Skip to content
CI

Update dependency microsoft.cst.applicationinspector.cli to v1.9.17 #2

Sign in to view logs

Update dependency microsoft.cst.applicationinspector.cli to v1.9.17

Update dependency microsoft.cst.applicationinspector.cli to v1.9.17 #2

Workflow file for this run

.github/workflows/ci.yml at 635fcaa
name: CI
on:
push:
branches: [ main ]
pull_request:
types: [opened, synchronize, reopened, closed]
branches: [ main ]
jobs:
build:
runs-on: windows-2022
outputs:
nbgv: ${{ steps.nbgv.outputs.SemVer2 }}
env:
DOTNET_CLI_TELEMETRY_OPTOUT: 1
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1
DOTNET_NOLOGO: true
DOTNET_GENERATE_ASPNET_CERTIFICATE: false
solutionpath: src/Whipstaff.sln
unittestprojectpath: src/Whipstaff.UnitTests/Whipstaff.UnitTests.csproj
inttestprojectpath: src/Whipstaff.IntegrationTests/Whipstaff.IntegrationTests.csproj
benchmarkprojectpath: src/Whipstaff.IntegrationTests/Whipstaff.Benchmarks.csproj
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Verify the ref context
run: echo 'Ref Context is ${{ github.ref }}'
- name: Verify the head ref context
run: echo 'Head Ref Context is ${{ github.head_ref }}'
# java is used by sonar scanner
- name: Setup Java 11
uses: actions/setup-java@v4
with:
distribution: 'temurin' # See 'Supported distributions' for available options
java-version: '17'
- name: Install Windows SDK 10.0.16299
shell: pwsh
run: |
Invoke-WebRequest -Uri https://go.microsoft.com/fwlink/p/?linkid=864422 -OutFile winsdk.exe
$startInfo = New-Object System.Diagnostics.ProcessStartInfo
$startInfo.FileName = "winsdk.exe"
$startInfo.Arguments = "/norestart /quiet"
$process = New-Object System.Diagnostics.Process
$process.StartInfo = $startInfo
$process.Start()
$process.WaitForExit()
- name: Install .NET 8
uses: actions/setup-dotnet@v4
with:
dotnet-version: 8.0.x
- name: Install DotNet workloads
shell: bash
run: |
dotnet workload install android ios tvos macos maui
- name: Download SBOM
shell: pwsh
run: |
Invoke-WebRequest -Uri "https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-win-x64.exe" -OutFile "D:\a\_temp\sbom-tool.exe"
- name: Add MSBuild to PATH
uses: microsoft/setup-msbuild@3404ff3d40458f8d1fdf55c2bcc442b970404ad7
# This mitigates an issue with websdk projects loading analyzers from old packages.
- name: Cleanup nuget local storage
run: dotnet nuget locals all --clear
- name: NBGV
id: nbgv
uses: dotnet/nbgv@master
with:
setAllVars: true
- name: Install dotnet tools
run: dotnet tool restore
- name: Prepare Artifact Directory
run: |
mkdir artifacts
mkdir artifacts\appinspector
mkdir artifacts\nupkg
mkdir artifacts\outdated
mkdir artifacts\sbom
mkdir artifacts\snitch
mkdir artifacts\omd
- name: Restore Packages
run: |
dotnet restore ${{ env.solutionpath }} /bl:artifacts\\binlog\\restore.binlog
- name: List Deprecated Packages
run: |
dotnet list ${{ env.solutionpath }} package --deprecated
dotnet list package --deprecated
working-directory: src
# TODO: pipe to text file, echo text file and error level fail build if not empty file?
- name: List Vulnerable Packages
run: |
dotnet list ${{ env.solutionpath }} package --vulnerable
dotnet list package --vulnerable
working-directory: src
- name: NPM package restore
run: |
pushd src\Whipstaff.Example.WebMvcApp\
npm install
popd
- name: Run Sonar Scanner begin
if: env.SONAR_TOKEN != '' && env.SONAR_PROJECT_KEY != '' && env.SONAR_ORGANISATION_KEY != ''
run: |
dotnet sonarscanner begin /k:"${{ env.SONAR_PROJECT_KEY }}" /d:sonar.login="${{ env.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /o:"${{ env.SONAR_ORGANISATION_KEY }}" /d:sonar.cs.opencover.reportsPaths="../artifacts/unittestcoverage/**/*.xml"
working-directory: src
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
SONAR_ORGANISATION_KEY: ${{ secrets.SONAR_ORGANISATION_KEY }}
- name: Run Build
run: |
msbuild /t:build,pack /p:Configuration=Release /maxcpucount /bl:artifacts\\binlog\\build.binlog /p:ContinuousIntegrationBuild=true /p:PackageOutputPath=..\..\artifacts\nuget
working-directory: src
- name: Run Unit Tests
run: |
dotnet test ${{ env.unittestprojectpath }} --configuration Release --no-build /bl:artifacts\\binlog\\unittest.binlog --nologo --logger GitHubActions --blame-hang-timeout 60000 --results-directory artifacts\unittestcoverage --collect:"XPlat Code Coverage" /p:CollectCoverage=true /p:DeterministicSourcePaths=false -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover
- name: Run Sonar Scanner end
if: env.SONAR_TOKEN != '' && env.SONAR_PROJECT_KEY != '' && env.SONAR_ORGANISATION_KEY != ''
run: |
dotnet sonarscanner end /d:sonar.login="${{ env.SONAR_TOKEN }}"
working-directory: src
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
SONAR_ORGANISATION_KEY: ${{ secrets.SONAR_ORGANISATION_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Code Coverage
run: |
Invoke-WebRequest -Uri https://uploader.codecov.io/latest/windows/codecov.exe -Outfile codecov.exe
.\codecov.exe -s 'artifacts/unittestcoverage' -f '*.xml' -v -t '${{ env.CODECOV_TOKEN }}'
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
- name: Report Unit Test Coverage
run: |
$opencoverxmlpath = Get-ChildItem 'artifacts/unittestcoverage/**/*.xml' | Select-Object -First 1
$unitTestCoverage = (Select-Xml -Path $opencoverxmlpath -XPath 'CoverageSession/Summary/@branchCoverage').Node.Value
$coverageMessage = "Unit Test Coverage: $unitTestCoverage"
echo "::notice::$coverageMessage"
echo $coverageMessage >> $GITHUB_STEP_SUMMARY
# integration tests run after sonarscanner and unit test reporting so if the integration tests fail the report still uploads so we can see defects detected by sonarscanner and any unit test coverage issues.
- name: Run Integration Tests
run: |
dotnet test ${{ env.inttestprojectpath }} --configuration Release --no-build /bl:artifacts\\binlog\\inttest.binlog --nologo --logger GitHubActions --blame-hang-timeout 60000 --results-directory artifacts\inttestcoverage --collect:"XPlat Code Coverage" /p:CollectCoverage=true /p:DeterministicSourcePaths=false -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover
- name: Report Integration Test Coverage
run: |
$opencoverxmlpath = Get-ChildItem 'artifacts/inttestcoverage/**/*.xml' | Select-Object -First 1
$intTestCoverage = (Select-Xml -Path $opencoverxmlpath -XPath 'CoverageSession/Summary/@branchCoverage').Node.Value
$coverageMessage = "Integration Test Coverage: $intTestCoverage"
echo "::notice::$coverageMessage"
echo $coverageMessage >> $GITHUB_STEP_SUMMARY
- name: List licenses
run: |
dotnet dotnet-project-licenses -i src --export-license-texts --output-directory artifacts/licenses
- name: Generate SBOM
run: |
dotnet sbom-tool generate -b artifacts/nuget -bc src -pn Whipstaff -pv $Env:NBGV_SimpleVersion -ps "DHGMS Solutions" -nsb https://sbom.dhgms.com -m artifacts\sbom
- name: List outdated packages
run: |
dotnet outdated -o artifacts\outdated\outdated.json src
- name: VirusTotal Monitor Scan
if: ${{ env.VIRUSTOTAL_API_KEY != 0 }}
uses: crazy-max/ghaction-virustotal@v4
with:
vt_api_key: ${{ env.VIRUSTOTAL_API_KEY }}
vt_monitor: true
monitor_path: /ghaction-virustotal
files: |
./artifacts/nuget/*.nupkg
env:
VIRUSTOTAL_API_KEY: ${{ secrets.VIRUSTOTAL_API_KEY }}
- name: Generate App Inspector Report
run: |
dotnet appinspector analyze -s src -f html -o artifacts\appinspector\appinspector.html
# only store binlog on failure
- name: store binlogs
if: ${{ failure() }}
uses: actions/upload-artifact@v4
with:
name: binlogs
path: artifacts/binlog
- name: store unit test coverage
uses: actions/upload-artifact@v4
with:
name: unittestcoverage
path: artifacts/unittestcoverage
- name: store docfx
uses: actions/upload-artifact@v4
with:
name: docfx
path: artifacts/docfx
- name: store nuget packages
uses: actions/upload-artifact@v4
with:
name: nuget
path: artifacts/nuget
- name: store omd
uses: actions/upload-artifact@v4
with:
name: omd
path: artifacts/omd
- name: store licenses
uses: actions/upload-artifact@v4
with:
name: licenses
path: artifacts/licenses
- name: store sbom
uses: actions/upload-artifact@v4
with:
name: sbom
path: artifacts/sbom
- name: store outdated
uses: actions/upload-artifact@v4
with:
name: outdated
path: artifacts/outdated
- name: store snitch
uses: actions/upload-artifact@v4
with:
name: snitch
path: artifacts/snitch
- name: store appinspector
uses: actions/upload-artifact@v4
with:
name: appinspector
path: artifacts/appinspector
release:
runs-on: ubuntu-latest
needs: build
if: contains(github.event.pull_request.labels.*.name, 'release') && github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged == true
env:
DOTNET_CLI_TELEMETRY_OPTOUT: 1
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1
DOTNET_NOLOGO: true
DOTNET_GENERATE_ASPNET_CERTIFICATE: false
steps:
- name: Download NuGet Packages
uses: actions/download-artifact@v4
with:
name: nuget
- name: Changelog
uses: glennawatson/ChangeLog@v1
id: changelog
- name: Create Release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag_name: ${{ needs.build.outputs.nbgv }}
release_name: ${{ needs.build.outputs.nbgv }}
body: |
${{ steps.changelog.outputs.commitLog }}
- name: NuGet Push
env:
NUGET_AUTH_TOKEN: ${{ secrets.NUGET_API_KEY }}
SOURCE_URL: https://api.nuget.org/v3/index.json
run: |
dotnet nuget push -s ${{ env.SOURCE_URL }} -k ${{ env.NUGET_AUTH_TOKEN }} **/*.nupkg