gewuyou/GFramework
1
0
Fork 0
mirror of https://github.com/GeWuYou/GFramework.git synced 2026-03-22 10:34:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(ci): 发布流程支持 NuGet 和 GitHub Release 双发布

Browse Source 
- 合并发布工作流,支持同时推送到 NuGet 和创建 GitHub Release
- 添加对多个 .nupkg 包的批量推送支持
- 自动从 .nuspec 提取版本号用于 Release 描述
- 使用 OIDC 身份验证增强安全性
- 安装 unzip 工具以支持解析 nupkg 内部结构
- 移除独立的 release.yml 文件,统一到 publish.yml 中管理
This commit is contained in:
GwWuYou 2025-12-10 09:13:58 +08:00
parent e204f899ba
commit 8058860a80
2 changed files with 81 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
.github/workflows/publish.yml vendored
View File

@ -1,21 +1,21 @@
name: Publish to NuGet name: Publish (NuGet + GitHub Release)
# 触发条件:当有标签被推送到仓库时触发该工作流(例如 v1.0.0 或 1.0.0 # 触发:推送 tag 时触发(例如 v1.0.0 或 1.0.0
on: on:
push: push:
tags: tags:
- '*' - '*'
# 顶级权限:允许创建 Releasecontents: write和写 packages如果需要 # 顶级权限:允许创建 release、写 packages并允许 id-tokenOIDC
permissions: permissions:
contents: write contents: write
packages: write packages: write
id-token: write
jobs: jobs:
build-and-publish: build-and-publish:
runs-on: ubuntu-latest runs-on: ubuntu-latest
# 允许此 job 请求短时 OIDC tokenNuGet/login 使用)
permissions: permissions:
id-token: write id-token: write
contents: write contents: write
@ -33,6 +33,9 @@ jobs:
with: with:
dotnet-version: 9.0.x dotnet-version: 9.0.x
- name: Install unzip (for reading .nuspec from .nupkg)
run: sudo apt-get update && sudo apt-get install -y unzip
- name: Restore dependencies - name: Restore dependencies
run: dotnet restore run: dotnet restore
@ -46,10 +49,8 @@ jobs:
id: tag_version id: tag_version
run: | run: |
set -e set -e
# GITHUB_REF example: refs/tags/v0.0.1 or refs/tags/0.0.1
echo "GITHUB_REF = ${GITHUB_REF}" echo "GITHUB_REF = ${GITHUB_REF}"
TAG=${GITHUB_REF#refs/tags/} TAG=${GITHUB_REF#refs/tags/}
# remove leading 'v' or 'V' if present
VERSION=${TAG#v} VERSION=${TAG#v}
VERSION=${VERSION#V} VERSION=${VERSION#V}
echo "tag='$TAG' -> version='$VERSION'" echo "tag='$TAG' -> version='$VERSION'"
@ -64,26 +65,84 @@ jobs:
- name: Show packages - name: Show packages
run: ls -la ./packages || true run: ls -la ./packages || true
- name: NuGet login (OIDC → temp API key) - name: NuGet login (OIDC → temporary API key)
id: login id: nuget_login
uses: NuGet/login@v1 uses: NuGet/login@v1
with: with:
# 推荐把用户名放到仓库 Secret不是邮箱例如 ${{ secrets.NUGET_USER }} user: ${{ secrets.NUGET_USER }} # 推荐将用户名放 secrets
# 也可以直接写用户名(不推荐),但通常使用 secret 更安全
user: ${{ secrets.NUGET_USER }}
- name: NuGet push (using short-lived API key) - name: Push all packages to nuget.org
env:
NUGET_API_KEY: ${{ steps.nuget_login.outputs.NUGET_API_KEY }}
run: | run: |
set -e set -e
PKG=$(find ./packages -name "*.nupkg" | head -n1) echo "Found API key: ${NUGET_API_KEY:+*** present ***}"
if [ -z "$PKG" ]; then pushed_any=false
echo "No package found" for PKG in ./packages/*.nupkg; do
[ -f "$PKG" ] || continue
pushed_any=true
echo "Pushing $PKG to nuget.org..."
dotnet nuget push "$PKG" \
--api-key "${NUGET_API_KEY}" \
--source https://api.nuget.org/v3/index.json \
--skip-duplicate
done
if [ "$pushed_any" = false ]; then
echo "No packages found to push."
fi
- name: Get Version and First Package Path
id: get_version
run: |
set -e
PACKAGE_FILE=$(find ./packages -name "*.nupkg" | head -n 1 || true)
if [ -z "$PACKAGE_FILE" ]; then
echo "No .nupkg file found in ./packages"
exit 1 exit 1
fi fi
echo "Pushing $PKG to nuget.org..." # 从 .nupkgzip里读取 .nuspec 并提取 <version>
# 注意:不要使用 --verbositydotnet nuget push 不支持) VERSION=$(unzip -p "$PACKAGE_FILE" '*.nuspec' 2>/dev/null | sed -n 's:.*<version>\(.*\)</version>.*:\1:p' | head -n1)
dotnet nuget push "$PKG" \ if [ -z "$VERSION" ]; then
--api-key "${{ steps.login.outputs.NUGET_API_KEY }}" \ echo "Failed to parse version from $PACKAGE_FILE"
--source https://api.nuget.org/v3/index.json \ exit 1
--skip-duplicate fi
BASENAME=$(basename "$PACKAGE_FILE")
echo "package_file=$PACKAGE_FILE" >> $GITHUB_OUTPUT
echo "package_basename=$BASENAME" >> $GITHUB_OUTPUT
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Create GitHub Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref_name }}
release_name: "Release ${{ github.ref_name }}"
body: "Release created by CI for tag ${{ github.ref_name }} (package version ${{ steps.get_version.outputs.version }})"
draft: false
prerelease: false
- name: Upload all .nupkg to Release (curl)
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
UPLOAD_URL_TEMPLATE: ${{ steps.create_release.outputs.upload_url }}
run: |
set -e
# upload_url from create-release is like: https://uploads.github.com/repos/OWNER/REPO/releases/ID/assets{?name,label}
# strip template part "{?name,label}"
UPLOAD_URL="${UPLOAD_URL_TEMPLATE%\{*}"
echo "Upload base URL: $UPLOAD_URL"
for package_file in ./packages/*.nupkg; do
if [ -f "$package_file" ]; then
basename=$(basename "$package_file")
echo "Uploading $basename to release..."
curl --fail -sS -X POST \
-H "Authorization: Bearer $GITHUB_TOKEN" \
-H "Content-Type: application/octet-stream" \
--data-binary @"$package_file" \
"$UPLOAD_URL?name=$basename"
echo "Uploaded $basename"
fi
done

91
.github/workflows/release.yml vendored
View File

@ -1,91 +0,0 @@
name: Create Release (on tag)
on:
push:
tags:
- '*'
permissions:
contents: write
jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Checkout repository (at tag)
uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: true
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: 9.0.x
- name: Restore dependencies
run: dotnet restore
- name: Build
run: dotnet build --no-restore -c Release
- name: Determine tag version
id: tag_version
run: |
set -e
# GITHUB_REF example: refs/tags/v0.0.1 or refs/tags/0.0.1
echo "GITHUB_REF = ${GITHUB_REF}"
TAG=${GITHUB_REF#refs/tags/}
# remove leading 'v' or 'V' if present
VERSION=${TAG#v}
VERSION=${VERSION#V}
echo "tag='$TAG' -> version='$VERSION'"
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Pack (use tag version)
run: |
set -e
echo "Packing with version=${{ steps.tag_version.outputs.version }}"
dotnet pack --no-build -c Release -o ./packages -p:PackageVersion=${{ steps.tag_version.outputs.version }}
- name: Get Version and Package Path
id: get_version
run: |
set -e
PACKAGE_FILE=$(find ./packages -name "*.nupkg" | head -n 1)
if [ -z "$PACKAGE_FILE" ]; then
echo "No .nupkg file found in ./packages"
exit 1
fi
# 从 .nupkgzip里读取 .nuspec 并提取 <version> 标签(稳妥)
VERSION=$(unzip -p "$PACKAGE_FILE" *.nuspec 2>/dev/null | sed -n 's:.*<version>\(.*\)</version>.*:\1:p' | head -n1)
if [ -z "$VERSION" ]; then
echo "Failed to parse version from $PACKAGE_FILE"
exit 1
fi
BASENAME=$(basename "$PACKAGE_FILE")
echo "package_file=$PACKAGE_FILE" >> $GITHUB_OUTPUT
echo "package_basename=$BASENAME" >> $GITHUB_OUTPUT
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Create GitHub Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref_name }}
release_name: "Release ${{ github.ref_name }}"
body: "Release created by CI for tag ${{ github.ref_name }} (package version ${{ steps.get_version.outputs.version }})"
draft: false
prerelease: false
- name: Upload .nupkg to Release
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ${{ steps.get_version.outputs.package_file }}
asset_name: ${{ steps.get_version.outputs.package_basename }}
asset_content_type: application/octet-stream