Push to CI feed (#1585) #13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Package | |
on: | |
push: | |
branches: | |
- 'main' | |
- 'release/*' | |
pull_request: | |
branches: | |
- 'main' | |
- 'release/*' | |
release: | |
types: [published] | |
jobs: | |
pack: | |
name: "Pack" | |
runs-on: windows-latest | |
env: | |
Configuration: Release | |
ProjectLoadStyle: All | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Install .NET Core | |
uses: actions/setup-dotnet@v3 | |
with: | |
dotnet-version: 6.x | |
- name: Install .NET Core from global.json | |
uses: actions/setup-dotnet@v3 | |
- name: Install GitVersion | |
uses: gittools/actions/gitversion/setup@v0.9.15 | |
with: | |
# v5.10.0 of GitVersion has a fix for incorrect versions when building tags. See https://github.com/GitTools/GitVersion/issues/2838 | |
# It appears that the fix then had a regression in a later version, so locking in 5.10.0. See https://github.com/GitTools/GitVersion/issues/3351#issuecomment-1403657689 | |
versionSpec: '5.10.0' | |
- name: Determine Version | |
uses: gittools/actions/gitversion/execute@v0 | |
with: | |
useConfigFile: true | |
- name: Display GitVersion variables (with prefix) | |
run: | | |
echo "Major: ${{ env.GitVersion_Major }}" | |
echo "Minor: ${{ env.GitVersion_Minor }}" | |
echo "Patch: ${{ env.GitVersion_Patch }}" | |
echo "PreReleaseTag: ${{ env.GitVersion_PreReleaseTag }}" | |
echo "PreReleaseTagWithDash: ${{ env.GitVersion_PreReleaseTagWithDash }}" | |
echo "PreReleaseLabel: ${{ env.GitVersion_PreReleaseLabel }}" | |
echo "PreReleaseNumber: ${{ env.GitVersion_PreReleaseNumber }}" | |
echo "WeightedPreReleaseNumber: ${{ env.GitVersion_WeightedPreReleaseNumber }}" | |
echo "BuildMetaData: ${{ env.GitVersion_BuildMetaData }}" | |
echo "BuildMetaDataPadded: ${{ env.GitVersion_BuildMetaDataPadded }}" | |
echo "FullBuildMetaData: ${{ env.GitVersion_FullBuildMetaData }}" | |
echo "MajorMinorPatch: ${{ env.GitVersion_MajorMinorPatch }}" | |
echo "SemVer: ${{ env.GitVersion_SemVer }}" | |
echo "LegacySemVer: ${{ env.GitVersion_LegacySemVer }}" | |
echo "LegacySemVerPadded: ${{ env.GitVersion_LegacySemVerPadded }}" | |
echo "AssemblySemVer: ${{ env.GitVersion_AssemblySemVer }}" | |
echo "AssemblySemFileVer: ${{ env.GitVersion_AssemblySemFileVer }}" | |
echo "FullSemVer: ${{ env.GitVersion_FullSemVer }}" | |
echo "InformationalVersion: ${{ env.GitVersion_InformationalVersion }}" | |
echo "BranchName: ${{ env.GitVersion_BranchName }}" | |
echo "EscapedBranchName: ${{ env.GitVersion_EscapedBranchName }}" | |
echo "Sha: ${{ env.GitVersion_Sha }}" | |
echo "ShortSha: ${{ env.GitVersion_ShortSha }}" | |
echo "NuGetVersionV2: ${{ env.GitVersion_NuGetVersionV2 }}" | |
echo "NuGetVersion: ${{ env.GitVersion_NuGetVersion }}" | |
echo "NuGetPreReleaseTagV2: ${{ env.GitVersion_NuGetPreReleaseTagV2 }}" | |
echo "NuGetPreReleaseTag: ${{ env.GitVersion_NuGetPreReleaseTag }}" | |
echo "VersionSourceSha: ${{ env.GitVersion_VersionSourceSha }}" | |
echo "CommitsSinceVersionSource: ${{ env.GitVersion_CommitsSinceVersionSource }}" | |
echo "CommitsSinceVersionSourcePadded: ${{ env.GitVersion_CommitsSinceVersionSourcePadded }}" | |
echo "UncommittedChanges: ${{ env.GitVersion_UncommittedChanges }}" | |
echo "CommitDate: ${{ env.GitVersion_CommitDate }}" | |
- name: Restore | |
run: dotnet restore --verbosity normal | |
- name: Build | |
run: dotnet build --no-restore --verbosity normal | |
- name: Pack | |
run: dotnet pack --no-build | |
- name: Upload | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Unsigned | |
path: "bin/${{ env.Configuration }}/packages/shipping/*" | |
sign: | |
name: "Sign Package" | |
if: github.event_name != 'pull_request' | |
needs: [pack] | |
runs-on: windows-latest | |
steps: | |
- name: Install .NET Core | |
uses: actions/setup-dotnet@v3 | |
with: | |
dotnet-version: 6.0.x | |
- name: Install SignTool tool | |
run: dotnet tool install --tool-path . sign --version 0.9.0-beta.23127.3 | |
- name: Install Nuget Sign Tool | |
run: dotnet tool install --global NuGetKeyVaultSignTool | |
- name: Download Unsigned Packages | |
uses: actions/download-artifact@v3 | |
with: | |
name: Unsigned | |
path: '${{ github.workspace }}/unsigned' | |
- name: Expand Packages For Signing | |
shell: pwsh | |
run: | | |
cd ${{ github.workspace }}/unsigned | |
mkdir raw | |
cd raw | |
gci ..\*.nupkg | % { Expand-Archive $_ } | |
cd ..\.. | |
gci -r | |
- name: Sign the DLLs | |
shell: pwsh | |
run: > | |
./sign code azure-key-vault **/DocumentFormat.OpenXml*.dll --base-directory "${{ github.workspace }}/unsigned/raw" --publisher-name "Microsoft" --description "DocumentFormat.OpenXml DLL Signing" --description-url https://github.com/dotnet/sign --azure-key-vault-tenant-id "${{ secrets.SignTenantId }}" --azure-key-vault-client-id "${{ secrets.SignClientId }}" --azure-key-vault-client-secret "${{ secrets.SignClientSecret }}" --azure-key-vault-certificate "${{ secrets.SignKeyVaultCertificate }}" --azure-key-vault-url "${{ secrets.SignKeyVaultUrl }}" | |
- name: Create Signed NUPKG | |
shell: pwsh | |
run: | | |
cd ${{ github.workspace }}/unsigned/raw | |
gci -r CodeSignSummary | rm | |
gci -Directory | % { [IO.Compression.ZipFile]::CreateFromDirectory($_, "$_.nupkg") } | |
gci | |
- name: Sign the NUPKGs | |
shell: pwsh | |
run: > | |
./sign code azure-key-vault | |
*.nupkg | |
--base-directory "${{ github.workspace }}/unsigned/raw" | |
--publisher-name "Microsoft" | |
--description "DocumentFormat.OpenXml DLL Signing" | |
--description-url "https://github.com/dotnet/sign" | |
--azure-key-vault-tenant-id "${{ secrets.SignTenantId }}" | |
--azure-key-vault-client-id "${{ secrets.SignClientId }}" | |
--azure-key-vault-client-secret "${{ secrets.SignClientSecret }}" | |
--azure-key-vault-certificate "${{ secrets.SignKeyVaultCertificate }}" | |
--azure-key-vault-url "${{ secrets.SignKeyVaultUrl }}" | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: Signed | |
path: | | |
${{ github.workspace }}\unsigned\*.snupkg | |
${{ github.workspace }}\unsigned\raw\*.nupkg | |
CI: | |
name: "Push to CI feed" | |
needs: [sign] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install .NET Core | |
uses: actions/setup-dotnet@v3 | |
- name: Download Packages | |
uses: actions/download-artifact@v3 | |
with: | |
name: Signed | |
path: '${{ github.workspace }}/packages' | |
- name: Push to CI feed | |
env: | |
SLEET_FEED_TYPE: azure | |
SLEET_FEED_CONTAINER: feed | |
SLEET_FEED_CONNECTIONSTRING: ${{secrets.SLEET_CONNECTIONSTRING}} | |
run: | | |
cd $GITHUB_WORKSPACE/packages | |
dotnet tool install -g sleet | |
sleet push . --skip-existing | |
releaseInfo: | |
name: Release Info | |
runs-on: windows-latest | |
steps: | |
- name: Get Release Info | |
run: > | |
echo ${{ github.event_name == 'release' }} >> release-info.txt | |
- name: Upload Release Info | |
uses: actions/upload-artifact@v3 | |
with: | |
name: release-info | |
path: release-info.txt |