Update command line usage #670
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #### Build, Test, and Publish #### | |
| # This is the main workflow for the CoseSignTool project. It handles the following events: | |
| # - Pull requests: When a user submits a pull request, or pushes a commit to an existing pull request, this workflow | |
| # - generates a changelog and commits it to the working branch, and then | |
| # - builds and tests the code. | |
| # - Pushes to the main branch: When a user pushes a commit to the main branch, this workflow | |
| # - creates a semantically versioned tag, | |
| # - creates a release with the new tag, and then | |
| # - triggers the release portion of the workflow. | |
| # - Releases: When a user creates a release, or a release is created in response to a push event, this workflow | |
| # - builds, publishes, and zips the outputs, and then | |
| # - uploads the zipped assets to the release. | |
| name: Build, Test, and Publish | |
| on: | |
| pull_request: | |
| branches: [ "*" ] # Trigger on all branches for pull requests. | |
| push: | |
| branches: [ "main" ] # Trigger on pushes to the main branch. | |
| release: | |
| types: [ created ] # Trigger on new releases. | |
| jobs: | |
| #### PULL REQUEST EVENTS #### | |
| # Build and test the code. | |
| build: | |
| name: build-${{matrix.os}} | |
| if: ${{ github.event_name == 'pull_request' }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| include: | |
| - os: windows-latest | |
| dir_command: gci -Recurse | |
| - os: ubuntu-latest | |
| dir_command: ls -a -R | |
| - os: macos-latest | |
| dir_command: ls -a -R | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v3 | |
| with: | |
| dotnet-version: 8.0.x | |
| # Use the Dotnet Test command to load dependencies, build, and test the code. | |
| # We have to run the test projects individually so CoseSignTool.Tests can run under arm64 on the Mac runner. | |
| - name: Build and Test debug | |
| run: | | |
| dotnet build --configuration Debug CoseSignTool.sln | |
| dotnet test --no-restore CoseSign1.Tests/CoseSign1.Tests.csproj | |
| dotnet test --no-restore CoseSign1.Certificates.Tests/CoseSign1.Certificates.Tests.csproj | |
| dotnet test --no-restore CoseSign1.Headers.Tests/CoseSign1.Headers.Tests.csproj | |
| dotnet test --no-restore CoseIndirectSignature.Tests/CoseIndirectSignature.Tests.csproj | |
| dotnet test --no-restore CoseHandler.Tests/CoseHandler.Tests.csproj | |
| dotnet test --no-restore CoseSignTool.Tests/CoseSignTool.Tests.csproj --verbosity detailed | |
| # List the contents of the working directory to make sure all the artifacts are there. | |
| - name: List working directory | |
| run: ${{ matrix.dir_command }} | |
| # Create a changelog that includes all the PRs merged since the last release. | |
| # If it's not a pull request, skip to the build job. | |
| create_changelog: | |
| needs: [ build ] # Wait here so we don't create any race conditions. | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: write | |
| contents: write | |
| deployments: write | |
| packages: write | |
| pull-requests: write | |
| security-events: write | |
| statuses: write | |
| steps: | |
| # Checkout the working branch. | |
| - name: Checkout code | |
| if: ${{ github.event_name == 'pull_request' }} | |
| uses: actions/checkout@v2 | |
| # Sync the changelog version. | |
| - name: Fetch and checkout | |
| if: ${{ github.event_name == 'pull_request' }} | |
| run: | | |
| git config --local user.email "action@github.com" | |
| git config --local user.name "GitHub Action" | |
| echo "Fetch from repository." | |
| git fetch | |
| echo "Undo any user changes to CHANGELOG.md. This is needed because the user's copy becomes obsolete after every checkin." | |
| git reset -- CHANGELOG.md | |
| echo "Checkout the working branch." | |
| git checkout $GITHUB_HEAD_REF | |
| # Generate the new changelog. | |
| - name: Generate changelog | |
| if: ${{ github.event_name == 'pull_request' }} | |
| uses: tj-actions/github-changelog-generator@v1.19 | |
| with: | |
| output: CHANGELOG.md | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| # Commit the changelog. | |
| - name: Commit changelog | |
| if: ${{ github.event_name == 'pull_request' }} | |
| run: | | |
| git add CHANGELOG.md | |
| if git diff-index --quiet HEAD; then | |
| echo "No changes were logged." | |
| else | |
| git commit --allow-empty -m "Update changelog for release" | |
| git push | |
| fi | |
| # Print default message if changelog is not updated. | |
| - name: Print exit message when changelog is not updated | |
| if: ${{ github.event_name != 'pull_request' }} | |
| run: echo "Changelog is already up to date." | |
| #### PUSH EVENTS #### | |
| # Create a semantically versioned release. | |
| # A prerelease is created for every push to the main branch. | |
| # Official releases are created manually on GitHub. | |
| create_release: | |
| name: Create Release | |
| if: ${{ github.event_name == 'push' || github.event_name == 'release'}} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: write | |
| contents: write | |
| deployments: write | |
| packages: write | |
| pull-requests: write | |
| security-events: write | |
| statuses: write | |
| outputs: | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| tag_name: ${{ steps.output_tag_name.outputs.tag_name }} | |
| steps: | |
| # Checkout the main branch and fetch tags. | |
| - name: Checkout code | |
| if: ${{ github.event_name == 'push' }} | |
| uses: actions/checkout@v3 | |
| # Checkout the main branch so we can see the correct tag set. | |
| - name: Fetch and checkout main | |
| if: ${{ github.event_name == 'push' }} | |
| run: | | |
| git config --local user.email "action@github.com" | |
| git config --local user.name "GitHub Action" | |
| git fetch | |
| git checkout main | |
| # Create a semantically versioned tag that increments the last release. | |
| # If the last release is a pre-release, increment the pre-release number, so v1.2.3-pre4 becomes v1.2.3-pre5. | |
| # If the last release is an official release, create a new pre-release, so v1.2.3 becomes v1.2.3-pre1. | |
| - name: Increment pre-release tag | |
| if: ${{ github.event_name == 'push' }} | |
| id: new-tag # Output: ${{ steps.new-tag.outputs.newtag }} | |
| run: | | |
| CURRENT_TAG=$(git tag | sort --version-sort | tail -n1) | |
| echo "Current tag is $CURRENT_TAG" | |
| if [[ $CURRENT_TAG =~ ^v([0-9]+\.[0-9]+\.[0-9]+)(-pre([0-9]+))?$ ]]; then | |
| BASE_VERSION=${BASH_REMATCH[1]} | |
| PRE_VERSION=${BASH_REMATCH[3]} | |
| if [ -z "$PRE_VERSION" ]; then | |
| NEW_TAG="v$BASE_VERSION-pre1" | |
| else | |
| NEW_TAG="v$BASE_VERSION-pre$((PRE_VERSION + 1))" | |
| fi | |
| echo "New tag is $NEW_TAG" | |
| echo "Let's make sure this tag doesn't already exist..." | |
| tries=0 | |
| maxTries=5 | |
| while true; do | |
| echo "This is try $tries" | |
| RESPONSE=$(curl -sl https://api.github.com/repos/microsoft/CoseSignTool/releases/tags/$NEW_TAG) | |
| if [ "$(echo "$RESPONSE" | jq -r '.message')" == "Not Found" ]; then | |
| echo "Tag not found. We're good to go." | |
| break | |
| else | |
| if [ $tries -ge $maxTries ]; then | |
| echo "Max tries reached. Exiting." | |
| exit 1 | |
| fi | |
| echo "Oops! That tag already exists!" | |
| NEW_TAG="${NEW_TAG%-*}-pre$(( ${NEW_TAG##*-pre} + 1 ))" # Increment the prerelease number. | |
| echo "Let's try $NEW_TAG" | |
| tries=$((tries+1)) | |
| fi | |
| done | |
| echo "::set-output name=newtag::$NEW_TAG" | |
| else | |
| echo "Invalid tag format" | |
| exit 1 | |
| fi | |
| # Create the release. This should generate a release event, which will trigger the release_assets job. | |
| - name: Create Release | |
| if: ${{ github.event_name == 'push' }} | |
| id: create_release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| # Get the tag name and release name from the previous step. | |
| tag_name: ${{ steps.new-tag.outputs.newtag }} | |
| release_name: Release ${{ steps.new-tag.outputs.newtag }} | |
| # Generate release text from changelog. | |
| body_path: ./CHANGELOG.md | |
| # Always use prerelease for automated releases. Official releases are created manually. | |
| prerelease: true | |
| # Output the semver tag if it's a push event, or the most recent tag if it's a release event. | |
| - name: Output tag name | |
| id: output_tag_name | |
| run: | | |
| if [ "${{ github.event_name }}" == "push" ]; then | |
| echo "::set-output name=tag_name::${{ steps.new-tag.outputs.newtag }}" | |
| echo "Generated semver tag is ${{ steps.new-tag.outputs.newtag }}." | |
| else | |
| echo "::set-output name=tag_name::${{ github.event.release.tag_name }}" | |
| echo "Current release tag is ${{ github.event.release.tag_name }}." | |
| fi | |
| #### RELEASE EVENTS #### | |
| # Build, publish, and zip the outputs, and then upload them to the release. | |
| # We include the push event and the dependency on create_release to support automatic releases, because | |
| # automatic release creation does not trigger the release event. | |
| release_assets: | |
| name: release-assets | |
| if: ${{ github.event_name == 'release' || github.event_name == 'push'}} | |
| needs: [ create_release ] | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| actions: write | |
| contents: write | |
| deployments: write | |
| packages: write | |
| pull-requests: write | |
| security-events: write | |
| statuses: write | |
| strategy: | |
| matrix: | |
| include: | |
| - os: windows-latest | |
| dir_command: gci -Recurse | |
| zip_command_debug: Compress-Archive -Path ./debug/ -DestinationPath CoseSignTool-Windows-debug.zip | |
| zip_command_release: Compress-Archive -Path ./release/ -DestinationPath CoseSignTool-Windows-release.zip | |
| - os: ubuntu-latest | |
| dir_command: ls -a -R | |
| zip_command_debug: zip -r CoseSignTool-Linux-debug.zip ./debug/ | |
| zip_command_release: zip -r CoseSignTool-Linux-release.zip ./release/ | |
| - os: macos-latest | |
| dir_command: ls -a -R | |
| zip_command_debug: zip -r CoseSignTool-MacOS-debug.zip ./debug/ | |
| zip_command_release: zip -r CoseSignTool-MacOS-release.zip ./release/ | |
| steps: | |
| # Checkout the branch. | |
| - name: Checkout code again | |
| uses: actions/checkout@v3 | |
| # Build and publish the binaries to ./published. | |
| - name: Publish outputs | |
| run: | | |
| dotnet publish --configuration Debug --self-contained true --output published/debug CoseSignTool/CoseSignTool.csproj | |
| dotnet publish --configuration Release --self-contained true --output published/release CoseSignTool/CoseSignTool.csproj | |
| # Self-contained is needed. Must use .csproj instead of .sln. | |
| # Copy the docs, license, and markdown files to the release folders. | |
| - name: Copy docs to release folders | |
| run: | | |
| mkdir -p published/debug/docs | |
| cp -r docs/* published/debug/docs/ | |
| mkdir -p published/release/docs | |
| cp -r docs/* published/release/docs/ | |
| cp -r LICENSE published/debug/ | |
| cp -r LICENSE published/release/ | |
| cp -r *.md published/debug/ | |
| cp -r *.md published/release/ | |
| # Create zip files for release. | |
| - name: Create zip files for the release | |
| run: | | |
| ${{ matrix.zip_command_debug }} | |
| ${{ matrix.zip_command_release }} | |
| working-directory: ./published | |
| # List the contents of the published directory to make sure all the artifacts are there. | |
| - name: List published directory | |
| run: ${{ matrix.dir_command }} | |
| working-directory: ./published | |
| # Upload the zipped assets to the release. | |
| - name: Upload artifacts | |
| uses: svenstaro/upload-release-action@v2 | |
| with: | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| file: ./published/CoseSignTool-*.zip | |
| file_glob: true | |
| overwrite: true | |
| tag: ${{ needs.create_release.outputs.tag_name }} |