ci: fix build workflow permissions #122
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: | |
- '**' | |
pull_request: | |
jobs: | |
build: | |
strategy: | |
matrix: | |
os: [windows-latest, ubuntu-latest, macos-latest] | |
fail-fast: false | |
runs-on: ${{ matrix.os }} | |
permissions: | |
contents: write | |
pull-requests: write | |
repository-projects: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v1 | |
- name: Setup dotnet | |
uses: actions/setup-dotnet@v1 | |
with: | |
dotnet-version: '6.0.100' | |
- name: NuGet cache | |
uses: actions/cache@v1 | |
with: | |
path: ~/.nuget/packages | |
key: ${{ runner.os }}-nuget-${{ hashFiles('.config/dotnet-tools.json') }}-${{ hashFiles('*.lock') }} | |
restore-keys: | | |
${{ runner.os }}-nuget- | |
- name: Build | |
run: | | |
# GH Actions puts us in detached head, but for nbgv, we need to be on the branch | |
git checkout ("${{github.ref}}" -replace '^refs/[^/]+/','') | |
# Build | |
dotnet tool restore | |
dotnet paket restore | |
dotnet build -c release | |
shell: pwsh | |
- name: Test | |
run: dotnet test --no-build -c release --logger trx --results-directory $PWD/bin/testresults | |
shell: pwsh | |
- name: Pack | |
run: | | |
dotnet paket pack $PWD/bin/nuget --version (dotnet nbgv get-version -v SemVer2) | |
shell: pwsh | |
- name: Upload nupkg | |
uses: actions/upload-artifact@v1 | |
with: | |
name: nuget | |
path: bin/nuget | |
if: ${{ matrix.os == 'ubuntu-latest' }} | |
- name: Report tests | |
uses: dorny/test-reporter@v1 | |
if: always() | |
with: | |
name: Unit tests (${{ matrix.os }}) | |
path: bin/testresults/*.trx | |
reporter: dotnet-trx | |
prerelease: | |
runs-on: ubuntu-latest | |
needs: build | |
if: ${{ github.ref == 'refs/heads/master' }} | |
steps: | |
- name: Setup dotnet | |
uses: actions/setup-dotnet@v1 | |
with: | |
dotnet-version: '6.0.100' | |
- name: Download nupkg | |
uses: actions/download-artifact@v4.1.7 | |
with: | |
name: nuget | |
- name: Push to GitHub feed | |
run: dotnet nuget push nuget/*.nupkg | |
--api-key "${{secrets.GITHUB_TOKEN}}" | |
--source "https://nuget.pkg.github.com/${{github.repository_owner}}/" | |
--skip-duplicate | |
release: | |
runs-on: ubuntu-latest | |
needs: build | |
if: ${{ contains(github.ref, 'releases') }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v1 | |
- name: Setup dotnet | |
uses: actions/setup-dotnet@v1 | |
with: | |
dotnet-version: '6.0.100' | |
- name: Prepare | |
run: | | |
# GH Actions puts us in detached head, but for nbgv, we need to be on the branch | |
git checkout "$(echo ${{github.ref}} | sed -E 's|^refs/[^/]+/||')" | |
dotnet tool restore | |
SHORT_VERSION="$(dotnet nbgv get-version -v MajorMinorVersion)" | |
echo "SHORT_VERSION=$SHORT_VERSION" >> $GITHUB_ENV | |
echo "FULL_VERSION=$(dotnet nbgv get-version -v SemVer2)" >> $GITHUB_ENV | |
# Parse the relevant changelog entry out of CHANGELOG.md | |
sed -n "/^## ${SHORT_VERSION//./\\.}\$/{n;bl};d;:l;/^#/Q;p;n;bl" CHANGELOG.md > release.md | |
- name: Create draft release | |
uses: actions/create-release@v1 | |
with: | |
tag_name: v${{ env.FULL_VERSION }} | |
release_name: Version ${{ env.SHORT_VERSION }} | |
body_path: release.md | |
draft: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |