diff --git a/.gitea/workflows/docs.yaml b/.gitea/workflows/docs.yaml index 84f6d25..886be3e 100644 --- a/.gitea/workflows/docs.yaml +++ b/.gitea/workflows/docs.yaml @@ -2,6 +2,9 @@ name: Build documentation run-name: ${{ gitea.actor }} is building the Wiki documentation on: push: + branches: + - develop + - master paths: - Wiki/** - Wiki.Dockerfile diff --git a/.gitea/workflows/server.yaml b/.gitea/workflows/server.yaml index ab8a370..1b10a16 100644 --- a/.gitea/workflows/server.yaml +++ b/.gitea/workflows/server.yaml @@ -9,16 +9,6 @@ on: - Wiki/** - Benchmarks/** - .run/** - pull_request: - types: - - ready_for_review - - edited - - opened - - reopened - paths-ignore: - - Wiki/** - - Benchmarks/** - - .run/** jobs: preprocess: diff --git a/.gitea/workflows/server_pr.yaml b/.gitea/workflows/server_pr.yaml new file mode 100644 index 0000000..808e691 --- /dev/null +++ b/.gitea/workflows/server_pr.yaml @@ -0,0 +1,175 @@ +name: PR Workflow +run-name: ${{ gitea.actor }} PR related workflow +on: + pull_request: + types: + - ready_for_review + - edited + - opened + - reopened + paths-ignore: + - Wiki/** + - Benchmarks/** + - .run/** + +jobs: + preprocess: + runs-on: ubuntu-latest + outputs: + sanitized_branch_name: ${{ steps.sanitize.outputs.sanitized_branch_name }} + steps: + - name: Sanitize branch name + id: sanitize + run: echo "::set-output name=sanitized_branch_name::$(echo ${{ github.ref_name }} | sed 's/\//-/g')" + + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Setup dotnet + uses: https://github.com/actions/setup-dotnet@v3 + with: + global-json-file: global.json + - name: Install dependencies + run: dotnet restore + - name: Build + run: | + dotnet build Continuity.AuthServer -c Release + + sbom-scan: + needs: build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Setup dotnet + uses: https://github.com/actions/setup-dotnet@v3 + with: + global-json-file: global.json + - name: Install dependencies + run: | + dotnet restore + echo "::add-path::$HOME/.dotnet/tools" + - name: Setup Dependency Track Dependencies + run: | + dotnet tool install --global CycloneDX + - name: Generate SBOM + run: | + dotnet CycloneDX Continuity.AuthServer/Continuity.AuthServer.csproj -o . -dgl + - name: Upload SBOM + uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1 + with: + apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }} + serverHostname: ${{ secrets.DEPENDENCY_TRACK_URL }} + projectName: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }} + autoCreate: true + # set projectversion to be the branch name + projectVersion: ${{ github.ref_name }} + bomFilename: ${{ github.workspace }}/bom.xml + + container-build: + runs-on: ubuntu-latest + container: catthehacker/ubuntu:act-latest + needs: [ build, preprocess ] + steps: + - uses: actions/checkout@v4 + - name: Setup dotnet + uses: https://github.com/actions/setup-dotnet@v3 + with: + global-json-file: global.json + # Add support for more platforms with QEMU (optional) + # https://github.com/docker/setup-qemu-action + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + registry: ${{ github.server_url }} + username: ${{ github.actor }} + password: ${{ secrets.REGISTRY_TOKEN }} + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + file: Continuity.AuthServer/Dockerfile + push: true + tags: forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }} + platforms: linux/amd64,linux/arm64 + - name: Build and push to latest + if: github.ref_name == 'master' + uses: docker/build-push-action@v5 + with: + context: . + file: Continuity.AuthServer/Dockerfile + push: true + tags: forge.rainote.dev/${{ github.repository }}:latest + platforms: linux/amd64, linux/arm64 + + container-sbom-scan: + needs: [ container-build, preprocess ] + runs-on: ubuntu-latest + container: catthehacker/ubuntu:act-latest + steps: + - uses: actions/checkout@v4 + - name: Setup dotnet + uses: https://github.com/actions/setup-dotnet@v3 + with: + global-json-file: global.json + - name: Install dependencies + run: | + dotnet restore + echo "::add-path::$HOME/.dotnet/tools" + - name: Setup Dependency Track Dependencies + run: | + mkdir ~/.docker + curl -sSfL https://raw.githubusercontent.com/docker/sbom-cli-plugin/main/install.sh | sh -s -- + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + registry: ${{ github.server_url }} + username: ${{ github.actor }} + password: ${{ secrets.REGISTRY_TOKEN }} + - name: Generate SBOM + run: | + echo forge.rainote.dev/${{ github.repository }} + echo forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }} + docker pull forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }} + docker sbom -D forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }} --format cyclonedx-json --output container-bom.json + - name: Upload SBOM + uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1 + with: + apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }} + serverHostname: ${{ secrets.DEPENDENCY_TRACK_URL }} + projectName: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }}-container + autoCreate: true + # set projectversion to be the branch name + projectVersion: ${{ github.ref_name }} + bomFilename: ${{ github.workspace }}/container-bom.json + + generate-licences: + needs: [ build, preprocess ] + runs-on: ubuntu-latest + container: catthehacker/ubuntu:act-latest + steps: + - uses: actions/checkout@v4 + - name: Setup dotnet + uses: https://github.com/actions/setup-dotnet@v3 + with: + dotnet-version: | + 7.0 + 8.0 + - name: Install dependencies + run: | + dotnet restore + echo "::add-path::$HOME/.dotnet/tools" + - name: Install nuget-license + run: dotnet tool install --global dotnet-project-licenses + - name: Export licenses + run: dotnet-project-licenses -i . -u --projects-filter projects_ignore_licenses.json -m -j -e -f licenses + - name: Upload licenses + uses: actions/upload-artifact@v3 + with: + name: licenses + path: licenses + retention-days: 31