.github/workflows/build-nativeshims.yml

# Copyright 2021 Yubico AB
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: Build Yubico.NativeShims

on:
  workflow_dispatch:
    inputs:
      push-to-dev:
        description: 'Push to internal NuGet'
        required: true
        type: boolean
      version:
        description: 'Version'
        required: false
        default: "0.0.0-prerelease.YYYYMMDD.B"
        type: string
  schedule:
    - cron: '0 0 * * *' # Every day at midnight

jobs:
  build-windows:
    name: Build Windows
    runs-on: windows-2019
    steps:
      - uses: actions/checkout@v4
      - run: |
          echo 'Running build script: Windows'
          cd Yubico.NativeShims
          & ./build-windows.ps1
      - uses: actions/upload-artifact@v4
        with:
          name: win-x64
          path: Yubico.NativeShims/win-x64/**
      - uses: actions/upload-artifact@v4
        with:
          name: win-x86
          path: Yubico.NativeShims/win-x86/**
      - uses: actions/upload-artifact@v4
        with:
          name: win-arm64
          path: Yubico.NativeShims/win-arm64/**
      - uses: actions/upload-artifact@v4
        with:
          name: nuspec
          path: | 
            Yubico.NativeShims/*.nuspec
            Yubico.NativeShims/readme.md
      - uses: actions/upload-artifact@v4
        with:
          name: msbuild
          path: Yubico.NativeShims/msbuild/*

  build-linux-amd64:
    name: Build Linux (amd64)
    runs-on: ubuntu-20.04
    steps:
      - uses: actions/checkout@v4
      - run: |
          echo 'Running build script: Linux (amd64)'
          cd Yubico.NativeShims
          sh ./build-linux-amd64.sh
      - uses: actions/upload-artifact@v4
        with:
          name: linux-x64
          path: Yubico.NativeShims/linux-x64/*.so
          
  build-linux-arm64:
    name: Build Linux (arm64)
    runs-on: ubuntu-20.04
    steps:
      - uses: actions/checkout@v4
      - run: |
          echo 'Running build script: Linux (arm64)'
          cd Yubico.NativeShims
          sh ./build-linux-arm64.sh
      - uses: actions/upload-artifact@v4
        with:
          name: linux-arm64
          path: Yubico.NativeShims/linux-arm64/*.so

  build-macos:
    name: Build macOS
    runs-on: macos-13
    steps:
      - uses: actions/checkout@v4
      - run: |
          echo 'Running build script: macOS'
          cd Yubico.NativeShims
          sh ./build-macOS.sh
      - uses: actions/upload-artifact@v4
        with:
          name: osx-x64
          path: Yubico.NativeShims/osx-x64/**
      - uses: actions/upload-artifact@v4
        with:
          name: osx-arm64
          path: Yubico.NativeShims/osx-arm64/**

  pack:
    name: Package artifacts
    permissions:
      id-token: write
      contents: read
      packages: read
      attestations: write
    runs-on: windows-2019
    needs: [build-windows, build-linux-amd64, build-linux-arm64, build-macos]
    steps:
      - uses: actions/download-artifact@v4
      - run: |
          mv nuspec/*.nuspec .
          mv nuspec/readme.md .
          $nuspec = [xml](gc Yubico.NativeShims.nuspec)
          $repo = $nuspec.CreateElement("repository")
          $repo.SetAttribute("url","https://github.com/${{ github.repository }}")
          $repo.SetAttribute("type","git")
          $nuspec.package.metadata.AppendChild($repo)
          $nuspec.package.metadata.version = "${{ github.event.inputs.version }}"
          $nuspec.Save("Yubico.NativeShims.nuspec")
          cat Yubico.NativeShims.nuspec
      - run: nuget pack Yubico.NativeShims.nuspec
      - uses: actions/upload-artifact@v4
        with:
          name: Yubico.NativeShims.nupkg
          path: Yubico.NativeShims.*.nupkg
      
      - name: Generate artifact attestation
        uses: actions/attest-build-provenance@v2
        with:
          subject-path: |
            Yubico.NativeShims/**/*.dll
            Yubico.NativeShims/**/*.so
            Yubico.NativeShims/**/*.dylib
            Yubico.NativeShims.*.nupkg

  publish-internal:
    name: Publish to internal NuGet
    runs-on: windows-2019
    needs: pack
    environment: Internal NuGet feed
    permissions:
      packages: write
    if: ${{ github.event.inputs.push-to-dev == 'true' }}
    steps:
      - uses: actions/download-artifact@v4
        with:
          name: Yubico.NativeShims.nupkg
      - run: |
          dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/Yubico/index.json"
          dotnet nuget push Yubico.NativeShims.*.nupkg --source "github" --api-key ${{ secrets.GITHUB_TOKEN }}