Fix and improvement #579
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI-CD | |
on: | |
push: | |
paths-ignore: ['**.md', '.vscode/**','docs/**','docker/**','.clabot'] | |
branches: | |
- main | |
pull_request: | |
types: [opened, synchronize, reopened] | |
paths-ignore: ['**.md', '.vscode/**','docs/**','docker/**'] | |
env: | |
DOTNET_VERSION: '8.0.x' | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
# Use docker.io for Docker Hub if empty | |
REGISTRY_DOCKERHUB: docker.io | |
SHA: ${{ github.event.pull_request.head.sha || github.event.after }} | |
# Use `latest` as the tag to compare to if empty, assuming that it's already pushed | |
COMPARE_TAG: latest | |
# Base for the PR | |
BASE_REPO: ${{ github.event.pull_request.base.repo.clone_url }} | |
# Repository of PR | |
PR_HEAD_REPO: ${{ github.event.pull_request.head.repo.clone_url }} | |
jobs: | |
build_test_package: | |
runs-on: ubuntu-latest | |
# Service containers to run with `runner-job` | |
services: | |
# posgres db service | |
postgres: | |
# Docker Hub image | |
image: postgres:15-alpine | |
# Provide the password for postgres | |
env: | |
POSTGRES_USER: postgres | |
#POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }} | |
POSTGRES_HOST_AUTH_METHOD: trust | |
POSTGRES_DB: whmappertest | |
# Set health checks to wait until postgres has started | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
- 5432:5432 | |
# redis service | |
redis: | |
image: redis:7-alpine | |
ports: | |
- 6379:6379 | |
steps: | |
- name: Setup JDK 17 🦴 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'oracle' | |
java-version: 17 | |
- name: Setup .NET8 🦴 | |
uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: ${{env.DOTNET_VERSION}} | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
lfs: true | |
# Disabling shallow clone is recommended for improving relevancy of reporting | |
fetch-depth: 0 | |
# if external PR | |
- name: Build For external PR🚀 | |
if: ${{ env.BASE_REPO != env.PR_HEAD_REPO }} | |
run: dotnet build src/WHMapper -c Release | |
- name: Test For external PR🧪 | |
if: ${{ env.BASE_REPO != env.PR_HEAD_REPO }} | |
env: | |
ConnectionStrings__DatabaseConnection: "server=localhost;port=5432;database=whmappertest;User Id=postgres;" | |
ConnectionStrings__RedisConnection: "localhost:6379" | |
run: dotnet test src/WHMapper.Tests -c Release | |
- name: Install SonarCloud scanners | |
if: ${{ env.BASE_REPO == env.PR_HEAD_REPO }} | |
run: | | |
dotnet tool install --global dotnet-sonarscanner | |
dotnet tool install --global dotnet-coverage | |
- name: SonarCloud Build and Analyze 🚀 🧪 | |
if: ${{ env.BASE_REPO == env.PR_HEAD_REPO }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
ConnectionStrings__DatabaseConnection: "server=localhost;port=5432;database=whmappertest;User Id=postgres;" | |
ConnectionStrings__RedisConnection: "localhost:6379" | |
run: | | |
dotnet sonarscanner begin /k:"pfh59_eve-whmapper" /o:"pfh59" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.verbose=false | |
dotnet build src/WHMapper -c Release | |
dotnet coverage collect "dotnet test src/WHMapper.Tests -c Release" -f xml -o "coverage.xml" | |
dotnet sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" | |
- name: Generate Artifact | |
if: github.event_name != 'pull_request' | |
run: | | |
dotnet publish src/WHMapper/WHMapper.csproj -c Release -r linux-x64 --nologo --output ./release/linux-x64 | |
dotnet publish src/WHMapper/WHMapper.csproj -c Release -r linux-arm --nologo --output ./release/linux-arm | |
dotnet publish src/WHMapper/WHMapper.csproj -c Release -r win-x64 --nologo --output ./release/win-x64 | |
- name: Upload Linux x64 Artifact | |
if: github.event_name != 'pull_request' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: WHMapper.linux-x64 | |
path: | | |
/home/runner/work/eve-whmapper/eve-whmapper/release/linux-x64/ | |
!/home/runner/work/eve-whmapper/eve-whmapper/release/linux-x64/*.pdb | |
if-no-files-found: error | |
- name: Upload Linux arm Artifact | |
if: github.event_name != 'pull_request' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: WHMapper.linux-arm | |
path: | | |
/home/runner/work/eve-whmapper/eve-whmapper/release/linux-arm/ | |
!/home/runner/work/eve-whmapper/eve-whmapper/release/linux-arm/*.pdb | |
if-no-files-found: error | |
- name: Upload Windows x64 Artifact | |
if: github.event_name != 'pull_request' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: WHMapper.windows-x64 | |
path: | | |
/home/runner/work/eve-whmapper/eve-whmapper/release/win-x64/ | |
!/home/runner/work/eve-whmapper/eve-whmapper/release/win-x64/*.pdb | |
if-no-files-found: error | |
build_test_docker_image: | |
if: github.event.pull_request.base.repo.clone_url == github.event.pull_request.head.repo.clone_url | |
#https://docs.docker.com/scout/integrations/ci/gha/ | |
runs-on: ubuntu-latest | |
needs: [build_test_package] | |
permissions: | |
packages: write | |
contents: read | |
pull-requests: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.SHA }} | |
lfs: true | |
# Disabling shallow clone is recommended for improving relevancy of reporting | |
fetch-depth: 0 | |
- name: Setup Docker buildx | |
uses: docker/setup-buildx-action@v3 | |
# Extract metadata (tags, labels) for Docker | |
- name: Extract Docker metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY_DOCKERHUB }}/${{ env.IMAGE_NAME }} | |
labels: | | |
org.opencontainers.image.authors=${{ github.actor }} | |
tags: | | |
type=edge,branch=$repo.default_branch | |
type=semver,pattern=v{{version}} | |
type=sha,prefix=,suffix=,format=short | |
- name: Authenticate to registry ${{ env.REGISTRY_DOCKERHUB }} | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY_DOCKERHUB }} | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
# Build and push Docker image with Buildx (don't push on PR) | |
# https://github.com/docker/build-push-action | |
- name: Build and push Docker image | |
id: build-and-push | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./src/WHMapper/ | |
sbom: ${{ github.event_name != 'pull_request' }} | |
provenance: ${{ github.event_name != 'pull_request' }} | |
push: ${{ github.event_name != 'pull_request' }} | |
load: ${{ github.event_name == 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Docker Scout | |
id: docker-scout | |
if: ${{ github.event_name == 'pull_request' }} | |
uses: docker/scout-action@v1 | |
with: | |
command: compare | |
image: ${{ steps.meta.outputs.tags }} | |
to: ${{ env.REGISTRY_DOCKERHUB }}/${{ env.IMAGE_NAME }}:${{ env.COMPARE_TAG }} | |
ignore-unchanged: true | |
only-severities: critical,high | |
write-comment: true | |
github-token: ${{ secrets.GITHUB_TOKEN }} # to be able to write the comment | |
prepare_docker_image_docker_io: | |
if: github.event_name != 'pull_request' #PUSH only on merging | |
needs: [build_test_package,build_test_docker_image] | |
permissions: | |
id-token: write | |
packages: write | |
contents: read | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- linux/amd64 | |
- linux/arm64 | |
steps: | |
- name: Prepare | |
run: | | |
platform=${{ matrix.platform }} | |
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
lfs: true | |
# Disabling shallow clone is recommended for improving relevancy of reporting | |
fetch-depth: 0 | |
# Add support for more platforms with QEMU (optional) | |
# https://github.com/docker/setup-qemu-action | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Setup Docker buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Authenticate to registry ${{ env.REGISTRY }} | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for ${{ env.REGISTRY }} | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
labels: | | |
org.opencontainers.image.authors=${{ github.actor }} | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=sha | |
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }} | |
flavor: | | |
latest=false | |
- name: Build and push to ${{ env.REGISTRY }} by digest | |
id: build | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./src/WHMapper/ | |
platforms: ${{ matrix.platform }} | |
labels: ${{ steps.meta.outputs.labels }} | |
outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true | |
- name: Export digest | |
run: | | |
mkdir -p /tmp/digests | |
digest="${{ steps.build.outputs.digest }}" | |
touch "/tmp/digests/${digest#sha256:}" | |
- name: Upload digest | |
uses: actions/upload-artifact@v4 | |
with: | |
name: digests-${{ env.PLATFORM_PAIR }} | |
path: /tmp/digests/* | |
if-no-files-found: error | |
retention-days: 1 | |
merge_docker_image_docker_io: | |
if: github.event_name != 'pull_request' #PUSH only on merging | |
needs: [prepare_docker_image_docker_io] | |
runs-on: ubuntu-latest | |
steps: | |
- | |
name: Download digests | |
uses: actions/download-artifact@v4 | |
with: | |
path: /tmp/digests | |
pattern: digests-* | |
merge-multiple: true | |
- | |
name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- | |
name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
labels: | | |
org.opencontainers.image.authors=${{ github.actor }} | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=sha | |
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }} | |
flavor: | | |
latest=false | |
- name: Authenticate to registry ${{ env.REGISTRY }} | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- | |
name: Create manifest list and push | |
working-directory: /tmp/digests | |
run: | | |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
$(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *) | |
- | |
name: Inspect image | |
run: | | |
docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} | |
release_docker_image_docker_hub: | |
if: github.event_name != 'pull_request' #PUSH only on merging | |
needs: [build_test_package,build_test_docker_image] | |
permissions: | |
id-token: write | |
packages: write | |
contents: read | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
lfs: true | |
# Disabling shallow clone is recommended for improving relevancy of reporting | |
fetch-depth: 0 | |
- name: Setup Docker buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Authenticate to registry ${{ env.REGISTRY_DOCKERHUB }} | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY_DOCKERHUB }} | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Extract metadata (tags, labels) for ${{ env.REGISTRY_DOCKERHUB }} | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY_DOCKERHUB }}/${{ env.IMAGE_NAME }} | |
labels: | | |
org.opencontainers.image.authors=${{ github.actor }} | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=sha | |
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }} | |
flavor: | | |
latest=false | |
- name: Build and push to ${{ env.REGISTRY_DOCKERHUB }} | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./src/WHMapper/ | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
push: true | |