Backport CI and Release build workflows to 7.0.x branch

.github/workflows/codeql-analysis.yml

@@ -41,7 +41,8 @@ jobs:
       uses: actions/setup-dotnet@v4
       with:
         dotnet-version: |
-            8.0.100
+            8.0.x
+            9.0.x
 
     - run: dotnet --info
 

.github/workflows/identity-server-ci.yml

@@ -0,0 +1,82 @@
+# This was generated by tool. Edits will be overwritten.
+
+name: identity-server/ci
+on:
+  workflow_dispatch:
+  push:
+    paths:
+    - .github/workflows/identity-server-**
+    - identity-server/**
+    - Directory.Packages.props
+  pull_request:
+    paths:
+    - .github/workflows/identity-server-**
+    - identity-server/**
+    - Directory.Packages.props
+env:
+  DOTNET_NOLOGO: true
+  DOTNET_CLI_TELEMETRY_OPTOUT: true
+jobs:
+  build:
+    name: Build
+    if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || (github.event_name == 'push') || (github.event_name == 'workflow_dispatch')
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      checks: write
+      contents: read
+      packages: write
+    defaults:
+      run:
+        shell: bash
+        working-directory: .
+    timeout-minutes: 15
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Setup Dotnet
+      uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
+      with:
+        dotnet-version: |-
+          6.0.x
+          8.0.x
+          9.0.x
+    - name: Build
+      run: dotnet build Duende.IdentityServer.sln -c Release
+    - name: Test
+      run: dotnet test Duende.IdentityServer.sln -c Release --no-build --logger "console;verbosity=normal" --logger "trx;LogFileName=Tests.trx" --collect:"XPlat Code Coverage"
+    - name: Test report
+      if: github.event == 'push' && (success() || failure())
+      uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5
+      with:
+        name: Test Report
+        path: '**/Tests.trx'
+        reporter: dotnet-trx
+        fail-on-error: true
+        fail-on-empty: true
+    - name: Tool restore
+      run: dotnet tool restore
+    - name: Pack Duende.IdentityServer.sln
+      run: dotnet pack -c Release Duende.IdentityServer.sln -o artifacts
+    - name: Sign packages
+      if: github.event == 'push'
+      run: |-
+        for file in artifacts/*.nupkg; do
+           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
+        done
+    - name: Push packages to GitHub
+      if: github.ref == 'refs/heads/main'
+      run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - name: Upload Artifacts
+      if: github.ref == 'refs/heads/main'
+      uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
+      with:
+        name: artifacts
+        path: artifacts/*.nupkg
+        overwrite: true
+        retention-days: 15

.github/workflows/identity-server-release.yml

@@ -0,0 +1,112 @@
+# This was generated by tool. Edits will be overwritten.
+
+name: identity-server/release
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version in format X.Y.Z or X.Y.Z-preview.'
+        type: string
+        required: true
+        default: '0.0.0'
+      branch:
+        description: '(Optional) the name of the branch to release from'
+        type: string
+        required: false
+        default: 'main'
+      remove-tag-if-exists:
+        description: 'If set, will remove the existing tag. Use this if you have issues with the previous release action'
+        type: boolean
+        required: false
+        default: false
+env:
+  DOTNET_NOLOGO: true
+  DOTNET_CLI_TELEMETRY_OPTOUT: true
+jobs:
+  tag:
+    name: Tag and Pack
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+    defaults:
+      run:
+        shell: bash
+        working-directory: .
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Checkout target branch
+      if: github.event.inputs.branch != 'main'
+      run: git checkout ${{ github.event.inputs.branch }}
+    - name: Git Config
+      run: |-
+        git config --global user.email "github-bot@duendesoftware.com"
+        git config --global user.name "Duende Software GitHub Bot"
+    - name: Git Config
+      if: github.event.inputs['remove-tag-if-exists'] == 'true'
+      run: |-
+        if git rev-parse is-${{ github.event.inputs.version }} >/dev/null 2>&1; then
+          git tag -d is-${{ github.event.inputs.version }}
+          git push --delete origin is-${{ github.event.inputs.version }}
+        else
+          echo 'Tag is-${{ github.event.inputs.version }} does not exist.'
+        fi
+    - name: Git Tag
+      run: |-
+        git tag -a is-${{ github.event.inputs.version }} -m "Release v${{ github.event.inputs.version }}"
+        git push origin is-${{ github.event.inputs.version }}
+    - name: Setup Dotnet
+      uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
+      with:
+        dotnet-version: |-
+          6.0.x
+          8.0.x
+          9.0.x
+    - name: Pack Duende.IdentityServer.sln
+      run: dotnet pack -c Release Duende.IdentityServer.sln -o artifacts
+    - name: Tool restore
+      run: dotnet tool restore
+    - name: Sign packages
+      run: |-
+        for file in artifacts/*.nupkg; do
+           dotnet NuGetKeyVaultSignTool sign "$file" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigninghsm.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate NuGetPackageSigning
+        done
+    - name: Push packages to GitHub
+      run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - name: Upload Artifacts
+      uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
+      with:
+        name: artifacts
+        path: artifacts/*.nupkg
+        overwrite: true
+        retention-days: 15
+  publish:
+    name: Publish to nuget.org
+    needs:
+    - tag
+    runs-on: ubuntu-latest
+    environment:
+      name: nuget.org
+    steps:
+    - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
+      with:
+        name: artifacts
+        path: artifacts
+    - name: Setup Dotnet
+      uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
+      with:
+        dotnet-version: |-
+          6.0.x
+          8.0.x
+          9.0.x
+    - name: List files
+      run: tree
+      shell: bash
+    - name: Push packages to nuget.org
+      run: dotnet nuget push artifacts/*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_ORG_API_KEY }} --skip-duplicate