-
-
Notifications
You must be signed in to change notification settings - Fork 0
91 lines (88 loc) · 2.99 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
name: CI
defaults:
run:
shell: pwsh
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
release:
types: [ published ]
jobs:
Build:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Upload module
uses: actions/upload-artifact@v3
with:
name: module
path: ./src/
Test:
needs: Build
runs-on: windows-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Download module
uses: actions/download-artifact@v4.1.7
with:
name: module
path: C:\Users\runneradmin\Documents\PowerShell\Modules\LockFile\
- name: Test with Pester
run: |
$ht = Import-PowerShellDataFile PesterSettings.psd1
$config = New-PesterConfiguration $ht
Invoke-Pester -Configuration $config
Sign:
needs: Test
if: github.event_name == 'release' && github.event.action == 'published'
runs-on: windows-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Import certificate
env:
CERTIFICATE_BASE64: ${{ secrets.CERTIFICATE_BASE64 }}
CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
CERTIFICATE_PASSWORD_KEY_BASE64: ${{ secrets.CERTIFICATE_PASSWORD_KEY_BASE64 }}
run: |
[convert]::FromBase64String($env:CERTIFICATE_BASE64) | Set-Content -Path cert.pfx -AsByteStream
$key = [convert]::FromBase64String($env:CERTIFICATE_PASSWORD_KEY_BASE64)
$password = ConvertTo-SecureString $env:CERTIFICATE_PASSWORD -Key $key
Import-PfxCertificate cert.pfx -Password $password -CertStoreLocation Cert:\CurrentUser\My
- name: Sign files
run: |
$config = Import-PowerShellDataFile SignSettings.psd1
$config['Certificate'] = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert
Set-Location .\src
Set-AuthenticodeSignature @config
- name: Create and sign catalog file
run: |
$config = Import-PowerShellDataFile SignSettings.psd1
$config['FilePath'] = 'LockFile.cat'
$config['Certificate'] = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert
Set-Location .\src
New-FileCatalog LockFile.cat -CatalogVersion 2
Set-AuthenticodeSignature @config
- name: Upload module
uses: actions/upload-artifact@v3
with:
name: module-signed
path: ./src/
Publish:
needs: Sign
if: github.event_name == 'release' && github.event.action == 'published'
runs-on: ubuntu-latest
steps:
- name: Download module
uses: actions/download-artifact@v4.1.7
with:
name: module-signed
path: '~/.local/share/powershell/Modules/LockFile'
- name: Publish Module
env:
NUGET_KEY: ${{ secrets.NUGET_KEY }}
run: Publish-Module -Name LockFile -NuGetApiKey $env:NUGET_KEY