Publish Package #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Package | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| dry_run: | |
| description: 'Is this a dry run. If so no package will be published.' | |
| type: boolean | |
| required: true | |
| tag: | |
| description: 'Tag for provenance. For a dry run the value does not matter.' | |
| type: string | |
| required: true | |
| workflow_call: | |
| inputs: | |
| dry_run: | |
| description: 'Is this a dry run. If so no package will be published.' | |
| type: boolean | |
| required: true | |
| tag: | |
| description: 'Tag for provenance' | |
| type: string | |
| required: true | |
| jobs: | |
| publish: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # Needed if using OIDC to get release secrets. | |
| contents: write # Contents and pull-requests are for release-please to make releases. | |
| pull-requests: write | |
| steps: | |
| - uses: launchdarkly/gh-actions/actions/[email protected] | |
| name: Get secrets | |
| with: | |
| aws_assume_role: ${{ vars.AWS_ROLE_ARN }} | |
| ssm_parameter_pairs: '/production/common/releasing/digicert/host = DIGICERT_HOST, | |
| /production/common/releasing/digicert/api_key = DIGICERT_API_KEY, | |
| /production/common/releasing/digicert/client_cert_file_b64 = DIGICERT_CLIENT_CERT_FILE_B64, | |
| /production/common/releasing/digicert/client_cert_password = DIGICERT_CLIENT_CERT_PASSWORD, | |
| /production/common/releasing/digicert/code_signing_cert_sha1_hash = DIGICERT_CODE_SIGNING_CERT_SHA1_HASH, | |
| /production/common/releasing/nuget/api_key = NUGET_API_KEY' | |
| s3_path_pairs: 'launchdarkly-releaser/dotnet/LaunchDarkly.snk = LaunchDarkly.snk' | |
| - uses: actions/checkout@v4 | |
| - name: Build Release | |
| uses: ./.github/actions/release-build | |
| - name: Build Documentation | |
| uses: ./.github/actions/build-docs | |
| - name: Sign DLLs | |
| uses: launchdarkly/gh-actions/actions/[email protected] | |
| with: | |
| build_configuration_path: ./src/LaunchDarkly.Logging.Microsoft/bin/Release | |
| dll_name: LaunchDarkly.Logging.Microsoft.dll | |
| - name: Publish Nupkg | |
| id: publish | |
| uses: ./.github/actions/publish | |
| with: | |
| dry_run: ${{ inputs.dry_run }} | |
| - name: Publish Documentation | |
| uses: ./.github/actions/publish-docs | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| dry_run: ${{ inputs.dry_run }} | |
| provenance: | |
| permissions: | |
| actions: read | |
| id-token: write | |
| contents: write | |
| if: ${{ inputs.dry_run == 'false' }} | |
| needs: ['publish'] | |
| uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | |
| with: | |
| base64-subjects: "${{ needs.publish.outputs.hashes }}" | |
| upload-assets: true | |
| upload-tag-name: ${{ inputs.tag }} | |
| provenance-name: ${{ format('LaunchDarkly.Logging.Microsoft-{0}_provenance.intoto.jsonl', inputs.tag) }} |