Elgato_dark/products
1
0
Fork 0
mirror of https://github.com/DuendeSoftware/products synced 2026-05-24 09:28:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update CI/CD workflows to use only .NET 10.0.100 SDK

Browse source
This commit is contained in:
Damian Hickey 2026-02-16 16:05:13 +01:00
parent cc776ed0b6
commit b960eb0283
8 changed files with 1382 additions and 1439 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

528
.github/workflow-gen/StepExtensions.cs vendored
View file

@ -1,267 +1,267 @@
// Copyright (c) Duende Software. All rights reserved.
// Licensed under the Apache License, Version 2.0.
using Logicality.GitHub.Actions.Workflow;
public static class StepExtensions
{
public static void EnvDefaults(this Workflow workflow)
=> workflow.Env(
("DOTNET_NOLOGO", "true"),
("DOTNET_CLI_TELEMETRY_OPTOUT", "true"));
public static void StepSetupDotNet(this Job job)
{
job.Step()
.Name("List .net sdks")
.Run("dotnet --list-sdks");
// Copyright (c) Duende Software. All rights reserved.
// Licensed under the Apache License, Version 2.0.
using Logicality.GitHub.Actions.Workflow;
public static class StepExtensions
{
public static void EnvDefaults(this Workflow workflow)
=> workflow.Env(
("DOTNET_NOLOGO", "true"),
("DOTNET_CLI_TELEMETRY_OPTOUT", "true"));
public static void StepSetupDotNet(this Job job)
{
job.Step()
.Name("List .net sdks")
.Run("dotnet --list-sdks");
job.Step()
.Name("Setup .NET")
.ActionsSetupDotNet("3e891b0cb619bf60e2c25674b222b8940e2c1c25", ["8.0.x", "9.0.203", "10.0.100"]);
.ActionsSetupDotNet("3e891b0cb619bf60e2c25674b222b8940e2c1c25", ["10.0.100"]);
// v4.1.0
}
/// <summary>
/// Only run this for a main build
/// </summary>
public static Step IfRefMain(this Step step)
=> step.If("github.ref == 'refs/heads/main'");
/// <summary>
/// Only run this if the build is triggered on a branch IN the same repo
/// this means it's from a trusted contributor.
/// </summary>
public static Step IfGithubEventIsPush(this Step step)
=> step.If("github.event == 'push'");
public static void StepDotNetDevCerts(this Job job)
=> job.Step()
.Name("Dotnet devcerts")
.Run("dotnet dev-certs https --trust");
public static void CachePlaywrightAssets(this Job job)
=> job.Step("playwright-cache")
.Name("Cache Playwright assets")
.Uses("actions/cache@v4")
.With(
("path", "~/.cache/ms-playwright"),
("key", "playwright-${{ runner.os }}-${{ hashFiles('**/Hosts.Tests.csproj') }}"),
("restore-keys", "playwright-${{ runner.os }}-"));
public static void StepInstallPlayWright(this Job job, string playwrightTestProject)
=> job.Step()
.Name("Install Playwright")
.If("steps.playwright-cache.outputs.cache-hit != 'true'")
.Run($"pwsh test/{playwrightTestProject}/bin/Release/net10.0/playwright.ps1 install --with-deps");
public static void StepToolRestore(this Job job)
=> job.Step()
.Name("Tool restore")
.Run("dotnet tool restore");
public static void StepPack(this Job job, string target) =>
job.Step()
.Name($"Pack {target}")
.Run($"dotnet pack -c Release {target} -o artifacts");
public static Step StepRestore(this Job job, string solution)
=> job.Step()
.Name("Restore")
.Run($"dotnet restore {solution}");
public static Step StepVerifyFormatting(this Job job, string solution)
=> job.Step()
.Name("Verify Formatting")
.Run($"dotnet format {solution} --verify-no-changes --no-restore");
public static Step StepBuild(this Job job, string solution)
=> job.Step()
.Name("Build")
.Run($"dotnet build {solution} --no-restore -c Release");
public static void StepTest(this Job job, string project)
{
var logFileName = $"{project}-tests.trx";
var loggingFlags = $"--logger \"console;verbosity=normal\" " +
$"--logger \"trx;LogFileName={logFileName}\" " +
$"--collect:\"XPlat Code Coverage\"";
job.Step()
.Name($"Test - {project}")
.Run($"dotnet test {project} -c Release --no-build {loggingFlags}");
var id = $"test-report-{project.Replace("/", "-").Replace(".", "-")}";
job.Step(id)
.Name($"Test report - {project}")
.WorkingDirectory("test")
.Uses("dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5") // v1.9.1
.If("github.event_name == 'push' && (success() || failure())")
.With(
("name", $"Test Report - {project}"),
("path", $"**/{logFileName}"),
("reporter", "dotnet-trx"),
("fail-on-error", "true"),
("fail-on-empty", "true"));
job.Step()
.Name("Publish test report link")
.Run($"echo \"[Test Results - {project}](${{{{ steps.{id}.outputs.url_html }}}})\" >> $GITHUB_STEP_SUMMARY");
}
public static Step StepPushToNuget(this Job job, bool pushAlways = false)
=> job.StepPush("nuget.org", "https://api.nuget.org/v3/index.json", "NUGET_ORG_API_KEY", pushAlways);
public static Step StepPushToGithub(this Job job, GitHubContexts contexts, bool pushAlways = false)
=> job.StepPush("GitHub", "https://nuget.pkg.github.com/DuendeSoftware/index.json", "GITHUB_TOKEN", pushAlways)
.Env(("GITHUB_TOKEN", contexts.Secrets.GitHubToken),
("NUGET_AUTH_TOKEN", contexts.Secrets.GitHubToken));
public static void StepSign(this Job job, bool always = false)
{
var flags = "--file-digest sha256 " +
"--timestamp-rfc3161 http://timestamp.digicert.com " +
"--azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ " +
"--azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 " +
"--azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 " +
"--azure-key-vault-client-secret ${{ secrets.SignClientSecret }} " +
"--azure-key-vault-certificate NuGetPackageSigning";
var step = job.Step()
.Name("Sign packages");
if (!always)
{
step = step.IfGithubEventIsPush();
}
step.Run($"""
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" {flags}
done
""");
}
public static Step StepPush(this Job job, string destination, string sourceUrl, string secretName, bool pushAlways = false)
{
var apiKey = $"${{{{ secrets.{secretName} }}}}";
var step = job.Step()
.Name($"Push packages to {destination}");
if (!pushAlways)
{
step.IfRefMain();
}
return step.Run($"dotnet nuget push artifacts/*.nupkg --source {sourceUrl} --api-key {apiKey} --skip-duplicate");
}
public static Step StepGitCheckoutCustomBranch(this Job job) =>
job.Step()
.Name("Checkout target branch")
.If("github.event.inputs.branch != 'main'")
.Run("git checkout ${{ github.event.inputs.branch }}");
public static Step StepGitConfig(this Job job) =>
job.Step()
.Name("Git Config")
.Run("""
git config --global user.email "github-bot@duendesoftware.com"
git config --global user.name "Duende Software GitHub Bot"
""");
internal static Step StepGitRemoveExistingTagIfConfigured(this Job job, Product component, GitHubContexts contexts) =>
job.Step()
.Name("Git Config")
.If("github.event.inputs['remove-tag-if-exists'] == 'true'")
.Run($"""
if git rev-parse {component.TagPrefix}-{contexts.Event.Input.Version} >/dev/null 2>&1; then
git tag -d {component.TagPrefix}-{contexts.Event.Input.Version}
git push --delete origin {component.TagPrefix}-{contexts.Event.Input.Version}
else
echo 'Tag {component.TagPrefix}-{contexts.Event.Input.Version} does not exist.'
fi
""");
internal static Step StepGitPushTag(this Job job, Product component, GitHubContexts contexts) =>
job.Step()
.Name("Git Config")
.Run($"""
git tag -a {component.TagPrefix}-{contexts.Event.Input.Version} -m "Release v{contexts.Event.Input.Version}"
git push origin {component.TagPrefix}-{contexts.Event.Input.Version}
""");
public static WorkflowDispatch InputVersionBranchAndTagOverride(this WorkflowDispatch workflow) =>
workflow.Inputs(
new StringInput("version", "Version in format X.Y.Z, X.Y.Z-preview.N, or X.Y.Z-rc.N", true, "0.0.0"),
new StringInput("branch", "(Optional) the name of the branch to release from", false, "main"),
new BooleanInput("remove-tag-if-exists", "If set, will remove the existing tag. Use this if you have issues with the previous release action", false, false));
public static Step StepUploadPlaywrightTestTraces(this Job job, string componentName)
{
var path = $"{componentName}/test/**/playwright-traces/*.zip";
return job.Step()
.Name("Upload playwright traces")
.If("success() || failure()")
.Uses("actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882") // 4.4.3
.With(
("name", "playwright-traces"),
("path", path),
("overwrite", "true"),
("retention-days", "15"));
}
public static void StepUploadArtifacts(this Job job, string componentName, bool uploadAlways = false)
{
var path = $"{componentName}/artifacts/*.nupkg";
var step = job.Step()
.Name("Upload Artifacts");
if (!uploadAlways)
{
step.IfRefMain();
}
step.Uses("actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882") // 4.4.3
.With(
("name", "artifacts"),
("path", path),
("overwrite", "true"),
("retention-days", "15"));
}
/// <summary>
/// The build triggers both on branch AND on pull_request.
///
/// Only (trusted) contributors can open branches in the main repo, so these builds can run with a higher trust level.
/// So, they are running with trigger 'push'. These builds have access to the secrets and thus they can do things like
/// sign, push the packages, etc..
///
/// External contributors can only create branches on external repo's. These builds run with a lower trust level.
/// So, they are running with trigger 'pull_request'. These builds do not have access to the secrets and thus they can't
/// sign, push the packages, etc..
///
/// Now, if a trusted contributor creates a branch in the main repo, then creates a PR, we don't want to run the build twice.
/// This prevents that. The build will only run once, on the branch with the higher trust level.
///
/// </summary>
public static Job RunEitherOnBranchOrAsPR(this Job job)
=> job.If(
"(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')");
public static void StepInitializeCodeQl(this Job job) =>
job.Step()
.Name("Initialize CodeQL")
.Uses("github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0") // 3.28.9
.With(
("languages", "csharp"),
("build-mode", "manual"),
("db-location", "~/.codeql/databases"));
public static void StepPerformCodeQlAnalysis(this Job job) =>
job.Step()
.Name("Perform CodeQL Analysis")
.If("${{ env.DISABLE_CODEQL_ANALYSIS != 'true' }}")
.Uses("github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0") // 3.28.9
.With(
("category", "/language:csharp"));
}
}
/// <summary>
/// Only run this for a main build
/// </summary>
public static Step IfRefMain(this Step step)
=> step.If("github.ref == 'refs/heads/main'");
/// <summary>
/// Only run this if the build is triggered on a branch IN the same repo
/// this means it's from a trusted contributor.
/// </summary>
public static Step IfGithubEventIsPush(this Step step)
=> step.If("github.event == 'push'");
public static void StepDotNetDevCerts(this Job job)
=> job.Step()
.Name("Dotnet devcerts")
.Run("dotnet dev-certs https --trust");
public static void CachePlaywrightAssets(this Job job)
=> job.Step("playwright-cache")
.Name("Cache Playwright assets")
.Uses("actions/cache@v4")
.With(
("path", "~/.cache/ms-playwright"),
("key", "playwright-${{ runner.os }}-${{ hashFiles('**/Hosts.Tests.csproj') }}"),
("restore-keys", "playwright-${{ runner.os }}-"));
public static void StepInstallPlayWright(this Job job, string playwrightTestProject)
=> job.Step()
.Name("Install Playwright")
.If("steps.playwright-cache.outputs.cache-hit != 'true'")
.Run($"pwsh test/{playwrightTestProject}/bin/Release/net10.0/playwright.ps1 install --with-deps");
public static void StepToolRestore(this Job job)
=> job.Step()
.Name("Tool restore")
.Run("dotnet tool restore");
public static void StepPack(this Job job, string target) =>
job.Step()
.Name($"Pack {target}")
.Run($"dotnet pack -c Release {target} -o artifacts");
public static Step StepRestore(this Job job, string solution)
=> job.Step()
.Name("Restore")
.Run($"dotnet restore {solution}");
public static Step StepVerifyFormatting(this Job job, string solution)
=> job.Step()
.Name("Verify Formatting")
.Run($"dotnet format {solution} --verify-no-changes --no-restore");
public static Step StepBuild(this Job job, string solution)
=> job.Step()
.Name("Build")
.Run($"dotnet build {solution} --no-restore -c Release");
public static void StepTest(this Job job, string project)
{
var logFileName = $"{project}-tests.trx";
var loggingFlags = $"--logger \"console;verbosity=normal\" " +
$"--logger \"trx;LogFileName={logFileName}\" " +
$"--collect:\"XPlat Code Coverage\"";
job.Step()
.Name($"Test - {project}")
.Run($"dotnet test {project} -c Release --no-build {loggingFlags}");
var id = $"test-report-{project.Replace("/", "-").Replace(".", "-")}";
job.Step(id)
.Name($"Test report - {project}")
.WorkingDirectory("test")
.Uses("dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5") // v1.9.1
.If("github.event_name == 'push' && (success() || failure())")
.With(
("name", $"Test Report - {project}"),
("path", $"**/{logFileName}"),
("reporter", "dotnet-trx"),
("fail-on-error", "true"),
("fail-on-empty", "true"));
job.Step()
.Name("Publish test report link")
.Run($"echo \"[Test Results - {project}](${{{{ steps.{id}.outputs.url_html }}}})\" >> $GITHUB_STEP_SUMMARY");
}
public static Step StepPushToNuget(this Job job, bool pushAlways = false)
=> job.StepPush("nuget.org", "https://api.nuget.org/v3/index.json", "NUGET_ORG_API_KEY", pushAlways);
public static Step StepPushToGithub(this Job job, GitHubContexts contexts, bool pushAlways = false)
=> job.StepPush("GitHub", "https://nuget.pkg.github.com/DuendeSoftware/index.json", "GITHUB_TOKEN", pushAlways)
.Env(("GITHUB_TOKEN", contexts.Secrets.GitHubToken),
("NUGET_AUTH_TOKEN", contexts.Secrets.GitHubToken));
public static void StepSign(this Job job, bool always = false)
{
var flags = "--file-digest sha256 " +
"--timestamp-rfc3161 http://timestamp.digicert.com " +
"--azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ " +
"--azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 " +
"--azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 " +
"--azure-key-vault-client-secret ${{ secrets.SignClientSecret }} " +
"--azure-key-vault-certificate NuGetPackageSigning";
var step = job.Step()
.Name("Sign packages");
if (!always)
{
step = step.IfGithubEventIsPush();
}
step.Run($"""
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" {flags}
done
""");
}
public static Step StepPush(this Job job, string destination, string sourceUrl, string secretName, bool pushAlways = false)
{
var apiKey = $"${{{{ secrets.{secretName} }}}}";
var step = job.Step()
.Name($"Push packages to {destination}");
if (!pushAlways)
{
step.IfRefMain();
}
return step.Run($"dotnet nuget push artifacts/*.nupkg --source {sourceUrl} --api-key {apiKey} --skip-duplicate");
}
public static Step StepGitCheckoutCustomBranch(this Job job) =>
job.Step()
.Name("Checkout target branch")
.If("github.event.inputs.branch != 'main'")
.Run("git checkout ${{ github.event.inputs.branch }}");
public static Step StepGitConfig(this Job job) =>
job.Step()
.Name("Git Config")
.Run("""
git config --global user.email "github-bot@duendesoftware.com"
git config --global user.name "Duende Software GitHub Bot"
""");
internal static Step StepGitRemoveExistingTagIfConfigured(this Job job, Product component, GitHubContexts contexts) =>
job.Step()
.Name("Git Config")
.If("github.event.inputs['remove-tag-if-exists'] == 'true'")
.Run($"""
if git rev-parse {component.TagPrefix}-{contexts.Event.Input.Version} >/dev/null 2>&1; then
git tag -d {component.TagPrefix}-{contexts.Event.Input.Version}
git push --delete origin {component.TagPrefix}-{contexts.Event.Input.Version}
else
echo 'Tag {component.TagPrefix}-{contexts.Event.Input.Version} does not exist.'
fi
""");
internal static Step StepGitPushTag(this Job job, Product component, GitHubContexts contexts) =>
job.Step()
.Name("Git Config")
.Run($"""
git tag -a {component.TagPrefix}-{contexts.Event.Input.Version} -m "Release v{contexts.Event.Input.Version}"
git push origin {component.TagPrefix}-{contexts.Event.Input.Version}
""");
public static WorkflowDispatch InputVersionBranchAndTagOverride(this WorkflowDispatch workflow) =>
workflow.Inputs(
new StringInput("version", "Version in format X.Y.Z, X.Y.Z-preview.N, or X.Y.Z-rc.N", true, "0.0.0"),
new StringInput("branch", "(Optional) the name of the branch to release from", false, "main"),
new BooleanInput("remove-tag-if-exists", "If set, will remove the existing tag. Use this if you have issues with the previous release action", false, false));
public static Step StepUploadPlaywrightTestTraces(this Job job, string componentName)
{
var path = $"{componentName}/test/**/playwright-traces/*.zip";
return job.Step()
.Name("Upload playwright traces")
.If("success() || failure()")
.Uses("actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882") // 4.4.3
.With(
("name", "playwright-traces"),
("path", path),
("overwrite", "true"),
("retention-days", "15"));
}
public static void StepUploadArtifacts(this Job job, string componentName, bool uploadAlways = false)
{
var path = $"{componentName}/artifacts/*.nupkg";
var step = job.Step()
.Name("Upload Artifacts");
if (!uploadAlways)
{
step.IfRefMain();
}
step.Uses("actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882") // 4.4.3
.With(
("name", "artifacts"),
("path", path),
("overwrite", "true"),
("retention-days", "15"));
}
/// <summary>
/// The build triggers both on branch AND on pull_request.
///
/// Only (trusted) contributors can open branches in the main repo, so these builds can run with a higher trust level.
/// So, they are running with trigger 'push'. These builds have access to the secrets and thus they can do things like
/// sign, push the packages, etc..
///
/// External contributors can only create branches on external repo's. These builds run with a lower trust level.
/// So, they are running with trigger 'pull_request'. These builds do not have access to the secrets and thus they can't
/// sign, push the packages, etc..
///
/// Now, if a trusted contributor creates a branch in the main repo, then creates a PR, we don't want to run the build twice.
/// This prevents that. The build will only run once, on the branch with the higher trust level.
///
/// </summary>
public static Job RunEitherOnBranchOrAsPR(this Job job)
=> job.If(
"(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')");
public static void StepInitializeCodeQl(this Job job) =>
job.Step()
.Name("Initialize CodeQL")
.Uses("github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0") // 3.28.9
.With(
("languages", "csharp"),
("build-mode", "manual"),
("db-location", "~/.codeql/databases"));
public static void StepPerformCodeQlAnalysis(this Job job) =>
job.Step()
.Name("Perform CodeQL Analysis")
.If("${{ env.DISABLE_CODEQL_ANALYSIS != 'true' }}")
.Uses("github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0") // 3.28.9
.With(
("category", "/language:csharp"));
}

488
.github/workflows/bff-ci.yml vendored
View file

@ -1,250 +1,238 @@
# This was generated by tool. Edits will be overwritten.
name: bff/ci
on:
workflow_dispatch:
push:
paths:
- .config/dotnet-tools.json
- .github/workflows/bff-**
- bff/**
- .editorconfig
- Directory.Packages.props
- global.json
- src.props
- test.props
pull_request:
paths:
- .config/dotnet-tools.json
- .github/workflows/bff-**
- bff/**
- .editorconfig
- Directory.Packages.props
- global.json
- src.props
- test.props
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
verify-formatting:
name: Verify formatting
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
contents: read
defaults:
run:
shell: bash
working-directory: bff
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: Restore
run: dotnet restore bff.slnf
- name: Verify Formatting
run: dotnet format bff.slnf --verify-no-changes --no-restore
build:
name: Build and test (unit)
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
checks: write
contents: read
packages: write
defaults:
run:
shell: bash
working-directory: bff
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: Restore
run: dotnet restore bff.slnf
- name: Build
run: dotnet build bff.slnf --no-restore -c Release
- name: Dotnet devcerts
run: dotnet dev-certs https --trust
- name: Test - test/Bff.Tests
run: dotnet test test/Bff.Tests -c Release --no-build --logger "console;verbosity=normal" --logger "trx;LogFileName=test/Bff.Tests-tests.trx" --collect:"XPlat Code Coverage"
- id: test-report-test-Bff-Tests
name: Test report - test/Bff.Tests
if: github.event_name == 'push' && (success() || failure())
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5
with:
name: Test Report - test/Bff.Tests
path: '**/test/Bff.Tests-tests.trx'
reporter: dotnet-trx
fail-on-error: true
fail-on-empty: true
- name: Publish test report link
run: echo "[Test Results - test/Bff.Tests](${{ steps.test-report-test-Bff-Tests.outputs.url_html }})" >> $GITHUB_STEP_SUMMARY
playwright:
name: Playwright tests
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
checks: write
contents: read
defaults:
run:
shell: bash
working-directory: bff
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: Restore
run: dotnet restore bff.slnf
- name: Build
run: dotnet build bff.slnf --no-restore -c Release
- id: playwright-cache
name: Cache Playwright assets
uses: actions/cache@v4
with:
path: ~/.cache/ms-playwright
key: playwright-${{ runner.os }}-${{ hashFiles('**/Hosts.Tests.csproj') }}
restore-keys: playwright-${{ runner.os }}-
- name: Install Playwright
if: steps.playwright-cache.outputs.cache-hit != 'true'
run: pwsh test/Hosts.Tests/bin/Release/net10.0/playwright.ps1 install --with-deps
- name: Dotnet devcerts
run: dotnet dev-certs https --trust
- name: Test - test/Hosts.Tests
run: dotnet test test/Hosts.Tests -c Release --no-build --logger "console;verbosity=normal" --logger "trx;LogFileName=test/Hosts.Tests-tests.trx" --collect:"XPlat Code Coverage"
- id: test-report-test-Hosts-Tests
name: Test report - test/Hosts.Tests
if: github.event_name == 'push' && (success() || failure())
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5
with:
name: Test Report - test/Hosts.Tests
path: '**/test/Hosts.Tests-tests.trx'
reporter: dotnet-trx
fail-on-error: true
fail-on-empty: true
- name: Publish test report link
run: echo "[Test Results - test/Hosts.Tests](${{ steps.test-report-test-Hosts-Tests.outputs.url_html }})" >> $GITHUB_STEP_SUMMARY
- name: Upload playwright traces
if: success() || failure()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: playwright-traces
path: bff/test/**/playwright-traces/*.zip
overwrite: true
retention-days: 15
codeql:
name: CodeQL analyze
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
defaults:
run:
shell: bash
working-directory: bff
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
pack:
name: Pack, sign and push
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
needs:
- verify-formatting
- build
- playwright
- codeql
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
contents: read
packages: write
defaults:
run:
shell: bash
working-directory: bff
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: Tool restore
run: dotnet tool restore
- name: Pack bff.slnf
run: dotnet pack -c Release bff.slnf -o artifacts
- name: Sign packages
if: github.event == 'push'
run: |-
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
done
- name: Push packages to GitHub
if: github.ref == 'refs/heads/main'
run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Artifacts
if: github.ref == 'refs/heads/main'
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: artifacts
path: bff/artifacts/*.nupkg
overwrite: true
retention-days: 15
# This was generated by tool. Edits will be overwritten.
name: bff/ci
on:
workflow_dispatch:
push:
paths:
- .config/dotnet-tools.json
- .github/workflows/bff-**
- bff/**
- .editorconfig
- Directory.Packages.props
- global.json
- src.props
- test.props
pull_request:
paths:
- .config/dotnet-tools.json
- .github/workflows/bff-**
- bff/**
- .editorconfig
- Directory.Packages.props
- global.json
- src.props
- test.props
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
verify-formatting:
name: Verify formatting
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
contents: read
defaults:
run:
shell: bash
working-directory: bff
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: Restore
run: dotnet restore bff.slnf
- name: Verify Formatting
run: dotnet format bff.slnf --verify-no-changes --no-restore
build:
name: Build and test (unit)
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
checks: write
contents: read
packages: write
defaults:
run:
shell: bash
working-directory: bff
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: Restore
run: dotnet restore bff.slnf
- name: Build
run: dotnet build bff.slnf --no-restore -c Release
- name: Dotnet devcerts
run: dotnet dev-certs https --trust
- name: Test - test/Bff.Tests
run: dotnet test test/Bff.Tests -c Release --no-build --logger "console;verbosity=normal" --logger "trx;LogFileName=test/Bff.Tests-tests.trx" --collect:"XPlat Code Coverage"
- id: test-report-test-Bff-Tests
name: Test report - test/Bff.Tests
if: github.event_name == 'push' && (success() || failure())
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5
with:
name: Test Report - test/Bff.Tests
path: '**/test/Bff.Tests-tests.trx'
reporter: dotnet-trx
fail-on-error: true
fail-on-empty: true
- name: Publish test report link
run: echo "[Test Results - test/Bff.Tests](${{ steps.test-report-test-Bff-Tests.outputs.url_html }})" >> $GITHUB_STEP_SUMMARY
playwright:
name: Playwright tests
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
checks: write
contents: read
defaults:
run:
shell: bash
working-directory: bff
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: Restore
run: dotnet restore bff.slnf
- name: Build
run: dotnet build bff.slnf --no-restore -c Release
- id: playwright-cache
name: Cache Playwright assets
uses: actions/cache@v4
with:
path: ~/.cache/ms-playwright
key: playwright-${{ runner.os }}-${{ hashFiles('**/Hosts.Tests.csproj') }}
restore-keys: playwright-${{ runner.os }}-
- name: Install Playwright
if: steps.playwright-cache.outputs.cache-hit != 'true'
run: pwsh test/Hosts.Tests/bin/Release/net10.0/playwright.ps1 install --with-deps
- name: Dotnet devcerts
run: dotnet dev-certs https --trust
- name: Test - test/Hosts.Tests
run: dotnet test test/Hosts.Tests -c Release --no-build --logger "console;verbosity=normal" --logger "trx;LogFileName=test/Hosts.Tests-tests.trx" --collect:"XPlat Code Coverage"
- id: test-report-test-Hosts-Tests
name: Test report - test/Hosts.Tests
if: github.event_name == 'push' && (success() || failure())
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5
with:
name: Test Report - test/Hosts.Tests
path: '**/test/Hosts.Tests-tests.trx'
reporter: dotnet-trx
fail-on-error: true
fail-on-empty: true
- name: Publish test report link
run: echo "[Test Results - test/Hosts.Tests](${{ steps.test-report-test-Hosts-Tests.outputs.url_html }})" >> $GITHUB_STEP_SUMMARY
- name: Upload playwright traces
if: success() || failure()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: playwright-traces
path: bff/test/**/playwright-traces/*.zip
overwrite: true
retention-days: 15
codeql:
name: CodeQL analyze
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
defaults:
run:
shell: bash
working-directory: bff
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
pack:
name: Pack, sign and push
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
needs:
- verify-formatting
- build
- playwright
- codeql
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
contents: read
packages: write
defaults:
run:
shell: bash
working-directory: bff
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: Tool restore
run: dotnet tool restore
- name: Pack bff.slnf
run: dotnet pack -c Release bff.slnf -o artifacts
- name: Sign packages
if: github.event == 'push'
run: |-
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
done
- name: Push packages to GitHub
if: github.ref == 'refs/heads/main'
run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Artifacts
if: github.ref == 'refs/heads/main'
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: artifacts
path: bff/artifacts/*.nupkg
overwrite: true
retention-days: 15

230
.github/workflows/bff-release.yml vendored
View file

@ -1,118 +1,112 @@
# This was generated by tool. Edits will be overwritten.
name: bff/release
on:
workflow_dispatch:
inputs:
version:
description: 'Version in format X.Y.Z, X.Y.Z-preview.N, or X.Y.Z-rc.N'
type: string
required: true
default: '0.0.0'
branch:
description: '(Optional) the name of the branch to release from'
type: string
required: false
default: 'main'
remove-tag-if-exists:
description: 'If set, will remove the existing tag. Use this if you have issues with the previous release action'
type: boolean
required: false
default: false
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
tag:
name: Tag and Pack
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
defaults:
run:
shell: bash
working-directory: bff
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Validate Version Input
run: echo '${{ github.event.inputs.version }}' | grep -P '^\d+\.\d+\.\d+(-preview\.\d+|-rc\.\d+)?$' || (echo 'Invalid version format' && exit 1)
- name: Checkout target branch
if: github.event.inputs.branch != 'main'
run: git checkout ${{ github.event.inputs.branch }}
- name: Git Config
run: |-
git config --global user.email "github-bot@duendesoftware.com"
git config --global user.name "Duende Software GitHub Bot"
- name: Git Config
if: github.event.inputs['remove-tag-if-exists'] == 'true'
run: |-
if git rev-parse bff-${{ github.event.inputs.version }} >/dev/null 2>&1; then
git tag -d bff-${{ github.event.inputs.version }}
git push --delete origin bff-${{ github.event.inputs.version }}
else
echo 'Tag bff-${{ github.event.inputs.version }} does not exist.'
fi
- name: Git Config
run: |-
git tag -a bff-${{ github.event.inputs.version }} -m "Release v${{ github.event.inputs.version }}"
git push origin bff-${{ github.event.inputs.version }}
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: Pack bff.slnf
run: dotnet pack -c Release bff.slnf -o artifacts
- name: Tool restore
run: dotnet tool restore
- name: Sign packages
run: |-
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
done
- name: Push packages to GitHub
run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: artifacts
path: bff/artifacts/*.nupkg
overwrite: true
retention-days: 15
publish:
name: Publish to nuget.org
needs:
- tag
runs-on: ubuntu-latest
environment:
name: nuget.org
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: artifacts
path: artifacts
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: List files
run: tree
shell: bash
- name: Push packages to nuget.org
run: dotnet nuget push artifacts/*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_ORG_API_KEY }} --skip-duplicate
# This was generated by tool. Edits will be overwritten.
name: bff/release
on:
workflow_dispatch:
inputs:
version:
description: 'Version in format X.Y.Z, X.Y.Z-preview.N, or X.Y.Z-rc.N'
type: string
required: true
default: '0.0.0'
branch:
description: '(Optional) the name of the branch to release from'
type: string
required: false
default: 'main'
remove-tag-if-exists:
description: 'If set, will remove the existing tag. Use this if you have issues with the previous release action'
type: boolean
required: false
default: false
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
tag:
name: Tag and Pack
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
defaults:
run:
shell: bash
working-directory: bff
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Validate Version Input
run: echo '${{ github.event.inputs.version }}' | grep -P '^\d+\.\d+\.\d+(-preview\.\d+|-rc\.\d+)?$' || (echo 'Invalid version format' && exit 1)
- name: Checkout target branch
if: github.event.inputs.branch != 'main'
run: git checkout ${{ github.event.inputs.branch }}
- name: Git Config
run: |-
git config --global user.email "github-bot@duendesoftware.com"
git config --global user.name "Duende Software GitHub Bot"
- name: Git Config
if: github.event.inputs['remove-tag-if-exists'] == 'true'
run: |-
if git rev-parse bff-${{ github.event.inputs.version }} >/dev/null 2>&1; then
git tag -d bff-${{ github.event.inputs.version }}
git push --delete origin bff-${{ github.event.inputs.version }}
else
echo 'Tag bff-${{ github.event.inputs.version }} does not exist.'
fi
- name: Git Config
run: |-
git tag -a bff-${{ github.event.inputs.version }} -m "Release v${{ github.event.inputs.version }}"
git push origin bff-${{ github.event.inputs.version }}
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: Pack bff.slnf
run: dotnet pack -c Release bff.slnf -o artifacts
- name: Tool restore
run: dotnet tool restore
- name: Sign packages
run: |-
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
done
- name: Push packages to GitHub
run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: artifacts
path: bff/artifacts/*.nupkg
overwrite: true
retention-days: 15
publish:
name: Publish to nuget.org
needs:
- tag
runs-on: ubuntu-latest
environment:
name: nuget.org
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: artifacts
path: artifacts
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: List files
run: tree
shell: bash
- name: Push packages to nuget.org
run: dotnet nuget push artifacts/*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_ORG_API_KEY }} --skip-duplicate

369
.github/workflows/docs-mcp-ci.yml vendored
View file

@ -1,189 +1,180 @@
# This was generated by tool. Edits will be overwritten.
name: docs-mcp/ci
on:
workflow_dispatch:
push:
paths:
- .config/dotnet-tools.json
- .github/workflows/docs-mcp-**
- docs-mcp/**
- .editorconfig
- Directory.Packages.props
- global.json
- src.props
- test.props
pull_request:
paths:
- .config/dotnet-tools.json
- .github/workflows/docs-mcp-**
- docs-mcp/**
- .editorconfig
- Directory.Packages.props
- global.json
- src.props
- test.props
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
verify-formatting:
name: Verify formatting
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
contents: read
defaults:
run:
shell: bash
working-directory: docs-mcp
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: Restore
run: dotnet restore docs-mcp.slnf
- name: Verify Formatting
run: dotnet format docs-mcp.slnf --verify-no-changes --no-restore
build:
name: Build and test (unit)
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
checks: write
contents: read
packages: write
defaults:
run:
shell: bash
working-directory: docs-mcp
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: Restore
run: dotnet restore docs-mcp.slnf
- name: Build
run: dotnet build docs-mcp.slnf --no-restore -c Release
- name: Dotnet devcerts
run: dotnet dev-certs https --trust
playwright:
name: Playwright tests
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
checks: write
contents: read
defaults:
run:
shell: bash
working-directory: docs-mcp
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
codeql:
name: CodeQL analyze
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
defaults:
run:
shell: bash
working-directory: docs-mcp
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
pack:
name: Pack, sign and push
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
needs:
- verify-formatting
- build
- playwright
- codeql
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
contents: read
packages: write
defaults:
run:
shell: bash
working-directory: docs-mcp
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: Tool restore
run: dotnet tool restore
- name: Pack docs-mcp.slnf
run: dotnet pack -c Release docs-mcp.slnf -o artifacts
- name: Sign packages
if: github.event == 'push'
run: |-
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
done
- name: Push packages to GitHub
if: github.ref == 'refs/heads/main'
run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Artifacts
if: github.ref == 'refs/heads/main'
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: artifacts
path: docs-mcp/artifacts/*.nupkg
overwrite: true
retention-days: 15
# This was generated by tool. Edits will be overwritten.
name: docs-mcp/ci
on:
workflow_dispatch:
push:
paths:
- .config/dotnet-tools.json
- .github/workflows/docs-mcp-**
- docs-mcp/**
- .editorconfig
- Directory.Packages.props
- global.json
- src.props
- test.props
pull_request:
paths:
- .config/dotnet-tools.json
- .github/workflows/docs-mcp-**
- docs-mcp/**
- .editorconfig
- Directory.Packages.props
- global.json
- src.props
- test.props
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
verify-formatting:
name: Verify formatting
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
contents: read
defaults:
run:
shell: bash
working-directory: docs-mcp
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: Restore
run: dotnet restore docs-mcp.slnf
- name: Verify Formatting
run: dotnet format docs-mcp.slnf --verify-no-changes --no-restore
build:
name: Build and test (unit)
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
checks: write
contents: read
packages: write
defaults:
run:
shell: bash
working-directory: docs-mcp
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: Restore
run: dotnet restore docs-mcp.slnf
- name: Build
run: dotnet build docs-mcp.slnf --no-restore -c Release
- name: Dotnet devcerts
run: dotnet dev-certs https --trust
playwright:
name: Playwright tests
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
checks: write
contents: read
defaults:
run:
shell: bash
working-directory: docs-mcp
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
codeql:
name: CodeQL analyze
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
defaults:
run:
shell: bash
working-directory: docs-mcp
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
pack:
name: Pack, sign and push
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
needs:
- verify-formatting
- build
- playwright
- codeql
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
contents: read
packages: write
defaults:
run:
shell: bash
working-directory: docs-mcp
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: Tool restore
run: dotnet tool restore
- name: Pack docs-mcp.slnf
run: dotnet pack -c Release docs-mcp.slnf -o artifacts
- name: Sign packages
if: github.event == 'push'
run: |-
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
done
- name: Push packages to GitHub
if: github.ref == 'refs/heads/main'
run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Artifacts
if: github.ref == 'refs/heads/main'
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: artifacts
path: docs-mcp/artifacts/*.nupkg
overwrite: true
retention-days: 15

230
.github/workflows/docs-mcp-release.yml vendored
View file

@ -1,118 +1,112 @@
# This was generated by tool. Edits will be overwritten.
name: docs-mcp/release
on:
workflow_dispatch:
inputs:
version:
description: 'Version in format X.Y.Z, X.Y.Z-preview.N, or X.Y.Z-rc.N'
type: string
required: true
default: '0.0.0'
branch:
description: '(Optional) the name of the branch to release from'
type: string
required: false
default: 'main'
remove-tag-if-exists:
description: 'If set, will remove the existing tag. Use this if you have issues with the previous release action'
type: boolean
required: false
default: false
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
tag:
name: Tag and Pack
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
defaults:
run:
shell: bash
working-directory: docs-mcp
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Validate Version Input
run: echo '${{ github.event.inputs.version }}' | grep -P '^\d+\.\d+\.\d+(-preview\.\d+|-rc\.\d+)?$' || (echo 'Invalid version format' && exit 1)
- name: Checkout target branch
if: github.event.inputs.branch != 'main'
run: git checkout ${{ github.event.inputs.branch }}
- name: Git Config
run: |-
git config --global user.email "github-bot@duendesoftware.com"
git config --global user.name "Duende Software GitHub Bot"
- name: Git Config
if: github.event.inputs['remove-tag-if-exists'] == 'true'
run: |-
if git rev-parse dmcp-${{ github.event.inputs.version }} >/dev/null 2>&1; then
git tag -d dmcp-${{ github.event.inputs.version }}
git push --delete origin dmcp-${{ github.event.inputs.version }}
else
echo 'Tag dmcp-${{ github.event.inputs.version }} does not exist.'
fi
- name: Git Config
run: |-
git tag -a dmcp-${{ github.event.inputs.version }} -m "Release v${{ github.event.inputs.version }}"
git push origin dmcp-${{ github.event.inputs.version }}
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: Pack docs-mcp.slnf
run: dotnet pack -c Release docs-mcp.slnf -o artifacts
- name: Tool restore
run: dotnet tool restore
- name: Sign packages
run: |-
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
done
- name: Push packages to GitHub
run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: artifacts
path: docs-mcp/artifacts/*.nupkg
overwrite: true
retention-days: 15
publish:
name: Publish to nuget.org
needs:
- tag
runs-on: ubuntu-latest
environment:
name: nuget.org
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: artifacts
path: artifacts
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: List files
run: tree
shell: bash
- name: Push packages to nuget.org
run: dotnet nuget push artifacts/*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_ORG_API_KEY }} --skip-duplicate
# This was generated by tool. Edits will be overwritten.
name: docs-mcp/release
on:
workflow_dispatch:
inputs:
version:
description: 'Version in format X.Y.Z, X.Y.Z-preview.N, or X.Y.Z-rc.N'
type: string
required: true
default: '0.0.0'
branch:
description: '(Optional) the name of the branch to release from'
type: string
required: false
default: 'main'
remove-tag-if-exists:
description: 'If set, will remove the existing tag. Use this if you have issues with the previous release action'
type: boolean
required: false
default: false
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
tag:
name: Tag and Pack
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
defaults:
run:
shell: bash
working-directory: docs-mcp
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Validate Version Input
run: echo '${{ github.event.inputs.version }}' | grep -P '^\d+\.\d+\.\d+(-preview\.\d+|-rc\.\d+)?$' || (echo 'Invalid version format' && exit 1)
- name: Checkout target branch
if: github.event.inputs.branch != 'main'
run: git checkout ${{ github.event.inputs.branch }}
- name: Git Config
run: |-
git config --global user.email "github-bot@duendesoftware.com"
git config --global user.name "Duende Software GitHub Bot"
- name: Git Config
if: github.event.inputs['remove-tag-if-exists'] == 'true'
run: |-
if git rev-parse dmcp-${{ github.event.inputs.version }} >/dev/null 2>&1; then
git tag -d dmcp-${{ github.event.inputs.version }}
git push --delete origin dmcp-${{ github.event.inputs.version }}
else
echo 'Tag dmcp-${{ github.event.inputs.version }} does not exist.'
fi
- name: Git Config
run: |-
git tag -a dmcp-${{ github.event.inputs.version }} -m "Release v${{ github.event.inputs.version }}"
git push origin dmcp-${{ github.event.inputs.version }}
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: Pack docs-mcp.slnf
run: dotnet pack -c Release docs-mcp.slnf -o artifacts
- name: Tool restore
run: dotnet tool restore
- name: Sign packages
run: |-
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
done
- name: Push packages to GitHub
run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: artifacts
path: docs-mcp/artifacts/*.nupkg
overwrite: true
retention-days: 15
publish:
name: Publish to nuget.org
needs:
- tag
runs-on: ubuntu-latest
environment:
name: nuget.org
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: artifacts
path: artifacts
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: List files
run: tree
shell: bash
- name: Push packages to nuget.org
run: dotnet nuget push artifacts/*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_ORG_API_KEY }} --skip-duplicate

516
.github/workflows/identity-server-ci.yml vendored
View file

@ -1,264 +1,252 @@
# This was generated by tool. Edits will be overwritten.
name: identity-server/ci
on:
workflow_dispatch:
push:
paths:
- .config/dotnet-tools.json
- .github/workflows/identity-server-**
- identity-server/**
- .editorconfig
- Directory.Packages.props
- global.json
- src.props
- test.props
pull_request:
paths:
- .config/dotnet-tools.json
- .github/workflows/identity-server-**
- identity-server/**
- .editorconfig
- Directory.Packages.props
- global.json
- src.props
- test.props
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
verify-formatting:
name: Verify formatting
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
contents: read
defaults:
run:
shell: bash
working-directory: identity-server
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: Restore
run: dotnet restore identity-server.slnf
- name: Verify Formatting
run: dotnet format identity-server.slnf --verify-no-changes --no-restore
build:
name: Build and test (unit)
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
checks: write
contents: read
packages: write
defaults:
run:
shell: bash
working-directory: identity-server
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: Restore
run: dotnet restore identity-server.slnf
- name: Build
run: dotnet build identity-server.slnf --no-restore -c Release
- name: Dotnet devcerts
run: dotnet dev-certs https --trust
- name: Test - test/IdentityServer.IntegrationTests
run: dotnet test test/IdentityServer.IntegrationTests -c Release --no-build --logger "console;verbosity=normal" --logger "trx;LogFileName=test/IdentityServer.IntegrationTests-tests.trx" --collect:"XPlat Code Coverage"
- id: test-report-test-IdentityServer-IntegrationTests
name: Test report - test/IdentityServer.IntegrationTests
if: github.event_name == 'push' && (success() || failure())
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5
with:
name: Test Report - test/IdentityServer.IntegrationTests
path: '**/test/IdentityServer.IntegrationTests-tests.trx'
reporter: dotnet-trx
fail-on-error: true
fail-on-empty: true
- name: Publish test report link
run: echo "[Test Results - test/IdentityServer.IntegrationTests](${{ steps.test-report-test-IdentityServer-IntegrationTests.outputs.url_html }})" >> $GITHUB_STEP_SUMMARY
- name: Test - test/IdentityServer.UnitTests
run: dotnet test test/IdentityServer.UnitTests -c Release --no-build --logger "console;verbosity=normal" --logger "trx;LogFileName=test/IdentityServer.UnitTests-tests.trx" --collect:"XPlat Code Coverage"
- id: test-report-test-IdentityServer-UnitTests
name: Test report - test/IdentityServer.UnitTests
if: github.event_name == 'push' && (success() || failure())
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5
with:
name: Test Report - test/IdentityServer.UnitTests
path: '**/test/IdentityServer.UnitTests-tests.trx'
reporter: dotnet-trx
fail-on-error: true
fail-on-empty: true
- name: Publish test report link
run: echo "[Test Results - test/IdentityServer.UnitTests](${{ steps.test-report-test-IdentityServer-UnitTests.outputs.url_html }})" >> $GITHUB_STEP_SUMMARY
playwright:
name: Playwright tests
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
checks: write
contents: read
defaults:
run:
shell: bash
working-directory: identity-server
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: Restore
run: dotnet restore identity-server.slnf
- name: Build
run: dotnet build identity-server.slnf --no-restore -c Release
- id: playwright-cache
name: Cache Playwright assets
uses: actions/cache@v4
with:
path: ~/.cache/ms-playwright
key: playwright-${{ runner.os }}-${{ hashFiles('**/Hosts.Tests.csproj') }}
restore-keys: playwright-${{ runner.os }}-
- name: Install Playwright
if: steps.playwright-cache.outputs.cache-hit != 'true'
run: pwsh test/IdentityServer.EndToEndTests/bin/Release/net10.0/playwright.ps1 install --with-deps
- name: Dotnet devcerts
run: dotnet dev-certs https --trust
- name: Test - test/IdentityServer.EndToEndTests
run: dotnet test test/IdentityServer.EndToEndTests -c Release --no-build --logger "console;verbosity=normal" --logger "trx;LogFileName=test/IdentityServer.EndToEndTests-tests.trx" --collect:"XPlat Code Coverage"
- id: test-report-test-IdentityServer-EndToEndTests
name: Test report - test/IdentityServer.EndToEndTests
if: github.event_name == 'push' && (success() || failure())
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5
with:
name: Test Report - test/IdentityServer.EndToEndTests
path: '**/test/IdentityServer.EndToEndTests-tests.trx'
reporter: dotnet-trx
fail-on-error: true
fail-on-empty: true
- name: Publish test report link
run: echo "[Test Results - test/IdentityServer.EndToEndTests](${{ steps.test-report-test-IdentityServer-EndToEndTests.outputs.url_html }})" >> $GITHUB_STEP_SUMMARY
- name: Upload playwright traces
if: success() || failure()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: playwright-traces
path: identity-server/test/**/playwright-traces/*.zip
overwrite: true
retention-days: 15
codeql:
name: CodeQL analyze
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
defaults:
run:
shell: bash
working-directory: identity-server
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
pack:
name: Pack, sign and push
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
needs:
- verify-formatting
- build
- playwright
- codeql
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
contents: read
packages: write
defaults:
run:
shell: bash
working-directory: identity-server
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: Tool restore
run: dotnet tool restore
- name: Pack identity-server.slnf
run: dotnet pack -c Release identity-server.slnf -o artifacts
- name: Sign packages
if: github.event == 'push'
run: |-
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
done
- name: Push packages to GitHub
if: github.ref == 'refs/heads/main'
run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Artifacts
if: github.ref == 'refs/heads/main'
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: artifacts
path: identity-server/artifacts/*.nupkg
overwrite: true
retention-days: 15
# This was generated by tool. Edits will be overwritten.
name: identity-server/ci
on:
workflow_dispatch:
push:
paths:
- .config/dotnet-tools.json
- .github/workflows/identity-server-**
- identity-server/**
- .editorconfig
- Directory.Packages.props
- global.json
- src.props
- test.props
pull_request:
paths:
- .config/dotnet-tools.json
- .github/workflows/identity-server-**
- identity-server/**
- .editorconfig
- Directory.Packages.props
- global.json
- src.props
- test.props
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
verify-formatting:
name: Verify formatting
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
contents: read
defaults:
run:
shell: bash
working-directory: identity-server
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: Restore
run: dotnet restore identity-server.slnf
- name: Verify Formatting
run: dotnet format identity-server.slnf --verify-no-changes --no-restore
build:
name: Build and test (unit)
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
checks: write
contents: read
packages: write
defaults:
run:
shell: bash
working-directory: identity-server
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: Restore
run: dotnet restore identity-server.slnf
- name: Build
run: dotnet build identity-server.slnf --no-restore -c Release
- name: Dotnet devcerts
run: dotnet dev-certs https --trust
- name: Test - test/IdentityServer.IntegrationTests
run: dotnet test test/IdentityServer.IntegrationTests -c Release --no-build --logger "console;verbosity=normal" --logger "trx;LogFileName=test/IdentityServer.IntegrationTests-tests.trx" --collect:"XPlat Code Coverage"
- id: test-report-test-IdentityServer-IntegrationTests
name: Test report - test/IdentityServer.IntegrationTests
if: github.event_name == 'push' && (success() || failure())
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5
with:
name: Test Report - test/IdentityServer.IntegrationTests
path: '**/test/IdentityServer.IntegrationTests-tests.trx'
reporter: dotnet-trx
fail-on-error: true
fail-on-empty: true
- name: Publish test report link
run: echo "[Test Results - test/IdentityServer.IntegrationTests](${{ steps.test-report-test-IdentityServer-IntegrationTests.outputs.url_html }})" >> $GITHUB_STEP_SUMMARY
- name: Test - test/IdentityServer.UnitTests
run: dotnet test test/IdentityServer.UnitTests -c Release --no-build --logger "console;verbosity=normal" --logger "trx;LogFileName=test/IdentityServer.UnitTests-tests.trx" --collect:"XPlat Code Coverage"
- id: test-report-test-IdentityServer-UnitTests
name: Test report - test/IdentityServer.UnitTests
if: github.event_name == 'push' && (success() || failure())
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5
with:
name: Test Report - test/IdentityServer.UnitTests
path: '**/test/IdentityServer.UnitTests-tests.trx'
reporter: dotnet-trx
fail-on-error: true
fail-on-empty: true
- name: Publish test report link
run: echo "[Test Results - test/IdentityServer.UnitTests](${{ steps.test-report-test-IdentityServer-UnitTests.outputs.url_html }})" >> $GITHUB_STEP_SUMMARY
playwright:
name: Playwright tests
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
checks: write
contents: read
defaults:
run:
shell: bash
working-directory: identity-server
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: Restore
run: dotnet restore identity-server.slnf
- name: Build
run: dotnet build identity-server.slnf --no-restore -c Release
- id: playwright-cache
name: Cache Playwright assets
uses: actions/cache@v4
with:
path: ~/.cache/ms-playwright
key: playwright-${{ runner.os }}-${{ hashFiles('**/Hosts.Tests.csproj') }}
restore-keys: playwright-${{ runner.os }}-
- name: Install Playwright
if: steps.playwright-cache.outputs.cache-hit != 'true'
run: pwsh test/IdentityServer.EndToEndTests/bin/Release/net10.0/playwright.ps1 install --with-deps
- name: Dotnet devcerts
run: dotnet dev-certs https --trust
- name: Test - test/IdentityServer.EndToEndTests
run: dotnet test test/IdentityServer.EndToEndTests -c Release --no-build --logger "console;verbosity=normal" --logger "trx;LogFileName=test/IdentityServer.EndToEndTests-tests.trx" --collect:"XPlat Code Coverage"
- id: test-report-test-IdentityServer-EndToEndTests
name: Test report - test/IdentityServer.EndToEndTests
if: github.event_name == 'push' && (success() || failure())
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5
with:
name: Test Report - test/IdentityServer.EndToEndTests
path: '**/test/IdentityServer.EndToEndTests-tests.trx'
reporter: dotnet-trx
fail-on-error: true
fail-on-empty: true
- name: Publish test report link
run: echo "[Test Results - test/IdentityServer.EndToEndTests](${{ steps.test-report-test-IdentityServer-EndToEndTests.outputs.url_html }})" >> $GITHUB_STEP_SUMMARY
- name: Upload playwright traces
if: success() || failure()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: playwright-traces
path: identity-server/test/**/playwright-traces/*.zip
overwrite: true
retention-days: 15
codeql:
name: CodeQL analyze
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
defaults:
run:
shell: bash
working-directory: identity-server
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
pack:
name: Pack, sign and push
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
needs:
- verify-formatting
- build
- playwright
- codeql
runs-on:
group: large
labels: [ubuntu-latest-x64-16core]
permissions:
actions: read
contents: read
packages: write
defaults:
run:
shell: bash
working-directory: identity-server
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: Tool restore
run: dotnet tool restore
- name: Pack identity-server.slnf
run: dotnet pack -c Release identity-server.slnf -o artifacts
- name: Sign packages
if: github.event == 'push'
run: |-
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
done
- name: Push packages to GitHub
if: github.ref == 'refs/heads/main'
run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Artifacts
if: github.ref == 'refs/heads/main'
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: artifacts
path: identity-server/artifacts/*.nupkg
overwrite: true
retention-days: 15

230
.github/workflows/identity-server-release.yml vendored
View file

@ -1,118 +1,112 @@
# This was generated by tool. Edits will be overwritten.
name: identity-server/release
on:
workflow_dispatch:
inputs:
version:
description: 'Version in format X.Y.Z, X.Y.Z-preview.N, or X.Y.Z-rc.N'
type: string
required: true
default: '0.0.0'
branch:
description: '(Optional) the name of the branch to release from'
type: string
required: false
default: 'main'
remove-tag-if-exists:
description: 'If set, will remove the existing tag. Use this if you have issues with the previous release action'
type: boolean
required: false
default: false
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
tag:
name: Tag and Pack
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
defaults:
run:
shell: bash
working-directory: identity-server
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Validate Version Input
run: echo '${{ github.event.inputs.version }}' | grep -P '^\d+\.\d+\.\d+(-preview\.\d+|-rc\.\d+)?$' || (echo 'Invalid version format' && exit 1)
- name: Checkout target branch
if: github.event.inputs.branch != 'main'
run: git checkout ${{ github.event.inputs.branch }}
- name: Git Config
run: |-
git config --global user.email "github-bot@duendesoftware.com"
git config --global user.name "Duende Software GitHub Bot"
- name: Git Config
if: github.event.inputs['remove-tag-if-exists'] == 'true'
run: |-
if git rev-parse is-${{ github.event.inputs.version }} >/dev/null 2>&1; then
git tag -d is-${{ github.event.inputs.version }}
git push --delete origin is-${{ github.event.inputs.version }}
else
echo 'Tag is-${{ github.event.inputs.version }} does not exist.'
fi
- name: Git Config
run: |-
git tag -a is-${{ github.event.inputs.version }} -m "Release v${{ github.event.inputs.version }}"
git push origin is-${{ github.event.inputs.version }}
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: Pack identity-server.slnf
run: dotnet pack -c Release identity-server.slnf -o artifacts
- name: Tool restore
run: dotnet tool restore
- name: Sign packages
run: |-
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
done
- name: Push packages to GitHub
run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: artifacts
path: identity-server/artifacts/*.nupkg
overwrite: true
retention-days: 15
publish:
name: Publish to nuget.org
needs:
- tag
runs-on: ubuntu-latest
environment:
name: nuget.org
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: artifacts
path: artifacts
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: List files
run: tree
shell: bash
- name: Push packages to nuget.org
run: dotnet nuget push artifacts/*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_ORG_API_KEY }} --skip-duplicate
# This was generated by tool. Edits will be overwritten.
name: identity-server/release
on:
workflow_dispatch:
inputs:
version:
description: 'Version in format X.Y.Z, X.Y.Z-preview.N, or X.Y.Z-rc.N'
type: string
required: true
default: '0.0.0'
branch:
description: '(Optional) the name of the branch to release from'
type: string
required: false
default: 'main'
remove-tag-if-exists:
description: 'If set, will remove the existing tag. Use this if you have issues with the previous release action'
type: boolean
required: false
default: false
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
tag:
name: Tag and Pack
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
defaults:
run:
shell: bash
working-directory: identity-server
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Validate Version Input
run: echo '${{ github.event.inputs.version }}' | grep -P '^\d+\.\d+\.\d+(-preview\.\d+|-rc\.\d+)?$' || (echo 'Invalid version format' && exit 1)
- name: Checkout target branch
if: github.event.inputs.branch != 'main'
run: git checkout ${{ github.event.inputs.branch }}
- name: Git Config
run: |-
git config --global user.email "github-bot@duendesoftware.com"
git config --global user.name "Duende Software GitHub Bot"
- name: Git Config
if: github.event.inputs['remove-tag-if-exists'] == 'true'
run: |-
if git rev-parse is-${{ github.event.inputs.version }} >/dev/null 2>&1; then
git tag -d is-${{ github.event.inputs.version }}
git push --delete origin is-${{ github.event.inputs.version }}
else
echo 'Tag is-${{ github.event.inputs.version }} does not exist.'
fi
- name: Git Config
run: |-
git tag -a is-${{ github.event.inputs.version }} -m "Release v${{ github.event.inputs.version }}"
git push origin is-${{ github.event.inputs.version }}
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: Pack identity-server.slnf
run: dotnet pack -c Release identity-server.slnf -o artifacts
- name: Tool restore
run: dotnet tool restore
- name: Sign packages
run: |-
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
done
- name: Push packages to GitHub
run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: artifacts
path: identity-server/artifacts/*.nupkg
overwrite: true
retention-days: 15
publish:
name: Publish to nuget.org
needs:
- tag
runs-on: ubuntu-latest
environment:
name: nuget.org
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: artifacts
path: artifacts
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: List files
run: tree
shell: bash
- name: Push packages to nuget.org
run: dotnet nuget push artifacts/*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_ORG_API_KEY }} --skip-duplicate

230
.github/workflows/templates-release.yml vendored
View file

@ -1,118 +1,112 @@
# This was generated by tool. Edits will be overwritten.
name: templates/release
on:
workflow_dispatch:
inputs:
version:
description: 'Version in format X.Y.Z, X.Y.Z-preview.N, or X.Y.Z-rc.N'
type: string
required: true
default: '0.0.0'
branch:
description: '(Optional) the name of the branch to release from'
type: string
required: false
default: 'main'
remove-tag-if-exists:
description: 'If set, will remove the existing tag. Use this if you have issues with the previous release action'
type: boolean
required: false
default: false
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
tag:
name: Tag and Pack
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
defaults:
run:
shell: bash
working-directory: templates
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: Checkout target branch
if: github.event.inputs.branch != 'main'
run: git checkout ${{ github.event.inputs.branch }}
- name: Git Config
run: |-
git config --global user.email "github-bot@duendesoftware.com"
git config --global user.name "Duende Software GitHub Bot"
- name: Git Config
if: github.event.inputs['remove-tag-if-exists'] == 'true'
run: |-
if git rev-parse templates-${{ github.event.inputs.version }} >/dev/null 2>&1; then
git tag -d templates-${{ github.event.inputs.version }}
git push --delete origin templates-${{ github.event.inputs.version }}
else
echo 'Tag templates-${{ github.event.inputs.version }} does not exist.'
fi
- name: Git Config
run: |-
git tag -a templates-${{ github.event.inputs.version }} -m "Release v${{ github.event.inputs.version }}"
git push origin templates-${{ github.event.inputs.version }}
- name: Tool restore
run: dotnet tool restore
- name: build templates
run: dotnet run --project build
- name: Pack ../artifacts/templates.csproj
run: dotnet pack -c Release ../artifacts/templates.csproj -o artifacts
- name: Sign packages
run: |-
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
done
- name: Push packages to GitHub
run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: artifacts
path: templates/artifacts/*.nupkg
overwrite: true
retention-days: 15
publish:
name: Publish to nuget.org
needs:
- tag
runs-on: ubuntu-latest
environment:
name: nuget.org
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: artifacts
path: artifacts
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: |-
8.0.x
9.0.203
10.0.100
- name: List files
run: tree
shell: bash
- name: Push packages to nuget.org
run: dotnet nuget push artifacts/*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_ORG_API_KEY }} --skip-duplicate
# This was generated by tool. Edits will be overwritten.
name: templates/release
on:
workflow_dispatch:
inputs:
version:
description: 'Version in format X.Y.Z, X.Y.Z-preview.N, or X.Y.Z-rc.N'
type: string
required: true
default: '0.0.0'
branch:
description: '(Optional) the name of the branch to release from'
type: string
required: false
default: 'main'
remove-tag-if-exists:
description: 'If set, will remove the existing tag. Use this if you have issues with the previous release action'
type: boolean
required: false
default: false
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
tag:
name: Tag and Pack
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
defaults:
run:
shell: bash
working-directory: templates
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: Checkout target branch
if: github.event.inputs.branch != 'main'
run: git checkout ${{ github.event.inputs.branch }}
- name: Git Config
run: |-
git config --global user.email "github-bot@duendesoftware.com"
git config --global user.name "Duende Software GitHub Bot"
- name: Git Config
if: github.event.inputs['remove-tag-if-exists'] == 'true'
run: |-
if git rev-parse templates-${{ github.event.inputs.version }} >/dev/null 2>&1; then
git tag -d templates-${{ github.event.inputs.version }}
git push --delete origin templates-${{ github.event.inputs.version }}
else
echo 'Tag templates-${{ github.event.inputs.version }} does not exist.'
fi
- name: Git Config
run: |-
git tag -a templates-${{ github.event.inputs.version }} -m "Release v${{ github.event.inputs.version }}"
git push origin templates-${{ github.event.inputs.version }}
- name: Tool restore
run: dotnet tool restore
- name: build templates
run: dotnet run --project build
- name: Pack ../artifacts/templates.csproj
run: dotnet pack -c Release ../artifacts/templates.csproj -o artifacts
- name: Sign packages
run: |-
for file in artifacts/*.nupkg; do
dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
done
- name: Push packages to GitHub
run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: artifacts
path: templates/artifacts/*.nupkg
overwrite: true
retention-days: 15
publish:
name: Publish to nuget.org
needs:
- tag
runs-on: ubuntu-latest
environment:
name: nuget.org
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: artifacts
path: artifacts
- name: List .net sdks
run: dotnet --list-sdks
- name: Setup Dotnet
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
dotnet-version: 10.0.100
- name: List files
run: tree
shell: bash
- name: Push packages to nuget.org
run: dotnet nuget push artifacts/*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_ORG_API_KEY }} --skip-duplicate