9f6e6f7fb3
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Policy Simulation / policy-simulate (push) Has been cancelled
SDK Publish & Sign / sdk-publish (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
44 lines
1.2 KiB
Bash
44 lines
1.2 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
# Signs NuGet packages using a PKCS#12 (PFX) certificate.
|
|
|
|
PACKAGES_GLOB=${PACKAGES_GLOB:-"out/sdk/*.nupkg"}
|
|
OUT_DIR=${OUT_DIR:-out/sdk}
|
|
TIMESTAMP_URL=${TIMESTAMP_URL:-""} # optional; keep empty for offline
|
|
|
|
PFX_PATH=${PFX_PATH:-""}
|
|
PFX_B64=${SDK_SIGNING_CERT_B64:-}
|
|
PFX_PASSWORD=${SDK_SIGNING_CERT_PASSWORD:-}
|
|
|
|
mkdir -p "$OUT_DIR"
|
|
|
|
if [[ -z "$PFX_PATH" ]]; then
|
|
if [[ -z "$PFX_B64" ]]; then
|
|
echo "No signing cert provided (SDK_SIGNING_CERT_B64/PFX_PATH); skipping signing."
|
|
exit 0
|
|
fi
|
|
PFX_PATH="$OUT_DIR/sdk-signing.pfx"
|
|
printf "%s" "$PFX_B64" | base64 -d > "$PFX_PATH"
|
|
fi
|
|
|
|
mapfile -t packages < <(ls $PACKAGES_GLOB 2>/dev/null || true)
|
|
if [[ ${#packages[@]} -eq 0 ]]; then
|
|
echo "No packages found under glob '$PACKAGES_GLOB'; nothing to sign."
|
|
exit 0
|
|
fi
|
|
|
|
for pkg in "${packages[@]}"; do
|
|
echo "Signing $pkg"
|
|
ts_args=()
|
|
if [[ -n "$TIMESTAMP_URL" ]]; then
|
|
ts_args=(--timestamp-url "$TIMESTAMP_URL")
|
|
fi
|
|
dotnet nuget sign "$pkg" \
|
|
--certificate-path "$PFX_PATH" \
|
|
--certificate-password "$PFX_PASSWORD" \
|
|
--hash-algorithm sha256 \
|
|
"${ts_args[@]}"
|
|
done
|
|
|
|
echo "Signed ${#packages[@]} package(s)."
|