microsoft · freddydk · Sep 24, 2024 · Dec 16, 2023 · Dec 16, 2023 · Dec 18, 2023
@@ -18,7 +18,7 @@ $defaultCICDPushBranches = @( 'main', 'release/*', 'feature/*' )
 [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', 'defaultCICDPullRequestBranches', Justification = 'False positive.')]
 $defaultCICDPullRequestBranches = @( 'main' )
 $runningLocal = $local.IsPresent
-$defaultBcContainerHelperVersion = "preview" # Must be double quotes. Will be replaced by BcContainerHelperVersion if necessary in the deploy step
+$defaultBcContainerHelperVersion = "https://github.com/freddydk/navcontainerhelper/archive/refs/heads/nuget.zip" # Must be double quotes. Will be replaced by BcContainerHelperVersion if necessary in the deploy step
 $microsoftTelemetryConnectionString = "InstrumentationKey=84bd9223-67d4-4378-8590-9e4a46023be2;IngestionEndpoint=https://westeurope-1.in.applicationinsights.azure.com/"
 $notSecretProperties = @("Scopes","TenantId","BlobName","ContainerName","StorageAccountName","ServerUrl")
 

diff --git a/Actions/CheckForUpdates/CheckForUpdates.HelperFunctions.ps1 b/Actions/CheckForUpdates/CheckForUpdates.HelperFunctions.ps1
@@ -28,7 +28,7 @@ function DownloadTemplateRepository {
 
     if ($downloadLatest) {
         # Get Branches from template repository
-        $response = InvokeWebRequest -Headers $headers -Uri "$apiUrl/branches" -retry
+        $response = InvokeWebRequest -Headers $headers -Uri "$apiUrl/branches?per_page=100" -retry
         $branchInfo = ($response.content | ConvertFrom-Json) | Where-Object { $_.Name -eq $branch }
         if (!$branchInfo) {
             throw "$templateUrl doesn't exist"

@@ -206,9 +206,21 @@
             Write-Host "Calling custom script: $customScript"
             . $customScript -parameters $parameters
         }
-        elseif ($deliveryTarget -eq "GitHubPackages") {
-            $githubPackagesCredential = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($secrets.githubPackagesContext)) | ConvertFrom-Json
-            'Apps' | ForEach-Object {
+        elseif ($deliveryTarget -eq 'GitHubPackages' -or $deliveryTarget -eq 'NuGet') {
+            $preReleaseTag = ''
+            try {
+                $nuGetAccount = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($secrets."$($deliveryTarget)Context")) | ConvertFrom-Json | ConvertTo-HashTable
+                if ($deliveryTarget -eq 'NuGet' -and $type -eq 'CD') {
+                    $preReleaseTag = '-preview'
+                }
+                $nuGetServerUrl = $nuGetAccount.ServerUrl
+                $nuGetToken = $nuGetAccount.Token
+                Write-Host "$($deliveryTarget)Context secret OK"
+            }
+            catch {
+                throw "$($deliveryTarget)Context secret is malformed. Needs to be formatted as Json, containing serverUrl and token as a minimum."
+            }
+            'Apps','TestApps' | ForEach-Object {
                 $folder = @(Get-ChildItem -Path (Join-Path $artifactsFolder "$project-$refname-$($_)-*.*.*.*") | Where-Object { $_.PSIsContainer })
                 if ($folder.Count -gt 1) {
                     $folder | Out-Host
@@ -218,92 +230,15 @@
                     Get-Item -Path (Join-Path $folder[0] "*.app") | ForEach-Object {
                         $parameters = @{
                             "gitHubRepository" = "$ENV:GITHUB_SERVER_URL/$ENV:GITHUB_REPOSITORY"
-                            "includeNuGetDependencies" = $true
-                            "dependencyIdTemplate" = "AL-Go-{id}"
-                            "packageId" = "AL-Go-{id}"
+                            "preReleaseTag" = $preReleaseTag
+                            "appFile" = $_.FullName                            
                         }
-                        $parameters.appFiles = $_.FullName
                         $package = New-BcNuGetPackage @parameters
-                        Push-BcNuGetPackage -nuGetServerUrl $gitHubPackagesCredential.serverUrl -nuGetToken $gitHubPackagesCredential.token -bcNuGetPackage $package
+                        Push-BcNuGetPackage -nuGetServerUrl $nuGetServerUrl -nuGetToken $nuGetToken -bcNuGetPackage $package
                     }
                 }
             }
         }
-        elseif ($deliveryTarget -eq "NuGet") {
-            try {
-                $nuGetAccount = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($secrets.nuGetContext)) | ConvertFrom-Json | ConvertTo-HashTable
-                $nuGetServerUrl = $nuGetAccount.ServerUrl
-                $nuGetToken = $nuGetAccount.Token
-                Write-Host "NuGetContext secret OK"
-            }
-            catch {
-                throw "NuGetContext secret is malformed. Needs to be formatted as Json, containing serverUrl and token as a minimum."
-            }
-            $appsfolder = @(Get-ChildItem -Path (Join-Path $artifactsFolder "$project-$refname-Apps-*.*.*.*") | Where-Object { $_.PSIsContainer })
-            if ($appsFolder.Count -eq 0) {
-                throw "Internal error - unable to locate apps folder"
-            }
-            elseif ($appsFolder.Count -gt 1) {
-                $appsFolder | Out-Host
-                throw "Internal error - multiple apps folders located"
-            }
-            $testAppsFolder = @(Get-ChildItem -Path (Join-Path $artifactsFolder "$project-$refname-TestApps-*.*.*.*") | Where-Object { $_.PSIsContainer })
-            if ($testAppsFolder.Count -gt 1) {
-                $testAppsFolder | Out-Host
-                throw "Internal error - multiple testApps folders located"
-            }
-            $dependenciesFolder = @(Get-ChildItem -Path (Join-Path $artifactsFolder "$project-$refname-Dependencies-*.*.*.*") | Where-Object { $_.PSIsContainer })
-            if ($dependenciesFolder.Count -gt 1) {
-                $dependenciesFolder | Out-Host
-                throw "Internal error - multiple dependencies folders located"
-            }
-
-            $parameters = @{
-                "gitHubRepository" = "$ENV:GITHUB_SERVER_URL/$ENV:GITHUB_REPOSITORY"
-            }
-            $parameters.appFiles = @(Get-Item -Path (Join-Path $appsFolder[0] "*.app") | ForEach-Object { $_.FullName })
-            if ($testAppsFolder.Count -gt 0) {
-                $parameters.testAppFiles = @(Get-Item -Path (Join-Path $testAppsFolder[0] "*.app") | ForEach-Object { $_.FullName })
-            }
-            if ($dependenciesFolder.Count -gt 0) {
-                $parameters.dependencyAppFiles = @(Get-Item -Path (Join-Path $dependenciesFolder[0] "*.app") | ForEach-Object { $_.FullName })
-            }
-            if ($nuGetAccount.Keys -contains 'PackageName') {
-                $parameters.packageId = $nuGetAccount.PackageName.replace('{project}',$projectName).replace('{owner}',$ENV:GITHUB_REPOSITORY_OWNER).replace('{repo}',$settings.repoName)
-            }
-            else {
-                if ($thisProject -and ($thisProject -eq '.')) {
-                    $parameters.packageId = "$($ENV:GITHUB_REPOSITORY_OWNER)-$($settings.repoName)"
-                }
-                else {
-                    $parameters.packageId = "$($ENV:GITHUB_REPOSITORY_OWNER)-$($settings.repoName)-$ProjectName"
-                }
-            }
-            if ($type -eq 'CD') {
-                $parameters.packageId += "-preview"
-            }
-            $parameters.packageVersion = [System.Version]$appsFolder[0].Name.SubString($appsFolder[0].Name.IndexOf("-Apps-")+6)
-            if ($nuGetAccount.Keys -contains 'PackageTitle') {
-                $parameters.packageTitle = $nuGetAccount.PackageTitle
-            }
-            else {
-                 $parameters.packageTitle = $parameters.packageId
-            }
-            if ($nuGetAccount.Keys -contains 'PackageDescription') {
-                $parameters.packageDescription = $nuGetAccount.PackageDescription
-            }
-            else {
-                $parameters.packageDescription = $parameters.packageTitle
-            }
-            if ($nuGetAccount.Keys -contains 'PackageAuthors') {
-                $parameters.packageAuthors = $nuGetAccount.PackageAuthors
-            }
-            else {
-                $parameters.packageAuthors = $actor
-            }
-            $package = New-BcNuGetPackage @parameters
-            Push-BcNuGetPackage -nuGetServerUrl $nuGetServerUrl -nuGetToken $nuGetToken -bcNuGetPackage $package
-        }
         elseif ($deliveryTarget -eq "Storage") {
             EnsureAzStorageModule
             try {

@@ -5,6 +5,16 @@
     [bool] $checkContextSecrets
 )
 
+function ContinuousDelivery([string] $deliveryTarget) {
+    $settingsName = "DeliverTo$deliveryTarget"
+    if ($settings.Contains($settingsName) -and $settings."$settingsName".Contains('ContinuousDelivery')) {
+        return $settings."$settingsName".ContinuousDelivery
+    }
+    else {
+        return $true
+    }
+}
+
 function IncludeBranch([string] $deliveryTarget) {
     $settingsName = "DeliverTo$deliveryTarget"
     if ($settings.Contains($settingsName) -and $settings."$settingsName".Contains('Branches')) {
@@ -26,7 +36,7 @@ function IncludeDeliveryTarget([string] $deliveryTarget) {
         Write-Host "- Secret '$contextName' not found"
         return $false
     }
-    return (IncludeBranch -deliveryTarget $deliveryTarget)
+    return (IncludeBranch -deliveryTarget $deliveryTarget) -and (ContinuousDelivery -deliveryTarget $deliveryTarget)
 }
 
 . (Join-Path -Path $PSScriptRoot -ChildPath "..\AL-Go-Helper.ps1" -Resolve)

@@ -9,7 +9,7 @@ The action constructs arrays of paths to .app files, that are dependencies of th
 | Name | Description |
 | :-- | :-- |
 | Settings | env.Settings must be set by a prior call to the ReadSettings Action |
-| Secrets | env.Secrets must be read by a prior call to the ReadSecrets Action with appDependencyProbingPathsSecrets in getSecrets |
+| Secrets | env.Secrets must be read by a prior call to the ReadSecrets Action with appDependencySecrets in getSecrets |
 
 ### Parameters
 | Name | Required | Description | Default value |

@@ -1,7 +1,7 @@
 # Read secrets
 Read secrets from GitHub secrets or Azure Keyvault for AL-Go workflows
 The secrets read and added to the output are the secrets specified in the getSecrets parameter
-Additionally, the secrets specified by the authToken secret in AppDependencyProbingPaths are read if appDependencyProbingPathsSecrets is specified in getSecrets
+Additionally, the secrets specified by the authTokenSecret in AppDependencyProbingPaths and TrustedNuGetFeeds are read if appDependencySecrets is specified in getSecrets
 All secrets included in the Secrets output are Base64 encoded to avoid issues with national characters
 Secrets, which name is preceded by an asterisk (*) are encrypted and Base64 encoded
 
@@ -17,7 +17,7 @@ Secrets, which name is preceded by an asterisk (*) are encrypted and Base64 enco
 | :-- | :-: | :-- | :-- |
 | shell | | The shell (powershell or pwsh) in which the PowerShell script in this action should run | powershell |
 | gitHubSecrets | Yes | GitHub secrets in a json structure | |
-| getSecrets | Yes | Comma-separated list of secrets to get (add appDependencyProbingPathsSecrets to request secrets needed for resolving dependencies in AppDependencyProbingPaths, add TokenForPush in order to request a token to use for pull requests and commits). Secrets preceded by an asterisk are returned encrypted | |
+| getSecrets | Yes | Comma-separated list of secrets to get (add appDependencySecrets to request secrets needed for resolving dependencies in AppDependencyProbingPaths and TrustedNuGetFeeds, add TokenForPush in order to request a token to use for pull requests and commits). Secrets preceded by an asterisk are returned encrypted | |
 | useGhTokenWorkflowForPush | false | Determines whether you want to use the GhTokenWorkflow secret for TokenForPush | false |
 
 ## OUTPUT

@@ -27,7 +27,7 @@ try {
     $outSecrets = [ordered]@{}
     $settings = $env:Settings | ConvertFrom-Json | ConvertTo-HashTable
     $keyVaultCredentials = GetKeyVaultCredentials
-    $getAppDependencyProbingPathsSecrets = $false
+    $getAppDependencySecrets = $false
     $getTokenForPush = $false
     [System.Collections.ArrayList]$secretsCollection = @()
     foreach($secret in ($getSecrets.Split(',') | Select-Object -Unique)) {
@@ -38,8 +38,8 @@ try {
             $secret = 'ghTokenWorkflow'
         }
         $secretNameProperty = "$($secret.TrimStart('*'))SecretName"
-        if ($secret -eq 'AppDependencyProbingPathsSecrets') {
-            $getAppDependencyProbingPathsSecrets = $true
+        if ($secret -eq 'AppDependencySecrets') {
+            $getAppDependencySecrets = $true
         }
         else {
             $secretName = $secret
@@ -61,12 +61,19 @@ try {
         }
     }
 
-    # Loop through appDependencyProbingPaths and add secrets to the collection of secrets to get
-    if ($getAppDependencyProbingPathsSecrets -and $settings.Keys -contains 'appDependencyProbingPaths') {
-        foreach($appDependencyProbingPath in $settings.appDependencyProbingPaths) {
-            if ($appDependencyProbingPath.PsObject.Properties.name -eq "AuthTokenSecret") {
-                if ($secretsCollection -notcontains $appDependencyProbingPath.authTokenSecret) {
-                    $secretsCollection += $appDependencyProbingPath.authTokenSecret
+    if ($getAppDependencySecrets) {
+        # Loop through appDependencyProbingPaths and trustedNuGetFeeds and add secrets to the collection of secrets to get
+        $settingsCollection = @()
+        if ($settings.Keys -contains 'appDependencyProbingPaths') {
+            $settingsCollection += $settings.appDependencyProbingPaths
+        }
+        if ($settings.Keys -contains 'trustedNuGetFeeds') {
+            $settingsCollection += $settings.trustedNuGetFeeds
+        }
+        foreach($settingsItem in $settingsCollection) {
+            if ($settingsItem.PsObject.Properties.name -eq "AuthTokenSecret") {
+                if ($secretsCollection -notcontains $settingsItem.authTokenSecret) {
+                    $secretsCollection += $settingsItem.authTokenSecret
                 }
             }
         }

@@ -120,6 +120,26 @@ try {
     $settings = AnalyzeRepo -settings $settings -baseFolder $baseFolder -project $project @analyzeRepoParams
     $settings = CheckAppDependencyProbingPaths -settings $settings -token $token -baseFolder $baseFolder -project $project
 
+    if ($bcContainerHelperConfig.ContainsKey('TrustedNuGetFeeds')) {
+        foreach($trustedNuGetFeed in $bcContainerHelperConfig.TrustedNuGetFeeds) {
+            if ($trustedNuGetFeed.AuthTokenSecret) {
+                $authTokenSecret = $trustedNuGetFeed.AuthTokenSecret
+                if ($secrets.Keys -notcontains $authTokenSecret) {
+                    OutputWarning -message "Secret $authTokenSecret needed for trusted NuGetFeeds cannot be found"
+                }
+                else {
+                    $token = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($secrets."$authTokenSecret"))
+                    if ($trustedNuGetFeed.PSObject.Properties.Name -eq 'Token') {
+                        $trustedNuGetFeed.Token = $token
+                    }
+                    else {
+                        $trustedNuGetFeed | Add-Member -MemberType NoteProperty -Name Token -Value $token
+                    }
+                }
+            }
+        }
+    }
+
     if ((-not $settings.appFolders) -and (-not $settings.testFolders) -and (-not $settings.bcptTestFolders)) {
         Write-Host "Repository is empty, exiting"
         exit
@@ -289,8 +309,13 @@ try {
         }
     }
 
-    if ($gitHubPackagesContext -and ($runAlPipelineParams.Keys -notcontains 'InstallMissingDependencies')) {
-        $gitHubPackagesCredential = $gitHubPackagesContext | ConvertFrom-Json
+    if ((($bcContainerHelperConfig.ContainsKey('TrustedNuGetFeeds') -and ($bcContainerHelperConfig.TrustedNuGetFeeds.Count -gt 0)) -or ($gitHubPackagesContext)) -and ($runAlPipelineParams.Keys -notcontains 'InstallMissingDependencies')) {
+        if ($githubPackagesContext) {
+            $gitHubPackagesCredential = $gitHubPackagesContext | ConvertFrom-Json
+        }
+        else {
+            $gitHubPackagesCredential = [PSCustomObject]@{ "serverUrl" = ''; "token" = '' }
+        }
         $runAlPipelineParams += @{
             "InstallMissingDependencies" = {
                 Param([Hashtable]$parameters)
@@ -302,7 +327,7 @@ try {
                     $publishParams = @{
                         "nuGetServerUrl" = $gitHubPackagesCredential.serverUrl
                         "nuGetToken" = $gitHubPackagesCredential.token
-                        "packageName" = "AL-Go-$appId"
+                        "packageName" = $appId
                         "version" = $version
                     }
                     if ($parameters.ContainsKey('CopyInstalledAppsToFolder')) {
@@ -314,7 +339,7 @@ try {
                         Publish-BcNuGetPackageToContainer -containerName $parameters.containerName -tenant $parameters.tenant -skipVerification @publishParams
                     }
                     else {
-                        Copy-BcNuGetPackageToFolder -appSymbolsFolder $parameters.appSymbolsFolder @publishParams
+                        Download-BcNuGetPackageToFolder -folder $parameters.appSymbolsFolder @publishParams
                     }
 
                 }

@@ -105,7 +105,7 @@ jobs:
         with:
           shell: ${{ inputs.shell }}
           gitHubSecrets: ${{ toJson(secrets) }}
-          getSecrets: '${{ inputs.secrets }},appDependencyProbingPathsSecrets'
+          getSecrets: '${{ inputs.secrets }},appDependencySecrets'
 
       - name: Determine ArtifactUrl
         uses: microsoft/AL-Go-Actions/DetermineArtifactUrl@main

@@ -105,7 +105,7 @@ jobs:
         with:
           shell: ${{ inputs.shell }}
           gitHubSecrets: ${{ toJson(secrets) }}
-          getSecrets: '${{ inputs.secrets }},appDependencyProbingPathsSecrets'
+          getSecrets: '${{ inputs.secrets }},appDependencySecrets'
 
       - name: Determine ArtifactUrl
         uses: microsoft/AL-Go-Actions/DetermineArtifactUrl@main