name: Build, Package and Push Images
run-name: ${{ gitea.actor }} is building the Server application
on: [ push ]
jobs:
preprocess:
runs-on: ubuntu-latest
outputs:
sanitized_branch_name: ${{ steps.sanitize.outputs.sanitized_branch_name }}
steps:
- name: Sanitize branch name
id: sanitize
run: echo "::set-output name=sanitized_branch_name::$(echo ${{ github.ref_name }} | sed 's/\//-/g')"
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup dotnet
uses: https://github.com/actions/setup-dotnet@v3
with:
dotnet-version: 8.0
- name: Install dependencies
run: dotnet restore
- name: Build
run: |
dotnet build Server -c Release
# dotnet test Server.Tests -c Release
sonarqube:
needs: build
runs-on: ubuntu-latest
if: github.ref_name == 'master'
steps:
- uses: actions/checkout@v3
- name: Setup dotnet
uses: https://github.com/actions/setup-dotnet@v3
with:
dotnet-version: 8.0
- name: Install dependencies
run: |
dotnet restore
echo "::add-path::$HOME/.dotnet/tools"
- name: Setup Sonarqube Dependencies
run: |
apt-get update
apt-get install --yes openjdk-11-jre
dotnet tool install --global dotnet-sonarscanner
dotnet tool install --global dotnet-coverage
- name: Sonarqube Begin
run: |
dotnet sonarscanner begin /key:"${{ secrets.SONAR_PROJECT_KEY }}" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="${{ secrets.SONAR_HOST_URL }}"
- name: Sonarqube Scan
run: |
dotnet build Server -c Release
# dotnet test --collect "Code Coverage" --logger trx --results-directory "TestsResults"
# dotnet-coverage collect 'dotnet test' -f xml -o 'coverage.xml'
- name: Sonarqube End
run: |
dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
sbom-scan:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup dotnet
uses: https://github.com/actions/setup-dotnet@v3
with:
dotnet-version: |
7.0
8.0
- name: Install dependencies
run: |
dotnet restore
echo "::add-path::$HOME/.dotnet/tools"
- name: Setup Dependency Track Dependencies
run: |
dotnet tool install --global CycloneDX
- name: Generate SBOM
run: |
dotnet CycloneDX Server/Server.csproj -o . -dgl
- name: Upload SBOM
uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1
with:
apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
serverHostname: ${{ secrets.DEPENDENCY_TRACK_URL }}
projectName: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }}
autoCreate: true
# set projectversion to be the branch name
projectVersion: "${{ github.ref_name }}"
bomFilename: "${{ github.workspace }}/bom.xml"
container-build:
runs-on: ubuntu-latest
container: catthehacker/ubuntu:act-latest
needs: [ build, preprocess ]
steps:
- uses: actions/checkout@v3
- name: Setup dotnet
uses: https://github.com/actions/setup-dotnet@v3
with:
dotnet-version: 8.0
# Add support for more platforms with QEMU (optional)
# https://github.com/docker/setup-qemu-action
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
registry: ${{ github.server_url }}
username: ${{ github.actor }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: Server/Dockerfile
push: true
tags: forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }}
platforms: linux/amd64,linux/arm64
- name: Build and push to latest
if: github.ref_name == 'master'
uses: docker/build-push-action@v5
with:
context: .
file: Server/Dockerfile
push: true
tags: forge.rainote.dev/${{ github.repository }}:latest
platforms: linux/amd64, linux/arm64
container-sbom-scan:
needs: [ container-build, preprocess ]
runs-on: ubuntu-latest
container: catthehacker/ubuntu:act-latest
steps:
- uses: actions/checkout@v3
- name: Setup dotnet
uses: https://github.com/actions/setup-dotnet@v3
with:
dotnet-version: 8.0
- name: Install dependencies
run: |
dotnet restore
echo "::add-path::$HOME/.dotnet/tools"
- name: Setup Dependency Track Dependencies
run: |
mkdir ~/.docker
curl -sSfL https://raw.githubusercontent.com/docker/sbom-cli-plugin/main/install.sh | sh -s --
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
registry: ${{ github.server_url }}
username: ${{ github.actor }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Generate SBOM
run: |
docker sbom forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }} --format cyclonedx-json --output bom.json
- name: Upload SBOM
uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1
with:
apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
serverHostname: ${{ secrets.DEPENDENCY_TRACK_URL }}
projectName: "${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }}-container"
autoCreate: true
# set projectversion to be the branch name
projectVersion: "${{ github.ref_name }}"
bomFilename: "${{ github.workspace }}/bom.json"