.github/workflows/release.yml

name: Release

on:
  push:
    tags:
      - 'v*'
  
jobs:
  build:
    uses: ./.github/workflows/ci.yml
    permissions:
      id-token: write
      contents: read
      checks: write

  release:
    name: Build Installer & Draft Release
    #if: github.ref == 'refs/heads/master' && github.repository == 'gerardog/gsudo'
    if: github.repository == 'gerardog/gsudo'
    runs-on: windows-latest
    environment:
      name: release-github
    needs: build
    env:
      cert_path: "C:\\secret\\cert.pfx"
      cert_key: ${{ secrets.P_F_X_Key }}
      version: ${{ needs.build.outputs.version }}
      version_MajorMinorPatch: ${{ needs.build.outputs.version_MajorMinorPatch }}
      is_prerelease: ${{ needs.build.outputs.is_prerelease }}
    permissions:
      contents: write      
    steps:
    - name: Install dependencies
      run: choco install GitVersion.Portable --version 5.6.11 --confirm --no-progress; choco install NuGet.CommandLine GitVersion.Portable wixtoolset --confirm --no-progress
    - uses: actions/checkout@v2
      with: 
        fetch-depth: 0
    - uses: actions/download-artifact@v3
      with:
        name: Binaries
        path: ./artifacts
    - name: Decode certificate
      # Certificate encoded and uploaded as environment secret using: [convert]::ToBase64String((Get-Content .\code_signing.pfx -AsByteStream))
      run: |
        $pfx_cert_byte = [System.Convert]::FromBase64String("${{ secrets.p_f_x }}")
        $_ = mkdir (split-path -parent $env:cert_path) -ErrorAction Ignore
        [IO.File]::WriteAllBytes("$env:cert_path", $pfx_cert_byte)
    - name: Code Sign
      run: ./build/03-sign.ps1
    - name: Upload build artifacts
      uses: actions/upload-artifact@v3
      with:
        name: Binaries
        path: ./artifacts       
    - name: Build Installer
      run: ./build/04-build-installer.ps1
    - name: Remove the pfx
      run: Remove-Item -path $env:cert_path
    - name: Upload installer artifacts
      uses: actions/upload-artifact@v3
      with:
        name: Installer
        path: ./artifacts/*.msi
    - name: Create Release
      uses: ncipollo/release-action@v1.12.0
      with:
        artifacts: "artifacts/*.*"
        token: ${{ secrets.GITHUB_TOKEN  }}
        draft: true
        prerelease: ${{ env.is_prerelease==1 }}
        make_latest: false
        generateReleaseNotes: true
        name: gsudo v${{env.version}}
        tag: v${{env.version}}
        commit: ${{env.GITHUB_SHA}}
        allowUpdates: true 
        omitBodyDuringUpdate: true 
        omitDraftDuringUpdate: true
        replacesArtifacts: true

  publish:
    name: Publish Release
    #if: github.ref == 'refs/heads/master' && github.repository == 'gerardog/gsudo'
    if: github.repository == 'gerardog/gsudo'
    runs-on: windows-latest
    needs: [build, release]
    permissions:
      contents: write
    environment:
      name: release-github-publish
    env:
      version: ${{ needs.build.outputs.version }}
      version_MajorMinorPatch: ${{ needs.build.outputs.version_MajorMinorPatch }}
      is_prerelease: ${{ needs.build.outputs.is_prerelease }}
    steps:
    - name: Publish Release
      uses: ncipollo/release-action@v1.12.0
      with:
        token: ${{ secrets.GITHUB_TOKEN  }}
        name: gsudo v${{env.version}}
        tag: v${{env.version}}
        commit: ${{env.GITHUB_SHA}}
        draft: false
        prerelease: ${{ env.is_prerelease == 1}}
        makelatest: ${{ env.is_prerelease == 0}}
        allowUpdates: true 
        omitBodyDuringUpdate: true
        omitPrereleaseDuringUpdate: true

  publishChocoWinGet:
    name: Push to Chocolatey & Winget
    if: github.repository == 'gerardog/gsudo'
    runs-on: windows-latest
    needs: [build, publish]
    permissions:
      contents: write
    environment:
      name: release-chocolatey
    env:
      version: ${{ needs.build.outputs.version }}
      version_MajorMinorPatch: ${{ needs.build.outputs.version_MajorMinorPatch }}
      is_prerelease: ${{ needs.build.outputs.is_prerelease }}
    steps:
    - uses: actions/checkout@v2
      with: 
        fetch-depth: 0
    - uses: actions/download-artifact@v3
      with:
        name: Binaries
        path: ./artifacts
    - name: Import Chocolatey Api Key
      run: choco apikey --key ${{ secrets.CHOCOLATEY_APIKEY }} --source https://push.chocolatey.org/
    - name: Build Package for Chocolatey & Upload
      run: ./build/05-release-Chocolatey.ps1
    - name: Upload build artifacts
      uses: actions/upload-artifact@v3
      with:
        name: Binaries
        path: ./artifacts
    - name: WinGet Releaser
      uses: vedantmgoyal2009/winget-releaser@v2
      if: ${{ env.is_prerelease == 0 }}
      with: 
        token: ${{ secrets.WINGET_RELEASER_TOKEN }}
        identifier: gerardog.gsudo
        installers-regex: '\.msi$' # Only .msi files

  publishNuget:
    name: Push to Nuget
    if: github.repository == 'gerardog/gsudo'
    runs-on: windows-latest
    needs: [build, publishChocoWinGet]
    permissions:
      contents: write
    environment:
      name: release-nuget
    env:
      version: ${{ needs.build.outputs.version }}
      version_MajorMinorPatch: ${{ needs.build.outputs.version_MajorMinorPatch }}
    steps:
    - uses: actions/checkout@v2
      with: 
        fetch-depth: 0
    - uses: actions/download-artifact@v3
      with:
        name: Binaries
        path: ./artifacts
    - name: Import Nuget Api Key
      run: nuget setapikey ${{ secrets.NUGET_APIKEY }} 
    - name: Build Package for Nuget & Upload
      run: ./build/06-release-Nuget.ps1
        
  docs:
    needs: publish
    uses: ./.github/workflows/docs.yml
    permissions:
      id-token: write
      contents: read
      pages: write