Update Policy Results Tests to run without SetupOrg #37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release and Publish PSModule | |
on: | |
pull_request: | |
types: | |
- closed | |
paths: | |
- "PowerShell/Deploy/**" | |
- "PowerShell/JumpCloud Module/**" | |
- "PowerShell/ModuleChangelog.md" | |
branches: | |
- master | |
jobs: | |
Check-If-Merged: | |
if: github.event.pull_request.merged == true | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check if Merged | |
run: echo {GITHUB_HEAD_REF} merged into master | |
Filter-Branch: | |
runs-on: ubuntu-latest | |
if: contains(github.event.pull_request.labels.*.name, 'PowerShell Module') | |
steps: | |
- run: echo "Building JumpCloud Module Event 'JumpCloudModule_'" | |
Check-PR-Labels: | |
needs: [Filter-Branch, Check-If-Merged] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Validate-PR-Version-Labels | |
id: validate | |
shell: pwsh | |
run: | | |
$PR_LABEL_LIST=$(curl -s "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels" | jq -r '.[].name') | |
if ("PowerShell Module" -in $PR_LABEL_LIST) { | |
Write-Host "Starting Build for PowerShell Module Release" | |
} else { | |
Write-Host "Missing PowerShell Module Label, not continuing Release workflow" | |
exit 1 | |
} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
Setup-Build-Dependancies: | |
needs: ["Filter-Branch", "Check-PR-Labels"] | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup PowerShell Module Cache | |
id: cacher | |
uses: actions/cache@v3 | |
with: | |
path: "/home/runner/.local/share/powershell/Modules/" | |
key: PS-Dependancies | |
- name: Install dependencies | |
if: steps.cacher.outputs.cache-hit != 'true' | |
shell: pwsh | |
run: | | |
Set-PSRepository PSGallery -InstallationPolicy Trusted | |
If (!(Get-PackageProvider -Name:('NuGet') -ListAvailable -ErrorAction:('SilentlyContinue'))) { | |
Write-Host ('[status]Installing package provider NuGet'); | |
Install-PackageProvider -Name:('NuGet') -Scope:('CurrentUser') -Force | |
} | |
$PSDependencies = @{ | |
'PowerShellGet' = @{Repository = 'PSGallery'; RequiredVersion = '3.0.12-beta' } | |
'PackageManagement' = @{Repository = 'PSGallery'; RequiredVersion = '1.4.8.1' } | |
'PSScriptAnalyzer' = @{Repository = 'PSGallery'; RequiredVersion = '1.19.1' } | |
'PlatyPS' = @{Repository = 'PSGallery'; RequiredVersion = '0.14.2' } | |
'AWS.Tools.Common' = @{Repository = 'PSGallery'; RequiredVersion = '4.1.122' } | |
'AWS.Tools.CodeArtifact' = @{Repository = 'PSGallery'; RequiredVersion = '4.1.122' } | |
'JumpCloud.SDK.V1' = @{Repository = 'PSGallery'; RequiredVersion = '0.0.35'} | |
'JumpCloud.SDK.V2' = @{Repository = 'PSGallery'; RequiredVersion = '0.0.39'} | |
'JumpCloud.SDK.DirectoryInsights' = @{Repository = 'PSGallery'; RequiredVersion = '0.0.23'} | |
} | |
foreach ($RequiredModule in $PSDependencies.Keys) { | |
If ([System.String]::IsNullOrEmpty((Get-InstalledModule | Where-Object { $_.Name -eq $RequiredModule }))) { | |
Write-Host("[status]Installing module: '$RequiredModule'; version: $($PSDependencies[$RequiredModule].RequiredVersion) from $($PSDependencies[$RequiredModule].Repository)") | |
Install-Module -Name $RequiredModule -Repository:($($PSDependencies[$RequiredModule].Repository)) -RequiredVersion:($($PSDependencies[$RequiredModule].RequiredVersion)) -AllowPrerelease -Force | |
} | |
} | |
Build-Nuspec-Nupkg: | |
needs: Setup-Build-Dependancies | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/cache@v3 | |
with: | |
path: "/home/runner/.local/share/powershell/Modules/" | |
key: PS-Dependancies | |
- name: Build Nuspec | |
shell: pwsh | |
run: | | |
$ErrorActionPreference = 'Stop' | |
. "${{ github.workspace }}/PowerShell/Deploy/BuildNuspecFromPsd1.ps1" -RequiredModulesRepo PSGallery | |
- name: Pack nuspec | |
shell: pwsh | |
run: | | |
nuget pack "${{ github.workspace }}/PowerShell/JumpCloud Module/JumpCloud.nuspec" -Properties NoWarn=NU5111,NU5110 | |
- name: Validate NuPkg File | |
shell: pwsh | |
run: | | |
$NupkgPathDirectory = (Get-ChildItem -Path:("./*.nupkg")).Directory | |
$nupkgPath = (Get-ChildItem -Path:("./*.nupkg")).FullName | |
Write-Host "NuPkg Path: $nupkgPath" | |
mkdir $NupkgPathDirectory/nupkg_module | |
unzip $nupkgPath -d $NupkgPathDirectory/nupkg_module | |
$moduleRootFiles = Get-ChildItem -File -Path:("$NupkgPathDirectory/nupkg_module") | |
$moduleRootDirectories = Get-ChildItem -Directory -Path:("$NupkgPathDirectory/nupkg_module") | |
Write-Host "Module Files:\n$moduleRootFiles" | |
Write-Host "Module Directories:\n$moduleRootDirectories" | |
# Validate that the nuspec directory contains a Public/ Private directory | |
"Private" | should -bein $moduleRootDirectories.name | |
"Public" | should -bein $moduleRootDirectories.name | |
- name: Upload Nupkg | |
uses: ./.github/actions/upload-secure-artifact | |
with: | |
name: jumpcloud-module-nupkg | |
path: /home/runner/work/support/support/JumpCloud.*.nupkg | |
retention-days: 1 | |
Manual-Approval-Release: | |
needs: ["Check-PR-Labels", "Setup-Build-Dependancies"] | |
environment: PublishToPSGallery | |
runs-on: ubuntu-latest | |
steps: | |
- name: Manual Approval for Release | |
run: echo "Awaiting approval from required reviewers before continuing" | |
Draft-GH-Release: | |
needs: [Manual-Approval-Release] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build Draft Release | |
run: | | |
VERSION=$(grep -Po '(\d+\.\d+\.\d+)' ${{ github.workspace }}/PowerShell/JumpCloud\ Module/JumpCloud.psd1) | |
TITLE="JumpCloud PowerShell Module v$VERSION" | |
CHANGELOG=$(cat ${{ github.workspace }}/PowerShell/ModuleChangelog.md |awk "/^## $VERSION/{ f = 1; next } /## [0-9]+.[0-9]+.[0-9]+/{ f = 0 } f") | |
TAG="v$VERSION" | |
BODY="$TITLE $CHANGELOG" | |
(gh release view $TAG && echo "Release exists for $TAG") || gh release create $TAG --title "$TITLE" --notes "$BODY" --draft | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
Deploy-Nupkg: | |
needs: [Manual-Approval-Release, Build-Nuspec-Nupkg] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download nupkg artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: jumpcloud-module-nupkg | |
- name: Publish | |
shell: pwsh | |
run: | | |
# add nuget source for PSGallery: | |
dotnet nuget add source "https://www.powershellgallery.com/api/v2/package" --name PSGallery | |
# get nupkg artifact: | |
$nupkgPath = (Get-ChildItem -Path:("./*.nupkg")).FullName | |
# test | |
$nupkgPath | Should -Exist | |
Write-Host "Nupkg Artifact Restored: $nupkgPath" | |
# nuget push from here: | |
dotnet nuget push $nupkgPath --source PSGallery --api-key $env:NuGetApiKey | |
env: | |
NuGetApiKey: ${{ secrets.NUGETAPIKEY }} | |
Cleanup-Cache: | |
needs: Deploy-Nupkg | |
runs-on: ubuntu-latest | |
steps: | |
- name: Cleanup | |
run: | | |
gh extension install actions/gh-actions-cache | |
echo "Fetching list of cache key" | |
cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH -L 100 | cut -f 1 ) | |
## Setting this to not fail the workflow while deleting cache keys. | |
set +e | |
echo "Deleting caches..." | |
for cacheKey in $cacheKeysForPR | |
do | |
gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm | |
done | |
echo "Done" | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
REPO: ${{ github.repository }} | |
BRANCH: refs/pull/${{ github.event.pull_request.number }}/merge |