chore: add community health files (#43) #112
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI / Release | |
| on: | |
| push: | |
| branches: [main] | |
| tags: ['v*.*.*'] | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| contents: write # needed to create GitHub Releases | |
| jobs: | |
| build: | |
| runs-on: windows-latest | |
| env: | |
| # Expose as env var so it can be used in step `if:` conditions | |
| # (secrets context is not allowed directly in if expressions) | |
| HAS_SIGNING: ${{ secrets.AZURE_TENANT_ID != '' }} | |
| steps: | |
| # ── Checkout ──────────────────────────────────────────────────────────── | |
| - uses: actions/checkout@v4 | |
| # ── .NET 10 ───────────────────────────────────────────────────────────── | |
| - name: Setup .NET 10 | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: '10.x' | |
| # ── Guard: WiX must reference every file in src/CodeShellManager/Assets. | |
| # Portable ZIP ships the whole publish output, so this only bites MSI users | |
| # (e.g. v0.4.1 silently dropped terminal-init.js → blank terminals). | |
| - name: Verify WiX manifest covers all Assets files | |
| shell: pwsh | |
| run: | | |
| $assetFiles = (Get-ChildItem 'src/CodeShellManager/Assets' -File).Name | Sort-Object | |
| $wxs = Get-Content 'installer/CodeShellManager.wxs' -Raw | |
| $matches = [regex]::Matches($wxs, '\$\(var\.PublishDir\)\\Assets\\([^"]+)') | |
| $wxsRefs = ($matches | ForEach-Object { $_.Groups[1].Value } | Sort-Object -Unique) | |
| $diff = Compare-Object $assetFiles $wxsRefs | |
| if ($diff) { | |
| Write-Host "::error::installer/CodeShellManager.wxs is out of sync with src/CodeShellManager/Assets/" | |
| $diff | ForEach-Object { | |
| $side = if ($_.SideIndicator -eq '<=') { 'missing from WiX' } else { 'not present in Assets/' } | |
| Write-Host " $($_.InputObject) — $side" | |
| } | |
| exit 1 | |
| } | |
| Write-Host "WiX/Assets in sync ($($assetFiles.Count) files)" | |
| # ── Build (every push / PR) ────────────────────────────────────────────── | |
| - name: Restore & Build | |
| run: dotnet build src/CodeShellManager/CodeShellManager.csproj -c Release | |
| # ════════════════════════════════════════════════════════════════════════ | |
| # Everything below only runs when a version tag is pushed (e.g. v1.2.3) | |
| # ════════════════════════════════════════════════════════════════════════ | |
| - name: Extract version from tag | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| id: ver | |
| shell: pwsh | |
| run: | | |
| $version = "${{ github.ref_name }}".TrimStart('v') | |
| "version=$version" | Out-File -FilePath $env:GITHUB_OUTPUT -Append | |
| Write-Host "Building version $version" | |
| # ── Publish: self-contained single-file win-x64 ────────────────────────── | |
| - name: Publish | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| shell: pwsh | |
| run: | | |
| dotnet publish src/CodeShellManager/CodeShellManager.csproj ` | |
| -c Release ` | |
| -r win-x64 ` | |
| --self-contained true ` | |
| -p:PublishSingleFile=true ` | |
| -p:IncludeNativeLibrariesForSelfExtract=true ` | |
| -p:Version=${{ steps.ver.outputs.version }} ` | |
| -o publish | |
| # Ensure Assets are always present as loose files alongside the exe | |
| # (ExcludeFromSingleFile handles this, but belt-and-suspenders for SDK quirks) | |
| Copy-Item -Path src/CodeShellManager/Assets -Destination publish/Assets -Recurse -Force | |
| # ── Install WiX v4 ─────────────────────────────────────────────────────── | |
| - name: Install WiX toolset v4 (last open-source release) | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| shell: pwsh | |
| run: | | |
| dotnet tool install --global wix --version "4.0.5" | |
| wix extension add --global WixToolset.UI.wixext/4.0.5 | |
| # ── Sign exe (Azure Trusted Signing) ──────────────────────────────────── | |
| # Requires these GitHub secrets to be set on the repo: | |
| # AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET | |
| # AZURE_SIGNING_ENDPOINT (e.g. https://eus.codesigning.azure.net/) | |
| # AZURE_SIGNING_ACCOUNT (your Trusted Signing account name) | |
| # AZURE_SIGNING_PROFILE (your certificate profile name) | |
| # | |
| # Setup guide: https://learn.microsoft.com/azure/trusted-signing/quickstart | |
| - name: Sign executable (Azure Trusted Signing) | |
| if: startsWith(github.ref, 'refs/tags/v') && env.HAS_SIGNING == 'true' | |
| uses: azure/trusted-signing-action@v0.5.0 | |
| with: | |
| azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| endpoint: ${{ secrets.AZURE_SIGNING_ENDPOINT }} | |
| trusted-signing-account-name: ${{ secrets.AZURE_SIGNING_ACCOUNT }} | |
| certificate-profile-name: ${{ secrets.AZURE_SIGNING_PROFILE }} | |
| files-folder: publish | |
| files-folder-filter: exe | |
| file-digest: SHA256 | |
| timestamp-rfc3161: http://timestamp.acs.microsoft.com | |
| timestamp-digest: SHA256 | |
| # ── Build MSI ──────────────────────────────────────────────────────────── | |
| - name: Build MSI installer | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| shell: pwsh | |
| run: | | |
| New-Item -ItemType Directory -Force dist | Out-Null | |
| wix build installer/CodeShellManager.wxs ` | |
| -d Version=${{ steps.ver.outputs.version }} ` | |
| -d PublishDir=publish ` | |
| -ext WixToolset.UI.wixext ` | |
| -arch x64 ` | |
| -o "dist/CodeShellManager-${{ steps.ver.outputs.version }}-Setup.msi" | |
| # ── Sign MSI (Azure Trusted Signing) ───────────────────────────────────── | |
| - name: Sign MSI (Azure Trusted Signing) | |
| if: startsWith(github.ref, 'refs/tags/v') && env.HAS_SIGNING == 'true' | |
| uses: azure/trusted-signing-action@v0.5.0 | |
| with: | |
| azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| endpoint: ${{ secrets.AZURE_SIGNING_ENDPOINT }} | |
| trusted-signing-account-name: ${{ secrets.AZURE_SIGNING_ACCOUNT }} | |
| certificate-profile-name: ${{ secrets.AZURE_SIGNING_PROFILE }} | |
| files-folder: dist | |
| files-folder-filter: msi | |
| file-digest: SHA256 | |
| timestamp-rfc3161: http://timestamp.acs.microsoft.com | |
| timestamp-digest: SHA256 | |
| # ── Create portable ZIP ────────────────────────────────────────────────── | |
| - name: Create portable ZIP | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| shell: pwsh | |
| run: | | |
| Remove-Item publish\*.pdb -ErrorAction SilentlyContinue | |
| Compress-Archive -Path publish\* ` | |
| -DestinationPath "dist/CodeShellManager-${{ steps.ver.outputs.version }}-win-x64.zip" | |
| # ── Create GitHub Release ──────────────────────────────────────────────── | |
| - name: Create GitHub Release | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| generate_release_notes: true | |
| files: | | |
| dist/*.msi | |
| dist/*.zip |