|
| 1 | +name: jetify |
| 2 | + |
| 3 | +on: |
| 4 | + workflow_dispatch: |
| 5 | + inputs: |
| 6 | + version: |
| 7 | + description: 'release version' |
| 8 | + default: "latest" |
| 9 | + required: true |
| 10 | + detours-git-commit: |
| 11 | + description: 'Detours git commit' |
| 12 | + default: '4b8c659' |
| 13 | + required: true |
| 14 | + sign-nuget: |
| 15 | + description: 'Sign nuget package' |
| 16 | + required: true |
| 17 | + type: boolean |
| 18 | + default: false |
| 19 | + skip-publish: |
| 20 | + description: 'Skip publishing' |
| 21 | + required: true |
| 22 | + type: boolean |
| 23 | + default: false |
| 24 | + dry-run: |
| 25 | + description: 'Dry run (simulate)' |
| 26 | + required: true |
| 27 | + type: boolean |
| 28 | + default: true |
| 29 | + |
| 30 | +jobs: |
| 31 | + preflight: |
| 32 | + name: Preflight |
| 33 | + runs-on: ubuntu-22.04 |
| 34 | + outputs: |
| 35 | + package-env: ${{ steps.info.outputs.package-env }} |
| 36 | + package-version: ${{ steps.info.outputs.package-version }} |
| 37 | + detours-git-commit: ${{ steps.info.outputs.detours-git-commit }} |
| 38 | + sign-nuget: ${{ steps.info.outputs.sign-nuget }} |
| 39 | + skip-publish: ${{ steps.info.outputs.skip-publish }} |
| 40 | + dry-run: ${{ steps.info.outputs.dry-run }} |
| 41 | + |
| 42 | + steps: |
| 43 | + - name: Package information |
| 44 | + id: info |
| 45 | + shell: pwsh |
| 46 | + run: | |
| 47 | + $IsMasterBranch = ('${{ github.ref_name }}' -eq 'master') |
| 48 | + $IsScheduledJob = ('${{ github.event_name }}' -eq 'schedule') |
| 49 | +
|
| 50 | + if ('${{ github.event_name }}' -Eq 'schedule') { |
| 51 | +
|
| 52 | + } |
| 53 | +
|
| 54 | + try { $SignNuget = [System.Boolean]::Parse('${{ inputs.sign-nuget }}') } catch { $SignNuget = $false } |
| 55 | + try { $SkipPublish = [System.Boolean]::Parse('${{ inputs.skip-publish }}') } catch { $SkipPublish = $false } |
| 56 | + try { $DryRun = [System.Boolean]::Parse('${{ inputs.dry-run }}') } catch { $DryRun = $true } |
| 57 | +
|
| 58 | + $PackageEnv = if ($IsMasterBranch -And -Not $IsScheduledJob) { |
| 59 | + "publish-prod" |
| 60 | + } else { |
| 61 | + "publish-test" |
| 62 | + } |
| 63 | + |
| 64 | + if (-Not $IsMasterBranch) { |
| 65 | + $DryRun = $true # force dry run when not on master branch |
| 66 | + } |
| 67 | + if ($IsScheduledJob) { |
| 68 | + $DryRun = $true # force dry run for scheduled runs |
| 69 | + } |
| 70 | +
|
| 71 | + $PackageVersion = '${{ inputs.version }}' |
| 72 | + if ([string]::IsNullOrEmpty($PackageVersion) -or $PackageVersion -eq 'latest') { |
| 73 | + $PackageVersion = (Get-Date -Format "yyyy.MM.dd") |
| 74 | + } |
| 75 | +
|
| 76 | + if ($PackageVersion -NotMatch '^\d+\.\d+\.\d+$') { |
| 77 | + throw "invalid version format: $PackageVersion, expected: 1.2.3" |
| 78 | + } |
| 79 | +
|
| 80 | + $DetoursGitCommit = '${{ inputs.detours-git-commit }}' |
| 81 | + if ([string]::IsNullOrEmpty($DetoursGitCommit)) { |
| 82 | + $DetoursGitCommit = '4b8c659' |
| 83 | + } |
| 84 | +
|
| 85 | + echo "package-env=$PackageEnv" >> $Env:GITHUB_OUTPUT |
| 86 | + echo "package-version=$PackageVersion" >> $Env:GITHUB_OUTPUT |
| 87 | + echo "detours-git-commit=$DetoursGitCommit" >> $Env:GITHUB_OUTPUT |
| 88 | + echo "sign-nuget=$($SignNuget.ToString().ToLower())" >> $Env:GITHUB_OUTPUT |
| 89 | + echo "skip-publish=$($SkipPublish.ToString().ToLower())" >> $Env:GITHUB_OUTPUT |
| 90 | + echo "dry-run=$($DryRun.ToString().ToLower())" >> $Env:GITHUB_OUTPUT |
| 91 | +
|
| 92 | + echo "::notice::Version: $PackageVersion" |
| 93 | + echo "::notice::DryRun: $DryRun" |
| 94 | +
|
| 95 | + build: |
| 96 | + name: Build Jetify |
| 97 | + runs-on: windows-2022 |
| 98 | + needs: [preflight] |
| 99 | + strategy: |
| 100 | + fail-fast: true |
| 101 | + matrix: |
| 102 | + arch: [ x64, arm64 ] |
| 103 | + |
| 104 | + steps: |
| 105 | + - name: Check out ${{ github.repository }} |
| 106 | + uses: actions/checkout@v4 |
| 107 | + |
| 108 | + - name: Configure runner |
| 109 | + shell: pwsh |
| 110 | + run: | |
| 111 | + Install-Module -Name VsDevShell -Force |
| 112 | + New-Item .\package -ItemType Directory -ErrorAction SilentlyContinue | Out-Null |
| 113 | +
|
| 114 | + - name: Update version |
| 115 | + shell: pwsh |
| 116 | + run: | |
| 117 | + $PackageVersion = '${{ needs.preflight.outputs.package-version }}' |
| 118 | + $nuspecFilePath = "jetify\nuget\Devolutions.Jetify.nuspec" |
| 119 | + $nuspecContent = Get-Content -Path $nuspecFilePath |
| 120 | + $updatedNuspecContent = $nuspecContent -replace '(<version>)(.*?)(</version>)', "`$1$PackageVersion`$3" |
| 121 | + $updatedNuspecContent | Set-Content -Path $nuspecFilePath |
| 122 | + Set-Content -Path .\VERSION -Value $PackageVersion |
| 123 | +
|
| 124 | + - name: Restore Detours Cache (${{matrix.arch}}) |
| 125 | + id: cache-detours |
| 126 | + uses: actions/cache/restore@v4 |
| 127 | + with: |
| 128 | + path: dependencies/detours |
| 129 | + key: detours-${{ matrix.arch }}-${{ needs.preflight.outputs.detours-git-commit }} |
| 130 | + |
| 131 | + - name: Build Detours (${{matrix.arch}}) |
| 132 | + if: steps.cache-detours.outputs.cache-hit != 'true' |
| 133 | + shell: pwsh |
| 134 | + run: | |
| 135 | + Enter-VsDevShell ${{matrix.arch}} |
| 136 | + $GitCommit = '${{ needs.preflight.outputs.detours-git-commit }}' |
| 137 | + .\detours.ps1 -GitCommit $GitCommit |
| 138 | +
|
| 139 | + - name: Save Detours Cache (${{matrix.arch}}) |
| 140 | + if: steps.cache-detours.outputs.cache-hit != 'true' |
| 141 | + uses: actions/cache/save@v4 |
| 142 | + with: |
| 143 | + path: dependencies/detours |
| 144 | + key: detours-${{ matrix.arch }}-${{ needs.preflight.outputs.detours-git-commit }} |
| 145 | + |
| 146 | + - name: Build Jetify (${{matrix.arch}}) |
| 147 | + shell: pwsh |
| 148 | + run: | |
| 149 | + $Arch = "${{matrix.arch}}" |
| 150 | + $BuildDir = "build-$Arch" |
| 151 | + $PackageVersion = '${{ needs.preflight.outputs.package-version }}' |
| 152 | + $MsvcArch = @{"x64"="x64";"arm64"="ARM64"}["${{matrix.arch}}"] |
| 153 | + cmake -G "Visual Studio 17 2022" -A $MsvcArch -B $BuildDir |
| 154 | + cmake --build $BuildDir --config Release |
| 155 | + New-Item -ItemType Directory -Path "dependencies/Jetify/$Arch" | Out-Null |
| 156 | + @('Jetify.dll') | % { |
| 157 | + Copy-Item "$BuildDir/Release/$_" "dependencies/Jetify/$Arch" |
| 158 | + } |
| 159 | + Compress-Archive "dependencies\Jetify\$Arch\*" ".\package\Jetify-$PackageVersion-$Arch.zip" -CompressionLevel Optimal |
| 160 | +
|
| 161 | + - name: Upload Jetify (${{matrix.arch}}) |
| 162 | + uses: actions/upload-artifact@v4 |
| 163 | + with: |
| 164 | + name: Jetify-${{matrix.arch}} |
| 165 | + path: package/*.zip |
| 166 | + |
| 167 | + package: |
| 168 | + name: Package Jetify |
| 169 | + runs-on: windows-2022 |
| 170 | + needs: [preflight, build] |
| 171 | + environment: ${{ needs.preflight.outputs.package-env }} |
| 172 | + |
| 173 | + steps: |
| 174 | + - name: Check out ${{ github.repository }} |
| 175 | + uses: actions/checkout@v4 |
| 176 | + |
| 177 | + - name: Configure runner |
| 178 | + shell: pwsh |
| 179 | + run: | |
| 180 | + New-Item .\package -ItemType Directory -ErrorAction SilentlyContinue | Out-Null |
| 181 | + New-Item ".\dependencies\Jetify" -ItemType Directory | Out-Null |
| 182 | +
|
| 183 | + - name: Install code signing tools |
| 184 | + run: | |
| 185 | + dotnet tool install --global AzureSignTool |
| 186 | + dotnet tool install --global NuGetKeyVaultSignTool |
| 187 | + # trust test code signing CA |
| 188 | + $TestCertsUrl = "https://raw.githubusercontent.com/Devolutions/devolutions-authenticode/master/data/certs" |
| 189 | + Invoke-WebRequest -Uri "$TestCertsUrl/authenticode-test-ca.crt" -OutFile ".\authenticode-test-ca.crt" |
| 190 | + Import-Certificate -FilePath ".\authenticode-test-ca.crt" -CertStoreLocation "cert:\LocalMachine\Root" |
| 191 | + Remove-Item ".\authenticode-test-ca.crt" -ErrorAction SilentlyContinue | Out-Null |
| 192 | +
|
| 193 | + - name: Download native dependencies |
| 194 | + uses: actions/download-artifact@v4 |
| 195 | + with: |
| 196 | + pattern: Jetify-* |
| 197 | + merge-multiple: true |
| 198 | + path: package |
| 199 | + |
| 200 | + - name: Create nuget package |
| 201 | + shell: pwsh |
| 202 | + run: | |
| 203 | + Get-Item .\package\*.zip | ForEach-Object { |
| 204 | + ($Name, $Version, $Arch) = $_.BaseName -Split '-' |
| 205 | + $NativePath = "jetify\nuget\runtimes\win-$Arch\native" |
| 206 | + New-Item -ItemType Directory $NativePath -Force | Out-Null |
| 207 | + Expand-Archive $_ $NativePath -Force |
| 208 | + } |
| 209 | + nuget pack jetify/nuget -OutputDirectory package |
| 210 | +
|
| 211 | + - name: Code sign nuget contents |
| 212 | + shell: pwsh |
| 213 | + run: | |
| 214 | + Set-PSDebug -Trace 1 |
| 215 | + $NugetBaseName = $(Get-Item ./package/*.nupkg).BaseName |
| 216 | + $PackedFile = "./package/${NugetBaseName}.nupkg" |
| 217 | + $UnpackedDir = "./package/${NugetBaseName}" |
| 218 | + $OutputDirectory = $(Get-Item $PackedFile).Directory.FullName |
| 219 | + Expand-Archive -Path $PackedFile -Destination $UnpackedDir -Force |
| 220 | + $Params = @('sign', |
| 221 | + '-kvt', '${{ secrets.AZURE_TENANT_ID }}', |
| 222 | + '-kvu', '${{ secrets.CODE_SIGNING_KEYVAULT_URL }}', |
| 223 | + '-kvi', '${{ secrets.CODE_SIGNING_CLIENT_ID }}', |
| 224 | + '-kvs', '${{ secrets.CODE_SIGNING_CLIENT_SECRET }}', |
| 225 | + '-kvc', '${{ secrets.CODE_SIGNING_CERTIFICATE_NAME }}', |
| 226 | + '-tr', '${{ vars.CODE_SIGNING_TIMESTAMP_SERVER }}', |
| 227 | + '-v') |
| 228 | + Get-ChildItem "$UnpackedDir\lib" -Include @("*.dll") -Recurse | ForEach-Object { |
| 229 | + AzureSignTool @Params $_.FullName |
| 230 | + } |
| 231 | + Remove-Item $PackedFile -ErrorAction SilentlyContinue | Out-Null |
| 232 | + Compress-Archive -Path "$UnpackedDir\*" -Destination $PackedFile -CompressionLevel Optimal |
| 233 | + |
| 234 | + - name: Code sign nuget package |
| 235 | + if: ${{ fromJSON(needs.preflight.outputs.sign-nuget) == true }} |
| 236 | + shell: pwsh |
| 237 | + run: | |
| 238 | + $NugetPackage = (Get-Item ".\package\*.nupkg" | Select-Object -First 1) | Resolve-Path -Relative |
| 239 | + $Params = @('sign', $NugetPackage, |
| 240 | + '-kvt', '${{ secrets.AZURE_TENANT_ID }}', |
| 241 | + '-kvu', '${{ secrets.CODE_SIGNING_KEYVAULT_URL }}', |
| 242 | + '-kvi', '${{ secrets.CODE_SIGNING_CLIENT_ID }}', |
| 243 | + '-kvs', '${{ secrets.CODE_SIGNING_CLIENT_SECRET }}', |
| 244 | + '-kvc', '${{ secrets.CODE_SIGNING_CERTIFICATE_NAME }}', |
| 245 | + '-tr', '${{ vars.CODE_SIGNING_TIMESTAMP_SERVER }}', |
| 246 | + '-v') |
| 247 | + & NuGetKeyVaultSignTool @Params |
| 248 | + |
| 249 | + - name: Upload nuget package |
| 250 | + uses: actions/upload-artifact@v4 |
| 251 | + with: |
| 252 | + name: Jetify-nupkg |
| 253 | + path: package/*.nupkg |
| 254 | + |
| 255 | + publish: |
| 256 | + name: Publish packages |
| 257 | + runs-on: ubuntu-22.04 |
| 258 | + needs: [preflight, build, package] |
| 259 | + environment: ${{ needs.preflight.outputs.package-env }} |
| 260 | + if: ${{ fromJSON(needs.preflight.outputs.skip-publish) == false }} |
| 261 | + |
| 262 | + steps: |
| 263 | + - name: Download nuget package |
| 264 | + uses: actions/download-artifact@v4 |
| 265 | + with: |
| 266 | + name: Jetify-nupkg |
| 267 | + path: package |
| 268 | + |
| 269 | + - name: Publish to nuget.org |
| 270 | + shell: pwsh |
| 271 | + run: | |
| 272 | + $DryRun = [System.Boolean]::Parse('${{ needs.preflight.outputs.dry-run }}') |
| 273 | + $NugetPackage = (Get-Item ./package/*.nupkg) | Resolve-Path -Relative |
| 274 | +
|
| 275 | + $PushArgs = @( |
| 276 | + 'nuget', 'push', "$NugetPackage", |
| 277 | + '--api-key', '${{ secrets.NUGET_API_KEY }}', |
| 278 | + '--source', 'https://api.nuget.org/v3/index.json', |
| 279 | + '--skip-duplicate', '--no-symbols' |
| 280 | + ) |
| 281 | + Write-Host "dotnet $($PushArgs -Join ' ')" |
| 282 | + if ($DryRun) { |
| 283 | + Write-Host "Dry Run: skipping nuget.org publishing!" |
| 284 | + } else { |
| 285 | + & 'dotnet' $PushArgs |
| 286 | + } |
0 commit comments