-
-
Notifications
You must be signed in to change notification settings - Fork 0
111 lines (91 loc) · 3.16 KB
/
cicd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: CICD
on:
workflow_dispatch:
push:
branches:
- 'main'
- 'alpha'
- 'beta'
- 'dev'
pull_request:
types: [opened, reopened, synchronize]
merge_group:
jobs:
build-test:
name: Build & Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET Core
uses: actions/setup-dotnet@v3
with:
global-json-file: global.json
- name: .NET Build
run: dotnet build -c Release
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker Buildx
working-directory: src/oidc-guard
run: docker buildx build --platform linux/amd64,linux/arm64 -t oidc-guard .
- name: Docker Build
working-directory: src/oidc-guard
run: docker build -t oidc-guard .
- name: .NET Test
run: dotnet test -c Release --collect:"XPlat Code Coverage"
- name: Coverage
uses: codecov/codecov-action@v3
with:
file: coverage.cobertura.xml
- name: Benchmark
working-directory: benchmarks/oidc-guard-benchmarks
run: dotnet run -c Release
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'oidc-guard'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
create-release:
if: ${{ github.event_name != 'pull_request' }}
name: Create Release
runs-on: ubuntu-latest
needs: build-test
steps:
- uses: actions/checkout@v4
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Semantic Release
uses: cycjimmy/semantic-release-action@v4
id: semantic
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
if: steps.semantic.outputs.new_release_published == 'true'
uses: docker/setup-buildx-action@v3
- name: Docker Push
if: steps.semantic.outputs.new_release_published == 'true'
working-directory: src/oidc-guard
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${GITHUB_ACTOR} --password-stdin
docker buildx build --push --platform linux/amd64,linux/arm64 -t ghcr.io/${GITHUB_REPOSITORY,,}/oidc-guard:latest -t ghcr.io/${GITHUB_REPOSITORY,,}/oidc-guard:${{ steps.semantic.outputs.new_release_version }} --build-arg VERSION=${{ steps.semantic.outputs.new_release_version }} .
- name: Install Helm
if: steps.semantic.outputs.new_release_published == 'true'
uses: azure/setup-helm@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Update Helm Version
if: steps.semantic.outputs.new_release_published == 'true'
shell: bash
run: |
cp ./README.md ./charts/oidc-guard/
sed -i 's/0.0.1/${{ steps.semantic.outputs.new_release_version }}/' ./charts/oidc-guard/Chart.yaml
- name: Run chart-releaser
if: steps.semantic.outputs.new_release_published == 'true'
uses: helm/chart-releaser-action@v1
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"