.github/workflows/ci.yml

name: CI-Pipeline

on:
  workflow_dispatch:
  workflow_call:
    inputs:
      ref:
        type: string
        description: 'Branch or tag ref to checkout code from'
        required: true
  push:

jobs:
  test:
    name: Run Tests
    strategy:
      fail-fast: false
      matrix:
        project:
          - AspSecurityHeaders.Test
          - AspSecurityHeaders.Generators.Test
          - AspSecurityHeaders.OrchardModule.Test
        platform:
          - ubuntu-latest
          - macos-latest
          - windows-latest
        framework:
          - net9.0
          - net8.0
    runs-on: ${{ matrix.platform }}
    steps:
      - name: Setup .NET
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: |
            9.0.x
            8.0.x
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          persist-credentials: false
          ref: ${{ inputs.ref }}
      - name: Restore packages
        run: dotnet restore --locked-mode
        working-directory: ${{ matrix.project }}
      - name: Build
        run: dotnet build --no-restore --framework ${{ matrix.framework }}
        working-directory: ${{ matrix.project }}
      - name: Run tests
        run: dotnet test --no-restore --no-build --framework ${{ matrix.framework }}
        working-directory: ${{ matrix.project }}

  build:
    name: Build NuGet packages
    needs:
      - test
    strategy:
      fail-fast: false
      matrix:
        project:
          - AspSecurityHeaders
          - AspSecurityHeaders.Generators
          - AspSecurityHeaders.OrchardModule
    runs-on: ubuntu-latest
    steps:
      - name: Setup .NET
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: |
            9.0.x
            8.0.x
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          persist-credentials: false
          ref: ${{ inputs.ref }}
      - name: Restore packages
        run: dotnet restore --locked-mode
        working-directory: ${{ matrix.project }}
      - name: Build
        run: dotnet build --no-restore --configuration Release
        working-directory: ${{ matrix.project }}
      - name: Create NuGet package
        run: dotnet pack --no-restore --no-build --configuration Release
        working-directory: ${{ matrix.project }}
      - name: Upload NuGet package as artifact
        uses: actions/upload-artifact@v4
        with:
          name: Brickmakers.${{ matrix.project }}
          path: |
            ${{ matrix.project }}/bin/Release/*.nupkg
            ${{ matrix.project }}/bin/Release/*.snupkg
          if-no-files-found: error

  release:
    name: Create release if required
    runs-on: ubuntu-latest
    needs:
      - test
      - build
    if: github.ref == 'refs/heads/main'
    outputs:
      publish: ${{ steps.version.outputs.update }}
    steps:
      - name: Install xmlstarlet
        run: sudo apt-get install xmlstarlet
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          persist-credentials: true
      - id: version
        name: Check if a release should be created
        run: |
          set -eo pipefail
          package_version=$(xmlstarlet sel -t -v "//PackageVersion" Directory.Build.targets)
          git fetch --tags
          tag_exists=$(git tag -l "v$package_version")
          if [[ -z "$tag_exists" ]]; then
            echo ::notice::Release does not exist yet - creating release
            echo "update=true" >> $GITHUB_OUTPUT
            echo "version=$package_version" >> $GITHUB_OUTPUT
          else
            echo ::notice::Release already exists - skipping creation
            echo "update=false" >> $GITHUB_OUTPUT
          fi
      - id: release_content
        name: Generate release content
        if: steps.version.outputs.update == 'true'
        run: |
          set -eo pipefail
          version_changelog_file=$(mktemp)
          echo '## Changelog' > "$version_changelog_file"
          cat CHANGELOG.md | sed '/^## ${{ steps.version.outputs.version }}.*$/,/^## /!d;//d' >> "$version_changelog_file"
          echo "body_path=$version_changelog_file" >> $GITHUB_OUTPUT
        working-directory: ${{ inputs.workingDirectory }}
      - name: Create Release
        if: steps.version.outputs.update == 'true'
        uses: softprops/action-gh-release@v2
        with:
          tag_name: v${{ steps.version.outputs.version }}
          name: AspSecurityHeaders Version ${{ steps.version.outputs.version }}
          body_path: ${{ steps.release_content.outputs.body_path }}

  publish:
    name: Upload package to NuGet.org
    runs-on: ubuntu-latest
    needs:
      - release
    if: github.ref == 'refs/heads/main' && needs.release.outputs.publish == 'true'
    steps:
      - name: Setup .NET
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: 9.0.x
      - name: Download NuGet package
        uses: actions/download-artifact@v4
        with:
          path: artifacts
      - name: Upload to NuGet.org
        run: dotnet nuget push artifacts/**/*.nupkg --source 'https://api.nuget.org/v3/index.json' --api-key '${{ secrets.NUGET_API_KEY }}'