From 9fe22335ff46df8b6e365a0c837f06fdfa76d201 Mon Sep 17 00:00:00 2001 From: michael-hawker <24302614+michael-hawker@users.noreply.github.com> Date: Thu, 17 Aug 2023 13:43:59 -0700 Subject: [PATCH 1/9] Initial test for signing packages (push to PR feed to validate) --- .github/workflows/SignClientFileList.txt | 1 + .github/workflows/build.yml | 85 ++++++++++++++++++++---- 2 files changed, 74 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/SignClientFileList.txt diff --git a/.github/workflows/SignClientFileList.txt b/.github/workflows/SignClientFileList.txt new file mode 100644 index 00000000..1a17866f --- /dev/null +++ b/.github/workflows/SignClientFileList.txt @@ -0,0 +1 @@ +**/CommunityToolkit.* \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 58b4b300..9d917da4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -24,6 +24,9 @@ env: COREHOST_TRACEFILE: corehosttrace.log MULTI_TARGET_DIRECTORY: tooling/MultiTarget HEADS_DIRECTORY: tooling/ProjectHeads + IS_MAIN: ${{ github.ref == 'refs/heads/main' }} + IS_PR: ${{ startsWith(github.ref, 'refs/pull/') }} + IS_RELEASE: ${{ startsWith(github.ref, 'refs/heads/rel/') }} # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: @@ -120,9 +123,9 @@ jobs: run: powershell -version 5.1 -command "./tooling/GenerateAllSolution.ps1 -IncludeHeads ${{ env.TEST_PLATFORM }}${{ env.ENABLE_DIAGNOSTICS == 'true' && ' -UseDiagnostics' || '' }}" -ErrorAction Stop - name: Enable Uno.WinUI (in WinUI3 matrix only) + if: ${{ matrix.platform == 'WinUI3' }} working-directory: ./${{ env.MULTI_TARGET_DIRECTORY }} run: powershell -version 5.1 -command "./UseUnoWinUI.ps1 3" -ErrorAction Stop - if: ${{ matrix.platform == 'WinUI3' }} - name: MSBuild run: msbuild.exe CommunityToolkit.AllComponents.sln /restore /nowarn:MSB4011 -p:Configuration=Release -m ${{ env.VERSION_PROPERTY }} ${{ env.ENABLE_DIAGNOSTICS == 'true' && '/bl' || '' }} -v:${{ env.MSBUILD_VERBOSITY }} @@ -132,17 +135,12 @@ jobs: working-directory: ./tooling/Scripts/ run: ./PackEachExperiment.ps1 -extraBuildProperties "${{ env.VERSION_PROPERTY }}" - # Push Packages to our DevOps Artifacts Feed (see nuget.config) - - name: Add source (main) - if: ${{ github.ref == 'refs/heads/main' }} - run: dotnet nuget update source MainLatest --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }} - - - name: Add source (pull requests) - if: ${{ github.ref != 'refs/heads/main' }} - run: dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-PullRequests/nuget/v3/index.json --name PullRequests --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }} - - - name: Push packages - run: dotnet nuget push "**/*.nupkg" --api-key dummy --source ${{ github.ref == 'refs/heads/main' && 'MainLatest' || 'PullRequests' }} --skip-duplicate + # Push Pull Request Packages to our DevOps Artifacts Feed (see nuget.config) + - name: Push Pull Request Packages + if: ${{ env.IS_PR }} + run: | + dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-PullRequests/nuget/v3/index.json --name PullRequests --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }} + dotnet nuget push "**/*.nupkg" --api-key dummy --source PullRequests --skip-duplicate # Run tests - name: Setup VSTest Path @@ -201,6 +199,69 @@ jobs: dotnet tool install --global dotnet-dump dotnet-dump analyze ${{ steps.detect-dump.outputs.DUMP_FILE }} -c "clrstack" -c "pe -lines" -c "exit" + # if we're not doing a PR build then we upload our packages so we can sign as a separate job. + - name: Upload Packages as Artifacts + uses: actions/upload-artifact@v3 + # TODO: if: ${{ env.IS_PR == false }} + with: + name: nuget-packages-${{ matrix.platform }} + if-no-files-found: error + path: | + **/*.nupkg + + sign: + needs: [build] + # TODO: if: ${{ env.IS_MAIN }} + runs-on: windows-latest + + strategy: + fail-fast: false # prevent one matrix pipeline from being cancelled if one fails, we want them both to run to completion. + matrix: + platform: [WinUI2, WinUI3] + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Install .NET SDK v${{ env.DOTNET_VERSION }} + uses: actions/setup-dotnet@v3 + with: + dotnet-version: ${{ env.DOTNET_VERSION }} + + - name: Download built packages for ${{ matrix.platform }} + uses: actions/download-artifact@v3 + with: + name: nuget-packages-${{ matrix.platform }} + path: ./packages + + - name: Install Signing Tool + run: dotnet tool install --tool-path ./tools sign --version 0.9.1-beta.23356.1 + + - name: Sign Packages + run: ./tools/sign code azure-key-vault "**/*.nupkg" \ + --timestamp-url "http://timestamp.digicert.com" \ + --base-directory "${{ github.workspace }}/packages" \ + --file-list "${{ github.workspace }}/.github/workflows/SignClientFileList.txt" \ + --publisher-name ".NET Foundation" \ + --description "Windows Community Toolkit" \ + --description-url "https://github.com/CommunityToolkit/Windows" \ + --azure-key-vault-certificate "${{ secrets.SIGN_CERTIFICATE }}" \ + --azure-key-vault-client-id "${{ secrets.SIGN_CLIENT_ID }}" \ + --azure-key-vault-client-secret "${{ secrets.SIGN_CLIENT_SECRET }}" \ + --azure-key-vault-tenant-id "${{ secrets.SIGN_TENANT_ID }}" \ + --azure-key-vault-url "${{ secrets.SIGN_KEY_VAULT_URL }}" + + #- name: Add source (main) + # run: dotnet nuget update source MainLatest --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }} + + # TODO: For now push to PR feed so we can validate if any of this works... + - name: Push Signed Packages + run: | + dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-PullRequests/nuget/v3/index.json --name PullRequests --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }} + dotnet nuget push "**/*.nupkg" --api-key dummy --source PullRequests --skip-duplicate + + # TODO: If release we should push to NuGet + wasm-linux: runs-on: ubuntu-latest From 561c5b76141f398a8d47bd405e318d992935cd08 Mon Sep 17 00:00:00 2001 From: michael-hawker <24302614+michael-hawker@users.noreply.github.com> Date: Thu, 17 Aug 2023 17:57:40 -0700 Subject: [PATCH 2/9] Test larger runner, fix issue with signing tool arguments Add some initial outline for next release job (not sure how we want to test this one...) --- .github/workflows/build.yml | 85 ++++++++++++++++++++++++++++--------- 1 file changed, 65 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9d917da4..51d5e37e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -57,7 +57,7 @@ jobs: # Build both Uno.UI/WinUI2/UWP and Uno.WinUI/WinUI3/WindowsAppSDK versions of our packages using a matrix build: needs: [Xaml-Style-Check] - runs-on: windows-latest + runs-on: windows-latest-large # See https://docs.github.com/actions/using-jobs/using-a-matrix-for-your-jobs strategy: @@ -139,7 +139,9 @@ jobs: - name: Push Pull Request Packages if: ${{ env.IS_PR }} run: | - dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-PullRequests/nuget/v3/index.json --name PullRequests --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }} + dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-PullRequests/nuget/v3/index.json ` + --name PullRequests ` + --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }} dotnet nuget push "**/*.nupkg" --api-key dummy --source PullRequests --skip-duplicate # Run tests @@ -211,8 +213,10 @@ jobs: sign: needs: [build] - # TODO: if: ${{ env.IS_MAIN }} + # TODO: if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/rel/') }} runs-on: windows-latest + permissions: + id-token: write # Required for requesting the JWT strategy: fail-fast: false # prevent one matrix pipeline from being cancelled if one fails, we want them both to run to completion. @@ -220,6 +224,7 @@ jobs: platform: [WinUI2, WinUI3] steps: + # TODO: Just upload/download file list file to build artifact as in example? - name: Checkout Repository uses: actions/checkout@v3 @@ -238,29 +243,69 @@ jobs: run: dotnet tool install --tool-path ./tools sign --version 0.9.1-beta.23356.1 - name: Sign Packages - run: ./tools/sign code azure-key-vault "**/*.nupkg" \ - --timestamp-url "http://timestamp.digicert.com" \ - --base-directory "${{ github.workspace }}/packages" \ - --file-list "${{ github.workspace }}/.github/workflows/SignClientFileList.txt" \ - --publisher-name ".NET Foundation" \ - --description "Windows Community Toolkit" \ - --description-url "https://github.com/CommunityToolkit/Windows" \ - --azure-key-vault-certificate "${{ secrets.SIGN_CERTIFICATE }}" \ - --azure-key-vault-client-id "${{ secrets.SIGN_CLIENT_ID }}" \ - --azure-key-vault-client-secret "${{ secrets.SIGN_CLIENT_SECRET }}" \ - --azure-key-vault-tenant-id "${{ secrets.SIGN_TENANT_ID }}" \ + run: > + ./tools/sign code azure-key-vault + **/*.nupkg + --base-directory "${{ github.workspace }}/packages" + --file-list "${{ github.workspace }}/.github/workflows/SignClientFileList.txt" + --timestamp-url "http://timestamp.digicert.com" + --publisher-name ".NET Foundation" + --description "Windows Community Toolkit" + --description-url "https://github.com/CommunityToolkit/Windows" --azure-key-vault-url "${{ secrets.SIGN_KEY_VAULT_URL }}" + --azure-key-vault-client-id ${{ secrets.SIGN_CLIENT_ID }} + --azure-key-vault-client-secret "${{ secrets.SIGN_CLIENT_SECRET }}" + --azure-key-vault-tenant-id ${{ secrets.SIGN_TENANT_ID }} + --azure-key-vault-certificate "${{ secrets.SIGN_CERTIFICATE }}" + --verbosity Information - #- name: Add source (main) - # run: dotnet nuget update source MainLatest --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }} - - # TODO: For now push to PR feed so we can validate if any of this works... + # TODO: For now push to PR feed so we can validate if any of this works... change to MainLatest after - name: Push Signed Packages run: | - dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-PullRequests/nuget/v3/index.json --name PullRequests --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }} + dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-PullRequests/nuget/v3/index.json ` + --name PullRequests ` + --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }} dotnet nuget push "**/*.nupkg" --api-key dummy --source PullRequests --skip-duplicate - # TODO: If release we should push to NuGet + - name: Upload Signed Packages as Artifacts (for release) + uses: actions/upload-artifact@v3 + # TODO: if: ${{ env.IS_RELEASE }} + with: + name: signed-nuget-packages-${{ matrix.platform }} + if-no-files-found: error + path: | + ${{ github.workspace }}/packages/**/*.nupkg + + release: + if: ${{ startsWith(github.ref, 'refs/heads/rel/') }} + needs: [sign] + environment: nuget-release-gate # This gates this job until manually approved + runs-on: ubuntu-latest + + strategy: + fail-fast: false # prevent one matrix pipeline from being cancelled if one fails, we want them both to run to completion. + matrix: + platform: [WinUI2, WinUI3] + + steps: + - name: Install .NET SDK v${{ env.DOTNET_VERSION }} + uses: actions/setup-dotnet@v3 + with: + dotnet-version: ${{ env.DOTNET_VERSION }} + + - name: Download signed packages for ${{ matrix.platform }} + uses: actions/download-artifact@v3 + with: + name: signed-nuget-packages-${{ matrix.platform }} + path: ./packages + + - name: Push to NuGet.org + run: > + dotnet nuget push + **/*.nupkg + --source https://api.nuget.org/v3/index.json + --api-key ${{ secrets.NUGET_PACKAGE_PUSH_TOKEN }} + --skip-duplicate wasm-linux: runs-on: ubuntu-latest From cb418b6337800f67f702a77accacd291dec35c1b Mon Sep 17 00:00:00 2001 From: michael-hawker <24302614+michael-hawker@users.noreply.github.com> Date: Mon, 21 Aug 2023 09:48:22 -0700 Subject: [PATCH 3/9] Use Package List file as artifact vs. checking out whole repo --- .github/workflows/build.yml | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 51d5e37e..5dde47e9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -201,6 +201,15 @@ jobs: dotnet tool install --global dotnet-dump dotnet-dump analyze ${{ steps.detect-dump.outputs.DUMP_FILE }} -c "clrstack" -c "pe -lines" -c "exit" + - name: Upload Package List + uses: actions/upload-artifact@v3 + # TODO: if: ${{ env.IS_PR == false }} + with: + name: nuget-list + if-no-files-found: error + path: | + ${{ github.workspace }}/.github/workflows/SignClientFileList.txt + # if we're not doing a PR build then we upload our packages so we can sign as a separate job. - name: Upload Packages as Artifacts uses: actions/upload-artifact@v3 @@ -224,15 +233,17 @@ jobs: platform: [WinUI2, WinUI3] steps: - # TODO: Just upload/download file list file to build artifact as in example? - - name: Checkout Repository - uses: actions/checkout@v3 - - name: Install .NET SDK v${{ env.DOTNET_VERSION }} uses: actions/setup-dotnet@v3 with: dotnet-version: ${{ env.DOTNET_VERSION }} + - name: Download Package List + uses: actions/download-artifact@v3 + with: + name: nuget-list + path: ./ + - name: Download built packages for ${{ matrix.platform }} uses: actions/download-artifact@v3 with: @@ -247,7 +258,7 @@ jobs: ./tools/sign code azure-key-vault **/*.nupkg --base-directory "${{ github.workspace }}/packages" - --file-list "${{ github.workspace }}/.github/workflows/SignClientFileList.txt" + --file-list "${{ github.workspace }}/SignClientFileList.txt" --timestamp-url "http://timestamp.digicert.com" --publisher-name ".NET Foundation" --description "Windows Community Toolkit" From 9ae3b182a0b0c0a53fe19c32cd2f9704079bc3ad Mon Sep 17 00:00:00 2001 From: michael-hawker <24302614+michael-hawker@users.noreply.github.com> Date: Mon, 21 Aug 2023 10:18:45 -0700 Subject: [PATCH 4/9] Add a fix for having inconsistent version numbers between the WinUI 2 and WinUI 3 Jobs --- .github/workflows/build.yml | 11 +++++++++-- tooling | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5dde47e9..d80f12d3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -24,6 +24,7 @@ env: COREHOST_TRACEFILE: corehosttrace.log MULTI_TARGET_DIRECTORY: tooling/MultiTarget HEADS_DIRECTORY: tooling/ProjectHeads + COMMIT_DATE: ${{ github.event.repository.updated_at }} IS_MAIN: ${{ github.ref == 'refs/heads/main' }} IS_PR: ${{ startsWith(github.ref, 'refs/pull/') }} IS_RELEASE: ${{ startsWith(github.ref, 'refs/heads/rel/') }} @@ -127,13 +128,19 @@ jobs: working-directory: ./${{ env.MULTI_TARGET_DIRECTORY }} run: powershell -version 5.1 -command "./UseUnoWinUI.ps1 3" -ErrorAction Stop + # TODO: On Release we should get date from rel/ branch name + - name: Format Date/Time of Commit for Package Version + id: version-date + run: | + echo "VERSION_DATE=$(Get-Date $env:COMMIT_DATE -Format 'yyMMdd')" >> $env:GITHUB_OUTPUT + - name: MSBuild - run: msbuild.exe CommunityToolkit.AllComponents.sln /restore /nowarn:MSB4011 -p:Configuration=Release -m ${{ env.VERSION_PROPERTY }} ${{ env.ENABLE_DIAGNOSTICS == 'true' && '/bl' || '' }} -v:${{ env.MSBUILD_VERBOSITY }} + run: msbuild.exe CommunityToolkit.AllComponents.sln /restore /nowarn:MSB4011 -p:Configuration=Release -m -p:DateForVersion=${{ steps.version-date.outputs.VERSION_DATE }} ${{ env.VERSION_PROPERTY }} ${{ env.ENABLE_DIAGNOSTICS == 'true' && '/bl' || '' }} -v:${{ env.MSBUILD_VERBOSITY }} # Build All Packages - name: pack experiments working-directory: ./tooling/Scripts/ - run: ./PackEachExperiment.ps1 -extraBuildProperties "${{ env.VERSION_PROPERTY }}" + run: ./PackEachExperiment.ps1 -extraBuildProperties "-p:DateForVersion=${{ steps.version-date.outputs.VERSION_DATE }} ${{ env.VERSION_PROPERTY }}" # Push Pull Request Packages to our DevOps Artifacts Feed (see nuget.config) - name: Push Pull Request Packages diff --git a/tooling b/tooling index 3e4623ec..1eec3fb0 160000 --- a/tooling +++ b/tooling @@ -1 +1 @@ -Subproject commit 3e4623ecc9575eb60a7535aae61ea538cde83059 +Subproject commit 1eec3fb087aa7effc96675eab8755776bd54c9b4 From 486231a468a5845c229711892a87be29a4041f68 Mon Sep 17 00:00:00 2001 From: michael-hawker <24302614+michael-hawker@users.noreply.github.com> Date: Mon, 21 Aug 2023 11:34:38 -0700 Subject: [PATCH 5/9] Use git log to get date of commit --- .github/workflows/build.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d80f12d3..3d625a05 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -24,7 +24,6 @@ env: COREHOST_TRACEFILE: corehosttrace.log MULTI_TARGET_DIRECTORY: tooling/MultiTarget HEADS_DIRECTORY: tooling/ProjectHeads - COMMIT_DATE: ${{ github.event.repository.updated_at }} IS_MAIN: ${{ github.ref == 'refs/heads/main' }} IS_PR: ${{ startsWith(github.ref, 'refs/pull/') }} IS_RELEASE: ${{ startsWith(github.ref, 'refs/heads/rel/') }} @@ -132,7 +131,7 @@ jobs: - name: Format Date/Time of Commit for Package Version id: version-date run: | - echo "VERSION_DATE=$(Get-Date $env:COMMIT_DATE -Format 'yyMMdd')" >> $env:GITHUB_OUTPUT + echo "VERSION_DATE=$(git log -1 --format=%cd --date=format:%y%m%d)" >> $env:GITHUB_OUTPUT - name: MSBuild run: msbuild.exe CommunityToolkit.AllComponents.sln /restore /nowarn:MSB4011 -p:Configuration=Release -m -p:DateForVersion=${{ steps.version-date.outputs.VERSION_DATE }} ${{ env.VERSION_PROPERTY }} ${{ env.ENABLE_DIAGNOSTICS == 'true' && '/bl' || '' }} -v:${{ env.MSBUILD_VERBOSITY }} From b4bc1cb8b7c507bb3962b7eb53dc2978b7a0418e Mon Sep 17 00:00:00 2001 From: michael-hawker <24302614+michael-hawker@users.noreply.github.com> Date: Mon, 21 Aug 2023 12:09:31 -0700 Subject: [PATCH 6/9] Update to push date back to env and better combine msbuild properties for pack command --- .github/workflows/build.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3d625a05..ed15886b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -69,7 +69,7 @@ jobs: # faux-ternary expression to select which platforms to build for each platform vs. duplicating step below. TARGET_PLATFORMS: ${{ matrix.platform != 'WinUI3' && 'all' || 'all-uwp' }} TEST_PLATFORM: ${{ matrix.platform != 'WinUI3' && 'UWP' || 'WinAppSdk' }} - VERSION_PROPERTY: ${{ github.ref == 'refs/heads/main' && format('-p:PreviewVersion=build.{0}', github.run_number) || format('-p:PreviewVersion=pull-{0}.{1}', github.event.number, github.run_number) }} + VERSION_PROPERTY: ${{ github.ref == 'refs/heads/main' && format('PreviewVersion=build.{0}', github.run_number) || format('PreviewVersion=pull-{0}.{1}', github.event.number, github.run_number) }} # Steps represent a sequence of tasks that will be executed as part of the job steps: @@ -127,19 +127,18 @@ jobs: working-directory: ./${{ env.MULTI_TARGET_DIRECTORY }} run: powershell -version 5.1 -command "./UseUnoWinUI.ps1 3" -ErrorAction Stop - # TODO: On Release we should get date from rel/ branch name - name: Format Date/Time of Commit for Package Version - id: version-date + if: ${{ env.IS_RELEASE == 'false' }} run: | - echo "VERSION_DATE=$(git log -1 --format=%cd --date=format:%y%m%d)" >> $env:GITHUB_OUTPUT + echo "VERSION_DATE=$(git log -1 --format=%cd --date=format:%y%m%d)" >> $env:GITHUB_ENV - name: MSBuild - run: msbuild.exe CommunityToolkit.AllComponents.sln /restore /nowarn:MSB4011 -p:Configuration=Release -m -p:DateForVersion=${{ steps.version-date.outputs.VERSION_DATE }} ${{ env.VERSION_PROPERTY }} ${{ env.ENABLE_DIAGNOSTICS == 'true' && '/bl' || '' }} -v:${{ env.MSBUILD_VERBOSITY }} + run: msbuild.exe CommunityToolkit.AllComponents.sln /restore /nowarn:MSB4011 -p:Configuration=Release -m -p:DateForVersion=${{ env.VERSION_DATE }};${{ env.VERSION_PROPERTY }}; ${{ env.ENABLE_DIAGNOSTICS == 'true' && '/bl' || '' }} -v:${{ env.MSBUILD_VERBOSITY }} # Build All Packages - name: pack experiments working-directory: ./tooling/Scripts/ - run: ./PackEachExperiment.ps1 -extraBuildProperties "-p:DateForVersion=${{ steps.version-date.outputs.VERSION_DATE }} ${{ env.VERSION_PROPERTY }}" + run: ./PackEachExperiment.ps1 -extraBuildProperties "-p:DateForVersion=${{ env.VERSION_DATE }};${{ env.VERSION_PROPERTY }};" # Push Pull Request Packages to our DevOps Artifacts Feed (see nuget.config) - name: Push Pull Request Packages From a097e0efcf7c5b84a2d2ce8f45cf8a2e37935e19 Mon Sep 17 00:00:00 2001 From: michael-hawker <24302614+michael-hawker@users.noreply.github.com> Date: Mon, 21 Aug 2023 14:31:58 -0700 Subject: [PATCH 7/9] Pass in date and version more explicitly to msbuild and powershell pack script --- .github/workflows/build.yml | 14 +++++++++++--- tooling | 2 +- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ed15886b..9d6b80fa 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -69,7 +69,7 @@ jobs: # faux-ternary expression to select which platforms to build for each platform vs. duplicating step below. TARGET_PLATFORMS: ${{ matrix.platform != 'WinUI3' && 'all' || 'all-uwp' }} TEST_PLATFORM: ${{ matrix.platform != 'WinUI3' && 'UWP' || 'WinAppSdk' }} - VERSION_PROPERTY: ${{ github.ref == 'refs/heads/main' && format('PreviewVersion=build.{0}', github.run_number) || format('PreviewVersion=pull-{0}.{1}', github.event.number, github.run_number) }} + VERSION_PROPERTY: ${{ github.ref == 'refs/heads/main' && format('build.{0}', github.run_number) || format('pull-{0}.{1}', github.event.number, github.run_number) }} # Steps represent a sequence of tasks that will be executed as part of the job steps: @@ -133,12 +133,20 @@ jobs: echo "VERSION_DATE=$(git log -1 --format=%cd --date=format:%y%m%d)" >> $env:GITHUB_ENV - name: MSBuild - run: msbuild.exe CommunityToolkit.AllComponents.sln /restore /nowarn:MSB4011 -p:Configuration=Release -m -p:DateForVersion=${{ env.VERSION_DATE }};${{ env.VERSION_PROPERTY }}; ${{ env.ENABLE_DIAGNOSTICS == 'true' && '/bl' || '' }} -v:${{ env.MSBUILD_VERBOSITY }} + run: > + msbuild.exe /restore /nowarn:MSB4011 + /p:Configuration=Release + /m + /p:DateForVersion=${{ env.VERSION_DATE }} + /p:PreviewVersion=${{ env.VERSION_PROPERTY }} + ${{ env.ENABLE_DIAGNOSTICS == 'true' && '/bl' || '' }} + /v:${{ env.MSBUILD_VERBOSITY }} + CommunityToolkit.AllComponents.sln # Build All Packages - name: pack experiments working-directory: ./tooling/Scripts/ - run: ./PackEachExperiment.ps1 -extraBuildProperties "-p:DateForVersion=${{ env.VERSION_DATE }};${{ env.VERSION_PROPERTY }};" + run: ./PackEachExperiment.ps1 -date ${{ env.VERSION_DATE }} -postfix ${{ env.VERSION_PROPERTY }} # Push Pull Request Packages to our DevOps Artifacts Feed (see nuget.config) - name: Push Pull Request Packages diff --git a/tooling b/tooling index 1eec3fb0..50a20f18 160000 --- a/tooling +++ b/tooling @@ -1 +1 @@ -Subproject commit 1eec3fb087aa7effc96675eab8755776bd54c9b4 +Subproject commit 50a20f186b4451a5400ee6821c8687dcae21de71 From b98da09f489c8d4a7420caf652c2425a3b248ae9 Mon Sep 17 00:00:00 2001 From: michael-hawker <24302614+michael-hawker@users.noreply.github.com> Date: Mon, 21 Aug 2023 16:32:27 -0700 Subject: [PATCH 8/9] Add conditionals to only run Signing/Release steps at the correct times Update Tooling Module Semver regex tested locally --- .github/workflows/build.yml | 28 ++++++++++++++++++---------- tooling | 2 +- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9d6b80fa..85352e52 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -67,7 +67,7 @@ jobs: env: # faux-ternary expression to select which platforms to build for each platform vs. duplicating step below. - TARGET_PLATFORMS: ${{ matrix.platform != 'WinUI3' && 'all' || 'all-uwp' }} + TARGET_PLATFORMS: all TEST_PLATFORM: ${{ matrix.platform != 'WinUI3' && 'UWP' || 'WinAppSdk' }} VERSION_PROPERTY: ${{ github.ref == 'refs/heads/main' && format('build.{0}', github.run_number) || format('pull-{0}.{1}', github.event.number, github.run_number) }} @@ -132,6 +132,15 @@ jobs: run: | echo "VERSION_DATE=$(git log -1 --format=%cd --date=format:%y%m%d)" >> $env:GITHUB_ENV + # Semver regex: https://regex101.com/r/Ly7O1x/3/ + - name: Format Date/Time of Release Package Version + if: ${{ env.IS_RELEASE == 'true' }} + run: | + $ref = "${{ github.ref }}" + $ref -match "^refs/heads/rel/(?0|[1-9]\d*)\.(?0|[1-9]\d*)\.(?0|[1-9]\d*)(?:-(?(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+(?[0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$" + echo "VERSION_DATE=$($matches['patch'])" >> $env:GITHUB_ENV + echo "VERSION_PROPERTY=$($matches['prerelease'])" >> $env:GITHUB_ENV + - name: MSBuild run: > msbuild.exe /restore /nowarn:MSB4011 @@ -150,7 +159,7 @@ jobs: # Push Pull Request Packages to our DevOps Artifacts Feed (see nuget.config) - name: Push Pull Request Packages - if: ${{ env.IS_PR }} + if: ${{ env.IS_PR == 'true' }} run: | dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-PullRequests/nuget/v3/index.json ` --name PullRequests ` @@ -216,7 +225,7 @@ jobs: - name: Upload Package List uses: actions/upload-artifact@v3 - # TODO: if: ${{ env.IS_PR == false }} + if: ${{ env.IS_PR == 'false' }} with: name: nuget-list if-no-files-found: error @@ -226,7 +235,7 @@ jobs: # if we're not doing a PR build then we upload our packages so we can sign as a separate job. - name: Upload Packages as Artifacts uses: actions/upload-artifact@v3 - # TODO: if: ${{ env.IS_PR == false }} + if: ${{ env.IS_PR == 'false' }} with: name: nuget-packages-${{ matrix.platform }} if-no-files-found: error @@ -235,7 +244,7 @@ jobs: sign: needs: [build] - # TODO: if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/rel/') }} + if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/rel/') }} runs-on: windows-latest permissions: id-token: write # Required for requesting the JWT @@ -283,17 +292,16 @@ jobs: --azure-key-vault-certificate "${{ secrets.SIGN_CERTIFICATE }}" --verbosity Information - # TODO: For now push to PR feed so we can validate if any of this works... change to MainLatest after - name: Push Signed Packages run: | - dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-PullRequests/nuget/v3/index.json ` - --name PullRequests ` + dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-MainLatest/nuget/v3/index.json ` + --name MainLatest ` --username dummy --password ${{ secrets.DEVOPS_PACKAGE_PUSH_TOKEN }} - dotnet nuget push "**/*.nupkg" --api-key dummy --source PullRequests --skip-duplicate + dotnet nuget push "**/*.nupkg" --api-key dummy --source MainLatest --skip-duplicate - name: Upload Signed Packages as Artifacts (for release) uses: actions/upload-artifact@v3 - # TODO: if: ${{ env.IS_RELEASE }} + if: ${{ env.IS_RELEASE == 'true' }} with: name: signed-nuget-packages-${{ matrix.platform }} if-no-files-found: error diff --git a/tooling b/tooling index 50a20f18..d8230e99 160000 --- a/tooling +++ b/tooling @@ -1 +1 @@ -Subproject commit 50a20f186b4451a5400ee6821c8687dcae21de71 +Subproject commit d8230e99d43c67f31b014583c769d5192832afed From 175edabe43f40a85aaadcdbc188b5b4913f999f9 Mon Sep 17 00:00:00 2001 From: michael-hawker <24302614+michael-hawker@users.noreply.github.com> Date: Tue, 22 Aug 2023 09:37:22 -0700 Subject: [PATCH 9/9] Exclude pushing packages to PR feed if from a fork (won't have secret) --- .github/workflows/build.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 85352e52..16c75404 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -158,8 +158,8 @@ jobs: run: ./PackEachExperiment.ps1 -date ${{ env.VERSION_DATE }} -postfix ${{ env.VERSION_PROPERTY }} # Push Pull Request Packages to our DevOps Artifacts Feed (see nuget.config) - - name: Push Pull Request Packages - if: ${{ env.IS_PR == 'true' }} + - name: Push Pull Request Packages (if not fork) + if: ${{ env.IS_PR == 'true' && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }} run: | dotnet nuget add source https://pkgs.dev.azure.com/dotnet/CommunityToolkit/_packaging/CommunityToolkit-PullRequests/nuget/v3/index.json ` --name PullRequests ` @@ -232,10 +232,10 @@ jobs: path: | ${{ github.workspace }}/.github/workflows/SignClientFileList.txt - # if we're not doing a PR build then we upload our packages so we can sign as a separate job. + # if we're not doing a PR build (or it's a PR from a fork) then we upload our packages so we can sign as a separate job or have available to test. - name: Upload Packages as Artifacts uses: actions/upload-artifact@v3 - if: ${{ env.IS_PR == 'false' }} + if: ${{ env.IS_PR == 'false' || github.event.pull_request.head.repo.full_name != github.repository }} with: name: nuget-packages-${{ matrix.platform }} if-no-files-found: error