-
-
Notifications
You must be signed in to change notification settings - Fork 0
128 lines (105 loc) · 3.9 KB
/
cicd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
name: CICD
on:
workflow_dispatch:
push:
branches:
- 'main'
- 'alpha'
- 'beta'
- 'dev'
pull_request:
types: [opened, reopened, synchronize]
merge_group:
jobs:
build-test:
name: Build & Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET Core
uses: actions/setup-dotnet@v4
with:
global-json-file: global.json
- name: .NET Build
run: dotnet build -c Release
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker Buildx
working-directory: src/oidc-guard
run: docker buildx build --platform linux/amd64,linux/arm64 -t oidc-guard .
- name: Add hosts to /etc/hosts
run: |
sudo echo "127.0.0.1 demo-app.test.loc" | sudo tee -a /etc/hosts
sudo echo "127.0.0.1 oidc-guard.test.loc" | sudo tee -a /etc/hosts
sudo echo "127.0.0.1 oidc-server.oidc-server" | sudo tee -a /etc/hosts
- name: Install Playwright
working-directory: tests/oidc-guard-tests/bin/Release/net9.0
run: ./playwright.ps1 install --with-deps
shell: pwsh
- name: .NET Test
run: dotnet test -c Release --collect:"XPlat Code Coverage" /p:DebugSymbols=true /p:DebugType=full
- name: Coverage
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: coverage.cobertura.xml
fail_ci_if_error: true
- name: Publish Benchmark
working-directory: benchmarks/oidc-guard-benchmarks
run: dotnet publish -c Release -o bin/publish
- name: Chmod Benchmark
working-directory: benchmarks/oidc-guard-benchmarks/bin/publish
run: chmod +x oidc-guard-benchmarks
- name: Run Benchmark
working-directory: benchmarks/oidc-guard-benchmarks/bin/publish
run: ./oidc-guard-benchmarks
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'oidc-guard'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
create-release:
if: ${{ github.event_name != 'pull_request' }}
name: Create Release
runs-on: ubuntu-latest
needs: [build-test]
steps:
- uses: actions/checkout@v4
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Semantic Release
uses: cycjimmy/semantic-release-action@v4
id: semantic
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
if: steps.semantic.outputs.new_release_published == 'true'
uses: docker/setup-buildx-action@v3
- name: Docker Push
if: steps.semantic.outputs.new_release_published == 'true'
working-directory: src/oidc-guard
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${GITHUB_ACTOR} --password-stdin
docker buildx build --push --platform linux/amd64,linux/arm64 -t ghcr.io/${GITHUB_REPOSITORY,,}/oidc-guard:latest -t ghcr.io/${GITHUB_REPOSITORY,,}/oidc-guard:${{ steps.semantic.outputs.new_release_version }} --build-arg VERSION=${{ steps.semantic.outputs.new_release_version }} .
- name: Install Helm
if: steps.semantic.outputs.new_release_published == 'true'
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Update Helm Version
if: steps.semantic.outputs.new_release_published == 'true'
shell: bash
run: |
cp ./README.md ./charts/oidc-guard/
sed -i 's/0.0.1/${{ steps.semantic.outputs.new_release_version }}/' ./charts/oidc-guard/Chart.yaml
- name: Run chart-releaser
if: steps.semantic.outputs.new_release_published == 'true'
uses: helm/chart-releaser-action@v1
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"