Publish Package #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish Package | |
on: | |
schedule: | |
- cron: "23 0 * * *" # Execute each day at 00:23 UTC | |
workflow_dispatch: | |
inputs: | |
OverrideModuleVersion: | |
description: "Override the version of the release. Restricted to SemVer 1.0 - 3 segments" | |
required: false | |
type: string | |
IsPrerelease: | |
description: "Is this a prerelease" | |
required: false | |
type: boolean | |
default: false | |
PrereleaseTag: | |
description: "The prerelease tag: [0-9A-Za-z]+" | |
required: false | |
type: string | |
push: | |
paths: | |
- ".github/workflows/run_publish_package.yaml" | |
- "utils/DeployUtils.ps1" | |
env: | |
GalleryName: PrivateScubaGearGallery | |
ModuleName: ScubaGear | |
jobs: | |
ReleasePrep: | |
runs-on: windows-latest | |
environment: Development | |
permissions: | |
id-token: write | |
contents: write | |
defaults: | |
run: | |
shell: powershell | |
outputs: | |
KeyVaultUrl: ${{ steps.key_vault_info.outputs.KeyVaultUrl}} | |
KeyVaultCertificateName: ${{ steps.key_vault_info.outputs.KeyVaultCertificateName}} | |
steps: | |
- name: Get Key Vault info | |
env: | |
KEY_VAULT_INFO: ${{ secrets.SCUBA_KEY_VAULT_PROD}} | |
run: | | |
$KeyVaultInfo = ${env:KEY_VAULT_INFO} | ConvertFrom-Json | |
echo "KeyVaultUrl=$($KeyVaultInfo.KeyVault.URL)" >> $env:GITHUB_OUTPUT | |
echo "KeyVaultCertificateName=$($KeyVaultInfo.KeyVault.CertificateName)" >> $env:GITHUB_OUTPUT | |
id: "key_vault_info" | |
Publish-Private-Package: | |
if: github.event.schedule == '23 0 * * *' | |
needs: [ReleasePrep] | |
runs-on: windows-latest | |
environment: Development | |
permissions: | |
id-token: write | |
contents: write | |
defaults: | |
run: | |
shell: powershell | |
steps: | |
- name: Install Azure Signing Tool | |
run: | | |
dotnet --version | |
dotnet tool install --global AzureSignTool --version 4.0.1 | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
path: repo | |
- name: OIDC Login to Azure Public Cloud with AzPowershell (enableAzPSSession true) | |
uses: azure/login@v1 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
enable-AzPSSession: true | |
- name: Create temporary private gallery | |
run: | | |
cd repo | |
. utils/DeployUtils.ps1 | |
New-PrivateGallery -GalleryName $env:GalleryName -Trusted | |
- name: Sign and publish module to private gallery | |
uses: azure/powershell@v1 | |
with: | |
inlineScript: | | |
. repo/utils/DeployUtils.ps1 | |
# Remove non-release files | |
Remove-Item -Recurse -Force repo -Include .git* | |
Publish-ScubaGearModule ` | |
-AzureKeyVaultUrl ${{ needs.ReleasePrep.outputs.KeyVaultUrl}} ` | |
-CertificateName ${{ needs.ReleasePrep.outputs.KeyVaultCertificateName}} ` | |
-ModulePath repo/PowerShell/ScubaGear ` | |
-GalleryName $env:GalleryName | |
azPSVersion: "latest" | |
- name: Test Module Publish | |
run: | | |
Get-Location | |
$TestContainers = @() | |
$TestContainers += New-PesterContainer -Path "repo/Testing/Functional/BuildTest" -Data @{ } | |
$PesterConfig = @{ | |
Run = @{ | |
Container = $TestContainers | |
} | |
Output = @{ | |
Verbosity = 'Detailed' | |
} | |
} | |
$Config = New-PesterConfiguration -Hashtable $PesterConfig | |
Invoke-Pester -Configuration $Config | |
- name: Check Scuba Version | |
run: | | |
Install-Module -Name ScubaGear -SkipPublisherCheck | |
Import-Module -Name ScubaGear | |
Invoke-SCuBA -Version | |
- name: Sign and publish prerelease module to private gallery | |
uses: azure/powershell@v1 | |
env: | |
KEY_VAULT_INFO: ${{ secrets.SCUBA_KEY_VAULT_DEV}} | |
with: | |
inlineScript: | | |
Write-Output "$(pwd)" | |
. repo/utils/DeployUtils.ps1 | |
$KeyVaultInfo = ${env:KEY_VAULT_INFO} | ConvertFrom-Json | |
# Remove non-release files | |
Remove-Item -Recurse -Force repo -Include .git* | |
Publish-ScubaGearModule ` | |
-AzureKeyVaultUrl $($KeyVaultInfo.KeyVault.URL) ` | |
-CertificateName $($KeyVaultInfo.KeyVault.CertificateName) ` | |
-ModulePath repo/PowerShell/ScubaGear ` | |
-GalleryName $env:GalleryName ` | |
-OverrideModuleVersion '9.9.9' ` | |
-Prerelease 'alpha' | |
azPSVersion: "latest" | |
- name: Check Scuba Version | |
run: | | |
$ScubaModules = Find-Module -Name ScubaGear -AllVersions -AllowPrerelease | |
($ScubaModules).Version | |
if ($ScubaModules.Count -eq 2) { | |
Exit 0 | |
} | |
else { | |
Exit 1 | |
} | |
Publish-To-PSGallery: | |
if: github.event_name == 'workflow_dispatch' | |
needs: [ReleasePrep] | |
runs-on: windows-latest | |
environment: Development | |
permissions: | |
id-token: write | |
contents: write | |
defaults: | |
run: | |
shell: powershell | |
steps: | |
- name: Install Azure Signing Tool | |
run: | | |
dotnet --version | |
dotnet tool install --global AzureSignTool --version 4.0.1 | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
path: repo | |
- name: OIDC Login to Azure Public Cloud with AzPowershell (enableAzPSSession true) | |
uses: azure/login@v1 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
enable-AzPSSession: true | |
- name: Sign and publish module to PSGallery | |
run: | | |
. repo/utils/DeployUtils.ps1 | |
# Remove non-release files | |
Remove-Item -Recurse -Force repo -Include .git* | |
$ApiKey = az keyvault secret show --id '${{ needs.ReleasePrep.outputs.KeyVaultUrl }}/secrets/ScubaGear-PSGAllery-API-Key' --query value -o tsv | |
if (-Not $ApiKey){ | |
Write-Error "Failer to retrieve API key" | |
} | |
$PublishSplat = @{ | |
AzureKeyVaultUrl = '${{ needs.ReleasePrep.outputs.KeyVaultUrl }}' | |
CertificateName = '${{ needs.ReleasePrep.outputs.KeyVaultCertificateName }}' | |
ModulePath = 'repo/PowerShell/ScubaGear' | |
GalleryName = 'PSGallery' | |
NuGetApiKey = $ApiKey | |
} | |
if ('true' -eq '${{ inputs.IsPrerelease }}'){ | |
$PublishSplat.Add('PrereleaseTag', '${{ inputs.PrereleaseTag }}') | |
} | |
if (-Not [string]::IsNullOrEmpty('${{ inputs.OverrideModuleVersion }}')){ | |
$PublishSplat.Add('OverrideModuleVersion', '${{ inputs.OverrideModuleVersion }}') | |
} | |
Publish-ScubaGearModule @PublishSplat | |
- name: Check Scuba Version | |
run: | | |
Install-Module -Name ScubaGear | |
Import-Module -Name ScubaGear | |
Invoke-SCuBA -Version |