Merge pull request #9 from DuendeSoftware/packaging #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
permissions: | |
contents: read | |
checks: write | |
packages: write | |
on: | |
workflow_dispatch: | |
push: | |
pull_request: | |
env: | |
DOTNET_NOLOGO: true | |
DOTNET_CLI_TELEMETRY_OPTOUT: true | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: | | |
8.0.x | |
9.0.x | |
- name: Build | |
run: dotnet build -c Release AspNetCore.sln | |
- name: Test | |
run: | | |
dotnet test -c Release test/AspNetCore.Authentication.JwtBearer.Tests/AspNetCore.Authentication.JwtBearer.Tests.csproj \ | |
--logger "console;verbosity=normal" \ | |
--logger "trx;LogFileName=Tests.trx" \ | |
--collect:"XPlat Code Coverage" | |
- name: Test report | |
id: test-report | |
uses: dorny/test-reporter@v1 | |
if: success() || failure() # run this step even if previous step failed | |
with: | |
name: Test results | |
path: test/AspNetCore.Authentication.JwtBearer.Tests/TestResults/Tests.trx | |
reporter: dotnet-trx | |
fail-on-error: true | |
fail-on-empty: true | |
- name: Pack | |
run: | | |
dotnet pack -c Release \ | |
src/AspNetCore.Authentication.JwtBearer/AspNetCore.Authentication.JwtBearer.csproj \ | |
--no-build \ | |
-o artifacts | |
- name: Sign | |
if: (github.ref == 'refs/heads/main') | |
run: | | |
echo "Install Sectigo CodeSiging CA certificates" | |
sudo apt-get update | |
sudo apt-get install -y ca-certificates | |
sudo cp .github/workflows/SectigoPublicCodeSigningRootCrossAAA.crt /usr/local/share/ca-certificates/ | |
sudo update-ca-certificates | |
echo "Restore tools" | |
dotnet tool restore | |
echo "Sign" | |
for file in artifacts/*.nupkg; do | |
dotnet NuGetKeyVaultSignTool sign "$file" \ | |
--file-digest sha256 \ | |
--timestamp-rfc3161 http://timestamp.digicert.com \ | |
--azure-key-vault-url https://duendecodesigning.vault.azure.net/ \ | |
--azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 \ | |
--azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 \ | |
--azure-key-vault-client-secret ${{ secrets.SignClientSecret }} \ | |
--azure-key-vault-certificate CodeSigning | |
done | |
- name: Push packages | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
if: (github.ref == 'refs/heads/main') | |
run: | | |
dotnet nuget push artifacts/*.nupkg -s https://www.myget.org/F/duende_identityserver/api/v2/package -k ${{ secrets.MYGET }} --skip-duplicate | |
dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
if: (github.ref == 'refs/heads/main') | |
with: | |
path: artifacts/*.nupkg | |
compression-level: 0 | |
overwrite: true | |
retention-days: 15 |