Bump actions/upload-artifact action to v7.0.1 (#1494) #2886
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: [ main ] | |
| tags: [ v* ] | |
| pull_request: | |
| workflow_dispatch: | |
| env: | |
| DOTNET_CLI_TELEMETRY_OPTOUT: true | |
| DOTNET_NOLOGO: true | |
| DOTNET_SYSTEM_CONSOLE_ALLOW_ANSI_COLOR_REDIRECTION: 1 | |
| FORCE_COLOR: 3 | |
| NUGET_XMLDOC_MODE: skip | |
| TERM: xterm | |
| permissions: {} | |
| jobs: | |
| build: | |
| name: ${{ matrix.os-name }} | |
| runs-on: ${{ matrix.runner }} | |
| timeout-minutes: 20 | |
| outputs: | |
| dotnet-sdk-version: ${{ steps.setup-dotnet.outputs.dotnet-version }} | |
| dotnet-validate-version: ${{ steps.get-dotnet-tools-versions.outputs.dotnet-validate-version }} | |
| nuget-package-validation-version: ${{ steps.get-dotnet-tools-versions.outputs.nuget-package-validation-version }} | |
| package-version: ${{ steps.build.outputs.package-version }} | |
| permissions: | |
| attestations: write | |
| contents: write | |
| id-token: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os-name: macos | |
| runner: macos-latest | |
| - os-name: linux | |
| runner: ubuntu-latest | |
| - os-name: windows | |
| runner: windows-latest | |
| steps: | |
| - name: Update agent configuration | |
| shell: pwsh | |
| run: | | |
| if ($IsWindows) { | |
| "DOTNET_INSTALL_DIR=D:\tools\dotnet" >> ${env:GITHUB_ENV} | |
| "DOTNET_ROOT=D:\tools\dotnet" >> ${env:GITHUB_ENV} | |
| "NUGET_PACKAGES=D:\.nuget\packages" >> ${env:GITHUB_ENV} | |
| } else { | |
| $nugetHome = "~/.nuget/packages" | |
| if (-Not (Test-Path $nugetHome)) { | |
| New-Item -Path $nugetHome -Type Directory -Force | Out-Null | |
| } | |
| $nugetHome = Resolve-Path $nugetHome | |
| "NUGET_PACKAGES=$nugetHome" >> ${env:GITHUB_ENV} | |
| } | |
| - name: Checkout code | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| filter: 'tree:0' | |
| persist-credentials: false | |
| show-progress: false | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0 | |
| id: setup-dotnet | |
| - name: Build, Test and Package | |
| id: build | |
| shell: pwsh | |
| run: ./build.ps1 | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 | |
| with: | |
| flags: ${{ matrix.os-name }} | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Upload test results to Codecov | |
| uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 | |
| if: ${{ !cancelled() }} | |
| with: | |
| flags: ${{ matrix.os-name }} | |
| report_type: test_results | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Generate SBOM | |
| uses: anchore/sbom-action@e22c389904149dbc22b58101806040fa8d37a610 # v0.24.0 | |
| if: runner.os == 'Windows' | |
| with: | |
| artifact-name: sqllocaldb.spdx.json | |
| output-file: ./artifacts/sqllocaldb.spdx.json | |
| path: ./artifacts/bin | |
| upload-release-assets: false | |
| - name: Attest artifacts | |
| uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0 | |
| if: | | |
| runner.os == 'Windows' && | |
| github.event.repository.fork == false && | |
| (github.ref_name == github.event.repository.default_branch || startsWith(github.ref, 'refs/tags/v')) | |
| with: | |
| subject-path: | | |
| ./artifacts/bin/MartinCostello.SqlLocalDb/release*/*.dll | |
| ./artifacts/package/release/* | |
| ./artifacts/*.spdx.json | |
| - name: Publish artifacts | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: artifacts-${{ matrix.os-name }} | |
| path: ./artifacts | |
| - name: Publish NuGet packages | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: packages-${{ matrix.os-name }} | |
| path: ./artifacts/package/release | |
| if-no-files-found: error | |
| - name: Get .NET tools versions | |
| id: get-dotnet-tools-versions | |
| shell: pwsh | |
| run: | | |
| $manifest = (Get-Content "./.config/dotnet-tools.json" | Out-String | ConvertFrom-Json) | |
| $dotnetValidateVersion = $manifest.tools.'dotnet-validate'.version | |
| $nugetPackageValidationVersion = $manifest.tools.'meziantou.framework.nugetpackagevalidation.tool'.version | |
| "dotnet-validate-version=${dotnetValidateVersion}" >> ${env:GITHUB_OUTPUT} | |
| "nuget-package-validation-version=${nugetPackageValidationVersion}" >> ${env:GITHUB_OUTPUT} | |
| validate-packages: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: packages-windows | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0 | |
| with: | |
| dotnet-version: ${{ needs.build.outputs.dotnet-sdk-version }} | |
| - name: Install NuGet package validation tools | |
| shell: pwsh | |
| env: | |
| DOTNET_VALIDATE_VERSION: ${{ needs.build.outputs.dotnet-validate-version }} | |
| NUGET_PACKAGE_VALIDATION_VERSION: ${{ needs.build.outputs.nuget-package-validation-version }} | |
| run: | | |
| dotnet tool install --global dotnet-validate --version ${env:DOTNET_VALIDATE_VERSION} --allow-roll-forward | |
| dotnet tool install --global Meziantou.Framework.NuGetPackageValidation.Tool --version ${env:NUGET_PACKAGE_VALIDATION_VERSION} --allow-roll-forward | |
| - name: Validate NuGet packages | |
| shell: pwsh | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| $packages = Get-ChildItem -Filter "*.nupkg" | ForEach-Object { $_.FullName } | |
| $invalidPackages = 0 | |
| foreach ($package in $packages) { | |
| $isValid = $true | |
| dotnet validate package local $package | |
| if ($LASTEXITCODE -ne 0) { | |
| $isValid = $false | |
| } | |
| meziantou.validate-nuget-package $package --github-token ${env:GH_TOKEN} | |
| if ($LASTEXITCODE -ne 0) { | |
| $isValid = $false | |
| } | |
| if (-Not $isValid) { | |
| $invalidPackages++ | |
| } | |
| } | |
| if ($invalidPackages -gt 0) { | |
| Write-Output "::error::$invalidPackages NuGet package(s) failed validation." | |
| exit 1 | |
| } | |
| publish-feedz-io: | |
| needs: [ build, validate-packages ] | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.event.repository.fork == false && | |
| (github.ref_name == github.event.repository.default_branch || | |
| startsWith(github.ref, 'refs/tags/v')) | |
| environment: | |
| name: feedz.io | |
| url: https://feedz.io/org/${{ github.repository_owner }}/repository/sqllocaldb/packages/MartinCostello.SqlLocalDb | |
| steps: | |
| - name: Download packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: packages-windows | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0 | |
| with: | |
| dotnet-version: ${{ needs.build.outputs.dotnet-sdk-version }} | |
| - name: Push NuGet packages to feedz.io | |
| shell: bash | |
| env: | |
| API_KEY: ${{ secrets.FEEDZ_IO_TOKEN }} | |
| PACKAGE_VERSION: ${{ needs.build.outputs.package-version }} | |
| SOURCE: "https://f.feedz.io/${{ github.repository }}/nuget/index.json" | |
| run: | | |
| dotnet nuget push "*.nupkg" --api-key "${API_KEY}" --skip-duplicate --source "${SOURCE}" && echo "::notice title=feedz.io::Published version ${PACKAGE_VERSION} to feedz.io." | |
| draft-release: | |
| needs: [ build, validate-packages ] | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.event.repository.fork == false && | |
| startsWith(github.ref, 'refs/tags/v') | |
| steps: | |
| - name: Download packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: packages-windows | |
| path: ./dist | |
| - name: Download SBOM | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: sqllocaldb.spdx.json | |
| path: ./dist | |
| - name: Generate checksums | |
| shell: bash | |
| working-directory: ./dist | |
| run: | | |
| find "." -type f -name '*' | while read -r fname; do | |
| echo "Generating checksum for ${fname}" | |
| base_name="$(basename "${fname}")" | |
| sha256sum "${base_name}" >> "./checksums.txt" | |
| done | |
| echo "Verifying checksums" | |
| sha256sum "./checksums.txt" --check || exit 1 | |
| - name: GPG sign assets | |
| env: | |
| ASSETS_PATH: ./dist | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| GH_TOKEN: ${{ secrets.COSTELLOBOT_TOKEN }} | |
| shell: bash | |
| run: | | |
| gh api "/users/${GITHUB_REPOSITORY_OWNER}/gpg_keys" --jq ".[].raw_key" | gpg --import | |
| gpg --list-keys --with-colons | awk -F: '/^fpr:/ { print $10 }' | while read -r key; do | |
| echo "${key}:6:" | gpg --import-ownertrust | |
| done | |
| echo "${GPG_PRIVATE_KEY}" | gpg --import --batch --yes --passphrase "${GPG_PASSPHRASE}" | |
| find "${ASSETS_PATH}" -type f -name '*' | while read -r fname; do | |
| echo "Signing ${fname}" | |
| echo "${GPG_PASSPHRASE}" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback --detach-sig "${fname}" | |
| gpg --verify "${fname}.sig" "${fname}" | |
| done | |
| - name: Draft release | |
| uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 | |
| with: | |
| github-token: ${{ secrets.COSTELLOBOT_TOKEN }} | |
| script: | | |
| const { repo, owner } = context.repo; | |
| const tag_name = process.env.GITHUB_REF_NAME; | |
| const name = tag_name; | |
| const { data: release } = await github.rest.repos.createRelease({ | |
| owner, | |
| repo, | |
| tag_name, | |
| name, | |
| draft: true, | |
| generate_release_notes: true, | |
| prerelease: tag_name.includes('-'), | |
| }); | |
| core.notice(`Drafted release ${release.name}: ${release.html_url}`); | |
| - name: Attach files to the release | |
| shell: bash | |
| env: | |
| GH_TOKEN: ${{ secrets.COSTELLOBOT_TOKEN }} | |
| run: | | |
| gh release upload "${GITHUB_REF_NAME}" "dist/*" --clobber --repo "${GITHUB_REPOSITORY}" |