From c34ca634e17a0368b22b8ac7023890921faf4acc Mon Sep 17 00:00:00 2001 From: Min Kwon Date: Wed, 14 May 2025 14:48:16 -0700 Subject: [PATCH 1/5] build with Github Actions instead of ADO pipelines --- .github/workflows/SignClientFileList.txt | 1 + .github/workflows/dotnet-build.yml | 155 +++++++++++++++++++++++ azure-pipelines.yml | 78 ------------ 3 files changed, 156 insertions(+), 78 deletions(-) create mode 100644 .github/workflows/SignClientFileList.txt create mode 100644 .github/workflows/dotnet-build.yml delete mode 100644 azure-pipelines.yml diff --git a/.github/workflows/SignClientFileList.txt b/.github/workflows/SignClientFileList.txt new file mode 100644 index 000000000..1a17866f4 --- /dev/null +++ b/.github/workflows/SignClientFileList.txt @@ -0,0 +1 @@ +**/CommunityToolkit.* \ No newline at end of file diff --git a/.github/workflows/dotnet-build.yml b/.github/workflows/dotnet-build.yml new file mode 100644 index 000000000..e05f6e0b3 --- /dev/null +++ b/.github/workflows/dotnet-build.yml @@ -0,0 +1,155 @@ +name: Build + +on: + push: + branches: + - main + - dev/* + - rel/* + paths-ignore: + - README.md + pull_request: + branches: + - main + - dev/* + - rel/* + paths-ignore: + - README.md + +env: + BuildConfiguration: Lottie-Windows + NET_VERSION: '9.0.x' + NUGET_VERSION: '6.5.0.' + +jobs: + build_lottie: + runs-on: windows-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + # Set up a VS build environment. + - name: Setup Environment Variables + run: | + "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\Tools\VsDevCmd.bat" -no_logo + shell: cmd + + # Install NuGet tools. + - name: Setup NuGet + uses: NuGet/setup-nuget@v2 + with: + nuget-version: ${{ env.NUGET_VERSION }} + + # Install Nerbank.GitVersioning. + - name: Install NBGV tool + run: dotnet tool install --tool-path . nbgv + + # .NET Core 9 SDK Installer. + - name: Setup .NET SDK + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.NET_VERSION }} + + # Nerdbank.GitVersioning + - name: Set Version + run: nbgv cloud + + # Install the Windows SDK. + # This is needed to build the UWP code. + - name: Install Windows SDK + run: .\build\Install-WindowsSdkISO.ps1 18362 + shell: pwsh + + # Run the build. + - name: Build + run: .\build.ps1 --target=Package + shell: pwsh + working-directory: .\build + + # Publish the results of the build. + - name: Publish Packages + uses: actions/upload-artifact@v4 + with: + name: Packages + path: .\bin\nupkg + + sign: + needs: [build_lottie] + runs-on: windows-latest + permissions: + id-token: write # Required for requesting the JWT + + steps: + - name: Install .NET SDK v${{ env.NET_VERSION }} + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.NET_VERSION }} + dotnet-quality: 'ga' + + - name: Download NuGet List + uses: actions/download-artifact@v4 + with: + name: nuget-list + path: ./ + + - name: Download Package List + uses: actions/download-artifact@v4 + with: + name: packages + path: ./packages + + - name: Install Signing Tool + run: dotnet tool install --tool-path ./tools sign --version 0.9.1-beta.23356.1 + + - name: Sign Packages + run: > + ./tools/sign code azure-key-vault + **/*.nupkg + --base-directory "${{ github.workspace }}/packages" + --file-list "${{ github.workspace }}/SignClientFileList.txt" + --timestamp-url "http://timestamp.digicert.com" + --publisher-name ".NET Foundation" + --description "Windows Community Toolkit" + --description-url "https://developer.microsoft.com/en-us/windows/uwp-community-toolkit" + --azure-key-vault-url "${{ secrets.SIGN_KEY_VAULT_URL }}" + --azure-key-vault-client-id ${{ secrets.SIGN_CLIENT_ID }} + --azure-key-vault-client-secret "${{ secrets.SIGN_CLIENT_SECRET }}" + --azure-key-vault-tenant-id ${{ secrets.SIGN_TENANT_ID }} + --azure-key-vault-certificate "${{ secrets.SIGN_CERTIFICATE }}" + --verbosity Information + + - name: Publish Packages + uses: actions/upload-artifact@v4 + with: + name: signed-packages + if-no-files-found: error + path: | + ${{ github.workspace }}/packages/**/*.nupkg + + release: + if: ${{ startsWith(github.ref, 'refs/tags/') }} + needs: [sign] + environment: nuget-release-gate # This gates this job until manually approved + runs-on: ubuntu-latest + + steps: + - name: Install .NET SDK + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.NET_VERSION }} + dotnet-quality: 'ga' + + - name: Download signed packages for ${{ matrix.platform }} + uses: actions/download-artifact@v4 + with: + name: signed-packages + path: ./packages + + - name: Push to NuGet.org + run: > + dotnet nuget push + **/*.nupkg + --source https://api.nuget.org/v3/index.json + --api-key ${{ secrets.NUGET_PACKAGE_PUSH_TOKEN }} + --skip-duplicate \ No newline at end of file diff --git a/azure-pipelines.yml b/azure-pipelines.yml deleted file mode 100644 index 5c2290741..000000000 --- a/azure-pipelines.yml +++ /dev/null @@ -1,78 +0,0 @@ - -trigger: -- main -- dev/* -- rel/* - -pr: -- main -- dev/* -- rel/* - -pool: - vmImage: windows-2022 - -variables: - BuildConfiguration: Lottie-Windows - -steps: -# Set up a VS build environment. -- task: BatchScript@1 - displayName: Setup Environment Variables - inputs: - filename: "C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\Common7\\Tools\\VsDevCmd.bat" - arguments: -no_logo - modifyEnvironment: true - -# Install NuGet tools. -- task: NuGetToolInstaller@1 - displayName: Use NuGet 6.5.0 - inputs: - versionSpec: 6.5.0 - -# Install Nerbank.GitVersioning. -- task: DotNetCoreCLI@2 - displayName: Install NBGV tool - inputs: - command: custom - custom: tool - arguments: install --tool-path . nbgv - -# .NET Core 9 SDK Installer. -- task: UseDotNet@2 - inputs: - packageType: 'sdk' # Options: runtime, sdk - version: '9.0.x' - -# Nerdbank.GitVersioning -- script: nbgv cloud - displayName: Set Version - -# Install the Windows SDK. -# This is needed to build the UWP code. -- powershell: .\build\Install-WindowsSdkISO.ps1 18362 - displayName: Insider SDK - -# Run the build. -- powershell: .\build.ps1 --target=Package - displayName: Build - workingDirectory: .\build - -# Sign the result of the build. -# - task: PowerShell@2 -# displayName: Authenticode Sign Packages -# inputs: -# filePath: build/Sign-Package.ps1 -# env: -# SignClientUser: $(SignClientUser) -# SignClientSecret: $(SignClientSecret) -# ArtifactDirectory: bin\nupkg -# condition: and(succeeded(), not(eq(variables['build.reason'], 'PullRequest')), not(eq(variables['SignClientSecret'], '')), not(eq(variables['SignClientUser'], ''))) - -# Publish the results of the build. -- task: PublishBuildArtifacts@1 - displayName: Publish Package Artifacts - inputs: - pathToPublish: .\bin\nupkg - artifactType: container - artifactName: Packages From c8a00d0e9eb8a1e34e7b69b583ec5551abbba9f9 Mon Sep 17 00:00:00 2001 From: Min Kwon Date: Wed, 14 May 2025 14:52:50 -0700 Subject: [PATCH 2/5] oops accidentally added a period at end of nuget ver --- .github/workflows/dotnet-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dotnet-build.yml b/.github/workflows/dotnet-build.yml index e05f6e0b3..03dd3815e 100644 --- a/.github/workflows/dotnet-build.yml +++ b/.github/workflows/dotnet-build.yml @@ -19,7 +19,7 @@ on: env: BuildConfiguration: Lottie-Windows NET_VERSION: '9.0.x' - NUGET_VERSION: '6.5.0.' + NUGET_VERSION: '6.5.0' jobs: build_lottie: From 343cdb44d7d5318424b0781420ab6a5b80ccddf9 Mon Sep 17 00:00:00 2001 From: Min Kwon Date: Wed, 14 May 2025 15:06:21 -0700 Subject: [PATCH 3/5] fetch-depth == 0 for version step to work correctly --- .github/workflows/dotnet-build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/dotnet-build.yml b/.github/workflows/dotnet-build.yml index 03dd3815e..95579e293 100644 --- a/.github/workflows/dotnet-build.yml +++ b/.github/workflows/dotnet-build.yml @@ -28,6 +28,8 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + with: + fetch-depth: 0 # Set up a VS build environment. - name: Setup Environment Variables From 0e4b21aa1fff5d34c0cb93793601860602332cc4 Mon Sep 17 00:00:00 2001 From: Min Kwon Date: Wed, 14 May 2025 16:05:27 -0700 Subject: [PATCH 4/5] add build step for actions/upload-artifact nuget-list --- .github/workflows/dotnet-build.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/dotnet-build.yml b/.github/workflows/dotnet-build.yml index 95579e293..72163300a 100644 --- a/.github/workflows/dotnet-build.yml +++ b/.github/workflows/dotnet-build.yml @@ -69,6 +69,14 @@ jobs: shell: pwsh working-directory: .\build + - name: Upload Package List + uses: actions/upload-artifact@v4 + with: + name: nuget-list + if-no-files-found: error + path: | + ${{ github.workspace }}/.github/workflows/SignClientFileList.txt + # Publish the results of the build. - name: Publish Packages uses: actions/upload-artifact@v4 From 8f09609cbf3f9911afce7dccea987228bc861f6b Mon Sep 17 00:00:00 2001 From: Min Kwon Date: Wed, 14 May 2025 16:49:12 -0700 Subject: [PATCH 5/5] apparently aritfact names are case sensitive? Fixing packages name --- .github/workflows/dotnet-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dotnet-build.yml b/.github/workflows/dotnet-build.yml index 72163300a..d02e0b1b8 100644 --- a/.github/workflows/dotnet-build.yml +++ b/.github/workflows/dotnet-build.yml @@ -81,7 +81,7 @@ jobs: - name: Publish Packages uses: actions/upload-artifact@v4 with: - name: Packages + name: packages path: .\bin\nupkg sign: