Skip to content

Enable auditing of nuget packages (#414) #1679

Enable auditing of nuget packages (#414)

Enable auditing of nuget packages (#414) #1679

Workflow file for this run

name: snapx
on:
push:
branches:
- develop
- master
pull_request:
branches:
- develop
# NOTE: Remember to update docker images if you update .NET sdks
env:
GITVERSION_VERSION: 5.12.0
MSVS_TOOLSET_VERSION: 16
SNAPX_DOTNET_FRAMEWORK_VERSION: net8.0
DOTNET_NET60_VERSION: 6.0.424
DOTNET_NET80_VERSION: 8.0.303
DOTNET_NET90_VERSION: 9.0.100-preview.6.24328.19
DOTNET_CLI_TELEMETRY_OPTOUT: 1
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1
DOTNET_NOLOGO: 1
SNAPX_CI_BUILD: 1
SNAPX_CORERUN_ALLOW_ELEVATED_CONTEXT: 1
jobs:
setup:
name: Setup
runs-on: ubuntu-latest
outputs:
SNAPX_VERSION: ${{ steps.set-version.outputs.SNAPX_VERSION }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Add dotnet tools to environment path
shell: pwsh
run: echo "${HOME}/.dotnet/tools" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
- id: set-version
name: Setup GitVersion and set build version
shell: pwsh
run: |
dotnet tool update GitVersion.Tool --global --version ${{ env.GITVERSION_VERSION }}
$SNAPX_VERSION = (dotnet gitversion /showVariable NugetVersionv2) | out-string
echo "SNAPX_VERSION=$SNAPX_VERSION" >> $env:GITHUB_OUTPUT
linux:
runs-on: ${{ matrix.os }}
name: Bootstrap ${{ matrix.rid }}-${{ matrix.configuration }}
needs: [setup]
strategy:
matrix:
configuration: [Debug, Release]
rid: [linux-x64, linux-arm64]
os: [ubuntu-latest]
env:
SNAPX_VERSION: ${{ needs.setup.outputs.SNAPX_VERSION }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
lfs: true
submodules: true
- uses: docker/[email protected]
name: Docker login github packages
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.SNAPX_DOCKER_READ_PAT }}
- name: Setup .NET
uses: actions/[email protected]
with:
dotnet-version: |
${{ env.DOTNET_NET60_VERSION }}
${{ env.DOTNET_NET90_VERSION }}
${{ env.DOTNET_NET80_VERSION }}
- name: Build native
shell: pwsh
run: ./build.ps1 Bootstrap-Unix -Version ${{ env.SNAPX_VERSION }} -Configuration ${{ matrix.configuration }} -CIBuild -NetCoreAppVersion ${{ env.SNAPX_DOTNET_FRAMEWORK_VERSION }} -Rid ${{ matrix.rid }}
- name: Test native
if: matrix.rid != 'linux-arm64'
shell: pwsh
run: ./build.ps1 Run-Native-UnitTests -Version ${{ env.SNAPX_VERSION }} -Configuration ${{ matrix.configuration }} -CIBuild -NetCoreAppVersion ${{ env.SNAPX_DOTNET_FRAMEWORK_VERSION }} -Rid ${{ matrix.rid }}
- name: Test .NET
if: matrix.rid != 'linux-arm64'
shell: pwsh
run: ./build.ps1 Run-Dotnet-UnitTests -Version ${{ env.SNAPX_VERSION }} -Configuration ${{ matrix.configuration }} -CIBuild -NetCoreAppVersion ${{ env.SNAPX_DOTNET_FRAMEWORK_VERSION }} -Rid ${{ matrix.rid }}
- name: Collect artifacts
env:
SNAPX_UNIX_SETUP_ZIP_REL_DIR: build/dotnet/${{ matrix.rid }}/Snap.Installer/${{ env.SNAPX_DOTNET_FRAMEWORK_VERSION }}/${{ matrix.configuration }}/publish
SNAPX_UNIX_CORERUN_REL_DIR: build/native/Unix/${{ matrix.rid }}/${{ matrix.configuration }}/Snap.CoreRun
SNAPX_UNIX_PAL_REL_DIR: build/native/Unix/${{ matrix.rid }}/${{ matrix.configuration }}/Snap.CoreRun.Pal
SNAPX_UNIX_BSDIFF_REL_DIR: build/native/Unix/${{ matrix.rid }}/${{ matrix.configuration }}/Snap.Bsdiff
run: |
mkdir -p ${{ github.workspace }}/artifacts/${{ env.SNAPX_UNIX_SETUP_ZIP_REL_DIR }}
cp ${{ github.workspace }}/${{ env.SNAPX_UNIX_SETUP_ZIP_REL_DIR }}/Setup-${{ matrix.rid }}.zip ${{ github.workspace }}/artifacts/${{ env.SNAPX_UNIX_SETUP_ZIP_REL_DIR }}/Setup-${{ matrix.rid }}.zip
mkdir -p ${{ github.workspace }}/artifacts/${{ env.SNAPX_UNIX_CORERUN_REL_DIR }}
cp ${{ github.workspace }}/${{ env.SNAPX_UNIX_CORERUN_REL_DIR }}/corerun ${{ github.workspace }}/artifacts/${{ env.SNAPX_UNIX_CORERUN_REL_DIR }}/corerun.bin
mkdir -p ${{ github.workspace }}/artifacts/${{ env.SNAPX_UNIX_PAL_REL_DIR }}
cp ${{ github.workspace }}/${{ env.SNAPX_UNIX_PAL_REL_DIR }}/libpal.so ${{ github.workspace }}/artifacts/${{ env.SNAPX_UNIX_PAL_REL_DIR }}/libpal.so
mkdir -p ${{ github.workspace }}/artifacts/${{ env.SNAPX_UNIX_BSDIFF_REL_DIR }}
cp ${{ github.workspace }}/${{ env.SNAPX_UNIX_BSDIFF_REL_DIR }}/libsnap_bsdiff.so ${{ github.workspace }}/artifacts/${{ env.SNAPX_UNIX_BSDIFF_REL_DIR }}/libsnap_bsdiff.so
- name: Upload artifacts
if: success()
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.os }}-${{ matrix.rid }}-${{ matrix.configuration }}
path: ${{ github.workspace }}/artifacts/**/*
windows:
runs-on: ${{ matrix.os }}
name: Bootstrap ${{ matrix.rid }}-${{ matrix.configuration }}
needs: [setup]
strategy:
matrix:
configuration: [Debug, Release]
rid: [win-x86, win-x64]
os: [windows-latest]
env:
SNAPX_VERSION: ${{ needs.setup.outputs.SNAPX_VERSION }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
lfs: true
submodules: true
- name: Setup .NET
uses: actions/[email protected]
with:
dotnet-version: |
${{ env.DOTNET_NET60_VERSION }}
${{ env.DOTNET_NET90_VERSION }}
${{ env.DOTNET_NET80_VERSION }}
- name: Build native
run: ./build.ps1 Bootstrap-Windows -Version ${{ env.SNAPX_VERSION }} -Configuration ${{ matrix.configuration }} -CIBuild -NetCoreAppVersion ${{ env.SNAPX_DOTNET_FRAMEWORK_VERSION }} -Rid ${{ matrix.rid }}
- name: Test native
shell: pwsh
run: ./build.ps1 Run-Native-UnitTests -Version ${{ env.SNAPX_VERSION }} -Configuration ${{ matrix.configuration }} -CIBuild -NetCoreAppVersion ${{ env.SNAPX_DOTNET_FRAMEWORK_VERSION }} -Rid ${{ matrix.rid }}
- name: Test .NET
shell: pwsh
run: ./build.ps1 Run-Dotnet-UnitTests -Version ${{ env.SNAPX_VERSION }} -Configuration ${{ matrix.configuration }} -CIBuild -NetCoreAppVersion ${{ env.SNAPX_DOTNET_FRAMEWORK_VERSION }} -Rid ${{ matrix.rid }}
- name: Collect artifacts
env:
SNAPX_WINDOWS_SETUP_ZIP_REL_DIR: build/dotnet/${{ matrix.rid }}/Snap.Installer/${{ env.SNAPX_DOTNET_FRAMEWORK_VERSION }}/${{ matrix.configuration }}/publish
SNAPX_WINDOWS_CORERUN_REL_DIR: build/native/Windows/${{ matrix.rid }}/${{ matrix.configuration }}/Snap.CoreRun/${{ matrix.configuration }}
SNAPX_WINDOWS_PAL_REL_DIR: build/native/Windows/${{ matrix.rid }}/${{ matrix.configuration }}/Snap.CoreRun.Pal/${{ matrix.configuration }}
SNAPX_WINDOWS_BSDIFF_REL_DIR: build/native/Windows/${{ matrix.rid }}/${{ matrix.configuration }}/Snap.Bsdiff/${{ matrix.configuration }}
run: |
mkdir -p ${{ github.workspace }}/artifacts/${{ env.SNAPX_WINDOWS_SETUP_ZIP_REL_DIR }}
cp ${{ github.workspace }}/${{ env.SNAPX_WINDOWS_SETUP_ZIP_REL_DIR }}/Setup-${{ matrix.rid }}.zip ${{ github.workspace }}/artifacts/${{ env.SNAPX_WINDOWS_SETUP_ZIP_REL_DIR }}/Setup-${{ matrix.rid }}.zip
mkdir -p ${{ github.workspace }}/artifacts/${{ env.SNAPX_WINDOWS_CORERUN_REL_DIR }}
cp ${{ github.workspace }}/${{ env.SNAPX_WINDOWS_CORERUN_REL_DIR }}/corerun.exe ${{ github.workspace }}/artifacts/${{ env.SNAPX_WINDOWS_CORERUN_REL_DIR }}/corerun.exe
mkdir -p ${{ github.workspace }}/artifacts/${{ env.SNAPX_WINDOWS_PAL_REL_DIR }}
cp ${{ github.workspace }}/${{ env.SNAPX_WINDOWS_PAL_REL_DIR }}/pal.dll ${{ github.workspace }}/artifacts/${{ env.SNAPX_WINDOWS_PAL_REL_DIR }}/pal.dll
mkdir -p ${{ github.workspace }}/artifacts/${{ env.SNAPX_WINDOWS_BSDIFF_REL_DIR }}
cp ${{ github.workspace }}/${{ env.SNAPX_WINDOWS_BSDIFF_REL_DIR }}/snap_bsdiff.dll ${{ github.workspace }}/artifacts/${{ env.SNAPX_WINDOWS_BSDIFF_REL_DIR }}/snap_bsdiff.dll
- name: Upload artifacts
if: success()
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.os }}-${{ matrix.rid }}-${{ matrix.configuration }}
path: ${{ github.workspace }}/artifacts/**/*
publish:
if: success()
runs-on: ubuntu-latest
name: Nupkg
needs: [setup, windows, linux] # todo: enable me when github actions supports arm64: test-linux-arm64
env:
SNAPX_VERSION: ${{ needs.setup.outputs.SNAPX_VERSION }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
lfs: true
- name: Download ubuntu-latest-linux-arm64-Release artifacts
uses: actions/download-artifact@v4
with:
name: ubuntu-latest-linux-arm64-Release
path: ${{ github.workspace }}
- name: Download ubuntu-latest-linux-x64-Release artifacts
uses: actions/download-artifact@v4
with:
name: ubuntu-latest-linux-x64-Release
path: ${{ github.workspace }}
- name: Download windows-latest-win-x86-Release artifacts
uses: actions/download-artifact@v4
with:
name: windows-latest-win-x86-Release
path: ${{ github.workspace }}
- name: Download windows-latest-win-x64-Release artifacts
uses: actions/download-artifact@v4
with:
name: windows-latest-win-x64-Release
path: ${{ github.workspace }}
- name: Setup .NET
uses: actions/[email protected]
with:
dotnet-version: |
${{ env.DOTNET_NET60_VERSION }}
${{ env.DOTNET_NET90_VERSION }}
${{ env.DOTNET_NET80_VERSION }}
- name: Add dotnet tools to environment path
shell: pwsh
run: echo "${HOME}/.dotnet/tools" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
- name: Build nupkgs
shell: pwsh
run: ./build.ps1 -Target Snapx -CIBuild -Version ${{ env.SNAPX_VERSION }} -Configuration Release
- name: Push nuget packages
if: github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master'
shell: pwsh
run: |
$nupkgs = Get-ChildItem ".\${{ env.GITHUB_WORKSPACE }}\nupkgs" -Filter *.nupkg | Select-Object -ExpandProperty FullName
$nupkgs | ForEach-Object {
dotnet nuget push $_ --source nuget.org --api-key ${{ secrets.PETERSUNDE_NUGET_ORG_API_KEY }}
if($LASTEXITCODE -ne 0)
{
Write-Error "Error uploading nupkg: $_"
}
}
- name: Create github release tag
if: github.ref == 'refs/heads/master'
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: v${{ env.SNAPX_VERSION }}
release_name: Release v${{ env.SNAPX_VERSION }}
draft: true
prerelease: false