-
Notifications
You must be signed in to change notification settings - Fork 5
140 lines (115 loc) · 4.39 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: CI
on:
push:
branches:
- main
pull_request:
branches:
- main
permissions:
contents: read
jobs:
build-and-test:
permissions:
contents: read
pull-requests: write
checks: write
name: Build and Test
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
fetch-depth: 0
- name: Setup DotNet
uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852
with:
global-json-file: global.json
- name: Setup Java JDK
uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
with:
java-version: 17
distribution: zulu
- name: Restore dependencies
run: dotnet restore src/GitHubActions.Gates.Samples.sln
- name: sonar begin
if: github.actor != 'dependabot[bot]'
run: |
dotnet tool install --global dotnet-sonarscanner --version 5.14.0
dotnet sonarscanner begin \
/o:${{ vars.SONAR_ORG }} \
/k:tspascoal_GitHubActions.Gates.Samples \
/d:sonar.host.url=https://sonarcloud.io
- name: Build
run: dotnet build src/GitHubActions.Gates.Samples.sln --no-restore /p:TreatWarningsAsErrors=true
- name: Unit Tests
run: dotnet test src/GitHubActions.Gates.Samples.sln --no-build --verbosity normal --logger:"junit;LogFilePath=unit-tests.xml" --collect:"XPlat Code Coverage" --results-directory ./coverage
- name: Publish Unit Test Results
uses: EnricoMi/publish-unit-test-result-action@170bf24d20d201b842d7a52403b73ed297e6645b
if: always() && github.actor != 'dependabot[bot]'
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
check_name: Tests Results
files: '**/unit-tests.xml'
report_individual_runs: true
deduplicate_classes_by_file_name: false
- name: Merge coverage reports
if: always() && github.actor != 'dependabot[bot]'
run: |
dotnet tool install --global dotnet-coverage
cd coverage
dotnet-coverage merge -o "${{github.workspace}}/coverage/coverage-merged.xml" -f cobertura -r coverage.cobertura.xml
- name: Code Coverage Summary Report
uses: irongut/CodeCoverageSummary@51cc3a756ddcd398d447c044c02cb6aa83fdae95
if: always() && github.actor != 'dependabot[bot]'
with:
filename: 'coverage/coverage-merged.xml'
badge: true
format: 'markdown'
output: 'both'
- name: Add code coverage to summary
if: always() && github.actor != 'dependabot[bot]'
run: |
echo "## Code Coverage Summary" >> $GITHUB_STEP_SUMMARY
cat code-coverage-results.md >> $GITHUB_STEP_SUMMARY
- name: Add Coverage PR Comment
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31
if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
with:
recreate: true
path: code-coverage-results.md
- name: sonar end
if: github.actor != 'dependabot[bot]'
run: dotnet sonarscanner end
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
code-scan:
permissions:
contents: read
checks: write
security-events: write
name: Code Scanning
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
fetch-depth: 0
- name: Setup DotNet
uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852
with:
global-json-file: global.json
- name: Initialize CodeQL
uses: github/codeql-action/init@f31a31c052207cc13b328d6295c5b728bb49568c
with:
languages: csharp
queries: +security-extended,security-experimental,security-and-quality
- name: Restore dependencies
run: dotnet restore src/GitHubActions.Gates.Samples.sln
- name: Build
run: dotnet build src/GitHubActions.Gates.Samples.sln --no-restore /p:TreatWarningsAsErrors=true
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@f31a31c052207cc13b328d6295c5b728bb49568c
with:
category: "/language:csharp"