Skip to content

publish-module

publish-module #59

name: publish-module
on:
workflow_dispatch:
permissions:
id-token: write
contents: write
checks: write
actions: read
pull-requests: write
statuses: write
jobs:
build-validation:
uses: ./.github/workflows/build-validation.yaml
create-release:
# needs: build-validation
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
- name: Package ./tests to PowerShell module
id: package-tests
shell: pwsh
run: ./build/Copy-MaesterTestsToPSModule.ps1 -Force
- name: Set module version
id: moduleversion
shell: pwsh
run: ./.github/workflows/minor-version-update.ps1
- name: Azure CLI login
uses: azure/login@v1
with:
tenant-id: ${{ vars.TENTANT_ID }}
client-id: ${{ vars.CLIENT_ID }}
allow-no-subscriptions: true
- name: Azure CLI get token
run: |
$kv_token=$(az account get-access-token --scope https://vault.azure.net/.default --query accessToken --output tsv)
echo "::add-mask::$kv_token"
echo "CODE_SIGN_AKV_ACCESS_TOKEN=$kv_token" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
- name: Install AzureSignTool
run: dotnet tool install --no-cache --global AzureSignTool
- name: Sign PowerShell module
id: module-signing
shell: pwsh
run: |
Get-ChildItem ${{ github.workspace }}/powershell -Recurse -Force -Filter *.ps* | Select-Object -ExpandProperty FullName | Out-File -FilePath ./signfiles.txt
azuresigntool.exe sign --verbose `
--azure-key-vault-url "${{ secrets.CODE_SIGN_KEYVAULT }}" `
--azure-key-vault-accesstoken ${{ env.CODE_SIGN_AKV_ACCESS_TOKEN }} `
--azure-key-vault-certificate "${{ vars.CODE_SIGN_CERTIFICATENAME }}" `
--timestamp-rfc3161 "http://timestamp.digicert.com" `
--input-file-list ./signfiles.txt
Copy-Item ${{ github.workspace }}/powershell -Recurse -Destination ${{ github.workspace }}/maester/ -Force
- name: Update PowerShell Module to PowerShell Gallery
id: publish-to-gallery
shell: pwsh
run: |
Publish-Module -Path ${{ github.workspace }}/maester -NuGetApiKey ${{ secrets.PS_GALLERY_KEY }}
- name: Build PowerShell module for GitHub
id: module-creation
shell: pwsh
run: |
Compress-Archive -Path ${{ github.workspace }}/maester/* -DestinationPath ${{ github.workspace }}/maester.zip
- name: Create release
uses: ncipollo/release-action@v1
with:
artifacts: "maester.zip"
replacesArtifacts: true
allowUpdates: true
generateReleaseNotes: true
makeLatest: legacy
prerelease: false
tag: ${{ steps.moduleversion.outputs.tag }}
commit: ${{ github.sha }}