From 9c892f47a37ed575ac94dbf19a01951c33fa344b Mon Sep 17 00:00:00 2001 From: Lance McCarthy Date: Thu, 21 May 2026 17:34:49 -0400 Subject: [PATCH] Update workflows --- .gitea/workflows/main_build-blazor.yml | 78 +++----------------- .gitea/workflows/main_build-maui_release.yml | 10 ++- 2 files changed, 18 insertions(+), 70 deletions(-) diff --git a/.gitea/workflows/main_build-blazor.yml b/.gitea/workflows/main_build-blazor.yml index e99570b..a4a8490 100644 --- a/.gitea/workflows/main_build-blazor.yml +++ b/.gitea/workflows/main_build-blazor.yml @@ -1,7 +1,4 @@ -# This workflow has three examples (one for IIS, two using containers) -# [Option A] Typical IIS build & publish -# [Option B] DOCKER FILE BUILD - publishes the image to ghcr.io (GitHub container registry) -# [Option C] .NET SDK CONTAINER BUILD - publishes the image to Docker Hub +# For docker publish example, see: main_docker.yml name: Blazor (with Reporting) on: @@ -13,17 +10,10 @@ on: paths: - 'src/Blazor/**/*' - '.github/workflows/main_build-blazor.yml' - -permissions: - contents: read - packages: write # to publish to GitHub container registry - id-token: write # # JWT for Akeyless auth env: CONFIGURATION: Release - BLAZOR_PROJ_PATH: src/Blazor/MyBlazorApp/MyBlazorApp.csproj - TEST_PROJ_PATH: src/Blazor/MyBlazorApp.Tests/MyBlazorApp.Tests.csproj - NUGET_CONFIG_PATH: src/NuGet.Config + PROJ_PATH: src/Blazor/MyBlazorApp.Tests/MyBlazorApp.Tests.csproj DOTNET_VERSION: "10.0.x" jobs: @@ -31,78 +21,30 @@ jobs: runs-on: windows-latest steps: - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - # Using AKeyless for secrets in this demo - - name: Fetch secrets from AKeyless - id: akeyless - uses: LanceMcCarthy/akeyless-action@v5 - with: - access-id: 'p-4blpeo5zdfeaom' - static-secrets: | - { - "/progress/TELERIK_NUGET_KEY":"TELERIK_NUGET_KEY", - "/progress/TELERIK_LICENSE":"TELERIK_LICENSE_KEY" - } - export-secrets-to-outputs: true - export-secrets-to-environment: false + uses: actions/checkout@v6 - name: Setup .NET Core SDK - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@v5 with: dotnet-version: ${{env.DOTNET_VERSION}} - - name: Restore NuGet Packages - run: | - dotnet restore ${{env.BLAZOR_PROJ_PATH}} --configfile ${{env.NUGET_CONFIG_PATH}} - dotnet restore ${{env.TEST_PROJ_PATH}} --configfile ${{env.NUGET_CONFIG_PATH}} - env: - TELERIK_USERNAME: "api-key" - TELERIK_PASSWORD: ${{steps.akeyless.outputs.TELERIK_NUGET_KEY}} - - name: Build Test Project - run: dotnet build ${{env.TEST_PROJ_PATH}} -c ${{env.CONFIGURATION}} --no-restore + run: dotnet build ${{env.PROJ_PATH}} -c ${{env.CONFIGURATION}} env: - TELERIK_LICENSE: ${{steps.akeyless.outputs.TELERIK_LICENSE_KEY}} + TELERIK_LICENSE: ${{secrets.TELERIK_LICENSE_KEY}} build_linux: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - # Using AKeyless for secrets in this demo - - name: Fetch secrets from AKeyless - id: akeyless - uses: LanceMcCarthy/akeyless-action@v5 - with: - access-id: 'p-4blpeo5zdfeaom' - static-secrets: | - { - "/progress/TELERIK_NUGET_KEY":"TELERIK_NUGET_KEY", - "/progress/TELERIK_LICENSE":"TELERIK_LICENSE_KEY" - } - export-secrets-to-outputs: true - export-secrets-to-environment: false + uses: actions/checkout@v6 - name: Setup .NET Core SDK - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@v5 with: dotnet-version: ${{env.DOTNET_VERSION}} - - name: Restore NuGet Packages - run: | - dotnet restore ${{env.BLAZOR_PROJ_PATH}} --configfile ${{env.NUGET_CONFIG_PATH}} - dotnet restore ${{env.TEST_PROJ_PATH}} --configfile ${{env.NUGET_CONFIG_PATH}} - env: - TELERIK_USERNAME: "api-key" - TELERIK_PASSWORD: ${{steps.akeyless.outputs.TELERIK_NUGET_KEY}} - - name: Build Test Project - run: dotnet build ${{env.TEST_PROJ_PATH}} -c ${{env.CONFIGURATION}} --no-restore + run: dotnet build ${{env.PROJ_PATH}} -c ${{env.CONFIGURATION}} env: - TELERIK_LICENSE: ${{steps.akeyless.outputs.TELERIK_LICENSE_KEY}} + TELERIK_LICENSE: ${{secrets.TELERIK_LICENSE_KEY}} diff --git a/.gitea/workflows/main_build-maui_release.yml b/.gitea/workflows/main_build-maui_release.yml index 7eb16f8..4dc79c5 100644 --- a/.gitea/workflows/main_build-maui_release.yml +++ b/.gitea/workflows/main_build-maui_release.yml @@ -491,9 +491,15 @@ jobs: codesign -dv --verbose=2 "$APP_BUNDLE_PATH" >/dev/null 2>&1 echo "Creating signed app zip and installer pkg..." - rm -f "$SIGNED_ZIP_PATH" "$SIGNED_PKG_PATH" + rm -f "$SIGNED_ZIP_PATH" "$SIGNED_PKG_PATH" component.pkg ditto -c -k --sequesterRsrc --keepParent "$APP_BUNDLE_PATH" "$SIGNED_ZIP_PATH" - productbuild --component "$APP_BUNDLE_PATH" /Applications --sign "$INSTALLER_SIGN_ID" "$SIGNED_PKG_PATH" + + # Build an unsigned component pkg with relocation disabled, then wrap it + # in a signed distribution pkg. This ensures the app always installs to + # /Applications regardless of any existing bundle on the user's machine. + pkgbuild --component "$APP_BUNDLE_PATH" --install-location /Applications --no-relocate component.pkg + productbuild --package component.pkg --sign "$INSTALLER_SIGN_ID" "$SIGNED_PKG_PATH" + rm -f component.pkg echo "Done. Signed artifacts:" echo "- $SIGNED_PKG_PATH"