Build for pull_request of "999" #2865
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| run-name: Build for ${{ github.event_name }} of "${{ github.event.head_commit.message }}${{ github.event.number }}" | |
| on: | |
| pull_request: | |
| push: | |
| paths: | |
| - ".github/workflows/build.yml" | |
| - ".github/workflows/integration-tests.yml" | |
| - ".github/actions/integration-tests/action.yml" | |
| - "backend/**" | |
| - "docker/**" | |
| - "frontend/**" | |
| - "global.json" | |
| jobs: | |
| build_ems_app: | |
| name: Build and test | |
| runs-on: windows-latest # Need to run on windows due to roslyn analyzers not available (yet?) on linux | |
| env: | |
| dotnet-version: '7.0.x' | |
| generate-sbom: false | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup default Java 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| - name: Setup .NET ${{ env.dotnet-version }} | |
| uses: actions/setup-dotnet@v3 | |
| with: | |
| dotnet-version: ${{ env.dotnet-version }} | |
| - name: dotnet info | |
| run: | | |
| echo "============================================================" >> ${{ runner.temp }}/environment.txt | |
| echo "-- dotnet --" >> ${{ runner.temp }}/environment.txt | |
| dotnet --info | tee -a ${{ runner.temp }}/environment.txt | |
| echo "============================================================" >> ${{ runner.temp }}/environment.txt | |
| echo "" | |
| - name: Upload environment info | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: Environment information | |
| path: ${{ runner.temp }}/environment.txt | |
| - name: Cache nuget packages | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.nuget/packages | |
| key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }} | |
| restore-keys: ${{ runner.os }}-nuget- | |
| - name: Cache SonarQube scanner | |
| id: cache-sonar-scanner | |
| uses: actions/cache@v3 | |
| with: | |
| path: ./.sonar/scanner | |
| key: ${{ runner.os }}-sonar-scanner | |
| restore-keys: ${{ runner.os }}-sonar-scanner | |
| - name: Install SonarQube scanner | |
| if: steps.cache-sonar-scanner.outputs.cache-hit != 'true' | |
| shell: bash | |
| run: | | |
| mkdir -p ./.sonar/scanner | |
| dotnet tool install dotnet-sonarscanner --tool-path ./.sonar/scanner | |
| - name: Install dependencies - backend | |
| run: dotnet restore | |
| working-directory: backend | |
| - name: Install dependencies - frontend Blazor WASM | |
| run: dotnet restore | |
| working-directory: frontend/EMS.BlazorWasm | |
| - name: Scan for projects | |
| id: find-projects | |
| shell: bash | |
| run: | | |
| allprojs=$(find . -name '*.csproj' -type f | paste -s -d ',' -) | |
| projs=$(find . -name '*.csproj' -type f -not -name '*Tests*' | paste -s -d ',' -) | |
| testprojs=$(find . -name '*.csproj' -type f -name '*Tests*' | paste -s -d ',' -) | |
| echo "allprojects=${allprojs}" >> $GITHUB_OUTPUT | |
| echo "projects=${projs}" >> $GITHUB_OUTPUT | |
| echo "testprojects=${testprojs}" >> $GITHUB_OUTPUT | |
| working-directory: backend | |
| - name: Dependencies vulnerability scan - excluding test projects | |
| shell: bash | |
| if: ${{ false }} | |
| run: | | |
| IFS="," read -a myarray <<< ${{ steps.find-projects.outputs.PROJECTS }} | |
| for i in "${myarray[@]}"; do | |
| dotnet list ${i} package --vulnerable --include-transitive 2>&1 | tee -a vulnerability_scan.log | |
| done | |
| vulnerabilities=true | |
| grep ">" vulnerability_scan.log | grep -q -i "critical\|high\|moderate\|low" || vulnerabilities=false && true | |
| [ $vulnerabilities = true ] && echo "Security Vulnerabilities found on the log output" && exit 1 | |
| exit 0 | |
| working-directory: backend | |
| - name: Dependencies outdated packages scan - Shared | |
| shell: bash | |
| run: | | |
| dotnet list package --outdated 2>&1 | tee -a outdated_scan.log | |
| outdated=true | |
| grep -i "has the following updates to its packages" outdated_scan.log || outdated=false && true | |
| [ $outdated = true ] && echo "Outdated packages found on the log output" | |
| exit 0 | |
| working-directory: shared | |
| - name: Dependencies vulnerability scan - Shared | |
| shell: bash | |
| run: | | |
| dotnet list package --vulnerable --include-transitive 2>&1 | tee -a vulnerability_scan.log | |
| vulnerabilities=true | |
| grep ">" vulnerability_scan.log | grep -q -i "critical\|high\|moderate\|low" || vulnerabilities=false && true | |
| [ $vulnerabilities = true ] && echo "Security Vulnerabilities found on the log output" && exit 1 | |
| exit 0 | |
| working-directory: shared | |
| - name: Dependencies deprecation scan - Shared | |
| shell: bash | |
| run: | | |
| dotnet list package --deprecated 2>&1 | tee -a deprecation_scan.log | |
| deprecations=true | |
| grep -i "has the following deprecated packages" deprecation_scan.log || deprecations=false && true | |
| [ $deprecations = true ] && echo "Deprecated packages found on the log output" && exit 1 | |
| exit 0 | |
| working-directory: shared | |
| - name: Dependencies outdated packages scan - Backend | |
| shell: bash | |
| run: | | |
| dotnet list package --outdated 2>&1 | tee -a outdated_scan.log | |
| outdated=true | |
| grep -i "has the following updates to its packages" outdated_scan.log || outdated=false && true | |
| [ $outdated = true ] && echo "Outdated packages found on the log output" | |
| exit 0 | |
| working-directory: backend | |
| - name: Dependencies vulnerability scan - Backend | |
| shell: bash | |
| run: | | |
| dotnet list package --vulnerable --include-transitive 2>&1 | tee -a vulnerability_scan.log | |
| vulnerabilities=true | |
| grep ">" vulnerability_scan.log | grep -q -i "critical\|high\|moderate\|low" || vulnerabilities=false && true | |
| [ $vulnerabilities = true ] && echo "Security Vulnerabilities found on the log output" && exit 1 | |
| exit 0 | |
| working-directory: backend | |
| - name: Dependencies deprecation scan - Backend | |
| shell: bash | |
| run: | | |
| dotnet list package --deprecated 2>&1 | tee -a deprecation_scan.log | |
| deprecations=true | |
| grep -i "has the following deprecated packages" deprecation_scan.log || deprecations=false && true | |
| [ $deprecations = true ] && echo "Deprecated packages found on the log output" && exit 1 | |
| exit 0 | |
| working-directory: backend | |
| - name: Dependencies outdated packages scan - Blazor WASM frontend | |
| shell: bash | |
| run: | | |
| dotnet list package --outdated 2>&1 | tee -a outdated_scan.log | |
| outdated=true | |
| grep -i "has the following updates to its packages" outdated_scan.log || outdated=false && true | |
| [ $outdated = true ] && echo "Outdated packages found on the log output" | |
| exit 0 | |
| working-directory: frontend | |
| - name: Dependencies vulnerability scan - Blazor WASM frontend | |
| shell: bash | |
| run: | | |
| dotnet list package --vulnerable --include-transitive 2>&1 | tee -a vulnerability_scan.log | |
| vulnerabilities=true | |
| grep ">" vulnerability_scan.log | grep -q -i "critical\|high\|moderate\|low" || vulnerabilities=false && true | |
| [ $vulnerabilities = true ] && echo "Security Vulnerabilities found on the log output" && exit 1 | |
| exit 0 | |
| working-directory: frontend | |
| - name: Dependencies deprecation scan - Blazor WASM frontend | |
| shell: bash | |
| run: | | |
| dotnet list package --deprecated 2>&1 | tee -a deprecation_scan.log | |
| deprecations=true | |
| grep -i "has the following deprecated packages" deprecation_scan.log || deprecations=false && true | |
| [ $deprecations = true ] && echo "Deprecated packages found on the log output" && exit 1 | |
| exit 0 | |
| working-directory: frontend | |
| - name: SonarQube - Begin | |
| if: ${{ !startsWith(github.ref, 'refs/heads/dependabot') }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
| SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} | |
| run: .sonar/scanner/dotnet-sonarscanner begin /k:"pieterh_energy-management-system" /o:"pieterh" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.branch.name="${{ github.ref_name }}" /d:"sonar.cs.vstest.reportsPaths=**/TestResults/*.trx" /d:"sonar.cs.opencover.reportsPaths=**/coverage.opencover.xml" /d:"sonar.coverage.exclusions=**/*Tests.cs" /d:"sonar.exclusions=**/*Tests.cs" /d:"sonar.tests.exclusions=**/*Tests.cs" /d:"sonar.cs.roslyn.ignoreIssues=false" | |
| working-directory: . | |
| - name: Build - shared | |
| run: dotnet msbuild shared /p:Configuration=Release /p:RestorePackages=true /p:RunAnalyzersDuringBuild=true /t:rebuild | |
| working-directory: . | |
| - name: Test - shared | |
| run: dotnet test shared --filter "Category=Unit" --no-build --no-restore --configuration Release --verbosity minimal --logger "trx;LogFileName=TestResults.trx" --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover | |
| working-directory: . | |
| - name: Build - backend | |
| run: dotnet msbuild backend /p:Configuration=Release /p:RestorePackages=true /p:RunAnalyzersDuringBuild=true /t:rebuild | |
| working-directory: . | |
| - name: Test - backend | |
| run: dotnet test backend --filter "Category=Unit" --no-build --no-restore --configuration Release --verbosity minimal --logger "trx;LogFileName=TestResults.trx" --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover | |
| working-directory: . | |
| - name: Build - Blazor WASM frontend | |
| run: dotnet msbuild frontend /p:Configuration=Release /p:RestorePackages=false | |
| working-directory: . | |
| - name: Test - Blazor WASM frontend | |
| run: dotnet test frontend --filter "Category=Unit" --no-build --no-restore --configuration Release --verbosity minimal --logger "trx;LogFileName=TestResults.trx" --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover | |
| working-directory: . | |
| - name: SonarQube - End | |
| if: ${{ !startsWith(github.ref, 'refs/heads/dependabot') }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
| SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} | |
| run: .sonar/scanner/dotnet-sonarscanner end | |
| working-directory: . | |
| - name: Publish - backend | |
| run: | | |
| dotnet publish --no-restore --configuration Release --output publish/ems backend/EMS | |
| - name: Zip Release - backend | |
| uses: TheDoctor0/[email protected] | |
| with: | |
| filename: ${{ runner.temp }}/ems.zip | |
| path: ems | |
| directory: publish | |
| - name: Upload Build Artifact - backend | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: EMS | |
| path: ${{ runner.temp }}/ems.zip | |
| - name: Publish - Blazor WASM frontend | |
| run: | | |
| dotnet publish --no-restore --configuration Release --output publish/ems.blazorwasm frontend/EMS.BlazorWasm | |
| - name: Zip Release - Blazor WASM frontend | |
| uses: TheDoctor0/[email protected] | |
| with: | |
| filename: ${{ runner.temp }}/ems.blazorwasm.zip | |
| path: ems.blazorwasm | |
| directory: publish | |
| - name: Upload Build Artifact - Blazor WASM frontend | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: EMS.BlazorWasm | |
| path: ${{ runner.temp }}/ems.blazorwasm.zip | |
| build_docker_images: | |
| name: Build docker images | |
| needs: build_ems_app | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image: ${{ steps.meta.outputs.version }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Docker Setup QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Docker Setup Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker Login | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
| logout: true | |
| - name: Download environment info | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: Environment information | |
| path: ${{ runner.temp }}/ | |
| - name: docker info | |
| run: | | |
| echo "============================================================" >> ${{ runner.temp }}/environment.txt | |
| echo "-- docker --" >> ${{ runner.temp }}/environment.txt | |
| echo "-- docker version --" >> ${{ runner.temp }}/environment.txt | |
| docker version | tee -a ${{ runner.temp }}/environment.txt | |
| echo "------------------------------------------------------------" >> ${{ runner.temp }}/environment.txt | |
| echo "-- buildx version --" >> ${{ runner.temp }}/environment.txt | |
| docker buildx version | tee -a ${{ runner.temp }}/environment.txt | |
| echo "------------------------------------------------------------" >> ${{ runner.temp }}/environment.txt | |
| echo "-- buildx builder instances and nodes --" >> ${{ runner.temp }}/environment.txt | |
| docker buildx ls | tee -a ${{ runner.temp }}/environment.txt | |
| echo "============================================================" >> ${{ runner.temp }}/environment.txt | |
| echo "" | |
| - name: Upload environment info | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: Environment information | |
| path: ${{ runner.temp }}/environment.txt | |
| - name: Download EMS Artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: EMS | |
| path: ${{ runner.temp }}/ | |
| - name: Unzip - EMS | |
| run: | | |
| mkdir -p dist/ems | |
| unzip ${{ runner.temp }}/ems.zip -d dist | |
| find dist/ems/runtimes/* -name "*" -not -regex ".*linux-arm" -a -not -regex ".*linux-arm64" -a -not -regex ".*linux-x64" -a -not -regex ".*alpine-arm" -a -not -regex ".*alpine-arm64" -a -not -regex ".*alpine-x64" -maxdepth 0 -exec rm -R {} \; | |
| ls -la dist/ems/runtimes | |
| working-directory: docker | |
| - name: Download EMS.BlazorWasm Build Artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: EMS.BlazorWasm | |
| path: ${{ runner.temp }}/ | |
| - name: Unzip - EMS.BlazorWasm | |
| run: | | |
| mkdir -p dist/ems.blazorwasm | |
| unzip ${{ runner.temp }}/ems.blazorwasm.zip -d dist/ems.blazorwasm | |
| working-directory: docker | |
| - name: create backend | |
| working-directory: docker | |
| run: | | |
| mkdir -p dist/app | |
| mv dist/ems/* dist/app | |
| rm -f dist/app/NLog.config \ | |
| rm -f dist/app/config.json | |
| cp build/EMS.runtimeconfig.json dist/app/EMS.runtimeconfig.json | |
| ls -la dist | |
| ls -la dist/app | |
| find dist/app/runtimes/* -name "*" -not -regex ".*linux-arm" -a -not -regex ".*linux-arm64" -a -not -regex ".*linux-x64" -a -not -regex ".*alpine-arm" -a -not -regex ".*alpine-arm64" -a -not -regex ".*alpine-x64" -maxdepth 0 -exec rm -R {} \; | |
| ls -la dist/app/runtimes | |
| - name: create blazorfrontend | |
| working-directory: docker | |
| run: | | |
| ls -la dist/ems.blazorwasm | |
| ls -la dist/ems.blazorwasm/ems.blazorwasm | |
| rm -f -R dist/app/wwwroot | |
| mkdir dist/app/wwwroot | |
| mv dist/ems.blazorwasm/ems.blazorwasm/wwwroot/* dist/app/wwwroot | |
| - name: Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: docker.io/${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.DOCKER_HUB_REPOSITORY }} | |
| - name: image tags tolower | |
| id: image-tags | |
| uses: ./.github/actions/string-tolower | |
| with: | |
| string: ${{ steps.meta.outputs.tags }} | |
| - name: image version tolower | |
| id: image-version | |
| uses: ./.github/actions/string-tolower | |
| with: | |
| string: ${{ steps.meta.outputs.version }} | |
| - name: Docker build multi arch and push | |
| uses: docker/build-push-action@v5 | |
| if: ${{ github.ref != 'refs/heads/main' && (! startsWith(github.ref, 'refs/heads/dependabot')) && github.event_name != 'pull_request' }} | |
| with: | |
| context: docker | |
| file: docker/build/dockerfile | |
| platforms: linux/amd64,linux/arm64,linux/arm | |
| tags: ${{ steps.image-tags.outputs.lowercase }} | |
| build-args: | | |
| BACKEND=dist/app | |
| push: true | |
| load: false | |
| - name: Docker build single arch and load | |
| uses: docker/build-push-action@v5 | |
| if: ${{ github.ref == 'refs/heads/main' || (!! startsWith(github.ref, 'refs/heads/dependabot')) || github.event_name == 'pull_request'}} | |
| with: | |
| context: docker | |
| file: docker/build/dockerfile | |
| platforms: linux/amd64 | |
| tags: ${{ steps.image-version.outputs.lowercase }} | |
| build-args: | | |
| BACKEND=dist/app | |
| push: false | |
| load: true | |
| - name: Integration Testing | |
| uses: ./.github/actions/integration-tests | |
| with: | |
| docker-image-tag: ${{ steps.image-version.outputs.lowercase }} |