diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 43e6bc1fa..54d0edcfe 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,22 +3,13 @@ on: push: branches: - master - - release-[6-9].* + - release-* pull_request: - branches-ignore: - - release-[0-5].* - pull_request_target: - branches-ignore: - - release-[0-5].* workflow_dispatch: env: DOTNET_NOLOGO: true jobs: build: - if: - (github.event_name == 'pull_request_target' && github.event.pull_request.user.login == 'dependabot[bot]') || - (github.event_name == 'pull_request' && github.event.pull_request.user.login != 'dependabot[bot]') || - github.event_name == 'push' || github.event_name == 'workflow_dispatch' name: ${{ matrix.name }} runs-on: ${{ matrix.os }} strategy: @@ -36,18 +27,11 @@ jobs: shell: pwsh run: exit $(If ($env:SECRETS_AVAILABLE -eq 'true') { 0 } Else { 1 }) - name: Checkout - if: github.event_name != 'pull_request_target' - uses: actions/checkout@v2.3.4 + uses: actions/checkout@v3.0.2 with: fetch-depth: 0 - - name: Checkout for Dependabot - if: github.event_name == 'pull_request_target' - uses: actions/checkout@v2.3.4 - with: - ref: "refs/pull/${{ github.event.number }}/merge" - fetch-depth: 0 - name: Setup .NET SDK - uses: actions/setup-dotnet@v1.9.0 + uses: actions/setup-dotnet@v2.1.0 with: dotnet-version: | 6.0.x @@ -56,82 +40,21 @@ jobs: run: dotnet build src --configuration Release - name: Upload packages if: matrix.name == 'Windows' - uses: actions/upload-artifact@v2.2.2 + uses: actions/upload-artifact@v3.1.0 with: name: NuGet packages path: nugets/ retention-days: 7 - name: Azure login - uses: azure/login@v1.3.0 + uses: azure/login@v1.4.5 with: creds: ${{ secrets.AZURE_ACI_CREDENTIALS }} - enable-AzPSSession: true - name: Setup RabbitMQ - id: setup-rabbitmq - shell: pwsh - run: | - $hostInfo = curl -H Metadata:true "169.254.169.254/metadata/instance?api-version=2017-08-01" | ConvertFrom-Json - $region = $hostInfo.compute.location - $hostname = "psw-rabbitmq-$(Get-Random)" - - echo "::set-output name=hostname::$hostname" - echo "Creating RabbitMQ container $hostname in $region (This can take a while.)" - - $jsonResult = az container create --image rabbitmq:3-management --name $hostname --location $region --dns-name-label $hostname --resource-group GitHubActions-RG --cpu 4 --memory 16 --ports 5672 15672 --ip-address public - - if(!$jsonResult) - { - Write-Output "Failed to create RabbitMQ container" - exit 1; - } - - $details = $jsonResult | ConvertFrom-Json - - if (!$details.ipAddress) { - Write-Output "Failed to create RabbitMQ container $hostname in $region" - Write-Output $jsonResult - exit 1; - } - - $ip=$details.ipAddress.ip - - echo "::add-mask::$ip" - echo "Tagging container image" - - $dateTag = "Created=$(Get-Date -Format "yyyy-MM-dd")" - $ignore = az tag create --resource-id $details.id --tags Package=RabbitMQTransport RunnerOS=${{ runner.os }} $dateTag - - echo "RabbitMQTransport_ConnectionString=host=$ip" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append - - $uri = "http://" + $ip + ":15672/api/health/checks/virtual-hosts" - $tries = 0 - - do - { - $response = curl $uri -u guest:guest | ConvertFrom-Json - $tries++ - - if(!$response.status) - { - Write-Output "No response, retrying..." - Start-Sleep -m 5000 - } - } until (($response.status) -or ($tries -ge 20)) - - if($response.status -ne "ok") - { - Write-Output "Failed to connect after 10 attempts"; - - Write-Output - exit 1 - } + uses: Particular/setup-rabbitmq-action@v1.2.0 + with: + connection-string-name: RabbitMQTransport_ConnectionString + tag: RabbitMQTransport - name: Run tests - uses: Particular/run-tests-action@v1.0.0 + uses: Particular/run-tests-action@v1.3.0 with: reset-script: dotnet run --project src/targets - - name: Teardown RabbitMQ - if: ${{ always() }} - uses: Azure/powershell@v1 - with: - inlineScript: Remove-AzContainerGroup -ResourceGroupName GitHubActions-RG -Name ${{ steps.setup-rabbitmq.outputs.hostname }} - azPSVersion: latest diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e917d4774..f10917eb5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,96 +2,38 @@ name: Release on: push: tags: - - '[6-9].[0-9]+.[0-9]+' - - '[6-9].[0-9]+.[0-9]+-*' + - '[0-9]+.[0-9]+.[0-9]+' + - '[0-9]+.[0-9]+.[0-9]+-*' env: DOTNET_NOLOGO: true jobs: release: - runs-on: windows-2019 # Code signing requirement https://github.com/NuGet/Home/issues/7939 + runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2.3.4 + uses: actions/checkout@v3.0.2 with: - fetch-depth: 0 - - name: Parse repo name - run: | - $FullName = "$env:GITHUB_REPOSITORY" - $Org,$RepoName = $FullName.Split('/') - echo "PARTICULAR_REPO_NAME=$RepoName" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - shell: pwsh + fetch-depth: 0 - name: Setup .NET SDK - uses: actions/setup-dotnet@v1.9.0 + uses: actions/setup-dotnet@v2.1.0 with: dotnet-version: 6.0.x - name: Build run: dotnet build src --configuration Release - - name: Install NuGetKeyVaultSignTool - run: dotnet tool install --global NuGetKeyVaultSignTool - - name: Sign NuGet Packages - run: | - NuGetKeyVaultSignTool sign nugets\*.nupkg ` - --file-digest sha256 ` - --timestamp-rfc3161 http://timestamp.digicert.com ` - --timestamp-digest sha256 ` - --azure-key-vault-url https://particularcodesigning.vault.azure.net ` - --azure-key-vault-client-id ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }} ` - --azure-key-vault-tenant-id ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }} ` - --azure-key-vault-client-secret ${{ secrets.AZURE_KEY_VAULT_CLIENT_SECRET }} ` - --azure-key-vault-certificate ${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_NAME }} - shell: pwsh + - name: Sign NuGet packages + uses: Particular/sign-nuget-packages-action@v1.0.0 + with: + client-id: ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }} + client-secret: ${{ secrets.AZURE_KEY_VAULT_CLIENT_SECRET }} + certificate-name: ${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_NAME }} - name: Publish artifacts - uses: actions/upload-artifact@v2.2.2 + uses: actions/upload-artifact@v3.1.0 with: name: nugets path: nugets/* retention-days: 1 - - name: Install Octopus CLI - uses: OctopusDeploy/install-octopus-cli-action@v1.1.1 - with: - version: latest - - name: Create Octopus Package - run: | - # Creating the expected file layout for the Octopus package, including intermediate directories - mkdir -p packaging/content - - # Octopus expects NuGet packages to have an extra .nzip extension for NuGet, .czip for Chocolatey - $nugets = Get-ChildItem -Path "./nugets/*.nupkg" - foreach ($file in $nugets) { - cp $file "./packaging/content/$($file.Name).nzip" - } - - # Octopus Deploy scripts need an executable file to recreate this metadata - @" - `$Branch = "${{github.ref_name}}" - `$Version = "${{env.MinVerVersion}}" - `$Product = "${{env.PARTICULAR_REPO_NAME}}" - `$Major = "${{env.MinVerMajor}}" - `$Minor = "${{env.MinVerMinor}}" - `$Commit = "${{github.sha}}" - "@ > packaging/Metadata.ps1 - - # Create the Octopus package - octo pack --id="${{env.PARTICULAR_REPO_NAME}}.Deploy" --version="${{env.MinVerVersion}}" --format="nupkg" --basePath="packaging" --outFolder="octopus-package" - shell: pwsh - - name: Publish Octopus Package Artifacts - uses: actions/upload-artifact@v2.2.2 - with: - name: octopus-package - path: octopus-package/* - retention-days: 1 - - name: Push package to Octopus Deploy - uses: OctopusDeploy/push-package-action@v1.0.0 - with: - server: https://deploy.particular.net - api_key: ${{ secrets.OCTOPUS_DEPLOY_API_KEY }} - packages: octopus-package/${{env.PARTICULAR_REPO_NAME}}.Deploy.${{env.MinVerVersion}}.nupkg - - name: Create Octopus Deploy release - uses: OctopusDeploy/create-release-action@v1.0.2 + - name: Deploy + uses: Particular/push-octopus-package-action@v1.0.0 with: - server: https://deploy.particular.net - api_key: ${{ secrets.OCTOPUS_DEPLOY_API_KEY }} - project: ${{env.PARTICULAR_REPO_NAME}} - release_number: ${{env.MinVerVersion}} - package_version: ${{env.MinVerVersion}} - package: "GitReleaseManager:0.11.0" + octopus-deploy-api-key: ${{ secrets.OCTOPUS_DEPLOY_API_KEY }}