Enable nuget signing #1104
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: [push, pull_request] | |
| env: | |
| VERSION: "5.0.0.${{github.run_number}}" | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: | | |
| 6.0.x | |
| 7.0.x | |
| 8.0.x | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| # - name: Download code signing certificate | |
| # uses: timheuer/[email protected] | |
| # with: | |
| # fileName: certificate.snk | |
| # fileDir: ${{ github.workspace }} | |
| # encodedString: ${{ secrets.SNC_BASE64 }} | |
| - name: Build package | |
| run: dotnet build MQTTnet.sln --configuration Release /p:FileVersion=${{ env.VERSION }} /p:AssemblyVersion=${{ env.VERSION }} /p:PackageVersion=${{ env.VERSION }} | |
| #run: dotnet pack MQTTnet.sln --configuration Release /p:FileVersion=${{ env.VERSION }} /p:AssemblyVersion=${{ env.VERSION }} /p:PackageVersion=${{ env.VERSION }} /p:SignAssembly=true /p:AssemblyOriginatorKeyFile=${{ github.workspace }}/certificate.snk | |
| - name: Upload signing file list | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: config | |
| path: config | |
| - name: Upload nuget packages | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: nugets | |
| path: | | |
| **/*.nupkg | |
| **/*.snupkg | |
| - name: Execute tests | |
| run: dotnet test --no-restore --framework net8.0 Source/MQTTnet.Tests/MQTTnet.Tests.csproj | |
| sign: | |
| needs: build | |
| runs-on: windows-latest # Code signing must run on a Windows agent for Authenticode signing (dll/exe) | |
| permissions: | |
| id-token: write # Required for requesting the JWT | |
| steps: | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: | | |
| 6.0.x | |
| - name: Install sign CLI tool | |
| run: dotnet tool install --tool-path . sign --version 0.9.0-beta.23127.3 | |
| - name: Download signing config | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: config | |
| path: config | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: nugets | |
| path: nugets | |
| - name: Sign nugets | |
| shell: pwsh | |
| run: > | |
| ./sign code azure-key-vault ` | |
| **/*.nupkg ` | |
| --base-directory "${{ github.workspace }}/nugets" ` | |
| --file-list "${{ github.workspace }}/config/filelist.txt" ` | |
| --publisher-name "MQTTnet" ` | |
| --description "MQTTnet" ` | |
| --description-url "https://github.com/dotnet/MQTTnet" ` | |
| --azure-key-vault-managed-identity true ` | |
| --azure-key-vault-url "${{ secrets.KEY_VAULT_URL }}" ` | |
| --azure-key-vault-certificate "${{ secrets.KEY_VAULT_CERTIFICATE_ID }}" ` | |
| --azure-key-vault-tenant-id "${{ secrets.AZURE_TENANT_ID }}" ` | |
| --azure-key-vault-client-id "${{ secrets.AZURE_CLIENT_ID }}" ` | |
| --azure-key-vault-client-secret "${{ secrets.AZURE_CLIENT_SECRET }}" ` | |
| - name: Publish MyGet nugets | |
| if: ${{ github.event_name == 'push' }} | |
| run: dotnet nuget push **/*.nupkg -k ${{ secrets.MYGET_API_KEY }} -s https://www.myget.org/F/mqttnet/api/v3/index.json --skip-duplicate |