@@ -8,14 +8,20 @@ name: CI
88on :
99 # Triggers the workflow on push or pull request events but only for the main branch
1010 push :
11- branches : [ main ]
11+ branches : [ main, 'rel/weekly' ]
1212 pull_request :
1313 branches : [ main ]
1414
1515 # Allows you to run this workflow manually from the Actions tab
1616 workflow_dispatch :
1717 merge_group :
1818
19+ # Allow this workflow to be triggered by scheduled release workflows
20+ workflow_run :
21+ workflows : [ weekly-merge ]
22+ types :
23+ - completed
24+
1925env :
2026 DOTNET_VERSION : ${{ '9.0.x' }}
2127 ENABLE_DIAGNOSTICS : true
7278
7379 env :
7480 MULTI_TARGET_DIRECTORY : tooling/MultiTarget
75- VERSION_PROPERTY : ${{ github.ref == 'refs/heads/main' && format('build.{0}', github.run_number) || format('pull-{0}.{1}', github.event.number, github.run_number) }}
81+ VERSION_PROPERTY : ${{ ( github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/rel/')) && format('build.{0}', github.run_number) || format('pull-{0}.{1}', github.event.number, github.run_number) }}
7682
7783 # Steps represent a sequence of tasks that will be executed as part of the job
7884 steps :
@@ -228,7 +234,7 @@ jobs:
228234 winui : [0, 2, 3]
229235
230236 env :
231- VERSION_PROPERTY : ${{ github.ref == 'refs/heads/main' && format('build.{0}', github.run_number) || format('pull-{0}.{1}', github.event.number, github.run_number) }}
237+ VERSION_PROPERTY : ${{ ( github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/rel/')) && format('build.{0}', github.run_number) || format('pull-{0}.{1}', github.event.number, github.run_number) }}
232238
233239 steps :
234240 - name : Install .NET SDK v${{ env.DOTNET_VERSION }}
@@ -320,6 +326,103 @@ jobs:
320326 name : build-logs-winui${{ matrix.winui }}
321327 path : ./*.*log
322328
329+ sign :
330+ needs : [package]
331+ if : ${{ startsWith(github.ref, 'refs/heads/rel/') }}
332+ runs-on : windows-latest
333+ permissions :
334+ id-token : write # Required for requesting the JWT
335+
336+ strategy :
337+ fail-fast : false # prevent one matrix pipeline from being cancelled if one fails, we want them both to run to completion.
338+ matrix :
339+ winui : [2, 3]
340+
341+ steps :
342+ - name : Install .NET SDK v${{ env.DOTNET_VERSION }}
343+ uses : actions/setup-dotnet@v4
344+ with :
345+ dotnet-version : ${{ env.DOTNET_VERSION }}
346+
347+ - name : Download Package List
348+ uses : actions/download-artifact@v4
349+ with :
350+ name : nuget-list-${{ matrix.winui }}
351+ path : ./
352+
353+ - name : Download built packages for WinUI ${{ matrix.winui }}
354+ uses : actions/download-artifact@v4
355+ with :
356+ name : nuget-packages-winui${{ matrix.winui }}
357+ path : ./packages
358+
359+ - name : Install Signing Tool
360+ run : dotnet tool install --tool-path ./tools sign --version 0.9.1-beta.23356.1
361+
362+ - name : Sign Packages
363+ run : >
364+ ./tools/sign code azure-key-vault
365+ **/*.nupkg
366+ --base-directory "${{ github.workspace }}/packages"
367+ --file-list "${{ github.workspace }}/SignClientFileList.txt"
368+ --timestamp-url "http://timestamp.digicert.com"
369+ --publisher-name ".NET Foundation"
370+ --description "Windows Community Toolkit Labs"
371+ --description-url "https://github.com/CommunityToolkit/Labs-Windows"
372+ --azure-key-vault-url "${{ secrets.SIGN_KEY_VAULT_URL }}"
373+ --azure-key-vault-client-id ${{ secrets.SIGN_CLIENT_ID }}
374+ --azure-key-vault-client-secret "${{ secrets.SIGN_CLIENT_SECRET }}"
375+ --azure-key-vault-tenant-id ${{ secrets.SIGN_TENANT_ID }}
376+ --azure-key-vault-certificate "${{ secrets.SIGN_CERTIFICATE }}"
377+ --verbosity Information
378+
379+ name : Push Signed Packages
380+ run : |
381+ dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-MainLatest/nuget/v3/index.json `
382+ --name MainLatest `
383+ --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }}
384+ dotnet nuget push "**/*.nupkg" --api-key dummy --source MainLatest --skip-duplicate
385+
386+ name : Upload Signed Packages as Artifacts (for release)
387+ uses : actions/upload-artifact@v4
388+ if : ${{ env.IS_RELEASE == 'true' }}
389+ with :
390+ name : signed-nuget-packages-${{ matrix.winui }}
391+ if-no-files-found : error
392+ path : |
393+ ${{ github.workspace }}/packages/**/*.nupkg
394+
395+ release :
396+ if : ${{ startsWith(github.ref, 'refs/heads/rel/') }}
397+ needs : [sign]
398+ environment : nuget-release-gate # This gates this job until manually approved
399+ runs-on : ubuntu-latest
400+
401+ strategy :
402+ fail-fast : false # prevent one matrix pipeline from being cancelled if one fails, we want them both to run to completion.
403+ matrix :
404+ winui : [2, 3]
405+
406+ steps :
407+ - name : Install .NET SDK v${{ env.DOTNET_VERSION }}
408+ uses : actions/setup-dotnet@v4
409+ with :
410+ dotnet-version : ${{ env.DOTNET_VERSION }}
411+
412+ - name : Download signed packages for WinUI ${{ matrix.winui }}
413+ uses : actions/download-artifact@v4
414+ with :
415+ name : signed-nuget-packages-${{ matrix.winui }}
416+ path : ./packages
417+
418+ - name : Push to NuGet.org
419+ run : >
420+ dotnet nuget push
421+ **/*.nupkg
422+ --source https://api.nuget.org/v3/index.json
423+ --api-key ${{ secrets.NUGET_PACKAGE_PUSH_TOKEN }}
424+ --skip-duplicate
425+
323426wasm-linux :
324427 runs-on : ubuntu-latest
325428 env :
0 commit comments