CommunityToolkit
diff --git a/‎.github/workflows/SignClientFileList.txt‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/SignClientFileList.txt‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/ci-build.yml‎
Lines changed: 187 additions & 0 deletions b/‎.github/workflows/ci-build.yml‎
Lines changed: 187 additions & 0 deletions
diff --git a/‎azure-pipelines.yml‎
Lines changed: 0 additions & 73 deletions b/‎azure-pipelines.yml‎
Lines changed: 0 additions & 73 deletions
@@ -0,0 +1 @@
+**/CommunityToolkit.*
@@ -0,0 +1,187 @@
+# https://docs.github.com/actions/using-workflows/about-workflows
+# https://docs.github.com/actions/using-workflows/workflow-syntax-for-github-actions
+
+name: CI-build
+
+# Controls when the action will run.
+on:
+
+  # Triggers the workflow on push or PR events, but only for the 'main', development, or release branches
+  push:
+    branches: [ main, 'dev/*', 'rel/*' ]
+  pull_request:
+    branches: [ main, 'dev/*' ]
+
+  # Allows running this workflow manually from the 'Actions' tab
+  workflow_dispatch:
+  merge_group:
+
+env:
+  IS_MAIN: ${{ github.ref == 'refs/heads/main' }}
+  IS_PR: ${{ startsWith(github.ref, 'refs/pull/') }}
+  IS_RELEASE: ${{ startsWith(github.ref, 'refs/heads/rel/') }}
+
+  # The version of .NET to use just for NuGet package operations.
+  # This doesn't have to be exactly in sync with the .NET SDK
+  # version defined in 'global.json', as it's not used for builds.
+  DOTNET_NUGET_VERSION: ${{ '9.0.x' }}
+
+jobs:
+
+  # Build the solution, run all tests, push packages to the PR feed.
+  # We want to avoid the CI being triggered twice for PRs from the
+  # repository owner, however the repo is now under 'CommunityToolkit'.
+  # So we just hardcode the username and skip this job for PR triggers
+  # from that user. This ensures the workflow only runs once per commit.
+  build-and-test:
+    if: >-
+      github.event_name == 'push' ||
+      github.event.pull_request.user.login != 'sergio0694'
+    strategy:
+        matrix:
+          configuration: [Debug, Release]
+    runs-on: windows-2022
+    steps:
+    - name: Git checkout
+      uses: actions/checkout@v5
+      with:
+        fetch-depth: 0 # We need the full history for proper versioning
+
+    - name: Install .NET SDK
+      uses: actions/setup-dotnet@v5
+      with:
+        global-json-file: global.json
+    
+    # Build the whole solution
+    - name: Build solution
+      run: dotnet build -c ${{matrix.configuration}} /bl
+    - name: Upload MSBuild binary log
+      uses: actions/upload-artifact@v5
+      with:
+        name: msbuild_log_${{matrix.configuration}}
+        path: ${{ github.workspace }}/msbuild.binlog
+        if-no-files-found: error
+    
+    # Run tests
+    - name: Test solution
+      run: dotnet test --no-build -c ${{matrix.configuration}} -l "console;verbosity=detailed"
+
+    # Pack solution
+    - name: Pack solution
+      run: dotnet pack --no-build -c ${{matrix.configuration}}
+
+    # Push PR packages to our DevOps artifacts feed (see nuget.config)
+    - name: Push PR packages (if not fork)
+      if: ${{ env.IS_PR == 'true' && matrix.configuration == 'Release' && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }}
+      run: |
+        dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-PullRequests/nuget/v3/index.json `
+          --name PullRequests `
+          --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }}
+        dotnet nuget push "*.nupkg" --api-key dummy --source PullRequests --skip-duplicate
+
+    - name: Upload packages list
+      uses: actions/upload-artifact@v5
+      if: ${{ env.IS_PR == 'false' && matrix.configuration == 'Release' }}
+      with:
+        name: nuget-list-dotnet
+        path: ${{ github.workspace }}/.github/workflows/SignClientFileList.txt
+        if-no-files-found: error
+
+    # If we're not doing a PR build (or it's a PR from a fork) then we upload our packages so we can sign as a separate job or have available to test
+    - name: Upload packages artifacts
+      uses: actions/upload-artifact@v5
+      if: ${{ (env.IS_PR == 'false' || github.event.pull_request.head.repo.full_name != github.repository) && matrix.configuration == 'Release' }}
+      with:
+        name: nuget-packages-dotnet
+        path: ${{ github.workspace }}/bin/nupkg/*.nupkg
+        if-no-files-found: error
+
+  # Sign the packages for release.
+  # Note: here and below we're explicitly repeating the conditions, rather than using 'env.'.
+  # Doing so doesn't seem to work for conditions of jobs themselves, only for individual steps.
+  sign:
+    needs: [build-and-test]
+    if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/rel/') }}
+    runs-on: windows-latest
+    permissions:
+      id-token: write # Required for requesting the JWT
+
+    steps:
+      - name: Install .NET SDK
+        uses: actions/setup-dotnet@v5
+        with:
+          dotnet-version: ${{ env.DOTNET_NUGET_VERSION }}
+
+      - name: Download packages list
+        uses: actions/download-artifact@v5
+        with:
+          name: nuget-list-dotnet
+          path: ${{ github.workspace }}
+  
+      - name: Download built packages for .NCT
+        uses: actions/download-artifact@v5
+        with:
+          name: nuget-packages-dotnet
+          path: ${{ github.workspace }}/packages
+
+      - name: Install Signing Tool
+        run: dotnet tool install --tool-path ./tools sign --version 0.9.1-beta.25379.1
+
+      - name: Sign packages
+        run: >
+          ./tools/sign code azure-key-vault
+          **/*.nupkg
+          --base-directory "${{ github.workspace }}/packages"
+          --file-list "${{ github.workspace }}/SignClientFileList.txt"
+          --timestamp-url "http://timestamp.digicert.com"
+          --publisher-name ".NET Foundation"
+          --description ".NET Community Toolkit"
+          --description-url "https://github.com/CommunityToolkit/dotnet"
+          --azure-key-vault-url "${{ secrets.SIGN_KEY_VAULT_URL }}"
+          --azure-key-vault-client-id ${{ secrets.SIGN_CLIENT_ID }}
+          --azure-key-vault-client-secret "${{ secrets.SIGN_CLIENT_SECRET }}"
+          --azure-key-vault-tenant-id ${{ secrets.SIGN_TENANT_ID }}
+          --azure-key-vault-certificate "${{ secrets.SIGN_CERTIFICATE }}"
+          --verbosity Information
+
+      - name: Push signed packages
+        run: |
+          dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-MainLatest/nuget/v3/index.json `
+            --name MainLatest `
+            --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }}
+          dotnet nuget push "**/*.nupkg" --api-key dummy --source MainLatest --skip-duplicate
+
+      - name: Upload signed packages as artifacts (for release)
+        uses: actions/upload-artifact@v5
+        if: ${{ env.IS_RELEASE == 'true' }}
+        with:
+          name: signed-nuget-packages-dotnet
+          path: ${{ github.workspace }}/packages/**/*.nupkg
+          if-no-files-found: error
+
+  # Push official packages to NuGet
+  release:
+    if: ${{ startsWith(github.ref, 'refs/heads/rel/') }}
+    needs: [sign]
+    environment: nuget-release-gate # This gates this job until manually approved
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Install .NET SDK
+        uses: actions/setup-dotnet@v5
+        with:
+          dotnet-version: ${{ env.DOTNET_NUGET_VERSION }}
+
+      - name: Download signed packages for .NCT
+        uses: actions/download-artifact@v5
+        with:
+          name: signed-nuget-packages-dotnet
+          path: ./packages
+
+      - name: Push to NuGet.org
+        run: >
+          dotnet nuget push
+          **/*.nupkg
+          --source https://api.nuget.org/v3/index.json
+          --api-key ${{ secrets.NUGET_PACKAGE_PUSH_TOKEN }}
+          --skip-duplicate