Skip to content

(#305) Updates to workflows and signed package list #196

(#305) Updates to workflows and signed package list

(#305) Updates to workflows and signed package list #196

Workflow file for this run

name: Build and Test Library
on:
push:
branches: [ main ]
paths: [ 'src/**', 'tests/**', 'Datasync Solution.sln', '.github/workflows/build-library.yml', '.github/workflows/SignedPackageFileList.txt' ]
pull_request:
branches: [ main ]
paths: [ 'src/**', 'tests/**', 'Datasync Solution.sln', '.github/workflows/build-library.yml', '.github/workflows/SignedPackageFileList.txt' ]
release:
types: [ published ]
workflow_dispatch:
env:
DOTNET_VERSION: '9.0.x'
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1
DOTNET_NOLOGO: true
DOTNET_CONFIGURATION: 'Release'
NuGetDirectory: ${{ github.workspace }}/nuget
SolutionFile: 'Datasync Solution.sln'
BASE_VERSION: '9.0.0'
permissions:
pull-requests: write
contents: read
checks: write
jobs:
build:
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: read
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Get build version
run: |
Import-Module .\tools\GetBuildVersion.psm1
Write-Host "GitHub Reference = $($env:GITHUB_REF)"
$version = GetBuildVersion -BaseVersion $env:BASE_VERSION -VersionString $env:GITHUB_REF -BuildNumber $env:GITHUB_RUN_NUMBER
echo "BUILD_VERSION=$version" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf-8 -Append
Write-Host "BUILD_VERSION=$version"
shell: pwsh
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- name: Restore dependencies
run: dotnet restore
- name: Build library
run: >
dotnet build
--configuration ${{ env.DOTNET_CONFIGURATION }}
-p:PackageVersion=$BUILD_VERSION
-p:Version=$BUILD_VERSION
--no-restore
- name: Run tests
run: >
dotnet test --nologo
--configuration ${{ env.DOTNET_CONFIGURATION }}
-p:PackageVersion=$BUILD_VERSION
-p:Version=$BUILD_VERSION
--no-build
--verbosity minimal
--logger trx --collect:"XPlat Code Coverage"
- name: Pack NuGet libraries
run: >
dotnet pack
--configuration ${{ env.DOTNET_CONFIGURATION }}
-p:PackageVersion=$BUILD_VERSION
-p:Version=$BUILD_VERSION
--no-build
--output ${{ env.NuGetDirectory }}
- name: Upload NuGet packages
uses: actions/upload-artifact@v4
with:
name: nuget-unsigned
if-no-files-found: error
path: ${{ env.NuGetDirectory }}/*.nupkg
retention-days: 7
- name: Upload Package List
uses: actions/upload-artifact@v4
with:
name: nuget-list
if-no-files-found: error
path: |
${{ github.workspace }}/.github/workflows/SignedPackageFileList.txt
- name: Upload test results
if: always()
uses: actions/upload-artifact@v4
with:
name: test-results
if-no-files-found: error
path: ${{ github.workspace }}/**/TestResults/*.trx
retention-days: 7
# - name: Publish test results
# uses: EnricoMi/[email protected]
# if: ${{ always() && github.event_name == 'pull_request' }}
# with:
# files: "${{ github.workspace }}/**/*.trx"
- name: Combine coverage reports
uses: danielpalme/[email protected]
with:
reports: "**/*.cobertura.xml"
targetdir: "${{ github.workspace }}"
reporttypes: "Cobertura"
verbosity: "Info"
title: "Code Coverage"
tag: "${{ github.run_number }}_${{ github.run_id }}"
customSettings: ""
toolpath: "reportgeneratortool"
- name: Upload combined coverage XML
uses: actions/upload-artifact@v4
with:
name: coverage
path: ${{ github.workspace }}/Cobertura.xml
retention-days: 7
- name: Publish code coverage report
uses: irongut/[email protected]
with:
filename: "Cobertura.xml"
badge: true
fail_below_min: false
format: markdown
hide_branch_rate: false
hide_complexity: false
indicators: true
output: both
thresholds: "10 30"
- name: Upload combined coverage markdown
uses: actions/upload-artifact@v4
with:
name: coverage-markdown
path: ${{ github.workspace }}/code-coverage-results.md
retention-days: 7
sign:
needs: [build]
if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
runs-on: windows-latest
permissions:
id-token: write
steps:
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- name: Install signing tool
run: dotnet tool install --tool-path ./tools sign --version 0.9.1-beta.23356.1
- name: Download NuGet package list
uses: actions/download-artifact@v4
with:
name: nuget-list
path: ${{ github.workspace }}
- name: Download unsigned NuGet packages
uses: actions/download-artifact@v4
with:
name: nuget-unsigned
path: ${{ github.workspace }}/packages
- name: Sign NuGet packages
run: >
./tools/sign code azure-key-vault
**/*.nupkg
--base-directory "${{ github.workspace }}/packages"
--file-list "${{ github.workspace }}/SignedPackageFileList.txt"
--timestamp-url "http://timestamp.digicert.com"
--publisher-name ".NET Foundation"
--description "Community Datasync Toolkit"
--description-url "https://github.com/CommunityToolkit/Datasync"
--azure-key-vault-url "${{ secrets.SIGN_KEY_VAULT_URL }}"
--azure-key-vault-client-id ${{ secrets.SIGN_CLIENT_ID }}
--azure-key-vault-client-secret "${{ secrets.SIGN_CLIENT_SECRET }}"
--azure-key-vault-tenant-id ${{ secrets.SIGN_TENANT_ID }}
--azure-key-vault-certificate "${{ secrets.SIGN_CERTIFICATE }}"
--verbosity Information
- name: Upload signed NuGet packages
uses: actions/upload-artifact@v4
with:
name: nuget-signed
if-no-files-found: error
path: ${{ github.workspace }}/packages/**/*.nupkg
- name: Add AzDO NuGet feed
run: >
dotnet nuget add source
https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-MainLatest/nuget/v3/index.json
--name MainLatest
--username dummy
--password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }}
- name: Push signed packages to AzDO
run: >
dotnet nuget push
"${{ github.workspace }}/packages/**/*.nupkg"
--api-key dummy
--source MainLatest
--skip-duplicate
release:
if: ${{ startsWith(github.ref, 'refs/tags/') }}
needs: [ sign ]
environment: nuget-release-gate
runs-on: ubuntu-latest
steps:
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- name: Download unsigned NuGet packages
uses: actions/download-artifact@v4
with:
name: nuget-signed
path: ${{ github.workspace }}/packages
- name: Push signed packages to NuGet.org
run: >
dotnet nuget push
${{ github.workspace }}/packages/**/*.nupkg
--source https://api.nuget.org/v3/index.json
--api-key ${{ secrets.NUGET_PACKAGE_PUSH_TOKEN }}
--skip-duplicate