- Create manually-triggered GitHub Action to build a release-ready NuGet package

nwithan8 · nwithan8 · commit 6fd6b203281e · 2024-11-20T16:02:11.000-07:00
diff --git a/.github/workflows/manual_release_prep.yml b/.github/workflows/manual_release_prep.yml
@@ -0,0 +1,70 @@
+name: Manually build release-ready NuGet package
+
+on:
+  workflow_dispatch: ~
+
+jobs:
+  build:
+    name: Build Release-Ready NuGet Package
+    runs-on: windows-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install .NET SDK
+        uses: actions/setup-dotnet@v3
+        with:
+          # .NET 5 is deprecated and removed from GitHub Actions, we need to manually install it
+          dotnet-version: |
+            5.x.x
+            8.x.x
+
+      - name: Setup Nuget
+        uses: NuGet/setup-nuget@v1.1.1
+
+      - name: Restore NuGet Packages
+        run: make restore
+
+      - name: Set up dotnet tools and dependencies
+        run: make install
+
+      - name: Set up authenticity certificate
+        run: |
+          echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
+        shell: bash
+
+      - name: Set variables
+        id: variables
+        run: |
+          echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
+          echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
+          echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV"
+          echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
+          echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
+          echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
+          echo "C:\Program Files\DigiCert\DigiCert Keylocker Tools" >> $GITHUB_PATH
+        shell: bash
+
+      - name: Setup Keylocker KSP on Windows
+        run: |
+          curl -X GET  https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o Keylockertools-windows-x64.msi
+          msiexec /i Keylockertools-windows-x64.msi /quiet /qn
+          smksp_registrar.exe list
+          smctl.exe keypair ls
+          C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
+        shell: cmd
+
+      - name: Sync Certificates
+        run: |
+          smctl windows certsync
+        shell: cmd
+
+      - name: Build and Sign NuGet package
+        run: |
+          call scripts\win\build_release_nuget.bat EasyPost EasyPostNETStrongNameSigning.snk "${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}" Release
+        shell: cmd
+
+      - name: Upload NuGet package to Action output
+        uses: actions/upload-artifact@v4
+        with:
+          path: "*.nupkg"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -3,6 +3,7 @@ name: Release
 on:
   release:
     types: [ published ]
+  workflow_dispatch: ~
 
 jobs:
   publish:
@@ -74,9 +75,4 @@ jobs:
           files: "*.nupkg"
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Upload NuGet package to Action output
-        uses: actions/upload-artifact@v4
-        with:
-          path: "*.nupkg"
-
 
