continuity/.gitea/workflows/server.yaml

name: Build, Package and Push Images
run-name: ${{ gitea.actor }} is building the Server application
on:
  push:
    branches:
      - develop
      - master
    paths-ignore:
    - Wiki/**
    - Benchmarks/**
    - .run/**

jobs:
  preprocess:
    runs-on: ubuntu-latest
    outputs:
      sanitized_branch_name: ${{ steps.sanitize.outputs.sanitized_branch_name }}
    steps:
    - name: Sanitize branch name
      id: sanitize
      run: echo "::set-output name=sanitized_branch_name::$(echo ${{ github.ref_name }} | sed 's/\//-/g')"

  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: Setup dotnet
      uses: https://github.com/actions/setup-dotnet@v3
      with:
        global-json-file: global.json
    - name: Install dependencies
      run: dotnet restore
    - name: Build
      run: |
        dotnet build Continuity.AuthServer -c Release        

  sonarqube:
    needs: build
    runs-on: ubuntu-latest
    container: catthehacker/ubuntu:act-latest@sha256:be6661897e8b51abab7e30728b387475dcb340da5ebf13a53965ef7c642034ff
    if: github.ref_name == 'master'
    steps:
    - uses: actions/checkout@v4
    - name: Setup dotnet
      uses: https://github.com/actions/setup-dotnet@v3
      with:
        global-json-file: global.json
    - name: Install dependencies
      run: |
        dotnet restore
        echo "::add-path::$HOME/.dotnet/tools"        
    - name: Setup Sonarqube Dependencies
      run: |
        apt-get update
        apt-get install --yes openjdk-18-jre
        dotnet tool install --global dotnet-sonarscanner
        dotnet tool install --global dotnet-coverage        
    - name: Sonarqube Begin
      run: |
        dotnet sonarscanner begin /key:"${{ secrets.SONAR_PROJECT_KEY }}" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="${{ secrets.SONAR_HOST_URL }}"        
    - name: Sonarqube Scan
      run: |
        dotnet build Continuity.AuthServer -c Release        
       #         dotnet test --collect "Code Coverage" --logger trx --results-directory "TestsResults"
        #         dotnet-coverage collect 'dotnet test' -f xml  -o 'coverage.xml'
    - name: Sonarqube End
      run: |
        dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"        

  sbom-scan:
    needs: build
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: Setup dotnet
      uses: https://github.com/actions/setup-dotnet@v3
      with:
        global-json-file: global.json
    - name: Install dependencies
      run: |
        dotnet restore
        echo "::add-path::$HOME/.dotnet/tools"        
    - name: Setup Dependency Track Dependencies
      run: |
        dotnet tool install --global CycloneDX        
    - name: Generate SBOM
      run: |
        dotnet CycloneDX Continuity.AuthServer/Continuity.AuthServer.csproj -o . -dgl        
    - name: Upload SBOM
      uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1
      with:
        apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
        serverHostname: ${{ secrets.DEPENDENCY_TRACK_URL }}
        projectName: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }}
        autoCreate: true
        # set projectversion to be the branch name
        projectVersion: ${{ github.ref_name }}
        bomFilename: ${{ github.workspace }}/bom.xml

  container-build:
    runs-on: ubuntu-latest
    container: catthehacker/ubuntu:act-latest@sha256:be6661897e8b51abab7e30728b387475dcb340da5ebf13a53965ef7c642034ff
    needs: [build, preprocess]
    steps:
    - uses: actions/checkout@v4
    - name: Setup dotnet
      uses: https://github.com/actions/setup-dotnet@v3
      with:
        global-json-file: global.json
        # Add support for more platforms with QEMU (optional)
        # https://github.com/docker/setup-qemu-action
    - name: Set up QEMU
      uses: docker/setup-qemu-action@v3
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3
    - name: Login to Docker Hub
      uses: docker/login-action@v3
      with:
        registry: ${{ github.server_url }}
        username: ${{ github.actor }}
        password: ${{ secrets.REGISTRY_TOKEN }}
    - name: Build and push
      uses: docker/build-push-action@v5
      with:
        context: .
        file: Continuity.AuthServer/Dockerfile
        push: true
        tags: forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name  }}
        platforms: linux/amd64,linux/arm64
    - name: Build and push to latest
      if: github.ref_name == 'master'
      uses: docker/build-push-action@v5
      with:
        context: .
        file: Continuity.AuthServer/Dockerfile
        push: true
        tags: forge.rainote.dev/${{ github.repository }}:latest
        platforms: linux/amd64, linux/arm64

  container-sbom-scan:
    needs: [container-build, preprocess]
    runs-on: ubuntu-latest
    container: catthehacker/ubuntu:act-latest@sha256:be6661897e8b51abab7e30728b387475dcb340da5ebf13a53965ef7c642034ff
    steps:
    - uses: actions/checkout@v4
    - name: Setup dotnet
      uses: https://github.com/actions/setup-dotnet@v3
      with:
        global-json-file: global.json
    - name: Install dependencies
      run: |
        dotnet restore
        echo "::add-path::$HOME/.dotnet/tools"        
    - name: Setup Dependency Track Dependencies
      run: |
        mkdir ~/.docker
        curl -sSfL https://raw.githubusercontent.com/docker/sbom-cli-plugin/main/install.sh | sh -s --        
    - name: Login to Docker Hub
      uses: docker/login-action@v3
      with:
        registry: ${{ github.server_url }}
        username: ${{ github.actor }}
        password: ${{ secrets.REGISTRY_TOKEN }}
    - name: Generate SBOM
      run: |
        echo forge.rainote.dev/${{ github.repository }}
        echo forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name  }}
        docker pull forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name  }}
        docker sbom -D forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name  }} --format cyclonedx-json --output container-bom.json        
    - name: Upload SBOM
      uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1
      with:
        apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
        serverHostname: ${{ secrets.DEPENDENCY_TRACK_URL }}
        projectName: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }}-container
        autoCreate: true
          # set projectversion to be the branch name
        projectVersion: ${{ github.ref_name }}
        bomFilename: ${{ github.workspace }}/container-bom.json

  generate-licences:
    needs: [build, preprocess]
    runs-on: ubuntu-latest
    container: catthehacker/ubuntu:act-latest@sha256:be6661897e8b51abab7e30728b387475dcb340da5ebf13a53965ef7c642034ff
    steps:
      - uses: actions/checkout@v4
      - name: Setup dotnet
        uses: https://github.com/actions/setup-dotnet@v3
        with:
          dotnet-version: |
            7.0
            8.0            
      - name: Install dependencies
        run: |
          dotnet restore
          echo "::add-path::$HOME/.dotnet/tools"          
      - name: Install nuget-license
        run: dotnet tool install --global dotnet-project-licenses
      - name: Export licenses
        run: dotnet-project-licenses -i . -u --projects-filter projects_ignore_licenses.json -m -j -e -f licenses
      - name: Upload licenses
        uses: actions/upload-artifact@v3
        with:
          name: licenses
          path: licenses
          retention-days: 31