Skip to content

Merge pull request #97 from twistedstream/patch-1 #60

Merge pull request #97 from twistedstream/patch-1

Merge pull request #97 from twistedstream/patch-1 #60

# Copyright 2021 Yubico AB
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Build and publish artifacts from main and develop
# Triggers build on pushes to the main and develop branches.
on:
push:
branches:
- main
- 'develop**'
workflow_dispatch:
inputs:
push-to-dev:
description: 'Push to internal NuGet'
required: true
type: boolean
version:
description: 'Version'
required: false
default: "0.0.0-prerelease.YYYYMMDD.B"
type: string
permissions:
contents: read
id-token: write
packages: write
jobs:
build:
# Give this job a friendly name to show in GitHub UI.
name: Build + Test the SDK
# Even though we build for multiple platforms, we only need to run
# on a single host operating system. This is because we utilize cross-
# build functionality of the dotnet build system.
runs-on: windows-2019
steps:
# Checkout the local repository
- uses: actions/checkout@v4
- name: Add local NuGet repository
run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/Yubico/index.json"
- name: Modify version for internal builds
if: ${{ github.event.inputs.push-to-dev == 'true' }}
run: |
$file = gci ./build/Versions.props
$versionProp = [xml](gc $file.FullName)
$versionProp.Project.PropertyGroup.YubicoDotNetPolyfillsVersion = "${{ github.event.inputs.version }}"
$versionProp.Project.PropertyGroup.YubicoCoreVersion = "${{ github.event.inputs.version }}"
$versionProp.Project.PropertyGroup.YubicoYubiKeyVersion = "${{ github.event.inputs.version }}"
$versionProp.Save($file.FullName)
# Build the project
# The default GitHub runners seem to have N and N-1 versions of .NET Framework installed. In practice, they seem
# to have even more installed than that, but at a minimum N and N-1 seem like safe assumptions. We can therefore
# save some time and use the pre-installed version rather than downloading a fresh copy.
- name: Build Yubico.NET.SDK.sln
run: dotnet build --configuration ReleaseWithDocs --nologo --verbosity normal Yubico.NET.SDK.sln
# Upload artifacts
- name: Save documentation artifacts
uses: actions/upload-artifact@v4
with:
name: Documentation
path: Yubico.YubiKey/docs/_site/
- name: Save build artifacts
uses: actions/upload-artifact@v4
with:
name: Nuget Packages
path: |
Yubico.DotNetPolyfills/src/bin/ReleaseWithDocs/*.nupkg
Yubico.Core/src/bin/ReleaseWithDocs/*.nupkg
Yubico.YubiKey/src/bin/ReleaseWithDocs/*.nupkg
- name: Save build artifacts
uses: actions/upload-artifact@v4
with:
name: Assemblies
path: |
Yubico.DotNetPolyfills/src/bin/ReleaseWithDocs/**/*.dll
Yubico.Core/src/bin/ReleaseWithDocs/**/*.dll
Yubico.YubiKey/src/bin/ReleaseWithDocs/**/*.dll
# Package the OATH sample code source
- name: Save build artifacts
uses: actions/upload-artifact@v4
with:
name: OATH Sample Code
path: |
Yubico.YubiKey/examples/OathSampleCode
Yubico.YubiKey/examples/SharedSampleCode
# Package the PIV sample code source
- name: Save build artifacts
uses: actions/upload-artifact@v4
with:
name: PIV Sample Code
path: |
Yubico.YubiKey/examples/PivSampleCode
Yubico.YubiKey/examples/SharedSampleCode
# Test the project
#
# Here we call `dotnet test` on each individual test project that we want to have run as part of CI. We do this
# to skip running the integration tests which require actual YubiKeys to be present. We have tried using the filter
# capabilities of the `dotnet test` runner tool, however we have found that failures don't always register with
# GitHub when that is done.
- name: Test Yubico.YubiKey
run: dotnet test --configuration ReleaseWithDocs --verbosity normal --no-build --nologo Yubico.YubiKey/tests/unit/Yubico.YubiKey.UnitTests.csproj
- name: Test Yubico.Core
run: dotnet test --configuration ReleaseWithDocs --verbosity normal --no-build --nologo Yubico.Core/tests/Yubico.Core.UnitTests.csproj
publish_docs:
# Give this job a friendly name to show in GitHub UI.
name: Publish documentation
# Publish the docs using Ubuntu as the docker image we want to create is linux-based.
runs-on: ubuntu-latest
# Don't run this step until build completes.
needs: build
# Connection information for our docker image registry
env:
IMAGE_REGISTRY_URL: us-docker.pkg.dev
IMAGE_REGISTRY_PROJECT: support-cluster-769001
IMAGE_REPOSITORY: yesdk
IMAGE_NAME: yesdk-docserver
steps:
# Checkout the local repository as we need the Dockerfile and other things even for this step.
- uses: actions/checkout@v4
# Grab the just-built documentation artifact and inflate the archive at the expected location.
- uses: actions/download-artifact@v4
with:
name: Documentation
path: Yubico.YubiKey/docs/_site/
# Construct the docker image
- name: Docker build
run: |
docker build -t "${IMAGE_NAME}:${{ github.sha }}" .
# Authenticate to Google Cloud
- name: Authenticate
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ vars.GLOBAL_GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: yesdk-ci-builder@support-cluster-769001.iam.gserviceaccount.com
# Push our docker image to GCP
- name: Push Docker image
run: |
gcloud auth configure-docker ${IMAGE_REGISTRY_URL} --project ${IMAGE_REGISTRY_PROJECT}
docker tag "${IMAGE_NAME}:${{ github.sha }}" "${IMAGE_REGISTRY_URL}/${IMAGE_REGISTRY_PROJECT}/${IMAGE_REPOSITORY}/${IMAGE_NAME}:${{ github.sha }}"
docker push "${IMAGE_REGISTRY_URL}/${IMAGE_REGISTRY_PROJECT}/${IMAGE_REPOSITORY}/${IMAGE_NAME}:${{ github.sha }}"
echo "New image tag: ${{ github.sha }}"
publish-internal:
name: Publish to internal NuGet
runs-on: windows-2019
needs: build
environment: Internal NuGet feed
if: ${{ github.event.inputs.push-to-dev }}
steps:
- uses: actions/download-artifact@v4
id: download
with:
name: Nuget Packages
- run: |
$polyfills = (Get-ChildItem -Recurse Yubico.DotnetPolyfills/*.nupkg)[0].FullName
$core = (Get-ChildItem -Recurse Yubico.Core/*.nupkg)[0].FullName
$yubikey = (Get-ChildItem -Recurse Yubico.YubiKey/*.nupkg)[0].FullName
dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/Yubico/index.json"
dotnet nuget push $polyfills --source "github" --api-key ${{ secrets.GITHUB_TOKEN }}
dotnet nuget push $core --source "github" --api-key ${{ secrets.GITHUB_TOKEN }}
dotnet nuget push $yubikey --source "github" --api-key ${{ secrets.GITHUB_TOKEN }}