name: PR Workflow run-name: ${{ gitea.actor }} PR related workflow on: pull_request: paths-ignore: - Wiki/** - Benchmarks/** - .run/** jobs: preprocess: runs-on: ubuntu-latest outputs: sanitized_branch_name: ${{ steps.sanitize.outputs.sanitized_branch_name }} steps: - name: Sanitize branch name id: sanitize run: echo "::set-output name=sanitized_branch_name::$(echo ${{ github.ref_name }} | sed 's/\//-/g')" build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup dotnet uses: https://github.com/actions/setup-dotnet@v3 with: global-json-file: global.json - name: Install dependencies run: dotnet restore - name: Build run: | dotnet build Continuity.AuthServer -c Release sbom-scan: needs: build runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup dotnet uses: https://github.com/actions/setup-dotnet@v3 with: global-json-file: global.json - name: Install dependencies run: | dotnet restore echo "::add-path::$HOME/.dotnet/tools" - name: Setup Dependency Track Dependencies run: | dotnet tool install --global CycloneDX - name: Generate SBOM run: | dotnet CycloneDX Continuity.AuthServer/Continuity.AuthServer.csproj -o . -dgl - name: Upload SBOM uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1 with: apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }} serverHostname: ${{ secrets.DEPENDENCY_TRACK_URL }} projectName: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }} autoCreate: true # set projectversion to be the branch name projectVersion: ${{ github.ref_name }} bomFilename: ${{ github.workspace }}/bom.xml container-build: runs-on: ubuntu-latest container: catthehacker/ubuntu:act-latest@sha256:5f2ff408985b10de9da4a8ea735b7f07d4f98c61608180ebb8964deb37f7580a needs: [ build, preprocess ] steps: - uses: actions/checkout@v4 - name: Setup dotnet uses: https://github.com/actions/setup-dotnet@v3 with: global-json-file: global.json # Add support for more platforms with QEMU (optional) # https://github.com/docker/setup-qemu-action - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub uses: docker/login-action@v3 with: registry: ${{ github.server_url }} username: ${{ github.actor }} password: ${{ secrets.REGISTRY_TOKEN }} - name: Build and push uses: docker/build-push-action@v5 with: context: . file: Continuity.AuthServer/Dockerfile push: true tags: forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }} platforms: linux/amd64,linux/arm64 - name: Build and push to latest if: github.ref_name == 'master' uses: docker/build-push-action@v5 with: context: . file: Continuity.AuthServer/Dockerfile push: true tags: forge.rainote.dev/${{ github.repository }}:latest platforms: linux/amd64, linux/arm64 container-sbom-scan: needs: [ container-build, preprocess ] runs-on: ubuntu-latest container: catthehacker/ubuntu:act-latest@sha256:5f2ff408985b10de9da4a8ea735b7f07d4f98c61608180ebb8964deb37f7580a steps: - uses: actions/checkout@v4 - name: Setup dotnet uses: https://github.com/actions/setup-dotnet@v3 with: global-json-file: global.json - name: Install dependencies run: | dotnet restore echo "::add-path::$HOME/.dotnet/tools" - name: Setup Dependency Track Dependencies run: | mkdir ~/.docker curl -sSfL https://raw.githubusercontent.com/docker/sbom-cli-plugin/main/install.sh | sh -s -- - name: Login to Docker Hub uses: docker/login-action@v3 with: registry: ${{ github.server_url }} username: ${{ github.actor }} password: ${{ secrets.REGISTRY_TOKEN }} - name: Generate SBOM run: | echo forge.rainote.dev/${{ github.repository }} echo forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }} docker pull forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }} docker sbom -D forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }} --format cyclonedx-json --output container-bom.json - name: Upload SBOM uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1 with: apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }} serverHostname: ${{ secrets.DEPENDENCY_TRACK_URL }} projectName: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }}-container autoCreate: true # set projectversion to be the branch name projectVersion: ${{ github.ref_name }} bomFilename: ${{ github.workspace }}/container-bom.json generate-licences: needs: [ build, preprocess ] runs-on: ubuntu-latest container: catthehacker/ubuntu:act-latest@sha256:5f2ff408985b10de9da4a8ea735b7f07d4f98c61608180ebb8964deb37f7580a steps: - uses: actions/checkout@v4 - name: Setup dotnet uses: https://github.com/actions/setup-dotnet@v3 with: dotnet-version: | 7.0 8.0 - name: Install dependencies run: | dotnet restore echo "::add-path::$HOME/.dotnet/tools" - name: Install nuget-license run: dotnet tool install --global dotnet-project-licenses - name: Export licenses run: dotnet-project-licenses -i . -u --projects-filter projects_ignore_licenses.json -m -j -e -f licenses - name: Upload licenses uses: actions/upload-artifact@v3 with: name: licenses path: licenses retention-days: 31