renovate-bot
44fc75aa5f
Some checks failed
PR Workflow / preprocess (pull_request) Successful in 4s
PR Workflow / build (pull_request) Successful in 42s
PR Workflow / sbom-scan (pull_request) Failing after 53s
PR Workflow / container-build (pull_request) Successful in 1m54s
PR Workflow / generate-licences (pull_request) Successful in 1m33s
PR Workflow / container-sbom-scan (pull_request) Failing after 50s
Signed-off-by: noreply@rainote.dev
206 lines
7.4 KiB
YAML
206 lines
7.4 KiB
YAML
name: Build, Package and Push Images
|
|
run-name: ${{ gitea.actor }} is building the Server application
|
|
on:
|
|
push:
|
|
branches:
|
|
- develop
|
|
- master
|
|
paths-ignore:
|
|
- Wiki/**
|
|
- Benchmarks/**
|
|
- .run/**
|
|
|
|
jobs:
|
|
preprocess:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
sanitized_branch_name: ${{ steps.sanitize.outputs.sanitized_branch_name }}
|
|
steps:
|
|
- name: Sanitize branch name
|
|
id: sanitize
|
|
run: echo "::set-output name=sanitized_branch_name::$(echo ${{ github.ref_name }} | sed 's/\//-/g')"
|
|
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup dotnet
|
|
uses: https://github.com/actions/setup-dotnet@v4
|
|
with:
|
|
global-json-file: global.json
|
|
- name: Install dependencies
|
|
run: dotnet restore
|
|
- name: Build
|
|
run: |
|
|
dotnet build Continuity.AuthServer -c Release
|
|
|
|
sonarqube:
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
container: catthehacker/ubuntu:act-latest@sha256:5f2ff408985b10de9da4a8ea735b7f07d4f98c61608180ebb8964deb37f7580a
|
|
if: github.ref_name == 'master'
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup dotnet
|
|
uses: https://github.com/actions/setup-dotnet@v4
|
|
with:
|
|
global-json-file: global.json
|
|
- name: Install dependencies
|
|
run: |
|
|
dotnet restore
|
|
echo "::add-path::$HOME/.dotnet/tools"
|
|
- name: Setup Sonarqube Dependencies
|
|
run: |
|
|
apt-get update
|
|
apt-get install --yes openjdk-18-jre
|
|
dotnet tool install --global dotnet-sonarscanner
|
|
dotnet tool install --global dotnet-coverage
|
|
- name: Sonarqube Begin
|
|
run: |
|
|
dotnet sonarscanner begin /key:"${{ secrets.SONAR_PROJECT_KEY }}" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="${{ secrets.SONAR_HOST_URL }}"
|
|
- name: Sonarqube Scan
|
|
run: |
|
|
dotnet build Continuity.AuthServer -c Release
|
|
# dotnet test --collect "Code Coverage" --logger trx --results-directory "TestsResults"
|
|
# dotnet-coverage collect 'dotnet test' -f xml -o 'coverage.xml'
|
|
- name: Sonarqube End
|
|
run: |
|
|
dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
|
|
|
|
sbom-scan:
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup dotnet
|
|
uses: https://github.com/actions/setup-dotnet@v4
|
|
with:
|
|
global-json-file: global.json
|
|
- name: Install dependencies
|
|
run: |
|
|
dotnet restore
|
|
echo "::add-path::$HOME/.dotnet/tools"
|
|
- name: Setup Dependency Track Dependencies
|
|
run: |
|
|
dotnet tool install --global CycloneDX
|
|
- name: Generate SBOM
|
|
run: |
|
|
dotnet CycloneDX Continuity.AuthServer/Continuity.AuthServer.csproj -o . -dgl
|
|
- name: Upload SBOM
|
|
uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1
|
|
with:
|
|
apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
|
|
serverHostname: ${{ secrets.DEPENDENCY_TRACK_URL }}
|
|
projectName: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }}
|
|
autoCreate: true
|
|
# set projectversion to be the branch name
|
|
projectVersion: ${{ github.ref_name }}
|
|
bomFilename: ${{ github.workspace }}/bom.xml
|
|
|
|
container-build:
|
|
runs-on: ubuntu-latest
|
|
container: catthehacker/ubuntu:act-latest@sha256:5f2ff408985b10de9da4a8ea735b7f07d4f98c61608180ebb8964deb37f7580a
|
|
needs: [build, preprocess]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup dotnet
|
|
uses: https://github.com/actions/setup-dotnet@v4
|
|
with:
|
|
global-json-file: global.json
|
|
# Add support for more platforms with QEMU (optional)
|
|
# https://github.com/docker/setup-qemu-action
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ github.server_url }}
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
|
- name: Build and push
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
file: Continuity.AuthServer/Dockerfile
|
|
push: true
|
|
tags: forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }}
|
|
platforms: linux/amd64,linux/arm64
|
|
- name: Build and push to latest
|
|
if: github.ref_name == 'master'
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
file: Continuity.AuthServer/Dockerfile
|
|
push: true
|
|
tags: forge.rainote.dev/${{ github.repository }}:latest
|
|
platforms: linux/amd64, linux/arm64
|
|
|
|
container-sbom-scan:
|
|
needs: [container-build, preprocess]
|
|
runs-on: ubuntu-latest
|
|
container: catthehacker/ubuntu:act-latest@sha256:5f2ff408985b10de9da4a8ea735b7f07d4f98c61608180ebb8964deb37f7580a
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup dotnet
|
|
uses: https://github.com/actions/setup-dotnet@v4
|
|
with:
|
|
global-json-file: global.json
|
|
- name: Install dependencies
|
|
run: |
|
|
dotnet restore
|
|
echo "::add-path::$HOME/.dotnet/tools"
|
|
- name: Setup Dependency Track Dependencies
|
|
run: |
|
|
mkdir ~/.docker
|
|
curl -sSfL https://raw.githubusercontent.com/docker/sbom-cli-plugin/main/install.sh | sh -s --
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ github.server_url }}
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
|
- name: Generate SBOM
|
|
run: |
|
|
echo forge.rainote.dev/${{ github.repository }}
|
|
echo forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }}
|
|
docker pull forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }}
|
|
docker sbom -D forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name }} --format cyclonedx-json --output container-bom.json
|
|
- name: Upload SBOM
|
|
uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1
|
|
with:
|
|
apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
|
|
serverHostname: ${{ secrets.DEPENDENCY_TRACK_URL }}
|
|
projectName: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }}-container
|
|
autoCreate: true
|
|
# set projectversion to be the branch name
|
|
projectVersion: ${{ github.ref_name }}
|
|
bomFilename: ${{ github.workspace }}/container-bom.json
|
|
|
|
generate-licences:
|
|
needs: [build, preprocess]
|
|
runs-on: ubuntu-latest
|
|
container: catthehacker/ubuntu:act-latest@sha256:5f2ff408985b10de9da4a8ea735b7f07d4f98c61608180ebb8964deb37f7580a
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup dotnet
|
|
uses: https://github.com/actions/setup-dotnet@v4
|
|
with:
|
|
dotnet-version: |
|
|
7.0
|
|
8.0
|
|
- name: Install dependencies
|
|
run: |
|
|
dotnet restore
|
|
echo "::add-path::$HOME/.dotnet/tools"
|
|
- name: Install nuget-license
|
|
run: dotnet tool install --global dotnet-project-licenses
|
|
- name: Export licenses
|
|
run: dotnet-project-licenses -i . -u --projects-filter projects_ignore_licenses.json -m -j -e -f licenses
|
|
- name: Upload licenses
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: licenses
|
|
path: licenses
|
|
retention-days: 31
|