mirror of
https://github.com/Smaug123/WoofWare.Myriad
synced 2025-10-05 20:18:43 +00:00
354 lines
12 KiB
YAML
354 lines
12 KiB
YAML
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/github-workflow.json
|
|
name: .NET
|
|
|
|
on:
|
|
push:
|
|
branches: [ main ]
|
|
pull_request:
|
|
branches: [ main ]
|
|
|
|
env:
|
|
DOTNET_NOLOGO: true
|
|
DOTNET_CLI_TELEMETRY_OPTOUT: true
|
|
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
|
|
NUGET_XMLDOC_MODE: ''
|
|
DOTNET_MULTILEVEL_LOOKUP: 0
|
|
|
|
jobs:
|
|
build:
|
|
strategy:
|
|
matrix:
|
|
config:
|
|
- Release
|
|
- Debug
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0 # so that NerdBank.GitVersioning has access to history
|
|
- name: Install Nix
|
|
uses: cachix/install-nix-action@v29
|
|
with:
|
|
extra_nix_config: |
|
|
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
|
- name: Restore dependencies
|
|
run: nix develop --command dotnet restore
|
|
- name: Build
|
|
run: nix develop --command dotnet build --no-restore --configuration ${{matrix.config}}
|
|
- name: Test
|
|
run: nix develop --command dotnet test --no-build --verbosity normal --configuration ${{matrix.config}}
|
|
|
|
analyzers:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
security-events: write
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0 # so that NerdBank.GitVersioning has access to history
|
|
- name: Install Nix
|
|
uses: cachix/install-nix-action@v29
|
|
with:
|
|
extra_nix_config: |
|
|
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
|
- name: Prepare analyzers
|
|
run: nix develop --command dotnet restore analyzers/analyzers.fsproj
|
|
- name: Build project
|
|
run: nix develop --command dotnet build ./WoofWare.Myriad.Plugins/WoofWare.Myriad.Plugins.fsproj
|
|
- name: Run analyzers
|
|
run: nix run .#fsharp-analyzers -- --project ./WoofWare.Myriad.Plugins/WoofWare.Myriad.Plugins.fsproj --analyzers-path ./.analyzerpackages/g-research.fsharp.analyzers/*/ --verbosity detailed --report ./analysis.sarif --treat-as-error GRA-STRING-001 GRA-STRING-002 GRA-STRING-003 GRA-UNIONCASE-001 GRA-INTERPOLATED-001 GRA-TYPE-ANNOTATE-001 GRA-VIRTUALCALL-001 GRA-IMMUTABLECOLLECTIONEQUALITY-001 GRA-JSONOPTS-001 GRA-LOGARGFUNCFULLAPP-001 GRA-DISPBEFOREASYNC-001 --exclude-analyzers PartialAppAnalyzer
|
|
|
|
build-nix:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
- name: Install Nix
|
|
uses: cachix/install-nix-action@v29
|
|
with:
|
|
extra_nix_config: |
|
|
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
|
- name: Build
|
|
run: nix build
|
|
- name: Reproducibility check
|
|
run: nix build --rebuild
|
|
|
|
check-dotnet-format:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
- name: Install Nix
|
|
uses: cachix/install-nix-action@v29
|
|
with:
|
|
extra_nix_config: |
|
|
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
|
- name: Run Fantomas
|
|
run: nix run .#fantomas -- --check .
|
|
|
|
check-accurate-generations:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0 # so that NerdBank.GitVersioning has access to history
|
|
- name: Install Nix
|
|
uses: cachix/install-nix-action@v29
|
|
with:
|
|
extra_nix_config: |
|
|
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
|
- name: Whitespace change
|
|
run: "echo ' ' >> ConsumePlugin/List.fs"
|
|
- name: Generate code
|
|
run: nix develop --command dotnet build
|
|
- name: Run Fantomas
|
|
run: nix run .#fantomas -- .
|
|
- name: Verify there is no diff
|
|
run: git diff --name-only --no-color --exit-code
|
|
|
|
check-nix-format:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
- name: Install Nix
|
|
uses: cachix/install-nix-action@v29
|
|
with:
|
|
extra_nix_config: |
|
|
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
|
- name: Run Alejandra
|
|
run: nix develop --command alejandra --check .
|
|
|
|
linkcheck:
|
|
name: Check links
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@master
|
|
- name: Install Nix
|
|
uses: cachix/install-nix-action@v29
|
|
with:
|
|
extra_nix_config: |
|
|
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
|
- name: Run link checker
|
|
run: nix develop --command markdown-link-check README.md CONTRIBUTING.md
|
|
|
|
flake-check:
|
|
name: Check flake
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@master
|
|
- name: Install Nix
|
|
uses: cachix/install-nix-action@v29
|
|
with:
|
|
extra_nix_config: |
|
|
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
|
- name: Flake check
|
|
run: nix flake check
|
|
|
|
nuget-pack:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0 # so that NerdBank.GitVersioning has access to history
|
|
- name: Install Nix
|
|
uses: cachix/install-nix-action@v29
|
|
with:
|
|
extra_nix_config: |
|
|
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
|
- name: Restore dependencies
|
|
run: nix develop --command dotnet restore
|
|
- name: Build
|
|
run: nix develop --command dotnet build --no-restore --configuration Release
|
|
- name: Pack
|
|
run: nix develop --command dotnet pack --configuration Release
|
|
- name: Upload NuGet artifact (plugin)
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: nuget-package-plugin
|
|
path: WoofWare.Myriad.Plugins/bin/Release/WoofWare.Myriad.Plugins.*.nupkg
|
|
- name: Upload NuGet artifact (attributes)
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: nuget-package-attribute
|
|
path: WoofWare.Myriad.Plugins.Attributes/bin/Release/WoofWare.Myriad.Plugins.Attributes.*.nupkg
|
|
|
|
expected-pack:
|
|
needs: [nuget-pack]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Download NuGet artifact (plugin)
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: nuget-package-plugin
|
|
path: packed-plugin
|
|
- name: Check NuGet contents
|
|
# Verify that there is exactly one nupkg in the artifact that would be NuGet published
|
|
run: if [[ $(find packed-plugin -maxdepth 1 -name 'WoofWare.Myriad.Plugins.*.nupkg' -printf c | wc -c) -ne "1" ]]; then exit 1; fi
|
|
- name: Download NuGet artifact (attributes)
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: nuget-package-attribute
|
|
path: packed-attribute
|
|
- name: Check NuGet contents
|
|
# Verify that there is exactly one nupkg in the artifact that would be NuGet published
|
|
run: if [[ $(find packed-attribute -maxdepth 1 -name 'WoofWare.Myriad.Plugins.Attributes.*.nupkg' -printf c | wc -c) -ne "1" ]]; then exit 1; fi
|
|
|
|
github-release-plugin-dry-run:
|
|
needs: [nuget-pack]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Download NuGet artifact (plugin)
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: nuget-package-plugin
|
|
- name: Download NuGet artifact (attribute)
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: nuget-package-attribute
|
|
- name: Tag and release plugin
|
|
env:
|
|
DRY_RUN: 1
|
|
GITHUB_TOKEN: mock-token
|
|
run: sh .github/workflows/tag.sh
|
|
|
|
all-required-checks-complete:
|
|
needs: [check-dotnet-format, check-nix-format, check-accurate-generations, build, build-nix, linkcheck, flake-check, analyzers, nuget-pack, expected-pack, github-release-plugin-dry-run]
|
|
if: ${{ always() }}
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: G-Research/common-actions/check-required-lite@2b7dc49cb14f3344fbe6019c14a31165e258c059
|
|
with:
|
|
needs-context: ${{ toJSON(needs) }}
|
|
|
|
attestation-attribute:
|
|
runs-on: ubuntu-latest
|
|
needs: [all-required-checks-complete]
|
|
if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }}
|
|
permissions:
|
|
id-token: write
|
|
attestations: write
|
|
contents: read
|
|
steps:
|
|
- name: Download NuGet artifact
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: nuget-package-attribute
|
|
path: packed
|
|
- name: Attest Build Provenance
|
|
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
|
|
with:
|
|
subject-path: "packed/*.nupkg"
|
|
|
|
attestation-plugin:
|
|
runs-on: ubuntu-latest
|
|
needs: [all-required-checks-complete]
|
|
if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }}
|
|
permissions:
|
|
id-token: write
|
|
attestations: write
|
|
contents: read
|
|
steps:
|
|
- name: Download NuGet artifact
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: nuget-package-plugin
|
|
path: packed
|
|
- name: Attest Build Provenance
|
|
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
|
|
with:
|
|
subject-path: "packed/*.nupkg"
|
|
|
|
nuget-publish-attribute:
|
|
runs-on: ubuntu-latest
|
|
if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }}
|
|
needs: [all-required-checks-complete]
|
|
environment: main-deploy
|
|
permissions:
|
|
id-token: write
|
|
attestations: write
|
|
contents: read
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Install Nix
|
|
uses: cachix/install-nix-action@v29
|
|
with:
|
|
extra_nix_config: |
|
|
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
|
- name: Download NuGet artifact
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: nuget-package-attribute
|
|
path: packed
|
|
- name: Identify `dotnet`
|
|
id: dotnet-identify
|
|
run: nix develop --command bash -c 'echo "dotnet=$(which dotnet)" >> $GITHUB_OUTPUT'
|
|
- name: Publish to NuGet
|
|
id: publish-success
|
|
uses: G-Research/common-actions/publish-nuget@2b7dc49cb14f3344fbe6019c14a31165e258c059
|
|
with:
|
|
package-name: WoofWare.Myriad.Plugins.Attributes
|
|
nuget-key: ${{ secrets.NUGET_API_KEY }}
|
|
nupkg-dir: packed/
|
|
dotnet: ${{ steps.dotnet-identify.outputs.dotnet }}
|
|
|
|
nuget-publish-plugin:
|
|
runs-on: ubuntu-latest
|
|
if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }}
|
|
needs: [all-required-checks-complete]
|
|
environment: main-deploy
|
|
permissions:
|
|
id-token: write
|
|
attestations: write
|
|
contents: read
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Install Nix
|
|
uses: cachix/install-nix-action@v29
|
|
with:
|
|
extra_nix_config: |
|
|
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
|
- name: Download NuGet artifact
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: nuget-package-plugin
|
|
path: packed
|
|
- name: Identify `dotnet`
|
|
id: dotnet-identify
|
|
run: nix develop --command bash -c 'echo "dotnet=$(which dotnet)" >> $GITHUB_OUTPUT'
|
|
- name: Publish to NuGet
|
|
id: publish-success
|
|
uses: G-Research/common-actions/publish-nuget@2b7dc49cb14f3344fbe6019c14a31165e258c059
|
|
with:
|
|
package-name: WoofWare.Myriad.Plugins
|
|
nuget-key: ${{ secrets.NUGET_API_KEY }}
|
|
nupkg-dir: packed/
|
|
dotnet: ${{ steps.dotnet-identify.outputs.dotnet }}
|
|
|
|
github-release-plugin:
|
|
runs-on: ubuntu-latest
|
|
if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }}
|
|
needs: [all-required-checks-complete]
|
|
environment: main-deploy
|
|
permissions:
|
|
contents: write
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Download NuGet artifact (plugin)
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: nuget-package-plugin
|
|
- name: Download NuGet artifact (attribute)
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: nuget-package-attribute
|
|
- name: Tag and release plugin
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: sh .github/workflows/tag.sh
|