-
-
Notifications
You must be signed in to change notification settings - Fork 1
138 lines (114 loc) · 4.03 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: CI
defaults:
run:
shell: pwsh
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
release:
types: [ published ]
jobs:
Build:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Upload module
uses: actions/upload-artifact@v3
with:
name: module
path: ./src/
Test:
needs: Build
strategy:
matrix:
os: [macos-latest, ubuntu-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Install AnyPackage
run: Install-Module AnyPackage -Force -AllowClobber
- name: Install PSResourceGet
run: Install-Module Microsoft.PowerShell.PSResourceGet -AllowPrerelease -Force -AllowClobber
- name: Download module
uses: actions/download-artifact@v3
with:
name: module
path: AnyPackage.PSResourceGet
- name: Move module
run: |
if ($IsWindows) {
$path = "$HOME\Documents\PowerShell\Modules"
} else {
$path = "$HOME/.local/share/powershell/Modules"
}
Move-Item AnyPackage.PSResourceGet $path
- name: Test with Pester
run: |
$ht = Import-PowerShellDataFile PesterSettings.psd1
$config = New-PesterConfiguration $ht
Invoke-Pester -Configuration $config
Sign:
needs: Test
if: github.event_name == 'release' && github.event.action == 'published'
runs-on: windows-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Download module
uses: actions/download-artifact@v3
with:
name: module
path: module
- name: Import certificate
env:
CERTIFICATE_BASE64: ${{ secrets.CERTIFICATE_BASE64 }}
CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
CERTIFICATE_PASSWORD_KEY_BASE64: ${{ secrets.CERTIFICATE_PASSWORD_KEY_BASE64 }}
run: |
[convert]::FromBase64String($env:CERTIFICATE_BASE64) | Set-Content -Path cert.pfx -AsByteStream
$key = [convert]::FromBase64String($env:CERTIFICATE_PASSWORD_KEY_BASE64)
$password = ConvertTo-SecureString $env:CERTIFICATE_PASSWORD -Key $key
Import-PfxCertificate cert.pfx -Password $password -CertStoreLocation Cert:\CurrentUser\My
- name: Sign files
run: |
$config = Import-PowerShellDataFile SignSettings.psd1
$config['Certificate'] = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert
Set-Location .\module
Set-AuthenticodeSignature @config
- name: Create and sign catalog file
run: |
$config = Import-PowerShellDataFile SignSettings.psd1
$config['FilePath'] = 'AnyPackage.PSResourceGet.cat'
$config['Certificate'] = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert
Set-Location .\module
New-FileCatalog $config['FilePath'] -CatalogVersion 2
Set-AuthenticodeSignature @config
- name: Upload module
uses: actions/upload-artifact@v3
with:
name: module-signed
path: ./module/
Publish:
needs: Sign
if: github.event_name == 'release' && github.event.action == 'published'
runs-on: ubuntu-latest
steps:
- name: Download module
uses: actions/download-artifact@v3
with:
name: module-signed
path: '~/.local/share/powershell/Modules/AnyPackage.PSResourceGet'
- name: Install AnyPackage
run: Install-Module AnyPackage -Force -AllowClobber
- name: Install PSResourceGet
run: Install-Module Microsoft.PowerShell.PSResourceGet -Force -AllowClobber -AllowPrerelease
- name: Publish Module
env:
NUGET_KEY: ${{ secrets.NUGET_KEY }}
run: |
$module = Get-Module AnyPackage.PSResourceGet -ListAvailable
Publish-PSResource $module.ModuleBase -ApiKey $env:NUGET_KEY