5757 # Build both Uno.UI/WinUI2/UWP and Uno.WinUI/WinUI3/WindowsAppSDK versions of our packages using a matrix
5858 build :
5959 needs : [Xaml-Style-Check]
60- runs-on : windows-latest
60+ runs-on : windows-latest-large
6161
6262 # See https://docs.github.com/actions/using-jobs/using-a-matrix-for-your-jobs
6363 strategy :
@@ -139,7 +139,9 @@ jobs:
139139 - name : Push Pull Request Packages
140140 if : ${{ env.IS_PR }}
141141 run : |
142- dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-PullRequests/nuget/v3/index.json --name PullRequests --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }}
142+ dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-PullRequests/nuget/v3/index.json `
143+ --name PullRequests `
144+ --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }}
143145 dotnet nuget push "**/*.nupkg" --api-key dummy --source PullRequests --skip-duplicate
144146
145147# Run tests
@@ -211,15 +213,18 @@ jobs:
211213
212214sign :
213215 needs : [build]
214- # TODO: if: ${{ env.IS_MAIN }}
216+ # TODO: if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/rel/') }}
215217 runs-on : windows-latest
218+ permissions :
219+ id-token : write # Required for requesting the JWT
216220
217221 strategy :
218222 fail-fast : false # prevent one matrix pipeline from being cancelled if one fails, we want them both to run to completion.
219223 matrix :
220224 platform : [WinUI2, WinUI3]
221225
222226 steps :
227+ # TODO: Just upload/download file list file to build artifact as in example?
223228 - name : Checkout Repository
224229 uses : actions/checkout@v3
225230
@@ -238,29 +243,69 @@ jobs:
238243 run : dotnet tool install --tool-path ./tools sign --version 0.9.1-beta.23356.1
239244
240245 - name : Sign Packages
241- run : ./tools/sign code azure-key-vault "**/*.nupkg" \
242- --timestamp-url "http://timestamp.digicert.com" \
243- --base-directory "${{ github.workspace }}/packages" \
244- --file-list "${{ github.workspace }}/.github/workflows/SignClientFileList.txt" \
245- --publisher-name ".NET Foundation" \
246- --description "Windows Community Toolkit" \
247- --description-url "https://github.com/CommunityToolkit/Windows" \
248- --azure-key-vault-certificate "${{ secrets.SIGN_CERTIFICATE }}" \
249- --azure-key-vault-client-id "${{ secrets.SIGN_CLIENT_ID }}" \
250- --azure-key-vault-client-secret "${{ secrets.SIGN_CLIENT_SECRET }}" \
251- --azure-key-vault-tenant-id "${{ secrets.SIGN_TENANT_ID }}" \
246+ run : >
247+ ./tools/sign code azure-key-vault
248+ **/*.nupkg
249+ --base-directory "${{ github.workspace }}/packages"
250+ --file-list "${{ github.workspace }}/.github/workflows/SignClientFileList.txt"
251+ --timestamp-url "http://timestamp.digicert.com"
252+ --publisher-name ".NET Foundation"
253+ --description "Windows Community Toolkit"
254+ --description-url "https://github.com/CommunityToolkit/Windows"
252255 --azure-key-vault-url "${{ secrets.SIGN_KEY_VAULT_URL }}"
256+ --azure-key-vault-client-id ${{ secrets.SIGN_CLIENT_ID }}
257+ --azure-key-vault-client-secret "${{ secrets.SIGN_CLIENT_SECRET }}"
258+ --azure-key-vault-tenant-id ${{ secrets.SIGN_TENANT_ID }}
259+ --azure-key-vault-certificate "${{ secrets.SIGN_CERTIFICATE }}"
260+ --verbosity Information
253261
254- # - name: Add source (main)
255- # run: dotnet nuget update source MainLatest --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }}
256-
257- # TODO: For now push to PR feed so we can validate if any of this works...
262+ # TODO: For now push to PR feed so we can validate if any of this works... change to MainLatest after
258263 - name : Push Signed Packages
259264 run : |
260- dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-PullRequests/nuget/v3/index.json --name PullRequests --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }}
265+ dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-PullRequests/nuget/v3/index.json `
266+ --name PullRequests `
267+ --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }}
261268 dotnet nuget push "**/*.nupkg" --api-key dummy --source PullRequests --skip-duplicate
262269
263- # TODO: If release we should push to NuGet
270+ name : Upload Signed Packages as Artifacts (for release)
271+ uses : actions/upload-artifact@v3
272+ # TODO: if: ${{ env.IS_RELEASE }}
273+ with :
274+ name : signed-nuget-packages-${{ matrix.platform }}
275+ if-no-files-found : error
276+ path : |
277+ ${{ github.workspace }}/packages/**/*.nupkg
278+
279+ release :
280+ if : ${{ startsWith(github.ref, 'refs/heads/rel/') }}
281+ needs : [sign]
282+ environment : nuget-release-gate # This gates this job until manually approved
283+ runs-on : ubuntu-latest
284+
285+ strategy :
286+ fail-fast : false # prevent one matrix pipeline from being cancelled if one fails, we want them both to run to completion.
287+ matrix :
288+ platform : [WinUI2, WinUI3]
289+
290+ steps :
291+ - name : Install .NET SDK v${{ env.DOTNET_VERSION }}
292+ uses : actions/setup-dotnet@v3
293+ with :
294+ dotnet-version : ${{ env.DOTNET_VERSION }}
295+
296+ - name : Download signed packages for ${{ matrix.platform }}
297+ uses : actions/download-artifact@v3
298+ with :
299+ name : signed-nuget-packages-${{ matrix.platform }}
300+ path : ./packages
301+
302+ - name : Push to NuGet.org
303+ run : >
304+ dotnet nuget push
305+ **/*.nupkg
306+ --source https://api.nuget.org/v3/index.json
307+ --api-key ${{ secrets.NUGET_PACKAGE_PUSH_TOKEN }}
308+ --skip-duplicate
264309
265310wasm-linux :
266311 runs-on : ubuntu-latest
0 commit comments