ci: add semantic PR title check workflow (#21) #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Delivery | |
| # | |
| # Release-please and NuGet publishing are combined in one workflow because | |
| # GITHUB_TOKEN-created releases do not trigger new workflow runs. | |
| # | |
| on: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true | |
| jobs: | |
| # --------------------------------------------------------------------------- | |
| # Release-please: create release PR and GitHub releases | |
| # --------------------------------------------------------------------------- | |
| release-please: | |
| name: Release Please | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| outputs: | |
| release_created: ${{ steps.release.outputs.release_created }} | |
| tag_name: ${{ steps.release.outputs.tag_name }} | |
| version: ${{ steps.release.outputs.version }} | |
| steps: | |
| - uses: googleapis/release-please-action@v4 | |
| id: release | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| # --------------------------------------------------------------------------- | |
| # NuGet: pack and publish when a release is created | |
| # --------------------------------------------------------------------------- | |
| publish: | |
| name: Publish to NuGet | |
| needs: release-please | |
| if: needs.release-please.outputs.release_created == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-dotnet@v5 | |
| with: | |
| dotnet-version: | | |
| 8.0.x | |
| 10.0.x | |
| # Download native libraries for all platforms from the postguard repo | |
| - name: Download pg-ffi native libraries | |
| run: | | |
| RUNTIMES_DIR="src/runtimes" | |
| TAG=$(gh release list --repo encryption4all/postguard --json tagName -q '[.[] | select(.tagName | startswith("pg-ffi-"))][0].tagName') | |
| if [ -z "$TAG" ]; then | |
| echo "::error::No pg-ffi release found" | |
| exit 1 | |
| fi | |
| echo "Using release: $TAG" | |
| for TARGET in linux-x64 linux-arm64 osx-arm64 osx-x64; do | |
| ASSET="pg-ffi-${TARGET}.tar.gz" | |
| mkdir -p "${RUNTIMES_DIR}/${TARGET}/native" | |
| echo "Downloading ${ASSET}..." | |
| gh release download "$TAG" --repo encryption4all/postguard --pattern "$ASSET" --dir /tmp | |
| tar xzf "/tmp/${ASSET}" -C "${RUNTIMES_DIR}/${TARGET}/native" | |
| done | |
| mkdir -p "${RUNTIMES_DIR}/win-x64/native" | |
| echo "Downloading pg-ffi-win-x64.zip..." | |
| gh release download "$TAG" --repo encryption4all/postguard --pattern "pg-ffi-win-x64.zip" --dir /tmp | |
| unzip -o /tmp/pg-ffi-win-x64.zip -d "${RUNTIMES_DIR}/win-x64/native" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Pack | |
| run: dotnet pack src/E4A.PostGuard.csproj --configuration Release -p:Version=${{ needs.release-please.outputs.version }} --output ./artifacts | |
| - name: NuGet login (trusted publishing) | |
| id: login | |
| uses: nuget/login@v1 | |
| with: | |
| user: ${{ secrets.NUGET_USER }} | |
| - name: Publish to NuGet | |
| run: dotnet nuget push ./artifacts/*.nupkg --api-key ${{ steps.login.outputs.NUGET_API_KEY }} --source https://api.nuget.org/v3/index.json --skip-duplicate |