66 push :
77 branches :
88 - main
9+ release :
10+ types : [ published ]
11+ workflow_dispatch : {}
912
1013concurrency :
1114 group : ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
1215 cancel-in-progress : true
1316
1417env :
18+ AZURE_ARTIFACTS_FEED_URL : https://pkgs.dev.azure.com/dotnet/Steeltoe/_packaging/dev/nuget/v3/index.json
19+ DOTNET_CLI_TELEMETRY_OPTOUT : 1
1520 DOTNET_NOLOGO : true
16- DOTNET_CLI_TELEMETRY_OPTOUT : true
1721
1822jobs :
1923 build-and-test :
20- timeout-minutes : 60
24+ timeout-minutes : 20
2125 strategy :
2226 fail-fast : false
2327 matrix :
2428 os : [ubuntu-latest, windows-latest, macos-latest]
2529 runs-on : ${{ matrix.os }}
30+
2631 steps :
2732 - name : Setup .NET
2833 uses : actions/setup-dotnet@v4
@@ -31,29 +36,144 @@ jobs:
3136 6.0.*
3237 8.0.*
3338 9.0.*
39+
3440name : Git checkout
3541 uses : actions/checkout@v4
3642 with :
3743 fetch-depth : 0
44+
3845 - name : Restore tools
39- run : |
40- dotnet tool restore
46+ run : dotnet tool restore
47+
4148 - name : Restore packages
42- run : |
43- dotnet restore
49+ run : dotnet restore
50+
4451 - name : Build
45- run : |
46- dotnet build --no-restore --configuration Release
52+ run : dotnet build --no-restore --configuration Release
53+
4754 - name : Test
48- run : |
49- dotnet test --no-build --configuration Release --collect:"XPlat Code Coverage" --logger "GitHubActions;summary.includeSkippedTests=true"
55+ run : dotnet test --no-build --configuration Release --collect:"XPlat Code Coverage" --logger "GitHubActions;summary.includeSkippedTests=true"
56+
5057 - name : Generate packages
5158 shell : pwsh
52- run : |
53- dotnet pack src --no-build --configuration Release --output $env:GITHUB_WORKSPACE/artifacts/packages
59+ run : dotnet pack src --no-build --configuration Release --output ${{ github.workspace }}/packages
60+
5461 - name : Upload packages to artifacts
5562 if : matrix.os == 'ubuntu-latest'
5663 uses : actions/upload-artifact@v4
5764 with :
58- name : packages
59- path : artifacts/packages
65+ if-no-files-found : error
66+ name : unsigned-packages
67+ path : ${{ github.workspace }}/packages/**/*.nupkg
68+
69+ sign :
70+ needs : build-and-test
71+ runs-on : windows-latest
72+ if : github.event_name != 'pull_request'
73+ environment : signing
74+ permissions :
75+ id-token : write
76+
77+ steps :
78+ - name : Download packages
79+ uses : actions/download-artifact@v4
80+ with :
81+ name : unsigned-packages
82+ path : packages
83+
84+ - name : Setup .NET
85+ uses : actions/setup-dotnet@v4
86+ with :
87+ dotnet-version : 8.0.*
88+
89+ - name : Install code signing tool
90+ run : dotnet tool install --global sign --prerelease
91+
92+ - name : Az CLI login
93+ uses : azure/login@v2
94+ with :
95+ client-id : ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }}
96+ tenant-id : ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }}
97+ subscription-id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
98+
99+ - name : Sign packages
100+ shell : pwsh
101+ run : >-
102+ sign code azure-key-vault "**/*.nupkg"
103+ --base-directory "${{ github.workspace }}"
104+ --azure-key-vault-managed-identity true
105+ --azure-credential-type "azure-cli"
106+ --azure-key-vault-url "${{ secrets.AZURE_KEY_VAULT_URL }}"
107+ --azure-key-vault-certificate "${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_ID }}"
108+ --description "Steeltoe"
109+
110+ name : Upload signed packages
111+ uses : actions/upload-artifact@v4
112+ with :
113+ name : signed-packages
114+ path : ${{ github.workspace }}/packages/**/*.nupkg
115+
116+ az-artifacts-deploy :
117+ name : Deploy packages to Dev Feed
118+ needs : [build-and-test, sign]
119+ if : github.event_name != 'pull_request'
120+ environment : azdo
121+ runs-on : ubuntu-latest
122+ permissions :
123+ id-token : write
124+
125+ steps :
126+ - name : Setup .NET
127+ uses : actions/setup-dotnet@v4
128+ with :
129+ dotnet-version : ' 8.0.x'
130+
131+ - name : Download signed packages
132+ uses : actions/download-artifact@v4
133+ with :
134+ name : signed-packages
135+ path : packages
136+
137+ - name : Azure CLI Login
138+ uses : azure/login@v2
139+ with :
140+ client-id : ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }}
141+ tenant-id : ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }}
142+ subscription-id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
143+
144+ - name : Install credential provider for Azure Artifacts
145+ run : sh -c "$(curl -fsSL https://aka.ms/install-artifacts-credprovider.sh)"
146+
147+ - name : Extract access token
148+ run : |
149+ accessToken=$(az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv)
150+ echo "::add-mask::$accessToken"
151+ echo "ACCESS_TOKEN=$accessToken" >> $GITHUB_ENV
152+
153+ name : Configure authentication provider to use Azure DevOps token
154+ run : echo "VSS_NUGET_ACCESSTOKEN=$ACCESS_TOKEN" >> $GITHUB_ENV
155+
156+ - name : Push packages to Azure Artifacts
157+ run : dotnet nuget push packages/*.nupkg --api-key azdo-placeholder --source ${{ env.AZURE_ARTIFACTS_FEED_URL }}
158+
159+ nuget-org-deploy :
160+ name : Deploy to nuget.org
161+ needs : [build-and-test, sign]
162+ if : github.event_name == 'release'
163+ environment : nuget.org
164+ runs-on : ubuntu-latest
165+
166+ steps :
167+ - name : Setup .NET
168+ uses : actions/setup-dotnet@v4
169+ with :
170+ dotnet-version : ' 8.0.x'
171+
172+ - name : Download signed packages
173+ uses : actions/download-artifact@v4
174+ with :
175+ name : signed-packages
176+ path : packages
177+
178+ - name : Push packages to nuget.org
179+ run : dotnet nuget push packages/*.nupkg --api-key ${{ secrets.STEELTOE_NUGET_API_KEY }} --source https://api.nuget.org/v3/index.json
0 commit comments