Publish #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: 'Version to publish' | |
required: true | |
permissions: | |
contents: write | |
jobs: | |
create-draft-release: | |
name: Create Draft Release | |
runs-on: ubuntu-latest | |
steps: | |
- id: app-token | |
uses: actions/create-github-app-token@v1 | |
with: | |
app-id: ${{ vars.ONIONFRUIT_TEAM_CLIENT_ID }} | |
private-key: ${{ secrets.ONIONFRUIT_TEAM_CLIENT_KEY }} | |
- uses: softprops/action-gh-release@v2 | |
with: | |
draft: true | |
prerelease: true | |
generate_release_notes: true | |
token: ${{ steps.app-token.outputs.token }} | |
name: ${{ github.event.inputs.version }} | |
tag_name: ${{ github.event.inputs.version }} | |
build-windows: | |
name: Build (${{ matrix.rid }}) | |
runs-on: windows-latest | |
environment: release | |
needs: [create-draft-release] | |
strategy: | |
matrix: | |
rid: [win-x64] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: '8.0.x' | |
- id: import-cert | |
name: Import Code Signing Certificate | |
shell: pwsh | |
run: | | |
$data = [System.Convert]::FromBase64String($env:CertificateContents) | |
$path = [System.IO.Path]::Combine($env:RUNNER_TEMP, 'certificate.pfx') | |
Set-Content -Path $path -Value $data -AsByteStream | |
echo "certPath=$path" >> $env:GITHUB_OUTPUT | |
env: | |
CertificateContents: ${{ secrets.CODESIGN_CERTIFICATE }} | |
- id: deploytool | |
name: Download Deployment Tool | |
shell: pwsh | |
run: | | |
$zipPath = [System.IO.Path]::Combine($env:TEMP, 'onionfruit-deploy.zip') | |
$deployToolHome = [System.IO.Path]::Combine($env:TEMP, 'onionfruit-deploy') | |
Invoke-WebRequest -Uri https://github.com/dragonfruitnetwork/onionfruit-deploy/releases/latest/download/onionfruit-deploy.zip -OutFile $zipPath | |
Expand-Archive -Path $zipPath -DestinationPath $deployToolHome | |
Copy-Item -Path oniondeploy.xml -Destination $deployToolHome | |
echo "home=$deployToolHome" >> $env:GITHUB_OUTPUT | |
- name: Validate Deployment Tool Attestation | |
working-directory: ${{ steps.deploytool.outputs.home }} | |
run: gh attestation verify DragonFruit.OnionFruit.Deploy.dll --repo dragonfruitnetwork/onionfruit-deploy --deny-self-hosted-runners | |
env: | |
GH_TOKEN: ${{ github.token }} | |
- name: Restore .NET Tools | |
run: dotnet tool restore | |
- name: Restore NuGet Packages | |
run: dotnet restore | |
- name: Update nuget-licenses.json | |
run: dotnet tool run nuget-license -o JsonPretty -ji DragonFruit.OnionFruit.Windows/nuget-license-sources.json | Out-File -FilePath DragonFruit.OnionFruit/Assets/nuget-licenses.json -Encoding utf8 | |
continue-on-error: true | |
- name: Run deployment tool | |
working-directory: ${{ steps.deploytool.outputs.home }} | |
run: dotnet DragonFruit.OnionFruit.Deploy.dll ${{ github.workspace }}\DragonFruit.OnionFruit.Windows\DragonFruit.OnionFruit.Windows.csproj ${{ matrix.rid }} "${{ github.event.inputs.version }}" | |
env: | |
ONIONDEPLOY_GitHub__Token: ${{ github.token }} | |
ONIONDEPLOY_CodeSign__Password: ${{ secrets.CODESIGN_PASSWORD }} | |
ONIONDEPLOY_CodeSign__Certificate: ${{ steps.import-cert.outputs.certPath }} | |
copy-legacy: | |
name: Copy legacy updater files | |
runs-on: ubuntu-latest | |
needs: [build-windows] | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
steps: | |
- name: Download assets | |
run: gh release download -p '*.nupkg' -p 'RELEASES' --repo dragonfruitnetwork/onionfruit | |
- name: Re-upload assets | |
run: gh release upload ${{ github.event.inputs.version }} *.nupkg RELEASES --repo dragonfruitnetwork/onionfruit |