ci: add artifact attestation to ci.yml #255
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Test | |
| on: | |
| workflow_call: | |
| inputs: | |
| attestation: | |
| type: boolean | |
| description: 'Attest artifacts' | |
| required: false | |
| default: false | |
| outputs: | |
| version_number: | |
| description: "Build version number" | |
| value: ${{ jobs.build.outputs.version_number }} | |
| setup_attestation_url: | |
| description: "Setup attestation url" | |
| value: ${{ jobs.build.outputs.setup_attestation_url }} | |
| sbom_framework_dependent_attestation_url: | |
| description: "SBOM framework dependent attestation url" | |
| value: ${{ jobs.build.outputs.sbom_framework_dependent_attestation_url }} | |
| sbom_standalone_attestation_url: | |
| description: "SBOM standalone attestation url" | |
| value: ${{ jobs.build.outputs.sbom_standalone_attestation_url }} | |
| push: | |
| branches: [ master ] | |
| paths: | |
| - 'AutoStartConfirm/**' | |
| - 'AutoStartConfirmLib/**' | |
| - 'AutoStartConfirmSetup/**' | |
| - 'AutoStartConfirmTests/**' | |
| - '.github/workflows/**' | |
| pull_request: | |
| branches: [ master ] | |
| paths: | |
| - 'AutoStartConfirm/**' | |
| - 'AutoStartConfirmLib/**' | |
| - 'AutoStartConfirmSetup/**' | |
| - 'AutoStartConfirmTests/**' | |
| - '.github/workflows/**' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| attestations: write | |
| jobs: | |
| build: | |
| runs-on: windows-latest | |
| outputs: | |
| version_number: ${{ steps.get-version-number.outputs.version_number }} | |
| setup_attestation_url: ${{ steps.setup-attestation.outputs.attestation-url }} | |
| sbom_framework_dependent_attestation_url: ${{ steps.sbom-framework-dependent-attestation.outputs.attestation-url }} | |
| sbom_standalone_attestation_url: ${{ steps.sbom-standalone-attestation.outputs.attestation-url }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup MSBuild | |
| uses: microsoft/setup-msbuild@v2 | |
| - name: Setup VSTest | |
| uses: darenm/Setup-VSTest@v1 | |
| - name: Setup NuGet | |
| uses: NuGet/setup-nuget@v2 | |
| - name: Setup Wix | |
| run: dotnet tool install --global wix | |
| - uses: actions/cache@v4 | |
| name: Restore NuGet cache | |
| with: | |
| path: ~/.nuget/packages | |
| key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-nuget- | |
| - uses: actions/cache@v4 | |
| name: Restore Licenses cache | |
| with: | |
| path: AutoStartConfirmLib/Licenses | |
| key: ${{ runner.os }}-licenses-${{ hashFiles('AutoStartConfirmLib/packages.lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-licenses- | |
| - name: Restore NuGet packages | |
| run: nuget restore AutoStartConfirm.sln | |
| - name: Install 3rd party licenses downloader | |
| run: dotnet tool install --global dotnet-project-licenses | |
| - name: Download 3rd party licenses | |
| run: if (-not (Test-Path AutoStartConfirmLib\Licenses)) {dotnet-project-licenses -i AutoStartConfirmLib -o AutoStartConfirmLib\Licenses --timeout 60 -e -c -f AutoStartConfirmLib\Licenses -u --outfile Licenses.txt --log-level Verbose} | |
| - name: Build product | |
| run: msbuild build/Daily.targets /property:Configuration=Release | |
| - name: Get version number | |
| id: get-version-number | |
| working-directory: .\build\publish\Release_FrameworkDependent_win-x64 | |
| run: | | |
| $versionNumber=(Get-Item ".\AutoStartConfirm.exe" | Select-Object -ExpandProperty VersionInfo).FileVersion | |
| "version_number=$versionNumber" >> $env:GITHUB_OUTPUT | |
| shell: pwsh | |
| - name: Restore tests | |
| run: dotnet restore AutoStartConfirmTests\AutoStartConfirmTests.csproj | |
| - name: Build tests | |
| run: msbuild AutoStartConfirmTests\AutoStartConfirmTests.csproj -p:Configuration=Release -p:Platform=x64 -p:PublishReadyToRun=false -p:OutputPath="bin/x64/Release/win-x64/" | |
| - name: Test solution | |
| run: vstest.console.exe /Platform:x64 "AutoStartConfirmTests\bin\x64\Release\win-x64\AutoStartConfirmTests.dll" | |
| - uses: actions/upload-artifact@v4 | |
| name: Upload artifacts | |
| with: | |
| name: AutoStartConfirmSetup | |
| path: build\publish\*.msi | |
| if-no-files-found: error | |
| - name: Generate framework dependent SBOM | |
| uses: anchore/sbom-action@v0 | |
| with: | |
| artifact-name: FrameworkDependent.sbom.spdx.json | |
| output-file: FrameworkDependent.sbom.spdx.json | |
| file: ./Build/publish/Release_FrameworkDependent_win-x64/AutoStartConfirm.deps.json | |
| - name: Generate standalone SBOM | |
| uses: anchore/sbom-action@v0 | |
| with: | |
| artifact-name: Standalone.sbom.spdx.json | |
| output-file: Standalone.sbom.spdx.json | |
| file: ./Build/publish/Release_Standalone_win-x64/AutoStartConfirm.deps.json | |
| - name: Generate artifact attestation | |
| if: ${{ inputs.attestation }} | |
| id: setup-attestation | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-path: build\publish\*.msi | |
| - name: Generate framework dependent SBOM attestation | |
| if: ${{ inputs.attestation }} | |
| id: sbom-framework-dependent-attestation | |
| uses: actions/attest-sbom@v1 | |
| with: | |
| subject-path: build\publish\AutoStartConfirmSetup_FrameworkDependent.msi | |
| sbom-path: FrameworkDependent.sbom.spdx.json | |
| - name: Generate standalone SBOM attestation | |
| if: ${{ inputs.attestation }} | |
| id: sbom-standalone-attestation | |
| uses: actions/attest-sbom@v1 | |
| with: | |
| subject-path: build\publish\AutoStartConfirmSetup_Standalone.msi | |
| sbom-path: Standalone.sbom.spdx.json |