Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 29 additions & 5 deletions .github/workflows/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@ env:
LICENSE_KEY: ${{ secrets.LICENSE_KEY }}
SQL_USER_PASSWORD: ${{ secrets.SQL_USER_PASSWORD }}
S2MS_API_KEY: ${{ secrets.S2MS_API_KEY }}
AZURE_TRUSTED_SIGNING_ACCOUNT: SingleStore

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

consider moving this to the repository variables

AZURE_TRUSTED_SIGNING_PROFILE: ConnectorsReleaseProfile
AZURE_TRUSTED_SIGNING_ENDPOINT: https://eus.codesigning.azure.net/

jobs:
fetch-s2-versions:
Expand Down Expand Up @@ -206,11 +209,17 @@ jobs:
- name: Pack NuGet
run: dotnet pack .\src\EFCore.SingleStore\EFCore.SingleStore.csproj -c Release -o efcore_provider

- name: Upload Artifact
uses: actions/upload-artifact@v4
# Authenticate to Azure via OIDC (using your App Registration)
- name: Azure Login
uses: azure/login@v2
with:
name: efcore-provider
path: efcore_provider/
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

# Install Microsoft's unified Sign tool
- name: Install .NET Sign CLI Tool
run: dotnet tool install -g --prerelease sign

# Get a short-lived NuGet API key
- name: NuGet login (OIDC → temp API key)
Expand All @@ -219,7 +228,22 @@ jobs:
with:
user: ${{ secrets.NUGET_USER }}

# Push the package
# Sign the .nupkg file directly
- name: Sign NuGet Package with Artifact Signing
run: |
sign code artifact-signing `
--artifact-signing-endpoint "${{ env.AZURE_TRUSTED_SIGNING_ENDPOINT }}" `
--artifact-signing-account "${{ env.AZURE_TRUSTED_SIGNING_ACCOUNT }}" `
--artifact-signing-certificate-profile "${{ env.AZURE_TRUSTED_SIGNING_PROFILE }}" `
--timestamp-url "http://timestamp.acs.microsoft.com" `
"efcore_provider/*.nupkg"

- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: efcore-provider
path: efcore_provider/

- name: NuGet push
run: >
dotnet nuget push "efcore_provider/*.nupkg"
Expand Down
Loading