[gh-actions] publishing nuget package on release (#117)

* [gh-actions] publishing nuget package on release

* Skip login to nuget.org if not triggerd by a tag

* removed appveyor ci definition

Author: springcomp

.github/workflows/publish.yaml

@@ -0,0 +1,78 @@
+name: 🚀 release
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  release:
+    name: 🚀 release
+    runs-on: windows-latest
+    permissions:
+      contents: read
+      id-token: write # enable GitHub OIDC token issuance for this job
+
+    steps:
+      - name: 📚 checkout
+        uses: actions/checkout@v4
+
+      - name: ⚙️ Setup .NET
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: "6.0.x"
+
+      - name: 🔓 Decrypt strong-name key
+        run: bin/EncryptDecryptFile.PS1
+        shell: pwsh
+        env:
+          SN_PASSPHRASE: ${{ secrets.SN_PASSPHRASE }}
+          SN_SALT: ${{ secrets.SN_SALT }}
+          SN_INIT: ${{ secrets.SN_INIT }}
+
+      - name: 📝 Update version
+        run: bin/Update-Version.PS1 -Version "$env:VERSION"
+        shell: pwsh
+        env:
+          VERSION: ${{ github.ref_name }}
+
+      - name: 📦 Restore dependencies
+        run: dotnet restore jmespath.net.sln
+
+      - name: 🔨 Build
+        run: dotnet build jmespath.net.sln --configuration Release --no-restore
+
+      - name: 🏗️ Create NuGet packages
+        run: |
+          dotnet pack --no-build "src/jmespath.net" -c Release
+          $targetPath = "src/jmespath.net.parser/bin/Release"
+          cp "src/jmespath.net.parser/JmesPath.Net.Parser.nuspec" $targetPath
+          mkdir "$targetPath/lib" | Out-Null
+          mv "$targetPath/netstandard1.3" "$targetPath/lib/netstandard1.3"
+          mv "$targetPath/netstandard2.1" "$targetPath/lib/netstandard2.1"
+          mv "$targetPath/net45" "$targetPath/lib/net45"
+          cd $targetPath
+          nuget pack
+        shell: pwsh
+
+      # Use the ambient GitHub token to login to NuGet and retrieve an API key
+      - name: 🔑 NuGet login (OIDC → temp API key)
+        # Only push to NuGet if we're building a tag (optional)
+        if: startsWith(github.ref, 'refs/tags/')
+        uses: NuGet/login@v1
+        id: login
+        with:
+          # Secret is your NuGet username, e.g. 'jmespath-community'
+          user: ${{ secrets.NUGET_USER }}
+
+      - name: 📤 Push to NuGet
+        # Only push to NuGet if we're building a tag (optional)
+        if: startsWith(github.ref, 'refs/tags/')
+        shell: pwsh
+        # Loop through all the packages in the output folder and push them to
+        # nuget.org, using the NUGET_API_KEY generated by the previous login step
+        run: |
+          Get-ChildItem src/ -Filter *.nupkg | ForEach-Object {
+            dotnet nuget push $_.FullName `
+              --api-key "${{ steps.login.outputs.NUGET_API_KEY }}" `
+              --source https://api.nuget.org/v3/index.json
+          }

appveyor.yml

@@ -1,17 +1,30 @@
+[CmdletBinding()]
+param(
+  [switch]$Encrypt
+)
+
 #################
 # Powershell Allows The Loading of .NET Assemblies
-# Load the Security assembly to use with this script 
+# Load the Security assembly to use with this script
 #################
-[Reflection.Assembly]::LoadWithPartialName("System.Security")
+[Reflection.Assembly]::LoadWithPartialName("System.Security") | Out-Null
 
 #################
 # This function is to Encrypt A String.
 # $string is the string to encrypt, $passphrase is a second security "password" that has to be passed to decrypt.
 # $salt is used during the generation of the crypto password to prevent password guessing.
 # $init is used to compute the crypto hash -- a checksum of the encryption
 #################
-function Encrypt-File($path, $Passphrase, $salt="SaltCrypto", $init="IV_Password", $outputPath)
+Function Encrypt-File
 {
+  param(
+    [string] $path,
+    [string] $Passphrase,
+    [string] $outputPath,
+    [string] $salt="SaltCrypto",
+    [string] $init="IV_Password"
+  )
+
     # Create a COM Object for RijndaelManaged Cryptography
 	$r = new-Object System.Security.Cryptography.RijndaelManaged
 	# Convert the Passphrase to UTF8 Bytes
@@ -23,8 +36,8 @@ function Encrypt-File($path, $Passphrase, $salt="SaltCrypto", $init="IV_Password
 	$r.Key = (new-Object Security.Cryptography.PasswordDeriveBytes $pass, $salt, "SHA1", 5).GetBytes(32) #256/8
 	# Create the Intersecting Vector Cryptology Hash with the init
 	$r.IV = (new-Object Security.Cryptography.SHA1Managed).ComputeHash( [Text.Encoding]::UTF8.GetBytes($init) )[0..15]
-	
-	# Starts the New Encryption using the Key and IV   
+
+	# Starts the New Encryption using the Key and IV
 	$c = $r.CreateEncryptor()
 	# Creates a MemoryStream to do the encryption in
 	$ms = new-Object IO.MemoryStream
@@ -48,8 +61,16 @@ function Encrypt-File($path, $Passphrase, $salt="SaltCrypto", $init="IV_Password
     $os.Close();
 }
 
-function Decrypt-File($path, $Passphrase, $salt="SaltCrypto", $init="IV_Password", $OutputPath)
+Function Decrypt-File
 {
+  param(
+    [string] $path,
+    [string] $Passphrase,
+    [string] $OutputPath,
+    [string] $salt="SaltCrypto",
+    [string] $init="IV_Password"
+  )
+
 	# Create a COM Object for RijndaelManaged Cryptography
 	$r = new-Object System.Security.Cryptography.RijndaelManaged
 	# Convert the Passphrase to UTF8 Bytes
@@ -63,33 +84,50 @@ function Decrypt-File($path, $Passphrase, $salt="SaltCrypto", $init="IV_Password
 	$r.IV = (new-Object Security.Cryptography.SHA1Managed).ComputeHash( [Text.Encoding]::UTF8.GetBytes($init) )[0..15]
 
     $fs = [IO.File]::OpenRead($path)
-    
+
 	# Create a new Decryptor
 	$d = $r.CreateDecryptor()
 	# Create a New memory stream with the encrypted value.
-	
+
 	# Read the new memory stream and read it in the cryptology stream
 	$cs = new-Object Security.Cryptography.CryptoStream $fs,$d,"Read"
 	# Read the new decrypted stream
 
 	# Return from the function the stream
-	
+
     $os = [IO.File]::Open($outputPath, [IO.FileMode]::Truncate, [IO.FileAccess]::Write);
     $cs.CopyTo($os);
 
     $os.Close();
     # Stops the crypology stream
 	$cs.Close()
-	
+
 	# Stops the memory stream
 	$fs.Close()
 	# Clears the RijndaelManaged Cryptology IV and Key
 	$r.Clear()
 }
 
-Decrypt-File `
-	-path "C:\projects\jmespath-net\src\jmespath.net.snk.crypted" `
-	-Passphrase $env:SNK_PASSPHRASE `
-	-salt $env:SNK_SALT `
-	-init $env:SNK_INIT `
-	-outputPath "C:\projects\jmespath-net\src\jmespath.net.snk"
+$SRC_DIR = (Resolve-Path -Path (
+  Join-Path -Path $PSScriptRoot -ChildPath "..")).Path
+
+$STRONG_NAME_PLAINTEXT_KEY_PATH="$($SRC_DIR)/src/jmespath.net.snk"
+$STRONG_NAME_ENCRYPTED_KEY_PATH="$($SRC_DIR)/src/jmespath.net.snk.crypted"
+
+if ($Encrypt.IsPresent) {
+  Encrypt-File `
+  	-path $STRONG_NAME_PLAINTEXT_KEY_PATH `
+  	-Passphrase $env:SNK_PASSPHRASE `
+  	-salt $env:SNK_SALT `
+  	-init $env:SNK_INIT `
+  	-outputPath $STRONG_NAME_ENCRYPTED_KEY_PATH
+}
+
+else {
+  Decrypt-File `
+  	-path $STRONG_NAME_ENCRYPTED_KEY_PATH `
+  	-Passphrase $env:SNK_PASSPHRASE `
+  	-salt $env:SNK_SALT `
+  	-init $env:SNK_INIT `
+  	-outputPath $STRONG_NAME_PLAINTEXT_KEY_PATH
+}