Skip to content

Build and publish Maester to PowerShell Gallery #16

Build and publish Maester to PowerShell Gallery

Build and publish Maester to PowerShell Gallery #16

name: Create PowerShell module release artifacts and publish them to GitHub and PowerShell Gallery
on:
workflow_dispatch:
jobs:
CreateRelease:
runs-on: windows-latest
permissions:
id-token: write
contents: write
steps:
- uses: actions/checkout@v3
- name: Get PowerShell module version
id: moduleversion
shell: pwsh
run: |
$ModuleRoot = "$($env:GITHUB_WORKSPACE)/powershell"
$ManfifestPath = "$($ModuleRoot)/maester.psd1"
if ( -not (Test-Path $ManfifestPath )) {
Write-Error "Could not find PowerShell module manifest ($ManfifestPath)"
throw
} else {
$CurrentVersion = Import-PowerShellDataFile $ManfifestPath | Select-Object -ExpandProperty ModuleVersion
Add-Content -Path $env:GITHUB_OUTPUT -Value "tag=$CurrentVersion"
}
- name: Azure CLI login
uses: azure/login@v1
with:
tenant-id: ${{ vars.TENTANT_ID }}
client-id: ${{ vars.CLIENT_ID }}
allow-no-subscriptions: true
- name: Azure CLI get token
run: |
$kv_token=$(az account get-access-token --scope https://vault.azure.net/.default --query accessToken --output tsv)
echo "::add-mask::$kv_token"
echo "CODE_SIGN_AKV_ACCESS_TOKEN=$kv_token" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
- name: Install AzureSignTool
run: dotnet tool install --no-cache --global AzureSignTool
- name: Sign PowerShell module
id: module-signing
shell: pwsh
run: |
Get-ChildItem ${{ github.workspace }}/powershell -Recurse -Force -Filter *.ps* | Select-Object -ExpandProperty FullName | Out-File -FilePath ./signfiles.txt
azuresigntool.exe sign --verbose `
--azure-key-vault-url "${{ secrets.CODE_SIGN_KEYVAULT }}" `
--azure-key-vault-accesstoken ${{ env.CODE_SIGN_AKV_ACCESS_TOKEN }} `
--azure-key-vault-certificate "${{ vars.CODE_SIGN_CERTIFICATENAME }}" `
--timestamp-rfc3161 "http://timestamp.digicert.com" `
--input-file-list ./signfiles.txt
Copy-Item ${{ github.workspace }}/powershell -Recurse -Destination ${{ github.workspace }}/maester/ -Force
- name: Update PowerShell Module to PowerShell Gallery
id: publish-to-gallery
shell: pwsh
run: |
Publish-Module -Path ${{ github.workspace }}/maester -NuGetApiKey ${{ secrets.PS_GALLERY_KEY }}
- name: Build PowerShell module for GitHub
id: module-creation
shell: pwsh
run: |
Compress-Archive -Path ${{ github.workspace }}/maester/* -DestinationPath ${{ github.workspace }}/maester.zip
- name: Create release
uses: ncipollo/release-action@v1
with:
artifacts: "maester.zip"
replacesArtifacts: true
allowUpdates: true
generateReleaseNotes: true
makeLatest: legacy
prerelease: false
tag: ${{ steps.moduleversion.outputs.tag }}
commit: ${{ github.sha }}