Skip to content

chore(ci): restrict workflow permissions (#77) #370

chore(ci): restrict workflow permissions (#77)

chore(ci): restrict workflow permissions (#77) #370

Workflow file for this run

name: Build, Test and Release
on:
merge_group:
push:
pull_request:
workflow_dispatch:
permissions:
contents: read
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Setup .NET
uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1
with:
dotnet-version: 6.0.x
- name: Restore dependencies
run: dotnet restore
- name: Build
run: dotnet build --no-restore
- name: Test
run: dotnet test --no-build --verbosity normal /p:CollectCoverage=true /p:CoverletOutputFormat=opencover
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 #v4.3.1
with:
name: nuget-package
path: src/OpenFga.Sdk/bin/Release/OpenFga.Sdk.*.nupkg
- name: Upload coverage to Codecov
uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
continue-on-error: true
with:
token: ${{ secrets.CODECOV_TOKEN }}
slug: openfga/dotnet-sdk
publish:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/v')
needs: [test]
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Setup .NET
uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1
with:
dotnet-version: 6.0.x
source-url: https://api.nuget.org/v3/index.json
env:
NUGET_AUTH_TOKEN: ${{secrets.NUGET_AUTH_TOKEN}}
- name: Restore dependencies
run: dotnet restore
- name: Build
run: dotnet build --no-restore --configuration Release
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 #v4.3.1
with:
name: nuget-package
path: src/OpenFga.Sdk/bin/Release/OpenFga.Sdk.*.nupkg
- name: Publish
run: dotnet nuget push src/OpenFga.Sdk/bin/Release/OpenFga.Sdk.*.nupkg --api-key ${NUGET_AUTH_TOKEN}
env:
NUGET_AUTH_TOKEN: ${{secrets.NUGET_AUTH_TOKEN}}
create-release:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/v')
needs: publish
permissions:
contents: write
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- uses: Roang-zero1/github-create-release-action@57eb9bdce7a964e48788b9e78b5ac766cb684803 # v3.0.1
with:
version_regex: ^v[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}