Pump Release 6.2.0

moh-hassan · Oct 26, 2023 · c0e1853 · c0e1853
1 parent 6780c1f
commit c0e1853
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 90 deletions.
diff --git a/README.md b/README.md
@@ -16,44 +16,11 @@ POCO classes can be used in a typed RESTful client OData services. Code generati
 
 -----------
 
-# Announcing new Release: V6.1.0
-## What�s New in v6.1.0:
-- New Feature: Gzip encoded content [#48](https://github.com/moh-hassan/odata2poco/issues/48) by @DerekGn. Allow reading SAP metadata compressed as gzip.
-
-## What�s New in v6.0.0:
-
-**Code Generation**
-- A new powerful option ```--att-defs``` allows you to dynamically generate attributes for c# classes and properties using a simple text file that contains your template with expressions. These expressions are valid C# code that can utilize C# string functions and other built-in extension methods. You can also filter on classes and properties to apply the attributes selectively.
-
-- Add comments to the header of c# class to mark the openType classes or Entity Types: EntitySet or Complex type.
-
-**Security**
-
-- Password/secret token  are encrypted when read from commandLine/file and it's stored in a SecuredContainer.
-- Reading password from keyboard and Encrypted then stored in a SecuredContainer.
-
-**User Experience**
-
-- Load option and arguments of commandLine from a text configuration File.
-- Reading value of any option in the commandLine from file.
-- Support repeating options in the commandLine for sequence args.
-
-**Http Connection**
-
-- New Option: Allow setting of SSL/TLS protocols.
-- New option: Allow to Skip Certification Check in http connection.  
-- New Option: Allow to specify Http header in Odata http connection with the computing of base64.
-
-
-
-**Enhancement**
-- Set exit codes to be positive number to match Linux standard.
-- Centeralizing packages and update all packages to the last version including Newtonsoft.Json to 13.0.3
-
-Try the new version and let me know your feedback. 
-
-[How to use the new v6.0](https://github.com/moh-hassan/odata2poco/wiki/v6_0_0_how_to)
-
+# Announcing new Release: V6.2.0 
+## What is New in v6.2.0:
+- New Feature: The application  `o2pgen.exe` and all `odata2poco.xxx.nupkg` packages are signed. 
+Code signing is applied only to odata2poco project code in the [odata2poco repository](https://github.com/moh-hassan/odata2poco) and built on AppVeyor.   
+   [Read Code Signing Policy](#code-signing-policy)
 ------------ 
 
 ## Development packages

diff --git a/ReleaseNotes.md b/ReleaseNotes.md
@@ -1,5 +1,15 @@
 # OData2Poco 
 
+## Version 6.2.0
+**Release Date:**  OCT 26, 2023
+- New Feature:  The application  `o2pgen.exe` and all `odata2poco.xxx.nupkg` packages are signed. 
+Code signing is applied only to odata2poco project code in the [odata2poco repository](https://github.com/moh-hassan/odata2poco) and built on AppVeyor.  
+The odata2poco.xxx.nupkg packages contain third-party libraries used by odata2poco, which may or may not be signed.  
+
+The project uses the free code signing provided by [SignPath.io](https://signpath.io?utm_source=foundation&utm_medium=github&utm_campaign=odata2poco), and a certificate by the [SignPath Foundation](https://signpath.org?utm_source=foundation&utm_medium=github&utm_campaign=odata2poco).
+
+Thanks to  [SignPath.io](https://signpath.io?utm_source=foundation&utm_medium=github&utm_campaign=odata2poco) and Thanks to @Paul Savoie for help and support.
+
 ## Version 6.1.0
 **Release Date:**  SEP 9, 2023
 - New Feature: Gzip encoded content #48 by @DerekGn. Allow reading SAP metadata compressed as gzip.

diff --git a/appveyor.yml b/appveyor.yml
@@ -1,19 +1,33 @@
 
-#nuget version is nly changed by  RELEASE TAG 
+#nuget version is only changed by  RELEASE TAG 
 version: 6.2.0-dev-{build} 
 
 image: Visual Studio 2022
+
+# Set the signing policy slug according to branch
+environment:
+  SIGNPATH_SIGNING_POLICY_SLUG: test-signing
+  ARTIFACT_CONFIGURATION_SLUG: o2p2
+  SIGNPATH_PROJECT_SLUG : odata2poco 
+
+
 pull_requests:
   do_not_increment_build_number: false
 
 init:
   - ps: |
       git config --global core.autocrlf input
       $env:CAN_PUBLISH = $true
+      $env:O2P_VERSION = $env:APPVEYOR_BUILD_VERSION
+      Write-Host "APPVEYOR_BUILD_VERSION='$env:APPVEYOR_BUILD_VERSION'" -ForegroundColor Yellow      
 
       if ($env:APPVEYOR_REPO_TAG -eq "true") {
+        $env:SIGNPATH_SIGNING_POLICY_SLUG = 'release-signing'
         $ver = $env:APPVEYOR_REPO_TAG_NAME
-        if($ver.StartsWith("v") -eq $true) { $ver = $ver.Substring(1) }
+        if($ver.StartsWith("v") -eq $true) { 
+          $ver = $ver.Substring(1) 
+          $env:O2P_VERSION = $ver
+        }
         try
         {         
           Update-AppveyorBuild -Version $ver 
@@ -59,62 +73,26 @@ after_test:
     $allow_push=$env:APPVEYOR_REPO_TAG -eq "true"
     .\scripts\build_choco $version $allow_push
 - ps: .\scripts\checksum.ps1 $env:APPVEYOR_BUILD_VERSION
+-  7z a -tzip .\build\odata2poco-%O2P_VERSION%-unsigned.zip .\build\*.nupkg  .\build\*.snupkg  .\build\*.exe .\chocolatey\*.nupkg   
 
-artifacts:
-- path: .\build\OData2Poco.dotnet.o2pgen*.nupkg
-  name: global_tool
-- path: .\build\o2pgen.exe
-  name: o2p_exe
-- path: .\build\OData2Poco.CommandLine.*.nupkg
-  name: o2pgen
-- path: .\build\OData2Poco.*.nupkg
-  name: lib
-- path: '.\build\OData2Poco.*.snupkg'
-  name: symbol   
-- path: '.\chocolatey\*.nupkg'
-  name: choco_pkg 
-- path: .\build\schecksum256-*.txt
-  name: sha256    
+artifacts: 
+- path: .\build\odata2poco-%O2P_VERSION%-unsigned.zip
+  name: o2p_zip   
 
-deploy:
 
-#chocolatey    
-- provider: NuGet
-  server: https://push.chocolatey.org   
-  api_key:
-    secure: CUR2VQy2d8EeiFJ//LEcn7BJrbXjVhuAi4Te/7Vtn3kpzA2LSHInh21H3Z38H57Q
-  on:
-    APPVEYOR_REPO_TAG: true # Deploy on tag push only.
-    # branch: master          # Release from master branch only.
-  artifact: choco_pkg
-
-# Nuget
-- provider: NuGet
-  api_key:
-    secure: XBvbm69UE+d1cuM8+VBfwMyjHDcAa79w0TBygcZsPZcl88AaLKN1EvI7KI8/K9Am
-  on:
-    APPVEYOR_REPO_TAG: true # Deploy on tag push only.
-    # branch: master          # Release from master branch only.
-  artifact: global_tool,o2pgen,lib,symbol
-
+deploy:
 #Github    
 - provider: GitHub
   auth_token:
      secure: sB33uLo96nR+LGmYLdPmY/segb6d4O061N2e8Nbz6iyHg82D0RysMxWE5JKnXmU+
-  artifact: /.*(\.|\.s)nupkg|o2p_exe|sha256/            
+  artifact: o2p_zip          
   prerelease: false  
-  on:
+  draft: true
+  on:  
     APPVEYOR_REPO_TAG: true
-
-# myget
-- provider: NuGet
-  server: https://www.myget.org/F/odata2poco/api/v2/package
-  api_key:
-    secure: QAHjX2gqddFX2cNhMNqweMTGQ89q++ezKnQvdAcinY5D1rwbj2vkWeFsTykm4koA
-  symbol_server: https://www.myget.org/F/odata2poco/api/v2/package
-  on:    
-    branch: develop          
-  artifact: global_tool,o2pgen,lib,symbol,choco_pkg
-
-
-
+
+- provider: Webhook
+  url: https://app.signpath.io/API/v1/%SIGNPATH_ORGANIZATION_ID%/Integrations/AppVeyor?ProjectSlug=%SIGNPATH_PROJECT_SLUG%&SigningPolicySlug=%SIGNPATH_SIGNING_POLICY_SLUG%&ArtifactConfigurationSlug=%ARTIFACT_CONFIGURATION_SLUG%
+  authorization: 'Bearer %SIGNPATH_CI_USER_TOKEN%'  
+  on:
+     APPVEYOR_REPO_TAG: true