Add AzureSignToolUtils and build with .props and .targets

ricaun-io · Dec 6, 2024 · 4a5ada4 · 4a5ada4
1 parent 22dc11b
commit 4a5ada4
Show file tree

Hide file tree

Showing 10 changed files with 975 additions and 3 deletions.
diff --git a/Build/.nuke/build.schema.json b/Build/.nuke/build.schema.json
@@ -24,6 +24,7 @@
     "ExecutableTarget": {
       "type": "string",
       "enum": [
+        "AzureSignTool",
         "Build",
         "Clean",
         "Compile",

diff --git a/Build/Build.cs b/Build/Build.cs
@@ -3,7 +3,7 @@
 using ricaun.Nuke;
 using ricaun.Nuke.Components;
 
-class Build : NukeBuild, IPublishPack, ICompileExample, ITest, IShowGitVersion, IPrePack
+class Build : NukeBuild, IPublishPack, ICompileExample, ITest, IShowGitVersion, IAzureSignTool, IPrePack
 {
     //bool IPack.UnlistNuget => true;
     bool ITest.TestBuildStopWhenFailed => false;

diff --git a/Build/Build.csproj b/Build/Build.csproj
@@ -18,4 +18,7 @@
   <ItemGroup>
     <ProjectReference Include="..\ricaun.Nuke\ricaun.Nuke.csproj" />
   </ItemGroup>
+
+  <Import Project="..\ricaun.Nuke\build\ricaun.Nuke.targets" />
+
 </Project>
diff --git a/Build/IAzureSignTool.cs b/Build/IAzureSignTool.cs
@@ -0,0 +1,13 @@
+using Nuke.Common;
+using ricaun.Nuke.Components;
+
+public interface IAzureSignTool : IClean, ICompile
+{
+    Target AzureSignTool => _ => _
+        .TriggeredBy(Clean)
+        .Before(Compile)
+        .Executes(() =>
+        {
+            ricaun.Nuke.Tools.AzureSignToolUtils.EnsureAzureToolIsInstalled();
+        });
+}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,8 +4,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [1.9.0] / 2024-12-06
+### Features
+- Enable sign files using `Azure Key Vault`.
+### Build
+- Add `IAzureSignTool` to check if `AzureSignToolUtils` is installed.
+- Add import `build` with `.targets`
+### Updates
+- Add `AzureSignToolUtils` to sign files using `AzureSignToolTasks` or `NuGetKeyVaultSignToolTasks`.
+- Add `NuGetKeyVaultSignTool` for nuke version `8.*`.
+- Add `AzureKeyVaultConfig` with json file with `Azure Key Vault` without secrets.
+- Add `build` with `.targets` to install packages `AzureSignTool` and `NuGetKeyVaultSignTool`.
+
 ## [1.8.2] / 2024-11-20
-### Update
+### Updates
 - Update `Nuke.Common` to `8.1.4`.
 - Update `FileSystemTasks.CopyFileToDirectory` to `AbsolutePathExtensions.CopyToDirectory`.
 - Update `FileSystemTasks.CopyDirectoryRecursively` to `AbsolutePathExtensions.Copy`.
@@ -358,6 +370,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - First Release
 
 [vNext]: ../../compare/1.0.0...HEAD
+[1.9.0]: ../../compare/1.8.2...1.9.0
 [1.8.2]: ../../compare/1.8.1...1.8.2
 [1.8.1]: ../../compare/1.8.0...1.8.1
 [1.8.0]: ../../compare/1.7.4...1.8.0

diff --git a/ricaun.Nuke/Tools/AzureSignToolUtils.cs b/ricaun.Nuke/Tools/AzureSignToolUtils.cs
@@ -0,0 +1,147 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using Nuke.Common.Tools.NuGetKeyVaultSignTool;
+using Nuke.Common.Tools.AzureSignTool;
+using System.IO;
+
+namespace ricaun.Nuke.Tools
+{
+    /// <summary>
+    /// Utility class for working with Azure Sign Tool.
+    /// </summary>
+    public class AzureSignToolUtils
+    {
+        private const string TimestampUrlDefault = "http://timestamp.digicert.com";
+        private const string TimestampDigestDefault = "sha256";
+        private const string NugetPackageExtension = ".nupkg";
+
+        /// <summary>
+        /// Ensures that Azure Sign Tool and NuGet Key Vault Sign Tool are installed.
+        /// </summary>
+        /// <exception cref="Exception">Thrown when the required packages are missing.</exception>
+        public static void EnsureAzureToolIsInstalled()
+        {
+            try
+            {
+                _ = AzureSignToolTasks.AzureSignToolPath;
+                _ = NuGetKeyVaultSignToolTasks.NuGetKeyVaultSignToolPath;
+            }
+            catch (Exception ex)
+            {
+                var packagesToInstall = """
+                    <ItemGroup>
+                      <PackageDownload Include="AzureSignTool" Version="[6.0.0]" />
+                      <PackageDownload Include="NuGetKeyVaultSignTool" Version="[3.2.3]" />
+                    </ItemGroup>
+                    """;
+                throw new Exception($"Missing package reference/download, install the packages in the project: \n{packagesToInstall}", ex);
+            }
+        }
+
+        /// <summary>
+        /// Signs the specified file using Azure Sign Tool or NuGet Key Vault Sign Tool.
+        /// </summary>
+        /// <param name="fileName">The name of the file to sign.</param>
+        /// <param name="azureKeyVaultConfig">The Azure Key Vault configuration.</param>
+        /// <param name="azureKeyVaultClientSecret">The Azure Key Vault client secret.</param>
+        /// <param name="timestampUrlDefault">The default timestamp URL.</param>
+        /// <param name="timestampDigestDefault">The default timestamp digest.</param>
+        public static void Sign(string fileName,
+            AzureKeyVaultConfig azureKeyVaultConfig, string azureKeyVaultClientSecret,
+            string timestampUrlDefault = TimestampUrlDefault,
+            string timestampDigestDefault = TimestampDigestDefault)
+        {
+            if (Path.GetExtension(fileName) == NugetPackageExtension)
+            {
+                NuGetKeyVaultSignToolTasks.NuGetKeyVaultSignTool(x => x
+                    .SetFile(fileName)
+                    .SetKeyVaultCertificateName(azureKeyVaultConfig.AzureKeyVaultCertificate)
+                    .SetKeyVaultUrl(azureKeyVaultConfig.AzureKeyVaultUrl)
+                    .SetKeyVaultClientId(azureKeyVaultConfig.AzureKeyVaultClientId)
+                    .SetKeyVaultTenantId(azureKeyVaultConfig.AzureKeyVaultTenantId)
+                    .SetKeyVaultClientSecret(azureKeyVaultClientSecret)
+                    .SetTimestampRfc3161Url(azureKeyVaultConfig.TimestampUrl ?? timestampUrlDefault)
+                    .SetTimestampDigest(azureKeyVaultConfig.TimestampDigest ?? timestampDigestDefault)
+                );
+                return;
+            }
+
+            AzureSignToolTasks.AzureSignTool(x => x
+                .SetFiles(fileName)
+                .SetKeyVaultCertificateName(azureKeyVaultConfig.AzureKeyVaultCertificate)
+                .SetKeyVaultUrl(azureKeyVaultConfig.AzureKeyVaultUrl)
+                .SetKeyVaultClientId(azureKeyVaultConfig.AzureKeyVaultClientId)
+                .SetKeyVaultTenantId(azureKeyVaultConfig.AzureKeyVaultTenantId)
+                .SetKeyVaultClientSecret(azureKeyVaultClientSecret)
+                .SetTimestampRfc3161Url(azureKeyVaultConfig.TimestampUrl ?? timestampUrlDefault)
+                .SetTimestampDigest(azureKeyVaultConfig.TimestampDigest ?? timestampDigestDefault)
+            );
+        }
+    }
+
+    /// <summary>
+    /// Represents the configuration for Azure Key Vault.
+    /// </summary>
+    public class AzureKeyVaultConfig
+    {
+        /// <summary>
+        /// Gets or sets the Azure Key Vault certificate.
+        /// </summary>
+        public string AzureKeyVaultCertificate { get; set; }
+
+        /// <summary>
+        /// Gets or sets the Azure Key Vault URL.
+        /// </summary>
+        public string AzureKeyVaultUrl { get; set; }
+
+        /// <summary>
+        /// Gets or sets the Azure Key Vault client ID.
+        /// </summary>
+        public string AzureKeyVaultClientId { get; set; }
+
+        /// <summary>
+        /// Gets or sets the Azure Key Vault tenant ID.
+        /// </summary>
+        public string AzureKeyVaultTenantId { get; set; }
+
+        /// <summary>
+        /// Gets or sets the timestamp URL.
+        /// </summary>
+        public string TimestampUrl { get; set; }
+
+        /// <summary>
+        /// Gets or sets the timestamp digest.
+        /// </summary>
+        public string TimestampDigest { get; set; }
+
+        /// <summary>
+        /// Creates an instance of <see cref="AzureKeyVaultConfig"/> from the specified JSON content.
+        /// </summary>
+        /// <param name="jsonContent">The JSON content representing the Azure Key Vault configuration.</param>
+        /// <returns>An instance of <see cref="AzureKeyVaultConfig"/>.</returns>
+        public static AzureKeyVaultConfig Create(string jsonContent)
+        {
+            try
+            {
+                return Newtonsoft.Json.JsonConvert.DeserializeObject<AzureKeyVaultConfig>(jsonContent);
+            }
+            catch { }
+            return default;
+        }
+
+        /// <summary>
+        /// Checks if the Azure Key Vault configuration is valid.
+        /// </summary>
+        /// <returns><c>true</c> if the configuration is valid; otherwise, <c>false</c>.</returns>
+        public bool IsValid()
+        {
+            return !string.IsNullOrEmpty(AzureKeyVaultCertificate) &&
+                   !string.IsNullOrEmpty(AzureKeyVaultUrl) &&
+                   !string.IsNullOrEmpty(AzureKeyVaultClientId) &&
+                   !string.IsNullOrEmpty(AzureKeyVaultTenantId);
+        }
+    }
+}