-
Notifications
You must be signed in to change notification settings - Fork 16
328 lines (296 loc) · 13 KB
/
dotnet.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
#### Build, Test, and Publish ####
# This is the main workflow for the CoseSignTool project. It handles the following events:
# - Pull requests: When a user submits a pull request, or pushes a commit to an existing pull request, this workflow
# - generates a changelog and commits it to the working branch, and then
# - builds and tests the code.
# - Pushes to the main branch: When a user pushes a commit to the main branch, this workflow
# - creates a semantically versioned tag,
# - creates a release with the new tag, and then
# - triggers the release portion of the workflow.
# - Releases: When a user creates a release, or a release is created in response to a push event, this workflow
# - builds, publishes, and zips the outputs, and then
# - uploads the zipped assets to the release.
name: Build, Test, and Publish
on:
pull_request:
branches: [ "*" ] # Trigger on all branches for pull requests.
push:
branches: [ "main" ] # Trigger on pushes to the main branch.
release:
types: [ created ] # Trigger on new releases.
jobs:
#### PULL REQUEST EVENTS ####
# Build and test the code.
build:
name: build-${{matrix.os}}
if: ${{ github.event_name == 'pull_request' }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
- os: windows-latest
dir_command: gci -Recurse
- os: ubuntu-latest
dir_command: ls -a -R
- os: macos-latest
dir_command: ls -a -R
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v3
with:
dotnet-version: 8.0.x
# Use the Dotnet Test command to load dependencies, build, and test the code.
# We have to run the test projects individually so CoseSignTool.Tests can run under arm64 on the Mac runner.
- name: Build and Test debug
id: build-test
run: |
dotnet build --configuration Debug CoseSignTool.sln
dotnet test --no-restore CoseSign1.Tests/CoseSign1.Tests.csproj
dotnet test --no-restore CoseSign1.Certificates.Tests/CoseSign1.Certificates.Tests.csproj
dotnet test --no-restore CoseSign1.Headers.Tests/CoseSign1.Headers.Tests.csproj
dotnet test --no-restore CoseIndirectSignature.Tests/CoseIndirectSignature.Tests.csproj
dotnet test --no-restore CoseHandler.Tests/CoseHandler.Tests.csproj
dotnet test --no-restore CoseSignTool.Tests/CoseSignTool.Tests.csproj
# List the contents of the working directory to make sure all the artifacts are there.
- name: List working directory
run: ${{ matrix.dir_command }}
# Create a changelog that includes all the PRs merged since the last release.
# If it's not a pull request, skip to the build job.
create_changelog:
needs: [ build ] # Wait here so we don't create any race conditions.
runs-on: ubuntu-latest
permissions:
actions: write
contents: write
deployments: write
packages: write
pull-requests: write
security-events: write
statuses: write
steps:
# Checkout the working branch.
- name: Checkout code
if: ${{ github.event_name == 'pull_request' }}
uses: actions/checkout@v2
# Sync the changelog version.
- name: Fetch and checkout
if: ${{ github.event_name == 'pull_request' }}
run: |
git config --local user.email "[email protected]"
git config --local user.name "GitHub Action"
echo "Fetch from repository."
git fetch
echo "Undo any user changes to CHANGELOG.md. This is needed because the user's copy becomes obsolete after every checkin."
git reset -- CHANGELOG.md
echo "Checkout the working branch."
git checkout $GITHUB_HEAD_REF
# Generate the new changelog.
- name: Generate changelog
if: ${{ github.event_name == 'pull_request' }}
uses: tj-actions/[email protected]
with:
output: CHANGELOG.md
token: ${{ secrets.GITHUB_TOKEN }}
# Commit the changelog.
- name: Commit changelog
if: ${{ github.event_name == 'pull_request' }}
run: |
git add CHANGELOG.md
if git diff-index --quiet HEAD; then
echo "No changes were logged."
else
git commit --allow-empty -m "Update changelog for release"
git push
fi
# Print default message if changelog is not updated.
- name: Print exit message when changelog is not updated
if: ${{ github.event_name != 'pull_request' }}
run: echo "Changelog is already up to date."
#### PUSH EVENTS ####
# Create a semantically versioned release.
# A prerelease is created for every push to the main branch.
# Official releases are created manually on GitHub.
create_release:
name: Create Release
if: ${{ github.event_name == 'push' || github.event_name == 'release'}}
runs-on: ubuntu-latest
permissions:
actions: write
contents: write
deployments: write
packages: write
pull-requests: write
security-events: write
statuses: write
outputs:
upload_url: ${{ steps.create_release.outputs.upload_url }}
tag_name: ${{ steps.output_tag_name.outputs.tag_name }}
steps:
# Checkout the main branch and fetch tags.
- name: Checkout code
if: ${{ github.event_name == 'push' }}
uses: actions/checkout@v3
# Checkout the main branch so we can see the correct tag set.
- name: Fetch and checkout main
if: ${{ github.event_name == 'push' }}
run: |
git config --local user.email "[email protected]"
git config --local user.name "GitHub Action"
git fetch
git checkout main
# Create a semantically versioned tag that increments the last release.
# If the last release is a pre-release, increment the pre-release number, so v1.2.3-pre4 becomes v1.2.3-pre5.
# If the last release is an official release, create a new pre-release, so v1.2.3 becomes v1.2.3-pre1.
- name: Increment pre-release tag
if: ${{ github.event_name == 'push' }}
id: new-tag # Output: ${{ steps.new-tag.outputs.newtag }}
run: |
CURRENT_TAG=$(git tag | sort --version-sort | tail -n1)
echo "Current tag is $CURRENT_TAG"
if [[ $CURRENT_TAG =~ ^v([0-9]+\.[0-9]+\.[0-9]+)(-pre([0-9]+))?$ ]]; then
BASE_VERSION=${BASH_REMATCH[1]}
PRE_VERSION=${BASH_REMATCH[3]}
if [ -z "$PRE_VERSION" ]; then
NEW_TAG="v$BASE_VERSION-pre1"
else
NEW_TAG="v$BASE_VERSION-pre$((PRE_VERSION + 1))"
fi
echo "New tag is $NEW_TAG"
echo "Let's make sure this tag doesn't already exist..."
tries=0
maxTries=5
while true; do
echo "This is try $tries"
RESPONSE=$(curl -sl https://api.github.com/repos/microsoft/CoseSignTool/releases/tags/$NEW_TAG)
if [ "$(echo "$RESPONSE" | jq -r '.message')" == "Not Found" ]; then
echo "Tag not found. We're good to go."
break
else
if [ $tries -ge $maxTries ]; then
echo "Max tries reached. Exiting."
exit 1
fi
echo "Oops! That tag already exists!"
NEW_TAG="${NEW_TAG%-*}-pre$(( ${NEW_TAG##*-pre} + 1 ))" # Increment the prerelease number.
echo "Let's try $NEW_TAG"
tries=$((tries+1))
fi
done
echo "::set-output name=newtag::$NEW_TAG"
else
echo "Invalid tag format"
exit 1
fi
# Create the release. This should generate a release event, which will trigger the release_assets job.
- name: Create Release
if: ${{ github.event_name == 'push' }}
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
# Get the tag name and release name from the previous step.
tag_name: ${{ steps.new-tag.outputs.newtag }}
release_name: Release ${{ steps.new-tag.outputs.newtag }}
# Generate release text from changelog.
body_path: ./CHANGELOG.md
# Always use prerelease for automated releases. Official releases are created manually.
prerelease: true
# Output the semver tag if it's a push event, or the most recent tag if it's a release event.
- name: Output tag name
id: output_tag_name
run: |
if [ "${{ github.event_name }}" == "push" ]; then
echo "::set-output name=tag_name::${{ steps.new-tag.outputs.newtag }}"
echo "Generated semver tag is ${{ steps.new-tag.outputs.newtag }}."
else
echo "::set-output name=tag_name::${{ github.event.release.tag_name }}"
echo "Current release tag is ${{ github.event.release.tag_name }}."
fi
#### RELEASE EVENTS ####
# Build, publish, and zip the outputs, and then upload them to the release.
# We include the push event and the dependency on create_release to support automatic releases, because
# automatic release creation does not trigger the release event.
release_assets:
name: release-assets
if: ${{ github.event_name == 'release' || github.event_name == 'push'}}
needs: [ create_release ]
runs-on: ${{ matrix.os }}
permissions:
actions: write
contents: write
deployments: write
packages: write
pull-requests: write
security-events: write
statuses: write
strategy:
matrix:
include:
- os: windows-latest
dir_command: gci -Recurse
zip_command_debug: Compress-Archive -Path ./debug/ -DestinationPath CoseSignTool-Windows-debug.zip
zip_command_release: Compress-Archive -Path ./release/ -DestinationPath CoseSignTool-Windows-release.zip
- os: ubuntu-latest
dir_command: ls -a -R
zip_command_debug: zip -r CoseSignTool-Linux-debug.zip ./debug/
zip_command_release: zip -r CoseSignTool-Linux-release.zip ./release/
- os: macos-latest
dir_command: ls -a -R
zip_command_debug: zip -r CoseSignTool-MacOS-debug.zip ./debug/
zip_command_release: zip -r CoseSignTool-MacOS-release.zip ./release/
steps:
# Checkout the branch.
- name: Checkout code again
uses: actions/checkout@v3
# Build and publish the binaries to ./published.
- name: Publish outputs
run: |
VERSION=${{ needs.create_release.outputs.tag_name }}
dotnet publish --configuration Debug --self-contained true --output published/debug --property:FileVersion=$VERSION CoseSignTool/CoseSignTool.csproj
dotnet publish --configuration Release --self-contained true --output published/release --property:FileVersion=$VERSION CoseSignTool/CoseSignTool.csproj
# Self-contained is needed. Must use .csproj instead of .sln.
# List the contents of the published directory to make sure all the artifacts are there.
- name: List published directory
run: ${{ matrix.dir_command }}
working-directory: ./published
# Verify that the file versions on the DLLs match the release version
- name: Check File Version
run: |
$file = Get-Item "CoseSignTool.dll"
$version = $file.VersionInfo.FileVersion
Write-Output "File Version is $version"
shell: pwsh
working-directory: ./published/debug
# Copy the docs, license, and markdown files to the release folders.
- name: Copy docs to release folders
run: |
mkdir -p published/debug/docs
cp -r docs/* published/debug/docs/
mkdir -p published/release/docs
cp -r docs/* published/release/docs/
cp -r LICENSE published/debug/
cp -r LICENSE published/release/
cp -r *.md published/debug/
cp -r *.md published/release/
# Create zip files for release.
- name: Create zip files for the release
run: |
${{ matrix.zip_command_debug }}
${{ matrix.zip_command_release }}
working-directory: ./published
# List the contents of the published directory to make sure all the artifacts are there.
- name: List published directory
run: ${{ matrix.dir_command }}
working-directory: ./published
# Upload the zipped assets to the release.
- name: Upload artifacts
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ./published/CoseSignTool-*.zip
file_glob: true
overwrite: true
tag: ${{ needs.create_release.outputs.tag_name }}