* chore: add initial impl of `debian-devel` script
Signed-off-by: Babak K. Shandiz <babakks@github.com>
* temp: create archive-keyring package in progress
Signed-off-by: Babak K. Shandiz <babakks@github.com>
* fix: add archive-keyring package to apt repo
Signed-off-by: Babak K. Shandiz <babakks@github.com>
* fix: add `newkey` and `deprecate` steps
Signed-off-by: Babak K. Shandiz <babakks@github.com>
* fix: remove redundant assignment
Signed-off-by: Babak K. Shandiz <babakks@github.com>
* fix: make archive-keyring arch neutral
Signed-off-by: Babak K. Shandiz <babakks@github.com>
* Polish Debian devel experience
These changes are focused on polishing the user experience around the new Debian development script:
1. Make important details of the process easier to see with spacing and formatting
2. Remove artifact directory prompting for default directory
3. Start within /root directory of container
4. Display message of the day instructing user on commands
5. Prompt users during docker setup when container is running
6. Update help usage with more details of targets
* Remove unnecessary docblock
Now that the help usage, docker setup, and other targets guide users to the next step, the docblock explaining how to run the script are unnecessary.
* fix: improve docs and handling of variables
Signed-off-by: Babak K. Shandiz <babakks@github.com>
---------
Signed-off-by: Babak K. Shandiz <babakks@github.com>
Co-authored-by: Andy Feller <andyfeller@github.com>
This commit introduces the use of `go-licenses` within CI/CD and manual processes for generating / updating the license information used by GitHub CLI including the code required by license to be redistributed.
During GitHub CLI pull requests, the `lint` workflow will notify users if this information is not updated.
This applies the changes from the separate Windows HSM signing prototype development to the official deployment workflow including:
1. Use of Azure Code Signing client
2. Sourcing signtool.exe from runner
3. Moving from batch to PowerShell for Windows signing script
4. Using the same signing process for .exe and .msi
Workflow is currently breaking because there are multiple versions of signtool
installed on runners. We face a challenge where we either hardcode this to a
specific version on the runner or always choose the latest version; this change
does the latter.
This update leverages GitHub Desktop approach of downloading Azure Code Signing DLL and wiring it up as part of the existing signing process used by Windows builds.
This commit is an initial prototype based on the deployment workflow, using the
Azure Code Signing service to sign Windows .exe and .msi files.
These changes have been isolated as much as possible to not affect existing
deployment workflows while also working around design issues with how GitHub
CLI workflow works with GoReleaser and now with ACS support. The biggest smell
was over whether to break from using GoReleaser or have GoReleaser control as
much about the release process as it has been versus opening / signing /
archiving the resulting GoReleaser artifacts; needless to say, the latter was
chosen for expedience as well as leaning into officially supported solutions.
