-
Notifications
You must be signed in to change notification settings - Fork 5
140 lines (115 loc) · 4.39 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: CI
on:
push:
branches:
- main
pull_request:
branches:
- main
permissions:
contents: read
jobs:
build-and-test:
permissions:
contents: read
pull-requests: write
checks: write
name: Build and Test
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
fetch-depth: 0
- name: Setup DotNet
uses: actions/setup-dotnet@3951f0dfe7a07e2313ec93c75700083e2005cbab
with:
global-json-file: global.json
- name: Setup Java JDK
uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
with:
java-version: 17
distribution: zulu
- name: Restore dependencies
run: dotnet restore src/GitHubActions.Gates.Samples.sln
- name: sonar begin
if: github.actor != 'dependabot[bot]'
run: |
dotnet tool install --global dotnet-sonarscanner --version 5.14.0
dotnet sonarscanner begin \
/o:${{ vars.SONAR_ORG }} \
/k:tspascoal_GitHubActions.Gates.Samples \
/d:sonar.host.url=https://sonarcloud.io
- name: Build
run: dotnet build src/GitHubActions.Gates.Samples.sln --no-restore /p:TreatWarningsAsErrors=true
- name: Unit Tests
run: dotnet test src/GitHubActions.Gates.Samples.sln --no-build --verbosity normal --logger:"junit;LogFilePath=unit-tests.xml" --collect:"XPlat Code Coverage" --results-directory ./coverage
- name: Publish Unit Test Results
uses: EnricoMi/publish-unit-test-result-action@170bf24d20d201b842d7a52403b73ed297e6645b
if: always() && github.actor != 'dependabot[bot]'
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
check_name: Tests Results
files: '**/unit-tests.xml'
report_individual_runs: true
deduplicate_classes_by_file_name: false
- name: Merge coverage reports
if: always() && github.actor != 'dependabot[bot]'
run: |
dotnet tool install --global dotnet-coverage
cd coverage
dotnet-coverage merge -o "${{github.workspace}}/coverage/coverage-merged.xml" -f cobertura -r coverage.cobertura.xml
- name: Code Coverage Summary Report
uses: irongut/CodeCoverageSummary@51cc3a756ddcd398d447c044c02cb6aa83fdae95
if: always() && github.actor != 'dependabot[bot]'
with:
filename: 'coverage/coverage-merged.xml'
badge: true
format: 'markdown'
output: 'both'
- name: Add code coverage to summary
if: always() && github.actor != 'dependabot[bot]'
run: |
echo "## Code Coverage Summary" >> $GITHUB_STEP_SUMMARY
cat code-coverage-results.md >> $GITHUB_STEP_SUMMARY
- name: Add Coverage PR Comment
uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728
if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
with:
recreate: true
path: code-coverage-results.md
- name: sonar end
if: github.actor != 'dependabot[bot]'
run: dotnet sonarscanner end
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
code-scan:
permissions:
contents: read
checks: write
security-events: write
name: Code Scanning
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
fetch-depth: 0
- name: Setup DotNet
uses: actions/setup-dotnet@3951f0dfe7a07e2313ec93c75700083e2005cbab
with:
global-json-file: global.json
- name: Initialize CodeQL
uses: github/codeql-action/init@f31a31c052207cc13b328d6295c5b728bb49568c
with:
languages: csharp
queries: +security-extended,security-experimental,security-and-quality
- name: Restore dependencies
run: dotnet restore src/GitHubActions.Gates.Samples.sln
- name: Build
run: dotnet build src/GitHubActions.Gates.Samples.sln --no-restore /p:TreatWarningsAsErrors=true
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@f31a31c052207cc13b328d6295c5b728bb49568c
with:
category: "/language:csharp"