Remove trivy-results-ref & trivy-results-sha #149
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy .NET to Kubernetes on Google Cloud | |
| on: | |
| push: | |
| branches: [trunk] | |
| ## Adding a path filter will only trigger the workflow if the files in the path are modified. | |
| ## This is very useful if you have a monorepo structure. | |
| ## See https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore for more information. | |
| ## | |
| # paths: | |
| # - 'applications/my-app/**' | |
| ## | |
| # pull_request: | |
| # branches: [trunk] | |
| env: | |
| SYSTEM_NAME: 'core' | |
| APPLICATION_NAME: 'demo-api' | |
| PROJECT_FILE: 'applications/demo-api/demo-api/core-demo-api.csproj' | |
| HELM_VALUES_FILE: '.github/deploy/values-demo-api-gke.yml' | |
| jobs: | |
| analyze: | |
| name: Analyze | |
| runs-on: elvia-runner | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| # Limits the number of concurrent runs of this job to one, and cancels any in progress. | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.ref }}-analyze' | |
| cancel-in-progress: true | |
| steps: | |
| # START REMOVE FROM EXAMPLE | |
| - name: Get GitHub App token | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.GH_APP_ID }} | |
| private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repositories: 'core' | |
| - name: Checkout core repository | |
| uses: actions/checkout@v4 | |
| id: checkout | |
| with: | |
| repository: '3lvia/core' | |
| token: ${{ steps.app-token.outputs.token }} | |
| # END REMOVE FROM EXAMPLE | |
| - uses: 3lvia/core-github-actions-templates/analyze@trunk | |
| with: | |
| # This can be set to a more specific path if you want to analyze only a part of the repository. | |
| working-directory: '.' | |
| language: 'csharp' | |
| # START REMOVE FROM EXAMPLE | |
| checkout: 'false' | |
| upload-results: 'false' | |
| # END REMOVE FROM EXAMPLE | |
| unit-tests: | |
| name: Unit Tests | |
| runs-on: elvia-runner | |
| permissions: | |
| contents: read | |
| checks: write | |
| issues: read | |
| pull-requests: write | |
| # Limits the number of concurrent runs of this job to one, and cancels any in progress. | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.ref }}-unit-tests' | |
| cancel-in-progress: true | |
| steps: | |
| # START REMOVE FROM EXAMPLE | |
| - name: Get GitHub App token | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.GH_APP_ID }} | |
| private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repositories: 'core' | |
| - name: Checkout core repository | |
| uses: actions/checkout@v4 | |
| id: checkout | |
| with: | |
| repository: '3lvia/core' | |
| token: ${{ steps.app-token.outputs.token }} | |
| # END REMOVE FROM EXAMPLE | |
| - uses: 3lvia/core-github-actions-templates/unittest@trunk | |
| with: | |
| # This can be set to a more specific path if you want to search for tests in only a part of the repository. | |
| working-directory: '.' | |
| test-coverage: 'true' | |
| # START REMOVE FROM EXAMPLE | |
| checkout: 'false' | |
| codeql-results-ref: ${{ steps.checkout.outputs.ref }} | |
| codeql-results-sha: ${{ steps.checkout.outputs.commit }} | |
| # END REMOVE FROM EXAMPLE | |
| integration-tests: | |
| name: Integration Tests | |
| runs-on: elvia-runner | |
| permissions: | |
| contents: read | |
| checks: write | |
| issues: read | |
| pull-requests: write | |
| id-token: write | |
| # Limits the number of concurrent runs of this job to one, and cancels any in progress. | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.ref }}-integration-tests' | |
| cancel-in-progress: true | |
| steps: | |
| # START REMOVE FROM EXAMPLE | |
| - name: Get GitHub App token | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.GH_APP_ID }} | |
| private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repositories: 'core' | |
| - name: Checkout core repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: '3lvia/core' | |
| token: ${{ steps.app-token.outputs.token }} | |
| # END REMOVE FROM EXAMPLE | |
| - uses: 3lvia/core-github-actions-templates/integrationtest@trunk | |
| with: | |
| # This can be set to a more specific path if you want to search for tests in only a part of the repository. | |
| working-directory: '.' | |
| system: ${{ env.SYSTEM_NAME }} | |
| # START REMOVE FROM EXAMPLE | |
| checkout: 'false' | |
| env: | |
| BASE_URL: 'https://core.dev-elvia.io/demo-api' | |
| # END REMOVE FROM EXAMPLE | |
| build-scan: | |
| name: Build and Scan | |
| runs-on: elvia-runner | |
| permissions: | |
| actions: read | |
| contents: write | |
| id-token: write | |
| pull-requests: write | |
| security-events: write | |
| # Limits the number of concurrent runs of this job to one, and cancels any in progress. | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.ref }}-build-scan' | |
| cancel-in-progress: true | |
| environment: build | |
| steps: | |
| # START REMOVE FROM EXAMPLE | |
| - name: Get GitHub App token | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.GH_APP_ID }} | |
| private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repositories: 'core' | |
| - name: Checkout core repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: '3lvia/core' | |
| token: ${{ steps.app-token.outputs.token }} | |
| # END REMOVE FROM EXAMPLE | |
| - uses: 3lvia/core-github-actions-templates/build@trunk | |
| with: | |
| name: ${{ env.APPLICATION_NAME }} | |
| namespace: ${{ env.SYSTEM_NAME }} | |
| project-file: ${{ env.PROJECT_FILE }} | |
| trivy-upload-report: 'false' | |
| trivy-post-comment: 'true' | |
| AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }} | |
| # START REMOVE FROM EXAMPLE | |
| checkout: 'false' | |
| # END REMOVE FROM EXAMPLE | |
| deploy-dev: | |
| name: Deploy Dev | |
| # Require all jobs below to be successful before running this job. | |
| # Any of these can be commented out or removed if you want to deploy anyway. | |
| needs: | |
| - unit-tests | |
| - integration-tests | |
| - build-scan | |
| - analyze | |
| runs-on: elvia-runner | |
| permissions: | |
| contents: read | |
| id-token: write | |
| # Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress. | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.ref }}-deploy-dev' | |
| environment: dev | |
| steps: | |
| # START REMOVE FROM EXAMPLE | |
| - name: Get GitHub App token | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.GH_APP_ID }} | |
| private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repositories: 'core' | |
| - name: Checkout core repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: '3lvia/core' | |
| token: ${{ steps.app-token.outputs.token }} | |
| # END REMOVE FROM EXAMPLE | |
| - uses: 3lvia/core-github-actions-templates/deploy@trunk | |
| with: | |
| name: ${{ env.APPLICATION_NAME }} | |
| namespace: ${{ env.SYSTEM_NAME }} | |
| environment: 'dev' | |
| helm-values-file: ${{ env.HELM_VALUES_FILE }} | |
| runtime-cloud-provider: 'GKE' | |
| # Will post to the Slack channel of your system if the deployment fails. | |
| # Can be commented out if you don't want this. | |
| slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts' | |
| GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }} | |
| GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }} | |
| # START REMOVE FROM EXAMPLE | |
| checkout: 'false' | |
| # END REMOVE FROM EXAMPLE | |
| deploy-test: | |
| name: Deploy Test | |
| # Only deploy to test after dev | |
| needs: [deploy-dev] | |
| runs-on: elvia-runner | |
| permissions: | |
| contents: read | |
| id-token: write | |
| # Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress. | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.ref }}-deploy-test' | |
| environment: test | |
| # Only on push to trunk | |
| if: github.ref == 'refs/heads/trunk' | |
| steps: | |
| # START REMOVE FROM EXAMPLE | |
| - name: Get GitHub App token | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.GH_APP_ID }} | |
| private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repositories: 'core' | |
| - name: Checkout core repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: '3lvia/core' | |
| token: ${{ steps.app-token.outputs.token }} | |
| # END REMOVE FROM EXAMPLE | |
| - uses: 3lvia/core-github-actions-templates/deploy@trunk | |
| with: | |
| name: ${{ env.APPLICATION_NAME }} | |
| namespace: ${{ env.SYSTEM_NAME }} | |
| environment: 'test' | |
| helm-values-file: ${{ env.HELM_VALUES_FILE }} | |
| runtime-cloud-provider: 'GKE' | |
| # Will post to the Slack channel of your system if the deployment fails. | |
| # Can be commented out if you don't want this. | |
| slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts' | |
| GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }} | |
| GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }} | |
| # START REMOVE FROM EXAMPLE | |
| checkout: 'false' | |
| # END REMOVE FROM EXAMPLE | |
| deploy-prod: | |
| name: Deploy Prod | |
| # Only deploy to prod after test | |
| needs: [deploy-test] | |
| runs-on: elvia-runner | |
| permissions: | |
| contents: read | |
| id-token: write | |
| # Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress. | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.ref }}-deploy-prod' | |
| environment: prod | |
| # Only on push to trunk | |
| if: github.ref == 'refs/heads/trunk' | |
| steps: | |
| # START REMOVE FROM EXAMPLE | |
| - name: Get GitHub App token | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.GH_APP_ID }} | |
| private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repositories: 'core' | |
| - name: Checkout core repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: '3lvia/core' | |
| token: ${{ steps.app-token.outputs.token }} | |
| # END REMOVE FROM EXAMPLE | |
| - uses: 3lvia/core-github-actions-templates/deploy@trunk | |
| with: | |
| name: ${{ env.APPLICATION_NAME }} | |
| namespace: ${{ env.SYSTEM_NAME }} | |
| environment: 'prod' | |
| helm-values-file: ${{ env.HELM_VALUES_FILE }} | |
| runtime-cloud-provider: 'GKE' | |
| # Will post to the Slack channel of your system if the deployment fails. | |
| # Can be commented out if you don't want this. | |
| slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts' | |
| GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }} | |
| GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }} | |
| # START REMOVE FROM EXAMPLE | |
| checkout: 'false' | |
| # END REMOVE FROM EXAMPLE |