Table of Contents

NuGet solution master workflow

Important

This workflow is intended for internal use at Skyline Communications as it uses Skyline-specific validation. However, you can use it as a baseline and adjust it for use elsewhere by replacing the validation step with your own.

The NuGet solution master workflow is designed to run on repositories containing the DataMiner NuGet Package Solution provided by the DIS extension in Visual Studio or from Skyline.DataMiner.VisualStudioTemplates.

This workflow is a migration of the original internal Jenkins pipelines used for automation and quality assurance within Skyline Communications.

To use this workflow, your Visual Studio solution must consist of SDK-style projects. If you are migrating an existing library, you will need to convert it to SDK style. You can for example do so using the following dotnet tool: Project2015To2017.Migrate2019.Tool. Alternatively, you can create a new solution with the template and then move all content from the old solution.

The goal of this workflow is to automatically create and upload reusable .NET libraries if they pass certain quality standards. The workflow acts as a quality gate and code coverage collection before attempting to create and publish a NuGet package to nuget.org. Publishing only occurs during release cycles.

Important

This workflow can run for both development or release cycles. A development cycle is any run that triggered from a change on a branch. A release cycle is any run that triggered from adding a tag with format A.B.C or A.B.C-text. During the development cycle, the version of an artifact automatically includes the run number. The .nupkg is available as artifact on GitHub. During the release cycle, the version of the artifact becomes the tag provided and the .nupkg is published on nuget.org. A release cycle can also release a pre-release version of a NuGet package. To do so, simply tag with format A.B.C-text. (e.g. 1.0.1-AlphaOne).

How to use

From within your own workflow .yml files, you can call a reusable workflow by adding a job that references the location on GitHub of the .yml file:

For example:

jobs:

  CI:
    uses: SkylineCommunications/_ReusableWorkflows/.github/workflows/Automation Master Workflow.yml@main

For most reusable workflows, several arguments and secrets need to be provided. You can find out which arguments and secrets by opening the reusable workflow and looking at the "inputs:" and "secrets:" sections located at the top of the file.

However, we recommend that you instead use one of the available starter workflows that in turn call one of our reusable workflows and that are preconfigured with most of the arguments.

For example:

jobs:

  CI:
    uses: SkylineCommunications/_ReusableWorkflows/.github/workflows/Automation Master Workflow.yml@main
    with:
      referenceName: ${{ github.ref_name }}
      runNumber: ${{ github.run_number }}
      referenceType: ${{ github.ref_type }}
      repository: ${{ github.repository }}
      owner: ${{ github.repository_owner }}
      sonarCloudProjectName: TODO: Go to 'https://sonarcloud.io/projects/create' and create a project. Then enter the id of the project as mentioned in the sonarcloud project URL here.
      # The API-key: generated in the DCP Admin app (https://admin.dataminer.services/) as authentication for a certain DataMiner System.
    secrets:
      api-key: ${{ secrets.DATAMINER_DEPLOY_KEY }}
      sonarCloudToken: ${{ secrets.SONAR_TOKEN }}

Skyline quality gate

Validate NuGet metadata

Validates if the provided solution has all technical requirements for an official Skyline Communications NuGet package.

You can find all requirements under GitHub validation requirements.

A lot of requirements are preconfigured when the Skyline.DataMiner.VisualStudioTemplates are used.

Building

Attempts to compile the Visual Studio solution after restoring all NuGet packages. This will check for compilation errors.

Unit Tests

Searches for any project ending with Tests or UnitTests and will then attempt to run all unit tests found. This will handle code regression and check that all content behaves as expected by the developer.

Analyze

Performs static code analysis using SonarCloud. This will check for common errors and bugs found within C# code, track code coverage of your tests, and ensure clean code guidelines.

Note

For public repositories, the analysis step uses the SONAR_TOKEN organization secret. For private repositories, you will need to create a repository secret with name SONAR_TOKEN (as private repositories cannot access the organization secret). The value of the secret is an API token that can be created in SonarCloud under the Security tab of the account settings.

Quality gate

Checks the results of all previous steps and combines them into a single result that will either block the workflow from continuing or allow it to continue to the next job.

Sign

Download unsigned NuGet

Retrieves the artifact .nupkg created during the Skyline quality gate job.

Decrypt signature file

Downloads a .pfx file stored as a BASE64-encrypted string, containing the certificate from the action secrets in GitHub, and decrypt this for use in signing.

In order to make such a BASE64 string of a .pfx on a Windows machine:

  1. Run the following command in a command prompt or PowerShell prompt window:

    certutil -encode infile outfile

  2. Open the "outfile" with a TXT editor and copy the string content.

  3. Paste that content into an action secret on GitHub called PFX.

  4. Add a second action secret on GitHub called PFXPASSWORD, containing the password of the PFX.

Sign NuGet package

Uses the previously decrypted signature file and signs your NuGet packages.

Push

Push to nuget.org

If this is a release cycle, the NuGet packages are published to nuget.org.

These can be both stable releases (A.B.C) or pre-releases.(A.B.C-text).

Propose changes