-
Notifications
You must be signed in to change notification settings - Fork 2
111 lines (95 loc) · 3.84 KB
/
CreateSignNuGet.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# This is a basic workflow to help you get started with Actions
name: CI
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the master branch
push:
branches:
- internalMain
tags:
- '[0-9]+.[0-9]+.[0-9]+'
- '[0-9]+.[0-9]+.[0-9]+-[0-9a-zA-Z]+'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# Creates from a Nuspec file called template.nuspec located in the root of workspace"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v4
- name: Create NuGet Package
run: |
dotnet pack ./working
- name: Find created nuget
id: findcreatednuget
run: |
#cd ./working/bin/Debug/
#echo nugetPackageName=$(dir *.nupkg) >> $GITHUB_OUTPUT
echo nugetPackageName=$(find . -type f -name '*.nupkg') >> $GITHUB_OUTPUT
shell: bash
- name: Echo Found Package
id: echoFoundPackage
run: echo "${{ steps.findcreatednuget.outputs.nugetPackageName }}"
shell: bash
- uses: actions/upload-artifact@v4
with:
name: NugetPackages
path: "${{ steps.findcreatednuget.outputs.nugetPackageName }}"
# Signing cannot be done from linux environment (https://github.com/dotnet/runtime/issues/48794)
sign:
# The type of runner that the job will run on
runs-on: windows-latest
needs: build
steps:
- name: Download Unsigned NuGet
id: downloadUnsignedNuget
uses: actions/download-artifact@v4
with:
name: NugetPackages
- name: Find Nuget
id: findcreatednuget
run: |
echo nugetPackageName=$(find . -type f -name '*.nupkg') >> $GITHUB_OUTPUT
shell: bash
- name: Download Encrypted Signature File
id: downloadSignatureFile
env:
CERTIFICATE_BASE64: ${{ secrets.SKYLINEPFX }}
run: 'echo "$CERTIFICATE_BASE64" > encodedSignatureFile'
shell: bash
- name: Decrypt Signature File
id: decryptSignatureFile
run: certutil -decode encodedSignatureFile Skyline.pfx
shell: bash
- name: Sign NuGet Package
run: |
#nuget sign "${{ steps.findcreatednuget.outputs.nugetPackageName }}" -NonInteractive -CertificatePath "Skyline.pfx" -Timestamper "http://timestamp.comodoca.com/rfc3161" -CertificatePassword ${{ secrets.SKYLINEPFXPASSWORD }}
dotnet nuget sign "${{ steps.findcreatednuget.outputs.nugetPackageName }}" --certificate-path "Skyline.pfx" --timestamper "http://timestamp.comodoca.com/rfc3161" --certificate-password ${{ secrets.SKYLINEPFXPASSWORD }}
shell: bash
- uses: actions/upload-artifact@v4
with:
name: SignedNugetPackages
path: "${{ steps.findcreatednuget.outputs.nugetPackageName }}"
push:
if: github.ref_type == 'tag'
name: push
runs-on: ubuntu-latest
needs: sign
steps:
- name: Download Signed NuGet
id: downloadSignedNuGet
uses: actions/download-artifact@v4
with:
name: SignedNugetPackages
- name: Find Nuget
id: findcreatednuget
run: |
echo nugetPackageName=$(find . -type f -name '*.nupkg') >> $GITHUB_OUTPUT
shell: bash
- name: Push to NuGet.org
run: |
dotnet nuget push "${{ steps.findcreatednuget.outputs.nugetPackageName }}" --api-key ${{ secrets.NUGETAPIKEY }} --source https://api.nuget.org/v3/index.json
shell: bash