Skip to content

Commit

Permalink
Regular workflows
Browse files Browse the repository at this point in the history
  • Loading branch information
@rafaelschlatter
rafaelschlatter committed Jun 19, 2024
1 parent 6b130ca commit 348ee90
Show file tree
Hide file tree
Showing 3 changed files with 167 additions and 14 deletions.
128 changes: 118 additions & 10 deletions .github/workflows/dotnet.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,122 @@ on:
pull_request:
types: [ closed ]

env:
PRERELEASE_BRANCHES: experimental,alpha,beta,rc
DOCKER_IMAGE_REGISTRY_PATH: ${{ secrets.RAAEDGE_LOGIN_SERVER }}/connectors-opcua
COVERAGE_FOLDER: Coverage

jobs:
dotnet:
uses: RaaLabs/reusable-workflows/.github/workflows/dotnet-build.yml@main
with:
IMAGE_NAME: 'connectors-opcua'
secrets:
DOCKER_REGISTRY_LOGIN_SERVER: ${{ secrets.RAAEDGE_LOGIN_SERVER }}
DOCKER_REGISTRY_USERNAME: ${{ secrets.RAAEDGE_ACR_USERNAME }}
DOCKER_REGISTRY_PASSWORD: ${{ secrets.RAAEDGE_ACR_PASSWORD }}
NUGET_GITHUB_PACKAGES_TOKEN: ${{ secrets.NUGET_GITHUB_PACKAGES_TOKEN }}
NUGET_GITHUB_PACKAGES_USERNAME: ${{ secrets.NUGET_GITHUB_PACKAGES_USERNAME }}
ci:
name: 'build'
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
- uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.0.x'
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3

- name: Add private Nuget feed
run: dotnet nuget add source --username ${{ secrets.NUGET_GITHUB_PACKAGES_USERNAME }} --password ${{ secrets.NUGET_GITHUB_PACKAGES_TOKEN }} --store-password-in-clear-text --name "githubpackagesnuget" "https://nuget.pkg.github.com/RaaLabs/index.json"

- name: Install dependencies
run: dotnet restore --no-cache --verbosity normal
- name: Build
run: dotnet build --no-restore --configuration Release
- name: Test and report coverage
run: dotnet test --configuration Release --no-build /p:CollectCoverage=true /p:CoverletOutput=${{ github.workspace }}/${{ env.COVERAGE_FOLDER }}/ /p:MergeWith=${{ github.workspace }}/${{ env.COVERAGE_FOLDER }}/coverage/ /p:CoverletOutputFormat=opencover

- name: 'ACR login'
uses: azure/docker-login@v2
with:
login-server: ${{ secrets.RAAEDGE_LOGIN_SERVER }}
username: ${{ secrets.RAAEDGE_ACR_USERNAME }}
password: ${{ secrets.RAAEDGE_ACR_PASSWORD }}

- name: Establish context
id: context
uses: dolittle/establish-context-action@v2
with:
prerelease-branches: ${{ env.PRERELEASE_BRANCHES }}

- uses: hadolint/[email protected]
with:
dockerfile: ./Source/Dockerfile
failure-threshold: error

- name: Docker Build
uses: docker/build-push-action@v5
if: ${{ steps.context.outputs.should-publish == 'false' }}
with:
push: false
no-cache: true
context: .
file: ./Source/Dockerfile
build-args: |
CONFIGURATION=Release
secrets: |
NUGET_GITHUB_PACKAGES_USERNAME=${{ secrets.NUGET_GITHUB_PACKAGES_USERNAME }}
NUGET_GITHUB_PACKAGES_TOKEN=${{ secrets.NUGET_GITHUB_PACKAGES_TOKEN }}
platforms: linux/amd64
tags: ${{ env.DOCKER_IMAGE_REGISTRY_PATH }}:latest

- name: Increment version
id: increment-version
if: ${{ steps.context.outputs.should-publish == 'true' }}
uses: dolittle/increment-version-action@v2
with:
version: ${{ steps.context.outputs.current-version }}
release-type: ${{ steps.context.outputs.release-type }}

- name: Docker push
uses: docker/build-push-action@v5
if: ${{ steps.context.outputs.should-publish == 'true' && inputs.IMAGE_NAME != '' }}
with:
push: true
no-cache: true
context: .
file: ./Source/Dockerfile
build-args: |
CONFIGURATION=Release
secrets: |
NUGET_GITHUB_PACKAGES_USERNAME=${{ secrets.NUGET_GITHUB_PACKAGES_USERNAME }}
NUGET_GITHUB_PACKAGES_TOKEN=${{ secrets.NUGET_GITHUB_PACKAGES_TOKEN }}
platforms: linux/amd64
tags: |
${{ env.DOCKER_IMAGE_REGISTRY_PATH }}:${{ steps.increment-version.outputs.next-version }}
${{ env.DOCKER_IMAGE_REGISTRY_PATH }}:latest
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.DOCKER_IMAGE_REGISTRY_PATH }}:latest
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'
scanners: 'vuln,secret'

- name: Docker logout
if: always()
run: |
docker logout ${{ secrets.RAAEDGE_LOGIN_SERVER }}
docker logout ${{ secrets.RAAEDGE_LOGIN_SERVER_2 }}
- name: Create GitHub Release
uses: dolittle/github-release-action@v2
if: ${{ steps.context.outputs.should-publish == 'true' }}
with:
cascading-release: ${{ steps.context.outputs.cascading-release }}
version: ${{ steps.increment-version.outputs.next-version }}
body: ${{ steps.context.outputs.pr-body }}

outputs:
should-publish: ${{ steps.context.outputs.should-publish }}
current-version: ${{ steps.context.outputs.current-version }}
release-type: ${{ steps.context.outputs.release-type }}
version: ${{ steps.increment-version.outputs.next-version }}
cascading-release: ${{ steps.context.outputs.cascading-release }}
43 changes: 39 additions & 4 deletions .github/workflows/sonarcloud.yml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,46 @@
name: Sonarcloud
name: 'sonarcloud'

on:
push:
branches:
- '**'

jobs:
sonarcloud:
uses: RaaLabs/reusable-workflows/.github/workflows/dotnet-sonarcloud.yml@main
secrets: inherit
ci:
name: Sonarcloud
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.x'
- name: Add private Nuget feed
run: dotnet nuget add source --username ${{ secrets.NUGET_GITHUB_PACKAGES_USERNAME }} --password ${{ secrets.NUGET_GITHUB_PACKAGES_TOKEN }} --store-password-in-clear-text --name "githubpackagesnuget" "https://nuget.pkg.github.com/RaaLabs/index.json"
- name: Check that Coverlet is installed
run: |
if ! dotnet sln list | tail -n+3 | grep -qE '(Test|Specs)' ; then
echo "No test projects found in the solution."
exit 0
fi
dotnet restore ${{ inputs.target }}
DEPENDENCIES=$(dotnet list package --include-transitive --format=json | jq -r '.projects[].frameworks[] | .topLevelPackages + .transitivePackages | select(.) | map(.id) | .[]')
if ! grep -q "coverlet.collector" <<<$DEPENDENCIES ; then
echo "The 'coverlet.collector' package is required to make code coverage work."
echo "Please add it by running 'dotnet add package coverlet.collector' in your test project."
exit 1
fi
- name: Run tests using SonarScanner and report results
uses: highbyte/[email protected]
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
sonarOrganization: raalabs
sonarProjectName: ${{ github.event.repository.name }}
sonarProjectKey: RaaLabs_${{ github.event.repository.name }}
dotnetPreBuildCmd: dotnet nuget add source --username ${{ secrets.NUGET_GITHUB_PACKAGES_USERNAME }} --password ${{ secrets.NUGET_GITHUB_PACKAGES_TOKEN }} --store-password-in-clear-text --name "githubpackagesnuget" "https://nuget.pkg.github.com/RaaLabs/index.json"
sonarBeginArguments: /d:sonar.cs.opencover.reportsPaths="**/TestResults/**/coverage.opencover.xml" -d:sonar.cs.vstest.reportsPaths="**/TestResults/*.trx"
dotnetBuildArguments: ${{ inputs.target }}
dotnetTestArguments: ${{ inputs.target }} --logger trx --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover || true
10 changes: 10 additions & 0 deletions dockerize.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Docker container needs to be build with `docker build` command, because Docker compose does not
# allow secrets from environmental variables to be passed to the build context

export NUGET_GITHUB_PACKAGES_USERNAME=
export NUGET_GITHUB_PACKAGES_TOKEN= # GitHub token needs to have read right for packages

DOCKER_BUILDKIT=1 docker build \
--secret id=NUGET_GITHUB_PACKAGES_USERNAME,env=NUGET_GITHUB_PACKAGES_USERNAME \
--secret id=NUGET_GITHUB_PACKAGES_TOKEN,env=NUGET_GITHUB_PACKAGES_TOKEN \
-f Source/Dockerfile -t connectors-opcua:test .

0 comments on commit 348ee90

Please sign in to comment.