Switch to centrally managed actions #75
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/github-workflow.json | |
name: .NET | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
env: | |
DOTNET_NOLOGO: true | |
DOTNET_CLI_TELEMETRY_OPTOUT: true | |
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true | |
NUGET_XMLDOC_MODE: '' | |
DOTNET_MULTILEVEL_LOOKUP: 0 | |
jobs: | |
build-windows: | |
runs-on: windows-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # so that NerdBank.GitVersioning has access to history | |
- uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: '8.0.x' | |
- name: Restore dependencies | |
run: dotnet restore | |
- name: Test | |
run: dotnet test | |
- name: Publish | |
run: dotnet publish Example | |
- name: Run example | |
run: ".\\Example\\bin\\Release\\net8.0\\win-x64\\Example.exe" | |
build: | |
strategy: | |
matrix: | |
config: | |
- Release | |
- Debug | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # so that NerdBank.GitVersioning has access to history | |
- name: Install Nix | |
uses: cachix/install-nix-action@V27 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: Restore dependencies | |
run: nix develop --command dotnet restore | |
- name: Build | |
run: nix develop --command dotnet build --no-restore --configuration ${{matrix.config}} | |
- name: Test | |
run: nix develop --command dotnet test --no-build --verbosity normal --configuration ${{matrix.config}} | |
- name: Publish example | |
run: nix develop --command dotnet publish --no-build --verbosity normal --configuration ${{matrix.config}} Example | |
- name: Run example self-contained | |
run: "./Example/bin/${{matrix.config}}/*/*/Example" | |
build-nix: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: cachix/install-nix-action@V27 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: Build | |
run: nix build | |
- name: Reproducibility check | |
run: nix build --rebuild | |
check-dotnet-format: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: cachix/install-nix-action@V27 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: Run Fantomas | |
run: nix run .#fantomas -- --check . | |
check-nix-format: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: cachix/install-nix-action@V27 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: Run Alejandra | |
run: nix develop --command alejandra --check . | |
linkcheck: | |
name: Check links | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@master | |
- name: Install Nix | |
uses: cachix/install-nix-action@V27 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: Run link checker | |
run: nix develop --command markdown-link-check README.md | |
flake-check: | |
name: Check flake | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@master | |
- name: Install Nix | |
uses: cachix/install-nix-action@V27 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: Flake check | |
run: nix flake check | |
nuget-pack: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # so that NerdBank.GitVersioning has access to history | |
- name: Install Nix | |
uses: cachix/install-nix-action@V27 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: Restore dependencies | |
run: nix develop --command dotnet restore | |
- name: Build | |
run: nix develop --command dotnet build --no-restore --configuration Release | |
- name: Pack | |
run: nix develop --command dotnet pack --configuration Release | |
- name: Upload NuGet artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: nuget-package | |
path: WoofWare.DotnetRuntimeLocator/bin/Release/WoofWare.DotnetRuntimeLocator.*.nupkg | |
expected-pack: | |
needs: [nuget-pack] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download NuGet artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: nuget-package | |
path: packed | |
- name: Check NuGet contents | |
# Verify that there is exactly one nupkg in the artifact that would be NuGet published | |
run: if [[ $(find packed -maxdepth 1 -name 'WoofWare.DotnetRuntimeLocator.*.nupkg' -printf c | wc -c) -ne "1" ]]; then exit 1; fi | |
github-release-dry-run: | |
needs: [nuget-pack] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download NuGet artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: nuget-package | |
- name: Tag and release | |
env: | |
DRY_RUN: 1 | |
GITHUB_TOKEN: mock-token | |
run: sh .github/workflows/tag.sh | |
all-required-checks-complete: | |
if: ${{ always() }} | |
needs: [check-dotnet-format, check-nix-format, build, build-nix, linkcheck, flake-check, nuget-pack, expected-pack, github-release-dry-run, build-windows] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: G-Research/common-actions/check-required-lite@2b7dc49cb14f3344fbe6019c14a31165e258c059 | |
with: | |
needs-context: ${{ toJSON(needs) }} | |
attestation: | |
runs-on: ubuntu-latest | |
needs: [all-required-checks-complete] | |
if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }} | |
permissions: | |
id-token: write | |
attestations: write | |
contents: read | |
steps: | |
- name: Download NuGet artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: nuget-package | |
path: packed | |
- name: Attest Build Provenance | |
uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2 | |
with: | |
subject-path: "packed/WoofWare.DotnetRuntimeLocator.*.nupkg" | |
nuget-publish: | |
runs-on: ubuntu-latest | |
if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }} | |
needs: [attestation] | |
environment: main-deploy | |
permissions: | |
id-token: write | |
attestations: write | |
contents: read | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: cachix/install-nix-action@V27 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: Download NuGet artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: nuget-package | |
path: packed | |
- name: Identify .NET | |
id: identify-dotnet | |
run: nix develop --command bash -c "echo dotnet=$(which dotnet) >> $GITHUB_OUTPUT" | |
- name: Publish NuGet package | |
uses: G-Research/common-actions/publish-nuget@2b7dc49cb14f3344fbe6019c14a31165e258c059 | |
with: | |
package-name: WoofWare.DotnetRuntimeLocator | |
nuget-key: ${{ secrets.NUGET_API_KEY }} | |
nupkg-dir: packed/ | |
dotnet: ${{ steps.identify-dotnet.outputs.dotnet }} | |
github-release: | |
runs-on: ubuntu-latest | |
if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }} | |
needs: [all-required-checks-complete] | |
environment: main-deploy | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download NuGet artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: nuget-package | |
- name: Tag and release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: sh .github/workflows/tag.sh |