-
Notifications
You must be signed in to change notification settings - Fork 0
167 lines (148 loc) · 6.89 KB
/
release.yml
File metadata and controls
167 lines (148 loc) · 6.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
name: Release
# Triggered automatically when YYYY/Directory.Build.props changes on main.
# Skips silently if the version ends with ".dev" or the tag already exists.
# Can also be triggered manually via workflow_dispatch — version is always
# read from YYYY/Directory.Build.props, never entered as an input.
#
# Required secret: PAT_DISPATCH
# Classic PAT with scopes: repo, workflow, write:packages, read:packages
# Settings → Secrets → Actions → New repository secret
on:
push:
branches: [main]
paths:
- 'YYYY/Directory.Build.props'
workflow_dispatch: {}
permissions:
contents: write
packages: write
env:
DOTNET_VERSION: '10.0.x'
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.PAT_DISPATCH }}
fetch-depth: 0
# ── Read version from YYYY/Directory.Build.props ──────────────────────
- name: Read version
id: version
working-directory: 'YYYY'
run: |
VERSION=$(grep -oP '(?<=<Version>)[^<]+' Directory.Build.props)
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "Version: ${VERSION}"
if [[ "${VERSION}" == *".dev"* ]]; then
echo "is_dev=true" >> $GITHUB_OUTPUT
echo "⏭️ Development version — skipping release"
else
echo "is_dev=false" >> $GITHUB_OUTPUT
if [[ "${VERSION}" == *-* ]]; then
echo "is_prerelease=true" >> $GITHUB_OUTPUT
else
echo "is_prerelease=false" >> $GITHUB_OUTPUT
fi
fi
# ── Version guard — idempotent skip if tag already exists ────────────
- name: Version guard
if: steps.version.outputs.is_dev != 'true'
id: guard
uses: actions/github-script@v7
with:
github-token: ${{ secrets.PAT_DISPATCH }}
script: |
const version = '${{ steps.version.outputs.version }}';
const tag = `v${version}`;
const owner = context.repo.owner;
const repo = context.repo.repo;
// Check Git tag
try {
await github.rest.git.getRef({ owner, repo, ref: `tags/${tag}` });
console.log(`⏭️ Tag '${tag}' already exists — skipping release`);
core.setOutput('skip', 'true');
return;
} catch (e) {
if (e.status !== 404) throw e;
}
// Check GitHub Release
try {
await github.rest.repos.getReleaseByTag({ owner, repo, tag });
console.log(`⏭️ Release '${tag}' already exists — skipping release`);
core.setOutput('skip', 'true');
return;
} catch (e) {
if (e.status !== 404) throw e;
}
console.log(`✅ Version ${version} is clean — proceeding`);
core.setOutput('skip', 'false');
# ── Sync regulation-package.json version ─────────────────────────────
- name: Sync regulation-package.json
if: steps.version.outputs.is_dev != 'true' && steps.guard.outputs.skip != 'true'
working-directory: 'YYYY'
run: |
VERSION="${{ steps.version.outputs.version }}"
if [ -f regulation-package.json ]; then
if command -v jq &>/dev/null; then
jq --arg v "$VERSION" '.version = $v' regulation-package.json \
> regulation-package.tmp.json && mv regulation-package.tmp.json regulation-package.json
echo "✅ regulation-package.json version set to ${VERSION}"
else
sed -i "s|\"version\": \"[^\"]*\"|\"version\": \"${VERSION}\"|" regulation-package.json
echo "✅ regulation-package.json version set to ${VERSION} (sed)"
fi
fi
# ── Build ─────────────────────────────────────────────────────────────
- name: Setup .NET
if: steps.version.outputs.is_dev != 'true' && steps.guard.outputs.skip != 'true'
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- name: Configure GitHub Packages
if: steps.version.outputs.is_dev != 'true' && steps.guard.outputs.skip != 'true'
run: |
# Remove local dev source (not available in CI)
dotnet nuget remove source PayrollEngine 2>/dev/null || true
dotnet nuget add source \
"https://nuget.pkg.github.com/Payroll-Engine/index.json" \
--name github \
--username github-actions \
--password ${{ secrets.PAT_DISPATCH }} \
--store-password-in-clear-text
- name: Restore
if: steps.version.outputs.is_dev != 'true' && steps.guard.outputs.skip != 'true'
working-directory: 'YYYY'
run: dotnet restore
- name: Build
if: steps.version.outputs.is_dev != 'true' && steps.guard.outputs.skip != 'true'
working-directory: 'YYYY'
run: dotnet build --configuration Release --no-restore
- name: Pack
if: steps.version.outputs.is_dev != 'true' && steps.guard.outputs.skip != 'true'
working-directory: 'YYYY'
run: dotnet pack --configuration Release --no-build --output ./nupkgs
# ── Publish to GitHub Packages ────────────────────────────────────────
# Package visibility inherits from the repository:
# public repo → public package (accessible without authentication)
# private repo → private package (requires read:packages PAT)
- name: Publish to GitHub Packages
if: steps.version.outputs.is_dev != 'true' && steps.guard.outputs.skip != 'true'
working-directory: 'YYYY'
run: |
dotnet nuget push ./nupkgs/*.nupkg \
--source "https://nuget.pkg.github.com/Payroll-Engine/index.json" \
--api-key ${{ secrets.GITHUB_TOKEN }} \
--skip-duplicate
# ── Create GitHub Release with .nupkg as asset ───────────────────────
# The .nupkg asset enables direct URL installation via:
# InstallRegulationPackage <release-asset-url> <tenant>
- name: Create GitHub Release
if: steps.version.outputs.is_dev != 'true' && steps.guard.outputs.skip != 'true'
uses: softprops/action-gh-release@v2
with:
tag_name: v${{ steps.version.outputs.version }}
name: v${{ steps.version.outputs.version }}
prerelease: ${{ steps.version.outputs.is_prerelease }}
generate_release_notes: true
files: 'YYYY/nupkgs/*.nupkg'