-
Notifications
You must be signed in to change notification settings - Fork 170
134 lines (114 loc) · 3.74 KB
/
dotnet-release.yml
File metadata and controls
134 lines (114 loc) · 3.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: .NET release
on:
push:
tags:
- "v*"
env:
DEFAULT_DOTNET_VERSION: "10.0.x"
jobs:
build:
strategy:
matrix:
os: [windows-latest, ubuntu-latest]
fail-fast: false
runs-on: "${{ matrix.os }}"
env:
DOTNET_CONFIGURATION: Release
DAPR_VERSION: "1.15.0"
steps:
- uses: actions/checkout@v6
- name: Setup Runtimes, Caching, and Tools
uses: ./.github/actions/setup-runtimes-caching
with:
name: "Full"
docker-username: ${{ secrets.DOCKER_USERNAME }}
docker-password: ${{ secrets.DOCKER_PASSWORD }}
docker-registry: ${{ secrets.CUSTOM_CONTAINER_REGISTRY }}
- name: Restore dependencies
run: dotnet restore
- name: Build
run: dotnet build --no-restore --configuration ${{ env.DOTNET_CONFIGURATION }}
run-tests:
uses: ./.github/workflows/tests.yaml
secrets: inherit
package:
uses: ./.github/workflows/package.yml
with:
validate_version: true
needs: run-tests
sign:
needs: package
runs-on: windows-latest
permissions:
id-token: write # Required for requesting the JWT
steps:
- name: Install .NET SDK v${{ env.DEFAULT_DOTNET_VERSION }}
uses: actions/setup-dotnet@v5
with:
dotnet-version: ${{ env.DEFAULT_DOTNET_VERSION }}
- name: Download Package List
uses: actions/download-artifact@v8
with:
name: nuget-packages
path: ${{ github.workspace }}/packages
- name: Download NuGet package list
uses: actions/download-artifact@v8
with:
name: nuget-list
path: ${{ github.workspace }}
- name: Install Signing Tool
run: dotnet tool install --tool-path ./tools sign --version 0.9.1-beta.23356.1
- name: Sign Packages
run: >
./tools/sign code azure-key-vault
**/*.nupkg
--base-directory "${{ github.workspace }}/packages"
--file-list "${{ github.workspace }}/SignClientFileList.txt"
--timestamp-url "http://timestamp.digicert.com"
--publisher-name ".NET Foundation"
--description "Aspire Community Toolkit"
--description-url "https://github.com/CommunityToolkit/Aspire"
--azure-key-vault-url "${{ secrets.SIGN_KEY_VAULT_URL }}"
--azure-key-vault-client-id ${{ secrets.SIGN_CLIENT_ID }}
--azure-key-vault-client-secret "${{ secrets.SIGN_CLIENT_SECRET }}"
--azure-key-vault-tenant-id ${{ secrets.SIGN_TENANT_ID }}
--azure-key-vault-certificate "${{ secrets.SIGN_CERTIFICATE }}"
--verbosity Information
- name: Upload Signed Packages as Artifacts (for release)
uses: actions/upload-artifact@v7
with:
name: signed-nuget-packages
if-no-files-found: error
path: |
${{ github.workspace }}/packages/**/*.nupkg
release:
needs: sign
runs-on: ubuntu-latest
environment:
name: release
steps:
- name: Download package
uses: actions/download-artifact@v8
with:
name: signed-nuget-packages
- name: Release
uses: softprops/action-gh-release@v2
with:
files: |
./*.nupkg
publish-nuget:
needs: sign
runs-on: ubuntu-latest
environment:
name: nuget-stable
steps:
- name: Download package
uses: actions/download-artifact@v8
with:
name: signed-nuget-packages
- name: Publish to NuGet
run: dotnet nuget push ./*.nupkg --source "https://api.nuget.org/v3/index.json" --api-key ${{ secrets.NUGET_PACKAGE_PUSH_TOKEN }}
publish-coverage:
needs: run-tests
uses: ./.github/workflows/code-coverage.yml
secrets: inherit