mirror of
				https://github.com/Smaug123/WoofWare.Myriad
				synced 2025-10-26 06:18:41 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			390 lines
		
	
	
		
			14 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			390 lines
		
	
	
		
			14 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/github-workflow.json
 | |
| name: .NET
 | |
| 
 | |
| on:
 | |
|   push:
 | |
|     branches: [ main ]
 | |
|   pull_request:
 | |
|     branches: [ main ]
 | |
| 
 | |
| env:
 | |
|   DOTNET_NOLOGO: true
 | |
|   DOTNET_CLI_TELEMETRY_OPTOUT: true
 | |
|   DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
 | |
|   NUGET_XMLDOC_MODE: ''
 | |
|   DOTNET_MULTILEVEL_LOOKUP: 0
 | |
| 
 | |
| jobs:
 | |
|   build:
 | |
|     strategy:
 | |
|       matrix:
 | |
|         config:
 | |
|           - Release
 | |
|           - Debug
 | |
| 
 | |
|     runs-on: ubuntu-latest
 | |
| 
 | |
|     steps:
 | |
|     - uses: actions/checkout@v5
 | |
|       with:
 | |
|         fetch-depth: 0 # so that NerdBank.GitVersioning has access to history
 | |
|     - name: Install Nix
 | |
|       uses: cachix/install-nix-action@v31
 | |
|       with:
 | |
|         extra_nix_config: |
 | |
|           access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
 | |
|     - name: Restore dependencies
 | |
|       run: nix develop --command dotnet restore
 | |
|     - name: Build
 | |
|       run: nix develop --command dotnet build --no-restore --configuration ${{matrix.config}}
 | |
|     - name: Test
 | |
|       run: nix develop --command dotnet test --no-build --verbosity normal --configuration ${{matrix.config}}
 | |
| 
 | |
|   analyzers:
 | |
|     runs-on: ubuntu-latest
 | |
|     permissions:
 | |
|       security-events: write
 | |
|     steps:
 | |
|       - name: Checkout
 | |
|         uses: actions/checkout@v5
 | |
|         with:
 | |
|           fetch-depth: 0 # so that NerdBank.GitVersioning has access to history
 | |
|       - name: Install Nix
 | |
|         uses: cachix/install-nix-action@v31
 | |
|         with:
 | |
|           extra_nix_config: |
 | |
|             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
 | |
|       - name: Prepare analyzers
 | |
|         run: nix develop --command dotnet restore analyzers/analyzers.fsproj
 | |
|       - name: Build project
 | |
|         run: nix develop --command dotnet build ./WoofWare.Myriad.Plugins/WoofWare.Myriad.Plugins.fsproj
 | |
|       - name: Run analyzers
 | |
|         run: nix run .#fsharp-analyzers -- --project ./WoofWare.Myriad.Plugins/WoofWare.Myriad.Plugins.fsproj --analyzers-path ./.analyzerpackages/g-research.fsharp.analyzers/*/ --verbosity detailed --report ./analysis.sarif --treat-as-error GRA-STRING-001 GRA-STRING-002 GRA-STRING-003 GRA-UNIONCASE-001 GRA-INTERPOLATED-001 GRA-TYPE-ANNOTATE-001 GRA-VIRTUALCALL-001 GRA-IMMUTABLECOLLECTIONEQUALITY-001 GRA-JSONOPTS-001 GRA-LOGARGFUNCFULLAPP-001 GRA-DISPBEFOREASYNC-001 --exclude-analyzers PartialAppAnalyzer
 | |
| 
 | |
|   build-nix:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       - name: Checkout
 | |
|         uses: actions/checkout@v5
 | |
|       - name: Install Nix
 | |
|         uses: cachix/install-nix-action@v31
 | |
|         with:
 | |
|           extra_nix_config: |
 | |
|             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
 | |
|       - name: Build
 | |
|         run: nix build
 | |
|       - name: Reproducibility check
 | |
|         run: nix build --rebuild
 | |
| 
 | |
|   check-dotnet-format:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       - name: Checkout
 | |
|         uses: actions/checkout@v5
 | |
|       - name: Install Nix
 | |
|         uses: cachix/install-nix-action@v31
 | |
|         with:
 | |
|           extra_nix_config: |
 | |
|             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
 | |
|       - name: Run Fantomas
 | |
|         run: nix run .#fantomas -- --check .
 | |
| 
 | |
|   check-accurate-generations:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       - name: Checkout
 | |
|         uses: actions/checkout@v5
 | |
|         with:
 | |
|           fetch-depth: 0 # so that NerdBank.GitVersioning has access to history
 | |
|       - name: Install Nix
 | |
|         uses: cachix/install-nix-action@v31
 | |
|         with:
 | |
|           extra_nix_config: |
 | |
|             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
 | |
|       - name: Whitespace change
 | |
|         run: "echo ' ' >> ConsumePlugin/List.fs"
 | |
|       - name: Generate code
 | |
|         run: nix develop --command dotnet build
 | |
|       - name: Run Fantomas
 | |
|         run: nix run .#fantomas -- .
 | |
|       - name: Verify there is no diff
 | |
|         run: git diff --name-only --no-color --exit-code
 | |
| 
 | |
|   check-nix-format:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       - name: Checkout
 | |
|         uses: actions/checkout@v5
 | |
|       - name: Install Nix
 | |
|         uses: cachix/install-nix-action@v31
 | |
|         with:
 | |
|           extra_nix_config: |
 | |
|             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
 | |
|       - name: Run Alejandra
 | |
|         run: nix develop --command alejandra --check .
 | |
| 
 | |
|   linkcheck:
 | |
|     name: Check links
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       - uses: actions/checkout@master
 | |
|       - name: Install Nix
 | |
|         uses: cachix/install-nix-action@v31
 | |
|         with:
 | |
|           extra_nix_config: |
 | |
|             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
 | |
|       - name: Run link checker
 | |
|         run: nix develop --command markdown-link-check README.md CONTRIBUTING.md
 | |
| 
 | |
|   flake-check:
 | |
|     name: Check flake
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       - uses: actions/checkout@master
 | |
|       - name: Install Nix
 | |
|         uses: cachix/install-nix-action@v31
 | |
|         with:
 | |
|           extra_nix_config: |
 | |
|             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
 | |
|       - name: Flake check
 | |
|         run: nix flake check
 | |
| 
 | |
|   nuget-pack:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|     - uses: actions/checkout@v5
 | |
|       with:
 | |
|         fetch-depth: 0 # so that NerdBank.GitVersioning has access to history
 | |
|     - name: Install Nix
 | |
|       uses: cachix/install-nix-action@v31
 | |
|       with:
 | |
|         extra_nix_config: |
 | |
|           access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
 | |
|     - name: Restore dependencies
 | |
|       run: nix develop --command dotnet restore
 | |
|     - name: Build
 | |
|       run: nix develop --command dotnet build --no-restore --configuration Release
 | |
|     - name: Pack
 | |
|       run: nix develop --command dotnet pack --configuration Release
 | |
|     - name: Upload NuGet artifact (plugin)
 | |
|       uses: actions/upload-artifact@v4
 | |
|       with:
 | |
|         name: nuget-package-plugin
 | |
|         path: WoofWare.Myriad.Plugins/bin/Release/WoofWare.Myriad.Plugins.*.nupkg
 | |
|     - name: Upload NuGet artifact (attributes)
 | |
|       uses: actions/upload-artifact@v4
 | |
|       with:
 | |
|         name: nuget-package-attribute
 | |
|         path: WoofWare.Myriad.Plugins.Attributes/bin/Release/WoofWare.Myriad.Plugins.Attributes.*.nupkg
 | |
| 
 | |
|   expected-pack:
 | |
|     needs: [nuget-pack]
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       - name: Download NuGet artifact (plugin)
 | |
|         uses: actions/download-artifact@v5
 | |
|         with:
 | |
|           name: nuget-package-plugin
 | |
|           path: packed-plugin
 | |
|       - name: Check NuGet contents
 | |
|         # Verify that there is exactly one nupkg in the artifact that would be NuGet published
 | |
|         run: if [[ $(find packed-plugin -maxdepth 1 -name 'WoofWare.Myriad.Plugins.*.nupkg' -printf c | wc -c) -ne "1" ]]; then exit 1; fi
 | |
|       - name: Download NuGet artifact (attributes)
 | |
|         uses: actions/download-artifact@v5
 | |
|         with:
 | |
|           name: nuget-package-attribute
 | |
|           path: packed-attribute
 | |
|       - name: Check NuGet contents
 | |
|         # Verify that there is exactly one nupkg in the artifact that would be NuGet published
 | |
|         run: if [[ $(find packed-attribute -maxdepth 1 -name 'WoofWare.Myriad.Plugins.Attributes.*.nupkg' -printf c | wc -c) -ne "1" ]]; then exit 1; fi
 | |
| 
 | |
|   github-release-dry-run:
 | |
|     strategy:
 | |
|       matrix:
 | |
|         artifact:
 | |
|         - nuget-package-plugin
 | |
|         - nuget-package-attribute
 | |
|     runs-on: ubuntu-latest
 | |
|     needs: [nuget-pack]
 | |
|     steps:
 | |
|       - uses: actions/checkout@v5
 | |
|       - name: Download NuGet artifact
 | |
|         uses: actions/download-artifact@v5
 | |
|         with:
 | |
|           name: ${{ matrix.artifact }}
 | |
|       - name: Compute package path
 | |
|         id: compute-path
 | |
|         run: |
 | |
|           find . -maxdepth 1 -type f -name 'WoofWare.Myriad.*.nupkg' -exec sh -c 'echo "output=$(basename "$1")" >> $GITHUB_OUTPUT' shell {} \;
 | |
|       - name: Compute tag name
 | |
|         id: compute-tag
 | |
|         env:
 | |
|           NUPKG_PATH: ${{ steps.compute-path.outputs.output }}
 | |
|         run: echo "output=$(basename "$NUPKG_PATH" .nupkg)" >> $GITHUB_OUTPUT
 | |
|       - name: Tag and release
 | |
|         uses: G-Research/common-actions/github-release@19d7281a0f9f83e13c78f99a610dbc80fc59ba3b
 | |
|         with:
 | |
|           github-token: ${{ secrets.GITHUB_TOKEN }}
 | |
|           target-commitish: ${{ github.sha }}
 | |
|           tag: ${{ steps.compute-tag.outputs.output }}
 | |
|           binary-contents: ${{ steps.compute-path.outputs.output }}
 | |
|           dry-run: true
 | |
| 
 | |
|   all-required-checks-complete:
 | |
|     needs: [check-dotnet-format, check-nix-format, check-accurate-generations, build, build-nix, linkcheck, flake-check, analyzers, nuget-pack, expected-pack, github-release-dry-run]
 | |
|     if: ${{ always() }}
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       - uses: G-Research/common-actions/check-required-lite@2b7dc49cb14f3344fbe6019c14a31165e258c059
 | |
|         with:
 | |
|           needs-context: ${{ toJSON(needs) }}
 | |
| 
 | |
|   attestation-attribute:
 | |
|     runs-on: ubuntu-latest
 | |
|     needs: [all-required-checks-complete]
 | |
|     if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }}
 | |
|     permissions:
 | |
|       id-token: write
 | |
|       attestations: write
 | |
|       contents: read
 | |
|     steps:
 | |
|       - name: Download NuGet artifact
 | |
|         uses: actions/download-artifact@v5
 | |
|         with:
 | |
|           name: nuget-package-attribute
 | |
|           path: packed
 | |
|       - name: Attest Build Provenance
 | |
|         uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
 | |
|         with:
 | |
|           subject-path: "packed/*.nupkg"
 | |
| 
 | |
|   attestation-plugin:
 | |
|     runs-on: ubuntu-latest
 | |
|     needs: [all-required-checks-complete]
 | |
|     if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }}
 | |
|     permissions:
 | |
|       id-token: write
 | |
|       attestations: write
 | |
|       contents: read
 | |
|     steps:
 | |
|       - name: Download NuGet artifact
 | |
|         uses: actions/download-artifact@v5
 | |
|         with:
 | |
|           name: nuget-package-plugin
 | |
|           path: packed
 | |
|       - name: Attest Build Provenance
 | |
|         uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
 | |
|         with:
 | |
|           subject-path: "packed/*.nupkg"
 | |
| 
 | |
|   nuget-publish-attribute:
 | |
|     runs-on: ubuntu-latest
 | |
|     if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }}
 | |
|     needs: [all-required-checks-complete]
 | |
|     environment: main-deploy
 | |
|     permissions:
 | |
|       id-token: write
 | |
|       attestations: write
 | |
|       contents: read
 | |
|     steps:
 | |
|       - uses: actions/checkout@v5
 | |
|       - name: Install Nix
 | |
|         uses: cachix/install-nix-action@v31
 | |
|         with:
 | |
|           extra_nix_config: |
 | |
|             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
 | |
|       - name: Download NuGet artifact
 | |
|         uses: actions/download-artifact@v5
 | |
|         with:
 | |
|           name: nuget-package-attribute
 | |
|           path: packed
 | |
|       - name: Identify `dotnet`
 | |
|         id: dotnet-identify
 | |
|         run: nix develop --command bash -c 'echo "dotnet=$(which dotnet)" >> $GITHUB_OUTPUT'
 | |
|       - name: Obtain NuGet key
 | |
|         uses: NuGet/login@d22cc5f58ff5b88bf9bd452535b4335137e24544
 | |
|         id: login
 | |
|         with:
 | |
|             user: ${{ secrets.NUGET_USER }}
 | |
|       - name: Publish to NuGet
 | |
|         id: publish-success
 | |
|         uses: G-Research/common-actions/publish-nuget@2b7dc49cb14f3344fbe6019c14a31165e258c059
 | |
|         with:
 | |
|           package-name: WoofWare.Myriad.Plugins.Attributes
 | |
|           nuget-key: ${{ steps.login.outputs.NUGET_API_KEY }}
 | |
|           nupkg-dir: packed/
 | |
|           dotnet: ${{ steps.dotnet-identify.outputs.dotnet }}
 | |
| 
 | |
|   nuget-publish-plugin:
 | |
|     runs-on: ubuntu-latest
 | |
|     if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }}
 | |
|     needs: [all-required-checks-complete]
 | |
|     environment: main-deploy
 | |
|     permissions:
 | |
|       id-token: write
 | |
|       attestations: write
 | |
|       contents: read
 | |
|     steps:
 | |
|       - uses: actions/checkout@v5
 | |
|       - name: Install Nix
 | |
|         uses: cachix/install-nix-action@v31
 | |
|         with:
 | |
|           extra_nix_config: |
 | |
|             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
 | |
|       - name: Download NuGet artifact
 | |
|         uses: actions/download-artifact@v5
 | |
|         with:
 | |
|           name: nuget-package-plugin
 | |
|           path: packed
 | |
|       - name: Identify `dotnet`
 | |
|         id: dotnet-identify
 | |
|         run: nix develop --command bash -c 'echo "dotnet=$(which dotnet)" >> $GITHUB_OUTPUT'
 | |
|       - name: Obtain NuGet key
 | |
|         uses: NuGet/login@d22cc5f58ff5b88bf9bd452535b4335137e24544
 | |
|         id: login
 | |
|         with:
 | |
|             user: ${{ secrets.NUGET_USER }}
 | |
|       - name: Publish to NuGet
 | |
|         id: publish-success
 | |
|         uses: G-Research/common-actions/publish-nuget@2b7dc49cb14f3344fbe6019c14a31165e258c059
 | |
|         with:
 | |
|           package-name: WoofWare.Myriad.Plugins
 | |
|           nuget-key: ${{ steps.login.outputs.NUGET_API_KEY }}
 | |
|           nupkg-dir: packed/
 | |
|           dotnet: ${{ steps.dotnet-identify.outputs.dotnet }}
 | |
| 
 | |
|   github-release:
 | |
|     strategy:
 | |
|       matrix:
 | |
|         artifact:
 | |
|         - nuget-package-attribute
 | |
|         - nuget-package-plugin
 | |
|     runs-on: ubuntu-latest
 | |
|     if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }}
 | |
|     needs: [all-required-checks-complete]
 | |
|     environment: main-deploy
 | |
|     permissions:
 | |
|       contents: write
 | |
|     steps:
 | |
|       - uses: actions/checkout@v5
 | |
|       - name: Download NuGet artifact
 | |
|         uses: actions/download-artifact@v5
 | |
|         with:
 | |
|           name: ${{ matrix.artifact }}
 | |
|       - name: Compute package path
 | |
|         id: compute-path
 | |
|         run: |
 | |
|           find . -maxdepth 1 -type f -name 'WoofWare.Myriad.*.nupkg' -exec sh -c 'echo "output=$(basename "$1")" >> $GITHUB_OUTPUT' shell {} \;
 | |
|       - name: Compute tag name
 | |
|         id: compute-tag
 | |
|         env:
 | |
|           NUPKG_PATH: ${{ steps.compute-path.outputs.output }}
 | |
|         run: echo "output=$(basename "$NUPKG_PATH" .nupkg)" >> $GITHUB_OUTPUT
 | |
|       - name: Tag and release
 | |
|         uses: G-Research/common-actions/github-release@19d7281a0f9f83e13c78f99a610dbc80fc59ba3b
 | |
|         with:
 | |
|           github-token: ${{ secrets.GITHUB_TOKEN }}
 | |
|           target-commitish: ${{ github.sha }}
 | |
|           tag: ${{ steps.compute-tag.outputs.output }}
 | |
|           binary-contents: ${{ steps.compute-path.outputs.output }}
 |