Merge pull request #56 from Laerdal/ksidirop/MAN-410-sbom-support #82
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # https://docs.github.com/en/actions/migrating-to-github-actions/automated-migrations/migrating-from-azure-devops-with-github-actions-importer#environment-variable-mapping | |
| # | |
| # bare in mind that variable substitution is not supported in github at all so we cant do stuff like this | |
| # | |
| # env: | |
| # Build_Artifacts_Folderpath: $build_repository_folderpath/Artifacts | |
| # | |
| name: '🏗 📦 Build, Pack & Deploy Nugets' | |
| env: | |
| BUILD_REPOSITORY_FOLDERPATH: ${{ github.workspace }} | |
| LAERDAL_SOURCE_BRANCH: ${{ github.ref }} | |
| LAERDAL_REPOSITORY_PATH: ${{ github.repository }} | |
| # note that its vital that we use our own token here instead of GITHUB_TOKEN that is because access the | |
| # nuget repos of Laerdal.Dfu.Bindings.iOS and Laerdal.Dfu.Bindings.Android which are inaccessible to the GITHUB_TOKEN | |
| SCL_GITHUB_ACCESS_TOKEN: ${{ secrets.SCL_GITHUB_ACCESS_TOKEN }} | |
| SCL_NUGET_ORG_FEED_API_KEY: ${{ secrets.NUGET_ORG_FEED_API_KEY }} | |
| SCL_GITHUB_NUGET_FEED_USERNAME: ${{ secrets.SCL_GITHUB_NUGET_FEED_USERNAME }} | |
| SCL_DEPENDENCY_TRACKER_API_KEY: ${{ secrets.SCL_DEPENDENCY_TRACKER_API_KEY }} | |
| SCL_DEPENDENCY_TRACKER_SERVER_URL: ${{ secrets.SCL_DEPENDENCY_TRACKER_SERVER_URL }} | |
| SCL_DEPENDENCY_TRACKER_SIGNING_PRIVATE_KEY: ${{ secrets.SCL_DEPENDENCY_TRACKER_SIGNING_PRIVATE_KEY }} | |
| on: | |
| workflow_call: # so that other workflows can trigger this | |
| workflow_dispatch: # allows to run this workflow manually from the actions tab | |
| push: | |
| branches: | |
| - '**' # '*' matches zero or more characters but does not match the `/` character '**' matches zero or more of any character | |
| pull_request: # we need to build on pull requests so that we can generate and upload the sbom before merging onto main/develop branches | |
| branches: | |
| - '**' | |
| jobs: | |
| build: | |
| runs-on: 'windows-2022' | |
| timeout-minutes: 20 | |
| steps: | |
| - name: '🔽 Checkout' | |
| uses: 'actions/checkout@v4' | |
| with: | |
| fetch-tags: true # https://github.com/actions/checkout/issues/1471#issuecomment-1771231294 | |
| fetch-depth: 0 | |
| - name: '🛠 Setup Build Environment' | |
| shell: 'bash' | |
| run: | | |
| chmod +x "${{env.BUILD_REPOSITORY_FOLDERPATH}}/Laerdal.Scripts/Laerdal.SetupBuildEnvironment.sh" \ | |
| && \ | |
| "${{env.BUILD_REPOSITORY_FOLDERPATH}}/Laerdal.Scripts/Laerdal.SetupBuildEnvironment.sh" \ | |
| "https://nuget.pkg.github.com/Laerdal/index.json" \ | |
| "${{ env.SCL_GITHUB_NUGET_FEED_USERNAME }}" \ | |
| "${{ env.SCL_GITHUB_ACCESS_TOKEN }}" \ | |
| "${{ env.BUILD_REPOSITORY_FOLDERPATH }}/Artifacts" | |
| # we need to manually install java11 because it is needed by the latest windows vm-images that run on | |
| # msbuild version 17.8.3 that started rolling out around 20 Nov 2023 https://stackoverflow.com/a/77519085/863651 | |
| - name: '🛠 Set Up JDK 11' | |
| uses: 'actions/setup-java@v2' | |
| with: | |
| java-version: '11' | |
| architecture: 'x64' | |
| distribution: 'adopt' | |
| - name: '🏗 📦 Build, Pack & Announce New Release (if appropriate)' | |
| shell: 'bash' | |
| run: | | |
| cd "${{env.BUILD_REPOSITORY_FOLDERPATH}}/Laerdal.Scripts" \ | |
| && \ | |
| echo "${{env.SCL_DEPENDENCY_TRACKER_API_KEY}}" > "./dependency_tracker_api_key.ppk" \ | |
| && \ | |
| echo "${{env.SCL_DEPENDENCY_TRACKER_SIGNING_PRIVATE_KEY}}" > "./dependency_tracker_private_signing_key.ppk" \ | |
| && \ | |
| dotnet \ | |
| msbuild \ | |
| "Laerdal.Builder.targets" \ | |
| \ | |
| -p:PackageOutputPath="${{ env.BUILD_REPOSITORY_FOLDERPATH }}/Artifacts" \ | |
| -p:Laerdal_Source_Branch="${{ env.LAERDAL_SOURCE_BRANCH }}" \ | |
| -p:Laerdal_Repository_Path="${{ env.LAERDAL_REPOSITORY_PATH }}" \ | |
| -p:Laerdal_Github_Access_Token="${{ env.SCL_GITHUB_ACCESS_TOKEN }}" \ | |
| \ | |
| -p:Laerdal_Dependency_Tracker_Server_Url="${{ env.SCL_DEPENDENCY_TRACKER_SERVER_URL }}" \ | |
| -p:Laerdal_Dependency_Tracker_Api_Key_File_Path="${{ env.BUILD_REPOSITORY_FOLDERPATH }}/Laerdal.Scripts/dependency_tracker_api_key.ppk" \ | |
| -p:Laerdal_Dependency_Tracker_Private_Signing_Key_File_Path="${{ env.BUILD_REPOSITORY_FOLDERPATH }}/Laerdal.Scripts/dependency_tracker_private_signing_key.ppk" \ | |
| && \ | |
| rm "./dependency_tracker_private_signing_key.ppk" "./dependency_tracker_api_key.ppk" | |
| - name: '⬆️ Upload Artifacts' # to share with other workflows https://stackoverflow.com/a/77663335/863651 | |
| uses: 'actions/upload-artifact@v4' | |
| with: | |
| name: 'Artifacts' | |
| path: '${{env.BUILD_REPOSITORY_FOLDERPATH}}/Artifacts/**/*' | |
| if-no-files-found: error | |
| - name: '🚀 Publish to the Laerdal Nuget Server on Github' # https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry | |
| shell: 'bash' | |
| if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop' | |
| run: | | |
| cd "${{env.BUILD_REPOSITORY_FOLDERPATH}}/Artifacts/" \ | |
| && \ | |
| ls . \ | |
| && \ | |
| dotnet \ | |
| nuget \ | |
| push \ | |
| --source "https://nuget.pkg.github.com/Laerdal/index.json" \ | |
| --api-key "${{env.SCL_GITHUB_ACCESS_TOKEN}}" \ | |
| *nupkg | |
| - name: '🚀 Publish to the Nuget.org' | |
| shell: 'bash' | |
| if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop' | |
| run: | | |
| cd "${{env.BUILD_REPOSITORY_FOLDERPATH}}/Artifacts/" \ | |
| && \ | |
| ls . \ | |
| && \ | |
| dotnet \ | |
| nuget \ | |
| push \ | |
| --source "https://api.nuget.org/v3/index.json" \ | |
| --api-key "${{env.SCL_NUGET_ORG_FEED_API_KEY}}" \ | |
| *.nupkg |