From 4f9a821499d8b6c5619d024ad44a5c423b3dd74b Mon Sep 17 00:00:00 2001 From: Alexander Holstrup <117829001+aholstrup1@users.noreply.github.com> Date: Wed, 22 May 2024 14:14:05 +0200 Subject: [PATCH] Move publishing of containerhelper to federated credentials (#3545) Move publishing of containerhelper to federated credentials Related to AB#535824 --- .github/workflows/CI.yaml | 25 ++++++++++++++++++++----- .github/workflows/Release.yaml | 25 ++++++++++++++++++++----- 2 files changed, 40 insertions(+), 10 deletions(-) diff --git a/.github/workflows/CI.yaml b/.github/workflows/CI.yaml index 834b36b20..d3423552f 100644 --- a/.github/workflows/CI.yaml +++ b/.github/workflows/CI.yaml @@ -13,6 +13,7 @@ permissions: actions: read pull-requests: write checks: write + id-token: write concurrency: group: 'runTests-${{ github.ref }}' @@ -147,6 +148,20 @@ jobs: needs: [ PS5, PS7, Linux ] if: github.repository_owner == 'microsoft' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') steps: + - name: 'Az CLI login' + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + enable-AzPSSession: true + + - name: Install Azure Powershell Modules + run: | + if(-not (Get-Module 'Az.Storage' -ListAvailable)) { + Install-Module -Name 'Az.Storage' -Force -AllowClobber + } + - name: Checkout uses: actions/checkout@v4 @@ -216,12 +231,12 @@ jobs: Set-AuthenticodeSignature -Certificate $cert -HashAlgorithm SHA256 -TimestampServer "http://timestamp.digicert.com" -FilePath $filesToSign Write-Host "Upload to storage (preview)" - $storageContext = New-AzureStorageContext -ConnectionString '${{ secrets.BchStorageConnectionString }}' - New-AzureStorageContainer -Name 'public' -Context $storageContext -Permission 'Container' -ErrorAction Ignore | Out-Null + $storageContext = New-AzStorageContext -StorageAccountName 'bccontainerhelper' -UseConnectedAccount + New-AzStorageContainer -Name 'public' -Context $storageContext -Permission 'Container' -ErrorAction Ignore | Out-Null Compress-Archive -path $path -DestinationPath "$($path).zip" - Set-AzureStorageBlobContent -File "$($path).zip" -Context $storageContext -Container 'public' -Blob "$version-$prerelease.zip" -Force | Out-Null - Set-AzureStorageBlobContent -File "$($path).zip" -Context $storageContext -Container 'public' -Blob "preview.zip" -Force | Out-Null + Set-AzStorageBlobContent -File "$($path).zip" -Context $storageContext -Container 'public' -Blob "$version-$prerelease.zip" -Force | Out-Null + Set-AzStorageBlobContent -File "$($path).zip" -Context $storageContext -Container 'public' -Blob "preview.zip" -Force | Out-Null Write-Host "Publishing Module" Publish-Module -Path $path -NuGetApiKey '${{ secrets.NugetKey }}' -SkipAutomaticTags @@ -229,4 +244,4 @@ jobs: catch { Write-Host "::Error::Error publishing module. Error was $($_.Exception.Message)" $host.SetShouldExit(1) - } + } \ No newline at end of file diff --git a/.github/workflows/Release.yaml b/.github/workflows/Release.yaml index 51953b06d..7abdf1009 100644 --- a/.github/workflows/Release.yaml +++ b/.github/workflows/Release.yaml @@ -5,6 +5,7 @@ on: permissions: contents: read + id-token: write concurrency: Release @@ -17,6 +18,20 @@ jobs: if: github.repository == 'Microsoft/NavContainerHelper' runs-on: [ windows-latest ] steps: + - name: 'Az CLI login' + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + enable-AzPSSession: true + + - name: Install Azure Powershell Modules + run: | + if(-not (Get-Module 'Az.Storage' -ListAvailable)) { + Install-Module -Name 'Az.Storage' -Force -AllowClobber + } + - name: Checkout uses: actions/checkout@v4 @@ -85,12 +100,12 @@ jobs: Set-AuthenticodeSignature -Certificate $cert -HashAlgorithm SHA256 -TimestampServer "http://timestamp.digicert.com" -FilePath $filesToSign Write-Host "Upload to storage (preview)" - $storageContext = New-AzureStorageContext -ConnectionString '${{ secrets.BchStorageConnectionString }}' - New-AzureStorageContainer -Name 'public' -Context $storageContext -Permission 'Container' -ErrorAction Ignore | Out-Null - + $storageContext = New-AzStorageContext -StorageAccountName 'bccontainerhelper' -UseConnectedAccount + New-AzStorageContainer -Name 'public' -Context $storageContext -Permission 'Container' -ErrorAction Ignore | Out-Null + Compress-Archive -path $path -DestinationPath "$($path).zip" - Set-AzureStorageBlobContent -File "$($path).zip" -Context $storageContext -Container 'public' -Blob "$version.zip" -Force | Out-Null - Set-AzureStorageBlobContent -File "$($path).zip" -Context $storageContext -Container 'public' -Blob "latest.zip" -Force | Out-Null + Set-AzStorageBlobContent -File "$($path).zip" -Context $storageContext -Container 'public' -Blob "$version.zip" -Force | Out-Null + Set-AzStorageBlobContent -File "$($path).zip" -Context $storageContext -Container 'public' -Blob "latest.zip" -Force | Out-Null Write-Host "Publishing Module" Publish-Module -Path $path -NuGetApiKey '${{ secrets.NugetKey }}' -SkipAutomaticTags