gewuyou/GFramework
1
0
Fork 0
mirror of https://github.com/GeWuYou/GFramework.git synced 2026-05-07 08:44:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
GFramework/.github/workflows/publish.yml
GeWuYou cd210da167 feat(workflow): 添加许可证合规检查工作流并优化发布流程 
- 新增 license-compliance.yml 工作流,集成 Feluda 许可证扫描器
- 实现许可证合规性检查、SBOM 生成和验证功能
- 移除 publish.yml 中的许可证合规相关步骤
- 更新发布流程以分离许可证合规和包发布职责
- 添加并发控制配置避免重复执行
- 简化 GitHub Release 创建流程,移除合规文件附件逻辑
2026-04-05 20:42:00 +08:00

225 lines
6.4 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 发布工作流NuGet + GitHub Packages + GitHub Release
#
# 功能:当推送标签时自动构建、打包,并将相同产物并发发布到 NuGet.org 与 GitHub Packages
# 最后创建 GitHub Release。
# 触发条件:推送任何标签(如 v1.0.0 或 1.0.0
# 权限:允许写入内容、包和使用 OIDC 身份验证
name: Publish (NuGet + GitHub Packages + GitHub Release)
on:
push:
tags:
- '*'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
permissions:
contents: write
packages: write
id-token: write
jobs:
build-pack:
name: Build And Pack
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
id-token: write
outputs:
package_version: ${{ steps.tag_version.outputs.version }}
steps:
- name: Checkout repository (at tag)
uses: actions/checkout@v6
with:
fetch-depth: 0
persist-credentials: true
- name: Setup .NET
uses: actions/setup-dotnet@v5
with:
dotnet-version: 10.0.x
- name: Cache NuGet packages
uses: actions/cache@v5
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
- name: Restore dependencies
run: dotnet restore
# 从 GitHub 引用中提取标签版本。
# 提取逻辑:去除 refs/tags/ 前缀,然后去除 v/V 前缀。
- name: Determine tag version
id: tag_version
run: |
set -e
echo "GITHUB_REF = ${GITHUB_REF}"
TAG=${GITHUB_REF#refs/tags/}
VERSION=${TAG#v}
VERSION=${VERSION#V}
echo "tag='$TAG' -> version='$VERSION'"
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
- name: Pack (use tag version)
run: |
set -e
echo "Packing with version=${{ steps.tag_version.outputs.version }}"
dotnet pack -c Release -o ./packages -p:PackageVersion=${{ steps.tag_version.outputs.version }} -p:IncludeSymbols=false
- name: Show packages
run: ls -la ./packages || true
# 上传 nupkg 工件,供多个发布 job 复用,避免重复打包。
- name: Upload package artifacts
uses: actions/upload-artifact@v7
with:
name: packages
path: ./packages/*.nupkg
publish-nuget:
name: Publish To NuGet.org
runs-on: ubuntu-latest
needs: build-pack
permissions:
contents: read
packages: read
id-token: write
steps:
- name: Setup .NET
uses: actions/setup-dotnet@v5
with:
dotnet-version: 10.0.x
- name: Download package artifacts
uses: actions/download-artifact@v5
with:
name: packages
path: ./packages
- name: Show downloaded packages
run: ls -la ./packages || true
- name: NuGet login (OIDC → temporary API key)
id: nuget_login
uses: NuGet/login@v1
with:
user: ${{ secrets.NUGET_USER }}
# 将所有生成的包推送到 nuget.org。
# 使用临时 API 密钥进行身份验证,并跳过重复包上传。
- name: Push all packages to nuget.org
env:
NUGET_API_KEY: ${{ steps.nuget_login.outputs.NUGET_API_KEY }}
run: |
set -e
echo "Found API key: ${NUGET_API_KEY:+*** present ***}"
pushed_any=false
for PKG in ./packages/*.nupkg; do
[ -f "$PKG" ] || continue
pushed_any=true
echo "Pushing $PKG to nuget.org..."
dotnet nuget push "$PKG" \
--api-key "${NUGET_API_KEY}" \
--source https://api.nuget.org/v3/index.json \
--skip-duplicate
done
if [ "$pushed_any" = false ]; then
echo "No packages found to push."
fi
publish-github-packages:
name: Publish To GitHub Packages
runs-on: ubuntu-latest
needs: build-pack
permissions:
contents: read
packages: write
steps:
- name: Setup .NET
uses: actions/setup-dotnet@v5
with:
dotnet-version: 10.0.x
- name: Download package artifacts
uses: actions/download-artifact@v5
with:
name: packages
path: ./packages
- name: Show downloaded packages
run: ls -la ./packages || true
# 使用仓库内建的 GITHUB_TOKEN 配置 GitHub Packages NuGet 源。
- name: Configure GitHub Packages source
run: |
set -e
dotnet nuget add source "https://nuget.pkg.github.com/${{ github.repository_owner }}/index.json" \
--name github \
--username "${{ github.repository_owner }}" \
--password "${{ github.token }}" \
--store-password-in-clear-text
- name: Push all packages to GitHub Packages
run: |
set -e
pushed_any=false
for PKG in ./packages/*.nupkg; do
[ -f "$PKG" ] || continue
pushed_any=true
echo "Pushing $PKG to GitHub Packages..."
dotnet nuget push "$PKG" \
--source github \
--skip-duplicate
done
if [ "$pushed_any" = false ]; then
echo "No packages found to push."
fi
create-release:
name: Create GitHub Release
runs-on: ubuntu-latest
needs:
- build-pack
- publish-nuget
- publish-github-packages
if: ${{ always() && needs.build-pack.result == 'success' }}
permissions:
contents: write
packages: read
steps:
- name: Download package artifacts
uses: actions/download-artifact@v5
with:
name: packages
path: ./packages
# 无论某一侧包源发布是否失败,都继续创建 Release。
# 合规工件由独立 workflow 生成,当前发布流不再假设这些文件在同一次运行中可用。
- name: Create GitHub Release and Upload Assets
uses: softprops/action-gh-release@v2
with:
generate_release_notes: true
name: "Release ${{ github.ref_name }}"
body: |
Release created by CI for tag ${{ github.ref_name }}
Package version: ${{ needs.build-pack.outputs.package_version }}
draft: false
prerelease: false
files: |
./packages/*.nupkg
env:
GITHUB_TOKEN: ${{ github.token }}
Reference in New Issue View Git Blame Copy Permalink