gewuyou/GFramework
1
0
Fork 0
mirror of https://github.com/GeWuYou/GFramework.git synced 2026-05-07 00:39:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #177 from GeWuYou/feat/ci-publish-workflow-nuget-github

Browse Source 
feat(ci): 添加发布工作流支持NuGet和GitHub Packages
This commit is contained in:
gewuyou 2026-04-05 20:28:46 +08:00 committed by GitHub
commit 152da3fe3f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 132 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

182
.github/workflows/publish.yml vendored
View File

@ -1,30 +1,33 @@
# 发布工作流NuGet + GitHub Release
#
# 功能:当推送标签时自动构建、打包并发布到 NuGet.org 和 GitHub Release
# 发布工作流NuGet + GitHub Packages + GitHub Release
#
# 功能:当推送标签时自动构建、打包,并将相同产物并发发布到 NuGet.org 与 GitHub Packages
# 最后创建 GitHub Release。
# 触发条件:推送任何标签(如 v1.0.0 或 1.0.0
# 权限:允许写入内容、包和使用 OIDC 身份验证
name: Publish (NuGet + GitHub Release)
name: Publish (NuGet + GitHub Packages + GitHub Release)
# 触发:推送 tag 时触发(例如 v1.0.0 或 1.0.0
on:
push:
tags:
- '*'
# 顶级权限:允许创建 release、写 packages并允许 id-tokenOIDC
permissions:
contents: write
packages: write
id-token: write
jobs:
build-and-publish:
build-pack:
name: Build And Pack
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
id-token: write
contents: write
packages: write
outputs:
package_version: ${{ steps.tag_version.outputs.version }}
steps:
- name: Checkout repository (at tag)
@ -38,19 +41,17 @@ jobs:
with:
dotnet-version: 10.0.x
- name: Install unzip (for reading .nuspec from .nupkg)
run: sudo apt-get update && sudo apt-get install -y unzip
- name: Cache NuGet packages
uses: actions/cache@v5
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
- name: Restore dependencies
run: dotnet restore
# 从 GitHub 引用中提取标签版本
# 提取逻辑:去除 refs/tags/ 前缀,然后去除 v/V 前缀
# 输出version - 处理后的版本号
# 从 GitHub 引用中提取标签版本。
# 提取逻辑:去除 refs/tags/ 前缀,然后去除 v/V 前缀。
- name: Determine tag version
id: tag_version
run: |
@ -60,14 +61,25 @@ jobs:
VERSION=${TAG#v}
VERSION=${VERSION#V}
echo "tag='$TAG' -> version='$VERSION'"
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
- name: Pack (use tag version)
run: |
set -e
echo "Packing with version=${{ steps.tag_version.outputs.version }}"
dotnet pack -c Release -o ./packages -p:PackageVersion=${{ steps.tag_version.outputs.version }} -p:IncludeSymbols=false
# 上传许可证合规相关的工件文件包括通知文件、第三方许可证、SBOM文件及验证结果
- name: Show packages
run: ls -la ./packages || true
# 上传 nupkg 工件,供多个发布 job 复用,避免重复打包。
- name: Upload package artifacts
uses: actions/upload-artifact@v7
with:
name: packages
path: ./packages/*.nupkg
# 上传许可证合规相关的工件文件包括通知文件、第三方许可证、SBOM 文件及验证结果。
- name: Upload compliance artifacts
uses: actions/upload-artifact@v7
with:
@ -79,7 +91,30 @@ jobs:
sbom.cyclonedx.json
sbom-spdx-validation.txt
sbom-cyclonedx-validation.txt
- name: Show packages
publish-nuget:
name: Publish To NuGet.org
runs-on: ubuntu-latest
needs: build-pack
permissions:
contents: read
packages: read
id-token: write
steps:
- name: Setup .NET
uses: actions/setup-dotnet@v5
with:
dotnet-version: 10.0.x
- name: Download package artifacts
uses: actions/download-artifact@v5
with:
name: packages
path: ./packages
- name: Show downloaded packages
run: ls -la ./packages || true
- name: NuGet login (OIDC → temporary API key)
@ -88,9 +123,8 @@ jobs:
with:
user: ${{ secrets.NUGET_USER }}
# 将所有生成的包推送到 nuget.org
# 使用临时 API 密钥进行身份验证
# 跳过重复包的上传
# 将所有生成的包推送到 nuget.org。
# 使用临时 API 密钥进行身份验证,并跳过重复包上传。
- name: Push all packages to nuget.org
env:
NUGET_API_KEY: ${{ steps.nuget_login.outputs.NUGET_API_KEY }}
@ -110,36 +144,84 @@ jobs:
if [ "$pushed_any" = false ]; then
echo "No packages found to push."
fi
# 从 .nupkg 文件中提取版本信息
# 通过解压 .nupkgzip 格式)并读取 .nuspec 文件来获取版本
# 输出:
# package_file - 第一个找到的包文件路径
# package_basename - 包文件的基本名称
# version - 从 nuspec 中解析出的版本号
- name: Get Version and First Package Path
id: get_version
publish-github-packages:
name: Publish To GitHub Packages
runs-on: ubuntu-latest
needs: build-pack
permissions:
contents: read
packages: write
steps:
- name: Setup .NET
uses: actions/setup-dotnet@v5
with:
dotnet-version: 10.0.x
- name: Download package artifacts
uses: actions/download-artifact@v5
with:
name: packages
path: ./packages
- name: Show downloaded packages
run: ls -la ./packages || true
# 使用仓库内建的 GITHUB_TOKEN 配置 GitHub Packages NuGet 源。
- name: Configure GitHub Packages source
run: |
set -e
PACKAGE_FILE=$(find ./packages -name "*.nupkg" | head -n 1 || true)
if [ -z "$PACKAGE_FILE" ]; then
echo "No .nupkg file found in ./packages"
exit 1
fi
# 从 .nupkgzip里读取 .nuspec 并提取 <version>
VERSION=$(unzip -p "$PACKAGE_FILE" '*.nuspec' 2>/dev/null | sed -n 's:.*<version>\(.*\)</version>.*:\1:p' | head -n1)
if [ -z "$VERSION" ]; then
echo "Failed to parse version from $PACKAGE_FILE"
exit 1
fi
BASENAME=$(basename "$PACKAGE_FILE")
echo "package_file=$PACKAGE_FILE" >> $GITHUB_OUTPUT
echo "package_basename=$BASENAME" >> $GITHUB_OUTPUT
echo "version=$VERSION" >> $GITHUB_OUTPUT
dotnet nuget add source "https://nuget.pkg.github.com/${{ github.repository_owner }}/index.json" \
--name github \
--username "${{ github.repository_owner }}" \
--password "${{ github.token }}" \
--store-password-in-clear-text
# 创建 GitHub Release
# 使用从包中提取的版本信息和当前标签创建发布
# 发布包含描述信息和版本详情
- name: Push all packages to GitHub Packages
run: |
set -e
pushed_any=false
for PKG in ./packages/*.nupkg; do
[ -f "$PKG" ] || continue
pushed_any=true
echo "Pushing $PKG to GitHub Packages..."
dotnet nuget push "$PKG" \
--source github \
--skip-duplicate
done
if [ "$pushed_any" = false ]; then
echo "No packages found to push."
fi
create-release:
name: Create GitHub Release
runs-on: ubuntu-latest
needs:
- build-pack
- publish-nuget
- publish-github-packages
if: ${{ always() && needs.build-pack.result == 'success' }}
permissions:
contents: write
packages: read
steps:
- name: Download package artifacts
uses: actions/download-artifact@v5
with:
name: packages
path: ./packages
- name: Download compliance artifacts
uses: actions/download-artifact@v5
with:
name: license-compliance
path: .
# 无论某一侧包源发布是否失败,都继续创建 Release并在正文中标注结果。
- name: Create GitHub Release and Upload Assets
uses: softprops/action-gh-release@v2
with:
@ -147,7 +229,7 @@ jobs:
name: "Release ${{ github.ref_name }}"
body: |
Release created by CI for tag ${{ github.ref_name }}
Package version: ${{ steps.get_version.outputs.version }}
Package version: ${{ needs.build-pack.outputs.package_version }}
## Compliance
- NOTICE
@ -164,4 +246,4 @@ jobs:
sbom-spdx-validation.txt
sbom-cyclonedx-validation.txt
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ github.token }}