Package #61
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Package | |
| on: | |
| workflow_dispatch: {} | |
| push: | |
| branches: | |
| - main | |
| - '[0-9]+.x' | |
| - 'release/*' | |
| release: | |
| types: [ published ] | |
| pull_request: {} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| env: | |
| AZURE_ARTIFACTS_FEED_URL: https://pkgs.dev.azure.com/dotnet/Steeltoe/_packaging/dev/nuget/v3/index.json | |
| DOTNET_CLI_TELEMETRY_OPTOUT: 1 | |
| DOTNET_NOLOGO: true | |
| SOLUTION_FILE: 'src/Steeltoe.All.sln' | |
| jobs: | |
| build: | |
| name: Build | |
| timeout-minutes: 15 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: | | |
| 8.0.* | |
| 9.0.* | |
| - name: Git checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Restore packages | |
| run: dotnet restore ${{ env.SOLUTION_FILE }} --verbosity minimal | |
| - name: Set package version | |
| run: nbgv cloud | |
| - name: Build solution | |
| run: dotnet build ${{ env.SOLUTION_FILE }} --no-restore --configuration Release --verbosity minimal | |
| - name: Collect packages | |
| run: dotnet pack ${{ env.SOLUTION_FILE }} --no-build --configuration Release --output ${{ github.workspace }}/packages | |
| - name: Upload packages | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| if-no-files-found: error | |
| name: unsigned-packages | |
| path: ${{ github.workspace }}/packages/**/*.nupkg | |
| sign: | |
| needs: build | |
| runs-on: windows-latest | |
| if: github.event_name != 'pull_request' | |
| environment: Production | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Download packages | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: unsigned-packages | |
| path: packages | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: | | |
| 8.0.* | |
| 9.0.* | |
| - name: Install code signing tool | |
| run: dotnet tool install --global sign --prerelease | |
| - name: Az CLI login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Sign packages | |
| shell: pwsh | |
| run: >- | |
| sign code azure-key-vault "**/*.nupkg" | |
| --base-directory "${{ github.workspace }}" | |
| --azure-key-vault-managed-identity true | |
| --azure-credential-type "azure-cli" | |
| --azure-key-vault-url "${{ secrets.AZURE_KEY_VAULT_URL }}" | |
| --azure-key-vault-certificate "${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_ID }}" | |
| --description "Steeltoe" | |
| - name: Upload signed packages | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: signed-packages | |
| path: ${{ github.workspace }}/packages/**/*.nupkg | |
| az-artifacts-deploy: | |
| name: Deploy packages to Dev Feed | |
| needs: [build, sign] | |
| runs-on: ubuntu-latest | |
| if: github.event_name != 'pull_request' | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: '8.0.x' | |
| - name: Download signed packages | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: signed-packages | |
| path: packages | |
| - name: Azure CLI Login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Install credential provider for Azure Artifacts | |
| run: sh -c "$(curl -fsSL https://aka.ms/install-artifacts-credprovider.sh)" | |
| - name: Extract access token | |
| run: | | |
| accessToken=$(az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv) | |
| echo "::add-mask::$accessToken" | |
| echo "ACCESS_TOKEN=$accessToken" >> $GITHUB_ENV | |
| - name: Configure authentication provider to use Azure DevOps token | |
| run: echo "VSS_NUGET_ACCESSTOKEN=$ACCESS_TOKEN" >> $GITHUB_ENV | |
| - name: Push packages to Azure Artifacts | |
| run: dotnet nuget push packages/*.nupkg --api-key azdo-placeholder --source ${{ env.AZURE_ARTIFACTS_FEED_URL }} | |
| nuget-org-deploy: | |
| name: Deploy to nuget.org | |
| needs: [build, sign] | |
| if: github.event_name == 'release' | |
| environment: nuget.org | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: '8.0.x' | |
| - name: Download signed packages | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: signed-packages | |
| path: packages | |
| - name: Push packages to nuget.org | |
| run: dotnet nuget push packages/*.nupkg --api-key ${{ secrets.STEELTOE_NUGET_API_KEY }} --source https://api.nuget.org/v3/index.json |