-
Notifications
You must be signed in to change notification settings - Fork 0
137 lines (133 loc) · 6.07 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Run tests with coverage
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
# ! Replace DotnetProject and dotnet-project with project name in real repository
env:
PROJECT_NAME: DotnetProject
PROJECT_NAME_LOWER: dotnet-project
jobs:
validate_commit:
name: Validate commit
runs-on: ubuntu-latest
if: ${{ github.ref != 'refs/heads/main' }}
permissions:
id-token: write # required for dependabot PRs
pull-requests: write # required for dependabot PRs
contents: read # required for dependabot PRs
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/[email protected]
with:
dotnet-version: 6.0.x
- name: Restore dependencies
env:
NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}
run: |
set -e
dotnet nuget add source --username USERNAME --password $NUGET_TOKEN --store-password-in-clear-text --name github "https://nuget.pkg.github.com/SneaksAndData/index.json"
dotnet clean && dotnet nuget locals all --clear
dotnet restore
- name: Build
run: dotnet build --no-restore
- name: Test
working-directory: ./test
run: |
dotnet add package coverlet.msbuild &&
dotnet test ${PROJECT_NAME}Tests.csproj --configuration Debug --runtime linux-x64 /p:CollectCoverage=true /p:CoverletOutput=Coverage/ /p:CoverletOutputFormat=lcov --logger GitHubActions
- name: Publish Code Coverage
if: ${{ github.event_name == 'pull_request' && always() }}
uses: romeovs/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
lcov-file: ./test/Coverage/coverage.info
build_image_and_chart:
name: Build Docker Image and Helm Charts
runs-on: ubuntu-latest
needs: [ validate_commit ]
# Remove the line below and uncomment the next one
if: ${{ false }}
# if: ${{ always() && (needs.validate_commit.result == 'success' || needs.validate_commit.result == 'skipped') }}
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
name: Checkout head commit
if: ${{ github.ref != 'refs/heads/main' && always() }}
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/checkout@v4
name: Checkout main
if: ${{ github.ref == 'refs/heads/main' && always() }}
with:
fetch-depth: 0
- name: Import Secrets (DEV)
uses: hashicorp/[email protected]
with:
url: https://hashicorp-vault.production.sneaksanddata.com/
role: github
method: jwt
secrets: |
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/test/build acr_user ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/test/build acr_name ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/test/build acr_token ;
id: vault_secrets_dev
- name: Build and Push Image (DEV)
env:
AZCR_USER: ${{steps.vault_secrets_dev.outputs.acr_user}}
AZCR_TOKEN: ${{steps.vault_secrets_dev.outputs.acr_token}}
AZCR_REPO: ${{steps.vault_secrets_dev.outputs.acr_name}}
NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}
run: |
set -e
echo "$AZCR_TOKEN" | docker login $AZCR_REPO.azurecr.io --username $AZCR_USER --password-stdin
version=$(git describe --tags --abbrev=7)
docker build -f .container/Dockerfile . \
--tag=$AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version \
--build-arg NUGET_TOKEN=$NUGET_TOKEN \
--build-arg PROJECT_NAME=$PROJECT_NAME && \
docker push $AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version
- name: Build and Push Chart (DEV)
uses: SneaksAndData/github-actions/[email protected]
with:
application: ${{ env.PROJECT_NAME_LOWER }}
container_registry_user: ${{steps.vault_secrets_dev.outputs.acr_user}}
container_registry_token: ${{steps.vault_secrets_dev.outputs.acr_token}}
container_registry_address: ${{steps.vault_secrets_dev.outputs.acr_name}}.azurecr.io
- name: Import Secrets (PROD)
uses: hashicorp/[email protected]
if: ${{ github.ref == 'refs/heads/main' }}
with:
url: https://hashicorp-vault.production.sneaksanddata.com/
role: github
method: jwt
secrets: |
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/production/build acr_user ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/production/build acr_name ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/production/build acr_token ;
id: vault_secrets_production
- name: Push Image (PROD)
if: ${{ github.ref == 'refs/heads/main' }}
env:
AZCR_USER: ${{steps.vault_secrets_production.outputs.acr_user}}
AZCR_TOKEN: ${{steps.vault_secrets_production.outputs.acr_token}}
AZCR_REPO: ${{steps.vault_secrets_production.outputs.acr_name}}
AZCR_DEV_REPO: ${{steps.vault_secrets_dev.outputs.acr_name}}
run: |
set -e
echo "$AZCR_TOKEN" | docker login $AZCR_REPO.azurecr.io --username $AZCR_USER --password-stdin
version=$(git describe --tags --abbrev=7)
docker tag $AZCR_DEV_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version $AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version && docker push $AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version
- name: Build and Push Chart (PROD)
if: ${{ github.ref == 'refs/heads/main' }}
uses: SneaksAndData/github-actions/[email protected]
with:
application: ${{ env.PROJECT_NAME_LOWER }}
container_registry_user: ${{steps.vault_secrets_production.outputs.acr_user}}
container_registry_token: ${{steps.vault_secrets_production.outputs.acr_token}}
container_registry_address: ${{steps.vault_secrets_production.outputs.acr_name}}.azurecr.io