-
Notifications
You must be signed in to change notification settings - Fork 4
151 lines (121 loc) · 3.89 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Always be deploying
on:
pull_request:
paths-ignore:
- 'README.md'
- '.editorconfig'
push:
paths-ignore:
- 'README.md'
- '.editorconfig'
branches:
- main
tags:
- "*.*.*"
permissions:
contents: read
env:
ARTIFACTS: 'build/output/*.nupkg'
jobs:
test-windows:
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- run: |
git fetch --prune --unshallow --tags
echo exit code $?
git tag --list
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
global-json-file: ./global.json
- name: Build
run: build.bat build -s true
shell: cmd
- name: Test
run: build.bat test -s true
shell: cmd
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- run: |
git fetch --prune --unshallow --tags
echo exit code $?
git tag --list
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
global-json-file: ./global.json
- name: Build
run: ./build.sh build -s true
- name: Test
run: ./build.sh test -s true
- name: Generate local nuget packages
run: ./build.sh generatepackages -s true
- name: "Validate *.npkg files"
run: ./build.sh validatepackages -s true
- name: "Inspect public API changes"
run: ./build.sh generateapichanges -s true
- uses: actions/upload-artifact@v4
with:
name: build
path: build/output/
release-canary:
runs-on: ubuntu-latest
if: github.event_name == 'push' && startswith(github.ref, 'refs/heads')
needs: [ build ]
permissions:
attestations: write
contents: write
id-token: write
packages: write
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: build
path: build/output
- uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
with:
subject-path: '${{ github.workspace }}/${{ env.ARTIFACTS }}'
- name: publish canary packages github package repository
shell: bash
timeout-minutes: 2
continue-on-error: true
run: |
until dotnet nuget push '${{ env.ARTIFACTS }}' -k ${{secrets.GITHUB_TOKEN}} --skip-duplicate --no-symbols -s https://nuget.pkg.github.com/elastic/index.json; do echo "Retrying"; sleep 1; done;
# Github packages requires authentication, this is likely going away in the future so for now we publish to feedz.io
- name: Publish canary packages to feedz.io
run: dotnet nuget push '${{ env.ARTIFACTS }}' -k ${{secrets.FEEDZ_IO_API_KEY}} -s https://f.feedz.io/elastic/all/nuget/index.json --skip-duplicate --no-symbols
release:
runs-on: ubuntu-latest
if: github.event_name == 'push' && startswith(github.ref, 'refs/tags')
needs: [ build ]
permissions:
attestations: write
contents: write
id-token: write
issues: write
packages: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- uses: actions/download-artifact@v4
with:
name: build
path: build/output
- name: Generate release notes for tag
run: ./build.sh generatereleasenotes -s true --token ${{secrets.GITHUB_TOKEN}}
- name: Create or update release for tag on github
run: ./build.sh createreleaseongithub -s true --token ${{secrets.GITHUB_TOKEN}}
- uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
with:
subject-path: '${{ github.workspace }}/${{ env.ARTIFACTS }}'
- name: Release to nuget.org
run: dotnet nuget push '${{ env.ARTIFACTS }}' -k ${{secrets.NUGET_API_KEY}} -s https://api.nuget.org/v3/index.json --skip-duplicate --no-symbols