Skip to content

Refactor: added workflow_dispatch #1

Refactor: added workflow_dispatch

Refactor: added workflow_dispatch #1

name: Publish Artifacts

Check failure on line 1 in .github/workflows/publish-artifacts.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/publish-artifacts.yml

Invalid workflow file

(Line: 3, Col: 1): Unexpected value 'oon'
oon:
workflow_dispatch:
inputs:
package_version:
description: "Optional shared package version."
required: false
type: string
core_version:
description: "Optional manual version for ModularityKit.Mutator."
required: false
type: string
governance_version:
description: "Optional manual version for ModularityKit.Mutator.Governance."
required: false
type: string
redis_version:
description: "Optional manual version for ModularityKit.Mutator.Governance.Redis."
required: false
type: string
publish_core:
description: "Pack ModularityKit.Mutator."
required: false
type: boolean
default: true
publish_governance:
description: "Pack ModularityKit.Mutator.Governance."
required: false
type: boolean
default: true
publish_redis:
description: "Pack ModularityKit.Mutator.Governance.Redis."
required: false
type: boolean
default: true
workflow_call:
outputs:
signing_enabled:
description: "Whether package signing was enabled for this run."
value: ${{ jobs.package.outputs.signing_enabled }}
signature_verification_enabled:
description: "Whether signed package verification was enabled for this run."
value: ${{ jobs.package.outputs.signature_verification_enabled }}
inputs:
package_version:
description: "Optional package version, usually the release tag without the leading v."
required: false
type: string
core_version:
description: "Optional manual version for ModularityKit.Mutator."
required: false
type: string
governance_version:
description: "Optional manual version for ModularityKit.Mutator.Governance."
required: false
type: string
redis_version:
description: "Optional manual version for ModularityKit.Mutator.Governance.Redis."
required: false
type: string
publish_core:
description: "Pack ModularityKit.Mutator."
required: false
type: boolean
default: true
publish_governance:
description: "Pack ModularityKit.Mutator.Governance."
required: false
type: boolean
default: true
publish_redis:
description: "Pack ModularityKit.Mutator.Governance.Redis."
required: false
type: boolean
default: true
secrets:
NUGET_SIGN_CERTIFICATE_BASE64:
required: false
NUGET_SIGN_CERTIFICATE_PASSWORD:
required: false
NUGET_SIGN_CERTIFICATE_SHA256_FINGERPRINT:
required: false
NUGET_SIGN_TIMESTAMP_URL:
required: false
NUGET_SIGN_SKIP_VERIFICATION:
required: false
permissions:
contents: read
jobs:
package:
name: Pack packages
runs-on: ubuntu-latest
outputs:
signing_enabled: ${{ steps.signing.outputs.enabled }}
signature_verification_enabled: ${{ steps.signing.outputs.verify_enabled }}
steps:
- name: Checkout
uses: actions/checkout@v5
- name: Setup .NET
uses: actions/setup-dotnet@v5
with:
dotnet-version: 10.0.x
- name: Restore
run: dotnet restore ModularityKit.Mutator.slnx
- name: Resolve package versions
id: version
env:
PACKAGE_VERSION: ${{ inputs.package_version }}
CORE_VERSION: ${{ inputs.core_version }}
GOVERNANCE_VERSION: ${{ inputs.governance_version }}
REDIS_VERSION: ${{ inputs.redis_version }}
REF_NAME: ${{ github.ref_name }}
run: |
resolve_version() {
local value="$1"
local fallback="$2"
if [ -z "$value" ]; then
value="$fallback"
fi
if [ -z "$value" ]; then
value="$REF_NAME"
fi
value="${value#v}"
if ! printf '%s' "$value" | grep -Eq '^[0-9]+(\.[0-9]+){1,2}([-+][0-9A-Za-z.-]+)?$'; then
value="0.1.0"
fi
printf '%s' "$value"
}
shared_version="$(resolve_version "$PACKAGE_VERSION" "")"
core_version="$(resolve_version "$CORE_VERSION" "$shared_version")"
governance_version="$(resolve_version "$GOVERNANCE_VERSION" "$shared_version")"
redis_version="$(resolve_version "$REDIS_VERSION" "$shared_version")"
echo "package_version=$shared_version" >> "$GITHUB_OUTPUT"
echo "core_version=$core_version" >> "$GITHUB_OUTPUT"
echo "governance_version=$governance_version" >> "$GITHUB_OUTPUT"
echo "redis_version=$redis_version" >> "$GITHUB_OUTPUT"
- name: Validate package selection
if: ${{ inputs.publish_core != true && inputs.publish_governance != true && inputs.publish_redis != true }}
run: |
echo "At least one package must be selected for packing." >&2
exit 1
- name: Pack core package
if: ${{ inputs.publish_core == true }}
run: >
dotnet pack src/ModularityKit.Mutator.csproj
-c Release
--no-restore
-o nupkg
-p:PackageVersion=${{ steps.version.outputs.core_version }}
- name: Pack governance package
if: ${{ inputs.publish_governance == true }}
run: >
dotnet pack src/ModularityKit.Mutator.Governance.csproj
-c Release
--no-restore
-o nupkg
-p:PackageVersion=${{ steps.version.outputs.governance_version }}
- name: Pack Redis governance package
if: ${{ inputs.publish_redis == true }}
run: >
dotnet pack src/Redis/ModularityKit.Mutator.Governance.Redis.csproj
-c Release
--no-restore
-o nupkg
-p:PackageVersion=${{ steps.version.outputs.redis_version }}
- name: Resolve signing mode
id: signing
env:
NUGET_SIGN_CERTIFICATE_BASE64: ${{ secrets.NUGET_SIGN_CERTIFICATE_BASE64 }}
NUGET_SIGN_CERTIFICATE_PASSWORD: ${{ secrets.NUGET_SIGN_CERTIFICATE_PASSWORD }}
NUGET_SIGN_CERTIFICATE_SHA256_FINGERPRINT: ${{ secrets.NUGET_SIGN_CERTIFICATE_SHA256_FINGERPRINT }}
NUGET_SIGN_TIMESTAMP_URL: ${{ secrets.NUGET_SIGN_TIMESTAMP_URL }}
NUGET_SIGN_SKIP_VERIFICATION: ${{ secrets.NUGET_SIGN_SKIP_VERIFICATION }}
run: |
if [ -n "$NUGET_SIGN_CERTIFICATE_BASE64" ] \
&& [ -n "$NUGET_SIGN_CERTIFICATE_PASSWORD" ] \
&& [ -n "$NUGET_SIGN_CERTIFICATE_SHA256_FINGERPRINT" ] \
&& [ -n "$NUGET_SIGN_TIMESTAMP_URL" ]; then
echo "enabled=true" >> "$GITHUB_OUTPUT"
echo "Package signing enabled."
else
echo "enabled=false" >> "$GITHUB_OUTPUT"
echo "Package signing disabled. Continuing with unsigned packages."
fi
if [ "${NUGET_SIGN_SKIP_VERIFICATION,,}" = "true" ]; then
echo "verify_enabled=false" >> "$GITHUB_OUTPUT"
echo "Signed package verification disabled by NUGET_SIGN_SKIP_VERIFICATION."
else
echo "verify_enabled=true" >> "$GITHUB_OUTPUT"
echo "Signed package verification enabled."
fi
- name: Import signing certificate
if: ${{ steps.signing.outputs.enabled == 'true' }}
env:
NUGET_SIGN_CERTIFICATE_BASE64: ${{ secrets.NUGET_SIGN_CERTIFICATE_BASE64 }}
run: |
printf '%s' "$NUGET_SIGN_CERTIFICATE_BASE64" | base64 --decode > signing-cert.pfx
- name: Sign packages
if: ${{ steps.signing.outputs.enabled == 'true' }}
env:
NUGET_SIGN_CERTIFICATE_PASSWORD: ${{ secrets.NUGET_SIGN_CERTIFICATE_PASSWORD }}
NUGET_SIGN_TIMESTAMP_URL: ${{ secrets.NUGET_SIGN_TIMESTAMP_URL }}
run: |
for package in nupkg/*.nupkg; do
dotnet nuget sign "$package" \
--certificate-path signing-cert.pfx \
--certificate-password "$NUGET_SIGN_CERTIFICATE_PASSWORD" \
--timestamper "$NUGET_SIGN_TIMESTAMP_URL" \
--timestamp-hash-algorithm SHA256 \
--hash-algorithm SHA256 \
--overwrite
done
- name: Verify signed packages
if: ${{ steps.signing.outputs.enabled == 'true' && steps.signing.outputs.verify_enabled == 'true' }}
env:
NUGET_SIGN_CERTIFICATE_SHA256_FINGERPRINT: ${{ secrets.NUGET_SIGN_CERTIFICATE_SHA256_FINGERPRINT }}
run: |
for package in nupkg/*.nupkg; do
dotnet nuget verify "$package" \
--all \
--certificate-fingerprint "$NUGET_SIGN_CERTIFICATE_SHA256_FINGERPRINT"
done
- name: Remove signing certificate
if: ${{ always() }}
run: rm -f signing-cert.pfx
- name: Upload packages
uses: actions/upload-artifact@v4
with:
name: ModularityKit-packages
path: nupkg/*.nupkg