Build and Draft Release #31

Workflow file for this run

.github/workflows/build_sign_release.yaml at 73ce101

	# Purpose: Build, sign, and check a draft release

	name: Build and Draft Release

	on:
	workflow_dispatch:
	inputs:
	# checkov:skip=CKV_GHA_7:Manual inputs are desired.
	releaseName:
	description: "Release Name"
	required: true
	type: string
	# Note: This is NOT the ACTUAL release version for ScubaGear.
	# That value is found in ScubaGear.psd1.
	# This is only used for things like the file name.
	# Yes, this is a disconnect that violates DRY.
	version:
	description: "Release Version (e.g., 1.2.4)"
	required: true
	type: string
	runQuickCheck:
	description: "Run a quick check of release"
	required: false
	type: boolean
	default: true

	permissions: read-all

	jobs:
	build-and-draft:
	name: Build and Draft Release
	runs-on: windows-latest
	environment: Development
	env:
	RELEASE_VERSION: ${{ inputs.version }}
	permissions:
	id-token: write
	contents: write
	defaults:
	run:
	shell: powershell
	# This condition prevents duplicate runs.
	if: github.event_name != 'pull_request' \|\| github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	path: repo
	- name: Install Azure Signing Tool
	run: \|
	dotnet --version
	dotnet tool install --global AzureSignTool --version 5.0.0
	# OIDC Login to Azure Public Cloud with AzPowershell (enableAzPSSession true)
	- name: Login to Azure
	uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	enable-AzPSSession: true
	- name: Get Key Vault info
	id: key-vault-info
	env:
	KEY_VAULT_INFO: ${{ secrets.SCUBA_KEY_VAULT_PROD}}
	run: \|
	$KeyVaultInfo = ${env:KEY_VAULT_INFO} \| ConvertFrom-Json
	echo "KeyVaultUrl=$($KeyVaultInfo.KeyVault.URL)" >> $env:GITHUB_OUTPUT
	echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT
	- name: Sign Module
	run: \|
	# Source the function
	. repo/utils/workflow/Build-SignRelease.ps1
	New-ModuleSignature `
	-AzureKeyVaultUrl ${{ steps.key-vault-info.outputs.KeyVaultUrl }} `
	-CertificateName ${{ steps.key-vault-info.outputs.KeyVaultCertificateName }} `
	-ReleaseVersion ${env:RELEASE_VERSION}
	- name: Create Release
	uses: softprops/action-gh-release@v1
	id: create-release
	with:
	draft: true
	prerelease: false
	name: ${{ inputs.releaseName }}
	tag_name: v${{ inputs.version }}
	files: ScubaGear-${{ inputs.version }}.zip
	generate_release_notes: true
	fail_on_unmatched_files: true
	- name: Download Release
	uses: dsaltares/fetch-gh-release-asset@1.1.1
	if: ${{ inputs.runQuickCheck }}
	with:
	version: ${{ steps.create-release.outputs.id}}
	file: "ScubaGear-${{ inputs.version }}.zip"
	- name: Quick Check Release
	if: ${{ inputs.runQuickCheck }}
	run: \|
	# Source the function
	. repo/utils/workflow/Build-SignRelease.ps1
	Test-Release -Version ${{ inputs.version }}

	# Expand-Archive -Path "ScubaGear-${{ inputs.version }}.zip"
	# Get-ChildItem
	# Set-Location -Path "ScubaGear-${{ inputs.version }}"
	# Import-Module -Name .\PowerShell\ScubaGear\ScubaGear.psd1
	# Invoke-SCuBA -Version

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build and Draft Release #31

Workflow file

Build and Draft Release #31

Jobs

Run details

Workflow file for this run