Merge pull request #905 from dotnet/dev/andre/libtemplateUpdate #34
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 🎁 Release | ||
| on: | ||
| release: | ||
| types: [published] | ||
| workflow_dispatch: | ||
| inputs: | ||
| ship_run_id: | ||
| description: ID of the GitHub workflow run to ship | ||
| required: true | ||
| run-name: ${{ github.ref_name }} | ||
| jobs: | ||
| release: | ||
| runs-on: windows-latest | ||
| environment: Signing | ||
| permissions: | ||
| id-token: write # Required for Azure CLI Login | ||
| permissions: | ||
| actions: read | ||
| contents: write | ||
| steps: | ||
| - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 | ||
| with: | ||
| fetch-depth: 1 | ||
| - name: ⚙️ Initialization | ||
| shell: pwsh | ||
| run: | | ||
| if ('${{ secrets.NUGET_API_KEY }}') { | ||
| Write-Host "NUGET_API_KEY secret detected. NuGet packages will be pushed." | ||
| echo "NUGET_API_KEY_DEFINED=true" >> $env:GITHUB_ENV | ||
| } | ||
| if ('${{ secrets.NPM_API_KEY }}') { | ||
| Write-Host "NPM_API_KEY secret detected. NPM packages will be pushed." | ||
| echo "NPM_API_KEY_DEFINED=true" >> $env:GITHUB_ENV | ||
| } | ||
| - name: 🔎 Search for build of ${{ github.ref }} | ||
| shell: pwsh | ||
| id: findrunid | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| run: | | ||
| if ('${{ inputs.ship_run_id }}') { | ||
| $runid = '${{ inputs.ship_run_id }}' | ||
| } else { | ||
| $restApiRoot = '/repos/${{ github.repository }}' | ||
| # Resolve the tag reference to a commit sha | ||
| $resolvedRef = gh api ` | ||
| -H "Accept: application/vnd.github+json" ` | ||
| -H "X-GitHub-Api-Version: 2022-11-28" ` | ||
| $restApiRoot/git/ref/tags/${{ github.ref_name }} ` | ||
| | ConvertFrom-Json | ||
| $commitSha = $resolvedRef.object.sha | ||
| Write-Host "Resolved ${{ github.ref_name }} to $commitSha" | ||
| $releases = gh run list -R ${{ github.repository }} -c $commitSha -w .github/workflows/build.yml -s success --json databaseId,startedAt ` | ||
| | ConvertFrom-Json | Sort-Object startedAt -Descending | ||
| if ($releases.length -eq 0) { | ||
| Write-Error "No successful builds found for ${{ github.ref }}." | ||
| } elseif ($releases.length -gt 1) { | ||
| Write-Warning "More than one successful run found for ${{ github.ref }}. Artifacts from the most recent successful run will ship." | ||
| } | ||
| $runid = $releases[0].databaseId | ||
| } | ||
| Write-Host "Using artifacts from run-id: $runid" | ||
| Echo "runid=$runid" >> $env:GITHUB_OUTPUT | ||
| - name: 🔻 Download deployables artifacts | ||
| uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5 | ||
| with: | ||
| name: deployables-Linux | ||
| path: ${{ runner.temp }}/deployables | ||
| run-id: ${{ steps.findrunid.outputs.runid }} | ||
| github-token: ${{ github.token }} | ||
| # Login to Azure using a ServicePrincipal configured to authenticate agaist a GitHub Action | ||
| - name: 🪪 Authorize signing | ||
| uses: azure/[email protected] | ||
| with: | ||
| client-id: ${{ vars.AZURE_CLIENT_ID }} | ||
| tenant-id: ${{ vars.AZURE_TENANT_ID }} | ||
| subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} | ||
| - name: 🔏 Code sign | ||
| run: > | ||
| rm global.json # avoid a need to install a particular SDK version | ||
| dotnet tool install --tool-path obj --prerelease sign | ||
| obj/sign code azure-key-vault | ||
| '**/*' | ||
| --base-directory '${{ runner.temp }}/deployables' | ||
| --file-list '${{ github.workspace }}/.github/signfiles.txt' | ||
| --azure-key-vault-url "${{ vars.KEY_VAULT_URL }}" | ||
| --azure-key-vault-certificate "${{ vars.KEY_VAULT_CERTIFICATE }}" | ||
| --azure-credential-type azure-cli | ||
| shell: pwsh | ||
| - name: 💽 Upload artifacts to release | ||
| shell: pwsh | ||
| if: ${{ github.event_name == 'release' && github.event.release.assets_url != '' }} | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| run: | | ||
| Get-ChildItem '${{ runner.temp }}/deployables' -File -Recurse |% { | ||
| Write-Host "Uploading $($_.Name) to release..." | ||
| gh release -R ${{ github.repository }} upload "${{ github.ref_name }}" $_.FullName | ||
| } | ||
| - name: 🚀 Push NPM packages | ||
| shell: pwsh | ||
| run: | | ||
| $tgz = (Get-ChildItem ./deployables/npm/*.tgz)[0].FullName | ||
| npm init -y | ||
| npm install $tgz | ||
| Push-Location node_modules/nerdbank-streams | ||
| npm set //registry.npmjs.org/:_authToken=${{ secrets.NPM_API_KEY }} | ||
| npm publish | ||
| working-directory: ${{ runner.temp }} | ||
| if: ${{ env.NPM_API_KEY_DEFINED == 'true' }} | ||
| - name: 🚀 Push NuGet packages | ||
| run: dotnet nuget push ${{ runner.temp }}\deployables\NuGet\*.nupkg --source https://api.nuget.org/v3/index.json -k '${{ secrets.NUGET_API_KEY }}' | ||
| if: ${{ env.NUGET_API_KEY_DEFINED == 'true' }} | ||
