-
Notifications
You must be signed in to change notification settings - Fork 0
110 lines (94 loc) · 3.38 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
name: release
on:
workflow_dispatch:
inputs:
version:
type: string
description: "Version in format X.Y.Z or X.Y.Z-preview.N"
required: true
default: '0.0.0'
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
tag:
name: Tag and Pack
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
defaults:
run:
shell: pwsh
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-dotnet@v4
with:
dotnet-version: |
8.0.x
9.0.x
- name: Tag
run: |
git config --global user.email "[email protected]"
git config --global user.name "Duende Software GitHub Bot"
git tag -a anc-${{ github.event.inputs.version }} -m "Release v${{ github.event.inputs.version }}"
git push origin anc-${{ github.event.inputs.version }}
- name: Pack
run: dotnet pack -c Release src/AspNetCore.Authentication.JwtBearer/AspNetCore.Authentication.JwtBearer.csproj -o artifacts
- name: Sign
if: (github.ref == 'refs/heads/main')
run: |
echo "Install Sectigo CodeSiging CA certificates"
sudo apt-get update
sudo apt-get install -y ca-certificates
sudo cp build/SectigoPublicCodeSigningRootCrossAAA.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
echo "Restore tools"
dotnet tool restore
echo "Sign"
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" \
--file-digest sha256 \
--timestamp-rfc3161 http://timestamp.digicert.com \
--azure-key-vault-url https://duendecodesigning.vault.azure.net/ \
--azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 \
--azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 \
--azure-key-vault-client-secret ${{ secrets.SignClientSecret }} \
--azure-key-vault-certificate CodeSigning
done
- name: Push packages to MyGet
run: dotnet nuget push artifacts\*.nupkg -s https://www.myget.org/F/duende_identityserver/api/v2/package -k ${{ secrets.MYGET }} --skip-duplicate
- name: Push NuGet package to GitHub Packages
run: dotnet nuget push artifacts\*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload artifacts
uses: actions/upload-artifact@v4
if: (github.ref == 'refs/heads/main')
with:
path: artifacts/*.nupkg
compression-level: 0
overwrite: true
retention-days: 15
publish:
name: Publish to NuGet
runs-on: ubuntu-latest
environment: nuget.org
needs: tag
steps:
- uses: actions/download-artifact@v4
with:
name: ignore-this-artifacts
path: artifacts
- uses: actions/setup-dotnet@v4
with:
dotnet-version: |
8.0.x
- name: List files
shell: bash
run: tree
- name: Push to nuget.org
run: dotnet nuget push artifacts/*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_ORG_API_KEY }} --skip-duplicate