Skip to content

Add weekly merge workflow and update CI triggers #690

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Jul 21, 2025
Merged

Add weekly merge workflow and update CI triggers #690

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
a9d8245
Add weekly merge workflow and update CI triggers
Arlodotexe Jul 15, 2025
71d6aa5
Rename workflow from 'WeeklyMerge' to 'weekly-merge'
Arlodotexe Jul 15, 2025
f267328
Update CI to include 'rel/' branches for builds and package publishing
Arlodotexe Jul 17, 2025
2780c5c
Copied public feed signing and push steps from mainline wct workflow
Arlodotexe Jul 17, 2025
f816f92
Update .github/workflows/build.yml
Arlodotexe Jul 21, 2025
58ac747
Only run sign step on rel/* branch
Arlodotexe Jul 21, 2025
c814f73
Use gated push for `rel/*` instead of `main` push logic
Arlodotexe Jul 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
109 changes: 106 additions & 3 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,20 @@ name: CI
on:
# Triggers the workflow on push or pull request events but only for the main branch
push:
branches: [ main ]
branches: [ main, 'rel/weekly' ]
pull_request:
branches: [ main ]

# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
merge_group:

# Allow this workflow to be triggered by scheduled release workflows
workflow_run:
workflows: [ weekly-merge ]
types:
- completed

env:
DOTNET_VERSION: ${{ '9.0.x' }}
ENABLE_DIAGNOSTICS: true
Expand Down Expand Up @@ -72,7 +78,7 @@ jobs:

env:
MULTI_TARGET_DIRECTORY: tooling/MultiTarget
VERSION_PROPERTY: ${{ github.ref == 'refs/heads/main' && format('build.{0}', github.run_number) || format('pull-{0}.{1}', github.event.number, github.run_number) }}
VERSION_PROPERTY: ${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/rel/')) && format('build.{0}', github.run_number) || format('pull-{0}.{1}', github.event.number, github.run_number) }}

# Steps represent a sequence of tasks that will be executed as part of the job
steps:
Expand Down Expand Up @@ -228,7 +234,7 @@ jobs:
winui: [0, 2, 3]

env:
VERSION_PROPERTY: ${{ github.ref == 'refs/heads/main' && format('build.{0}', github.run_number) || format('pull-{0}.{1}', github.event.number, github.run_number) }}
VERSION_PROPERTY: ${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/rel/')) && format('build.{0}', github.run_number) || format('pull-{0}.{1}', github.event.number, github.run_number) }}

steps:
- name: Install .NET SDK v${{ env.DOTNET_VERSION }}
Expand Down Expand Up @@ -320,6 +326,103 @@ jobs:
name: build-logs-winui${{ matrix.winui }}
path: ./*.*log

sign:
needs: [package]
if: ${{ startsWith(github.ref, 'refs/heads/rel/') }}
runs-on: windows-latest
permissions:
id-token: write # Required for requesting the JWT

strategy:
fail-fast: false # prevent one matrix pipeline from being cancelled if one fails, we want them both to run to completion.
matrix:
winui: [2, 3]

steps:
- name: Install .NET SDK v${{ env.DOTNET_VERSION }}
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}

- name: Download Package List
uses: actions/download-artifact@v4
with:
name: nuget-list-${{ matrix.winui }}
path: ./

- name: Download built packages for WinUI ${{ matrix.winui }}
uses: actions/download-artifact@v4
with:
name: nuget-packages-winui${{ matrix.winui }}
path: ./packages

- name: Install Signing Tool
run: dotnet tool install --tool-path ./tools sign --version 0.9.1-beta.23356.1

- name: Sign Packages
run: >
./tools/sign code azure-key-vault
**/*.nupkg
--base-directory "${{ github.workspace }}/packages"
--file-list "${{ github.workspace }}/SignClientFileList.txt"
--timestamp-url "http://timestamp.digicert.com"
--publisher-name ".NET Foundation"
--description "Windows Community Toolkit Labs"
--description-url "https://github.com/CommunityToolkit/Labs-Windows"
--azure-key-vault-url "${{ secrets.SIGN_KEY_VAULT_URL }}"
--azure-key-vault-client-id ${{ secrets.SIGN_CLIENT_ID }}
--azure-key-vault-client-secret "${{ secrets.SIGN_CLIENT_SECRET }}"
--azure-key-vault-tenant-id ${{ secrets.SIGN_TENANT_ID }}
--azure-key-vault-certificate "${{ secrets.SIGN_CERTIFICATE }}"
--verbosity Information

- name: Push Signed Packages
run: |
dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-MainLatest/nuget/v3/index.json `
--name MainLatest `
--username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }}
dotnet nuget push "**/*.nupkg" --api-key dummy --source MainLatest --skip-duplicate

- name: Upload Signed Packages as Artifacts (for release)
uses: actions/upload-artifact@v4
if: ${{ env.IS_RELEASE == 'true' }}
with:
name: signed-nuget-packages-${{ matrix.winui }}
if-no-files-found: error
path: |
${{ github.workspace }}/packages/**/*.nupkg

release:
if: ${{ startsWith(github.ref, 'refs/heads/rel/') }}
needs: [sign]
environment: nuget-release-gate # This gates this job until manually approved
runs-on: ubuntu-latest

strategy:
fail-fast: false # prevent one matrix pipeline from being cancelled if one fails, we want them both to run to completion.
matrix:
winui: [2, 3]

steps:
- name: Install .NET SDK v${{ env.DOTNET_VERSION }}
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}

- name: Download signed packages for WinUI ${{ matrix.winui }}
uses: actions/download-artifact@v4
with:
name: signed-nuget-packages-${{ matrix.winui }}
path: ./packages

- name: Push to NuGet.org
run: >
dotnet nuget push
**/*.nupkg
--source https://api.nuget.org/v3/index.json
--api-key ${{ secrets.NUGET_PACKAGE_PUSH_TOKEN }}
--skip-duplicate

wasm-linux:
runs-on: ubuntu-latest
env:
Expand Down
36 changes: 36 additions & 0 deletions .github/workflows/weekly-merge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: weekly-merge

on:
schedule:
# Runs every Wednesday at 08:00 UTC (midnight PST / 1:00 AM PDT)
- cron: '0 8 * * 3'

# Allows manual triggering for convenience
workflow_dispatch:

jobs:
weekly-release:
runs-on: ubuntu-latest
permissions:
contents: write

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
# Use a token with write permissions to push to the branch
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 0 # Fetch all history for merging

- name: Configure Git
run: |
git config user.name 'github-actions[bot]'
git config user.email 'github-actions[bot]@users.noreply.github.com'

- name: Merge main into rel/weekly
run: |
git fetch origin
git checkout rel/weekly
git reset --hard origin/rel/weekly
git merge --no-ff origin/main -m "Weekly merge of main into rel/weekly"
git push origin rel/weekly
Loading