Skip to content

Publish

Publish #18

Workflow file for this run

name: Publish
on:
workflow_dispatch:
inputs:
version:
description: 'Version to publish'
required: true
permissions:
contents: write
jobs:
create-draft-release:
name: Create Draft Release
runs-on: ubuntu-latest
steps:
- id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.ONIONFRUIT_TEAM_CLIENT_ID }}
private-key: ${{ secrets.ONIONFRUIT_TEAM_CLIENT_KEY }}
- uses: softprops/action-gh-release@v2
with:
draft: true
prerelease: true
generate_release_notes: true
token: ${{ steps.app-token.outputs.token }}
name: ${{ github.event.inputs.version }}
tag_name: ${{ github.event.inputs.version }}
build-windows:
name: Build (${{ matrix.rid }})
runs-on: windows-latest
environment: release
needs: [create-draft-release]
strategy:
matrix:
rid: [win-x64]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.0.x'
- id: import-cert
name: Import Code Signing Certificate
shell: pwsh
run: |
$data = [System.Convert]::FromBase64String($env:CertificateContents)
$path = [System.IO.Path]::Combine($env:RUNNER_TEMP, 'certificate.pfx')
Set-Content -Path $path -Value $data -AsByteStream
echo "certPath=$path" >> $env:GITHUB_OUTPUT
env:
CertificateContents: ${{ secrets.CODESIGN_CERTIFICATE }}
- id: deploytool
name: Download Deployment Tool
shell: pwsh
run: |
$zipPath = [System.IO.Path]::Combine($env:TEMP, 'onionfruit-deploy.zip')
$deployToolHome = [System.IO.Path]::Combine($env:TEMP, 'onionfruit-deploy')
Invoke-WebRequest -Uri https://github.com/dragonfruitnetwork/onionfruit-deploy/releases/latest/download/onionfruit-deploy.zip -OutFile $zipPath
Expand-Archive -Path $zipPath -DestinationPath $deployToolHome
Copy-Item -Path oniondeploy.xml -Destination $deployToolHome
echo "home=$deployToolHome" >> $env:GITHUB_OUTPUT
- name: Validate Deployment Tool Attestation
working-directory: ${{ steps.deploytool.outputs.home }}
run: gh attestation verify DragonFruit.OnionFruit.Deploy.dll --repo dragonfruitnetwork/onionfruit-deploy --deny-self-hosted-runners
env:
GH_TOKEN: ${{ github.token }}
- name: Restore .NET Tools
run: dotnet tool restore
- name: Restore NuGet Packages
run: dotnet restore
- name: Update nuget-licenses.json
run: dotnet tool run nuget-license -o JsonPretty -ji DragonFruit.OnionFruit.Windows/nuget-license-sources.json | Out-File -FilePath DragonFruit.OnionFruit/Assets/nuget-licenses.json -Encoding utf8
continue-on-error: true
- name: Run deployment tool
working-directory: ${{ steps.deploytool.outputs.home }}
run: dotnet DragonFruit.OnionFruit.Deploy.dll ${{ github.workspace }}\DragonFruit.OnionFruit.Windows\DragonFruit.OnionFruit.Windows.csproj ${{ matrix.rid }} "${{ github.event.inputs.version }}"
env:
ONIONDEPLOY_GitHub__Token: ${{ github.token }}
ONIONDEPLOY_CodeSign__Password: ${{ secrets.CODESIGN_PASSWORD }}
ONIONDEPLOY_CodeSign__Certificate: ${{ steps.import-cert.outputs.certPath }}
copy-legacy:
name: Copy legacy updater files
runs-on: ubuntu-latest
needs: [build-windows]
env:
GITHUB_TOKEN: ${{ github.token }}
steps:
- name: Download assets
run: gh release download -p '*.nupkg' -p 'RELEASES' --repo dragonfruitnetwork/onionfruit
- name: Re-upload assets
run: gh release upload ${{ github.event.inputs.version }} *.nupkg RELEASES --repo dragonfruitnetwork/onionfruit