.github/workflows/ci.yml

name: ci

on:
  push:
    branches: [ main, v* ]
  pull_request:
    branches: [ main, v* ]
  workflow_dispatch:

jobs:
  windows-x64:
    runs-on: ${{ matrix.os }}-latest
    strategy:
      matrix:
        architecture: [ x64 ]
        configuration: [ debug, release ]
        os: [ windows ]
    steps:
    - uses: actions/checkout@v4
    - run: ./scripts/cibuild.cmd -configuration ${{ matrix.configuration }} -architecture ${{ matrix.architecture }}
      shell: cmd
    - uses: actions/upload-artifact@v4
      with:
        name: ${{ matrix.os }}_${{ matrix.configuration }}_${{ matrix.architecture }}
        path: |
          ./artifacts/bin/**/*
          ./artifacts/log/**/*
          ./artifacts/pkg/**/*
          ./artifacts/tst/**/*
        if-no-files-found: error
  build-nuget-preview:
    runs-on: windows-latest
    steps:
    - uses: actions/checkout@v4
    - run: ./scripts/cibuild.cmd -configuration release -architecture x64
      shell: cmd
      env:
        EXCLUDE_RUN_ID_FROM_PACKAGE: true
        EXCLUDE_SUFFIX_FROM_VERSION: false
    - uses: actions/upload-artifact@v4
      with:
        name: nuget_preview
        path: |
          ./artifacts/bin/**/*
          ./artifacts/log/**/*
          ./artifacts/pkg/**/*
          ./artifacts/tst/**/*
        if-no-files-found: error
  sign-nuget-preview:
    runs-on: windows-latest
    if: ${{ github.event_name == 'push' }}
    needs: [ build-nuget-preview ]
    permissions:
      id-token: write
    steps:
    - uses: actions/checkout@v4
    - uses: actions/download-artifact@v4
      with:
        name: nuget_preview
        path: ./artifacts
    - uses: actions/setup-dotnet@v4
      with:
        global-json-file: ./global.json
    - run: dotnet tool install --tool-path ./artifacts/tools sign --version 0.9.1-beta.23530.1
    - run: ./artifacts/tools/sign code azure-key-vault "**/*.nupkg" --timestamp-url "http://timestamp.digicert.com" --base-directory "${{ github.workspace }}/artifacts/pkg" --file-list "${{ github.workspace }}/scripts/SignClientFileList.txt" --publisher-name "TerraFX" --description "TerraFX.Interop.Windows" --description-url "https://github.com/terrafx/terrafx.interop.windows" --azure-key-vault-certificate "${{ secrets.SC_KEY_VAULT_CERTIFICATE_ID }}" --azure-key-vault-client-id "${{ secrets.SC_AZURE_CLIENT_ID }}" --azure-key-vault-client-secret "${{ secrets.SC_AZURE_CLIENT_SECRET }}" --azure-key-vault-tenant-id "${{ secrets.SC_AZURE_TENANT_ID }}" --azure-key-vault-url "${{ secrets.SC_KEY_VAULT_URL }}"
    - uses: actions/upload-artifact@v4
      with:
        name: sign_nuget_preview
        path: |
          ./artifacts/pkg/**/*
        if-no-files-found: error
  build-nuget-release:
    runs-on: windows-latest
    steps:
    - uses: actions/checkout@v4
    - run: ./scripts/cibuild.cmd -configuration release -architecture x64
      shell: cmd
      env:
        EXCLUDE_RUN_ID_FROM_PACKAGE: true
        EXCLUDE_SUFFIX_FROM_VERSION: true
    - uses: actions/upload-artifact@v4
      with:
        name: nuget_release
        path: |
          ./artifacts/bin/**/*
          ./artifacts/log/**/*
          ./artifacts/pkg/**/*
          ./artifacts/tst/**/*
        if-no-files-found: error
  sign-nuget-release:
    runs-on: windows-latest
    if: ${{ github.event_name == 'push' }}
    needs: [ build-nuget-release ]
    permissions:
      id-token: write
    steps:
    - uses: actions/checkout@v4
    - uses: actions/download-artifact@v4
      with:
        name: nuget_release
        path: ./artifacts
    - uses: actions/setup-dotnet@v4
      with:
        global-json-file: ./global.json
    - run: dotnet tool install --tool-path ./artifacts/tools sign --version 0.9.1-beta.23530.1
    - run: ./artifacts/tools/sign code azure-key-vault "**/*.nupkg" --timestamp-url "http://timestamp.digicert.com" --base-directory "${{ github.workspace }}/artifacts/pkg" --file-list "${{ github.workspace }}/scripts/SignClientFileList.txt" --publisher-name "TerraFX" --description "TerraFX.Interop.Windows" --description-url "https://github.com/terrafx/terrafx.interop.windows" --azure-key-vault-certificate "${{ secrets.SC_KEY_VAULT_CERTIFICATE_ID }}" --azure-key-vault-client-id "${{ secrets.SC_AZURE_CLIENT_ID }}" --azure-key-vault-client-secret "${{ secrets.SC_AZURE_CLIENT_SECRET }}" --azure-key-vault-tenant-id "${{ secrets.SC_AZURE_TENANT_ID }}" --azure-key-vault-url "${{ secrets.SC_KEY_VAULT_URL }}"
    - uses: actions/upload-artifact@v4
      with:
        name: sign_nuget_release
        path: |
          ./artifacts/pkg/**/*
        if-no-files-found: error
  publish-nightlies-azure:
    runs-on: ubuntu-latest
    if: ${{ github.event_name == 'push' }}
    needs: [ windows-x64, sign-nuget-preview, sign-nuget-release ]
    steps:
    - uses: actions/download-artifact@v4
      with:
        name: windows_release_x64
        path: ./artifacts
    - uses: actions/setup-dotnet@v4
      with:
        dotnet-version: '8.0.x'
        source-url: https://pkgs.terrafx.dev/index.json
      env:
        NUGET_AUTH_TOKEN: ${{ secrets.AZURE_DEVOPS_PAT }}
    - run: dotnet nuget push "./artifacts/pkg/Release/*.nupkg" --api-key AzureDevOps --skip-duplicate
  publish-nightlies-github:
    runs-on: ubuntu-latest
    if: ${{ github.event_name == 'push' }}
    needs: [ windows-x64, sign-nuget-preview, sign-nuget-release ]
    steps:
    - uses: actions/download-artifact@v4
      with:
        name: windows_release_x64
        path: ./artifacts
    - uses: actions/setup-dotnet@v4
      with:
        dotnet-version: '8.0.x'
    - run: dotnet nuget push "./artifacts/pkg/Release/*.nupkg" --source https://nuget.pkg.github.com/terrafx/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate