-
Notifications
You must be signed in to change notification settings - Fork 0
112 lines (99 loc) · 4.92 KB
/
BuildAndPublish_dotNet.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# This workflow will build a .NET project
# Configuration
# Ensure that the CSPROJ_PATH is egual to the path of the project file you want to build.
# You shouldn't need to change BUILD_OUTPUT_PATH except if the path defined in the variable exist in your repo
name: Build .NET project as release and publish it
# Trigger when a tag following the "v*.*.*" format is created (semantic versioning)
on:
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
env:
DOTNET_CLI_TELEMETRY_OPTOUT: true
DOTNET_NOLOGO: true
# Path to the csproj file that will be used by dotnet to build
CSPROJ_PATH: ${{ github.workspace }}\PictureColorDiffusion\PictureColorDiffusion.csproj
# Output path of the build
BUILD_OUTPUT_PATH: ${{ github.workspace }}\github-action\release-build-output
jobs:
# Build and upload as artifact the files
build:
runs-on: windows-latest
# Scopes not defined are set to None as long as one scope is manually set here
permissions:
contents: read # Allow checkout action to get the repo code
steps:
# Copy the repo code from the tag that triggered this action. This allow this job to access the code of the repo.
- name: Checkout tag
uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: 8.0.x
- name: Restore/Install dependencies
run: dotnet restore $env:CSPROJ_PATH
- name: Build with 'Release' config to the $BUILD_OUTPUT_PATH env
# Always run the CLI as a Powershell since we get our env variable for the output using powershell syntax
shell: pwsh
run: |
# Get the tag name v*.*.* and remove the "v"
$VERSION_NUMBER = $env:GITHUB_REF_NAME -replace '^v', ''
# Build the project
dotnet build $env:CSPROJ_PATH --configuration Release --no-restore --output $env:BUILD_OUTPUT_PATH /p:Version=$VERSION_NUMBER /p:AssemblyVersion=$VERSION_NUMBER
- name: Test the build
run: dotnet test $env:CSPROJ_PATH --no-build --verbosity normal
# Upload build files as a artifact to get access to them on the other job later
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: build-output
path: ${{ env.BUILD_OUTPUT_PATH }}/*
# Only keep the artifact up on github for 1 day instead of 30 default since we only need to use it re-use it in the publish job one time
retention-days: 1
# Download the "build" job artifact and prepare them for release
publish:
# Ubuntu often seems to be starting faster than windows, for a publish task, windows is not needed
runs-on: ubuntu-latest
# Only start this job if the "build" job completed without errors
needs: build
if: success() # Ensure that there was no error during the "build" job
# This grant the write permission to the job since gh-release need the permission to edit a release to upload the build files
# Scopes not defined are set to None as long as one scope is manually set here
permissions:
contents: write
steps:
# Get back the uploaded build files
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-output
# Where to save the downloaded files
path: github-action/artifacts-build-output
# Compress the build files as "release.zip"
- name: Compress build output for release
run: |
# Change path to the downloaded artifacts (To have the build files at the root of the zip file)
cd github-action/artifacts-build-output/
# Create release.zip under github-action/release.zip
zip -r ../release.zip ./*
- name: Create 256SHA checksum of release.zip
run: |
touch release-checksum.md
ReleaseHash=$(shasum -a 256 github-action/release.zip | awk '{ print $1 }')
echo "## Notice about this release build" >> release-checksum.md
echo "This release was build using github action. **The build can be found under \`release.zip\`**." >> release-checksum.md
echo "### Checksum" >> release-checksum.md
echo "| File Name | SHA256 |" >> release-checksum.md
echo "| ------------ | ------------ |" >> release-checksum.md
echo "| \`release.zip\` | \`$ReleaseHash\`|" >> release-checksum.md
# Make the release-checksum.md immutable to try to prevent modifications
sudo chattr +i release-checksum.md
# Upload "release.zip" to the github release
- name: Publish build to github release
# Use a pinned hash as a prevention to repojacking, verify changelogs & latest before updating for security
uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 #v2.0.8 pinned hash
with:
prerelease: false
append_body: true
files: github-action/release.zip
body_path: release-checksum.md