From 1f3e1c4d6fabaf39ea9e174c1b19a166d4c7a83d Mon Sep 17 00:00:00 2001 From: Ramon Quitales Date: Sat, 25 Jan 2025 00:56:13 -0800 Subject: [PATCH] Add secrets and use bash --- .github/workflows/prerelease.yml | 5 +++++ Makefile | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index d40aac4..53d09f2 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -47,6 +47,11 @@ env: GOOGLE_ZONE: us-central1-a DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} IS_PRERELEASE: true + AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }} + AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }} + AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }} + AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }} + SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' && secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID == '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }} jobs: # prerequisites: # runs-on: ubuntu-latest diff --git a/Makefile b/Makefile index 50b7254..4e24e2d 100644 --- a/Makefile +++ b/Makefile @@ -272,7 +272,7 @@ bin/jsign-6.0.jar: sign-windows-exe-amd64: GORELEASER_ARCH := amd64_v1 sign-windows-exe-arm64: GORELEASER_ARCH := arm64 - +sign-windows-exe-%: SHELL:=/bin/bash sign-windows-exe-%: bin/jsign-6.0.jar @# Only sign windows binary if fully configured. @# Test variables set by joining with | between and looking for || showing at least one variable is empty. @@ -284,7 +284,7 @@ sign-windows-exe-%: bin/jsign-6.0.jar echo "To rebuild with signing delete the unsigned windows exe file and rebuild with the fixed configuration"; \ if [[ "${CI}" == "true" ]]; then exit 1; fi; \ else \ - file=dist/pulumi-docker-build_windows_${GORELEASER_ARCH}/pulumi-resource-docker-build.exe; \ + file=dist/build-provider-sign-windows_windows_${GORELEASER_ARCH}/pulumi-resource-docker-build.exe; \ mv $${file} $${file}.unsigned; \ az login --service-principal \ --username "${AZURE_SIGNING_CLIENT_ID}" \