Refactor: added workflow_dispatch #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Artifacts | ||
| oon: | ||
| workflow_dispatch: | ||
| inputs: | ||
| package_version: | ||
| description: "Optional shared package version." | ||
| required: false | ||
| type: string | ||
| core_version: | ||
| description: "Optional manual version for ModularityKit.Mutator." | ||
| required: false | ||
| type: string | ||
| governance_version: | ||
| description: "Optional manual version for ModularityKit.Mutator.Governance." | ||
| required: false | ||
| type: string | ||
| redis_version: | ||
| description: "Optional manual version for ModularityKit.Mutator.Governance.Redis." | ||
| required: false | ||
| type: string | ||
| publish_core: | ||
| description: "Pack ModularityKit.Mutator." | ||
| required: false | ||
| type: boolean | ||
| default: true | ||
| publish_governance: | ||
| description: "Pack ModularityKit.Mutator.Governance." | ||
| required: false | ||
| type: boolean | ||
| default: true | ||
| publish_redis: | ||
| description: "Pack ModularityKit.Mutator.Governance.Redis." | ||
| required: false | ||
| type: boolean | ||
| default: true | ||
| workflow_call: | ||
| outputs: | ||
| signing_enabled: | ||
| description: "Whether package signing was enabled for this run." | ||
| value: ${{ jobs.package.outputs.signing_enabled }} | ||
| signature_verification_enabled: | ||
| description: "Whether signed package verification was enabled for this run." | ||
| value: ${{ jobs.package.outputs.signature_verification_enabled }} | ||
| inputs: | ||
| package_version: | ||
| description: "Optional package version, usually the release tag without the leading v." | ||
| required: false | ||
| type: string | ||
| core_version: | ||
| description: "Optional manual version for ModularityKit.Mutator." | ||
| required: false | ||
| type: string | ||
| governance_version: | ||
| description: "Optional manual version for ModularityKit.Mutator.Governance." | ||
| required: false | ||
| type: string | ||
| redis_version: | ||
| description: "Optional manual version for ModularityKit.Mutator.Governance.Redis." | ||
| required: false | ||
| type: string | ||
| publish_core: | ||
| description: "Pack ModularityKit.Mutator." | ||
| required: false | ||
| type: boolean | ||
| default: true | ||
| publish_governance: | ||
| description: "Pack ModularityKit.Mutator.Governance." | ||
| required: false | ||
| type: boolean | ||
| default: true | ||
| publish_redis: | ||
| description: "Pack ModularityKit.Mutator.Governance.Redis." | ||
| required: false | ||
| type: boolean | ||
| default: true | ||
| secrets: | ||
| NUGET_SIGN_CERTIFICATE_BASE64: | ||
| required: false | ||
| NUGET_SIGN_CERTIFICATE_PASSWORD: | ||
| required: false | ||
| NUGET_SIGN_CERTIFICATE_SHA256_FINGERPRINT: | ||
| required: false | ||
| NUGET_SIGN_TIMESTAMP_URL: | ||
| required: false | ||
| NUGET_SIGN_SKIP_VERIFICATION: | ||
| required: false | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| package: | ||
| name: Pack packages | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| signing_enabled: ${{ steps.signing.outputs.enabled }} | ||
| signature_verification_enabled: ${{ steps.signing.outputs.verify_enabled }} | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v5 | ||
| - name: Setup .NET | ||
| uses: actions/setup-dotnet@v5 | ||
| with: | ||
| dotnet-version: 10.0.x | ||
| - name: Restore | ||
| run: dotnet restore ModularityKit.Mutator.slnx | ||
| - name: Resolve package versions | ||
| id: version | ||
| env: | ||
| PACKAGE_VERSION: ${{ inputs.package_version }} | ||
| CORE_VERSION: ${{ inputs.core_version }} | ||
| GOVERNANCE_VERSION: ${{ inputs.governance_version }} | ||
| REDIS_VERSION: ${{ inputs.redis_version }} | ||
| REF_NAME: ${{ github.ref_name }} | ||
| run: | | ||
| resolve_version() { | ||
| local value="$1" | ||
| local fallback="$2" | ||
| if [ -z "$value" ]; then | ||
| value="$fallback" | ||
| fi | ||
| if [ -z "$value" ]; then | ||
| value="$REF_NAME" | ||
| fi | ||
| value="${value#v}" | ||
| if ! printf '%s' "$value" | grep -Eq '^[0-9]+(\.[0-9]+){1,2}([-+][0-9A-Za-z.-]+)?$'; then | ||
| value="0.1.0" | ||
| fi | ||
| printf '%s' "$value" | ||
| } | ||
| shared_version="$(resolve_version "$PACKAGE_VERSION" "")" | ||
| core_version="$(resolve_version "$CORE_VERSION" "$shared_version")" | ||
| governance_version="$(resolve_version "$GOVERNANCE_VERSION" "$shared_version")" | ||
| redis_version="$(resolve_version "$REDIS_VERSION" "$shared_version")" | ||
| echo "package_version=$shared_version" >> "$GITHUB_OUTPUT" | ||
| echo "core_version=$core_version" >> "$GITHUB_OUTPUT" | ||
| echo "governance_version=$governance_version" >> "$GITHUB_OUTPUT" | ||
| echo "redis_version=$redis_version" >> "$GITHUB_OUTPUT" | ||
| - name: Validate package selection | ||
| if: ${{ inputs.publish_core != true && inputs.publish_governance != true && inputs.publish_redis != true }} | ||
| run: | | ||
| echo "At least one package must be selected for packing." >&2 | ||
| exit 1 | ||
| - name: Pack core package | ||
| if: ${{ inputs.publish_core == true }} | ||
| run: > | ||
| dotnet pack src/ModularityKit.Mutator.csproj | ||
| -c Release | ||
| --no-restore | ||
| -o nupkg | ||
| -p:PackageVersion=${{ steps.version.outputs.core_version }} | ||
| - name: Pack governance package | ||
| if: ${{ inputs.publish_governance == true }} | ||
| run: > | ||
| dotnet pack src/ModularityKit.Mutator.Governance.csproj | ||
| -c Release | ||
| --no-restore | ||
| -o nupkg | ||
| -p:PackageVersion=${{ steps.version.outputs.governance_version }} | ||
| - name: Pack Redis governance package | ||
| if: ${{ inputs.publish_redis == true }} | ||
| run: > | ||
| dotnet pack src/Redis/ModularityKit.Mutator.Governance.Redis.csproj | ||
| -c Release | ||
| --no-restore | ||
| -o nupkg | ||
| -p:PackageVersion=${{ steps.version.outputs.redis_version }} | ||
| - name: Resolve signing mode | ||
| id: signing | ||
| env: | ||
| NUGET_SIGN_CERTIFICATE_BASE64: ${{ secrets.NUGET_SIGN_CERTIFICATE_BASE64 }} | ||
| NUGET_SIGN_CERTIFICATE_PASSWORD: ${{ secrets.NUGET_SIGN_CERTIFICATE_PASSWORD }} | ||
| NUGET_SIGN_CERTIFICATE_SHA256_FINGERPRINT: ${{ secrets.NUGET_SIGN_CERTIFICATE_SHA256_FINGERPRINT }} | ||
| NUGET_SIGN_TIMESTAMP_URL: ${{ secrets.NUGET_SIGN_TIMESTAMP_URL }} | ||
| NUGET_SIGN_SKIP_VERIFICATION: ${{ secrets.NUGET_SIGN_SKIP_VERIFICATION }} | ||
| run: | | ||
| if [ -n "$NUGET_SIGN_CERTIFICATE_BASE64" ] \ | ||
| && [ -n "$NUGET_SIGN_CERTIFICATE_PASSWORD" ] \ | ||
| && [ -n "$NUGET_SIGN_CERTIFICATE_SHA256_FINGERPRINT" ] \ | ||
| && [ -n "$NUGET_SIGN_TIMESTAMP_URL" ]; then | ||
| echo "enabled=true" >> "$GITHUB_OUTPUT" | ||
| echo "Package signing enabled." | ||
| else | ||
| echo "enabled=false" >> "$GITHUB_OUTPUT" | ||
| echo "Package signing disabled. Continuing with unsigned packages." | ||
| fi | ||
| if [ "${NUGET_SIGN_SKIP_VERIFICATION,,}" = "true" ]; then | ||
| echo "verify_enabled=false" >> "$GITHUB_OUTPUT" | ||
| echo "Signed package verification disabled by NUGET_SIGN_SKIP_VERIFICATION." | ||
| else | ||
| echo "verify_enabled=true" >> "$GITHUB_OUTPUT" | ||
| echo "Signed package verification enabled." | ||
| fi | ||
| - name: Import signing certificate | ||
| if: ${{ steps.signing.outputs.enabled == 'true' }} | ||
| env: | ||
| NUGET_SIGN_CERTIFICATE_BASE64: ${{ secrets.NUGET_SIGN_CERTIFICATE_BASE64 }} | ||
| run: | | ||
| printf '%s' "$NUGET_SIGN_CERTIFICATE_BASE64" | base64 --decode > signing-cert.pfx | ||
| - name: Sign packages | ||
| if: ${{ steps.signing.outputs.enabled == 'true' }} | ||
| env: | ||
| NUGET_SIGN_CERTIFICATE_PASSWORD: ${{ secrets.NUGET_SIGN_CERTIFICATE_PASSWORD }} | ||
| NUGET_SIGN_TIMESTAMP_URL: ${{ secrets.NUGET_SIGN_TIMESTAMP_URL }} | ||
| run: | | ||
| for package in nupkg/*.nupkg; do | ||
| dotnet nuget sign "$package" \ | ||
| --certificate-path signing-cert.pfx \ | ||
| --certificate-password "$NUGET_SIGN_CERTIFICATE_PASSWORD" \ | ||
| --timestamper "$NUGET_SIGN_TIMESTAMP_URL" \ | ||
| --timestamp-hash-algorithm SHA256 \ | ||
| --hash-algorithm SHA256 \ | ||
| --overwrite | ||
| done | ||
| - name: Verify signed packages | ||
| if: ${{ steps.signing.outputs.enabled == 'true' && steps.signing.outputs.verify_enabled == 'true' }} | ||
| env: | ||
| NUGET_SIGN_CERTIFICATE_SHA256_FINGERPRINT: ${{ secrets.NUGET_SIGN_CERTIFICATE_SHA256_FINGERPRINT }} | ||
| run: | | ||
| for package in nupkg/*.nupkg; do | ||
| dotnet nuget verify "$package" \ | ||
| --all \ | ||
| --certificate-fingerprint "$NUGET_SIGN_CERTIFICATE_SHA256_FINGERPRINT" | ||
| done | ||
| - name: Remove signing certificate | ||
| if: ${{ always() }} | ||
| run: rm -f signing-cert.pfx | ||
| - name: Upload packages | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: ModularityKit-packages | ||
| path: nupkg/*.nupkg | ||