name: Build, Package and Push Images run-name: ${{ }} is building the Server application on: [ push ] env: # Name of module and id separated by a slash INSTANCE: Wiki/wiki # Replace HI with the ID of the instance in capital letters ARTIFACT: # Writerside docker image version DOCKER_VERSION: 232.10165.1 ALGOLIA_ARTIFACT: jobs: preprocess: runs-on: ubuntu-latest outputs: sanitized_branch_name: ${{ steps.sanitize.outputs.sanitized_branch_name }} steps: - name: Sanitize branch name id: sanitize run: echo "::set-output name=sanitized_branch_name::$(echo ${{ github.ref_name }} | sed 's/\//-/g')" docs: runs-on: ubuntu-latest container:${{env.DOCKER_VERSION}} steps: - name: Install basic dependencies run: | wget -qO- | bash export NVM_DIR="$HOME/.nvm" echo "$NVM_DIR" >> $GITHUB_PATH [ -s "$NVM_DIR/" ] && \. "$NVM_DIR/" export PATH="$NVM_DIR:$PATH" export GITHUB_PATH="$NVM_DIR:$GITHUB_PATH" nvm install 18 nvm use 18 - name: Checkout repository uses: - name: Build docs run: | set -e export DISPLAY=:99 Xvfb :99 & /opt/builder/bin/ helpbuilderinspect -source-dir . -product ${{env.INSTANCE}} -output-dir artifacts/ || true echo "Test existing of ${{ env.ARTIFACT }} artifact" test -e artifacts/${{ env.ARTIFACT }} - name: rename artifact run: | mv artifacts/${{ env.ARTIFACT }} artifacts/ - name: Upload documentation uses: actions/upload-artifact@v3 with: name: docs path: artifacts/ retention-days: 14 - name: Upload algolia-indexes uses: actions/upload-artifact@v3 with: name: algolia-indexes path: artifacts/${{ env.ALGOLIA_ARTIFACT }} retention-days: 14 build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Setup dotnet uses: with: dotnet-version: 8.0 - name: Install dependencies run: dotnet restore - name: Build run: | dotnet build Server -c Release # dotnet test Server.Tests -c Release sonarqube: needs: build runs-on: ubuntu-latest if: github.ref_name == 'master' steps: - uses: actions/checkout@v3 - name: Setup dotnet uses: with: dotnet-version: 8.0 - name: Install dependencies run: | dotnet restore echo "::add-path::$HOME/.dotnet/tools" - name: Setup Sonarqube Dependencies run: | apt-get update apt-get install --yes openjdk-11-jre dotnet tool install --global dotnet-sonarscanner dotnet tool install --global dotnet-coverage - name: Sonarqube Begin run: | dotnet sonarscanner begin /key:"${{ secrets.SONAR_PROJECT_KEY }}" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /"${{ secrets.SONAR_HOST_URL }}" - name: Sonarqube Scan run: | dotnet build Server -c Release # dotnet test --collect "Code Coverage" --logger trx --results-directory "TestsResults" # dotnet-coverage collect 'dotnet test' -f xml -o 'coverage.xml' - name: Sonarqube End run: | dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}" sbom-scan: needs: build runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Setup dotnet uses: with: dotnet-version: | 7.0 8.0 - name: Install dependencies run: | dotnet restore echo "::add-path::$HOME/.dotnet/tools" - name: Setup Dependency Track Dependencies run: | dotnet tool install --global CycloneDX - name: Generate SBOM run: | dotnet CycloneDX Server/Server.csproj -o . -dgl - name: Upload SBOM uses: with: apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }} serverHostname: ${{ secrets.DEPENDENCY_TRACK_URL }} projectName: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }} autoCreate: true # set projectversion to be the branch name projectVersion: "${{ github.ref_name }}" bomFilename: "${{ github.workspace }}/bom.xml" container-build: runs-on: ubuntu-latest container: catthehacker/ubuntu:act-latest needs: [ build, preprocess ] steps: - uses: actions/checkout@v3 - name: Setup dotnet uses: with: dotnet-version: 8.0 # Add support for more platforms with QEMU (optional) # - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub uses: docker/login-action@v3 with: registry: ${{ github.server_url }} username: ${{ }} password: ${{ secrets.REGISTRY_TOKEN }} - name: Build and push uses: docker/build-push-action@v5 with: context: . file: Server/Dockerfile push: true tags:${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }} platforms: linux/amd64,linux/arm64 - name: Build and push to latest if: github.ref_name == 'master' uses: docker/build-push-action@v5 with: context: . file: Server/Dockerfile push: true tags:${{ github.repository }}:latest platforms: linux/amd64, linux/arm64 container-sbom-scan: needs: [ container-build, preprocess ] runs-on: ubuntu-latest container: catthehacker/ubuntu:act-latest steps: - uses: actions/checkout@v3 - name: Setup dotnet uses: with: dotnet-version: 8.0 - name: Install dependencies run: | dotnet restore echo "::add-path::$HOME/.dotnet/tools" - name: Setup Dependency Track Dependencies run: | mkdir ~/.docker curl -sSfL | sh -s -- - name: Login to Docker Hub uses: docker/login-action@v3 with: registry: ${{ github.server_url }} username: ${{ }} password: ${{ secrets.REGISTRY_TOKEN }} - name: Generate SBOM run: | echo${{ github.repository }} echo${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }} docker pull${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }} docker sbom -D${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }} --format cyclonedx-json --output container-bom.json - name: Upload SBOM uses: with: apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }} serverHostname: ${{ secrets.DEPENDENCY_TRACK_URL }} projectName: "${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }}-container" autoCreate: true # set projectversion to be the branch name projectVersion: "${{ github.ref_name }}" bomFilename: "${{ github.workspace }}/container-bom.json"