diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 64fe4f0..745919d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: OIDC Login to Azure if: ${{ env.BUILD_CONFIGURATION == 'Release' }} @@ -39,11 +39,12 @@ jobs: shell: pwsh run: ./build.ps1 -Configuration $env:BUILD_CONFIGURATION -Task Build env: - AZURE_KEYVAULT_NAME: ${{ env.BUILD_CONFIGURATION == 'Release' && secrets.AZURE_KEYVAULT_NAME || '' }} - AZURE_KEYVAULT_CERT: ${{ env.BUILD_CONFIGURATION == 'Release' && secrets.AZURE_KEYVAULT_CERT || '' }} + AZURE_TS_NAME: ${{ env.BUILD_CONFIGURATION == 'Release' && secrets.AZURE_TS_NAME || '' }} + AZURE_TS_PROFILE: ${{ env.BUILD_CONFIGURATION == 'Release' && secrets.AZURE_TS_PROFILE || '' }} + AZURE_TS_ENDPOINT: ${{ env.BUILD_CONFIGURATION == 'Release' && secrets.AZURE_TS_ENDPOINT || '' }} - name: Capture PowerShell Module - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: PSModule path: output/*.nupkg @@ -79,10 +80,10 @@ jobs: version: '7.5.0' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Restore Built PowerShell Module - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v7 with: name: PSModule path: output @@ -98,21 +99,21 @@ jobs: - name: Upload Test Results if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: Unit Test Results (${{ matrix.info.name }}) path: ./output/TestResults/Pester.xml - name: Upload Coverage Results if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: Coverage Results (${{ matrix.info.name }}) path: ./output/TestResults/Coverage.xml - name: Upload Coverage to codecov if: always() - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v5 with: token: ${{ secrets.CODECOV_TOKEN }} files: ./output/TestResults/Coverage.xml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 00064cb..7301f9b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Download - uses: dawidd6/action-download-artifact@v9 + uses: dawidd6/action-download-artifact@v12 with: workflow: ci.yml commit: ${{ github.sha }} diff --git a/tools/InvokeBuild.ps1 b/tools/InvokeBuild.ps1 index 28482b3..63fea07 100644 --- a/tools/InvokeBuild.ps1 +++ b/tools/InvokeBuild.ps1 @@ -63,17 +63,23 @@ task BuildDocs { } task Sign { - $vaultName = $env:AZURE_KEYVAULT_NAME - $vaultCert = $env:AZURE_KEYVAULT_CERT - if (-not $vaultName -or -not $vaultCert) { + $accountName = $env:AZURE_TS_NAME + $profileName = $env:AZURE_TS_PROFILE + $endpoint = $env:AZURE_TS_ENDPOINT + if (-not $accountName -or -not $profileName -or -not $endpoint) { return } - Write-Host "Authenticating with Azure KeyVault '$vaultName' for signing" -ForegroundColor Cyan - $key = Get-OpenAuthenticodeAzKey -Vault $vaultName -Certificate $vaultCert + Write-Host "Authenticating with Azure TrustedSigning $accountName $profileName for signing" -ForegroundColor Cyan + $keyParams = @{ + AccountName = $accountName + ProfileName = $profileName + Endpoint = $endpoint + } + $key = Get-OpenAuthenticodeAzTrustedSigner @keyParams $signParams = @{ Key = $key - TimeStampServer = 'http://timestamp.digicert.com' + TimeStampServer = 'http://timestamp.acs.microsoft.com' } $toSign = Get-ChildItem -LiteralPath $Manifest.ReleasePath -Recurse -ErrorAction SilentlyContinue |