Bump hashicorp/vault-action from 2.7.4 to 3.0.0 #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Run tests with coverage | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
# ! Replace DotnetProject and dotnet-project with project name in real repository | |
env: | |
PROJECT_NAME: DotnetProject | |
PROJECT_NAME_LOWER: dotnet-project | |
jobs: | |
validate_commit: | |
name: Validate commit | |
runs-on: ubuntu-latest | |
if: ${{ github.ref != 'refs/heads/main' }} | |
permissions: | |
id-token: write # required for dependabot PRs | |
pull-requests: write # required for dependabot PRs | |
contents: read # required for dependabot PRs | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup .NET | |
uses: actions/[email protected] | |
with: | |
dotnet-version: 6.0.x | |
- name: Restore dependencies | |
env: | |
NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }} | |
run: | | |
set -e | |
dotnet nuget add source --username USERNAME --password $NUGET_TOKEN --store-password-in-clear-text --name github "https://nuget.pkg.github.com/SneaksAndData/index.json" | |
dotnet clean && dotnet nuget locals all --clear | |
dotnet restore | |
- name: Build | |
run: dotnet build --no-restore | |
- name: Test | |
working-directory: ./test | |
run: | | |
dotnet add package coverlet.msbuild && | |
dotnet test ${PROJECT_NAME}Tests.csproj --configuration Debug --runtime linux-x64 /p:CollectCoverage=true /p:CoverletOutput=Coverage/ /p:CoverletOutputFormat=lcov --logger GitHubActions | |
- name: Publish Code Coverage | |
if: ${{ github.event_name == 'pull_request' && always() }} | |
uses: romeovs/[email protected] | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
lcov-file: ./test/Coverage/coverage.info | |
build_image_and_chart: | |
name: Build Docker Image and Helm Charts | |
runs-on: ubuntu-latest | |
needs: [ validate_commit ] | |
# Remove the line below and uncomment the next one | |
if: ${{ false }} | |
# if: ${{ always() && (needs.validate_commit.result == 'success' || needs.validate_commit.result == 'skipped') }} | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- uses: actions/checkout@v4 | |
name: Checkout head commit | |
if: ${{ github.ref != 'refs/heads/main' && always() }} | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: actions/checkout@v4 | |
name: Checkout main | |
if: ${{ github.ref == 'refs/heads/main' && always() }} | |
with: | |
fetch-depth: 0 | |
- name: Import Secrets (DEV) | |
uses: hashicorp/[email protected] | |
with: | |
url: https://hashicorp-vault.production.sneaksanddata.com/ | |
role: github | |
method: jwt | |
secrets: | | |
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/test/build acr_user ; | |
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/test/build acr_name ; | |
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/test/build acr_token ; | |
id: vault_secrets_dev | |
- name: Build and Push Image (DEV) | |
env: | |
AZCR_USER: ${{steps.vault_secrets_dev.outputs.acr_user}} | |
AZCR_TOKEN: ${{steps.vault_secrets_dev.outputs.acr_token}} | |
AZCR_REPO: ${{steps.vault_secrets_dev.outputs.acr_name}} | |
NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }} | |
run: | | |
set -e | |
echo "$AZCR_TOKEN" | docker login $AZCR_REPO.azurecr.io --username $AZCR_USER --password-stdin | |
version=$(git describe --tags --abbrev=7) | |
docker build -f .container/Dockerfile . \ | |
--tag=$AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version \ | |
--build-arg NUGET_TOKEN=$NUGET_TOKEN \ | |
--build-arg PROJECT_NAME=$PROJECT_NAME && \ | |
docker push $AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version | |
- name: Build and Push Chart (DEV) | |
uses: SneaksAndData/github-actions/[email protected] | |
with: | |
application: ${{ env.PROJECT_NAME_LOWER }} | |
container_registry_user: ${{steps.vault_secrets_dev.outputs.acr_user}} | |
container_registry_token: ${{steps.vault_secrets_dev.outputs.acr_token}} | |
container_registry_address: ${{steps.vault_secrets_dev.outputs.acr_name}}.azurecr.io | |
- name: Import Secrets (PROD) | |
uses: hashicorp/[email protected] | |
if: ${{ github.ref == 'refs/heads/main' }} | |
with: | |
url: https://hashicorp-vault.production.sneaksanddata.com/ | |
role: github | |
method: jwt | |
secrets: | | |
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/production/build acr_user ; | |
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/production/build acr_name ; | |
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/production/build acr_token ; | |
id: vault_secrets_production | |
- name: Push Image (PROD) | |
if: ${{ github.ref == 'refs/heads/main' }} | |
env: | |
AZCR_USER: ${{steps.vault_secrets_production.outputs.acr_user}} | |
AZCR_TOKEN: ${{steps.vault_secrets_production.outputs.acr_token}} | |
AZCR_REPO: ${{steps.vault_secrets_production.outputs.acr_name}} | |
AZCR_DEV_REPO: ${{steps.vault_secrets_dev.outputs.acr_name}} | |
run: | | |
set -e | |
echo "$AZCR_TOKEN" | docker login $AZCR_REPO.azurecr.io --username $AZCR_USER --password-stdin | |
version=$(git describe --tags --abbrev=7) | |
docker tag $AZCR_DEV_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version $AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version && docker push $AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version | |
- name: Build and Push Chart (PROD) | |
if: ${{ github.ref == 'refs/heads/main' }} | |
uses: SneaksAndData/github-actions/[email protected] | |
with: | |
application: ${{ env.PROJECT_NAME_LOWER }} | |
container_registry_user: ${{steps.vault_secrets_production.outputs.acr_user}} | |
container_registry_token: ${{steps.vault_secrets_production.outputs.acr_token}} | |
container_registry_address: ${{steps.vault_secrets_production.outputs.acr_name}}.azurecr.io |