Skip to content

fix PSAnalyzer remediations #50

fix PSAnalyzer remediations

fix PSAnalyzer remediations #50

name: Create release
defaults:
run:
shell: powershell
on:
push:
paths:
- 'Scripts/**'
- 'Tools/**'
branches: [ master ]
jobs:
new-version:
environment: release
name: Bump version
if: "!contains(github.event.head_commit.message, '[no release]')"
runs-on: windows-2019
permissions:
# needed to create a release
contents: write
outputs:
previous_tag: ${{ steps.bump.outputs.previous_tag }}
new_tag: ${{ steps.bump.outputs.new_tag }}
steps:
- uses: actions/checkout@v3
- id: bump
name: Bump version
run: |
$today = Get-Date
$newVersion = @($today.ToString("yy"), $today.ToString("MM"), "1")
git fetch --tags
# Get the latest tag that matches our versioning schema (starts with letter v)
$hash = git rev-list --tags=v* --topo-order --max-count=1
if($hash) {
$currentTag = git describe --tags $hash
$parts = $currentTag.Substring(1) -split '\.'
if($parts[1] -eq $today.ToString("MM") -and $parts[0] -eq $today.ToString("yy")) { $newVersion[2] = ([int]$parts[2] + 1).ToString("0") }
}
$newTag = "v" + ($newVersion -join ".")
git tag $newTag
if(-not $?) {
throw "Tagging of new release version failed!"
}
git push origin $newTag
"New version: $newTag"
echo "previous_tag=$currentTag" >> $env:GITHUB_OUTPUT
echo "new_tag=$newTag" >> $env:GITHUB_OUTPUT
new-release:
name: Create release
if: "!contains(github.event.head_commit.message, '[no release]')"
runs-on: self-hosted
permissions:
# needed to create a release
contents: write
needs: new-version
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Build and sign release scripts
shell: pwsh
env:
SIGN_SCRIPT_URI: ${{ secrets.SIGN_SCRIPT_URI }}
CLIENT_ID: ${{ secrets.CLIENT_ID }} # just to obfusctate it in the output
run: |
./build.ps1 -Version ${{ needs.new-version.outputs.new_tag }} -SignScripts $true -SignScriptUri $env:SIGN_SCRIPT_URI -ClientId $env:CLIENT_ID
Move-Item ./Release.zip mslab_${{ needs.new-version.outputs.new_tag }}.zip
- name: Create changelog
id: changelog
shell: powershell
run: |
if("${{ needs.new-version.outputs.previous_tag }}" -ne "") {
$changelog = (& { git log ${{ needs.new-version.outputs.previous_tag }}..HEAD --pretty=format:'- %s (%h)' --abbrev-commit -- Scripts Tools }) -join "`n"
"Changes for ${{ needs.new-version.outputs.previous_tag }} are:"
$changelog
} else {
$changelog = ""
}
$changeLogContent = @"
:package: MSLab scripts are in **[mslab_${{ needs.new-version.outputs.new_tag }}.zip](${{ github.server_url }}/${{ github.repository }}/releases/download/${{ needs.new-version.outputs.new_tag }}/mslab_${{ needs.new-version.outputs.new_tag }}.zip)** file.
:information_source: Remaining `.ps1` files in this release would be downloaded on-demand by MSLab scripts during deployment, only if needed.
"@
if($changelog -ne "") {
$changeLogContent += @"
## Changes in this version
$changelog
"@
}
Set-Content -Value $changeLogContent -Path .\changelog.md
- name: Create new release
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ needs.new-version.outputs.new_tag }} # ${{ github.ref }}
name: MSLab ${{ needs.new-version.outputs.new_tag }} # ${{ github.ref }}
generate_release_notes: false
body_path: changelog.md
files: |
mslab_${{ needs.new-version.outputs.new_tag }}.zip
Output/Tools/*.ps1