Merge pull request #49 from dpvreony/renovate/jetbrains.resharper.glo… #142
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
types: [opened, synchronize, reopened, closed] | |
branches: [ main ] | |
jobs: | |
build: | |
runs-on: windows-2022 | |
outputs: | |
nbgv: ${{ steps.nbgv.outputs.SemVer2 }} | |
env: | |
DOTNET_CLI_TELEMETRY_OPTOUT: 1 | |
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1 | |
DOTNET_NOLOGO: true | |
DOTNET_GENERATE_ASPNET_CERTIFICATE: false | |
solutionpath: src/Whipstaff.sln | |
unittestprojectpath: src/Whipstaff.UnitTests/Whipstaff.UnitTests.csproj | |
inttestprojectpath: src/Whipstaff.IntegrationTests/Whipstaff.IntegrationTests.csproj | |
benchmarkprojectpath: src/Whipstaff.IntegrationTests/Whipstaff.Benchmarks.csproj | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Verify the ref context | |
run: echo 'Ref Context is ${{ github.ref }}' | |
- name: Verify the head ref context | |
run: echo 'Head Ref Context is ${{ github.head_ref }}' | |
# java is used by sonar scanner | |
- name: Setup Java 11 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' # See 'Supported distributions' for available options | |
java-version: '17' | |
- name: Install Windows SDK 10.0.16299 | |
shell: pwsh | |
run: | | |
Invoke-WebRequest -Uri https://go.microsoft.com/fwlink/p/?linkid=864422 -OutFile winsdk.exe | |
$startInfo = New-Object System.Diagnostics.ProcessStartInfo | |
$startInfo.FileName = "winsdk.exe" | |
$startInfo.Arguments = "/norestart /quiet" | |
$process = New-Object System.Diagnostics.Process | |
$process.StartInfo = $startInfo | |
$process.Start() | |
$process.WaitForExit() | |
- name: Install .NET 8 | |
uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: 8.0.x | |
- name: Install DotNet workloads | |
shell: bash | |
run: | | |
dotnet workload install android ios tvos macos maui | |
- name: Download SBOM | |
shell: pwsh | |
run: | | |
Invoke-WebRequest -Uri "https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-win-x64.exe" -OutFile "D:\a\_temp\sbom-tool.exe" | |
- name: Add MSBuild to PATH | |
uses: microsoft/setup-msbuild@767f00a3f09872d96a0cb9fcd5e6a4ff33311330 | |
# This mitigates an issue with websdk projects loading analyzers from old packages. | |
- name: Cleanup nuget local storage | |
run: dotnet nuget locals all --clear | |
- name: NBGV | |
id: nbgv | |
uses: dotnet/nbgv@master | |
with: | |
setAllVars: true | |
- name: Install dotnet tools | |
run: dotnet tool restore | |
- name: Prepare Artifact Directory | |
run: | | |
mkdir artifacts | |
mkdir artifacts\appinspector | |
mkdir artifacts\nupkg | |
mkdir artifacts\outdated | |
mkdir artifacts\sbom | |
mkdir artifacts\snitch | |
mkdir artifacts\omd | |
- name: Restore Packages | |
run: | | |
dotnet restore ${{ env.solutionpath }} /bl:artifacts\\binlog\\restore.binlog | |
- name: List Deprecated Packages | |
run: | | |
dotnet list ${{ env.solutionpath }} package --deprecated | |
dotnet list package --deprecated | |
working-directory: src | |
# TODO: pipe to text file, echo text file and error level fail build if not empty file? | |
- name: List Vulnerable Packages | |
run: | | |
dotnet list ${{ env.solutionpath }} package --vulnerable | |
dotnet list package --vulnerable | |
working-directory: src | |
- name: NPM package restore | |
run: | | |
pushd src\Whipstaff.Example.WebMvcApp\ | |
npm install | |
popd | |
- name: Run Sonar Scanner begin | |
if: env.SONAR_TOKEN != '' && env.SONAR_PROJECT_KEY != '' && env.SONAR_ORGANISATION_KEY != '' | |
run: | | |
dotnet sonarscanner begin /k:"${{ env.SONAR_PROJECT_KEY }}" /d:sonar.login="${{ env.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /o:"${{ env.SONAR_ORGANISATION_KEY }}" /d:sonar.cs.opencover.reportsPaths="../artifacts/unittestcoverage/**/*.xml" | |
working-directory: src | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }} | |
SONAR_ORGANISATION_KEY: ${{ secrets.SONAR_ORGANISATION_KEY }} | |
- name: Run Build | |
run: | | |
msbuild /t:build,pack /p:Configuration=Release /maxcpucount /bl:artifacts\\binlog\\build.binlog /p:ContinuousIntegrationBuild=true /p:PackageOutputPath=..\..\artifacts\nuget | |
working-directory: src | |
- name: Run Unit Tests | |
run: | | |
dotnet test ${{ env.unittestprojectpath }} --configuration Release --no-build /bl:artifacts\\binlog\\unittest.binlog --nologo --logger GitHubActions --blame-hang-timeout 60000 --results-directory artifacts\unittestcoverage --collect:"XPlat Code Coverage" /p:CollectCoverage=true /p:DeterministicSourcePaths=false -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover | |
- name: Run Sonar Scanner end | |
if: env.SONAR_TOKEN != '' && env.SONAR_PROJECT_KEY != '' && env.SONAR_ORGANISATION_KEY != '' | |
run: | | |
dotnet sonarscanner end /d:sonar.login="${{ env.SONAR_TOKEN }}" | |
working-directory: src | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }} | |
SONAR_ORGANISATION_KEY: ${{ secrets.SONAR_ORGANISATION_KEY }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Upload Code Coverage | |
run: | | |
Invoke-WebRequest -Uri https://uploader.codecov.io/latest/windows/codecov.exe -Outfile codecov.exe | |
.\codecov.exe -s 'artifacts/unittestcoverage' -f '*.xml' -v -t '${{ env.CODECOV_TOKEN }}' | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
- name: Report Unit Test Coverage | |
run: | | |
$opencoverxmlpath = Get-ChildItem 'artifacts/unittestcoverage/**/*.xml' | Select-Object -First 1 | |
$unitTestCoverage = (Select-Xml -Path $opencoverxmlpath -XPath 'CoverageSession/Summary/@branchCoverage').Node.Value | |
$coverageMessage = "Unit Test Coverage: $unitTestCoverage" | |
echo "::notice::$coverageMessage" | |
echo $coverageMessage >> $GITHUB_STEP_SUMMARY | |
# integration tests run after sonarscanner and unit test reporting so if the integration tests fail the report still uploads so we can see defects detected by sonarscanner and any unit test coverage issues. | |
- name: Run Integration Tests | |
run: | | |
dotnet test ${{ env.inttestprojectpath }} --configuration Release --no-build /bl:artifacts\\binlog\\inttest.binlog --nologo --logger GitHubActions --blame-hang-timeout 60000 --results-directory artifacts\inttestcoverage --collect:"XPlat Code Coverage" /p:CollectCoverage=true /p:DeterministicSourcePaths=false -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover | |
- name: Report Integration Test Coverage | |
run: | | |
$opencoverxmlpath = Get-ChildItem 'artifacts/inttestcoverage/**/*.xml' | Select-Object -First 1 | |
$intTestCoverage = (Select-Xml -Path $opencoverxmlpath -XPath 'CoverageSession/Summary/@branchCoverage').Node.Value | |
$coverageMessage = "Integration Test Coverage: $intTestCoverage" | |
echo "::notice::$coverageMessage" | |
echo $coverageMessage >> $GITHUB_STEP_SUMMARY | |
- name: List licenses | |
run: | | |
dotnet dotnet-project-licenses -i src --export-license-texts --output-directory artifacts/licenses | |
- name: Generate SBOM | |
run: | | |
dotnet sbom-tool generate -b artifacts/nuget -bc src -pn Whipstaff -pv $Env:NBGV_SimpleVersion -ps "DHGMS Solutions" -nsb https://sbom.dhgms.com -m artifacts\sbom | |
- name: List outdated packages | |
run: | | |
dotnet outdated -o artifacts\outdated\outdated.json src | |
- name: VirusTotal Monitor Scan | |
if: ${{ env.VIRUSTOTAL_API_KEY != 0 }} | |
uses: crazy-max/ghaction-virustotal@v4 | |
with: | |
vt_api_key: ${{ env.VIRUSTOTAL_API_KEY }} | |
vt_monitor: true | |
monitor_path: /ghaction-virustotal | |
files: | | |
./artifacts/nuget/*.nupkg | |
env: | |
VIRUSTOTAL_API_KEY: ${{ secrets.VIRUSTOTAL_API_KEY }} | |
- name: Generate App Inspector Report | |
run: | | |
dotnet appinspector analyze -s src -f html -o artifacts\appinspector\appinspector.html | |
# only store binlog on failure | |
- name: store binlogs | |
if: ${{ failure() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: binlogs | |
path: artifacts/binlog | |
- name: store unit test coverage | |
uses: actions/upload-artifact@v4 | |
with: | |
name: unittestcoverage | |
path: artifacts/unittestcoverage | |
- name: store docfx | |
uses: actions/upload-artifact@v4 | |
with: | |
name: docfx | |
path: artifacts/docfx | |
- name: store nuget packages | |
uses: actions/upload-artifact@v4 | |
with: | |
name: nuget | |
path: artifacts/nuget | |
- name: store omd | |
uses: actions/upload-artifact@v4 | |
with: | |
name: omd | |
path: artifacts/omd | |
- name: store licenses | |
uses: actions/upload-artifact@v4 | |
with: | |
name: licenses | |
path: artifacts/licenses | |
- name: store sbom | |
uses: actions/upload-artifact@v4 | |
with: | |
name: sbom | |
path: artifacts/sbom | |
- name: store outdated | |
uses: actions/upload-artifact@v4 | |
with: | |
name: outdated | |
path: artifacts/outdated | |
- name: store snitch | |
uses: actions/upload-artifact@v4 | |
with: | |
name: snitch | |
path: artifacts/snitch | |
- name: store appinspector | |
uses: actions/upload-artifact@v4 | |
with: | |
name: appinspector | |
path: artifacts/appinspector | |
release: | |
runs-on: ubuntu-latest | |
needs: build | |
if: contains(github.event.pull_request.labels.*.name, 'release') && github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged == true | |
env: | |
DOTNET_CLI_TELEMETRY_OPTOUT: 1 | |
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1 | |
DOTNET_NOLOGO: true | |
DOTNET_GENERATE_ASPNET_CERTIFICATE: false | |
steps: | |
- name: Download NuGet Packages | |
uses: actions/download-artifact@v4 | |
with: | |
name: nuget | |
- name: Changelog | |
uses: glennawatson/ChangeLog@v1 | |
id: changelog | |
- name: Create Release | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
with: | |
tag_name: ${{ needs.build.outputs.nbgv }} | |
release_name: ${{ needs.build.outputs.nbgv }} | |
body: | | |
${{ steps.changelog.outputs.commitLog }} | |
- name: NuGet Push | |
env: | |
NUGET_AUTH_TOKEN: ${{ secrets.NUGET_API_KEY }} | |
SOURCE_URL: https://api.nuget.org/v3/index.json | |
run: | | |
dotnet nuget push -s ${{ env.SOURCE_URL }} -k ${{ env.NUGET_AUTH_TOKEN }} **/*.nupkg |