11name : Build and Publish
22
33on :
4- push :
5- tags :
6- - ' *'
7- workflow_dispatch :
4+ release :
5+ types : [created]
86
97env :
108 BUILD_CONFIGURATION : Release
119 DOTNET_VERSION : ' 9.x'
10+ VERSION : ${{ github.ref_name }}
1211
1312jobs :
1413 build-sign-publish :
15- runs-on : windows -latest
14+ runs-on : ubuntu -latest
1615 environment : nuget-org-publish
1716 permissions :
1817 id-token : write
@@ -29,108 +28,28 @@ jobs:
2928 with :
3029 dotnet-version : ${{ env.DOTNET_VERSION }}
3130
32- - name : Get version from tag
33- id : version
34- shell : pwsh
35- run : |
36- $version = "${{ github.ref_name }}"
37- Write-Host "Version: $version"
38- echo "version=$version" >> $env:GITHUB_OUTPUT
39-
4031 - name : Build
4132 run : |
42- dotnet build Infragistics.QueryBuilder.Executor.csproj `
43- -c ${{ env.BUILD_CONFIGURATION }} `
44- /p:Version=${{ steps.version.outputs.version }}
45-
46- name : Setup Code Signing Certificate
47- run : |
48- Write-Host "Setting up code signing certificate from GitHub secrets..."
49-
50- # Create certificate file from secret (base64 encoded)
51- $certBytes = [Convert]::FromBase64String("${{ secrets.SIGNING_CERTIFICATE_2023_2026 }}")
52- [System.IO.File]::WriteAllBytes("${{ runner.temp }}\certificate.pfx", $certBytes)
53- Write-Host "Certificate written to: $certPath"
54- shell : pwsh
33+ dotnet build Infragistics.QueryBuilder.Executor.csproj -c ${BUILD_CONFIGURATION} /p:Version=${{env.VERSION }}
5534
56- - name : Sign all DLL files
57- continue-on-error : true
58- shell : pwsh
35+ name : Restore signing certificate
5936 env :
60- CERT_PASS : ${{ secrets.SIGNING_CERTIFICATE_PASSWORD }}
61- TIMESTAMP_URL : ${{ vars.SIGNING_CERTIFICATE_TIMESTAMP_URL }}
37+ SIGNING_CERTIFICATE_2023_2026 : ${{ secrets.SIGNING_CERTIFICATE_2023_2026 }}
6238 run : |
63- $dllFolder = "${{ github.workspace }}\bin\${{ env.BUILD_CONFIGURATION }}\net9.0"
64- $certPath = "${{ runner.temp }}\certificate.pfx"
65- Write-Host "Signing DLLs in folder: $dllFolder"
66-
67- # Find the latest signtool.exe
68- Write-Host "##[section]Starting search for signtool.exe at $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss.fff')"
69-
70- $signtoolPath = $null
71- $searchPaths = @(
72- "C:\Program Files (x86)\Windows Kits\10\bin\*\x64\signtool.exe",
73- "C:\Program Files (x86)\Windows Kits\10\bin\*\x86\signtool.exe",
74- "C:\Program Files (x86)\Microsoft SDKs\Windows\*\bin\*\signtool.exe",
75- "C:\Program Files (x86)\Microsoft SDKs\Windows\*\bin\signtool.exe"
76- )
77-
78- foreach ($searchPath in $searchPaths) {
79- $foundPaths = Get-ChildItem -Path $searchPath -ErrorAction SilentlyContinue | Sort-Object -Property FullName -Descending
80- if ($foundPaths) {
81- $signtoolPath = $foundPaths[0].FullName
82- break
83- }
84- }
85-
86- if (-not $signtoolPath) {
87- Write-Error "signtool.exe not found in any of the well-known locations"
88- exit 1
89- }
90-
91- Write-Host "##[section]Found signtool.exe at $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss.fff')"
92- Write-Host "Using signtool at: $signtoolPath"
93-
94- $dllFiles = Get-ChildItem -Path $dllFolder -Filter *.dll -Recurse
95- foreach ($dll in $dllFiles) {
96- Write-Host "Signing $($dll.FullName)..."
97- & $signtoolPath sign /f $certPath /p $env:CERT_PASS /tr $env:TIMESTAMP_URL /td sha256 /fd sha256 $dll.FullName
98-
99- if ($LASTEXITCODE -ne 0) {
100- Write-Error "Signing failed for $($dll.FullName)"
101- exit 1
102- }
103- }
39+ echo $SIGNING_CERTIFICATE_2023_2026 | base64 --decode > signingcert.pfx
10440
41+ # NB: We are removing the DLL signing process as it can cause slow DLL loading time in air-gapped scenarios.
42+ # We can put it back in case it is important for a specific usecase - then the signed DLLs should somehow be separated from the unsigned ones.
43+
10544 - name : Pack NuGet package
106- shell : pwsh
107- run : |
108- $packageOutputDir = "${{ github.workspace }}\nupkg"
109- $packageVersion = "${{ steps.version.outputs.version }}"
110-
111- Write-Host "Packing project from existing build output..."
112- dotnet pack ./Infragistics.QueryBuilder.Executor.csproj `
113- --no-build `
114- --configuration ${{ env.BUILD_CONFIGURATION }} `
115- -p:PackageVersion=$packageVersion `
116- -o $packageOutputDir
117-
118- if ($LASTEXITCODE -ne 0) {
119- Write-Error "dotnet pack failed"
120- exit 1
121- }
45+ run : dotnet pack ./Infragistics.QueryBuilder.Executor.csproj --no-build --no-restore --configuration ${BUILD_CONFIGURATION} -p:PackageVersion=${VERSION} -o "${{ github.workspace }}/nupkg"
12246
12347 - name : Sign NuGet package (using dotnet nuget sign)
12448 shell : pwsh
12549 env :
12650 SIGNING_CERTIFICATE_PASSWORD : ${{ secrets.SIGNING_CERTIFICATE_PASSWORD }}
12751 SIGNING_CERTIFICATE_TIMESTAMP_URL : ${{ vars.SIGNING_CERTIFICATE_TIMESTAMP_URL }}
128- run : |
129- $certPath = Join-Path "${{ runner.temp }}" "certificate.pfx"
130- $nupkgPath = "${{ github.workspace }}\nupkg\*.nupkg"
131-
132- dotnet nuget sign $nupkgPath --certificate-path $certPath --certificate-password "$env:SIGNING_CERTIFICATE_PASSWORD" --timestamper "$env:SIGNING_CERTIFICATE_TIMESTAMP_URL" --overwrite
133-
52+ run : dotnet nuget sign "${{ github.workspace }}/nupkg/*.nupkg" --certificate-path signingcert.pfx--certificate-password "${SIGNING_CERTIFICATE_PASSWORD}" --timestamper "${SIGNING_CERTIFICATE_TIMESTAMP_URL}" --overwrite
13453
13554 - name : NuGet login (OIDC Trusted Publishing)
13655 uses : nuget/login@v1
@@ -140,11 +59,7 @@ jobs:
14059
14160 - name : Publish to NuGet.org
14261 shell : pwsh
143- run : |
144- $packageVersion = "${{ steps.version.outputs.version }}"
145-
146- dotnet nuget push ${{ github.workspace }}/nupkg/Infragistics.QueryBuilder.Executor.$packageVersion.nupkg --api-key ${{ steps.nuget-login.outputs.NUGET_API_KEY }} --source "https://api.nuget.org/v3/index.json"
147-
62+ run : dotnet nuget push ${{ github.workspace }}/nupkg/Infragistics.QueryBuilder.Executor.${VERSION}.nupkg --api-key ${{ steps.nuget-login.outputs.NUGET_API_KEY }} --source "https://api.nuget.org/v3/index.json"
14863
14964 - name : Clean up certificate
15065 if : always()
0 commit comments