-
Notifications
You must be signed in to change notification settings - Fork 46
256 lines (250 loc) · 11.9 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
name: Release
on:
push:
branches:
- master
- release-*
tags:
- '[0-9]+.[0-9]+.[0-9]+'
- '[0-9]+.[0-9]+.[0-9]+-*'
pull_request:
workflow_dispatch:
env:
DOTNET_NOLOGO: true
jobs:
windows:
if: ${{ github.actor != 'dependabot[bot]' }}
runs-on: windows-2022
steps:
- name: Check for secrets
env:
SECRETS_AVAILABLE: ${{ secrets.SECRETS_AVAILABLE }}
shell: pwsh
run: exit $(If ($env:SECRETS_AVAILABLE -eq 'true') { 0 } Else { 1 })
- name: Checkout
uses: actions/checkout@v4.1.7
with:
fetch-depth: 0
- name: Setup .NET SDK
uses: actions/setup-dotnet@v4.0.1
with:
dotnet-version: 8.0.x
- name: Download RavenDB Server
shell: pwsh
run: ./tools/download-ravendb-server.ps1
- name: Build
run: dotnet build src --configuration Release -graph --property:WindowsSelfContained=true
- name: Validate build version
if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }}
uses: ./.github/actions/validate-version
with:
version: ${{ env.MinVerVersion }}
- name: Build ServiceControl Management
run: dotnet publish src\ServiceControl.Config\ServiceControl.Config.csproj --no-build --output assets --property:WindowsSelfContained=true
- name: Create PowerShell module catalog
run: New-FileCatalog -Path deploy\PowerShellModules\Particular.ServiceControl.Management -CatalogFilePath deploy\PowerShellModules\Particular.ServiceControl.Management\Particular.ServiceControl.Management.cat -CatalogVersion 2.0
- name: Install AzureSignTool
run: dotnet tool install --global azuresigntool
- name: Sign ServiceControl Management EXE
run: |
AzureSignTool sign `
--file-digest sha256 `
--timestamp-rfc3161 http://timestamp.digicert.com `
--azure-key-vault-url https://particularcodesigning.vault.azure.net `
--azure-key-vault-client-id ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }} `
--azure-key-vault-tenant-id ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }} `
--azure-key-vault-client-secret ${{ secrets.AZURE_KEY_VAULT_CLIENT_SECRET }} `
--azure-key-vault-certificate ${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_NAME }} `
assets\Particular.ServiceControl.exe
- name: Rename ServiceControl Management EXE
run: Rename-Item -Path assets\Particular.ServiceControl.exe -NewName "Particular.ServiceControl-${{ env.MinVerVersion }}.exe"
shell: pwsh
- name: Sign PowerShell module
run: |
AzureSignTool sign `
--file-digest sha256 `
--timestamp-rfc3161 http://timestamp.digicert.com `
--azure-key-vault-url https://particularcodesigning.vault.azure.net `
--azure-key-vault-client-id ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }} `
--azure-key-vault-tenant-id ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }} `
--azure-key-vault-client-secret ${{ secrets.AZURE_KEY_VAULT_CLIENT_SECRET }} `
--azure-key-vault-certificate ${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_NAME }} `
deploy\PowerShellModules\Particular.ServiceControl.Management\Particular.ServiceControl.Management.cat
- name: Zip PowerShell module
run: |
New-Item assets\PowerShellModules -ItemType Directory
Compress-Archive -Path deploy\PowerShellModules\Particular.ServiceControl.Management\* -DestinationPath assets\PowerShellModules\Particular.ServiceControl.Management.zip
- name: Publish assets
uses: actions/upload-artifact@v4.3.3
with:
name: assets
path: assets/*
retention-days: 1
- name: Publish zips
uses: actions/upload-artifact@v4.3.3
with:
name: zips
path: zip/*
retention-days: 1
- name: Build PlatformSample package
run: |
Remove-Item deploy\Particular.ServiceControl* -recurse
dotnet clean src --configuration Release --property:WindowsSelfContained=true
dotnet build src\Particular.PlatformSample.ServiceControl\Particular.PlatformSample.ServiceControl.csproj --configuration Release -graph
shell: pwsh
- name: Sign NuGet packages
uses: Particular/sign-nuget-packages-action@v1.0.0
with:
client-id: ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }}
client-secret: ${{ secrets.AZURE_KEY_VAULT_CLIENT_SECRET }}
certificate-name: ${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_NAME }}
- name: Publish NuGet packages
uses: actions/upload-artifact@v4.3.3
with:
name: nugets
path: nugets/*
retention-days: 1
- name : Verify release artifact counts
shell: pwsh
run: |
$assetsCount = (Get-ChildItem -Recurse -File assets).Count
$nugetsCount = (Get-ChildItem -Recurse -File nugets).Count
$zipCount = (Get-ChildItem -Recurse -File zip).Count
$expectedAssetsCount = 2 # SCMU & PowerShell module
$expectedNugetsCount = 1 # PlatformSample
$expectedZipCount = 5 # ServiceControl, Audit, & Monitoring + Transports & RavenDBServer
if ($assetsCount -ne $expectedAssetsCount)
{
Write-Host Assets: Expected $expectedAssetsCount but found $assetsCount
exit -1
}
if ($nugetsCount -ne $expectedNugetsCount)
{
Write-Host Nugets: Expected $expectedNugetsCount but found $nugetsCount
exit -1
}
if ($expectedZipCount -ne $zipCount)
{
Write-Host Zips: Expected $expectedZipCount but found $zipCount
exit -1
}
- name: Deploy
if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }}
# Does not follow standard practice of targeting explicit versions because configuration is tightly coupled to Octopus Deploy configuration
uses: Particular/push-octopus-package-action@main
with:
octopus-deploy-api-key: ${{ secrets.OCTOPUS_DEPLOY_API_KEY }}
containers:
if: ${{ github.actor != 'dependabot[bot]' }}
runs-on: ubuntu-22.04
name: container-${{ matrix.name }}
defaults:
run:
shell: bash
strategy:
matrix:
include:
- name: servicecontrol
project: ServiceControl
description: ServiceControl error instance
- name: servicecontrol-audit
project: ServiceControl.Audit
description: ServiceControl audit instance
- name: servicecontrol-monitoring
project: ServiceControl.Monitoring
description: ServiceControl monitoring instance
fail-fast: false
steps:
- name: Check for secrets
env:
SECRETS_AVAILABLE: ${{ secrets.SECRETS_AVAILABLE }}
shell: pwsh
run: exit $(If ($env:SECRETS_AVAILABLE -eq 'true') { 0 } Else { 1 })
- name: Checkout
uses: actions/checkout@v4.1.7
with:
fetch-depth: 0
- name: Install MinVer CLI
run: dotnet tool install --global minver-cli
- name: Determine versions
run: echo "MinVerVersion=$(minver)" >> $GITHUB_ENV
- name: Validate build version
if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }}
uses: ./.github/actions/validate-version
with:
version: ${{ env.MinVerVersion }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3.3.0
- name: Log in to GitHub container registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Build & inspect image
env:
TAG_NAME: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || env.MinVerVersion }}
run: |
docker buildx build --push --tag ghcr.io/particular/${{ matrix.name }}:${{ env.TAG_NAME }} \
--file src/${{ matrix.project }}/Dockerfile \
--build-arg VERSION=${{ env.MinVerVersion }} \
--annotation "index:org.opencontainers.image.title=${{ matrix.name }}" \
--annotation "index:org.opencontainers.image.description=${{ matrix.description }}" \
--annotation "index:org.opencontainers.image.created=$(date '+%FT%TZ')" \
--annotation "index:org.opencontainers.image.revision=${{ github.sha }}" \
--annotation "index:org.opencontainers.image.authors=Particular Software" \
--annotation "index:org.opencontainers.image.vendor=Particular Software" \
--annotation "index:org.opencontainers.image.version=${{ env.MinVerVersion }}" \
--annotation "index:org.opencontainers.image.source=https://github.com/${{ github.repository }}/tree/${{ github.sha }}" \
--annotation "index:org.opencontainers.image.url=https://hub.docker.com/r/particular/${{ matrix.name }}" \
--annotation "index:org.opencontainers.image.documentation=https://docs.particular.net/servicecontrol/" \
--annotation "index:org.opencontainers.image.base.name=mcr.microsoft.com/dotnet/aspnet:8.0" \
--platform linux/arm64,linux/arm,linux/amd64 .
docker buildx imagetools inspect ghcr.io/particular/${{ matrix.name }}:${{ env.TAG_NAME }}
db-containers:
if: ${{ github.actor != 'dependabot[bot]' }}
runs-on: ubuntu-22.04
name: db-containers
defaults:
run:
shell: bash
steps:
- name: Check for secrets
env:
SECRETS_AVAILABLE: ${{ secrets.SECRETS_AVAILABLE }}
shell: pwsh
run: exit $(If ($env:SECRETS_AVAILABLE -eq 'true') { 0 } Else { 1 })
- name: Checkout
uses: actions/checkout@v4.1.7
with:
fetch-depth: 0
- name: Install MinVer CLI
run: dotnet tool install --global minver-cli
- name: Determine versions
run: echo "MinVerVersion=$(minver)" >> $GITHUB_ENV
- name: Validate build version
if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }}
uses: ./.github/actions/validate-version
with:
version: ${{ env.MinVerVersion }}
- name: Log in to GitHub container registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Build images
env:
TAG_NAME: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || env.MinVerVersion }}
shell: pwsh
run: |
Write-Output "Determining RavenDB version from Directory.Packages.props file"
[xml]$packagesFile = Get-Content src/Directory.Packages.props
$RavenVersion = $packagesFile.selectNodes("//Project/ItemGroup/PackageVersion[@Include='RavenDB.Embedded']").Version
if (-not $RavenVersion) { throw "Unable to determine RavenDB server version from Directory.Packages.props" }
Write-Output "Determining container variants to build"
$containers = cat src/ServiceControl.RavenDB/containers.json | ConvertFrom-Json
$containers | ForEach-Object -Process {
$FULLTAG="${{ env.TAG_NAME }}-$($_.tag)"
$BASETAG="$($RavenVersion)-ubuntu.22.04-$($_.tag)"
Write-Output "::group::Building $FULLTAG for architecture $($_.arch) from $BASETAG"
docker build -t ghcr.io/particular/servicecontrol-ravendb:$FULLTAG --file src/ServiceControl.RavenDB/Dockerfile --build-arg VERSION=${{ env.MinVerVersion }} --build-arg BASETAG=$BASETAG --platform linux/$($_.arch) .
Write-Output "::endgroup::"
}
- name: List local images
run: docker images
- name: Push images to GitHub Container registry
run: docker image push --all-tags ghcr.io/particular/servicecontrol-ravendb