Update Initialize-UcmRequirements.ps1 #35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Deploy Main to PsGallery' | |
| on: | |
| push: | |
| pull_request: | |
| branches: dev | |
| env: | |
| ARTIFACT_NAME: PowerShell.Workflows.ScriptSigning | |
| jobs: | |
| sign_scripts: | |
| name: Deploy to PS Gallery | |
| runs-on: windows-2019 | |
| steps: | |
| - name: Import code signing certificate | |
| shell: powershell | |
| run: | | |
| $pfxCertFilePath = Join-Path -Path $PSScriptRoot -ChildPath "CodeSigningCertificate.pfx" | |
| Set-Content -Value $([System.Convert]::FromBase64String($env:BASE64_PFX)) -Path $pfxCertFilePath -Encoding Byte | |
| $codeSigningCert = Import-PfxCertificate -FilePath $pfxCertFilePath -Password $($env:PFX_PASSWORD | ConvertTo-SecureString -AsPlainText -Force) -CertStoreLocation Cert:\CurrentUser\My | |
| env: | |
| BASE64_PFX: ${{ secrets.BASE64_PFX }} | |
| PFX_PASSWORD: ${{ secrets.PFX_PASSWORD }} | |
| - name: Check out repository | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.head_ref }} # checkout the correct branch name | |
| fetch-depth: 0 # fetch the whole repo history | |
| - name: Sign PowerShell scripts | |
| shell: powershell | |
| run: | | |
| # remove git dir from checked out repo | |
| Get-ChildItem -Path "." -Filter ".git*" -Force | ForEach-Object {Remove-Item -Path $_.FullName -Recurse -Force} | |
| $scripts = Get-ChildItem -Path ./public -Filter "*.ps1" -Recurse -ErrorAction Stop | |
| # load cert | |
| $codeSigningCert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1 | |
| foreach ($script in $scripts) { | |
| try { | |
| $scriptContent = Get-Content -Path $script.FullName | |
| Write-Output "Signing script `"$($script.Name)`" with certificate `"$($codeSigningCert.Thumbprint)`"" | |
| # sign script | |
| $null = Set-AuthenticodeSignature -Certificate $codeSigningCert -FilePath $script.FullName -TimestampServer "http://timestamp.comodoca.com/rfc3161" | |
| } | |
| catch { | |
| Write-Error $_ | |
| } | |
| } | |
| - name: Build Module | |
| shell: powershell | |
| run: ./build_scripts/build.ps1 | |
| - name: Test Module | |
| shell: powershell | |
| run: Test-ModuleManifest -Path ".\UcmPSTools.psd1" | |
| - name: Publish Dev Module | |
| if: ${{ github.ref == 'refs/heads/dev' }} | |
| shell: powershell | |
| env: | |
| PSGALLERYAPIKEY: ${{ secrets.PSGALLERYAPIKEY }} | |
| run: | | |
| #Set PreRelease Flag | |
| $PSDContent = Get-Content -Path ./UcmPSTools.psd1 -Raw | |
| $PSDContent = $PSDContent -replace "<PreReleaseToken>", "alpha" | |
| $PSDContent | Set-Content -Path ./UcmPSTools.psd1 | |
| Publish-Module -NuGetApiKey $env:PSGALLERYAPIKEY -path ./ | |
| - name: Publish RC Module | |
| if: ${{ github.ref == 'refs/heads/rc' }} | |
| shell: powershell | |
| env: | |
| PSGALLERYAPIKEY: ${{ secrets.PSGALLERYAPIKEY }} | |
| run: | | |
| #Set PreRelease Flag | |
| $PSDContent = Get-Content -Path ./UcmPSTools.psd1 -Raw | |
| $PSDContent = $PSDContent -replace "<PreReleaseToken>", "ReleaseCandidate" | |
| $PSDContent | Set-Content -Path ./UcmPSTools.psd1 | |
| Publish-Module -NuGetApiKey $env:PSGALLERYAPIKEY -path ./ | |
| - name: Publish Public Module | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| shell: powershell | |
| env: | |
| PSGALLERYAPIKEY: ${{ secrets.PSGALLERYAPIKEY }} | |
| run: | | |
| #remove pre-release flags from PSD1 | |
| $PSDContent = Get-Content -Path ./UcmPSTools.psd1 -Raw | |
| $PSDContent = $PSDContent -replace "Prerelease = '<PreReleaseToken>'", "" | |
| $PSDContent | Set-Content -Path ./UcmPSTools.psd1 | |
| Publish-Module -NuGetApiKey $env:PSGALLERYAPIKEY -path ./ | |