initial country regulation template — NuGet packaging, CI/CD workflows and regulation skeleton

Author: Jani Giannoudis

.github/workflows/ci.yml

@@ -0,0 +1,55 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+  packages: read
+
+env:
+  DOTNET_VERSION: '10.0.x'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Read version
+        id: version
+        run: |
+          VERSION=$(grep -oP '(?<=<Version>)[^<]+' Directory.Build.props)
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          echo "Version: ${VERSION}"
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
+      - name: Configure GitHub Packages
+        run: |
+          # Remove local dev source (not available in CI)
+          dotnet nuget remove source PayrollEngine 2>/dev/null || true
+          dotnet nuget add source \
+            "https://nuget.pkg.github.com/Payroll-Engine/index.json" \
+            --name github \
+            --username github-actions \
+            --password ${{ secrets.GITHUB_TOKEN }} \
+            --store-password-in-clear-text
+
+      - name: Restore
+        run: dotnet restore
+
+      - name: Build
+        run: dotnet build --configuration Release --no-restore
+
+      - name: Pack
+        run: dotnet pack --configuration Release --no-build --output ./nupkgs
+
+      - name: List packages
+        run: ls -la ./nupkgs/

.github/workflows/release.yml

@@ -0,0 +1,161 @@
+name: Release
+
+# Triggered automatically when Directory.Build.props changes on main.
+# Skips silently if the version ends with ".dev" or the tag already exists.
+# Can also be triggered manually via workflow_dispatch — version is always
+# read from Directory.Build.props, never entered as an input.
+#
+# Required secret: PAT_DISPATCH
+#   Classic PAT with scopes: repo, workflow, write:packages, read:packages
+#   Settings → Secrets → Actions → New repository secret
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - Directory.Build.props
+  workflow_dispatch: {}
+
+permissions:
+  contents: write
+  packages: write
+
+env:
+  DOTNET_VERSION: '10.0.x'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PAT_DISPATCH }}
+          fetch-depth: 0
+
+      # ── Read version from Directory.Build.props ──────────────────────────
+      - name: Read version
+        id: version
+        run: |
+          VERSION=$(grep -oP '(?<=<Version>)[^<]+' Directory.Build.props)
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          echo "Version: ${VERSION}"
+
+          if [[ "${VERSION}" == *".dev"* ]]; then
+            echo "is_dev=true" >> $GITHUB_OUTPUT
+            echo "⏭️ Development version — skipping release"
+          else
+            echo "is_dev=false" >> $GITHUB_OUTPUT
+            if [[ "${VERSION}" == *-* ]]; then
+              echo "is_prerelease=true" >> $GITHUB_OUTPUT
+            else
+              echo "is_prerelease=false" >> $GITHUB_OUTPUT
+            fi
+          fi
+
+      # ── Version guard — idempotent skip if tag already exists ────────────
+      - name: Version guard
+        if: steps.version.outputs.is_dev != 'true'
+        id: guard
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.PAT_DISPATCH }}
+          script: |
+            const version = '${{ steps.version.outputs.version }}';
+            const tag = `v${version}`;
+            const owner = context.repo.owner;
+            const repo = context.repo.repo;
+
+            // Check Git tag
+            try {
+              await github.rest.git.getRef({ owner, repo, ref: `tags/${tag}` });
+              console.log(`⏭️ Tag '${tag}' already exists — skipping release`);
+              core.setOutput('skip', 'true');
+              return;
+            } catch (e) {
+              if (e.status !== 404) throw e;
+            }
+
+            // Check GitHub Release
+            try {
+              await github.rest.repos.getReleaseByTag({ owner, repo, tag });
+              console.log(`⏭️ Release '${tag}' already exists — skipping release`);
+              core.setOutput('skip', 'true');
+              return;
+            } catch (e) {
+              if (e.status !== 404) throw e;
+            }
+
+            console.log(`✅ Version ${version} is clean — proceeding`);
+            core.setOutput('skip', 'false');
+
+      # ── Sync regulation-package.json version ─────────────────────────────
+      - name: Sync regulation-package.json
+        if: steps.version.outputs.is_dev != 'true' && steps.guard.outputs.skip != 'true'
+        run: |
+          VERSION="${{ steps.version.outputs.version }}"
+          if [ -f regulation-package.json ]; then
+            if command -v jq &>/dev/null; then
+              jq --arg v "$VERSION" '.version = $v' regulation-package.json \
+                > regulation-package.tmp.json && mv regulation-package.tmp.json regulation-package.json
+              echo "✅ regulation-package.json version set to ${VERSION}"
+            else
+              sed -i "s|\"version\": \"[^\"]*\"|\"version\": \"${VERSION}\"|" regulation-package.json
+              echo "✅ regulation-package.json version set to ${VERSION} (sed)"
+            fi
+          fi
+
+      # ── Build ─────────────────────────────────────────────────────────────
+      - name: Setup .NET
+        if: steps.version.outputs.is_dev != 'true' && steps.guard.outputs.skip != 'true'
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
+      - name: Configure GitHub Packages
+        if: steps.version.outputs.is_dev != 'true' && steps.guard.outputs.skip != 'true'
+        run: |
+          # Remove local dev source (not available in CI)
+          dotnet nuget remove source PayrollEngine 2>/dev/null || true
+          dotnet nuget add source \
+            "https://nuget.pkg.github.com/Payroll-Engine/index.json" \
+            --name github \
+            --username github-actions \
+            --password ${{ secrets.PAT_DISPATCH }} \
+            --store-password-in-clear-text
+
+      - name: Restore
+        if: steps.version.outputs.is_dev != 'true' && steps.guard.outputs.skip != 'true'
+        run: dotnet restore
+
+      - name: Build
+        if: steps.version.outputs.is_dev != 'true' && steps.guard.outputs.skip != 'true'
+        run: dotnet build --configuration Release --no-restore
+
+      - name: Pack
+        if: steps.version.outputs.is_dev != 'true' && steps.guard.outputs.skip != 'true'
+        run: dotnet pack --configuration Release --no-build --output ./nupkgs
+
+      # ── Publish to GitHub Packages ────────────────────────────────────────
+      # Package visibility inherits from the repository:
+      #   public repo  → public package  (accessible without authentication)
+      #   private repo → private package (requires read:packages PAT)
+      - name: Publish to GitHub Packages
+        if: steps.version.outputs.is_dev != 'true' && steps.guard.outputs.skip != 'true'
+        run: |
+          dotnet nuget push ./nupkgs/*.nupkg \
+            --source "https://nuget.pkg.github.com/Payroll-Engine/index.json" \
+            --api-key ${{ secrets.GITHUB_TOKEN }} \
+            --skip-duplicate
+
+      # ── Create GitHub Release with .nupkg as asset ───────────────────────
+      # The .nupkg asset enables direct URL installation via:
+      #   InstallRegulationPackage <release-asset-url> <tenant>
+      - name: Create GitHub Release
+        if: steps.version.outputs.is_dev != 'true' && steps.guard.outputs.skip != 'true'
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: v${{ steps.version.outputs.version }}
+          name: v${{ steps.version.outputs.version }}
+          prerelease: ${{ steps.version.outputs.is_prerelease }}
+          generate_release_notes: true
+          files: ./nupkgs/*.nupkg

.gitignore

@@ -0,0 +1,131 @@
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+##
+## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
+
+# User-specific files
+*.rsuser
+*.suo
+*.user
+*.userosscache
+*.sln.docstates
+
+# User-specific files (MonoDevelop/Xamarin Studio)
+*.userprefs
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+[Aa][Rr][Mm]/
+[Aa][Rr][Mm]64/
+bld/
+[Bb]in/
+[Oo]bj/
+[Ll]og/
+
+# Visual Studio 2015/2017 cache/options directory
+.vs/
+
+# Visual Studio 2017 auto generated files
+Generated\ Files/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+# NUNIT
+*.VisualState.xml
+TestResult.xml
+
+# .NET Core
+project.lock.json
+project.fragment.lock.json
+artifacts/
+
+# StyleCop
+StyleCopReport.xml
+
+# Files built by Visual Studio
+*_i.c
+*_p.c
+*_h.h
+*.ilk
+*.meta
+*.obj
+*.iobj
+*.pch
+*.pdb
+*.ipdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*_wpftmp.csproj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.svclog
+*.scc
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opendb
+*.opensdf
+*.sdf
+*.cachefile
+*.VC.db
+*.VC.VC.opendb
+
+# ReSharper
+_ReSharper*/
+*.[Rr]e[Ss]harper
+*.DotSettings.user
+
+# DotCover
+*.dotCover
+
+# Visual Studio code coverage
+*.coverage
+*.coveragexml
+
+# NuGet
+*.nupkg
+nupkgs/
+**/[Pp]ackages/*
+!**/[Pp]ackages/build/
+*.nuget.props
+*.nuget.targets
+
+# JetBrains Rider
+.idea/
+*.sln.iml
+
+# Python
+__pycache__/
+*.pyc
+
+# MSBuild logs
+*.binlog
+
+# NDepend
+/NDependOut*/
+
+# Misc
+/**/DROP/
+/**/TEMP/
+/**/packages/
+/**/bin/
+/**/obj/

Delete.Tests.pecmd

@@ -0,0 +1,3 @@
+### removes test payroll and payrun without deleting the regulation ###
+PayrunDelete {CC}.Payrun /tenantidentifier:{CC}.{RegulationName} /trydelete
+PayrollDelete {CC}.Payroll /tenantidentifier:{CC}.{RegulationName} /trydelete

Delete.pecmd

@@ -0,0 +1 @@
+TenantDelete {CC}.{RegulationName} /trydelete

Directory.Build.props

@@ -0,0 +1,28 @@
+<Project>
+
+	<PropertyGroup>
+		<TargetFramework>net10.0</TargetFramework>
+		<Version>1.0.0-beta.dev</Version>
+		<FileVersion>1.0.0</FileVersion>
+		<InformationalVersion></InformationalVersion>
+		<Authors>{Provider}</Authors>
+		<Company>{Provider}</Company>
+		<Copyright>© 2026 {Provider}</Copyright>
+		<Product>Payroll Engine Regulation {CC}.{RegulationName}</Product>
+		<PackageProjectUrl>https://payrollengine.org/</PackageProjectUrl>
+		<RepositoryUrl>https://github.com/{Provider}/Regulation.{CC}.{RegulationName}.git</RepositoryUrl>
+		<IncludeSourceRevisionInInformationalVersion>false</IncludeSourceRevisionInInformationalVersion>
+	</PropertyGroup>
+
+	<PropertyGroup>
+		<!-- Disable NuGet vulnerability audit — regulation packages have no runtime dependencies -->
+		<NuGetAudit>false</NuGetAudit>
+	</PropertyGroup>
+
+	<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
+		<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+		<WarningsAsErrors />
+		<NoWarn>1701;1702;8034;AD0001</NoWarn>
+	</PropertyGroup>
+
+</Project>