Fix tags (#2) #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
defaults: | |
run: | |
shell: pwsh | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
release: | |
types: [ published ] | |
jobs: | |
Build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Upload module | |
uses: actions/upload-artifact@v4 | |
with: | |
name: module | |
path: ./src/ | |
Test: | |
needs: Build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Download module | |
uses: actions/download-artifact@v4 | |
with: | |
name: module | |
path: ~/.local/share/powershell/Modules/AnyPackage.Pkgx | |
- name: Install pkgx | |
run: curl -Ssf https://pkgx.sh | sh | |
- name: Install AnyPackage module | |
run: Install-Module AnyPackage -Force -AllowClobber | |
- name: Test with Pester | |
run: | | |
$ht = Import-PowerShellDataFile PesterSettings.psd1 | |
$config = New-PesterConfiguration $ht | |
Invoke-Pester -Configuration $config | |
Sign: | |
needs: Test | |
if: github.event_name == 'release' && github.event.action == 'published' | |
runs-on: windows-latest | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Import certificate | |
env: | |
CERTIFICATE_BASE64: ${{ secrets.CERTIFICATE_BASE64 }} | |
CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }} | |
CERTIFICATE_PASSWORD_KEY_BASE64: ${{ secrets.CERTIFICATE_PASSWORD_KEY_BASE64 }} | |
run: | | |
[convert]::FromBase64String($env:CERTIFICATE_BASE64) | Set-Content -Path cert.pfx -AsByteStream | |
$key = [convert]::FromBase64String($env:CERTIFICATE_PASSWORD_KEY_BASE64) | |
$password = ConvertTo-SecureString $env:CERTIFICATE_PASSWORD -Key $key | |
Import-PfxCertificate cert.pfx -Password $password -CertStoreLocation Cert:\CurrentUser\My | |
- name: Sign files | |
run: | | |
$config = Import-PowerShellDataFile SignSettings.psd1 | |
$config['Certificate'] = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | |
Set-Location .\src | |
Set-AuthenticodeSignature @config | |
- name: Create and sign catalog file | |
run: | | |
$config = Import-PowerShellDataFile SignSettings.psd1 | |
$config['FilePath'] = 'AnyPackage.Pkgx.cat' | |
$config['Certificate'] = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | |
Set-Location .\src | |
New-FileCatalog $config['FilePath'] -CatalogVersion 2 | |
Set-AuthenticodeSignature @config | |
- name: Upload module | |
uses: actions/upload-artifact@v4 | |
with: | |
name: module-signed | |
path: ./src/ | |
Publish: | |
needs: Sign | |
if: github.event_name == 'release' && github.event.action == 'published' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download module | |
uses: actions/download-artifact@v4 | |
with: | |
name: module-signed | |
path: '~/.local/share/powershell/Modules/AnyPackage.Pkgx' | |
- name: Install AnyPackage | |
run: Install-Module AnyPackage -Force -AllowClobber | |
- name: Publish Module | |
env: | |
NUGET_KEY: ${{ secrets.NUGET_KEY }} | |
run: Publish-Module -Name AnyPackage.Pkgx -NuGetApiKey $env:NUGET_KEY |