.github/workflows/ci.yml

name: CI

on: [push, pull_request]

env:
  VERSION: "5.0.0.${{github.run_number}}"

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
      - name: Setup .NET SDK
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: |
            6.0.x
            7.0.x
            8.0.x

      - name: Checkout code
        uses: actions/checkout@v4

#      - name: Download code signing certificate
#        uses: timheuer/base64-to-file@v1.2
#        with:
#          fileName: certificate.snk
#          fileDir: ${{ github.workspace }}
#          encodedString: ${{ secrets.SNC_BASE64 }}

      - name: Build package
        run: dotnet build MQTTnet.sln --configuration Release /p:FileVersion=${{ env.VERSION }} /p:AssemblyVersion=${{ env.VERSION }} /p:PackageVersion=${{ env.VERSION }}
        #run: dotnet pack MQTTnet.sln --configuration Release /p:FileVersion=${{ env.VERSION }} /p:AssemblyVersion=${{ env.VERSION }} /p:PackageVersion=${{ env.VERSION }} /p:SignAssembly=true /p:AssemblyOriginatorKeyFile=${{ github.workspace }}/certificate.snk

      - name: Upload signing file list
        uses: actions/upload-artifact@v3
        with:
          name: config
          path: config

      - name: Upload nuget packages
        uses: actions/upload-artifact@v3
        with:
          name: nugets
          path: |
            **/*.nupkg
            **/*.snupkg

      - name: Execute tests
        run: dotnet test --no-restore --framework net8.0 Source/MQTTnet.Tests/MQTTnet.Tests.csproj

  sign:
    needs: build
    runs-on: windows-latest # Code signing must run on a Windows agent for Authenticode signing (dll/exe)
    permissions:
      id-token: write # Required for requesting the JWT

    steps:
      - name: Setup .NET SDK
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: |
            6.0.x

      - name: Install sign CLI tool
        run: dotnet tool install --tool-path . sign --version 0.9.0-beta.23127.3

      - name: Download signing config
        uses: actions/download-artifact@v3
        with:
          name: config
          path: config
        
      - name: Download build artifacts
        uses: actions/download-artifact@v3
        with:
          name: nugets
          path: nugets

   
      - name: Sign nugets
        shell: pwsh
        run: >
          ./sign code azure-key-vault `
          **/*.nupkg `
          --base-directory "${{ github.workspace }}/nugets" `
          --file-list "${{ github.workspace }}/config/filelist.txt" `
          --publisher-name "MQTTnet" `
          --description "MQTTnet" `
          --description-url "https://github.com/dotnet/MQTTnet" `
          --azure-key-vault-managed-identity true `
          --azure-key-vault-url "${{ secrets.KEY_VAULT_URL }}" `
          --azure-key-vault-certificate "${{ secrets.KEY_VAULT_CERTIFICATE_ID }}" `
          --azure-key-vault-tenant-id "${{ secrets.AZURE_TENANT_ID }}" `
          --azure-key-vault-client-id "${{ secrets.AZURE_CLIENT_ID }}" `
          --azure-key-vault-client-secret "${{ secrets.AZURE_CLIENT_SECRET }}" `
        
      - name: Publish MyGet nugets
        if: ${{ github.event_name == 'push' }}
        run: dotnet nuget push **/*.nupkg -k ${{ secrets.MYGET_API_KEY }} -s https://www.myget.org/F/mqttnet/api/v3/index.json --skip-duplicate