-
-
Notifications
You must be signed in to change notification settings - Fork 10
78 lines (67 loc) · 2.42 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
name: Build and Release
on:
push:
branches: [ main ]
env:
configuration: Release
productNamespacePrefix: "ReactiveMarbles"
jobs:
build:
runs-on: windows-2022
environment:
name: release
outputs:
nbgv: ${{ steps.nbgv.outputs.SemVer2 }}
steps:
- name: Checkout
uses: actions/checkout@v4.2.1
with:
fetch-depth: 0
lfs: true
- name: Install .NET 6
uses: actions/setup-dotnet@v4.0.1
with:
dotnet-version: 6.0.x
- name: NBGV
id: nbgv
uses: dotnet/nbgv@master
with:
setAllVars: true
- name: NuGet Restore
run: dotnet restore
working-directory: src
- name: Build
run: dotnet build --configuration=${{ env.configuration }} --verbosity=minimal --no-restore
working-directory: src
- name: Pack
run: dotnet pack --configuration=${{ env.configuration }} --verbosity=minimal --no-restore
working-directory: src
- uses: nuget/setup-nuget@v2
name: Setup NuGet
# Decode the base 64 encoded pfx and save the Signing_Certificate
- name: Sign NuGet packages
shell: pwsh
run: |
$pfx_cert_byte = [System.Convert]::FromBase64String("${{ secrets.SIGNING_CERTIFICATE }}")
[IO.File]::WriteAllBytes("GitHubActionsWorkflow.pfx", $pfx_cert_byte)
$secure_password = ConvertTo-SecureString ${{ secrets.SIGN_CERTIFICATE_PASSWORD }} –asplaintext –force
Import-PfxCertificate -FilePath GitHubActionsWorkflow.pfx -Password $secure_password -CertStoreLocation Cert:\CurrentUser\My
nuget sign -Timestamper http://timestamp.digicert.com -CertificateFingerprint ${{ secrets.SIGN_CERTIFICATE_HASH }} **/*.nupkg
- name: Changelog
uses: glennawatson/ChangeLog@v1.1
id: changelog
- name: Create Release
uses: actions/create-release@v1.1.4
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag_name: ${{ steps.nbgv.outputs.SemVer2 }}
release_name: ${{ steps.nbgv.outputs.SemVer2 }}
body: |
${{ steps.changelog.outputs.commitLog }}
- name: NuGet Push
env:
NUGET_AUTH_TOKEN: ${{ secrets.NUGET_API_KEY }}
SOURCE_URL: https://api.nuget.org/v3/index.json
run: |
dotnet nuget push -s ${{ env.SOURCE_URL }} -k ${{ env.NUGET_AUTH_TOKEN }} **/*.nupkg