Skip to content

Commit 2f5e234

Browse files
BorisDogBorisDog
authored
CSHARP-5176: Migrate signing to Garasign (#1387)
1 parent 452b06f commit 2f5e234

File tree

2 files changed

+10
-18
lines changed

2 files changed

+10
-18
lines changed

evergreen/evergreen.yml

+2-3
Original file line numberDiff line numberDiff line change
@@ -1020,10 +1020,9 @@ functions:
10201020
env:
10211021
ARTIFACTORY_PASSWORD: ${ARTIFACTORY_PASSWORD}
10221022
ARTIFACTORY_USERNAME: ${ARTIFACTORY_USERNAME}
1023-
AZURE_NUGET_SIGN_TENANT_ID: ${AZURE_NUGET_SIGN_TENANT_ID}
1024-
AZURE_NUGET_SIGN_CLIENT_ID: ${AZURE_NUGET_SIGN_CLIENT_ID}
1025-
AZURE_NUGET_SIGN_CLIENT_SECRET: ${AZURE_NUGET_SIGN_CLIENT_SECRET}
10261023
PACKAGE_VERSION: "$PACKAGE_VERSION"
1024+
GRS_USERNAME: ${GRS_USERNAME}
1025+
GRS_PASSWORD: ${GRS_PASSWORD}
10271026
script: |
10281027
${PREPARE_SHELL}
10291028
. ./evergreen/sign-packages.sh

evergreen/sign-packages.sh

+8-15
Original file line numberDiff line numberDiff line change
@@ -4,22 +4,15 @@ set -o errexit # Exit the script with error if any of the commands fail
44
# Environment variables used as input:
55
# ARTIFACTORY_PASSWORD
66
# ARTIFACTORY_USERNAME
7-
# AZURE_NUGET_SIGN_TENANT_ID
8-
# AZURE_NUGET_SIGN_CLIENT_ID
9-
# AZURE_NUGET_SIGN_CLIENT_SECRET
7+
# GRS_USERNAME
8+
# GRS_PASSWORD
109
# PACKAGE_VERSION
1110

1211
echo "${ARTIFACTORY_PASSWORD}" | docker login --password-stdin --username "${ARTIFACTORY_USERNAME}" artifactory.corp.mongodb.com
1312

14-
docker run --platform="linux/amd64" --rm -v $(pwd):/workdir -w /workdir \
15-
artifactory.corp.mongodb.com/release-tools-container-registry-local/azure-keyvault-nuget \
16-
NuGetKeyVaultSignTool sign "artifacts/nuget/*.$PACKAGE_VERSION.nupkg" \
17-
--force \
18-
--file-digest=sha256 \
19-
--timestamp-rfc3161=http://timestamp.digicert.com \
20-
--timestamp-digest=sha256 \
21-
--azure-key-vault-url=https://mdb-authenticode.vault.azure.net \
22-
--azure-key-vault-tenant-id="$AZURE_NUGET_SIGN_TENANT_ID" \
23-
--azure-key-vault-client-secret="$AZURE_NUGET_SIGN_CLIENT_SECRET" \
24-
--azure-key-vault-client-id="$AZURE_NUGET_SIGN_CLIENT_ID" \
25-
--azure-key-vault-certificate=authenticode-2021
13+
echo "GRS_CONFIG_USER1_USERNAME=${GRS_USERNAME}" >> "signing-envfile"
14+
echo "GRS_CONFIG_USER1_PASSWORD=${GRS_PASSWORD}" >> "signing-envfile"
15+
16+
docker run --platform="linux/amd64" --env-file=signing-envfile --rm -v $(pwd):/workdir -w /workdir \
17+
artifactory.corp.mongodb.com/release-tools-container-registry-local/garasign-jsign \
18+
/bin/bash -c "jsign --tsaurl "http://timestamp.digicert.com" -a mongo-authenticode-2021 "./artifacts/nuget/*.$PACKAGE_VERSION.nupkg""

0 commit comments

Comments
 (0)