Skip to content

Prevent cross-entry recording interference #8041

Prevent cross-entry recording interference

Prevent cross-entry recording interference #8041

Workflow file for this run

name: backend
on:
push:
branches: [master]
pull_request:
branches: [master]
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
test_build:
runs-on: ubuntu-22.04
strategy:
matrix:
dotnet: ["8.0.x"]
steps:
# See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
# configuring harden-runner and identifying allowed endpoints.
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
*.actions.githubusercontent.com:443
aka.ms:443
api.github.com:443
api.nuget.org:443
dc.services.visualstudio.com:443
deb.debian.org:80
dotnetbuilds.azureedge.net:443
dotnetcli.azureedge.net:443
github.com:443
md-hdd-t032zjxllntc.z26.blob.storage.azure.net:443
objects.githubusercontent.com:443
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup dotnet
uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
with:
dotnet-version: ${{ matrix.dotnet }}
- name: Install ffmpeg
uses: FedericoCarboni/setup-ffmpeg@36c6454b5a2348e7794ba2d82a21506605921e3d # v3
# Coverage.
- name: Run coverage tests
run: dotnet test Backend.Tests/Backend.Tests.csproj
shell: bash
- name: Upload coverage artifact
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
if-no-files-found: error
name: coverage
path: Backend.Tests/coverage.cobertura.xml
retention-days: 7
# Development build.
- run: dotnet build BackendFramework.sln
# Release build.
- run: dotnet publish BackendFramework.sln
# Fmt.
- run: dotnet tool install -g dotnet-format
- run: dotnet-format --check
upload_coverage:
needs: test_build
runs-on: ubuntu-latest
steps:
# See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
# configuring harden-runner and identifying allowed endpoints.
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
api.codecov.io:443
cli.codecov.io:443
codecov.io:443
github.com:443
storage.googleapis.com:443
uploader.codecov.io:443
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Download coverage artifact
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: coverage
- name: Upload coverage report
uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4.3.0
with:
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: true
files: coverage.cobertura.xml
flags: backend
name: Backend
CodeQL_build:
permissions:
actions: read # for github/codeql-action/init to get workflow details
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/autobuild to send a status report
runs-on: ubuntu-22.04
steps:
# See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
# configuring harden-runner and identifying allowed endpoints.
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
aka.ms:443
api.github.com:443
api.nuget.org:443
dc.services.visualstudio.com:443
dotnetcli.azureedge.net:443
github.com:443
objects.githubusercontent.com:443
ts-crl.ws.symantec.com:80
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# Manually install .NET to work around:
# https://github.com/github/codeql-action/issues/757
- name: Setup .NET
uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
with:
dotnet-version: "8.0.x"
- name: Initialize CodeQL
uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
with:
languages: csharp
- name: Autobuild
uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
- name: Upload artifacts if build failed
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
if: ${{ failure() }}
with:
name: tracer-logs
path: ${{ runner.temp }}/*.log
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
docker_build:
runs-on: ubuntu-22.04
# if: ${{ github.event.type }} == "PullRequest"
steps:
# See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
# configuring harden-runner and identifying allowed endpoints.
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
disable-file-monitoring: true
egress-policy: block
allowed-endpoints: >
*.data.mcr.microsoft.com:443
*.symcb.com:80
api.nuget.org:443
archive.ubuntu.com:80
dc.services.visualstudio.com:443
deb.debian.org:80
github.com:443
mcr.microsoft.com:443
security.ubuntu.com:80
ts-crl.ws.symantec.com:80
# For subfolders, currently a full checkout is required.
# See: https://github.com/marketplace/actions/build-and-push-docker-images#path-context
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Build backend
run: |
deploy/scripts/build.py --components backend
shell: bash
- name: Image digest
run: |
docker image inspect combine_backend:latest -f '{{json .Id}}'
shell: bash