-
Notifications
You must be signed in to change notification settings - Fork 765
143 lines (114 loc) · 4.67 KB
/
publish-packages-1.0.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#################################################
################### IMPORTANT ###################
# DON'T RENAME THIS FILE UNLESS WE START
# RELEASING THE VERSION 2.*
################### IMPORTANT ###################
#################################################
name: Build, pack, and publish to MyGet
on:
workflow_dispatch:
push:
tags:
- 'core-*'
- 'coreunstable-*'
schedule:
- cron: '0 0 * * *' # once in a day at 00:00
jobs:
automation:
uses: ./.github/workflows/automation.yml
secrets: inherit
build-pack-publish:
runs-on: windows-latest
permissions:
contents: read
id-token: write
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_YES: "yes"
outputs:
artifact-url: ${{ steps.upload-artifacts.outputs.artifact-url }}
artifact-id: ${{ steps.upload-artifacts.outputs.artifact-id }}
steps:
- uses: actions/checkout@v4
with:
# Note: By default GitHub only fetches 1 commit. MinVer needs to find
# the version tag which is typically NOT on the first commit so we
# retrieve them all.
fetch-depth: 0
- name: Setup dotnet
uses: actions/setup-dotnet@v4
- name: Install Cosign
uses: sigstore/cosign-installer@v3
with:
cosign-release: v2.4.0
- name: dotnet restore
run: dotnet restore ./build/OpenTelemetry.proj -p:RunningDotNetPack=true
- name: dotnet build
run: dotnet build ./build/OpenTelemetry.proj --configuration Release --no-restore -p:Deterministic=true -p:BuildNumber=${{ github.run_number }} -p:RunningDotNetPack=true
- name: Sign DLLs with Cosign Keyless
shell: pwsh
run: |
$projectFiles = Get-ChildItem -Path src/*/*.csproj -File
foreach ($projectFile in $projectFiles) {
$projectName = [System.IO.Path]::GetFileNameWithoutExtension($projectFile)
Get-ChildItem -Path src/$projectName/bin/Release/*/$projectName.dll -File | ForEach-Object {
$fileFullPath = $_.FullName
Write-Host "Signing $fileFullPath"
cosign.exe sign-blob $fileFullPath --yes --output-signature $fileFullPath-keyless.sig --output-certificate $fileFullPath-keyless.pem
}
}
- name: dotnet pack
run: dotnet pack ./build/OpenTelemetry.proj --configuration Release --no-restore --no-build -p:PackTag=${{ github.ref_type == 'tag' && github.ref_name || '' }}
- name: Publish Artifacts
id: upload-artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ github.ref_name }}-packages
path: 'src/**/*.*nupkg'
- name: Publish MyGet
env:
MYGET_TOKEN_EXISTS: ${{ secrets.MYGET_TOKEN != '' }}
if: env.MYGET_TOKEN_EXISTS == 'true' # Skip MyGet publish if run on a fork without the secret
run: |
nuget setApiKey ${{ secrets.MYGET_TOKEN }} -Source https://www.myget.org/F/opentelemetry/api/v2/package
nuget push src/**/*.nupkg -Source https://www.myget.org/F/opentelemetry/api/v2/package
post-build:
runs-on: ubuntu-latest
needs:
- automation
- build-pack-publish
if: needs.automation.outputs.enabled && github.event_name == 'push'
env:
GH_TOKEN: ${{ secrets[needs.automation.outputs.token-secret-name] }}
steps:
- name: check out code
uses: actions/checkout@v4
with:
token: ${{ secrets[needs.automation.outputs.token-secret-name] }}
- name: Download Artifacts
run: |
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: token ${{ github.token }}" \
-L \
-o '${{ github.workspace }}/artifacts/${{ github.ref_name }}-packages.zip' \
--create-dirs \
"https://api.github.com/repos/${{ github.repository }}/actions/artifacts/${{ needs.build-pack-publish.outputs.artifact-id }}/zip"
- name: Create GitHub Release draft
shell: pwsh
run: |
Import-Module .\build\scripts\post-release.psm1
CreateDraftRelease `
-gitRepository '${{ github.repository }}' `
-tag '${{ github.ref_name }}' `
-releaseFiles '${{ github.workspace }}/artifacts/${{ github.ref_name }}-packages.zip#Packages'
- name: Post notice when packages are ready
shell: pwsh
run: |
Import-Module .\build\scripts\post-release.psm1
TryPostPackagesReadyNoticeOnPrepareReleasePullRequest `
-gitRepository '${{ github.repository }}' `
-tag '${{ github.ref_name }}' `
-tagSha '${{ github.sha }}' `
-packagesUrl '${{ needs.build-pack-publish.outputs.artifact-url }}' `
-botUserName '${{ needs.automation.outputs.username }}'