fix PSAnalyzer remediations #50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create release | |
defaults: | |
run: | |
shell: powershell | |
on: | |
push: | |
paths: | |
- 'Scripts/**' | |
- 'Tools/**' | |
branches: [ master ] | |
jobs: | |
new-version: | |
environment: release | |
name: Bump version | |
if: "!contains(github.event.head_commit.message, '[no release]')" | |
runs-on: windows-2019 | |
permissions: | |
# needed to create a release | |
contents: write | |
outputs: | |
previous_tag: ${{ steps.bump.outputs.previous_tag }} | |
new_tag: ${{ steps.bump.outputs.new_tag }} | |
steps: | |
- uses: actions/checkout@v3 | |
- id: bump | |
name: Bump version | |
run: | | |
$today = Get-Date | |
$newVersion = @($today.ToString("yy"), $today.ToString("MM"), "1") | |
git fetch --tags | |
# Get the latest tag that matches our versioning schema (starts with letter v) | |
$hash = git rev-list --tags=v* --topo-order --max-count=1 | |
if($hash) { | |
$currentTag = git describe --tags $hash | |
$parts = $currentTag.Substring(1) -split '\.' | |
if($parts[1] -eq $today.ToString("MM") -and $parts[0] -eq $today.ToString("yy")) { $newVersion[2] = ([int]$parts[2] + 1).ToString("0") } | |
} | |
$newTag = "v" + ($newVersion -join ".") | |
git tag $newTag | |
if(-not $?) { | |
throw "Tagging of new release version failed!" | |
} | |
git push origin $newTag | |
"New version: $newTag" | |
echo "previous_tag=$currentTag" >> $env:GITHUB_OUTPUT | |
echo "new_tag=$newTag" >> $env:GITHUB_OUTPUT | |
new-release: | |
name: Create release | |
if: "!contains(github.event.head_commit.message, '[no release]')" | |
runs-on: self-hosted | |
permissions: | |
# needed to create a release | |
contents: write | |
needs: new-version | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Build and sign release scripts | |
shell: pwsh | |
env: | |
SIGN_SCRIPT_URI: ${{ secrets.SIGN_SCRIPT_URI }} | |
CLIENT_ID: ${{ secrets.CLIENT_ID }} # just to obfusctate it in the output | |
run: | | |
./build.ps1 -Version ${{ needs.new-version.outputs.new_tag }} -SignScripts $true -SignScriptUri $env:SIGN_SCRIPT_URI -ClientId $env:CLIENT_ID | |
Move-Item ./Release.zip mslab_${{ needs.new-version.outputs.new_tag }}.zip | |
- name: Create changelog | |
id: changelog | |
shell: powershell | |
run: | | |
if("${{ needs.new-version.outputs.previous_tag }}" -ne "") { | |
$changelog = (& { git log ${{ needs.new-version.outputs.previous_tag }}..HEAD --pretty=format:'- %s (%h)' --abbrev-commit -- Scripts Tools }) -join "`n" | |
"Changes for ${{ needs.new-version.outputs.previous_tag }} are:" | |
$changelog | |
} else { | |
$changelog = "" | |
} | |
$changeLogContent = @" | |
:package: MSLab scripts are in **[mslab_${{ needs.new-version.outputs.new_tag }}.zip](${{ github.server_url }}/${{ github.repository }}/releases/download/${{ needs.new-version.outputs.new_tag }}/mslab_${{ needs.new-version.outputs.new_tag }}.zip)** file. | |
:information_source: Remaining `.ps1` files in this release would be downloaded on-demand by MSLab scripts during deployment, only if needed. | |
"@ | |
if($changelog -ne "") { | |
$changeLogContent += @" | |
## Changes in this version | |
$changelog | |
"@ | |
} | |
Set-Content -Value $changeLogContent -Path .\changelog.md | |
- name: Create new release | |
uses: softprops/action-gh-release@v1 | |
with: | |
tag_name: ${{ needs.new-version.outputs.new_tag }} # ${{ github.ref }} | |
name: MSLab ${{ needs.new-version.outputs.new_tag }} # ${{ github.ref }} | |
generate_release_notes: false | |
body_path: changelog.md | |
files: | | |
mslab_${{ needs.new-version.outputs.new_tag }}.zip | |
Output/Tools/*.ps1 |