Fix publish workflow: use pwsh for glob expansion and dotnet nuget fo… #10
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish to NuGet | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| jobs: | |
| publish: | |
| runs-on: windows-latest | |
| env: | |
| SM_HOST: ${{ vars.SM_HOST }} | |
| SM_API_KEY: ${{ secrets.SM_API_KEY }} | |
| SM_CLIENT_CERT_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: 8.0.x | |
| - name: Setup NuGet | |
| uses: nuget/setup-nuget@v2 | |
| - name: Extract version from tag | |
| id: version | |
| run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_OUTPUT | |
| shell: bash | |
| - name: Restore | |
| run: dotnet restore | |
| - name: Build | |
| run: dotnet build --configuration Release --no-restore -p:Version=${{ steps.version.outputs.VERSION }} | |
| - name: Pack | |
| run: dotnet pack BugSplatDotNetStandard/BugSplatDotNetStandard.csproj --configuration Release --no-build -p:Version=${{ steps.version.outputs.VERSION }} -o ./nupkg | |
| - name: Decode DigiCert client certificate | |
| run: echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > "${{ runner.temp }}/cert.p12" | |
| shell: bash | |
| - name: Set SM_CLIENT_CERT_FILE | |
| run: echo "SM_CLIENT_CERT_FILE=${{ runner.temp }}\cert.p12" >> $env:GITHUB_ENV | |
| shell: pwsh | |
| - name: Install SMCTL and KSP | |
| run: | | |
| curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi | |
| msiexec /i smtools-windows-x64.msi /quiet /qn | |
| echo C:\Program Files\DigiCert\DigiCert One Signing Manager Tools>> %GITHUB_PATH% | |
| shell: cmd | |
| - name: Sync certificate to Windows store | |
| run: smctl windows certsync --keypair-alias=${{ secrets.SM_KEYPAIR_ALIAS }} | |
| shell: cmd | |
| - name: Sign NuGet package | |
| run: | | |
| Get-ChildItem ./nupkg/*.nupkg | ForEach-Object { | |
| nuget sign $_.FullName -Timestamper http://timestamp.digicert.com -CertificateFingerprint ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} -HashAlgorithm SHA256 -Verbosity detailed -Overwrite | |
| } | |
| shell: pwsh | |
| - name: Verify signature | |
| run: | | |
| Get-ChildItem ./nupkg/*.nupkg | ForEach-Object { | |
| nuget verify -All $_.FullName | |
| } | |
| shell: pwsh | |
| - name: Push to NuGet | |
| run: | | |
| Get-ChildItem ./nupkg/*.nupkg | ForEach-Object { | |
| dotnet nuget push $_.FullName --api-key ${{ secrets.NUGET_API_KEY }} --source https://api.nuget.org/v3/index.json --skip-duplicate | |
| } | |
| shell: pwsh | |
| - name: Clean up | |
| if: always() | |
| run: rm -f "${{ runner.temp }}/cert.p12" | |
| shell: bash |