Merge pull request #47 from dpvreony/renovate/jetbrains.resharper.glo… #138

Summary
Jobs
- build
- release
Run details
- Usage
- Workflow file

Workflow file for this run

	name: CI

	on:
	push:
	branches: [ main ]
	pull_request:
	types: [opened, synchronize, reopened, closed]
	branches: [ main ]

	jobs:
	build:
	runs-on: windows-2022
	outputs:
	nbgv: ${{ steps.nbgv.outputs.SemVer2 }}
	env:
	DOTNET_CLI_TELEMETRY_OPTOUT: 1
	DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1
	DOTNET_NOLOGO: true
	DOTNET_GENERATE_ASPNET_CERTIFICATE: false
	solutionpath: src/Whipstaff.sln
	unittestprojectpath: src/Whipstaff.UnitTests/Whipstaff.UnitTests.csproj
	inttestprojectpath: src/Whipstaff.IntegrationTests/Whipstaff.IntegrationTests.csproj
	benchmarkprojectpath: src/Whipstaff.IntegrationTests/Whipstaff.Benchmarks.csproj
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Verify the ref context
	run: echo 'Ref Context is ${{ github.ref }}'

	- name: Verify the head ref context
	run: echo 'Head Ref Context is ${{ github.head_ref }}'

	# java is used by sonar scanner
	- name: Setup Java 11
	uses: actions/setup-java@v4
	with:
	distribution: 'temurin' # See 'Supported distributions' for available options
	java-version: '17'

	- name: Install Windows SDK 10.0.16299
	shell: pwsh
	run: \|
	Invoke-WebRequest -Uri https://go.microsoft.com/fwlink/p/?linkid=864422 -OutFile winsdk.exe
	$startInfo = New-Object System.Diagnostics.ProcessStartInfo
	$startInfo.FileName = "winsdk.exe"
	$startInfo.Arguments = "/norestart /quiet"
	$process = New-Object System.Diagnostics.Process
	$process.StartInfo = $startInfo
	$process.Start()
	$process.WaitForExit()

	- name: Install .NET 8
	uses: actions/setup-dotnet@v4
	with:
	dotnet-version: 8.0.x

	- name: Install DotNet workloads
	shell: bash
	run: \|
	dotnet workload install android ios tvos macos maui

	- name: Download SBOM
	shell: pwsh
	run: \|
	Invoke-WebRequest -Uri "https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-win-x64.exe" -OutFile "D:\a\_temp\sbom-tool.exe"

	- name: Add MSBuild to PATH
	uses: microsoft/setup-msbuild@767f00a3f09872d96a0cb9fcd5e6a4ff33311330

	# This mitigates an issue with websdk projects loading analyzers from old packages.
	- name: Cleanup nuget local storage
	run: dotnet nuget locals all --clear

	- name: NBGV
	id: nbgv
	uses: dotnet/nbgv@master
	with:
	setAllVars: true

	- name: Install dotnet tools
	run: dotnet tool restore

	- name: Prepare Artifact Directory
	run: \|
	mkdir artifacts
	mkdir artifacts\appinspector
	mkdir artifacts\nupkg
	mkdir artifacts\outdated
	mkdir artifacts\sbom
	mkdir artifacts\snitch
	mkdir artifacts\omd

	- name: Restore Packages
	run: \|
	dotnet restore ${{ env.solutionpath }} /bl:artifacts\\binlog\\restore.binlog

	- name: List Deprecated Packages
	run: \|
	dotnet list ${{ env.solutionpath }} package --deprecated
	dotnet list package --deprecated
	working-directory: src
	# TODO: pipe to text file, echo text file and error level fail build if not empty file?

	- name: List Vulnerable Packages
	run: \|
	dotnet list ${{ env.solutionpath }} package --vulnerable
	dotnet list package --vulnerable
	working-directory: src

	- name: NPM package restore
	run: \|
	pushd src\Whipstaff.Example.WebMvcApp\
	npm install
	popd

	- name: Run Sonar Scanner begin
	if: env.SONAR_TOKEN != '' && env.SONAR_PROJECT_KEY != '' && env.SONAR_ORGANISATION_KEY != ''
	run: \|
	dotnet sonarscanner begin /k:"${{ env.SONAR_PROJECT_KEY }}" /d:sonar.login="${{ env.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /o:"${{ env.SONAR_ORGANISATION_KEY }}" /d:sonar.cs.opencover.reportsPaths="../artifacts/unittestcoverage/*/.xml"
	working-directory: src
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
	SONAR_ORGANISATION_KEY: ${{ secrets.SONAR_ORGANISATION_KEY }}

	- name: Run Build
	run: \|
	msbuild /t:build,pack /p:Configuration=Release /maxcpucount /bl:artifacts\\binlog\\build.binlog /p:ContinuousIntegrationBuild=true /p:PackageOutputPath=..\..\artifacts\nuget
	working-directory: src

	- name: Run Unit Tests
	run: \|
	dotnet test ${{ env.unittestprojectpath }} --configuration Release --no-build /bl:artifacts\\binlog\\unittest.binlog --nologo --logger GitHubActions --blame-hang-timeout 60000 --results-directory artifacts\unittestcoverage --collect:"XPlat Code Coverage" /p:CollectCoverage=true /p:DeterministicSourcePaths=false -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover

	- name: Run Sonar Scanner end
	if: env.SONAR_TOKEN != '' && env.SONAR_PROJECT_KEY != '' && env.SONAR_ORGANISATION_KEY != ''
	run: \|
	dotnet sonarscanner end /d:sonar.login="${{ env.SONAR_TOKEN }}"
	working-directory: src
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
	SONAR_ORGANISATION_KEY: ${{ secrets.SONAR_ORGANISATION_KEY }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Upload Code Coverage
	run: \|
	Invoke-WebRequest -Uri https://uploader.codecov.io/latest/windows/codecov.exe -Outfile codecov.exe
	.\codecov.exe -s 'artifacts/unittestcoverage' -f '*.xml' -v -t '${{ env.CODECOV_TOKEN }}'
	env:
	CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

	- name: Report Unit Test Coverage
	run: \|
	$opencoverxmlpath = Get-ChildItem 'artifacts/unittestcoverage/*/.xml' \| Select-Object -First 1
	$unitTestCoverage = (Select-Xml -Path $opencoverxmlpath -XPath 'CoverageSession/Summary/@branchCoverage').Node.Value
	$coverageMessage = "Unit Test Coverage: $unitTestCoverage"
	echo "::notice::$coverageMessage"
	echo $coverageMessage >> $GITHUB_STEP_SUMMARY

	# integration tests run after sonarscanner and unit test reporting so if the integration tests fail the report still uploads so we can see defects detected by sonarscanner and any unit test coverage issues.
	- name: Run Integration Tests
	run: \|
	dotnet test ${{ env.inttestprojectpath }} --configuration Release --no-build /bl:artifacts\\binlog\\inttest.binlog --nologo --logger GitHubActions --blame-hang-timeout 60000 --results-directory artifacts\inttestcoverage --collect:"XPlat Code Coverage" /p:CollectCoverage=true /p:DeterministicSourcePaths=false -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover

	- name: Report Integration Test Coverage
	run: \|
	$opencoverxmlpath = Get-ChildItem 'artifacts/inttestcoverage/*/.xml' \| Select-Object -First 1
	$intTestCoverage = (Select-Xml -Path $opencoverxmlpath -XPath 'CoverageSession/Summary/@branchCoverage').Node.Value
	$coverageMessage = "Integration Test Coverage: $intTestCoverage"
	echo "::notice::$coverageMessage"
	echo $coverageMessage >> $GITHUB_STEP_SUMMARY

	- name: List licenses
	run: \|
	dotnet dotnet-project-licenses -i src --export-license-texts --output-directory artifacts/licenses

	- name: Generate SBOM
	run: \|
	dotnet sbom-tool generate -b artifacts/nuget -bc src -pn Whipstaff -pv $Env:NBGV_SimpleVersion -ps "DHGMS Solutions" -nsb https://sbom.dhgms.com -m artifacts\sbom

	- name: List outdated packages
	run: \|
	dotnet outdated -o artifacts\outdated\outdated.json src

	- name: VirusTotal Monitor Scan
	if: ${{ env.VIRUSTOTAL_API_KEY != 0 }}
	uses: crazy-max/ghaction-virustotal@v4
	with:
	vt_api_key: ${{ env.VIRUSTOTAL_API_KEY }}
	vt_monitor: true
	monitor_path: /ghaction-virustotal
	files: \|
	./artifacts/nuget/*.nupkg
	env:
	VIRUSTOTAL_API_KEY: ${{ secrets.VIRUSTOTAL_API_KEY }}

	- name: Generate App Inspector Report
	run: \|
	dotnet appinspector analyze -s src -f html -o artifacts\appinspector\appinspector.html

	# only store binlog on failure
	- name: store binlogs
	if: ${{ failure() }}
	uses: actions/upload-artifact@v4
	with:
	name: binlogs
	path: artifacts/binlog

	- name: store unit test coverage
	uses: actions/upload-artifact@v4
	with:
	name: unittestcoverage
	path: artifacts/unittestcoverage

	- name: store docfx
	uses: actions/upload-artifact@v4
	with:
	name: docfx
	path: artifacts/docfx

	- name: store nuget packages
	uses: actions/upload-artifact@v4
	with:
	name: nuget
	path: artifacts/nuget

	- name: store omd
	uses: actions/upload-artifact@v4
	with:
	name: omd
	path: artifacts/omd

	- name: store licenses
	uses: actions/upload-artifact@v4
	with:
	name: licenses
	path: artifacts/licenses

	- name: store sbom
	uses: actions/upload-artifact@v4
	with:
	name: sbom
	path: artifacts/sbom

	- name: store outdated
	uses: actions/upload-artifact@v4
	with:
	name: outdated
	path: artifacts/outdated

	- name: store snitch
	uses: actions/upload-artifact@v4
	with:
	name: snitch
	path: artifacts/snitch

	- name: store appinspector
	uses: actions/upload-artifact@v4
	with:
	name: appinspector
	path: artifacts/appinspector
	release:
	runs-on: ubuntu-latest
	needs: build
	if: contains(github.event.pull_request.labels.*.name, 'release') && github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged == true
	env:
	DOTNET_CLI_TELEMETRY_OPTOUT: 1
	DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1
	DOTNET_NOLOGO: true
	DOTNET_GENERATE_ASPNET_CERTIFICATE: false
	steps:
	- name: Download NuGet Packages
	uses: actions/download-artifact@v4
	with:
	name: nuget

	- name: Changelog
	uses: glennawatson/ChangeLog@v1
	id: changelog

	- name: Create Release
	uses: actions/create-release@v1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
	with:
	tag_name: ${{ needs.build.outputs.nbgv }}
	release_name: ${{ needs.build.outputs.nbgv }}
	body: \|
	${{ steps.changelog.outputs.commitLog }}

	- name: NuGet Push
	env:
	NUGET_AUTH_TOKEN: ${{ secrets.NUGET_API_KEY }}
	SOURCE_URL: https://api.nuget.org/v3/index.json
	run: \|
	dotnet nuget push -s ${{ env.SOURCE_URL }} -k ${{ env.NUGET_AUTH_TOKEN }} */.nupkg

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #47 from dpvreony/renovate/jetbrains.resharper.glo… #138

Workflow file

Merge pull request #47 from dpvreony/renovate/jetbrains.resharper.glo… #138

Jobs

Run details

Workflow file for this run