-
Notifications
You must be signed in to change notification settings - Fork 0
120 lines (104 loc) · 4.12 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# This workflow will build a .NET project
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-net
name: Build and publish module
on:
push:
branches:
- master
paths-ignore:
- '**'
tags:
- 'v*'
workflow_dispatch:
jobs:
build:
runs-on: windows-latest
env:
MODULE_NAME: SpfAnalyzer
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: 8.0.x
- name: Detect module version
shell: pwsh
run: |
$moduleName = $env:MODULE_NAME
$manifest = Import-PowerShellDataFile -Path "$env:GITHUB_WORKSPACE\Module\$moduleName\$moduleName.psd1"
$moduleVersion = $manifest.ModuleVersion
$prereleaase = $manifest.privateData.psdata.prerelease
if ($prereleaase) {
$moduleVersion = "$moduleVersion-$prereleaase"
}
else {
$moduleVersion = "$moduleVersion"
}
Write-Output "Module version: $moduleVersion"
echo "MODULE_VERSION=$moduleVersion" >> $env:GITHUB_ENV
- name: Restore dependencies - SpfAnalyzer
run: dotnet restore "$env:GITHUB_WORKSPACE/src/SpfAnalyzer"
- name: Restore dependencies - AutomationHelper
run: dotnet restore "$env:GITHUB_WORKSPACE/src/AutomationHelper"
- name: Build - SpfAnalyzer
run: dotnet build "$env:GITHUB_WORKSPACE/src/SpfAnalyzer" --no-restore --configuration Release /p:Version=$env:MODULE_VERSION
- name: Build - SpfIpHelper
run: dotnet build "$env:GITHUB_WORKSPACE/src/SpfIpHelper" --no-restore --configuration Release /p:Version=$env:MODULE_VERSION
- name: Build - AutomationHelper
run: dotnet build "$env:GITHUB_WORKSPACE/src/AutomationHelper" --no-restore --configuration Release /p:Version=$env:MODULE_VERSION
- name: Build module
shell: pwsh
run: |
$moduleName = $env:MODULE_NAME
Copy-Item -Path "$env:GITHUB_WORKSPACE\LICENSE" -Destination "$env:GITHUB_WORKSPACE\Module\$moduleName\LICENSE.txt" -Force
"Building module"
&"$env:GITHUB_WORKSPACE\Workflow\BuildModule.ps1" -RootPath "$env:GITHUB_WORKSPACE" -ModuleName $moduleName
- name: Install AzureSignTool
run: dotnet tool install --global AzureSignTool
- name: Sign files
shell: pwsh
run: |
$files = Get-ChildItem "$env:GITHUB_WORKSPACE\Module\$env:MODULE_NAME" -File -Recurse -Include *.ps1, *.ps1xml, *.psd1, *.psm1, *.pssc, *.psrc, *.cdxml, *.dll
try {
foreach ($file in $files) {
azuresigntool sign `
-kvu ${{ vars.CODESIGNING_KEYVAULTURI }} `
-kvi ${{ vars.TENANTINTEGRATION_CLIENTID }} `
-kvt ${{ vars.TENANTINTEGRATION_TENANTID }} `
-kvs ${{ secrets.TENANTINTEGRATION_CLIENTSECRET }} `
-kvc ${{ vars.CODESIGNING_CERTNAME }} `
-tr 'http://timestamp.digicert.com' `
-v "$($file.FullName)"
}
}
catch {
Write-Host "Error: $($_.Exception)"
throw
}
Write-Host "Signed files summary:"
Get-AuthenticodeSignature -FilePath $files
- name: Setup external packages
shell: pwsh
run: |
$moduleName = $env:MODULE_NAME
"Setting up packages"
&"$env:GITHUB_WORKSPACE\Workflow\SetupPackages.ps1" -ModuleName $moduleName -RootPath "$env:GITHUB_WORKSPACE"
- name: Publish
#Publish to PS Gallery
shell: pwsh
if: ${{ github.event_name != 'workflow_dispatch' }}
env:
SECRET: ${{ secrets.GC_PSGALLERY_APIKEY }}
run: |
write-host "Publishing from: $env:GITHUB_WORKSPACE\Module\$env:MODULE_NAME"
try
{
$env:PSModulePath = "$env:PSModulePath;$env:GITHUB_WORKSPACE\Module"
"PSModulePath: $env:PSModulePath"
Publish-Module -Path "$env:GITHUB_WORKSPACE\Module\$env:MODULE_NAME" -NuGetApiKey "$env:SECRET"
}
catch
{
Write-Host "Error: $($_.Exception)"
throw
}