Skip to content
Package

Add GitHub Actions workflow for NuGet packaging #58

Sign in to view logs

Add GitHub Actions workflow for NuGet packaging

Add GitHub Actions workflow for NuGet packaging #58

Workflow file for this run

.github/workflows/package.yml at 2fa09fb
name: Package
on:
workflow_dispatch: {}
push:
branches:
- main
- '[0-9]+.x'
- 'release/*'
release:
types: [ published ]
pull_request: {}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
env:
AZURE_ARTIFACTS_FEED_URL: https://pkgs.dev.azure.com/dotnet/Steeltoe/_packaging/dev/nuget/v3/index.json
DOTNET_CLI_TELEMETRY_OPTOUT: 1
DOTNET_NOLOGO: true
SOLUTION_FILE: 'src/Steeltoe.All.sln'
jobs:
build:
name: Build
timeout-minutes: 15
runs-on: ubuntu-latest
steps:
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: |
8.0.*
9.0.*
- name: Git checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Restore packages
run: dotnet restore ${{ env.SOLUTION_FILE }} --verbosity minimal
- name: Set package version
run: nbgv cloud
- name: Build solution
run: dotnet build ${{ env.SOLUTION_FILE }} --no-restore --configuration Release --verbosity minimal
- name: Collect packages
run: dotnet pack ${{ env.SOLUTION_FILE }} --no-build --configuration Release --output ${{ github.workspace }}/packages
- name: Upload packages
uses: actions/upload-artifact@v4
with:
if-no-files-found: error
name: unsigned-packages
path: ${{ github.workspace }}/packages/**/*.nupkg
sign:
needs: build
runs-on: windows-latest
if: github.event_name != 'pull_request'
environment: Production
permissions:
id-token: write
steps:
- name: Download packages
uses: actions/download-artifact@v4
with:
name: unsigned-packages
path: packages
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: |
8.0.*
9.0.*
- name: Install code signing tool
run: dotnet tool install --global sign --prerelease
- name: Az CLI login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Sign packages
shell: pwsh
run: >-
sign code azure-key-vault "**/*.nupkg"
--base-directory "${{ github.workspace }}"
--azure-key-vault-managed-identity true
--azure-credential-type "azure-cli"
--azure-key-vault-url "${{ secrets.AZURE_KEY_VAULT_URL }}"
--azure-key-vault-certificate "${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_ID }}"
--description "Steeltoe"
- name: Upload signed packages
uses: actions/upload-artifact@v4
with:
name: signed-packages
path: ${{ github.workspace }}/packages/**/*.nupkg
az-artifacts-deploy:
name: Deploy packages to Dev Feed
needs: [build, sign]
runs-on: ubuntu-latest
if: github.event_name != 'pull_request'
permissions:
id-token: write
steps:
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.0.x'
- name: Download signed packages
uses: actions/download-artifact@v4
with:
name: signed-packages
path: packages
- name: Azure CLI Login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Install credential provider for Azure Artifacts
run: sh -c "$(curl -fsSL https://aka.ms/install-artifacts-credprovider.sh)"
- name: Extract access token
run: |
accessToken=$(az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv)
echo "::add-mask::$accessToken"
echo "ACCESS_TOKEN=$accessToken" >> $GITHUB_ENV
- name: Configure authentication provider to use Azure DevOps token
run: echo "VSS_NUGET_ACCESSTOKEN=$ACCESS_TOKEN" >> $GITHUB_ENV
- name: Push packages to Azure Artifacts
run: dotnet nuget push packages/*.nupkg --api-key azdo-placeholder --source ${{ env.AZURE_ARTIFACTS_FEED_URL }}
nuget-org-deploy:
name: Deploy to nuget.org
needs: [build, sign]
if: github.event_name == 'release'
environment: nuget.org
runs-on: ubuntu-latest
steps:
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.0.x'
- name: Download signed packages
uses: actions/download-artifact@v4
with:
name: signed-packages
path: packages
- name: Push packages to nuget.org
run: dotnet nuget push packages/*.nupkg --api-key ${{ secrets.STEELTOE_NUGET_API_KEY }} --source https://api.nuget.org/v3/index.json