ci: Update changelog publish details (#460) #332
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Run Release Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| release-package: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # for googleapis/release-please-action to create release commit | |
| pull-requests: write # for googleapis/release-please-action to create release PR | |
| issues: write # for googleapis/release-please-action to create labels | |
| steps: | |
| - uses: googleapis/release-please-action@a02a34c4d625f9be7cb89156071d8567266a2445 #v4 | |
| id: release | |
| with: | |
| token: ${{secrets.RELEASE_PLEASE_ACTION_TOKEN}} | |
| outputs: | |
| all: ${{ toJSON(steps.release.outputs) }} | |
| releases_created: ${{ steps.release.outputs.releases_created }} | |
| paths_released: ${{ steps.release.outputs.paths_released }} | |
| release: | |
| needs: release-package | |
| environment: publish | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write # upload sbom to a release | |
| attestations: write | |
| packages: read # for internal nuget reading | |
| if: ${{ fromJSON(needs.release-package.outputs.releases_created || false) }} | |
| strategy: | |
| matrix: | |
| release: ${{ fromJSON(needs.release-package.outputs.paths_released) }} | |
| env: | |
| TAG_NAME: ${{ fromJSON(needs.release-package.outputs.all)[format('{0}--tag_name', matrix.release)] }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: recursive | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4 | |
| env: | |
| NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| global-json-file: global.json | |
| source-url: https://nuget.pkg.github.com/open-feature/index.json | |
| - name: Cache NuGet packages | |
| uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 | |
| with: | |
| path: ~/.nuget/packages | |
| key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }} | |
| restore-keys: | | |
| ${{ runner.os }}-nuget- | |
| - name: Install dependencies | |
| run: dotnet restore | |
| - name: Build | |
| run: | | |
| dotnet build --configuration Release --no-restore -p:Deterministic=true | |
| - name: Pack | |
| run: | | |
| dotnet pack --configuration Release --no-build | |
| - name: Publish to Nuget | |
| run: | | |
| dotnet nuget push "${{ matrix.release }}/**/*.nupkg" --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_TOKEN }} | |
| - name: Generate artifact attestation | |
| uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0 | |
| with: | |
| subject-path: "${{ matrix.release }}/**/*.nupkg" | |
| - name: Find csproj file and set as environment variable | |
| id: find-csproj | |
| run: | | |
| csproj_path=$(find "${{ matrix.release }}" -name '*.csproj' -type f -print -quit) | |
| echo "CSPROJ_PATH=$csproj_path" >> "$GITHUB_OUTPUT" | |
| - name: Generate JSON SBOM | |
| uses: CycloneDX/gh-dotnet-generate-sbom@c183e4ac30e5b99354cb9a98c38548e07c538346 # v1.0.1 | |
| with: | |
| path: ${{ steps.find-csproj.outputs.CSPROJ_PATH }} | |
| json: true | |
| github-bearer-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Attest package | |
| uses: actions/attest-sbom@bd218ad0dbcb3e146bd073d1d9c6d78e08aa8a0b # v2.4.0 | |
| with: | |
| subject-path: "${{ matrix.release }}/**/*.nupkg" | |
| sbom-path: bom.json | |
| - name: Attach SBOM to artifact | |
| env: | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| run: gh release upload ${{ env.TAG_NAME }} bom.json |