Ci/trusted publishing (#244)

Stepami · Stepami · commit 6a0f8a5151ed · 2026-05-16T01:20:12.000+03:00
* chore(Directory.Package.props): nuget up bump package versions * refactor(build): Directory.Build.props Add IsAotCompatible property across projects * ci(workflow): release.yml update pipeline for OIDC-based NuGet Trusted Publishing Closes #243 * ci(workflow): develop.yml & release.yml bump action versions in release and develop pipelines * build(hydrascript): csproj improve runtime support and packaging configuration * ci(workflow): develop.yml YAMl folded multiline https://github.com/orgs/community/discussions/26105 * ci(workflow): release.yml update release pipeline to provide runtime-specific dotnet tool NuGet publishing
diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml
@@ -21,20 +21,20 @@ jobs:
     runs-on: windows-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
       - name: Setup .NET
         uses: actions/setup-dotnet@v5
         with:
           dotnet-version: 10.0.x
       - name: Setup GitVersion
-        uses: gittools/actions/gitversion/setup@v4.2.0
+        uses: gittools/actions/gitversion/setup@v4.5.0
         with:
           versionSpec: '6.4.x'
       - name: Determine Version
         id: version_step
-        uses: gittools/actions/gitversion/execute@v4.2.0
+        uses: gittools/actions/gitversion/execute@v4.5.0
       - name: Push New Version Tag
         if: github.ref == 'refs/heads/master' && github.event_name == 'push'
         run: |
@@ -48,7 +48,9 @@ jobs:
       - name: Restore dependencies
         run: dotnet restore
       - name: Build
-        run: dotnet build -p:Version=${{ steps.version_step.outputs.fullSemVer }} --no-restore -c Debug -v n
+        run: >-
+          dotnet build -p:Version=${{ steps.version_step.outputs.fullSemVer }}
+          --no-restore -c Debug -v n
       - name: Unit Tests
         run: dotnet test -c Debug --no-build -v n --filter-trait Category=Unit
       - name: Integration Tests
@@ -72,7 +74,7 @@ jobs:
           show_branch: true
           only_changed_files: true
       - name: ReportGenerator
-        uses: danielpalme/ReportGenerator-GitHub-Action@5.4.15
+        uses: danielpalme/ReportGenerator-GitHub-Action@5.5.10
         with:
           reports: './tests/HydraScript.IntegrationTests/bin/Debug/net10.0/TestResults/coverage.cobertura.xml' 
           targetdir: './coverage-report' 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -9,6 +9,7 @@ permissions:
   contents: write
   issues: write
   actions: write
+  id-token: write
 
 jobs:
   create-release:
@@ -19,7 +20,7 @@ jobs:
       publish_version: ${{ steps.version_step.outputs.publishVersion }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
       - name: Setup .NET
@@ -31,11 +32,11 @@ jobs:
           echo "majorMinorPatch=$tag" >> $GITHUB_OUTPUT
           echo "publishVersion=${tag:1}" >> $GITHUB_OUTPUT
       - name: Setup GitReleaseManager
-        uses: gittools/actions/gitreleasemanager/setup@v4.2.0
+        uses: gittools/actions/gitreleasemanager/setup@v4.5.0
         with:
           versionSpec: '0.20.x'
       - name: Create release with GitReleaseManager
-        uses: gittools/actions/gitreleasemanager/create@v4.2.0
+        uses: gittools/actions/gitreleasemanager/create@v4.5.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: 'Stepami/hydrascript'
@@ -60,23 +61,27 @@ jobs:
     runs-on: ${{ matrix.config.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Setup .NET
         uses: actions/setup-dotnet@v5
         with:
           dotnet-version: 10.0.x
       - name: Setup GitReleaseManager
-        uses: gittools/actions/gitreleasemanager/setup@v4.2.0
+        uses: gittools/actions/gitreleasemanager/setup@v4.5.0
         with:
           versionSpec: '0.20.x'
       - name: Publish
-        run: |
-          mkdir output
-          dotnet publish ./src/HydraScript/HydraScript.csproj -r ${{ matrix.config.rid }} -p:Version=${{ needs.create-release.outputs.publish_version }} -o ./output
+        run: >-
+          dotnet publish ./src/HydraScript/HydraScript.csproj
+          -r ${{ matrix.config.rid }}
+          -p:Version=${{ needs.create-release.outputs.publish_version }}
+          -o ./output
       - name: Rename Executable
-        run: mv ./output/HydraScript${{ matrix.config.rid == 'win-x64' && '.exe' || '' }} ./output/hydrascript_${{ matrix.config.rid }}${{ matrix.config.rid == 'win-x64' && '.exe' || '' }}
+        run: >-
+          mv ./output/HydraScript${{ matrix.config.rid == 'win-x64' && '.exe' || '' }}
+          ./output/hydrascript_${{ matrix.config.rid }}${{ matrix.config.rid == 'win-x64' && '.exe' || '' }}
       - name: Add asset to a release with GitReleaseManager
-        uses: gittools/actions/gitreleasemanager/addasset@v4.2.0
+        uses: gittools/actions/gitreleasemanager/addasset@v4.5.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: 'Stepami/hydrascript'
@@ -93,17 +98,17 @@ jobs:
       - name: Setup .NET
         uses: actions/setup-dotnet@v5
       - name: Setup GitReleaseManager
-        uses: gittools/actions/gitreleasemanager/setup@v4.2.0
+        uses: gittools/actions/gitreleasemanager/setup@v4.5.0
         with:
           versionSpec: '0.20.x'
       - name: Publish release with GitReleaseManager
-        uses: gittools/actions/gitreleasemanager/publish@v4.2.0
+        uses: gittools/actions/gitreleasemanager/publish@v4.5.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: 'Stepami/hydrascript'
           milestone: ${{ needs.upload-release-assets.outputs.determined_version }}
       - name: Close release with GitReleaseManager
-        uses: gittools/actions/gitreleasemanager/close@v4.2.0
+        uses: gittools/actions/gitreleasemanager/close@v4.5.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: 'Stepami/hydrascript'
@@ -115,16 +120,63 @@ jobs:
     needs: publish-release
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v5
+        with:
+          dotnet-version: 10.0.x
+      - name: Pack
+        run: >-
+          dotnet pack ./src/HydraScript/HydraScript.csproj -c Release -o ./pack-output -v n
+          -p:Version=${{ needs.publish-release.outputs.publish_version }}
+          -p:PublishAot=false
+      - name: NuGet login (OIDC → temp API key)
+        uses: NuGet/login@v1
+        id: nuget_login
+        with:
+          user: ${{ secrets.NUGET_USER }}
+      - name: Publish
+        run: >-
+          dotnet nuget push ./pack-output/HydraScript.${{ needs.publish-release.outputs.publish_version }}.nupkg
+          --skip-duplicate
+          --api-key ${{ steps.nuget_login.outputs.NUGET_API_KEY }}
+          --source "https://api.nuget.org/v3/index.json"
+
+  publish-rid-nuget:
+    name: Publish as runtime-specific dotnet tool to NuGet
+    needs: publish-release
+    strategy:
+      matrix:
+        config:
+          - os: ubuntu-latest
+            rid: linux-x64
+          - os: macos-latest
+            rid: osx-arm64
+          - os: windows-latest
+            rid: win-x64
+    runs-on: ${{ matrix.config.os }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
       - name: Setup .NET
         uses: actions/setup-dotnet@v5
         with:
           dotnet-version: 10.0.x
-      - name: Build
-        run: dotnet build ./src/HydraScript/HydraScript.csproj -c Release -v n `
-          -p:Version=${{ needs.publish-release.outputs.publish_version }} `
-          -p:PublishAot=false -p:PublishSingleFile=false
+      - name: Pack
+        run: >-
+          dotnet pack ./src/HydraScript/HydraScript.csproj
+          -c Release -o ./pack-rid-output -v n
+          -r ${{ matrix.config.rid }}
+          -p:Version=${{ needs.publish-release.outputs.publish_version }}
+      - name: NuGet login (OIDC → temp API key)
+        uses: NuGet/login@v1
+        id: nuget_login
+        with:
+          user: ${{ secrets.NUGET_USER }}
       - name: Publish
-        run: dotnet nuget push (ls "./src/HydraScript/bin/Release/*.nupkg") `
-          --api-key ${{ secrets.NUGET_API_KEY }} `
+        run: >-
+          dotnet nuget push
+          ./pack-rid-output/HydraScript.${{ matrix.config.rid }}.${{ needs.publish-release.outputs.publish_version }}.nupkg
+          --skip-duplicate
+          --api-key ${{ steps.nuget_login.outputs.NUGET_API_KEY }}
           --source "https://api.nuget.org/v3/index.json"
diff --git a/Directory.Build.props b/Directory.Build.props
@@ -8,6 +8,7 @@
         <LangVersion>latest</LangVersion>
         <BuildInParallel>false</BuildInParallel>
         <IsPackable>false</IsPackable>
+        <IsAotCompatible>true</IsAotCompatible>
     </PropertyGroup>
 
     <PropertyGroup Condition="'$(Configuration)' == 'Release'">
diff --git a/Directory.Packages.props b/Directory.Packages.props
@@ -12,11 +12,11 @@
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageVersion>
         <PackageVersion Include="Microsoft.CodeAnalysis.CSharp" Version="5.3.0"/>
-        <PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="10.0.7"/>
-        <PackageVersion Include="Microsoft.Extensions.Logging" Version="10.0.7"/>
-        <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.7"/>
-        <PackageVersion Include="Microsoft.Extensions.Options" Version="10.0.7"/>
-        <PackageVersion Include="System.CommandLine" Version="2.0.7"/>
+        <PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="10.0.8"/>
+        <PackageVersion Include="Microsoft.Extensions.Logging" Version="10.0.8"/>
+        <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.8"/>
+        <PackageVersion Include="Microsoft.Extensions.Options" Version="10.0.8"/>
+        <PackageVersion Include="System.CommandLine" Version="2.0.8"/>
         <PackageVersion Include="System.IO.Abstractions" Version="22.1.1"/>
         <PackageVersion Include="Visitor.NET" Version="4.2.1"/>
         <PackageVersion Include="Visitor.NET.AutoVisitableGen" Version="1.5.3"/>
diff --git a/benchmarks/HydraScript.Benchmarks/HydraScript.Benchmarks.csproj b/benchmarks/HydraScript.Benchmarks/HydraScript.Benchmarks.csproj
@@ -2,6 +2,7 @@
 
     <PropertyGroup>
         <OutputType>Exe</OutputType>
+        <IsAotCompatible>false</IsAotCompatible>
     </PropertyGroup>
 
     <ItemGroup>
diff --git a/src/Domain/HydraScript.Domain.Constants/HydraScript.Domain.Constants.csproj b/src/Domain/HydraScript.Domain.Constants/HydraScript.Domain.Constants.csproj
@@ -2,6 +2,7 @@
 
     <PropertyGroup>
         <TargetFramework>netstandard2.0</TargetFramework>
+        <IsAotCompatible>false</IsAotCompatible>
     </PropertyGroup>
 
 </Project>
diff --git a/src/HydraScript/HydraScript.csproj b/src/HydraScript/HydraScript.csproj
@@ -3,20 +3,8 @@
     <PropertyGroup>
         <OutputType>Exe</OutputType>
         <PublishAot>true</PublishAot>
-        <PublishSingleFile>true</PublishSingleFile>
-    </PropertyGroup>
-
-    <ItemGroup>
-        <ProjectReference Include="..\Infrastructure\HydraScript.Infrastructure\HydraScript.Infrastructure.csproj" />
-    </ItemGroup>
-
-    <ItemGroup>
-        <PackageReference Include="System.CommandLine" />
-    </ItemGroup>
-
-    <PropertyGroup Condition="'$(PublishAot)' == 'false' And '$(PublishSingleFile)' == 'false'">
+        <RuntimeIdentifiers>linux-x64;win-x64;osx-arm64;</RuntimeIdentifiers>
         <IsPackable>true</IsPackable>
-        <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
         <PackageId>HydraScript</PackageId>
         <Description>TypeScript &amp; Go inspired small interpreted programming language written in C#</Description>
         <Authors>Stepami</Authors>
@@ -35,7 +23,15 @@
         <PackageIcon>icon.png</PackageIcon>
     </PropertyGroup>
 
-    <ItemGroup Condition="'$(PublishAot)' == 'false' And '$(PublishSingleFile)' == 'false'">
+    <ItemGroup>
+        <ProjectReference Include="..\Infrastructure\HydraScript.Infrastructure\HydraScript.Infrastructure.csproj" />
+    </ItemGroup>
+
+    <ItemGroup>
+        <PackageReference Include="System.CommandLine" />
+    </ItemGroup>
+
+    <ItemGroup>
         <None Include="../../LICENSE" Pack="true" Visible="false" PackagePath=""/>
         <None Include="../../README.md" Pack="true" Visible="false" PackagePath=""/>
         <None Include="../../icon.png" Pack="true" Visible="false" PackagePath=""/>
diff --git a/src/Infrastructure/HydraScript.Infrastructure.LexerRegexGenerator/HydraScript.Infrastructure.LexerRegexGenerator.csproj b/src/Infrastructure/HydraScript.Infrastructure.LexerRegexGenerator/HydraScript.Infrastructure.LexerRegexGenerator.csproj
@@ -4,6 +4,7 @@
         <EnforceExtendedAnalyzerRules>true</EnforceExtendedAnalyzerRules>
         <IsRoslynComponent>true</IsRoslynComponent>
         <TargetFramework>netstandard2.0</TargetFramework>
+        <IsAotCompatible>false</IsAotCompatible>
     </PropertyGroup>
 
     <ItemGroup>
diff --git a/src/Infrastructure/HydraScript.Infrastructure/HydraScriptConsole.cs b/src/Infrastructure/HydraScript.Infrastructure/HydraScriptConsole.cs
@@ -6,17 +6,11 @@
 namespace HydraScript.Infrastructure;
 
 [ExcludeFromCodeCoverage]
-internal partial class HydraScriptConsole(ILogger<HydraScriptConsole> logger) : IConsole
+internal sealed class HydraScriptConsole(ILogger<HydraScriptConsole> logger) : IConsole
 {
-    [ZLoggerMessage(Level = LogLevel.Information, Message = "{obj}")]
-    private static partial void WriteLine(ILogger<HydraScriptConsole> logger, object? obj);
+    public void WriteLine(object? obj) => logger.ZLogInformation($"{obj}");
 
-    public void WriteLine(object? obj) => WriteLine(logger, obj);
-
-    [ZLoggerMessage(Level = LogLevel.Error, Message = "{message}")]
-    private static partial void WriteError(ILogger<HydraScriptConsole> logger, Exception e, string message);
-
-    public void WriteError(Exception e, string message) => WriteError(logger, e, message);
+    public void WriteError(Exception e, string message) => logger.ZLogError(e, $"{message}");
 
     public string ReadLine() => Console.ReadLine() ?? string.Empty;
 }
diff --git a/tests/Directory.Build.props b/tests/Directory.Build.props
@@ -7,6 +7,7 @@
         <OutputType>Exe</OutputType>
         <UseMicrosoftTestingPlatformRunner>true</UseMicrosoftTestingPlatformRunner>
         <TestingPlatformCommandLineArguments>--ignore-exit-code 8</TestingPlatformCommandLineArguments>
+        <IsAotCompatible>false</IsAotCompatible>
     </PropertyGroup>
 
     <ItemGroup>
