File tree Expand file tree Collapse file tree 1 file changed +39
-19
lines changed
Expand file tree Collapse file tree 1 file changed +39
-19
lines changed Original file line number Diff line number Diff line change 55 tags :
66 - ' *.*.*'
77permissions :
8+ id-token : write
89 contents : read
10+ checks : write
911
1012jobs :
1113 build-windows :
@@ -17,12 +19,20 @@ jobs:
1719 uses : actions/checkout@v4
1820 with :
1921 fetch-depth : 0
22+ - name : Azure Login via OIDC
23+ uses : azure/login@v2
24+ with :
25+ client-id : ${{ secrets.AZURE_CLIENT_ID }}
26+ tenant-id : ${{ secrets.AZURE_TENANT_ID }}
27+ subscription-id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
2028 - name : Setup dotnet
2129 uses : actions/setup-dotnet@v4
2230 with :
2331 dotnet-version : |
2432 8.0.x
2533 9.0.x
34+ - name : Install NuGetKeyVaultSignTool
35+ run : dotnet tool install --global NuGetKeyVaultSignTool
2636 - name : Build and Test
2737 run : |
2838 dotnet build --configuration Release
@@ -32,25 +42,16 @@ jobs:
3242 dotnet test --configuration Release --no-build --results-directory ".\artifacts" -l trx .\src\AutoMapper.DI.Tests
3343
3444 shell : pwsh
35- build :
36- needs : build-windows
37- strategy :
38- fail-fast : false
39- runs-on : ubuntu-latest
40- steps :
41- - name : Checkout
42- uses : actions/checkout@v4
43- with :
44- fetch-depth : 0
45- - name : Setup dotnet
46- uses : actions/setup-dotnet@v4
47- with :
48- dotnet-version : |
49- 8.0.x
50- 9.0.x
51- - name : Build and Test
52- run : ./Build.ps1
45+ - name : Generate SBOM
46+ run : |
47+ dotnet tool install --global Microsoft.Sbom.DotNetTool --version 4.1.5
48+ sbom-tool generate -b artifacts -bc src/AutoMapper -pn AutoMapper -pv ${{ github.ref_name }} -ps LuckyPennySoftware -nsb https://automapper.io/sbom
5349 shell : pwsh
50+ - name : Sign packages
51+ run : |-
52+ foreach ($f in Get-ChildItem "./artifacts" -Filter "*.nupkg") {
53+ NuGetKeyVaultSignTool sign $f.FullName --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-managed-identity --azure-key-vault-url ${{ secrets.AZURE_KEYVAULT_URI }} --azure-key-vault-certificate ${{ secrets.CODESIGN_CERT_NAME }}
54+ }
5455 - name : Push to MyGet
5556 env :
5657 NUGET_URL : https://f.feedz.io/lucky-penny-software/automapper/nuget/index.json
6768 uses : actions/upload-artifact@v4
6869 with :
6970 name : artifacts
70- path : artifacts/**/*
71+ path : artifacts/**/*
72+ build :
73+ needs : build-windows
74+ strategy :
75+ fail-fast : false
76+ runs-on : ubuntu-latest
77+ steps :
78+ - name : Checkout
79+ uses : actions/checkout@v4
80+ with :
81+ fetch-depth : 0
82+ - name : Setup dotnet
83+ uses : actions/setup-dotnet@v4
84+ with :
85+ dotnet-version : |
86+ 8.0.x
87+ 9.0.x
88+ - name : Build and Test
89+ run : ./Build.ps1
90+ shell : pwsh
You can’t perform that action at this time.
0 commit comments