePaths = New-ArrayOfFilePaths ` @@ -54,11 +54,6 @@ function New-ModuleSignature { -AzureKeyVaultUrl $AzureKeyVaultUrl ` -CertificateName $CertificateName ` -FileList $FileListFileName - Copy-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force + Move-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force Compress-Archive -Path "ScubaGear-$ReleaseVersion" -DestinationPath "ScubaGear-$ReleaseVersion.zip" - Write-Warning "DOES THE ZIP EXIST????" - Write-Warning "ScubaGear-$ReleaseVersion.zip" - $Result = Test-Path -Path "ScubaGear-$ReleaseVersion.zip" - Write-Warning "The RESULT is" - Write-Warning $Result } From 3bfe37ae6f5b5bea8aa9ee4a338a6a2216fbd9ca Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Tue, 24 Dec 2024 14:39:25 -0500 Subject: [PATCH 37/62] improve tests --- .github/workflows/build_sign_release.yaml | 8 ++--- .../workflows/publish_private_package.yaml | 11 +++---- .github/workflows/publish_public_package.yaml | 9 +++--- Testing/workflow/Build-SignRelease.Tests.ps1 | 30 ++++++++----------- .../workflow/Install-AzureSignTool.Tests.ps1 | 21 +++++++++++++ utils/workflow/Build-SignRelease.ps1 | 11 ------- utils/workflow/Install-AzureSignTool.ps1 | 10 +++++++ 7 files changed, 58 insertions(+), 42 deletions(-) create mode 100644 Testing/workflow/Install-AzureSignTool.Tests.ps1 create mode 100644 utils/workflow/Install-AzureSignTool.ps1 diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index 78c69294b1..b86c4e856a 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -50,8 +50,8 @@ jobs: - name: Install Azure Signing Tool run: | # Source the function - . repo/utils/workflow/Build-SignRelease.ps1 - Install-AzureSigningTool + . repo/utils/workflow/Install-AzureSignTool.ps1 + Install-AzureSignTool # OpenID Connect (OIDC) login to Azure Public Cloud with AzPowershell - name: Login to Azure uses: azure/login@v2 @@ -70,7 +70,7 @@ jobs: echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT - name: Sign Module run: | - # Source the function + # Source the function. . repo/utils/workflow/Build-SignRelease.ps1 New-ModuleSignature ` -AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} ` @@ -96,8 +96,6 @@ jobs: - name: Quick Check Release if: ${{ inputs.runQuickCheck }} run: | - # Note: Cannot move this code to a function in the utils/workflow folder - # because the Sign Module code above relocates that folder Expand-Archive -Path "ScubaGear-${{ inputs.version }}.zip" Get-ChildItem Set-Location -Path "ScubaGear-${{ inputs.version }}" diff --git a/.github/workflows/publish_private_package.yaml b/.github/workflows/publish_private_package.yaml index 6e92a4e323..e464950b66 100644 --- a/.github/workflows/publish_private_package.yaml +++ b/.github/workflows/publish_private_package.yaml @@ -40,9 +40,10 @@ jobs: path: repo - name: Install Azure Signing Tool run: | - dotnet --version - dotnet tool install --global AzureSignTool --version 5.0.0 - # OIDC Login to Azure Public Cloud with AzPowershell (enableAzPSSession true) + # Source the function + . repo/utils/workflow/Install-AzureSignTool.ps1 + Install-AzureSignTool + # OIDC Login to Azure Public Cloud with AzPowershell - name: Login to Azure uses: azure/login@v2 with: @@ -60,13 +61,13 @@ jobs: echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT - name: Create Private Gallery run: | - # Source the deploy utilities so the functions in it can be called. + # Source the function. . repo/utils/workflow/Publish-ScubaGear.ps1 cd repo New-PrivateGallery -GalleryName $env:GalleryName -Trusted - name: Sign and Publish Module run: | - # Source the deploy utilities so the functions in it can be called. + # Source the function. . repo/utils/workflow/Publish-ScubaGear.ps1 # Remove non-release files Remove-Item -Recurse -Force repo -Include .git* diff --git a/.github/workflows/publish_public_package.yaml b/.github/workflows/publish_public_package.yaml index 49a61f9795..ca4185ef05 100644 --- a/.github/workflows/publish_public_package.yaml +++ b/.github/workflows/publish_public_package.yaml @@ -46,9 +46,10 @@ jobs: path: repo - name: Install Azure Signing Tool run: | - dotnet --version - dotnet tool install --global AzureSignTool --version 5.0.0 - # OIDC Login to Azure Public Cloud with AzPowershell (enableAzPSSession true) + # Source the function + . repo/utils/workflow/Install-AzureSignTool.ps1 + Install-AzureSignTool + # OIDC Login to Azure Public Cloud with AzPowershell - name: Login to Azure uses: azure/login@v2 with: @@ -66,7 +67,7 @@ jobs: echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT - name: Sign and Publish Module run: | - # Source the deploy utilities so the functions in it can be called. + # Source the function. . repo/utils/workflow/Publish-ScubaGear.ps1 # Remove non-release files Remove-Item -Recurse -Force repo -Include .git* diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index b6a4a3866a..1b37096d7b 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -1,21 +1,17 @@ -# The purpose of this test is to verify that Azure Sign Tool is working. +# Add test with bad key vault URL +# Add test with bad cert name +# Add test that checks for zip file after compress -BeforeDiscovery { - $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve - # Source the function - . $ScriptPath - Install-AzureSigningTool -} +# The purpose of this test to ensure that the function properly signs the module. -Describe "AST Check" { - It "Dotnet should be installed" { - $ToolPath = (Get-Command dotnet).Path - Write-Warning "The path to dotnet is $ToolPath" - Test-Path -Path $ToolPath | Should -Be $true - } - It "AST should be installed" { - $ToolPath = (Get-Command AzureSignTool).Path - Write-Warning "The path to AzureSignTool is $ToolPath" - Test-Path -Path $ToolPath | Should -Be $true +Describe "Sign Module Check" { + It "Bad key vault URL should be handled gracefully" { + # Source the function. + . repo/utils/workflow/Build-SignRelease.ps1 + New-ModuleSignature ` + -AzureKeyVaultUrl "https://www.cisa.gov" ` + -CertificateName "certificate name" ` + -ReleaseVersion "0.0.1" } + } \ No newline at end of file diff --git a/Testing/workflow/Install-AzureSignTool.Tests.ps1 b/Testing/workflow/Install-AzureSignTool.Tests.ps1 new file mode 100644 index 0000000000..b6a4a3866a --- /dev/null +++ b/Testing/workflow/Install-AzureSignTool.Tests.ps1 @@ -0,0 +1,21 @@ +# The purpose of this test is to verify that Azure Sign Tool is working. + +BeforeDiscovery { + $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve + # Source the function + . $ScriptPath + Install-AzureSigningTool +} + +Describe "AST Check" { + It "Dotnet should be installed" { + $ToolPath = (Get-Command dotnet).Path + Write-Warning "The path to dotnet is $ToolPath" + Test-Path -Path $ToolPath | Should -Be $true + } + It "AST should be installed" { + $ToolPath = (Get-Command AzureSignTool).Path + Write-Warning "The path to AzureSignTool is $ToolPath" + Test-Path -Path $ToolPath | Should -Be $true + } +} \ No newline at end of file diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index ca68b3e847..9ce886b33a 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -1,14 +1,3 @@ -function Install-AzureSigningTool { - <# - .SYNOPSIS - Install Azure Signing Tool - #> - - Write-Warning "Installing AST..." - - dotnet tool install --global AzureSignTool --version 5.0.0 -} - function New-ModuleSignature { <# .SYNOPSIS diff --git a/utils/workflow/Install-AzureSignTool.ps1 b/utils/workflow/Install-AzureSignTool.ps1 new file mode 100644 index 0000000000..a8cb39e77d --- /dev/null +++ b/utils/workflow/Install-AzureSignTool.ps1 @@ -0,0 +1,10 @@ +function Install-AzureSignTool { + <# + .SYNOPSIS + Install Azure Signing Tool + #> + + Write-Warning "Installing AST..." + + dotnet tool install --global AzureSignTool --version 5.0.0 +} \ No newline at end of file From ce7096d37fca18d1ac9aee07150f6907b618dcb4 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Tue, 24 Dec 2024 14:51:21 -0500 Subject: [PATCH 38/62] fix path errors --- Testing/workflow/Build-SignRelease.Tests.ps1 | 6 ++++-- Testing/workflow/Install-AzureSignTool.Tests.ps1 | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index 1b37096d7b..f72a8b5929 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -6,8 +6,10 @@ Describe "Sign Module Check" { It "Bad key vault URL should be handled gracefully" { - # Source the function. - . repo/utils/workflow/Build-SignRelease.ps1 + $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve + # Source the function + . $ScriptPath + New-ModuleSignature ` -AzureKeyVaultUrl "https://www.cisa.gov" ` -CertificateName "certificate name" ` diff --git a/Testing/workflow/Install-AzureSignTool.Tests.ps1 b/Testing/workflow/Install-AzureSignTool.Tests.ps1 index b6a4a3866a..bb95f2038e 100644 --- a/Testing/workflow/Install-AzureSignTool.Tests.ps1 +++ b/Testing/workflow/Install-AzureSignTool.Tests.ps1 @@ -4,7 +4,7 @@ BeforeDiscovery { $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve # Source the function . $ScriptPath - Install-AzureSigningTool + Install-AzureSignTool } Describe "AST Check" { From 158cd4963bb540e2e0d47c030cd085df32cb27a3 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Tue, 24 Dec 2024 15:07:00 -0500 Subject: [PATCH 39/62] fix path --- Testing/workflow/Install-AzureSignTool.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Testing/workflow/Install-AzureSignTool.Tests.ps1 b/Testing/workflow/Install-AzureSignTool.Tests.ps1 index bb95f2038e..1a2c9ad1eb 100644 --- a/Testing/workflow/Install-AzureSignTool.Tests.ps1 +++ b/Testing/workflow/Install-AzureSignTool.Tests.ps1 @@ -1,7 +1,7 @@ # The purpose of this test is to verify that Azure Sign Tool is working. BeforeDiscovery { - $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve + $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Install-AzureSignTool.ps1.ps1' -Resolve # Source the function . $ScriptPath Install-AzureSignTool From 71842f1e1b872f22b1a7712fc9df1e16d1594753 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Tue, 24 Dec 2024 15:29:32 -0500 Subject: [PATCH 40/62] add root folder name --- .github/workflows/build_sign_release.yaml | 3 ++- Testing/workflow/Build-SignRelease.Tests.ps1 | 5 +++-- Testing/workflow/Install-AzureSignTool.Tests.ps1 | 2 +- utils/workflow/Build-SignRelease.ps1 | 13 +++++++++---- 4 files changed, 15 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index b86c4e856a..29b7e796c5 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -75,7 +75,8 @@ jobs: New-ModuleSignature ` -AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} ` -CertificateName ${{ steps.key-vault-info.outputs.KeyVaultCertificateName }} ` - -ReleaseVersion ${{ inputs.version }} + -ReleaseVersion ${{ inputs.version }} ` + -RootFolderName "root" - name: Create Release uses: softprops/action-gh-release@v1 id: create-release diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index f72a8b5929..8986ea6872 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -9,11 +9,12 @@ Describe "Sign Module Check" { $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve # Source the function . $ScriptPath - + $RootFolderName = Join-Path -Path $PSScriptRoot -Childpath '../..' New-ModuleSignature ` -AzureKeyVaultUrl "https://www.cisa.gov" ` -CertificateName "certificate name" ` - -ReleaseVersion "0.0.1" + -ReleaseVersion "0.0.1" ` + -RootFolderName $RootFolderName } } \ No newline at end of file diff --git a/Testing/workflow/Install-AzureSignTool.Tests.ps1 b/Testing/workflow/Install-AzureSignTool.Tests.ps1 index 1a2c9ad1eb..7fa6a378aa 100644 --- a/Testing/workflow/Install-AzureSignTool.Tests.ps1 +++ b/Testing/workflow/Install-AzureSignTool.Tests.ps1 @@ -1,7 +1,7 @@ # The purpose of this test is to verify that Azure Sign Tool is working. BeforeDiscovery { - $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Install-AzureSignTool.ps1.ps1' -Resolve + $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Install-AzureSignTool.ps1' -Resolve # Source the function . $ScriptPath Install-AzureSignTool diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 9ce886b33a..04d195bbd6 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -8,6 +8,8 @@ function New-ModuleSignature { The name of the certificate stored in the KeyVault. .PARAMETER $ReleaseVersion The version number of the release (e.g., 1.5.1). + .PARAMETER $RootFolderName + The name of the root folder. #> [CmdletBinding()] param( @@ -19,7 +21,10 @@ function New-ModuleSignature { $CertificateName, [Parameter(Mandatory = $true)] [string] - $ReleaseVersion + $ReleaseVersion, + [Parameter(Mandatory = $true)] + [string] + $RootFolderName ) Write-Warning "Signing the module with AzureSignTool..." @@ -29,10 +34,10 @@ function New-ModuleSignature { . $PublishPath # Remove non-release files (required for non-Windows machines) - Remove-Item -Recurse -Force repo -Include .git* + Remove-Item -Recurse -Force $RootFolderName -Include .git* Write-Warning "Creating an array of the files to sign..." $ArrayOfFilePaths = New-ArrayOfFilePaths ` - -ModuleDestinationPath repo + -ModuleDestinationPath $RootFolderName Write-Warning "Creating a file with a list of the files to sign..." $FileListFileName = New-FileList ` @@ -43,6 +48,6 @@ function New-ModuleSignature { -AzureKeyVaultUrl $AzureKeyVaultUrl ` -CertificateName $CertificateName ` -FileList $FileListFileName - Move-Item -Path repo -Destination "ScubaGear-$ReleaseVersion" -Force + Move-Item -Path $RootFolderName -Destination "ScubaGear-$ReleaseVersion" -Force Compress-Archive -Path "ScubaGear-$ReleaseVersion" -DestinationPath "ScubaGear-$ReleaseVersion.zip" } From 29410e464139db7a9f6ef1af4d99cd70050d442c Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Tue, 24 Dec 2024 16:10:56 -0500 Subject: [PATCH 41/62] fix root folder name --- Testing/workflow/Build-SignRelease.Tests.ps1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index 8986ea6872..c190ba384a 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -14,7 +14,6 @@ Describe "Sign Module Check" { -AzureKeyVaultUrl "https://www.cisa.gov" ` -CertificateName "certificate name" ` -ReleaseVersion "0.0.1" ` - -RootFolderName $RootFolderName + -RootFolderName . } - } \ No newline at end of file From f4776bdd49f4262ddbe3a0b5fbc638e882dddeca Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 8 Jan 2025 11:41:46 -0500 Subject: [PATCH 42/62] add bad input checks --- Testing/workflow/Build-SignRelease.Tests.ps1 | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index c190ba384a..573a0bfb0b 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -9,11 +9,27 @@ Describe "Sign Module Check" { $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve # Source the function . $ScriptPath - $RootFolderName = Join-Path -Path $PSScriptRoot -Childpath '../..' + $RootFolderPath = Join-Path -Path $PSScriptRoot -Childpath '../..' + $RootFolderName = $RootFolderPath.Name New-ModuleSignature ` -AzureKeyVaultUrl "https://www.cisa.gov" ` -CertificateName "certificate name" ` -ReleaseVersion "0.0.1" ` -RootFolderName . } +} + +Describe "Bad Inputs Check" { + It "Bad inputs should be handled gracefully" { + $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve + # Source the function + . $ScriptPath + $RootFolderPath = Join-Path -Path $PSScriptRoot -Childpath '../..' + $RootFolderName = $RootFolderPath.Name + New-ModuleSignature ` + -AzureKeyVaultUrl "https://www.example.com" ` + -CertificateName "certificate name" ` + -ReleaseVersion "0.0.1" ` + -RootFolderName . + } } \ No newline at end of file From 69a779812841a0ab91717c7910fa08c610cb36a7 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 8 Jan 2025 11:52:40 -0500 Subject: [PATCH 43/62] fix unused variable --- Testing/workflow/Build-SignRelease.Tests.ps1 | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index 573a0bfb0b..59ebd122d4 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -15,7 +15,7 @@ Describe "Sign Module Check" { -AzureKeyVaultUrl "https://www.cisa.gov" ` -CertificateName "certificate name" ` -ReleaseVersion "0.0.1" ` - -RootFolderName . + -RootFolderName $RootFolderName } } @@ -24,8 +24,6 @@ Describe "Bad Inputs Check" { $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve # Source the function . $ScriptPath - $RootFolderPath = Join-Path -Path $PSScriptRoot -Childpath '../..' - $RootFolderName = $RootFolderPath.Name New-ModuleSignature ` -AzureKeyVaultUrl "https://www.example.com" ` -CertificateName "certificate name" ` From bba457685be71d11c897b56b744e18a8b6f9d339 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 8 Jan 2025 12:27:34 -0500 Subject: [PATCH 44/62] change root folder name --- Testing/workflow/Build-SignRelease.Tests.ps1 | 30 +++++++++++--------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index 59ebd122d4..05e607143a 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -10,24 +10,26 @@ Describe "Sign Module Check" { # Source the function . $ScriptPath $RootFolderPath = Join-Path -Path $PSScriptRoot -Childpath '../..' - $RootFolderName = $RootFolderPath.Name + # $RootFolderName = $RootFolderPath.Name + Write-Warning "Root Folder Path: $RootFolderPath" + Write-Warning "Root Folder Name: $RootFolderName" New-ModuleSignature ` -AzureKeyVaultUrl "https://www.cisa.gov" ` -CertificateName "certificate name" ` -ReleaseVersion "0.0.1" ` - -RootFolderName $RootFolderName + -RootFolderName "root" } } -Describe "Bad Inputs Check" { - It "Bad inputs should be handled gracefully" { - $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve - # Source the function - . $ScriptPath - New-ModuleSignature ` - -AzureKeyVaultUrl "https://www.example.com" ` - -CertificateName "certificate name" ` - -ReleaseVersion "0.0.1" ` - -RootFolderName . - } -} \ No newline at end of file +# Describe "Bad Inputs Check" { +# It "Bad inputs should be handled gracefully" { +# $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve +# # Source the function +# . $ScriptPath +# New-ModuleSignature ` +# -AzureKeyVaultUrl "https://www.example.com" ` +# -CertificateName "certificate name" ` +# -ReleaseVersion "0.0.1" ` +# -RootFolderName . +# } +# } \ No newline at end of file From 46b01554d4b56533e77871039b4ef3d718736b64 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 8 Jan 2025 12:45:24 -0500 Subject: [PATCH 45/62] Test for root --- Testing/workflow/Build-SignRelease.Tests.ps1 | 4 +--- utils/workflow/Build-SignRelease.ps1 | 2 ++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index 05e607143a..044e5e01f7 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -9,10 +9,8 @@ Describe "Sign Module Check" { $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve # Source the function . $ScriptPath - $RootFolderPath = Join-Path -Path $PSScriptRoot -Childpath '../..' - # $RootFolderName = $RootFolderPath.Name + $RootFolderPath = Join-Path -Path $PSScriptRoot -Childpath '../../../..' Write-Warning "Root Folder Path: $RootFolderPath" - Write-Warning "Root Folder Name: $RootFolderName" New-ModuleSignature ` -AzureKeyVaultUrl "https://www.cisa.gov" ` -CertificateName "certificate name" ` diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 04d195bbd6..4fc60cedd8 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -34,6 +34,8 @@ function New-ModuleSignature { . $PublishPath # Remove non-release files (required for non-Windows machines) + Write-Warning "The root folder name contains" + Get-ChildItem -Path $RootFolderName Remove-Item -Recurse -Force $RootFolderName -Include .git* Write-Warning "Creating an array of the files to sign..." $ArrayOfFilePaths = New-ArrayOfFilePaths ` From dd40f7834bdc96239a6f02eb535b62e3c6ed39d6 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 8 Jan 2025 13:10:43 -0500 Subject: [PATCH 46/62] add resolve --- Testing/workflow/Build-SignRelease.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index 044e5e01f7..8e26917c69 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -9,7 +9,7 @@ Describe "Sign Module Check" { $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve # Source the function . $ScriptPath - $RootFolderPath = Join-Path -Path $PSScriptRoot -Childpath '../../../..' + $RootFolderPath = Join-Path -Path $PSScriptRoot -Childpath '../../../..' -Resolve Write-Warning "Root Folder Path: $RootFolderPath" New-ModuleSignature ` -AzureKeyVaultUrl "https://www.cisa.gov" ` From 220f6adba5854f725a402c3c061cd1a97d504708 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 8 Jan 2025 13:26:17 -0500 Subject: [PATCH 47/62] fix root folder name --- .github/workflows/build_sign_release.yaml | 2 +- Testing/workflow/Build-SignRelease.Tests.ps1 | 2 +- utils/workflow/Build-SignRelease.ps1 | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index 29b7e796c5..ef9170b3de 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -76,7 +76,7 @@ jobs: -AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} ` -CertificateName ${{ steps.key-vault-info.outputs.KeyVaultCertificateName }} ` -ReleaseVersion ${{ inputs.version }} ` - -RootFolderName "root" + -RootFolderName . - name: Create Release uses: softprops/action-gh-release@v1 id: create-release diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index 8e26917c69..c83806917f 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -15,7 +15,7 @@ Describe "Sign Module Check" { -AzureKeyVaultUrl "https://www.cisa.gov" ` -CertificateName "certificate name" ` -ReleaseVersion "0.0.1" ` - -RootFolderName "root" + -RootFolderName $RootFolderPath } } diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 4fc60cedd8..202f3d5b98 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -36,6 +36,7 @@ function New-ModuleSignature { # Remove non-release files (required for non-Windows machines) Write-Warning "The root folder name contains" Get-ChildItem -Path $RootFolderName + # Delete git folder Remove-Item -Recurse -Force $RootFolderName -Include .git* Write-Warning "Creating an array of the files to sign..." $ArrayOfFilePaths = New-ArrayOfFilePaths ` From 932bca3ddfba5ae574c13924a4cb98c1e5a2ca81 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 8 Jan 2025 15:07:18 -0500 Subject: [PATCH 48/62] Throw exception for missing dir --- .github/workflows/build_sign_release.yaml | 2 +- utils/workflow/Build-SignRelease.ps1 | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index ef9170b3de..29b7e796c5 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -76,7 +76,7 @@ jobs: -AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} ` -CertificateName ${{ steps.key-vault-info.outputs.KeyVaultCertificateName }} ` -ReleaseVersion ${{ inputs.version }} ` - -RootFolderName . + -RootFolderName "root" - name: Create Release uses: softprops/action-gh-release@v1 id: create-release diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 202f3d5b98..03366008ec 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -29,13 +29,20 @@ function New-ModuleSignature { Write-Warning "Signing the module with AzureSignTool..." + # Verify that $RootFolderName exists + Write-Warning "The root folder name is $RootFolderName" + if (Test-Path -Path $RootFolderName) { + Write-Warning "Directory exists" + } else { + Write-Warning "Directory does not exist; throwing an exception..." + throw [System.IO.DirectoryNotFoundException] "Directory not found: $RootFolderName" + } + # Source the deploy utilities so the functions in it can be called. $PublishPath = Join-Path -Path $PSScriptRoot -ChildPath '..\..\utils\workflow\Publish-ScubaGear.ps1' -Resolve . $PublishPath # Remove non-release files (required for non-Windows machines) - Write-Warning "The root folder name contains" - Get-ChildItem -Path $RootFolderName # Delete git folder Remove-Item -Recurse -Force $RootFolderName -Include .git* Write-Warning "Creating an array of the files to sign..." From 96cca59bd54dfd9b62aae5e720b5b3605fb9e5f0 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed, 8 Jan 2025 15:40:39 -0500 Subject: [PATCH 49/62] added function doc --- utils/workflow/Build-SignRelease.ps1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 03366008ec..4215173a72 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -10,6 +10,9 @@ function New-ModuleSignature { The version number of the release (e.g., 1.5.1). .PARAMETER $RootFolderName The name of the root folder. + .EXCEPTIONS + System.IO.DirectoryNotFoundException + Thrown if $RootFolderName does not exist. #> [CmdletBinding()] param( From a4cb0848fcf926965fb0f3ede325fb6020e04a1d Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Thu, 9 Jan 2025 08:28:20 -0500 Subject: [PATCH 50/62] remove the remove-item --- utils/workflow/Build-SignRelease.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 4215173a72..2331d54fc1 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -38,7 +38,7 @@ function New-ModuleSignature { Write-Warning "Directory exists" } else { Write-Warning "Directory does not exist; throwing an exception..." - throw [System.IO.DirectoryNotFoundException] "Directory not found: $RootFolderName" + # throw [System.IO.DirectoryNotFoundException] "Directory not found: $RootFolderName" } # Source the deploy utilities so the functions in it can be called. @@ -47,7 +47,7 @@ function New-ModuleSignature { # Remove non-release files (required for non-Windows machines) # Delete git folder - Remove-Item -Recurse -Force $RootFolderName -Include .git* + # Remove-Item -Recurse -Force $RootFolderName -Include .git* Write-Warning "Creating an array of the files to sign..." $ArrayOfFilePaths = New-ArrayOfFilePaths ` -ModuleDestinationPath $RootFolderName From 7c2c843a80de5a323cb760e9b5e8298a4bb054cc Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Thu, 9 Jan 2025 08:56:48 -0500 Subject: [PATCH 51/62] set root to repo --- .github/workflows/build_sign_release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index 29b7e796c5..f94caad798 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -76,7 +76,7 @@ jobs: -AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} ` -CertificateName ${{ steps.key-vault-info.outputs.KeyVaultCertificateName }} ` -ReleaseVersion ${{ inputs.version }} ` - -RootFolderName "root" + -RootFolderName "repo" - name: Create Release uses: softprops/action-gh-release@v1 id: create-release From e786cbd019c8d7668435a14a6621f6def9211619 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Thu, 9 Jan 2025 09:02:41 -0500 Subject: [PATCH 52/62] add remove-item back --- Testing/workflow/Build-SignRelease.Tests.ps1 | 4 ++-- utils/workflow/Build-SignRelease.ps1 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index c83806917f..a65e701380 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -4,12 +4,12 @@ # The purpose of this test to ensure that the function properly signs the module. -Describe "Sign Module Check" { +Describe "Bad Inputs Check" { It "Bad key vault URL should be handled gracefully" { $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve # Source the function . $ScriptPath - $RootFolderPath = Join-Path -Path $PSScriptRoot -Childpath '../../../..' -Resolve + $RootFolderPath = Join-Path -Path $PSScriptRoot -Childpath '../..' -Resolve Write-Warning "Root Folder Path: $RootFolderPath" New-ModuleSignature ` -AzureKeyVaultUrl "https://www.cisa.gov" ` diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 2331d54fc1..4215173a72 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -38,7 +38,7 @@ function New-ModuleSignature { Write-Warning "Directory exists" } else { Write-Warning "Directory does not exist; throwing an exception..." - # throw [System.IO.DirectoryNotFoundException] "Directory not found: $RootFolderName" + throw [System.IO.DirectoryNotFoundException] "Directory not found: $RootFolderName" } # Source the deploy utilities so the functions in it can be called. @@ -47,7 +47,7 @@ function New-ModuleSignature { # Remove non-release files (required for non-Windows machines) # Delete git folder - # Remove-Item -Recurse -Force $RootFolderName -Include .git* + Remove-Item -Recurse -Force $RootFolderName -Include .git* Write-Warning "Creating an array of the files to sign..." $ArrayOfFilePaths = New-ArrayOfFilePaths ` -ModuleDestinationPath $RootFolderName From c99f5b7bd17f25924d6bcefe32702b91a90581fd Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Thu, 9 Jan 2025 09:14:27 -0500 Subject: [PATCH 53/62] clarify comments --- utils/workflow/Build-SignRelease.ps1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/utils/workflow/Build-SignRelease.ps1 b/utils/workflow/Build-SignRelease.ps1 index 4215173a72..d3f47c99d1 100644 --- a/utils/workflow/Build-SignRelease.ps1 +++ b/utils/workflow/Build-SignRelease.ps1 @@ -45,8 +45,7 @@ function New-ModuleSignature { $PublishPath = Join-Path -Path $PSScriptRoot -ChildPath '..\..\utils\workflow\Publish-ScubaGear.ps1' -Resolve . $PublishPath - # Remove non-release files (required for non-Windows machines) - # Delete git folder + # Remove non-release files, like the .git dir, required for non-Windows machines Remove-Item -Recurse -Force $RootFolderName -Include .git* Write-Warning "Creating an array of the files to sign..." $ArrayOfFilePaths = New-ArrayOfFilePaths ` From 28dfeb543694e61fa215bb4d0936e27d3a138153 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Fri, 17 Jan 2025 12:08:54 -0500 Subject: [PATCH 54/62] Cleanup --- Testing/workflow/Build-SignRelease.Tests.ps1 | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index a65e701380..27a7952a44 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -11,6 +11,8 @@ Describe "Bad Inputs Check" { . $ScriptPath $RootFolderPath = Join-Path -Path $PSScriptRoot -Childpath '../..' -Resolve Write-Warning "Root Folder Path: $RootFolderPath" + # Copy to pester $TestDrive and put in repo folder + # pass that repo folder to signature below New-ModuleSignature ` -AzureKeyVaultUrl "https://www.cisa.gov" ` -CertificateName "certificate name" ` @@ -18,16 +20,3 @@ Describe "Bad Inputs Check" { -RootFolderName $RootFolderPath } } - -# Describe "Bad Inputs Check" { -# It "Bad inputs should be handled gracefully" { -# $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve -# # Source the function -# . $ScriptPath -# New-ModuleSignature ` -# -AzureKeyVaultUrl "https://www.example.com" ` -# -CertificateName "certificate name" ` -# -ReleaseVersion "0.0.1" ` -# -RootFolderName . -# } -# } \ No newline at end of file From c0ec264480e3ed56c9106842376518a1eeb961f9 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Fri, 17 Jan 2025 13:45:32 -0500 Subject: [PATCH 55/62] add exception test --- Testing/workflow/Build-SignRelease.Tests.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index 27a7952a44..437e7cf6f4 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -5,18 +5,18 @@ # The purpose of this test to ensure that the function properly signs the module. Describe "Bad Inputs Check" { - It "Bad key vault URL should be handled gracefully" { + It "The root folder name should exist" { $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve # Source the function . $ScriptPath - $RootFolderPath = Join-Path -Path $PSScriptRoot -Childpath '../..' -Resolve - Write-Warning "Root Folder Path: $RootFolderPath" + # $RootFolderPath = Join-Path -Path $PSScriptRoot -Childpath '../..' -Resolve + # Write-Warning "Root Folder Path: $RootFolderPath" # Copy to pester $TestDrive and put in repo folder # pass that repo folder to signature below New-ModuleSignature ` -AzureKeyVaultUrl "https://www.cisa.gov" ` -CertificateName "certificate name" ` -ReleaseVersion "0.0.1" ` - -RootFolderName $RootFolderPath + -RootFolderName "nonexistantfoldername" | Should -Throw } } From 25682314298b01a83b7f18fa90fb2e227bbd2874 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Fri, 17 Jan 2025 13:58:52 -0500 Subject: [PATCH 56/62] add scriptblock --- Testing/workflow/Build-SignRelease.Tests.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index 437e7cf6f4..722706d535 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -13,10 +13,10 @@ Describe "Bad Inputs Check" { # Write-Warning "Root Folder Path: $RootFolderPath" # Copy to pester $TestDrive and put in repo folder # pass that repo folder to signature below - New-ModuleSignature ` + { New-ModuleSignature ` -AzureKeyVaultUrl "https://www.cisa.gov" ` -CertificateName "certificate name" ` -ReleaseVersion "0.0.1" ` - -RootFolderName "nonexistantfoldername" | Should -Throw + -RootFolderName "nonexistantfoldername" } | Should -Throw } } From 430a3c132164135e2b75c5e4f56e3c0ae968f160 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Fri, 17 Jan 2025 14:29:40 -0500 Subject: [PATCH 57/62] Comments --- Testing/workflow/Build-SignRelease.Tests.ps1 | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index 722706d535..57a2de23d4 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -1,18 +1,14 @@ -# Add test with bad key vault URL -# Add test with bad cert name -# Add test that checks for zip file after compress - -# The purpose of this test to ensure that the function properly signs the module. +# The purpose of this test to ensure that the function fails +# gracefully if the root folder name does not exist. +# Note: Functional testing (not unit testing) should be used +# to verify that AST itself actually works. Describe "Bad Inputs Check" { It "The root folder name should exist" { $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve # Source the function . $ScriptPath - # $RootFolderPath = Join-Path -Path $PSScriptRoot -Childpath '../..' -Resolve - # Write-Warning "Root Folder Path: $RootFolderPath" - # Copy to pester $TestDrive and put in repo folder - # pass that repo folder to signature below + # The function should throw an exception if the root folder name does not exist. { New-ModuleSignature ` -AzureKeyVaultUrl "https://www.cisa.gov" ` -CertificateName "certificate name" ` From cfb9af203991fb9a489690fdc42ae2cb15586f25 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Fri, 17 Jan 2025 14:52:17 -0500 Subject: [PATCH 58/62] remove outdated comments --- .github/workflows/build_sign_release.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index f94caad798..b0380223e9 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -31,9 +31,6 @@ jobs: name: Build and Draft Release runs-on: windows-latest environment: Development - # TODO get rid of this env variable - # env: - # RELEASE_VERSION: ${{ inputs.version }} permissions: id-token: write contents: write From c5a09b566576664fb9a25d7fa17026816abe6ad0 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Tue, 21 Jan 2025 07:56:05 -0500 Subject: [PATCH 59/62] Add comment --- .github/workflows/build_sign_release.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index b0380223e9..cececcc880 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -14,6 +14,9 @@ on: # That value is found in ScubaGear.psd1. # This is only used for things like the release file name. # Yes, this is a disconnect that violates DRY. + # Note: It's possible that this value could be retrieved from ScubaGear.psd1 + # using a function similar to Set-ScubaGearVersionManifest in + # utils/workflow/Set-ScubaGearModuleVersion.psm1. version: description: "Release Version (e.g., 1.2.4)" required: true From a6ecb8d5b1d61fca35de84edf888e6d77c69501a Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Tue, 21 Jan 2025 08:15:26 -0500 Subject: [PATCH 60/62] Lint --- .github/workflows/build_sign_release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index cececcc880..885d8326b7 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -15,7 +15,7 @@ on: # This is only used for things like the release file name. # Yes, this is a disconnect that violates DRY. # Note: It's possible that this value could be retrieved from ScubaGear.psd1 - # using a function similar to Set-ScubaGearVersionManifest in + # using a function similar to Set-ScubaGearVersionManifest in # utils/workflow/Set-ScubaGearModuleVersion.psm1. version: description: "Release Version (e.g., 1.2.4)" From a377b12861bf87e90d4f27dc4aaf210362c2d0a8 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Mon, 27 Jan 2025 10:24:03 -0500 Subject: [PATCH 61/62] Remove helpful comment --- .github/workflows/publish_private_package.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/publish_private_package.yaml b/.github/workflows/publish_private_package.yaml index e464950b66..8e97ae6f99 100644 --- a/.github/workflows/publish_private_package.yaml +++ b/.github/workflows/publish_private_package.yaml @@ -67,7 +67,6 @@ jobs: New-PrivateGallery -GalleryName $env:GalleryName -Trusted - name: Sign and Publish Module run: | - # Source the function. . repo/utils/workflow/Publish-ScubaGear.ps1 # Remove non-release files Remove-Item -Recurse -Force repo -Include .git* From decd14b754124411e8bed02d80e1603a034bbae6 Mon Sep 17 00:00:00 2001 From: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Mon, 27 Jan 2025 10:34:40 -0500 Subject: [PATCH 62/62] comment --- .github/workflows/build_sign_release.yaml | 1 - .github/workflows/publish_private_package.yaml | 1 - .github/workflows/publish_public_package.yaml | 2 -- Testing/workflow/Build-SignRelease.Tests.ps1 | 3 +-- Testing/workflow/Install-AzureSignTool.Tests.ps1 | 1 - 5 files changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/build_sign_release.yaml b/.github/workflows/build_sign_release.yaml index 885d8326b7..db84e454f7 100644 --- a/.github/workflows/build_sign_release.yaml +++ b/.github/workflows/build_sign_release.yaml @@ -70,7 +70,6 @@ jobs: echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT - name: Sign Module run: | - # Source the function. . repo/utils/workflow/Build-SignRelease.ps1 New-ModuleSignature ` -AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} ` diff --git a/.github/workflows/publish_private_package.yaml b/.github/workflows/publish_private_package.yaml index 8e97ae6f99..0fd9465978 100644 --- a/.github/workflows/publish_private_package.yaml +++ b/.github/workflows/publish_private_package.yaml @@ -61,7 +61,6 @@ jobs: echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT - name: Create Private Gallery run: | - # Source the function. . repo/utils/workflow/Publish-ScubaGear.ps1 cd repo New-PrivateGallery -GalleryName $env:GalleryName -Trusted diff --git a/.github/workflows/publish_public_package.yaml b/.github/workflows/publish_public_package.yaml index ca4185ef05..61e0391130 100644 --- a/.github/workflows/publish_public_package.yaml +++ b/.github/workflows/publish_public_package.yaml @@ -46,7 +46,6 @@ jobs: path: repo - name: Install Azure Signing Tool run: | - # Source the function . repo/utils/workflow/Install-AzureSignTool.ps1 Install-AzureSignTool # OIDC Login to Azure Public Cloud with AzPowershell @@ -67,7 +66,6 @@ jobs: echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT - name: Sign and Publish Module run: | - # Source the function. . repo/utils/workflow/Publish-ScubaGear.ps1 # Remove non-release files Remove-Item -Recurse -Force repo -Include .git* diff --git a/Testing/workflow/Build-SignRelease.Tests.ps1 b/Testing/workflow/Build-SignRelease.Tests.ps1 index 57a2de23d4..80f863da2b 100644 --- a/Testing/workflow/Build-SignRelease.Tests.ps1 +++ b/Testing/workflow/Build-SignRelease.Tests.ps1 @@ -6,11 +6,10 @@ Describe "Bad Inputs Check" { It "The root folder name should exist" { $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Build-SignRelease.ps1' -Resolve - # Source the function . $ScriptPath # The function should throw an exception if the root folder name does not exist. { New-ModuleSignature ` - -AzureKeyVaultUrl "https://www.cisa.gov" ` + -AzureKeyVaultUrl "https://www.example.com" ` -CertificateName "certificate name" ` -ReleaseVersion "0.0.1" ` -RootFolderName "nonexistantfoldername" } | Should -Throw diff --git a/Testing/workflow/Install-AzureSignTool.Tests.ps1 b/Testing/workflow/Install-AzureSignTool.Tests.ps1 index 7fa6a378aa..17f4b24d36 100644 --- a/Testing/workflow/Install-AzureSignTool.Tests.ps1 +++ b/Testing/workflow/Install-AzureSignTool.Tests.ps1 @@ -2,7 +2,6 @@ BeforeDiscovery { $ScriptPath = Join-Path -Path $PSScriptRoot -ChildPath '../../utils/workflow/Install-AzureSignTool.ps1' -Resolve - # Source the function . $ScriptPath Install-AzureSignTool }