gewuyou/GFramework
1
0
Fork 0
mirror of https://github.com/GeWuYou/GFramework.git synced 2026-05-11 04:04:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #179 from GeWuYou/feat/ci-publish-workflow-nuget-github

Browse Source 
feat(workflow): 添加许可证合规检查工作流并优化发布流程
This commit is contained in:
gewuyou 2026-04-05 20:54:45 +08:00 committed by GitHub
commit 46ea6f1ffd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 11 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/license-compliance.yml vendored
View File

@ -5,6 +5,10 @@ on:
tags: tags:
- '*' - '*'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
permissions: permissions:
contents: write contents: write
@ -114,4 +118,4 @@ jobs:
sbom-cyclonedx-validation.txt sbom-cyclonedx-validation.txt
license-compliance.zip license-compliance.zip
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ github.token }}

37
.github/workflows/publish.yml vendored
View File

@ -11,6 +11,10 @@ on:
tags: tags:
- '*' - '*'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
permissions: permissions:
contents: write contents: write
packages: write packages: write
@ -79,19 +83,6 @@ jobs:
name: packages name: packages
path: ./packages/*.nupkg path: ./packages/*.nupkg
# 上传许可证合规相关的工件文件包括通知文件、第三方许可证、SBOM 文件及验证结果。
- name: Upload compliance artifacts
uses: actions/upload-artifact@v7
with:
name: license-compliance
path: |
NOTICE
THIRD_PARTY_LICENSES.md
sbom.spdx.json
sbom.cyclonedx.json
sbom-spdx-validation.txt
sbom-cyclonedx-validation.txt
publish-nuget: publish-nuget:
name: Publish To NuGet.org name: Publish To NuGet.org
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -215,13 +206,8 @@ jobs:
name: packages name: packages
path: ./packages path: ./packages
- name: Download compliance artifacts # 无论某一侧包源发布是否失败,都继续创建 Release。
uses: actions/download-artifact@v5 # 合规工件由独立 workflow 生成,当前发布流不再假设这些文件在同一次运行中可用。
with:
name: license-compliance
path: .
# 无论某一侧包源发布是否失败,都继续创建 Release并在正文中标注结果。
- name: Create GitHub Release and Upload Assets - name: Create GitHub Release and Upload Assets
uses: softprops/action-gh-release@v2 uses: softprops/action-gh-release@v2
with: with:
@ -230,20 +216,9 @@ jobs:
body: | body: |
Release created by CI for tag ${{ github.ref_name }} Release created by CI for tag ${{ github.ref_name }}
Package version: ${{ needs.build-pack.outputs.package_version }} Package version: ${{ needs.build-pack.outputs.package_version }}
## Compliance
- NOTICE
- THIRD_PARTY_LICENSES
- SPDX & CycloneDX SBOM
draft: false draft: false
prerelease: false prerelease: false
files: | files: |
./packages/*.nupkg ./packages/*.nupkg
NOTICE
THIRD_PARTY_LICENSES.md
sbom.spdx.json
sbom.cyclonedx.json
sbom-spdx-validation.txt
sbom-cyclonedx-validation.txt
env: env:
GITHUB_TOKEN: ${{ github.token }} GITHUB_TOKEN: ${{ github.token }}