|
| 1 | +name: "release-winget" |
| 2 | +on: |
| 3 | + release: |
| 4 | + types: [released] |
| 5 | + |
| 6 | + workflow_dispatch: |
| 7 | + inputs: |
| 8 | + tag: |
| 9 | + description: 'Tag name to release' |
| 10 | + required: true |
| 11 | + |
| 12 | +permissions: |
| 13 | + id-token: write # required for Azure login via OIDC |
| 14 | + |
| 15 | +env: |
| 16 | + TAG_NAME: ${{ github.event.inputs.tag }} |
| 17 | + |
| 18 | +jobs: |
| 19 | + release: |
| 20 | + runs-on: windows-latest |
| 21 | + environment: release |
| 22 | + steps: |
| 23 | + - name: Log into Azure |
| 24 | + uses: azure/login@v2 |
| 25 | + with: |
| 26 | + client-id: ${{ secrets.AZURE_CLIENT_ID }} |
| 27 | + tenant-id: ${{ secrets.AZURE_TENANT_ID }} |
| 28 | + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |
| 29 | + |
| 30 | + - name: Publish manifest with winget-create |
| 31 | + run: | |
| 32 | + # Enabling stop on error and tracing |
| 33 | + Set-PSDebug -Trace 2 |
| 34 | + $ErrorActionPreference = "Stop" |
| 35 | + $PSNativeCommandErrorActionPreference = "Stop" |
| 36 | +
|
| 37 | + if ($env:TAG_NAME -eq "") { |
| 38 | + # Get latest release |
| 39 | + $github = Get-Content '${{ github.event_path }}' | ConvertFrom-Json |
| 40 | +
|
| 41 | + # Set the tag name environment variable |
| 42 | + $env:TAG_NAME = $github.release.tag_name |
| 43 | +
|
| 44 | + # Get download URLs |
| 45 | + $asset_x64 = $github.release.assets | Where-Object -Property name -match '64-bit.exe$' |
| 46 | + $asset_arm64 = $github.release.assets | Where-Object -Property name -match 'arm64.exe$' |
| 47 | + $asset_x64_url = $asset_x64.browser_download_url |
| 48 | + $asset_arm64_url = $asset_arm64.browser_download_url |
| 49 | + } else { |
| 50 | + # Get release object by its tag |
| 51 | + $env:GH_TOKEN = ${{ toJson(secrets.GITHUB_TOKEN) }} |
| 52 | + $github = (gh release view -R microsoft/git $env:TAG_NAME --json tagName,assets --jq '{tag_name: .tagName, assets: .assets}') | ConvertFrom-Json |
| 53 | +
|
| 54 | + # Get download URLs |
| 55 | + $asset_x64 = $github.assets | Where-Object -Property name -match '64-bit.exe$' |
| 56 | + $asset_arm64 = $github.assets | Where-Object -Property name -match 'arm64.exe$' |
| 57 | + $asset_x64_url = $asset_x64.url |
| 58 | + $asset_arm64_url = $asset_arm64.url |
| 59 | + } |
| 60 | +
|
| 61 | + # Remove 'v' and 'vfs' from the version |
| 62 | + $env:TAG_NAME -match 'v(.*?)vfs\.(.*)' |
| 63 | + $version = $Matches[1] + $Matches[2] |
| 64 | +
|
| 65 | + # Download wingetcreate and create manifests |
| 66 | + Invoke-WebRequest https://aka.ms/wingetcreate/latest -OutFile wingetcreate.exe |
| 67 | + .\wingetcreate.exe update Microsoft.Git ` |
| 68 | + -v $version ` |
| 69 | + -o . ` |
| 70 | + -u "$($asset_x64_url)|x64|machine" ` |
| 71 | + "$($asset_x64_url)|x64|user" ` |
| 72 | + "$($asset_arm64_url)|arm64|machine" ` |
| 73 | + "$($asset_arm64_url)|arm64|user" |
| 74 | +
|
| 75 | + # Download the token from Azure Key Vault and mask it in the logs |
| 76 | + az keyvault secret download --name ${{ secrets.WINGET_TOKEN_SECRET_NAME }} --vault-name ${{ secrets.AZURE_VAULT }} --file token.txt |
| 77 | + Write-Host -NoNewLine "::add-mask::$(Get-Content token.txt)" |
| 78 | +
|
| 79 | + # Submit the manifest to the winget-pkgs repository |
| 80 | + $manifestDirectory = "$PWD\manifests\m\Microsoft\Git\$version" |
| 81 | + .\wingetcreate.exe submit -t "$(Get-Content token.txt)" $manifestDirectory |
| 82 | + shell: powershell |
0 commit comments