-
Notifications
You must be signed in to change notification settings - Fork 50
128 lines (124 loc) · 5.9 KB
/
build-windows.yml
File metadata and controls
128 lines (124 loc) · 5.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
on:
workflow_call:
defaults:
run:
shell: pwsh
jobs:
build:
if: ${{ github.actor != 'dependabot[bot]' }}
runs-on: windows-2022
steps:
- name: Check for secrets
env:
SECRETS_AVAILABLE: ${{ secrets.SECRETS_AVAILABLE }}
run: exit $(If ($env:SECRETS_AVAILABLE -eq 'true') { 0 } Else { 1 })
- name: Checkout
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- name: Setup .NET SDK
uses: actions/setup-dotnet@v4.3.0
with:
dotnet-version: 8.0.x
- name: Download RavenDB Server
run: ./tools/download-ravendb-server.ps1
- name: Build
run: dotnet build src --configuration Release -graph --property:WindowsSelfContained=true
- name: Validate build version
if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }}
uses: ./.github/actions/validate-version
with:
version: ${{ env.MinVerVersion }}
- name: Build ServiceControl Management
run: dotnet publish src\ServiceControl.Config\ServiceControl.Config.csproj --no-build --output assets --property:WindowsSelfContained=true
- name: Create PowerShell module catalog
run: New-FileCatalog -Path deploy\PowerShellModules\Particular.ServiceControl.Management -CatalogFilePath deploy\PowerShellModules\Particular.ServiceControl.Management\Particular.ServiceControl.Management.cat -CatalogVersion 2.0
- name: Install AzureSignTool
run: dotnet tool install --global azuresigntool
- name: Sign ServiceControl Management EXE
run: |
AzureSignTool sign `
--file-digest sha256 `
--timestamp-rfc3161 http://timestamp.digicert.com `
--azure-key-vault-url https://particularcodesigning.vault.azure.net `
--azure-key-vault-client-id ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }} `
--azure-key-vault-tenant-id ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }} `
--azure-key-vault-client-secret ${{ secrets.AZURE_KEY_VAULT_CLIENT_SECRET }} `
--azure-key-vault-certificate ${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_NAME }} `
assets\Particular.ServiceControl.exe
- name: Rename ServiceControl Management EXE
run: Rename-Item -Path assets\Particular.ServiceControl.exe -NewName "Particular.ServiceControl-${{ env.MinVerVersion }}.exe"
- name: Sign PowerShell module
run: |
AzureSignTool sign `
--file-digest sha256 `
--timestamp-rfc3161 http://timestamp.digicert.com `
--azure-key-vault-url https://particularcodesigning.vault.azure.net `
--azure-key-vault-client-id ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }} `
--azure-key-vault-tenant-id ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }} `
--azure-key-vault-client-secret ${{ secrets.AZURE_KEY_VAULT_CLIENT_SECRET }} `
--azure-key-vault-certificate ${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_NAME }} `
deploy\PowerShellModules\Particular.ServiceControl.Management\Particular.ServiceControl.Management.cat
- name: Zip PowerShell module
run: |
New-Item assets\PowerShellModules -ItemType Directory
Compress-Archive -Path deploy\PowerShellModules\Particular.ServiceControl.Management\* -DestinationPath assets\PowerShellModules\Particular.ServiceControl.Management.zip
- name: Publish assets
uses: actions/upload-artifact@v4.6.0
with:
name: assets
path: assets/*
retention-days: 1
- name: Publish zips
uses: actions/upload-artifact@v4.6.0
with:
name: zips
path: zip/*
retention-days: 1
- name: Build PlatformSample package
run: |
Remove-Item deploy\Particular.ServiceControl* -recurse
dotnet clean src --configuration Release --property:WindowsSelfContained=true
dotnet build src\Particular.PlatformSample.ServiceControl\Particular.PlatformSample.ServiceControl.csproj --configuration Release -graph
- name: Sign NuGet packages
uses: Particular/sign-nuget-packages-action@v1.0.0
with:
client-id: ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }}
client-secret: ${{ secrets.AZURE_KEY_VAULT_CLIENT_SECRET }}
certificate-name: ${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_NAME }}
- name: Publish NuGet packages
uses: actions/upload-artifact@v4.6.0
with:
name: nugets
path: nugets/*
retention-days: 1
- name : Verify release artifact counts
run: |
$assetsCount = (Get-ChildItem -Recurse -File assets).Count
$nugetsCount = (Get-ChildItem -Recurse -File nugets).Count
$zipCount = (Get-ChildItem -Recurse -File zip).Count
$expectedAssetsCount = 2 # SCMU & PowerShell module
$expectedNugetsCount = 1 # PlatformSample
$expectedZipCount = 5 # ServiceControl, Audit, & Monitoring + Transports & RavenDBServer
if ($assetsCount -ne $expectedAssetsCount)
{
Write-Host Assets: Expected $expectedAssetsCount but found $assetsCount
exit -1
}
if ($nugetsCount -ne $expectedNugetsCount)
{
Write-Host Nugets: Expected $expectedNugetsCount but found $nugetsCount
exit -1
}
if ($expectedZipCount -ne $zipCount)
{
Write-Host Zips: Expected $expectedZipCount but found $zipCount
exit -1
}
- name: Deploy
if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }}
# Does not follow standard practice of targeting explicit versions because configuration is tightly coupled to Octopus Deploy configuration
uses: Particular/push-octopus-package-action@main
with:
octopus-deploy-api-key: ${{ secrets.OCTOPUS_DEPLOY_API_KEY }}