.github/workflows/test-and-deploy.yml

name: Test and Deploy
on:
  push:
    branches: [ '*' ]
    tags: [ '*' ]
  pull_request:
    branches: [ main ]
  schedule:
    # Run automatically at 8AM PST Monday-Friday
    - cron: '0 15 * * 1-5'
  workflow_dispatch:

jobs:
  test:
    name: Test
    runs-on: ubuntu-latest
    timeout-minutes: 20
    env:
      DOCKER_LOGIN: ${{ secrets.DOCKER_USERNAME && secrets.DOCKER_AUTH_TOKEN }}
    steps:
      - name: Checkout sendgrid-csharp
        uses: actions/checkout@v2
        with:
          fetch-depth: 0

      - name: Login to Docker Hub
        if: env.DOCKER_LOGIN
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_AUTH_TOKEN }}

      - name: Setup .NET Core SDK
        uses: actions/setup-dotnet@v1.8.2
        with:
          dotnet-version: '3.1.x'

      - run: dotnet build -c Release
      - name: Build & Test
        run: make test-docker release
      - run: bash <(curl -s https://codecov.io/bash)

  deploy:
    name: Deploy
    if: success() && github.ref_type == 'tag'
    needs: [ test ]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout sendgrid-csharp
        uses: actions/checkout@v2

      - name: Setup .NET Core SDK
        uses: actions/setup-dotnet@v3
        with:
          dotnet-version: '3.1.x'

      - name: Create GitHub Release
        uses: sendgrid/dx-automator/actions/release@main
        with:
          footer: '**[NuGet](https://www.nuget.org/packages/Sendgrid/${version})**'
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Submit metric to Datadog
        uses: sendgrid/dx-automator/actions/datadog-release-metric@main
        env:
          DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
  
  code-signing:
    runs-on: windows-latest
    needs: [ deploy ]
    steps:
      - name: Checkout sendgrid-csharp
        uses: actions/checkout@v2

      - name: Setup .NET Core SDK
        uses: actions/setup-dotnet@v3
        with:
          dotnet-version: '3.1.x'

      - name: Set up certificate
        run: |
          echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
        shell: bash

      - name: Set variables
        id: variables
        run: |
          dir
          echo "::set-output name=version::${GITHUB_REF#refs/tags/v}"
          echo "::set-output name=KEYPAIR_NAME::gt-standard-keypair"
          echo "::set-output name=CERTIFICATE_NAME::gt-certificate"
          echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
          echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
          echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV"
          echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
          echo "BUILD_TOOLS_VERSION=31.0.0" >> "$GITHUB_ENV"
          echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
          echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
          echo "C:\Program Files\DigiCert\DigiCert Keylocker Tools" >> $GITHUB_PATH
        shell: bash

      - name: Code signing with Software Trust Manager
        id: SSMClientToolSetup
        uses: digicert/ssm-code-signing@v0.0.2
        env:
          SM_API_KEY: ${{ env.SM_API_KEY }}
          SM_CLIENT_CERT_PASSWORD: ${{ env.SM_CLIENT_CERT_PASSWORD }}
          SM_CLIENT_CERT_FILE: ${{ env.SM_CLIENT_CERT_FILE }}

      - run: echo “The config file path ${{ steps.SSMClientToolSetup.outputs.PKCS11_CONFIG }}”

      - name: Setup Keylocker KSP on windows
        run: |
          curl -X GET  https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o Keylockertools-windows-x64.msi 
          msiexec /i Keylockertools-windows-x64.msi /quiet /qn
          smksp_registrar.exe list 
          smctl.exe keypair ls 
          C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
        shell: cmd

      - name: Certificates Sync
        run: |
          smctl windows certsync
        shell: cmd

      - name: Signing using Nuget
        run: |
          dotnet pack -c Release
          nuget sign **/*.nupkg -Timestamper http://timestamp.digicert.com -outputdirectory .\NugetSigned -CertificateFingerprint ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} -HashAlgorithm SHA256 -Verbosity detailed -Overwrite
          nuget push **/*.nupkg -ApiKey ${{ secrets.NUGET_API_KEY }} -Source https://api.nuget.org/v3/index.json -SkipDuplicate

  notify-on-failure:
    name: Slack notify on failure
    if: failure() && github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.ref_type == 'tag')
    needs: [ test, deploy ]
    runs-on: ubuntu-latest
    steps:
      - uses: rtCamp/action-slack-notify@v2
        env:
          SLACK_COLOR: failure
          SLACK_ICON_EMOJI: ':github:'
          SLACK_MESSAGE: ${{ format('Test *{0}*, Deploy *{1}*, {2}/{3}/actions/runs/{4}', needs.test.result, needs.deploy.result, github.server_url, github.repository, github.run_id) }}
          SLACK_TITLE: Action Failure - ${{ github.repository }}
          SLACK_USERNAME: GitHub Actions
          SLACK_MSG_AUTHOR: twilio-dx
          SLACK_FOOTER: Posted automatically using GitHub Actions
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
          MSG_MINIMAL: true