Sign nuget packages #11

Workflow file for this run

.github/workflows/release.yml at 8f26ce0

	name: release

	on:
	push:
	branches:
	- 'releases/*'
	tags:
	- 'v..*'

	permissions:
	contents: read

	jobs:
	release:
	runs-on: windows-2022

	strategy:
	matrix:
	configuration: [Debug, Release]

	env:
	DOTNET_NOLOGO: 1
	DOTNET_CLI_TELEMETRY_OPTOUT: 1
	DOTNET_GENERATE_ASPNET_CERTIFICATE: 0
	ContinuousIntegrationBuild: true
	RestoreLockedMode: true
	RepositoryBranch: '${{ github.ref_name }}'
	RepositoryCommit: '${{ github.sha }}'
	Configuration: '${{ matrix.configuration }}'

	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: Setup dotnet
	uses: actions/setup-dotnet@v3
	with:
	dotnet-version: 8

	- name: Setup MSBuild
	uses: microsoft/setup-msbuild@v1.1

	- name: Cache dotnet tools
	uses: actions/cache@v3
	id: cache-dotnettools
	with:
	path: ~/.dotnet/tools
	key: dotnettools

	- name: Setup AzureSignTool
	if: steps.cache-dotnettools.outputs.cache-hit != 'true'
	run: dotnet tool install --verbosity minimal --global azuresigntool --version 5.0.0

	- name: Setup NuGetKeyVaultSignTool
	if: steps.cache-dotnettools.outputs.cache-hit != 'true'
	run: dotnet tool install --verbosity minimal --global NuGetKeyVaultSignTool --version 3.2.2

	- name: Cache packages
	uses: actions/cache@v3
	with:
	path: ~/.nuget/packages
	key: NetOffice-nuget-${{ hashFiles('**/packages.lock.json') }}
	restore-keys: \|
	NetOffice-nuget-

	- name: Build information
	id: build
	run: .\.github\Get-BuildInfo.ps1 -ref '${{ github.ref }}' -event_name '${{ github.event_name }}' -configuration '${{ matrix.configuration }}'

	- name: Build NetOffice
	run: \|
	dotnet build Source\NetOffice.sln
	env:
	VersionSuffix: ${{ steps.build.outputs.app_version_suffix }}

	- name: Sign Files Catalog
	run: \|
	$content = Get-Content obj/signlist.txt
	$content = $content.Replace('${{ github.workspace }}', '..')
	$content \| Set-Content obj/signlist.txt

	- name: Sign NetOffice libraries
	if: success() && steps.build.outputs.sign_binaries == 'true'
	uses: azure/trusted-signing-action@v0.3.19
	with:
	azure-tenant-id: ${{ secrets.KEYVAULT_TENANT_ID }}
	azure-client-id: ${{ secrets.KEYVAULT_CLIENT_ID }}
	azure-client-secret: ${{ secrets.KEYVAULT_CLIENT_SECRET }}
	endpoint: ${{ vars.KEYVAULT_ENDPOINT }}
	trusted-signing-account-name: ${{ vars.KEYVAULT_ACCOUNT_NAME }}
	certificate-profile-name: ${{ secrets.KEYVAULT_CERTIFICATE_PROFILE }}
	files-catalog: '${{ github.workspace }}/obj/signlist.txt'
	file-digest: SHA256
	timestamp-rfc3161: http://timestamp.acs.microsoft.com
	timestamp-digest: SHA256

	- name: Archive NetOffice binaries
	uses: actions/upload-artifact@v3
	with:
	name: NetOffice_binaries_v${{ steps.build.outputs.app_version_full }}_${{ matrix.configuration }}
	path: '${{ github.workspace }}\Source\ClientApplication\bin\${{ matrix.configuration }}'

	- name: Pack NetOffice
	if: steps.build.outputs.publish_nuget == 'true'
	run: \|
	dotnet pack --no-build --no-restore Source\NetOffice.sln -c ${{ matrix.configuration }} -o dist
	env:
	VersionSuffix: ${{ steps.build.outputs.app_version_suffix }}

	- name: Sign NetOffice packages
	if: success() && steps.build.outputs.sign_binaries == 'true'
	uses: azure/trusted-signing-action@v0.3.19
	with:
	azure-tenant-id: ${{ secrets.KEYVAULT_TENANT_ID }}
	azure-client-id: ${{ secrets.KEYVAULT_CLIENT_ID }}
	azure-client-secret: ${{ secrets.KEYVAULT_CLIENT_SECRET }}
	endpoint: ${{ vars.KEYVAULT_ENDPOINT }}
	trusted-signing-account-name: ${{ vars.KEYVAULT_ACCOUNT_NAME }}
	certificate-profile-name: ${{ secrets.KEYVAULT_CERTIFICATE_PROFILE }}
	files-folder: '${{ github.workspace}}\dist'
	files-folder-filter: nupkg
	timestamp-rfc3161: http://timestamp.acs.microsoft.com
	timestamp-digest: SHA256

	# - name: Publish packages
	# if: success() && steps.build.outputs.publish_nuget == 'true'
	# working-directory: '${{ github.workspace}}\dist'
	# run: \|
	# dotnet nuget push *.nupkg --api-key $env:NUGET_TOKEN --source https://api.nuget.org/v3/index.json
	# env:
	# NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}

	- name: Archive NetOffice packages
	if: success() && steps.build.outputs.publish_nuget == 'true'
	uses: actions/upload-artifact@v3
	with:
	name: NetOffice_packages_v${{ steps.build.outputs.app_version_full }}
	path: '${{ github.workspace }}\dist'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sign nuget packages #11

Workflow file

Sign nuget packages #11

Jobs

Run details

Workflow file for this run