Skip to content

test site

test site #499

Workflow file for this run

name: release
on:
workflow_dispatch:
push:
branches:
- test-nuget
permissions:
id-token: write
contents: write
jobs:
prereqs:
name: Prerequisites
runs-on: ubuntu-latest
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- uses: actions/checkout@v4
- name: Set version
run: echo "version=$(cat VERSION | sed -E 's/.[0-9]+$//')" >> $GITHUB_OUTPUT
id: version
# ================================
# .NET Tool
# ================================
dotnet-tool-build:
name: Build .NET tool
runs-on: ubuntu-latest
needs: prereqs
steps:
- uses: actions/checkout@v4
- name: Set up .NET
uses: actions/setup-dotnet@v4.0.0
with:
dotnet-version: 8.0.x
- name: Build .NET tool
run: |
src/shared/DotnetTool/layout.sh --configuration=Release
- name: Upload .NET tool artifacts
uses: actions/upload-artifact@v4
with:
name: tmp.dotnet-tool-build
path: |
out/shared/DotnetTool/nupkg/Release
dotnet-tool-payload-sign:
name: Sign .NET tool payload
runs-on: windows-latest
environment: release
needs: dotnet-tool-build
steps:
- uses: actions/checkout@v4
- name: Download payload
uses: actions/download-artifact@v4
with:
name: tmp.dotnet-tool-build
- name: Log into Azure
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Download/extract Sign CLI tool
env:
AST: ${{ secrets.AZURE_STORAGE_ACCOUNT }}
ASC: ${{ secrets.AZURE_STORAGE_CONTAINER }}
SCT: ${{ secrets.SIGN_CLI_TOOL }}
run: |
az storage blob download --file sign-cli.zip --auth-mode login `
--account-name $env:AST --container-name $env:ASC --name $env:SCT
Expand-Archive -Path sign-cli.zip -DestinationPath .\sign-cli
- name: Sign payload
env:
ACST: ${{ secrets.AZURE_TENANT_ID }}
ACSI: ${{ secrets.AZURE_CLIENT_ID }}
ACSS: ${{ secrets.AZURE_CLIENT_SECRET }}
run: |
./sign-cli/sign.exe code azcodesign payload/* `
-acsu https://wus2.codesigning.azure.net/ `
-acsa git-fundamentals-signing `
-acscp git-fundamentals-windows-signing `
-d "Git Fundamentals Windows Signing Certificate" `
-u "https://github.com/git-ecosystem/git-credential-manager" `
-acst $env:ACST `
-acsi $env:ACSI `
-acss $env:ACSS
- name: Lay out signed payload, images, and symbols
shell: bash
run: |
mkdir dotnet-tool-payload-sign
mv images payload.sym payload -t dotnet-tool-payload-sign
- name: Upload signed payload
uses: actions/upload-artifact@v4
with:
name: dotnet-tool-payload-sign
path: |
dotnet-tool-payload-sign
dotnet-tool-pack:
name: Package .NET tool
runs-on: ubuntu-latest
needs: [prereqs, dotnet-tool-payload-sign]
steps:
- uses: actions/checkout@v4
- name: Download signed payload
uses: actions/download-artifact@v4
with:
name: dotnet-tool-payload-sign
path: signed
- name: Set up .NET
uses: actions/setup-dotnet@v4.0.0
with:
dotnet-version: 8.0.x
- name: Package tool
run: |
src/shared/DotnetTool/pack.sh --configuration=Release \
--version="${{ needs.prereqs.outputs.version }}" \
--publish-dir=$(pwd)/signed
- name: Upload unsigned package
uses: actions/upload-artifact@v4
with:
name: tmp.dotnet-tool-package-unsigned
path: |
out/shared/DotnetTool/nupkg/Release/*.nupkg
dotnet-tool-sign:
name: Sign .NET tool package
runs-on: windows-latest
environment: release
needs: dotnet-tool-pack
steps:
- name: Download unsigned package
uses: actions/download-artifact@v4
with:
name: tmp.dotnet-tool-package-unsigned
path: nupkg
- name: Log into Azure
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Download/extract Sign CLI tool
env:
AST: ${{ secrets.AZURE_STORAGE_ACCOUNT }}
ASC: ${{ secrets.AZURE_STORAGE_CONTAINER }}
SCT: ${{ secrets.SIGN_CLI_TOOL }}
run: |
az storage blob download --file sign-cli.zip --auth-mode login `
--account-name $env:AST --container-name $env:ASC --name $env:SCT
Expand-Archive -Path sign-cli.zip -DestinationPath .\sign-cli
- name: Sign package
env:
ACST: ${{ secrets.AZURE_TENANT_ID }}
ACSI: ${{ secrets.AZURE_CLIENT_ID }}
ACSS: ${{ secrets.AZURE_CLIENT_SECRET }}
run: |
./sign-cli/sign.exe code azcodesign nupkg/* `
-acsu https://wus2.codesigning.azure.net/ `
-acsa git-fundamentals-signing `
-acscp git-fundamentals-windows-signing `
-d "Git Fundamentals Windows Signing Certificate" `
-u "https://github.com/git-ecosystem/git-credential-manager" `
-acst $env:ACST `
-acsi $env:ACSI `
-acss $env:ACSS `
-acsc signing-certificate.cer
# exit 1
# - name: action-tmate
# if: failure()
# uses: mxschmitt/action-tmate@v3
- name: Publish signed package
uses: actions/upload-artifact@v4
with:
name: dotnet-tool-sign
path: |
nupkg/*.nupkg
signing-certificate.cer
# ================================
# Validate
# ================================
validate:
name: Validate installers
strategy:
matrix:
component:
- os: ubuntu-latest
artifact: dotnet-tool-sign
command: git-credential-manager
description: dotnet-tool
runs-on: ${{ matrix.component.os }}
needs: [dotnet-tool-sign]
steps:
- uses: actions/checkout@v4
- name: Set up .NET
uses: actions/setup-dotnet@v4.0.0
with:
dotnet-version: 8.0.x
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: ${{ matrix.component.artifact }}
- name: Install .NET tool
if: contains(matrix.component.description, 'dotnet-tool')
run: |
nupkgpath=$(find ./nupkg/*.nupkg)
dotnet tool install -g --add-source $(dirname "$nupkgpath") git-credential-manager
"${{ matrix.component.command }}" configure
- name: Validate
shell: bash
run: |
"${{ matrix.component.command }}" --version | sed 's/+.*//' >actual
cat VERSION | sed -E 's/.[0-9]+$//' >expect
cmp expect actual || exit 1
# ================================
# Publish
# ================================
create-github-release:
name: Publish GitHub draft release
runs-on: ubuntu-latest
env:
AZURE_VAULT: ${{ secrets.AZURE_VAULT }}
GPG_PUBLIC_KEY_SECRET_NAME: ${{ secrets.GPG_PUBLIC_KEY_SECRET_NAME }}
environment: release
needs: [ prereqs, validate ]
steps:
- uses: actions/checkout@v4
- name: Set up .NET
uses: actions/setup-dotnet@v4.0.0
with:
dotnet-version: 8.0.x
- name: Download artifacts
uses: actions/download-artifact@v4
- uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const path = require('path');
const version = "${{ needs.prereqs.outputs.version }}"
var releaseMetadata = {
owner: context.repo.owner,
repo: context.repo.repo
};
// Create the release
var tagName = `v${version}`;
var createdRelease = await github.rest.repos.createRelease({
...releaseMetadata,
draft: true,
tag_name: tagName,
target_commitish: context.sha,
name: `GCM ${version}`
});
releaseMetadata.release_id = createdRelease.data.id;
// Uploads contents of directory to the release created above
async function uploadDirectoryToRelease(directory, includeExtensions=[]) {
return fs.promises.readdir(directory)
.then(async(files) => Promise.all(
files.filter(file => {
return includeExtensions.length==0 || includeExtensions.includes(path.extname(file).toLowerCase());
})
.map(async (file) => {
var filePath = path.join(directory, file);
github.rest.repos.uploadReleaseAsset({
...releaseMetadata,
name: file,
headers: {
"content-length": (await fs.promises.stat(filePath)).size
},
data: fs.createReadStream(filePath)
});
}))
);
}
await Promise.all([
// Upload .NET tool package
uploadDirectoryToRelease('dotnet-tool-sign'),
uploadDirectoryToRelease('dotnet-tool-sign/nuget')
]);