Publish Public Package #193
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Purpose: Publish on demand to the real gallery (PSGallery). | |
# Note: If the published package is pre-release, then all 3 of the manual inputs (the module version, the pre-release boolean, and the tag) should be entered. | |
name: Publish Public Package | |
on: | |
workflow_dispatch: | |
inputs: | |
# checkov:skip=CKV_GHA_7:Manual inputs are desired. | |
OverrideModuleVersion: | |
description: "Always enter the release version in semantic version format, Major.Minor.Patch (e.g., 1.3.0):" | |
required: false | |
type: string | |
IsPrerelease: | |
description: "If pre-release, check here:" | |
required: false | |
type: boolean | |
default: false | |
PrereleaseTag: | |
description: "If pre-release, enter prerelease tag in [0-9A-Za-z]+ format (e.g., alpha1, rc2, test04):" | |
required: false | |
type: string | |
# for testing | |
# push: | |
# paths: | |
# - ".github/workflows/publish_public_package.yaml" | |
# - "utils/workflow/Publish-ScubaGear.ps1" | |
permissions: read-all | |
jobs: | |
publish: | |
name: Publish to PSGallery | |
runs-on: windows-latest | |
environment: Development | |
permissions: | |
id-token: write | |
contents: write | |
defaults: | |
run: | |
shell: powershell | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
path: repo | |
- name: Install Azure Signing Tool | |
run: | | |
dotnet --version | |
dotnet tool install --global AzureSignTool --version 5.0.0 | |
# OIDC Login to Azure Public Cloud with AzPowershell (enableAzPSSession true) | |
- name: Login to Azure | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
enable-AzPSSession: true | |
- name: Get Key Vault info | |
id: key-vault-info | |
env: | |
KEY_VAULT_INFO: ${{ secrets.SCUBA_KEY_VAULT_PROD}} | |
run: | | |
$KeyVaultInfo = ${env:KEY_VAULT_INFO} | ConvertFrom-Json | |
echo "KeyVaultUrl=$($KeyVaultInfo.KeyVault.URL)" >> $env:GITHUB_OUTPUT | |
echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT | |
- name: Sign and Publish Module | |
run: | | |
# Source the deploy utilities so the functions in it can be called. | |
. repo/utils/workflow/Publish-ScubaGear.ps1 | |
# Remove non-release files | |
Remove-Item -Recurse -Force repo -Include .git* | |
# Extract the API key used to publish to PSGallery | |
$ApiKey = az keyvault secret show --id '${{ steps.key-vault-info.outputs.KeyVaultUrl }}/secrets/ScubaGear-PSGAllery-API-Key' --query value -o tsv | |
if (-Not $ApiKey) | |
{ | |
Write-Error "Failed to retrieve API key" | |
} | |
# Setup the parameters | |
$Parameters = @{ | |
AzureKeyVaultUrl = '${{ steps.key-vault-info.outputs.KeyVaultUrl }}' | |
CertificateName = '${{ steps.key-vault-info.outputs.KeyVaultCertificateName }}' | |
ModuleSourcePath = 'repo/PowerShell/ScubaGear' | |
GalleryName = 'PSGallery' | |
NuGetApiKey = $ApiKey | |
} | |
if ('true' -eq '${{ inputs.IsPrerelease }}') | |
{ | |
Write-Output "Adding IsPrerelease" | |
Write-Output ${{ inputs.IsPrerelease }} | |
$Parameters.Add('PrereleaseTag', '${{ inputs.PrereleaseTag }}') | |
} | |
if (-Not [string]::IsNullOrEmpty('${{ inputs.OverrideModuleVersion }}')) | |
{ | |
Write-Output "Adding OverrideModuleVersion" | |
Write-Output ${{ inputs.OverrideModuleVersion }} | |
$Parameters.Add('OverrideModuleVersion', '${{ inputs.OverrideModuleVersion }}') | |
} | |
# This publishes to PSGallery. | |
Publish-ScubaGearModule @Parameters | |
# This is a manual test that simply writes the version to the console | |
- name: Test Scuba Version | |
run: | | |
# Give PSGallery a chance to publish the pre-release to its API | |
Start-Sleep -Seconds 30 | |
if ('true' -eq '${{ inputs.IsPrerelease }}') | |
{ | |
$Version = '${{ inputs.OverrideModuleVersion }}' + '-' + '${{ inputs.PrereleaseTag }}' | |
Write-Output "Checking for prerelease with required version: $Version" | |
Find-Module -Name ScubaGear -RequiredVersion $Version -AllowPrerelease | |
} | |
else | |
{ | |
Write-Output "Installing latest version" | |
Find-Module -Name ScubaGear | |
} |