mirror of
https://github.com/Cysharp/UniTask.git
synced 2026-05-21 07:00:12 +00:00
a09a450b0f
This updates the build-release workflow to leverage OpenID Connect (OIDC) for authenticating with NuGet.org. The package push operation is now performed directly within the build job, replacing static API key usage with ephemeral credentials for enhanced security.
133 lines
4.8 KiB
YAML
133 lines
4.8 KiB
YAML
name: build-release
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
tag:
|
|
description: "tag: git tag you want create. (sample 1.0.0)"
|
|
required: true
|
|
dry-run:
|
|
description: "dry-run: true will never create relase/nuget."
|
|
required: true
|
|
default: false
|
|
type: boolean
|
|
|
|
jobs:
|
|
update-packagejson:
|
|
permissions:
|
|
actions: read
|
|
contents: write
|
|
uses: Cysharp/Actions/.github/workflows/update-packagejson.yaml@main
|
|
with:
|
|
file-path: ./src/UniTask/Assets/Plugins/UniTask/package.json
|
|
tag: ${{ inputs.tag }}
|
|
dry-run: ${{ inputs.dry-run }}
|
|
|
|
build-dotnet:
|
|
needs: [update-packagejson]
|
|
permissions:
|
|
contents: read
|
|
runs-on: ubuntu-24.04
|
|
timeout-minutes: 10
|
|
steps:
|
|
- run: echo ${{ needs.update-packagejson.outputs.sha }}
|
|
- uses: Cysharp/Actions/.github/actions/checkout@main
|
|
with:
|
|
ref: ${{ needs.update-packagejson.outputs.sha }}
|
|
- uses: Cysharp/Actions/.github/actions/setup-dotnet@main
|
|
# build and pack
|
|
- run: dotnet build -c Release -p:Version=${{ inputs.tag }}
|
|
- run: dotnet test -c Release --no-build
|
|
- run: dotnet pack ./src/UniTask.NetCore/UniTask.NetCore.csproj -c Release --no-build -p:Version=${{ inputs.tag }} -o ./publish
|
|
# Store artifacts.
|
|
- uses: Cysharp/Actions/.github/actions/upload-artifact@main
|
|
with:
|
|
name: nuget
|
|
path: ./publish/
|
|
retention-days: 1
|
|
# push nuget
|
|
- name: NuGet login (OIDC)
|
|
uses: NuGet/login@8d196754b4036150537f80ac539e15c2f1028841 # v1.2.0
|
|
id: login
|
|
with:
|
|
user: ${{ secrets.NUGET_USER }}
|
|
- run: dotnet nuget push "./publish/*.nupkg" --skip-duplicate -s https://api.nuget.org/v3/index.json -k "${NUGET_KEY}"
|
|
if: ${{ !inputs.dry-run }}
|
|
env:
|
|
NUGET_KEY: ${{ steps.login.outputs.NUGET_API_KEY }}
|
|
|
|
build-unity:
|
|
needs: [update-packagejson]
|
|
strategy:
|
|
matrix:
|
|
unity: ["2022.3.39f1"]
|
|
permissions:
|
|
contents: read
|
|
runs-on: ubuntu-24.04
|
|
timeout-minutes: 15
|
|
steps:
|
|
- name: Load secrets
|
|
id: op-load-secret
|
|
uses: 1password/load-secrets-action@581a835fb51b8e7ec56b71cf2ffddd7e68bb25e0 # v2.0.0
|
|
with:
|
|
export-env: false
|
|
env:
|
|
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN_PUBLIC }}
|
|
UNITY_EMAIL: "op://${{ vars.OP_VAULT_ACTIONS_PUBLIC }}/UNITY_LICENSE/username"
|
|
UNITY_PASSWORD: "op://${{ vars.OP_VAULT_ACTIONS_PUBLIC }}/UNITY_LICENSE/credential"
|
|
UNITY_SERIAL: "op://${{ vars.OP_VAULT_ACTIONS_PUBLIC }}/UNITY_LICENSE/serial"
|
|
|
|
- run: echo ${{ needs.update-packagejson.outputs.sha }}
|
|
- uses: Cysharp/Actions/.github/actions/checkout@main
|
|
with:
|
|
ref: ${{ needs.update-packagejson.outputs.sha }}
|
|
# Execute scripts: Export Package
|
|
# /opt/Unity/Editor/Unity -quit -batchmode -nographics -silent-crashes -logFile -projectPath . -executeMethod PackageExporter.Export
|
|
- name: Build Unity (.unitypacakge)
|
|
uses: Cysharp/Actions/.github/actions/unity-builder@main
|
|
env:
|
|
UNITY_EMAIL: ${{ steps.op-load-secret.outputs.UNITY_EMAIL }}
|
|
UNITY_PASSWORD: ${{ steps.op-load-secret.outputs.UNITY_PASSWORD }}
|
|
UNITY_SERIAL: ${{ steps.op-load-secret.outputs.UNITY_SERIAL }}
|
|
with:
|
|
projectPath: src/UniTask
|
|
unityVersion: ${{ matrix.unity }}
|
|
targetPlatform: StandaloneLinux64
|
|
buildMethod: PackageExporter.Export
|
|
|
|
- uses: Cysharp/Actions/.github/actions/check-metas@main # check meta files
|
|
with:
|
|
directory: src/UniTask
|
|
|
|
# Store artifacts.
|
|
- uses: Cysharp/Actions/.github/actions/upload-artifact@main
|
|
with:
|
|
name: UniTask.${{ inputs.tag }}.unitypackage
|
|
path: ./src/UniTask/UniTask.${{ inputs.tag }}.unitypackage
|
|
retention-days: 1
|
|
|
|
# release
|
|
create-release:
|
|
needs: [update-packagejson, build-dotnet, build-unity]
|
|
permissions:
|
|
contents: write
|
|
id-token: write # required for NuGet Trusted Publish
|
|
uses: Cysharp/Actions/.github/workflows/create-release.yaml@main
|
|
with:
|
|
commit-id: ${{ needs.update-packagejson.outputs.sha }}
|
|
dry-run: ${{ inputs.dry-run }}
|
|
tag: ${{ inputs.tag }}
|
|
nuget-push: false
|
|
release-upload: true
|
|
release-asset-path: ./UniTask.${{ inputs.tag }}.unitypackage/UniTask.${{ inputs.tag }}.unitypackage
|
|
secrets: inherit
|
|
|
|
cleanup:
|
|
if: ${{ needs.update-packagejson.outputs.is-branch-created == 'true' }}
|
|
needs: [update-packagejson, build-dotnet, build-unity]
|
|
permissions:
|
|
contents: write
|
|
uses: Cysharp/Actions/.github/workflows/clean-packagejson-branch.yaml@main
|
|
with:
|
|
branch: ${{ needs.update-packagejson.outputs.branch-name }}
|