From 8eb30e97348a2c3fe2d8bc9fef3b5af826d8402c Mon Sep 17 00:00:00 2001 From: pfh59 <109206285+pfh59@users.noreply.github.com> Date: Wed, 27 Nov 2024 22:52:38 +0100 Subject: [PATCH 1/2] Enhance CI/CD workflows and Dockerfile with version management and user permissions Remove Dev as latest --- .github/workflows/ci-cd.yaml | 9 ++++++--- .github/workflows/publish-release.yml | 10 +++++----- src/WHMapper/Dockerfile | 12 ++++++++++-- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci-cd.yaml b/.github/workflows/ci-cd.yaml index 761b32c0..726ff38e 100644 --- a/.github/workflows/ci-cd.yaml +++ b/.github/workflows/ci-cd.yaml @@ -267,7 +267,8 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=sha - type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }} + type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' && startsWith(github.ref, 'refs/tags/') }} + type=raw,value=dev,enable=${{ github.ref == 'refs/heads/main' && !startsWith(github.ref, 'refs/tags/') }} flavor: | latest=false @@ -323,7 +324,8 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=sha - type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }} + type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' && startsWith(github.ref, 'refs/tags/') }} + type=raw,value=dev,enable=${{ github.ref == 'refs/heads/main' && !startsWith(github.ref, 'refs/tags/') }} flavor: | latest=false @@ -384,7 +386,8 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=sha - type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }} + type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' && startsWith(github.ref, 'refs/tags/') }} + type=raw,value=dev,enable=${{ github.ref == 'refs/heads/main' && !startsWith(github.ref, 'refs/tags/') }} flavor: | latest=false diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 6eb16202..738b6f7b 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -118,7 +118,9 @@ jobs: platforms: ${{ matrix.platform }} labels: ${{ steps.meta.outputs.labels }} outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true - + build-args: | + VERSION=${{ env.VERSION }} + - name: Export digest run: | mkdir -p /tmp/digests @@ -137,15 +139,13 @@ jobs: needs: [prepare_release_docker_image_docker_io] runs-on: ubuntu-latest steps: - - - name: Download digests + - name: Download digests uses: actions/download-artifact@v4 with: path: /tmp/digests pattern: digests-* merge-multiple: true - - - name: Set up Docker Buildx + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Docker meta diff --git a/src/WHMapper/Dockerfile b/src/WHMapper/Dockerfile index 1b5ba99d..306a1eef 100644 --- a/src/WHMapper/Dockerfile +++ b/src/WHMapper/Dockerfile @@ -1,9 +1,14 @@ +# Use the official ASP.NET runtime as a parent image FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine AS base - WORKDIR /app EXPOSE 80 EXPOSE 443 +# Create a non-root user and group +RUN addgroup -S appgroup && adduser -S appuser -G appgroup +USER appuser + +# Use the official .NET SDK as a parent image for building the application FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS build WORKDIR /src COPY ["WHMapper.csproj", "."] @@ -11,9 +16,12 @@ RUN dotnet restore "WHMapper.csproj" COPY . . RUN dotnet build "WHMapper.csproj" -c Release -o /app/build +# Publish the application FROM build AS publish -RUN dotnet publish "WHMapper.csproj" -c Release -o /app/publish +ARG VERSION=0.0.0 +RUN dotnet publish "WHMapper.csproj" -c Release -o /app/publish /p:Version=$VERSION +# Final stage: use the runtime image to run the application FROM base AS final WORKDIR /app COPY --from=publish /app/publish . From 058617629180cd6bfd8220f35c23fba9180cbaef Mon Sep 17 00:00:00 2001 From: pfh59 <109206285+pfh59@users.noreply.github.com> Date: Wed, 27 Nov 2024 23:01:36 +0100 Subject: [PATCH 2/2] Enhance CI/CD workflow with SonarCloud caching and update Dockerfile for version argument handling --- .github/workflows/ci-cd.yaml | 10 ++++++++++ src/WHMapper/Dockerfile | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yaml b/.github/workflows/ci-cd.yaml index 726ff38e..4abdaeba 100644 --- a/.github/workflows/ci-cd.yaml +++ b/.github/workflows/ci-cd.yaml @@ -84,11 +84,21 @@ jobs: ConnectionStrings__RedisConnection: "localhost:6379" run: dotnet test src/WHMapper.Tests -c Release + - name: Cache SonarCloud data + if: ${{ env.BASE_REPO == env.PR_HEAD_REPO }} + uses: actions/cache@v3 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar-${{ hashFiles('**/*.csproj') }} + restore-keys: | + ${{ runner.os }}-sonar- + - name: Install SonarCloud scanners if: ${{ env.BASE_REPO == env.PR_HEAD_REPO }} run: | dotnet tool install --global dotnet-sonarscanner dotnet tool install --global dotnet-coverage + - name: SonarCloud Build and Analyze ๐Ÿš€ ๐Ÿงช if: ${{ env.BASE_REPO == env.PR_HEAD_REPO }} env: diff --git a/src/WHMapper/Dockerfile b/src/WHMapper/Dockerfile index 306a1eef..af71b138 100644 --- a/src/WHMapper/Dockerfile +++ b/src/WHMapper/Dockerfile @@ -19,7 +19,7 @@ RUN dotnet build "WHMapper.csproj" -c Release -o /app/build # Publish the application FROM build AS publish ARG VERSION=0.0.0 -RUN dotnet publish "WHMapper.csproj" -c Release -o /app/publish /p:Version=$VERSION +RUN dotnet publish "WHMapper.csproj" -c Release -o /app/publish /p:Version="$VERSION" # Final stage: use the runtime image to run the application FROM base AS final