Skip to content

Release 0.2.2 (#310) #32

Release 0.2.2 (#310)

Release 0.2.2 (#310) #32

Workflow file for this run

name: Release
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
tag:
description: Release tag to publish, for example v0.1.0
required: true
type: string
permissions:
contents: write
concurrency:
group: release-${{ github.ref_name || inputs.tag }}
cancel-in-progress: false
jobs:
release-windows:
runs-on: [self-hosted, windows, switchify-signing]
env:
SWITCHIFY_SIGNING_MODE: certum-simplysign
SWITCHIFY_CERTUM_CERT_THUMBPRINT: ${{ vars.CERTUM_CERT_THUMBPRINT }}
SWITCHIFY_CERTUM_TIMESTAMP_URL: http://time.certum.pl
steps:
- name: Resolve release tag
shell: powershell
run: |
$tag = '${{ github.ref_name }}'
if ('${{ github.event_name }}' -eq 'workflow_dispatch') {
$tag = '${{ inputs.tag }}'
}
if (-not $tag.StartsWith('v')) {
throw "Release tag must start with v. Received: $tag"
}
"RELEASE_TAG=$tag" | Out-File -FilePath $env:GITHUB_ENV -Append
- name: Checkout
uses: actions/checkout@v6
with:
ref: ${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref }}
- name: Setup .NET
uses: actions/setup-dotnet@v5
env:
DOTNET_INSTALL_DIR: ${{ runner.temp }}\dotnet
with:
dotnet-version: 8.0.x
- name: Restore
run: dotnet restore src/SwitchifyPc.sln
- name: Build
run: dotnet build src/SwitchifyPc.sln -c Release --no-restore
- name: Test
run: dotnet test src/SwitchifyPc.sln -c Release --no-build
- name: Verify Certum signing certificate
shell: powershell
run: |
$thumbprint = '${{ vars.CERTUM_CERT_THUMBPRINT }}' -replace '[^a-fA-F0-9]', ''
if (-not $thumbprint) {
throw 'CERTUM_CERT_THUMBPRINT repository variable is not set.'
}
$cert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert |
Where-Object { $_.Thumbprint -eq $thumbprint } |
Select-Object -First 1
if (-not $cert) {
throw "Certum code-signing certificate was not found in Cert:\CurrentUser\My. Make sure SimplySign Desktop is logged in before running the release."
}
if (-not $cert.HasPrivateKey) {
throw "Certum certificate is present but has no private key."
}
Write-Host "Using Certum signing certificate: $($cert.Subject)"
- name: Package Windows installer
shell: powershell
run: powershell -NoProfile -ExecutionPolicy Bypass -File scripts\Package-Windows.ps1
- name: Verify Windows package
shell: powershell
run: powershell -NoProfile -ExecutionPolicy Bypass -File scripts\Verify-DotnetPackage.ps1
- name: Verify updater metadata
shell: powershell
run: powershell -NoProfile -ExecutionPolicy Bypass -File scripts\Verify-UpdaterMetadata.ps1
- name: Verify release tag matches app version
shell: powershell
run: |
[xml]$project = Get-Content src\SwitchifyPc.App\SwitchifyPc.App.csproj
$version = $project.Project.PropertyGroup.Version | Select-Object -First 1
if (-not $version) {
throw 'Could not read C# app project version.'
}
$expectedTag = "v$version"
if ($env:RELEASE_TAG -ne $expectedTag) {
throw "Release tag $env:RELEASE_TAG does not match app version $expectedTag."
}
- name: Publish GitHub release
shell: powershell
env:
GH_TOKEN: ${{ github.token }}
run: |
$assets = @(Get-ChildItem -Path dist -File | Select-Object -ExpandProperty FullName)
if ($assets.Count -eq 0) {
throw 'No release assets found in dist.'
}
$releaseExists = $true
$ErrorActionPreference = 'Continue'
gh release view $env:RELEASE_TAG 1>$null 2>$null
$releaseViewExitCode = $LASTEXITCODE
$ErrorActionPreference = 'Stop'
if ($releaseViewExitCode -ne 0) {
$releaseExists = $false
}
$global:LASTEXITCODE = 0
if ($releaseExists) {
gh release upload $env:RELEASE_TAG @assets --clobber
} else {
gh release create $env:RELEASE_TAG @assets --title $env:RELEASE_TAG --generate-notes
}
- name: Upload workflow artifacts
uses: actions/upload-artifact@v7
with:
name: switchify-pc-windows-${{ env.RELEASE_TAG }}
path: |
dist/*
!dist/win-unpacked/**
if-no-files-found: error