Skip to content

build package

build package #5

Workflow file for this run

name: build package
on:
workflow_dispatch:
inputs:
version:
description: 'release version'
default: "latest"
required: true
skip-publish:
description: 'Skip publishing'
required: true
type: boolean
default: false
dry-run:
description: 'Dry run (simulate)'
required: true
type: boolean
default: true
schedule:
- cron: '32 5 * * 1' # 05:32 AM UTC every Monday
jobs:
preflight:
name: Preflight
runs-on: ubuntu-22.04
outputs:
package-env: ${{ steps.info.outputs.package-env }}
package-version: ${{ steps.info.outputs.package-version }}
skip-publish: ${{ steps.info.outputs.skip-publish }}
dry-run: ${{ steps.info.outputs.dry-run }}
steps:
- name: Package information
id: info
shell: pwsh
run: |
$IsMasterBranch = ('${{ github.ref_name }}' -eq 'master')
$IsScheduledJob = ('${{ github.event_name }}' -eq 'schedule')
if ('${{ github.event_name }}' -Eq 'schedule') {
}
try { $SignNuget = [System.Boolean]::Parse('${{ inputs.sign-nuget }}') } catch { $SignNuget = $false }
try { $SkipPublish = [System.Boolean]::Parse('${{ inputs.skip-publish }}') } catch { $SkipPublish = $false }
try { $DryRun = [System.Boolean]::Parse('${{ inputs.dry-run }}') } catch { $DryRun = $true }
$PackageEnv = if ($IsMasterBranch -And -Not $IsScheduledJob) {
"publish-prod"
} else {
"publish-test"
}
if (-Not $IsMasterBranch) {
$DryRun = $true # force dry run when not on master branch
}
if ($IsScheduledJob) {
$DryRun = $true # force dry run for scheduled runs
}
$PackageVersion = '${{ inputs.version }}'
if ([string]::IsNullOrEmpty($PackageVersion) -or $PackageVersion -eq 'latest') {
$PackageVersion = (Get-Date -Format "yyyy.MM.dd") + ".0"
}
if ($PackageVersion -NotMatch '^\d+\.\d+\.\d+\.\d+$') {
throw "invalid version format: $PackageVersion, expected: 1.2.3.4"
}
echo "package-env=$PackageEnv" >> $Env:GITHUB_OUTPUT
echo "package-version=$PackageVersion" >> $Env:GITHUB_OUTPUT
echo "skip-publish=$($SkipPublish.ToString().ToLower())" >> $Env:GITHUB_OUTPUT
echo "dry-run=$($DryRun.ToString().ToLower())" >> $Env:GITHUB_OUTPUT
echo "::notice::Version: $PackageVersion"
echo "::notice::DryRun: $DryRun"
build-nuget:
name: Build nuget
runs-on: windows-2022
needs: [preflight]
environment: ${{ needs.preflight.outputs.package-env }}
steps:
- name: Check out ${{ github.repository }}
uses: actions/checkout@v4
- name: Configure runner
shell: pwsh
run: |
New-Item .\package -ItemType Directory -ErrorAction SilentlyContinue | Out-Null
- name: Install code signing tools
run: |
dotnet tool install --global AzureSignTool
# trust test code signing CA
$TestCertsUrl = "https://raw.githubusercontent.com/Devolutions/devolutions-authenticode/master/data/certs"
Invoke-WebRequest -Uri "$TestCertsUrl/authenticode-test-ca.crt" -OutFile ".\authenticode-test-ca.crt"
Import-Certificate -FilePath ".\authenticode-test-ca.crt" -CertStoreLocation "cert:\LocalMachine\Root"
Remove-Item ".\authenticode-test-ca.crt" -ErrorAction SilentlyContinue | Out-Null
- name: Set package version
shell: pwsh
run: |
$PackageVersion = '${{ needs.preflight.outputs.package-version }}'
$csprojPath = "src\Devolutions.MacOS.Avalonia.Theme\Devolutions.MacOS.Avalonia.Theme.csproj"
$csprojContent = Get-Content $csprojPath -Raw
$csprojContent = $csprojContent -Replace '(<Version>).*?(</Version>)', "<Version>$PackageVersion</Version>"
Set-Content -Path $csprojPath -Value $csprojContent -Encoding UTF8
- name: Build nuget package
shell: pwsh
run: |
& dotnet pack .\src\Devolutions.MacOS.Avalonia.Theme -o package
- name: Code sign nuget contents
shell: pwsh
run: |
Set-PSDebug -Trace 1
$NugetBaseName = $(Get-Item ./package/*.nupkg).BaseName
$PackedFile = "./package/${NugetBaseName}.nupkg"
$UnpackedDir = "./package/${NugetBaseName}"
$OutputDirectory = $(Get-Item $PackedFile).Directory.FullName
Expand-Archive -Path $PackedFile -Destination $UnpackedDir -Force
$Params = @('sign',
'-kvt', '${{ secrets.AZURE_TENANT_ID }}',
'-kvu', '${{ secrets.CODE_SIGNING_KEYVAULT_URL }}',
'-kvi', '${{ secrets.CODE_SIGNING_CLIENT_ID }}',
'-kvs', '${{ secrets.CODE_SIGNING_CLIENT_SECRET }}',
'-kvc', '${{ secrets.CODE_SIGNING_CERTIFICATE_NAME }}',
'-tr', '${{ vars.CODE_SIGNING_TIMESTAMP_SERVER }}',
'-v')
Get-ChildItem "$UnpackedDir\lib" -Include @("*.dll") -Recurse | ForEach-Object {
AzureSignTool @Params $_.FullName
}
Remove-Item $PackedFile -ErrorAction SilentlyContinue | Out-Null
Compress-Archive -Path "$UnpackedDir\*" -Destination $PackedFile -CompressionLevel Optimal
- name: Upload nuget package
uses: actions/[email protected]
with:
name: MsRdpEx-nupkg
path: package/*.nupkg
publish:
name: Publish packages
runs-on: ubuntu-22.04
needs: [preflight, build-nuget]
environment: ${{ needs.preflight.outputs.package-env }}
if: ${{ fromJSON(needs.preflight.outputs.skip-publish) == false }}
steps:
- name: Download nuget package
uses: actions/download-artifact@v4
with:
name: MsRdpEx-nupkg
path: package
- name: Publish to nuget.org
shell: pwsh
run: |
$DryRun = [System.Boolean]::Parse('${{ needs.preflight.outputs.dry-run }}')
$NugetPackage = (Get-Item ./package/*.nupkg) | Resolve-Path -Relative
$PushArgs = @(
'nuget', 'push', "$NugetPackage",
'--api-key', '${{ secrets.NUGET_API_KEY }}',
'--source', 'https://api.nuget.org/v3/index.json',
'--skip-duplicate', '--no-symbols'
)
Write-Host "dotnet $($PushArgs -Join ' ')"
if ($DryRun) {
Write-Host "Dry Run: skipping nuget.org publishing!"
} else {
& 'dotnet' $PushArgs
}
- name: Create GitHub release
shell: pwsh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
working-directory: package
run: |
$PackageVersion = '${{ needs.preflight.outputs.package-version }}'
$DryRun = [System.Boolean]::Parse('${{ needs.preflight.outputs.dry-run }}')
$HashPath = 'checksums'
$Files = Get-Item * | % { Get-FileHash -Algorithm SHA256 $_.FullName }
$Files | % { "$($_.Hash) $(Split-Path $_.Path -Leaf)" } | Out-File -FilePath $HashPath -Append -Encoding ASCII
echo "::group::checksums"
Get-Content $HashPath
echo "::endgroup::"
$ReleaseTag = "v$PackageVersion"
$ReleaseTitle = "Devolutions Avalonia Themes v${PackageVersion}"
$Repository = $Env:GITHUB_REPOSITORY
if ($DryRun) {
Write-Host "Dry Run: skipping GitHub release!"
} else {
& gh release create $ReleaseTag --repo $Repository --title $ReleaseTitle ./*
}