-
Notifications
You must be signed in to change notification settings - Fork 179
144 lines (124 loc) · 3.99 KB
/
Copy pathdotnet-release.yml
File metadata and controls
144 lines (124 loc) · 3.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: .NET release
on:
push:
tags:
- "v*"
env:
DEFAULT_DOTNET_VERSION: "10.0.x"
jobs:
build:
strategy:
matrix:
os: [windows-latest, ubuntu-latest]
fail-fast: false
runs-on: "${{ matrix.os }}"
env:
DOTNET_CONFIGURATION: Release
DAPR_VERSION: "1.15.0"
steps:
- uses: actions/checkout@v6
- name: Setup Runtimes, Caching, and Tools
uses: ./.github/actions/setup-runtimes-caching
with:
name: "Full"
docker-username: ${{ secrets.DOCKER_USERNAME }}
docker-password: ${{ secrets.DOCKER_PASSWORD }}
docker-registry: ${{ secrets.CUSTOM_CONTAINER_REGISTRY }}
- name: Restore dependencies
run: dotnet restore
- name: Build
run: dotnet build --no-restore --configuration ${{ env.DOTNET_CONFIGURATION }}
run-tests:
uses: ./.github/workflows/tests.yaml
secrets: inherit
package:
uses: ./.github/workflows/package.yml
with:
validate_version: true
needs: run-tests
sign:
needs: package
runs-on: windows-latest
permissions:
id-token: write # Required for requesting the JWT
steps:
- name: Install .NET SDK v${{ env.DEFAULT_DOTNET_VERSION }}
uses: actions/setup-dotnet@v5
with:
dotnet-version: ${{ env.DEFAULT_DOTNET_VERSION }}
- name: Download Package List
uses: actions/download-artifact@v8
with:
name: nuget-packages
path: ${{ github.workspace }}/packages
- name: Download NuGet package list
uses: actions/download-artifact@v8
with:
name: nuget-list
path: ${{ github.workspace }}
- name: Install Signing Tool
run: dotnet tool install --tool-path ./tools sign --version 0.9.1-beta.23356.1
- name: Sign Packages
run: >
./tools/sign code azure-key-vault
**/*.nupkg
--base-directory "${{ github.workspace }}/packages"
--file-list "${{ github.workspace }}/SignClientFileList.txt"
--timestamp-url "http://timestamp.digicert.com"
--publisher-name ".NET Foundation"
--description "Aspire Community Toolkit"
--description-url "https://github.com/CommunityToolkit/Aspire"
--azure-key-vault-url "${{ secrets.SIGN_KEY_VAULT_URL }}"
--azure-key-vault-client-id ${{ secrets.SIGN_CLIENT_ID }}
--azure-key-vault-client-secret "${{ secrets.SIGN_CLIENT_SECRET }}"
--azure-key-vault-tenant-id ${{ secrets.SIGN_TENANT_ID }}
--azure-key-vault-certificate "${{ secrets.SIGN_CERTIFICATE }}"
--verbosity Information
- name: Upload Signed Packages as Artifacts (for release)
uses: actions/upload-artifact@v7
with:
name: signed-nuget-packages
if-no-files-found: error
path: |
${{ github.workspace }}/packages/**/*.nupkg
release:
needs: sign
runs-on: ubuntu-latest
environment:
name: release
steps:
- name: Download package
uses: actions/download-artifact@v8
with:
name: signed-nuget-packages
- name: Release
uses: softprops/action-gh-release@v3
with:
files: |
./*.nupkg
publish-nuget:
needs: sign
runs-on: ubuntu-latest
environment:
name: nuget-stable
permissions:
id-token: write
contents: read
steps:
- name: Download package
uses: actions/download-artifact@v8
with:
name: signed-nuget-packages
- name: NuGet login (OIDC)
id: login
uses: NuGet/login@v1
with:
user: ${{ secrets.NUGET_USER }}
- name: Publish to NuGet
run: dotnet nuget push ./*.nupkg --source "https://api.nuget.org/v3/index.json" --api-key ${{ steps.login.outputs.NUGET_API_KEY }} --skip-duplicate
publish-coverage:
needs: run-tests
uses: ./.github/workflows/code-coverage.yml
with:
fail_on_low_coverage: true
secrets: inherit