build package #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build package | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: 'release version' | |
default: "latest" | |
required: true | |
skip-publish: | |
description: 'Skip publishing' | |
required: true | |
type: boolean | |
default: false | |
dry-run: | |
description: 'Dry run (simulate)' | |
required: true | |
type: boolean | |
default: true | |
schedule: | |
- cron: '32 5 * * 1' # 05:32 AM UTC every Monday | |
jobs: | |
preflight: | |
name: Preflight | |
runs-on: ubuntu-22.04 | |
outputs: | |
package-env: ${{ steps.info.outputs.package-env }} | |
package-version: ${{ steps.info.outputs.package-version }} | |
skip-publish: ${{ steps.info.outputs.skip-publish }} | |
dry-run: ${{ steps.info.outputs.dry-run }} | |
steps: | |
- name: Package information | |
id: info | |
shell: pwsh | |
run: | | |
$IsMasterBranch = ('${{ github.ref_name }}' -eq 'master') | |
$IsScheduledJob = ('${{ github.event_name }}' -eq 'schedule') | |
try { $SkipPublish = [System.Boolean]::Parse('${{ inputs.skip-publish }}') } catch { $SkipPublish = $false } | |
try { $DryRun = [System.Boolean]::Parse('${{ inputs.dry-run }}') } catch { $DryRun = $true } | |
$PackageEnv = if ($IsMasterBranch -And -Not $IsScheduledJob) { | |
"publish-prod" | |
} else { | |
"publish-test" | |
} | |
if ((-Not $IsMasterBranch) -or $IsScheduledJob) { | |
$DryRun = $true # force dry run | |
} | |
$PackageVersion = '${{ inputs.version }}' | |
if ([string]::IsNullOrEmpty($PackageVersion) -or $PackageVersion -eq 'latest') { | |
$PackageVersion = (Get-Date -Format "yyyy.MM.dd") + ".0" | |
} | |
if ($PackageVersion -NotMatch '^\d+\.\d+\.\d+\.\d+$') { | |
throw "invalid version format: $PackageVersion, expected: 1.2.3.4" | |
} | |
echo "package-env=$PackageEnv" >> $Env:GITHUB_OUTPUT | |
echo "package-version=$PackageVersion" >> $Env:GITHUB_OUTPUT | |
echo "skip-publish=$($SkipPublish.ToString().ToLower())" >> $Env:GITHUB_OUTPUT | |
echo "dry-run=$($DryRun.ToString().ToLower())" >> $Env:GITHUB_OUTPUT | |
echo "::notice::Version: $PackageVersion" | |
echo "::notice::DryRun: $DryRun" | |
build-nuget: | |
name: Build nuget | |
runs-on: windows-2022 | |
needs: [preflight] | |
environment: ${{ needs.preflight.outputs.package-env }} | |
steps: | |
- name: Check out ${{ github.repository }} | |
uses: actions/checkout@v4 | |
- name: Configure runner | |
shell: pwsh | |
run: | | |
New-Item .\package -ItemType Directory -ErrorAction SilentlyContinue | Out-Null | |
- name: Install code signing tools | |
run: | | |
dotnet tool install --global AzureSignTool | |
# trust test code signing CA | |
$TestCertsUrl = "https://raw.githubusercontent.com/Devolutions/devolutions-authenticode/master/data/certs" | |
Invoke-WebRequest -Uri "$TestCertsUrl/authenticode-test-ca.crt" -OutFile ".\authenticode-test-ca.crt" | |
Import-Certificate -FilePath ".\authenticode-test-ca.crt" -CertStoreLocation "cert:\LocalMachine\Root" | |
Remove-Item ".\authenticode-test-ca.crt" -ErrorAction SilentlyContinue | Out-Null | |
- name: Set package version | |
shell: pwsh | |
run: | | |
$PackageVersion = '${{ needs.preflight.outputs.package-version }}' | |
$csprojPath = "src\Devolutions.MacOS.Avalonia.Theme\Devolutions.MacOS.Avalonia.Theme.csproj" | |
$csprojContent = Get-Content $csprojPath -Raw | |
$csprojContent = $csprojContent -Replace '(<Version>).*?(</Version>)', "<Version>$PackageVersion</Version>" | |
Set-Content -Path $csprojPath -Value $csprojContent -Encoding UTF8 | |
- name: Build nuget package | |
shell: pwsh | |
run: | | |
& dotnet pack .\src\Devolutions.MacOS.Avalonia.Theme -o package | |
- name: Code sign nuget contents | |
shell: pwsh | |
run: | | |
Set-PSDebug -Trace 1 | |
$NugetBaseName = $(Get-Item ./package/*.nupkg).BaseName | |
$PackedFile = "./package/${NugetBaseName}.nupkg" | |
$UnpackedDir = "./package/${NugetBaseName}" | |
$OutputDirectory = $(Get-Item $PackedFile).Directory.FullName | |
Expand-Archive -Path $PackedFile -Destination $UnpackedDir -Force | |
$Params = @('sign', | |
'-kvt', '${{ secrets.AZURE_TENANT_ID }}', | |
'-kvu', '${{ secrets.CODE_SIGNING_KEYVAULT_URL }}', | |
'-kvi', '${{ secrets.CODE_SIGNING_CLIENT_ID }}', | |
'-kvs', '${{ secrets.CODE_SIGNING_CLIENT_SECRET }}', | |
'-kvc', '${{ secrets.CODE_SIGNING_CERTIFICATE_NAME }}', | |
'-tr', '${{ vars.CODE_SIGNING_TIMESTAMP_SERVER }}', | |
'-v') | |
Get-ChildItem "$UnpackedDir\lib" -Include @("*.dll") -Recurse | ForEach-Object { | |
AzureSignTool @Params $_.FullName | |
} | |
Remove-Item $PackedFile -ErrorAction SilentlyContinue | Out-Null | |
Compress-Archive -Path "$UnpackedDir\*" -Destination $PackedFile -CompressionLevel Optimal | |
- name: Upload nuget package | |
uses: actions/[email protected] | |
with: | |
name: package-nupkg | |
path: package/*.nupkg | |
publish: | |
name: Publish packages | |
runs-on: ubuntu-22.04 | |
needs: [preflight, build-nuget] | |
environment: ${{ needs.preflight.outputs.package-env }} | |
if: ${{ fromJSON(needs.preflight.outputs.skip-publish) == false }} | |
steps: | |
- name: Download nuget package | |
uses: actions/download-artifact@v4 | |
with: | |
name: package-nupkg | |
path: package | |
- name: Publish to nuget.org | |
shell: pwsh | |
run: | | |
$DryRun = [System.Boolean]::Parse('${{ needs.preflight.outputs.dry-run }}') | |
$NugetPackage = (Get-Item ./package/*.nupkg) | Resolve-Path -Relative | |
$PushArgs = @( | |
'nuget', 'push', "$NugetPackage", | |
'--api-key', '${{ secrets.NUGET_API_KEY }}', | |
'--source', 'https://api.nuget.org/v3/index.json', | |
'--skip-duplicate', '--no-symbols' | |
) | |
Write-Host "dotnet $($PushArgs -Join ' ')" | |
if ($DryRun) { | |
Write-Host "Dry Run: skipping nuget.org publishing!" | |
} else { | |
& 'dotnet' $PushArgs | |
} | |
- name: Create GitHub release | |
shell: pwsh | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
working-directory: package | |
run: | | |
$PackageVersion = '${{ needs.preflight.outputs.package-version }}' | |
$DryRun = [System.Boolean]::Parse('${{ needs.preflight.outputs.dry-run }}') | |
$HashPath = 'checksums' | |
$Files = Get-Item * | % { Get-FileHash -Algorithm SHA256 $_.FullName } | |
$Files | % { "$($_.Hash) $(Split-Path $_.Path -Leaf)" } | Out-File -FilePath $HashPath -Append -Encoding ASCII | |
echo "::group::checksums" | |
Get-Content $HashPath | |
echo "::endgroup::" | |
$ReleaseTag = "v$PackageVersion" | |
$ReleaseTitle = "Devolutions Avalonia Themes v${PackageVersion}" | |
$Repository = $Env:GITHUB_REPOSITORY | |
if ($DryRun) { | |
Write-Host "Dry Run: skipping GitHub release!" | |
} else { | |
& gh release create $ReleaseTag --repo $Repository --title $ReleaseTitle ./* | |
} |