Update repos changes

gururajsh · Oct 21, 2024 · b8c8f03 · b8c8f03
1 parent b60c18e
commit b8c8f03
Show file tree

Hide file tree

Showing 3 changed files with 79 additions and 80 deletions.
diff --git a/.github/workflows/release-build-sign-upload.yml b/.github/workflows/release-build-sign-upload.yml
@@ -639,55 +639,55 @@ jobs:
           make out/cf-cli_win32.exe
           make out/cf-cli_winx64.exe
 
-      # - name: Set up certificate
-      #   run: |
-      #     echo "${{ secrets.SIGNING_KEY_WINDOWS_DIGICERT_CLIENT_CERT_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
-      #   shell: bash
-
-      # - name: Set variables
-      #   id: variables
-      #   run: |
-      #     echo "SM_HOST=${{ vars.SIGNING_KEY_WINDOWS_DIGICERT_HOST }}" >> "$GITHUB_ENV"
-      #     echo "SM_API_KEY=${{ secrets.SIGNING_KEY_WINDOWS_DIGICERT_API_KEY }}" >> "$GITHUB_ENV"
-      #     echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV"
-      #     echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SIGNING_KEY_WINDOWS_DIGICERT_CLIENT_CERT_INSTALLATION_PASSWORD }}" >> "$GITHUB_ENV"
-      #     echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
-      #     echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
-      #     echo "C:\Program Files\DigiCert\DigiCert Keylocker Tools" >> $GITHUB_PATH
-      #   shell: bash
-
-      # - name: Setup Keylocker KSP on Windows
-      #   run: |
-      #     curl -X GET  https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o Keylockertools-windows-x64.msi
-      #     msiexec /i Keylockertools-windows-x64.msi /quiet /qn
-      #     smksp_registrar.exe list
-      #     smctl.exe keypair ls
-      #     C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
-      #     smctl windows certsync
-      #   shell: cmd
-
-      # - name: Sign Windows binaries
-      #   run: |
-      #     smctl healthcheck --all
-      #     smctl sign --fingerprint ${{ secrets.SIGNING_KEY_WINDOWS_DIGICERT_CERT_FINGERPRINT }} --tool signtool --input out\cf-cli_win32.exe
-      #     smctl sign --fingerprint ${{ secrets.SIGNING_KEY_WINDOWS_DIGICERT_CERT_FINGERPRINT }} --tool signtool --input out\cf-cli_winx64.exe
-
-      # - name: View binary signatures
-      #   run: |
-      #     Get-AuthenticodeSignature -Verbose -ErrorAction Stop .\out\cf-cli_win32.exe
-      #     Get-AuthenticodeSignature -Verbose -ErrorAction Stop .\out\cf-cli_winx64.exe
-
-      # - name: Make symlinks
-      #   run: |
-      #     New-Item -ItemType SymbolicLink -Target .\out\cf-cli_win32.exe -Path .\out\cf-cli_win32-link.exe
-      #     New-Item -ItemType SymbolicLink -Target .\out\cf-cli_winx64.exe -Path .\out\cf-cli_winx64-link.exe
-
-      # - name: Save signed binaries as a GitHub Action Artifact
-      #   uses: actions/upload-artifact@v4
-      #   with:
-      #     name: cf-cli-windows-binaries
-      #     if-no-files-found: error
-      #     path: out/cf-cli_win*.exe
+      - name: Set up certificate
+        run: |
+          echo "${{ secrets.SIGNING_KEY_WINDOWS_DIGICERT_CLIENT_CERT_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
+        shell: bash
+
+      - name: Set variables
+        id: variables
+        run: |
+          echo "SM_HOST=${{ vars.SIGNING_KEY_WINDOWS_DIGICERT_HOST }}" >> "$GITHUB_ENV"
+          echo "SM_API_KEY=${{ secrets.SIGNING_KEY_WINDOWS_DIGICERT_API_KEY }}" >> "$GITHUB_ENV"
+          echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV"
+          echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SIGNING_KEY_WINDOWS_DIGICERT_CLIENT_CERT_INSTALLATION_PASSWORD }}" >> "$GITHUB_ENV"
+          echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
+          echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
+          echo "C:\Program Files\DigiCert\DigiCert Keylocker Tools" >> $GITHUB_PATH
+        shell: bash
+
+      - name: Setup Keylocker KSP on Windows
+        run: |
+          curl -X GET  https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o Keylockertools-windows-x64.msi
+          msiexec /i Keylockertools-windows-x64.msi /quiet /qn
+          smksp_registrar.exe list
+          smctl.exe keypair ls
+          C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
+          smctl windows certsync
+        shell: cmd
+
+      - name: Sign Windows binaries
+        run: |
+          smctl healthcheck --all
+          smctl sign --fingerprint ${{ secrets.SIGNING_KEY_WINDOWS_DIGICERT_CERT_FINGERPRINT }} --tool signtool --input out\cf-cli_win32.exe
+          smctl sign --fingerprint ${{ secrets.SIGNING_KEY_WINDOWS_DIGICERT_CERT_FINGERPRINT }} --tool signtool --input out\cf-cli_winx64.exe
+
+      - name: View binary signatures
+        run: |
+          Get-AuthenticodeSignature -Verbose -ErrorAction Stop .\out\cf-cli_win32.exe
+          Get-AuthenticodeSignature -Verbose -ErrorAction Stop .\out\cf-cli_winx64.exe
+
+      - name: Make symlinks
+        run: |
+          New-Item -ItemType SymbolicLink -Target .\out\cf-cli_win32.exe -Path .\out\cf-cli_win32-link.exe
+          New-Item -ItemType SymbolicLink -Target .\out\cf-cli_winx64.exe -Path .\out\cf-cli_winx64-link.exe
+
+      - name: Save signed binaries as a GitHub Action Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: cf-cli-windows-binaries
+          if-no-files-found: error
+          path: out/cf-cli_win*.exe
 
       - name: Install innosetup
         run: .\.github\win\install-innosetup.ps1
@@ -699,21 +699,21 @@ jobs:
           mkdir "${env:RUNNER_TEMP}\win32"
           .\.github\win\run-innosetup.ps1 -InnoSetupConfig ".github\win\windows-installer-v${env:VERSION_MAJOR}-x86.iss" -CfBinary "out\cf-cli_win32.exe" -InstallerOutput "${env:RUNNER_TEMP}\win32\cf${env:VERSION_MAJOR}_installer.exe"
 
-      # - name: Sign Windows installers
-      #   run: |
-      #     smctl sign --fingerprint ${{ secrets.SIGNING_KEY_WINDOWS_DIGICERT_CERT_FINGERPRINT }} --tool signtool --input "${env:RUNNER_TEMP}\win32\cf${env:VERSION_MAJOR}_installer.exe"
-      #     smctl sign --fingerprint ${{ secrets.SIGNING_KEY_WINDOWS_DIGICERT_CERT_FINGERPRINT }} --tool signtool --input "${env:RUNNER_TEMP}\winx64\cf${env:VERSION_MAJOR}_installer.exe"
-
-      # - name: View installer signature
-      #   run: |
-      #     Get-AuthenticodeSignature -Verbose -ErrorAction Stop "${env:RUNNER_TEMP}\win32\cf${env:VERSION_MAJOR}_installer.exe"
-      #     Get-AuthenticodeSignature -Verbose -ErrorAction Stop "${env:RUNNER_TEMP}\winx64\cf${env:VERSION_MAJOR}_installer.exe"
-
-      # - name: Arrange files for upload
-      #   # note the -Path flag takes comma-delimited args
-      #   run: |
-      #     Copy-Item -Destination "${env:RUNNER_TEMP}\win32" -Path .github\win\LICENSE,.github\win\NOTICE
-      #     Copy-Item -Destination "${env:RUNNER_TEMP}\winx64" -Path .github\win\LICENSE,.github\win\NOTICE
+      - name: Sign Windows installers
+        run: |
+          smctl sign --fingerprint ${{ secrets.SIGNING_KEY_WINDOWS_DIGICERT_CERT_FINGERPRINT }} --tool signtool --input "${env:RUNNER_TEMP}\win32\cf${env:VERSION_MAJOR}_installer.exe"
+          smctl sign --fingerprint ${{ secrets.SIGNING_KEY_WINDOWS_DIGICERT_CERT_FINGERPRINT }} --tool signtool --input "${env:RUNNER_TEMP}\winx64\cf${env:VERSION_MAJOR}_installer.exe"
+
+      - name: View installer signature
+        run: |
+          Get-AuthenticodeSignature -Verbose -ErrorAction Stop "${env:RUNNER_TEMP}\win32\cf${env:VERSION_MAJOR}_installer.exe"
+          Get-AuthenticodeSignature -Verbose -ErrorAction Stop "${env:RUNNER_TEMP}\winx64\cf${env:VERSION_MAJOR}_installer.exe"
+
+      - name: Arrange files for upload
+        # note the -Path flag takes comma-delimited args
+        run: |
+          Copy-Item -Destination "${env:RUNNER_TEMP}\win32" -Path .github\win\LICENSE,.github\win\NOTICE
+          Copy-Item -Destination "${env:RUNNER_TEMP}\winx64" -Path .github\win\LICENSE,.github\win\NOTICE
 
       - name: Zip Windows artifact
         run: |

diff --git a/.github/workflows/release-update-repos.yml b/.github/workflows/release-update-repos.yml
@@ -3,11 +3,6 @@ run-name: "Release: Update Repositories [${{ github.ref_name }}]"
 
 on:
   workflow_dispatch:
-    inputs:
-      build_version:
-        description: 'build version format: n.n.n'
-        required: true
-        type: string
 
 permissions:
   contents: write
@@ -20,12 +15,14 @@ jobs:
   setup:
     name: Setup
     runs-on: ubuntu-latest
+    env:
+      VERSION_MAJOR: 8
     if: ${{ github.action_repository != 'cloudfoundry/cli' }}
     outputs:
       secrets-environment: ${{ steps.set-secrets-environment.outputs.secrets-environment }}
 
       version-build: ${{ steps.parse-semver.outputs.version-build }}
-      version-major: ${{ steps.parse-semver.outputs.version-major }}
+      version-major: ${{ env.VERSION_MAJOR }}
       version-minor: ${{ steps.parse-semver.outputs.version-minor }}
       version-patch: ${{ steps.parse-semver.outputs.version-patch }}
       claw-url: ${{ steps.set-claw-url.outputs.claw-url }}
@@ -45,18 +42,20 @@ jobs:
     - name: Parse semver
       id: parse-semver
       run: |
-        VERSION=$(cat BUILD_VERSION)
-        VERSION="${VERSION#[vV]}"
+        latest_tag="$(gh release list -L 2 --repo cloudfoundry/cli --exclude-pre-releases --exclude-drafts --json tagName --jq '.[].tagName' | grep v${VERSION_MAJOR})"
+        echo "Latest tag is ${latest_tag}"
+        
+        version="${latest_tag#[vV]}"
 
-        VERSION_MINOR="${VERSION#*.}"
-        VERSION_MINOR="${VERSION_MINOR%.*}"
+        version_minor="${version#*.}"
+        version_minor="${version_minor%.*}"
 
-        echo "version-build=${VERSION}"       >> "${GITHUB_OUTPUT}"
-        echo "version-major=${VERSION%%\.*}"  >> "${GITHUB_OUTPUT}"
-        echo "version-minor=${VERSION_MINOR}" >> "${GITHUB_OUTPUT}"
-        echo "version-patch=${VERSION##*.}"   >> "${GITHUB_OUTPUT}"
+        echo "version-build=${version}"       >> "${GITHUB_OUTPUT}"
+        echo "version-major=${version%%\.*}"  >> "${GITHUB_OUTPUT}"
+        echo "version-minor=${version_minor}" >> "${GITHUB_OUTPUT}"
+        echo "version-patch=${version##*.}"   >> "${GITHUB_OUTPUT}"
 
-        echo "VERSION_BUILD=${VERSION}"       >> "${GITHUB_ENV}"
+        echo "VERSION_BUILD=${version}"       >> "${GITHUB_ENV}"
 
     - name: Test if CLAW serve this version
       env:
@@ -363,7 +362,6 @@ jobs:
     - name: Setup
       env:
         ENVIRONMENT:   ${{ github.event.inputs.environment }}
-        VERSION_BUILD: ${{ github.event.inputs.build_version }}
       run: |
         echo "VERSION_BUILD: ${VERSION_BUILD}"
         echo "Environment: ${ENVIRONMENT}"

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -40,6 +40,7 @@ jobs:
 
           if [ "${{ inputs.release_version }}" == "minor" ]; then
             version_minor=$(($version_minor + 1))
+            version_patch=0
           else
             version_patch=$(($version_patch + 1))
           fi