Attaching to the right part of the msbuild pipeline #10
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: .NET release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| env: | |
| DEFAULT_DOTNET_VERSION: "8.0.x" | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| os: [windows-latest, ubuntu-latest] | |
| fail-fast: false | |
| runs-on: "${{ matrix.os }}" | |
| env: | |
| DOTNET_CONFIGURATION: Release | |
| DAPR_VERSION: "1.14.1" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Runtimes, Caching, and Tools | |
| uses: ./.github/actions/setup-runtimes-caching | |
| with: | |
| name: "Full" | |
| - name: Restore dependencies | |
| run: dotnet restore | |
| - name: Build | |
| run: dotnet build --no-restore --configuration ${{ env.DOTNET_CONFIGURATION }} | |
| run-tests: | |
| uses: ./.github/workflows/tests.yaml | |
| package: | |
| uses: ./.github/workflows/package.yml | |
| with: | |
| validate_version: true | |
| needs: run-tests | |
| sign: | |
| needs: package | |
| runs-on: windows-latest | |
| permissions: | |
| id-token: write # Required for requesting the JWT | |
| steps: | |
| - name: Install .NET SDK v${{ env.DEFAULT_DOTNET_VERSION }} | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: ${{ env.DEFAULT_DOTNET_VERSION }} | |
| - name: Download Package List | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: nuget-packages | |
| path: ${{ github.workspace }}/packages | |
| - name: Download NuGet package list | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: nuget-list | |
| path: ${{ github.workspace }} | |
| - name: Install Signing Tool | |
| run: dotnet tool install --tool-path ./tools sign --version 0.9.1-beta.23356.1 | |
| - name: Sign Packages | |
| run: > | |
| ./tools/sign code azure-key-vault | |
| **/*.nupkg | |
| --base-directory "${{ github.workspace }}/packages" | |
| --file-list "${{ github.workspace }}/SignClientFileList.txt" | |
| --timestamp-url "http://timestamp.digicert.com" | |
| --publisher-name ".NET Foundation" | |
| --description ".NET Aspire Community Toolkit" | |
| --description-url "/~https://github.com/CommunityToolkit/Aspire" | |
| --azure-key-vault-url "${{ secrets.SIGN_KEY_VAULT_URL }}" | |
| --azure-key-vault-client-id ${{ secrets.SIGN_CLIENT_ID }} | |
| --azure-key-vault-client-secret "${{ secrets.SIGN_CLIENT_SECRET }}" | |
| --azure-key-vault-tenant-id ${{ secrets.SIGN_TENANT_ID }} | |
| --azure-key-vault-certificate "${{ secrets.SIGN_CERTIFICATE }}" | |
| --verbosity Information | |
| - name: Upload Signed Packages as Artifacts (for release) | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: signed-nuget-packages | |
| if-no-files-found: error | |
| path: | | |
| ${{ github.workspace }}/packages/**/*.nupkg | |
| release: | |
| needs: sign | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: release | |
| steps: | |
| - name: Download package | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: signed-nuget-packages | |
| - name: Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| ./*.nupkg | |
| publish-nuget: | |
| needs: sign | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: nuget-stable | |
| steps: | |
| - name: Download package | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: signed-nuget-packages | |
| - name: Publish to NuGet | |
| run: dotnet nuget push ./*.nupkg --source "https://api.nuget.org/v3/index.json" --api-key ${{ secrets.NUGET_PACKAGE_PUSH_TOKEN }} | |
| publish-coverage: | |
| needs: run-tests | |
| uses: ./.github/workflows/code-coverage.yml | |
| secrets: inherit |