Release GCM 2.5 by mjcheetham · Pull Request #1587 · git-ecosystem/git-credential-manager (original) (raw)

and others added 30 commits

November 7, 2023 15:15

This lack of space breaks the script on some less featured shells. This commit fixes it

Avalonia 11 automatically generates some view codes.

Properties for controls with x:Name or Name.
InitializeComponent() method to initialize such properties.
DevTools for debug builds.

This change uses such generated codes in views and reduces manual efforts. The names of the controls are changed to start with underscore, so that the generated property names align with the naming style in this project.

Fix a bug in the Azure Repos host provider that prevented the Azure DevOps organisation name from being pulled from the userinfo part of the remote URL.

When creating the remote URL from Git input in multiple places we had not been preserving the userinfo part that was subsequently passed to the CreateOrganizationUri helper method to extract the org URL.

Also add an additional test for PAT mode to cover this use case.

Fix a bug in the Azure Repos host provider that prevented the Azure DevOps organisation name from being pulled from the userinfo part of the remote URL.

Also add an additional test for PAT mode to cover this use case.

Fixes #1520

Add documentation about Managed Identities and Service Principals for Azure Repos; how to configure them and use them with GCM.

This will be useful for those that wish to adopt them as alternatives to PATs or other automated auth systems.

Do not attempt to query for an organisation/user binding in the local repository configuration if we're not currently inside of a repository!

This will prevent the warning message from Git's standard error stream from flowing to our caller's stderr stream when GCM tries to use the --local option in a git config call.

Do not attempt to query for an organisation/user binding in the local repository configuration if we're not currently inside of a repository!

This will prevent the warning message from Git's standard error stream from flowing to our caller's stderr stream when GCM tries to use the --local option in a git config call.

cc @markphip

Migrate .NET tool from using ESRP to using the Sign CLI tool for signing. This tool is a fork of [1] that was set up to support Trusted Signing (previously known as Azure Code Signing).

1: https://github.com/dotnet/sign

Remove ESRP-related scripts, as we are no longer using this tool for signing.

Summary

This PR updates .NET tool payload/package signing to use the Sign CLI tool instead of ESRP. The most significant changes include the addition of a new step to download/extract the Sign CLI tool from Azure Blob Storage, the modification of signing steps to use the downloaded tool, and the removal of ESRP-related scripts.

Benefits

Migrating away from ESRP comes with the following major benefits:

ESRP was designed for signing large-scale applications like Windows and Office, not lightweight OSS like GCM. Thus, we were somewhat abusing the ESRP service to make it work for our use case. Azure Trusted Signing (previously known as Azure Code Signing) fully supports our needs out of the box.
Speed - the end-to-end test runs I have completed have been running in about half the time of the workflow that was using ESRP (~10 minutes instead of ~20 minutes 🎉).

Testing

I have successfully completed two end-to-end runs of the release workflow with these updates in my fork.

Details

Changes to the release workflow:

.github/workflows/release.yml: Zipping/unzipping steps for the unsigned payload and package were removed. The setup and running of the ESRP client were replaced with the downloading and extraction of the Sign CLI tool and the signing of the payload and package using this tool.

Scripts removed:

.github/run_esrp_signing.py: The entire Python script for running the ESRP client has been removed.
.github/set_up_esrp.ps1: The PowerShell script for setting up the ESRP client has been removed.

Update the target framework version for Mac and Linux to .NET 8, which is the latest LTS. .NET 7 is leaving support on 2024-05-14 so we need to do this.

Windows is not being updated at this time due our courtesy to Visual Studio (that bundle the same GCM version across all their versions) who need Windows 8.x support until.. 2029... 😢 and Windows 10 is required for .NET (Core) 8.

I plan to revisit the .NET Framework to Core on Windows effort after a discussion with the VS team at Microsoft.

Update the install from source script on Linux to install the .NET 8 SDK.

The version of libssl available in the Alpine package feeds changed with version 3.15. The latest libssl package is 1.1 in 3.14.x and earlier, but newer versions only have libssl3.

Add a check for the Alpine version in the install from source script and switch between installing libssl3 and libssl1.1 depending on the distro version.

Also add another entry to the test matrix of distributions to include a 3.14.x Alpine version.

Suppress the standard error stream from Git when checking if we're inside a repository or not, because the failure message is otherwise printed to the user's console when we are not (which is what we're trying to decide!).

Note that we normally don't suppress or redirect the standard error stream for Git commands as the user may have enabled Git tracing (v1 or v2) to the stderr file and we don't want to mute these for all calls.

Example before:

% pwd
/Users/mjcheetham
% gcm azure-repos list
fatal: not a git repository (or any of the parent directories): .git
devdiv:
  (global) -> USER@DOMAIN

Example now:

% pwd
/Users/mjcheetham
% gcm azure-repos list
devdiv:
  (global) -> USER@DOMAIN

The version of libssl available in the Alpine package feeds changed with version 3.15. The latest libssl package is 1.1 in 3.14.x and earlier, but newer versions only have libssl3.

Add a check for the Alpine version in the install from source script and switch between installing libssl3 and libssl1.1 depending on the distro version.

Also add another entry to the test matrix of distributions to include a 3.14.x Alpine version.

This replaces the two other PRs that aimed to address this issue:

#1535
#1574

Tested the updated workflow here: https://github.com/git-ecosystem/git-credential-manager/actions/runs/8698286553/job/23855027830

Preparing for 2.5 release; update the version number.

vdye approved these changes Apr 16, 2024

This was referenced

Sep 18, 2024

This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters

[ Show hidden characters]({{ revealButtonHref }})