access-token-management/release #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This was generated by tool. Edits will be overwritten. | |
| name: access-token-management/release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: 'Version in format X.Y.Z or X.Y.Z-preview.' | |
| type: string | |
| required: true | |
| default: '0.0.0' | |
| branch: | |
| description: '(Optional) the name of the branch to release from' | |
| type: string | |
| required: false | |
| default: 'main' | |
| remove-tag-if-exists: | |
| description: 'If set, will remove the existing tag. Use this if you have issues with the previous release action' | |
| type: boolean | |
| required: false | |
| default: false | |
| env: | |
| DOTNET_NOLOGO: true | |
| DOTNET_CLI_TELEMETRY_OPTOUT: true | |
| jobs: | |
| tag: | |
| name: Tag and Pack | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: access-token-management | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Checkout target branch | |
| if: github.event.inputs.branch != 'main' | |
| run: git checkout ${{ github.event.inputs.branch }} | |
| - name: Setup Dotnet | |
| uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 | |
| with: | |
| dotnet-version: |- | |
| 6.0.x | |
| 8.0.x | |
| 9.0.x | |
| - name: Git Config | |
| run: |- | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "Duende Software GitHub Bot" | |
| - name: Remove previous git tag | |
| if: github.event.inputs['remove-tag-if-exists'] == 'true' | |
| run: |- | |
| if git rev-parse atm-${{ github.event.inputs.version }} >/dev/null 2>&1; then | |
| git tag -d atm-${{ github.event.inputs.version }} | |
| git push --delete origin atm-${{ github.event.inputs.version }} | |
| else | |
| echo 'Tag atm-${{ github.event.inputs.version }} does not exist.' | |
| fi | |
| - name: Git tag | |
| run: |- | |
| git tag -a atm-${{ github.event.inputs.version }} -m "Release v${{ github.event.inputs.version }}" | |
| git push origin atm-${{ github.event.inputs.version }} | |
| - name: Pack AccessTokenManagement | |
| run: dotnet pack -c Release src/AccessTokenManagement -o artifacts | |
| - name: Pack AccessTokenManagement.OpenIdConnect | |
| run: dotnet pack -c Release src/AccessTokenManagement.OpenIdConnect -o artifacts | |
| - name: Tool restore | |
| run: dotnet tool restore | |
| - name: Sign packages | |
| run: |- | |
| for file in artifacts/*.nupkg; do | |
| dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning | |
| done | |
| - name: Push packages to MyGet | |
| if: github.ref == 'refs/heads/main' | |
| run: dotnet nuget push artifacts/*.nupkg --source https://www.myget.org/F/duende_identityserver/api/v2/package --api-key ${{ secrets.MYGET }} --skip-duplicate | |
| - name: Push packages to GitHub | |
| if: github.ref == 'refs/heads/main' | |
| run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload Artifacts | |
| if: github.event_name == 'push' | |
| uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 | |
| with: | |
| name: artifacts | |
| path: access-token-management/artifacts/*.nupkg | |
| overwrite: true | |
| retention-days: 15 | |
| publish: | |
| name: Publish to nuget.org | |
| needs: | |
| - tag | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
| with: | |
| name: artifacts | |
| path: artifacts | |
| - name: Setup Dotnet | |
| uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 | |
| with: | |
| dotnet-version: |- | |
| 6.0.x | |
| 8.0.x | |
| 9.0.x | |
| - name: List files | |
| run: tree | |
| shell: bash | |
| - name: Push packages to nuget.org | |
| if: github.ref == 'refs/heads/main' | |
| run: dotnet nuget push artifacts/*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_ORG_API_KEY }} --skip-duplicate |