Test larger runner, fix issue with signing tool arguments

Add some initial outline for next release job (not sure how we want to test this one...)
CommunityToolkit · Aug 18, 2023 · 6736d3d · 6736d3d
1 parent 771c408
commit 6736d3d
Showing 1 changed file with 50 additions and 14 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -57,7 +57,7 @@ jobs:
   # Build both Uno.UI/WinUI2/UWP and Uno.WinUI/WinUI3/WindowsAppSDK versions of our packages using a matrix
   build:
     needs: [Xaml-Style-Check]
-    runs-on: windows-latest
+    runs-on: windows-latest-large
 
     # See https://docs.github.com/actions/using-jobs/using-a-matrix-for-your-jobs
     strategy:
@@ -211,7 +211,7 @@ jobs:
 
   sign:
     needs: [build]
-    # TODO: if: ${{ env.IS_MAIN }}
+    # TODO: if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/rel/') }}
     runs-on: windows-latest
 
     strategy:
@@ -238,17 +238,18 @@ jobs:
         run: dotnet tool install --tool-path ./tools sign --version 0.9.1-beta.23356.1
 
       - name: Sign Packages
-        run: ./tools/sign code azure-key-vault "**/*.nupkg" \
-          --timestamp-url "http://timestamp.digicert.com" \
-          --base-directory "${{ github.workspace }}/packages" \
-          --file-list "${{ github.workspace }}/.github/workflows/SignClientFileList.txt" \
-          --publisher-name ".NET Foundation" \
-          --description "Windows Community Toolkit" \
-          --description-url "https://github.com/CommunityToolkit/Windows" \
-          --azure-key-vault-certificate "${{ secrets.SIGN_CERTIFICATE }}" \
-          --azure-key-vault-client-id "${{ secrets.SIGN_CLIENT_ID }}" \
-          --azure-key-vault-client-secret "${{ secrets.SIGN_CLIENT_SECRET }}" \
-          --azure-key-vault-tenant-id "${{ secrets.SIGN_TENANT_ID }}" \
+        run: >
+          ./tools/sign code azure-key-vault "**/*.nupkg"
+          --timestamp-url "http://timestamp.digicert.com"
+          --base-directory "${{ github.workspace }}/packages"
+          --file-list "${{ github.workspace }}/.github/workflows/SignClientFileList.txt"
+          --publisher-name ".NET Foundation"
+          --description "Windows Community Toolkit"
+          --description-url "https://github.com/CommunityToolkit/Windows"
+          --azure-key-vault-certificate "${{ secrets.SIGN_CERTIFICATE }}"
+          --azure-key-vault-client-id "${{ secrets.SIGN_CLIENT_ID }}"
+          --azure-key-vault-client-secret "${{ secrets.SIGN_CLIENT_SECRET }}"
+          --azure-key-vault-tenant-id "${{ secrets.SIGN_TENANT_ID }}"
           --azure-key-vault-url "${{ secrets.SIGN_KEY_VAULT_URL }}"
 
       #- name: Add source (main)
@@ -260,7 +261,42 @@ jobs:
           dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-PullRequests/nuget/v3/index.json --name PullRequests --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }}
           dotnet nuget push "**/*.nupkg" --api-key dummy --source PullRequests --skip-duplicate
 
-      # TODO: If release we should push to NuGet
+      - name: Upload Signed Packages as Artifacts (for release)
+        uses: actions/upload-artifact@v3
+        if: ${{ env.IS_RELEASE }}
+        with:
+          name: signed-nuget-packages-${{ matrix.platform }}
+          if-no-files-found: error
+          path: |
+            **/*.nupkg
+
+  release:
+    if: ${{ startsWith(github.ref, 'refs/heads/rel/') }}
+    needs: [sign]
+    environment: nuget-release-gate # This gates this job until manually approved
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false # prevent one matrix pipeline from being cancelled if one fails, we want them both to run to completion.
+      matrix:
+        platform: [WinUI2, WinUI3]
+
+    steps:
+      - name: Install .NET SDK v${{ env.DOTNET_VERSION }}
+        uses: actions/setup-dotnet@v3
+        with:
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
+      - name: Download signed packages for ${{ matrix.platform }}
+        uses: actions/download-artifact@v3
+        with:
+          name: signed-nuget-packages-${{ matrix.platform }}
+          path: ./packages
+
+      - name: Push to NuGet.org
+        run: |
+          dotnet nuget update source nuget.org --username dummy --password ${{ secrets.NUGET_PACKAGE_PUSH_TOKEN }}
+          dotnet nuget push "**/*.nupkg" --api-key dummy --source nuget.org --skip-duplicate
 
   wasm-linux:
     runs-on: ubuntu-latest