NetOffice/.github/workflows/release.yml at c21c2f52ac37e0f2939fa11746fbfd90fdb42cc7 · NetOfficeFw/NetOffice · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: release

on:
  push:
    branches:
      - 'dev/build_workflow_**'
    tags:
      - 'v*.*.*'

permissions:
  id-token: write
  contents: read

jobs:
  release:
    environment: production

    runs-on: windows-2022

    strategy:
      matrix:
        configuration: [Debug, Release]

    env:
      DOTNET_NOLOGO: 1
      DOTNET_CLI_TELEMETRY_OPTOUT: 1
      DOTNET_GENERATE_ASPNET_CERTIFICATE: 0
      ContinuousIntegrationBuild: true
      RestoreLockedMode: true
      RepositoryBranch: '${{ github.ref_name }}'
      RepositoryCommit: '${{ github.sha }}'
      Configuration: '${{ matrix.configuration }}'

    steps:
    - name: Checkout
      uses: actions/checkout@v5

    - name: Setup dotnet
      uses: actions/setup-dotnet@v5
      with:
        dotnet-version: 8

    - name: Setup MSBuild
      uses: microsoft/setup-msbuild@v2

    - name: Cache dotnet tools
      uses: actions/cache@v4
      id: cache-dotnettools
      with:
        path: ~/.dotnet/tools
        key: dotnettools

    - name: Setup dotnet sign tool
      if: steps.cache-dotnettools.outputs.cache-hit != 'true'
      run: dotnet tool install --verbosity minimal --global sign --version 0.9.1-beta.25379.1

    - name: Setup Knapcode.CertificateExtractor tool
      if: steps.cache-dotnettools.outputs.cache-hit != 'true'
      run: dotnet tool install --verbosity minimal --global Knapcode.CertificateExtractor --version 0.1.1

    - name: Cache packages
      uses: actions/cache@v4
      with:
        path: ~/.nuget/packages
        key: NetOffice-nuget-${{ hashFiles('**/packages.lock.json') }}
        restore-keys: |
          NetOffice-nuget-

    - name: Build information
      id: build
      run: .\.github\Get-BuildInfo.ps1 -ref '${{ github.ref }}' -event_name '${{ github.event_name }}' -configuration '${{ matrix.configuration }}'

    - name: Build NetOffice
      run: |
        dotnet build Source\NetOffice.sln
      env:
        VersionSuffix: ${{ steps.build.outputs.app_version_suffix }}

    - name: Sign Files Catalog
      run: |
        $content = Get-Content obj/signlist.txt
        $content = $content.Replace('${{ github.workspace }}', '..')
        $content | Set-Content obj/signlist.txt

    - name: azure login
      uses: azure/login@v2
      with:
        client-id: ${{ secrets.TRUSTED_SIGNING_CLIENT_ID }}
        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
        tenant-id: ${{ secrets.AZURE_TENANT_ID }}

    - name: Sign NetOffice libraries
      if: success() && steps.build.outputs.sign_binaries == 'true'
      run: |
        sign code trusted-signing `
        --file-list "${{ github.workspace }}\obj\signlist.txt" `
        --publisher-name "NetOffice" `
        --description "NetOffice" `
        --description-url "https://github.com/NetOfficeFw/NetOffice" `
        --trusted-signing-endpoint "${{ secrets.TRUSTED_SIGNING_ENDPOINT }}" `
        --trusted-signing-account "${{ secrets.TRUSTED_SIGNING_ACCOUNT_NAME }}" `
        --trusted-signing-certificate-profile "${{ secrets.TRUSTED_SIGNING_CERTIFICATE_PROFILE }}" `
        --file-digest SHA256 `
        --timestamp-url http://timestamp.acs.microsoft.com `
        --timestamp-digest SHA256

    - name: Archive NetOffice binaries
      uses: actions/upload-artifact@v5
      with:
        name: NetOffice_binaries_v${{ steps.build.outputs.app_version_full }}_${{ matrix.configuration }}
        path: '${{ github.workspace }}\Source\ClientApplication\bin\${{ matrix.configuration }}'

    - name: Pack NetOffice
      run: |
        dotnet pack --no-build --no-restore Source\NetOffice.sln -c ${{ matrix.configuration }} -o dist
      env:
        VersionSuffix: ${{ steps.build.outputs.app_version_suffix }}

    - name: Sign NetOffice packages
      if: success() && steps.build.outputs.sign_binaries == 'true'
      working-directory: '${{ github.workspace}}\dist'
      run: |
        sign code trusted-signing *.nupkg `
        --publisher-name "NetOffice" `
        --description "NetOffice" `
        --description-url "https://github.com/NetOfficeFw/NetOffice" `
        --trusted-signing-endpoint "${{ secrets.TRUSTED_SIGNING_ENDPOINT }}" `
        --trusted-signing-account "${{ secrets.TRUSTED_SIGNING_ACCOUNT_NAME }}" `
        --trusted-signing-certificate-profile "${{ secrets.TRUSTED_SIGNING_CERTIFICATE_PROFILE }}" `
        --file-digest SHA256 `
        --timestamp-url http://timestamp.acs.microsoft.com `
        --timestamp-digest SHA256

    - name: Publish packages
      if: success() && steps.build.outputs.publish_nuget == 'true'
      working-directory: '${{ github.workspace}}\dist'
      run: |
        dotnet nuget push *.nupkg --api-key $env:NUGET_TOKEN --source https://api.nuget.org/v3/index.json
      env:
        NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}

    - name: Archive NetOffice packages
      if: success() && matrix.configuration == 'Release'
      uses: actions/upload-artifact@v5
      with:
        name: NetOffice_packages_v${{ steps.build.outputs.app_version_full }}
        path: '${{ github.workspace }}\dist'