-
-
Notifications
You must be signed in to change notification settings - Fork 1
197 lines (195 loc) · 7.71 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
name: Release
on:
push:
branches:
- main
concurrency: ${{ github.workflow }}-${{ github.ref }}
permissions: { }
env:
dotnet: 9.0.x
node: 22.x
Project: src/Serilog.Extensions.Formatting
PackageJson: src/Serilog.Extensions.Formatting/package.json
Csproj: src/Serilog.Extensions.Formatting/Serilog.Extensions.Formatting.csproj
PackageName: alexaka1.serilog.extensions.formatting
YARN_ENABLE_HARDENED_MODE: 1
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
tests:
name: Tests
uses: ./.github/workflows/tests.yml
permissions:
contents: read
check-release:
name: Prepare release
runs-on: ubuntu-24.04
permissions:
pull-requests: write
contents: write
issues: read
id-token: write
attestations: write
outputs:
publishable: ${{ steps.pack.outputs.canPack == 'true'}}
version: ${{ steps.pack.outputs.version }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
aka.ms:443
api.github.com:443
api.nuget.org:443
cdn.fwupd.org:443
crl3.digicert.com:80
dotnetbuilds.azureedge.net:443
dotnetcli.azureedge.net:443
dc.services.visualstudio.com:443
github.com:443
objects.githubusercontent.com:443
registry.npmjs.org:443
registry.yarnpkg.com:443
repo.yarnpkg.com:443
*.sigstore.dev:443
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Setup Dotnet ${{ env.dotnet }}
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4.1.0
with:
dotnet-version: ${{ env.dotnet }}
- name: Setup Node.js ${{ env.node }}
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ env.node }}
- name: Enable Corepack
run: corepack enable
- name: Yarn install
run: yarn install --immutable
- uses: chainguard-dev/actions/setup-gitsign@57cb0b7560d9b9b081c15ac5ef689f73f4dda03e
- name: Create Release Pull Request or Prepare release
id: changesets
uses: changesets/action@c8bada60c408975afd1a20b3db81d6eee6789308 # v1.4.9
with:
# outputs versionExists=true if version already exists on nuget
version: yarn run version ${{ env.PackageJson }} ${{ env.Csproj }}
setupGitUser: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Can pack?
id: pack
if: steps.changesets.outputs.hasChangesets == 'false'
shell: bash
run: |
set -e
VERSION=$(jq -r '.version' "${{ env.PackageJson }}")
echo "version=v$VERSION" >> "$GITHUB_OUTPUT"
AVAILABLE_VERSIONS=$(curl -s "https://api.nuget.org/v3-flatcontainer/${{ env.PackageName }}/index.json" | jq -r '.versions[]')
if echo "$AVAILABLE_VERSIONS" | grep -q "^$VERSION$"; then
echo "canPack=false" >> "$GITHUB_OUTPUT"
else
echo "canPack=true" >> "$GITHUB_OUTPUT"
fi
- name: Dotnet restore
if: steps.pack.outputs.canPack == 'true'
run: dotnet restore ${{ env.Project }}
- name: Dotnet build
if: steps.pack.outputs.canPack == 'true'
run: dotnet build ${{ env.Project }} --configuration Release --no-restore
- name: Pack nupkg
if: steps.pack.outputs.canPack == 'true'
run: dotnet pack ${{ env.Project }} -c Release -o ${{ github.workspace }}/artifacts
- name: Generate nupkg attestation
if: steps.pack.outputs.canPack == 'true'
uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
with:
subject-path: ${{ github.workspace }}/artifacts
- name: Upload nupkg
if: steps.pack.outputs.canPack == 'true'
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: nuget
path: ${{ github.workspace }}/artifacts
if-no-files-found: error
release:
name: Release package
environment: production
runs-on: ubuntu-latest
if: needs.check-release.outputs.publishable == 'true'
needs:
- check-release
- tests
permissions:
contents: write
id-token: write
env:
changelog: src/Serilog.Extensions.Formatting/CHANGELOG.md
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# we use credentials to push tags below
persist-credentials: true
- uses: chainguard-dev/actions/setup-gitsign@57cb0b7560d9b9b081c15ac5ef689f73f4dda03e
- name: Download nupkg
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: nuget
path: ${{ github.workspace }}/artifacts
github-token: ${{ github.token }}
- name: Setup Dotnet ${{ env.dotnet }}
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4.1.0
with:
dotnet-version: ${{ env.dotnet }}
- name: Publish nupkg
run: dotnet nuget push ${{ github.workspace }}/artifacts/*.nupkg -s https://api.nuget.org/v3/index.json -k ${{ secrets.NUGET_API_KEY }}
- name: Create changelog for release
id: changelog
shell: bash
run: |
input_file="${{ env.changelog }}"
output_file="changes.md"
# Find the line number of the first version heading
start_line=$(grep -nE '^## [0-9]+\.[0-9]+\.[0-9]' "$input_file" | head -n 1 | cut -d: -f1)
# Find the line number of the next version heading, if it exists
end_line=$(grep -nE '^## [0-9]+\.[0-9]+\.[0-9]' "$input_file" | sed -n '2p' | cut -d: -f1)
if [ -z "$end_line" ]; then
# If there is no next version, extract till the end of the file
sed -n "${start_line},\$p" "$input_file" > "$output_file"
else
# Extract only the section for the uppermost version
sed -n "${start_line},$(($end_line-1))p" "$input_file" > "$output_file"
fi
echo "changes=$output_file" >> "$GITHUB_OUTPUT"
prerelease=false
if [ -f ".changeset/pre.json" ]; then
prerelease=true
fi
- name: Tag release
run: |
git tag -s ${{ needs.check-release.outputs.version }} -m "Release ${{ needs.check-release.outputs.version }}"
git push origin ${{ needs.check-release.outputs.version }}
- name: Create GitHub release
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
with:
files: |
${{ github.workspace }}/artifacts/*.nupkg
${{ github.workspace }}/artifacts/*.snupkg
${{ env.changelog }}
body_path: ${{ steps.changelog.outputs.changes }}
body: Oh no, it looks like the change-notes were not generated correctly by the action.
draft: false
prerelease: ${{ steps.changelog.outputs.prerelease == 'true' }}
generate_release_notes: true
fail_on_unmatched_files: true
append_body: true
tag_name: ${{ needs.check-release.outputs.version }}
target_commitish: ${{ github.sha }}