Configure publish pipelines

Author: kailash-b

.github/actions/nuget-publish/action.yml

@@ -34,5 +34,5 @@ runs:
       shell: pwsh
       run: |
         foreach($file in (Get-ChildItem "${{ inputs.nuget-directory }}" -Recurse -Include *.nupkg)) {
-            echo "dotnet nuget push $file --api-key '${{ inputs.nuget-token }}' --source https://api.nuget.org/v3/index.json --skip-duplicate"
+            dotnet nuget push $file --api-key "${{ inputs.nuget-token }}" --source https://api.nuget.org/v3/index.json --skip-duplicate
         }

.github/actions/rl-scanner/action.yml

@@ -22,7 +22,7 @@ runs:
         pip install boto3 requests
 
     - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@e3dd6a0127b5990325885467db925520ab1e5dd4
+      uses: aws-actions/configure-aws-credentials@v1
       with:
         role-to-assume: ${{ env.PRODSEC_TOOLS_ARN }}
         aws-region: us-east-1

.github/workflows/nuget-release.yml

@@ -3,7 +3,10 @@ name: Create NuGet and GitHub Release
 on:
   workflow_call:
     inputs:
-      nuget-directory:
+      dotnet-version:
+        required: true
+        type: string
+      project-paths:
         required: true
         type: string
     secrets:
@@ -24,13 +27,6 @@ jobs:
         with:
           fetch-depth: 0
 
-      # Download the NuGet package artifact
-      - name: Download NuGet package
-        uses: actions/download-artifact@v4
-        with:
-          name: nuget-package
-          path: ${{ github.workspace }}/${{ inputs.nuget-directory }}
-
       # Get the version from the branch name
       - id: get_version
         uses: ./.github/actions/get-version
@@ -61,13 +57,14 @@ jobs:
       - if: steps.tag_exists.outputs.exists == 'true'
         run: exit 1
 
-      # Publish the NuGet packages
-      - name: Publish NuGet packages
-        shell: pwsh
-        run: |
-          foreach($file in (Get-ChildItem "${{ github.workspace }}/${{ inputs.nuget-directory }}" -Recurse -Include *.nupkg)) {
-              dotnet nuget push $file --api-key "${{ secrets.nuget-token }}" --source https://api.nuget.org/v3/index.json --skip-duplicate
-          }
+      # Publish the release to our package manager
+      - uses: ./.github/actions/nuget-publish
+        with:
+          dotnet-version: ${{ inputs.dotnet-version }}
+          project-paths: ${{ inputs.project-paths }}
+          version: ${{ steps.get_version.outputs.version }}
+          nuget-token: ${{ secrets.nuget-token }}
+          nuget-directory: ${{ github.workspace}}/nuget
 
       # Create a release for the tag
       - uses: ./.github/actions/release-create

.github/workflows/release.yml

@@ -13,9 +13,35 @@ permissions:
   id-token: write
 
 jobs:
-  pack:
+  rl-scanner-aspnetcore-api:
+    uses: ./.github/workflows/rl-secure.yml
+    with:
+      project-path: "src/Auth0.AspNetCore.Authentication.Api/Auth0.AspNetCore.Authentication.Api.csproj"
+      artifact-name: "Auth0.AspNetCore.Authentication.Api.tgz"
+    secrets:
+      RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
+      RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
+      SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
+      PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
+      PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
+      PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}
+  
+  release:
+    needs: [rl-scanner-aspnetcore-api]
+    uses: ./.github/workflows/nuget-release.yml
+    with:
+      dotnet-version: 8.0.x
+      project-paths: "['src/Auth0.AspNetCore.Authentication.Api/Auth0.AspNetCore.Authentication.Api.csproj']"
+    secrets:
+      nuget-token: ${{ secrets.NUGET_APIKEY }}
+      github-token: ${{ secrets.GITHUB_TOKEN }}
+
+  generate-docs:
+    name: Generate API docs
+    needs: [release]
     if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/'))
     runs-on: ubuntu-latest
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v5
@@ -26,44 +52,33 @@ jobs:
         uses: actions/setup-dotnet@v5
         with:
           dotnet-version: 8.0.x
-      
-      - name: Get version
-        id: get_version
-        uses: ./.github/actions/get-version
-      
-      - name: Create NuGet package
-        run: |
-          dotnet pack src/Auth0.AspNetCore.Authentication.Api/Auth0.AspNetCore.Authentication.Api.csproj \
-            --configuration Release \
-            --output ${{ github.workspace }}/nuget \
-            /p:Version=${{ steps.get_version.outputs.version }}
-      
-      - name: Upload NuGet package as artifact
-        uses: actions/upload-artifact@v4
+
+      - name: Install DocFX
+        run: dotnet tool install -g docfx
+
+      - name: Build docs
+        run: docfx docs-source/docfx.json
+
+      - name: Uploading Artifacts
+        uses: actions/upload-pages-artifact@v4
         with:
-          name: nuget-package
-          path: ${{ github.workspace }}/nuget/*.nupkg
-          retention-days: 1
+          path: docs
 
-  rl-scanner:
-    needs: pack
-    uses: ./.github/workflows/rl-secure.yml
-    with:
-      artifact-name: "aspnetcore-api.tgz"
-    secrets:
-      RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
-      RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
-      SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
-      PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
-      PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
-      PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}
+  deploy-docs:
+    needs: generate-docs
+    name: Deploy API docs
+    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/'))
 
+    permissions:
+      pages: write      # to deploy to Pages
+      id-token: write   # to verify the deployment originates from an appropriate source
 
-  release:
-    needs: rl-scanner
-    uses: ./.github/workflows/nuget-release.yml    
-    with:
-      nuget-directory: nuget
-    secrets:
-      nuget-token: ${{ secrets.NUGET_APIKEY }}
-      github-token: ${{ secrets.GITHUB_TOKEN }}
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4 # or specific "vX.X.X" version tag for this action

.github/workflows/rl-secure.yml

@@ -4,6 +4,9 @@ run-name: rl-scanner
 on:
   workflow_call:
     inputs:
+      project-path:
+        type: string        
+        required: true
       artifact-name:
         type: string
         required: true
@@ -35,16 +38,20 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Download NuGet package
-        uses: actions/download-artifact@v4
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v5
         with:
-          name: nuget-package
-          path: ${{ github.workspace }}/nuget
+          dotnet-version: 8.0.x
 
+      - name: Create NuGet packages
+        shell: pwsh
+        run: |          
+            dotnet pack ${{ inputs.project-path }} --configuration Release --output ${{ github.workspace }}/nuget
+    
       - name: Create tgz build artifact
         run: |
           tar -czvf ${{ github.workspace }}/${{ inputs.artifact-name }} ${{ github.workspace }}/nuget
-
+      
       - id: get_version
         uses: ./.github/actions/get-version
 
@@ -61,6 +68,6 @@ jobs:
           PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
           PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
           PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}
-
+        
       - name: Output scan result
         run: echo "scan-status=${{ steps.rl-scan-conclusion.outcome }}" >> $GITHUB_ENV