Remove 40 char API Key Validation (#145) #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release and Publish ADMU Module | |
| on: | |
| pull_request: | |
| types: | |
| - closed | |
| branches: | |
| - master | |
| permissions: | |
| contents: write | |
| id-token: write | |
| jobs: | |
| Check-If-Merged: | |
| if: github.event.pull_request.merged == true | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check if Merged | |
| run: echo {GITHUB_HEAD_REF} merged into master | |
| Filter-Branch: | |
| runs-on: ubuntu-latest | |
| if: contains(github.event.pull_request.labels.*.name, 'ADMU') | |
| steps: | |
| - run: echo "Building JumpCloud Module 'ADMU'" | |
| Check-PR-Labels: | |
| needs: ["Filter-Branch", "Check-If-Merged"] | |
| runs-on: ubuntu-latest | |
| outputs: | |
| RELEASE_TYPE: ${{ steps.validate.outputs.RELEASE_TYPE }} | |
| steps: | |
| - name: Validate-PR-Version-Labels | |
| id: validate | |
| shell: pwsh | |
| run: | | |
| $PR_LABEL_LIST=$(curl -s "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels" | jq -r '.[].name') | |
| if ("ADMU" -in $PR_LABEL_LIST) { | |
| write-host "Starting Build for ADMU Module Release" | |
| } | |
| # validate type from label list: | |
| $types = @('major', 'minor', 'patch', 'manual') | |
| $typeCount = 0 | |
| foreach ($item in $PR_LABEL_LIST) { | |
| if ($item -in $types) { | |
| write-host "$item" | |
| $typeCount += 1 | |
| $RELEASE_TYPE = $item | |
| } | |
| } | |
| if ($typeCount -eq 1) { | |
| echo "RELEASE_TYPE=$RELEASE_TYPE" >> $env:GITHUB_OUTPUT | |
| } else { | |
| throw "Multiple or invalid release types were found on PR" | |
| exit 1 | |
| } | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| Setup-Build-Dependancies: | |
| needs: ["Filter-Branch", "Check-PR-Labels"] | |
| runs-on: windows-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup PowerShell Module Cache | |
| id: cacher | |
| uses: actions/cache@v4 | |
| with: | |
| path: 'C:\Users\runneradmin\Documents\PowerShell\Modules\' | |
| key: PS-Dependancies | |
| - name: Install dependencies | |
| if: steps.cacher.outputs.cache-hit != 'true' | |
| shell: pwsh | |
| run: | | |
| Set-PSRepository PSGallery -InstallationPolicy Trusted | |
| If (!(Get-PackageProvider -Name:('NuGet') -ListAvailable -ErrorAction:('SilentlyContinue'))) { | |
| Write-Host ('[status]Installing package provider NuGet'); | |
| Install-PackageProvider -Name:('NuGet') -Scope:('CurrentUser') -Force | |
| } | |
| # define dependancies for this ci workflow: | |
| $PSDependencies = @{ | |
| 'PowerShellGet' = @{Repository = 'PSGallery'; RequiredVersion = '3.0.12-beta' } | |
| 'ps2exe' = @{Repository = 'PSGallery'; RequiredVersion = '1.0.13' } | |
| 'PlatyPS' = @{Repository = 'PSGallery'; RequiredVersion = '0.14.2' } | |
| 'JumpCloud.SDK.V1' = @{Repository = 'PSGallery'; RequiredVersion = 'latest'} | |
| 'JumpCloud.SDK.V2' = @{Repository = 'PSGallery'; RequiredVersion = 'latest'} | |
| 'JumpCloud.SDK.DirectoryInsights' = @{Repository = 'PSGallery'; RequiredVersion = 'latest'} | |
| 'JumpCloud' = @{Repository = 'PSGallery'; RequiredVersion = 'latest'} | |
| } | |
| foreach ($RequiredModule in $PSDependencies.Keys) { | |
| If ([System.String]::IsNullOrEmpty((Get-InstalledModule | Where-Object { $_.Name -eq $RequiredModule }))) { | |
| $latestModule = find-module $RequiredModule | |
| Write-Host "[status] latest module: $RequiredModule; latest version: $($latestModule.Version)" | |
| Write-Host("[status] Installing module: '$RequiredModule'; version: $($PSDependencies[$RequiredModule].RequiredVersion) from $($PSDependencies[$RequiredModule].Repository)") | |
| if ($($PSDependencies[$RequiredModule].RequiredVersion) -eq "latest"){ | |
| Install-Module -Name $RequiredModule -Repository:($($PSDependencies[$RequiredModule].Repository)) -Force | |
| } else { | |
| if($RequiredModule -eq 'PowerShellGet'){ | |
| Install-Module -Name $RequiredModule -Repository:($($PSDependencies[$RequiredModule].Repository)) -RequiredVersion:($($PSDependencies[$RequiredModule].RequiredVersion)) -AllowPrerelease -Force -allowClobber | |
| } else { | |
| Install-Module -Name $RequiredModule -Repository:($($PSDependencies[$RequiredModule].Repository)) -RequiredVersion:($($PSDependencies[$RequiredModule].RequiredVersion)) -AllowPrerelease -Force | |
| } | |
| } | |
| } | |
| } | |
| Build-Sign-ADMU: | |
| runs-on: windows-latest | |
| needs: ["Setup-Build-Dependancies", "Check-PR-Labels"] | |
| environment: Production | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/cache@v4 | |
| with: | |
| path: "/home/runner/.local/share/powershell/Modules/" | |
| key: PS-Dependancies | |
| - name: Build ADMU Module | |
| shell: powershell | |
| env: | |
| RELEASE_TYPE: ${{ needs.Check-PR-Labels.outputs.RELEASE_TYPE }} | |
| run: | | |
| . "${{ github.workspace }}/Deploy/build.ps1" -ModuleVersionType $env:RELEASE_TYPE -ModuleName "JumpCloud.ADMU" | |
| - name: Pack nuspec | |
| shell: pwsh | |
| run: | | |
| # set psm1 to point to public/start-migartion | |
| $psm1Path = "${{ github.workspace }}/jumpcloud-ADMU/JumpCloud.ADMU.psm1" | |
| $psm1Content = Get-Content -path $psm1Path | |
| $psm1Content = $psm1Content -replace "\\Powershell\\", "\Public\" | |
| Set-Content -Value $psm1Content -Path $psm1Path -Force | |
| # Pack | |
| nuget pack "${{ github.workspace }}/jumpcloud-ADMU/JumpCloud.ADMU.nuspec" | |
| - name: Validate NuPkg File | |
| shell: pwsh | |
| run: | | |
| $NupkgPathDirectory = (Get-ChildItem -Path:("./*.nupkg")).Directory | |
| $nupkgPath = (Get-ChildItem -Path:("./*.nupkg")).FullName | |
| Write-Host "NuPkg Path: $nupkgPath" | |
| mkdir $NupkgPathDirectory/nupkg_module | |
| unzip $nupkgPath -d $NupkgPathDirectory/nupkg_module | |
| $moduleRootFiles = Get-ChildItem -File -Path:("$NupkgPathDirectory/nupkg_module") | |
| $moduleRootDirectories = Get-ChildItem -Directory -Path:("$NupkgPathDirectory/nupkg_module") | |
| Write-Host "Module Files:\n$moduleRootFiles" | |
| Write-Host "Module Directories:\n$moduleRootDirectories" | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_NUMBER }}:role/${{ secrets.AWS_ROLE_NAME }} | |
| role-session-name: GHA_ADMU_SIGN_EXE | |
| - name: Set ADMU ENV VERSION | |
| id: admu-version | |
| shell: pwsh | |
| run: | | |
| $content = Get-Content -Path "${{ github.workspace }}/jumpcloud-ADMU/JumpCloud.ADMU.psd1" -Raw | |
| $matches = $content | Select-String -Pattern "ModuleVersion.*([0-9]+.[0-9]+.[0-9])" | |
| $version = $matches.matches.groups[1].value | |
| echo "RELEASE_VERSION=$version" >> $env:GITHUB_OUTPUT | |
| - name: Sign and Upload | |
| uses: ./.github/workflows/sign-common-actions | |
| env: | |
| RELEASE_VERSION: ${{ steps.admu-version.outputs.RELEASE_VERSION }} | |
| with: | |
| files: |- | |
| jumpcloud-ADMU/Exe/gui_jcadmu.exe | |
| jumpcloud-ADMU/Exe/uwp_jcadmu.exe | |
| SM_API_KEY: ${{ secrets.SM_V2_API_KEY }} | |
| SM_CLIENT_CERT_PASSWORD: ${{ secrets.SM_V2_CLIENT_CERT_PASSWORD }} | |
| SM_CLIENT_CERT_FILE_B64: ${{ secrets.SM_V2_CLIENT_CERT_FILE_B64 }} | |
| SM_HOST: ${{ secrets.SM_HOST }} | |
| region: ${{ secrets.AWS_REGION }} | |
| version: ${{ env.RELEASE_VERSION }} | |
| - name: Upload Release Artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: jumpcloud-admu | |
| path: | | |
| ${{ github.workspace }}/Jumpcloud-ADMU/Exe/*.exe | |
| ${{ github.workspace }}/Jumpcloud-ADMU/JumpCloud.ADMU.nuspec | |
| ${{ github.workspace }}/JumpCloud.ADMU.*.nupkg | |
| Draft-GH-Release: | |
| needs: [Build-Sign-ADMU] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download ADMU artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: jumpcloud-admu | |
| - name: Build Draft Release | |
| run: | | |
| VERSION=$(grep -Po '(\d+\.\d+\.\d+)' ${{ github.workspace }}/jumpcloud-ADMU/JumpCloud.ADMU.psd1) | |
| TITLE="JumpCloud ADMU v$VERSION" | |
| CHANGELOG=$(cat ${{ github.workspace }}/ModuleChangelog.md |awk "/^## $VERSION/{ f = 1; next } /## [0-9]+.[0-9]+.[0-9]+/{ f = 0 } f") | |
| TAG="v$VERSION" | |
| BODY="$TITLE $CHANGELOG" | |
| # draft release | |
| (gh release view $TAG && echo "Release exists for $TAG") || gh release create $TAG --title "$TITLE" --notes "$BODY" --draft | |
| # upload signed artifacts | |
| ls -la ${{ github.workspace }}/jumpcloud-ADMU/Exe/ | |
| gh release upload $TAG ${{ github.workspace }}/jumpcloud-ADMU/Exe/gui_jcadmu.exe ${{ github.workspace }}/jumpcloud-ADMU/Exe/uwp_jcadmu.exe | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| Manual-Approval-Release: | |
| needs: ["Draft-GH-Release"] | |
| environment: PublishToPSGallery | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Manual Approval for Release | |
| run: echo "Awaiting approval from required reviewers before continuing" | |
| Deploy-Nupkg: | |
| needs: [Manual-Approval-Release, Build-Sign-ADMU] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download ADMU artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: jumpcloud-admu | |
| - name: Publish | |
| shell: pwsh | |
| run: | | |
| # add nuget source for PSGallery: | |
| dotnet nuget add source "https://www.powershellgallery.com/api/v2/package" --name PSGallery | |
| # get nupkg artifact: | |
| $nupkgPath = (Get-ChildItem -Path:("./*.nupkg")).FullName | |
| # test | |
| $nupkgPath | Should -Exist | |
| Write-Host "Nupkg Artifact Restored: $nupkgPath" | |
| # nuget push from here: | |
| dotnet nuget push $nupkgPath --source PSGallery --api-key $env:NuGetApiKey | |
| env: | |
| NuGetApiKey: ${{ secrets.NUGETAPIKEY }} |