.github/workflows/ci.yml

# SPDX-FileCopyrightText: © 2022 MONAI Consortium
# SPDX-License-Identifier: Apache License 2.0

name: ci

on:
  # Triggers on pushes and on pull requests
  push:

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
    inputs:
      nuget:
        type: boolean
        required: true
        default: false
        description: Official Release?

env:
  BUILD_CONFIG: "Release"
  SOLUTION: "Monai.Deploy.Messaging.sln"
  TEST_RESULTS: "results/"

jobs:

  analyze:
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    strategy:
      fail-fast: false
      matrix:
        language: [ 'csharp' ]

    steps:
    - name: Checkout repository
      uses: actions/checkout@v3
      with:
        fetch-depth: 0
    - uses: actions/setup-dotnet@v3
      with:
        dotnet-version: "8.0.x"

    - name: Enable Homebrew
      run: echo "/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin" >> $GITHUB_PATH

    - name: Install License Finder tool with Homebrew
      uses: tecoli-com/actions-use-homebrew-tools@v1
      with:
        tools: licensefinder

    - name: Enable NuGet cache
      uses: actions/cache@v4.0.2
      with:
        path: ~/.nuget/packages
        key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
        restore-keys: |
          ${{ runner.os }}-nuget

    - name: Initialize CodeQ
      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}

    - name: Restore dependencies
      run: dotnet restore
      working-directory: ./src

    - name: Build Solution
      run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }}
      working-directory: ./src

    - name: Nuget Vulnerabiilty Scan
      run: |
        dotnet list package --vulnerable 2>&1 | tee vulnerable.txt
        echo "Analyzing dotnet list package command log output..."
        sh -c "! grep 'has the following vulnerable packages' vulnerable.txt"
      working-directory: ./src

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v3

    - name: Secret detection
      uses: gitleaks/gitleaks-action@v1.6.0

    - name: Perform License Scanning
      run: license_finder -r

    - name: Check License Header
      uses: apache/skywalking-eyes@v0.4.0

  unit-test:
    runs-on: ubuntu-latest
    steps:
      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          distribution: 'zulu'
          java-version: '17'

      - uses: actions/setup-dotnet@v3
        with:
          dotnet-version: "8.0.x"

      - name: Enable NuGet cache
        uses: actions/cache@v4.0.2
        with:
          path: ~/.nuget/packages
          key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
          restore-keys: |
            ${{ runner.os }}-nuget

      - uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Install SonarCloud scanner
        if: steps.cache-sonar-scanner.outputs.cache-hit != 'true'
        run: dotnet tool install --global dotnet-sonarscanner

      - name: Restore dependencies
        run: dotnet restore
        working-directory: ./src

      - name: Begin SonarScanner
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        run: dotnet sonarscanner begin /k:"Project-MONAI_monai-deploy-messaging" /o:"project-monai" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.opencover.reportsPaths="${{ env.TEST_RESULTS }}/**/*.xml"
        working-directory: ./src

      - name: Build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo "${{ env.SOLUTION }}"
        working-directory: ./src
        
      - name: Start docker-compose
        run: docker compose up -d --wait
        working-directory: ./src/Plugins/RabbitMQ/Tests/

      - name: Test
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        run: find ~+ -type f -name "*.Tests.csproj" | xargs -L1 dotnet test -c ${{ env.BUILD_CONFIG }} -v=minimal --results-directory "${{ env.TEST_RESULTS }}" --collect:"XPlat Code Coverage" --settings coverlet.runsettings
        working-directory: ./src
        
      - name: Stop docker-compose
        run: docker compose down
        working-directory: ./src/Plugins/RabbitMQ/Tests/

      - name: End SonarScanner
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        run: dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
        working-directory: ./src

      - uses: codecov/codecov-action@v3
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          directory: "src/"
          files: "**/coverage.opencover.xml"
          flags: unittests
          name: codecov-umbrella
          fail_ci_if_error: true
          verbose: true

  build:
    runs-on: ${{ matrix.os }}

    outputs:
      majorMinorPatch: ${{ steps.gitversion.outputs.majorMinorPatch }}

    strategy:
      matrix:
        os: [ubuntu-latest, windows-latest]
      fail-fast: true

    permissions:
      contents: write
      packages: write
      checks: write
      security-events: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - uses: actions/setup-dotnet@v3
        with:
          dotnet-version: "8.0.x"

      - name: Enable NuGet cache
        uses: actions/cache@v4.0.2
        with:
          path: ~/.nuget/packages
          key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
          restore-keys: |
            ${{ runner.os }}-nuget

      - name: Restore dependencies
        run: dotnet restore
        working-directory: ./src

      - name: Install GitVersion
        run: dotnet tool install --global GitVersion.Tool

      - name: Determine Version
        id: gitversion
        uses: gittools/actions/gitversion/execute@v1.1.1

        with:
          useConfigFile: true
          updateAssemblyInfo: true
          updateAssemblyInfoFilename: src/AssemblyInfo.cs

      - name: Build Solution
        run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }}
        working-directory: ./src
      - name: Package
        env:
          PACKAGEDIR: '${{ github.workspace }}/release/'
        if: ${{ matrix.os == 'ubuntu-latest' }}
        run: |
          mkdir $PACKAGEDIR
          dotnet pack --no-build -c ${{ env.BUILD_CONFIG }} -o $PACKAGEDIR -p:PackageVersion=${{ steps.gitversion.outputs.nuGetVersionV2 }}
          ls -lR $PACKAGEDIR
        working-directory: ./src

      - name: Zip Plug-ins
        if: ${{ matrix.os == 'ubuntu-latest' }}
        run: |
          ./package.sh
          ls -lR release/
        working-directory: ./src/Plugins

      - name: Upload Nuget
        if: ${{ matrix.os == 'ubuntu-latest' }}
        uses: actions/upload-artifact@v4.3.3
        with:
          name: nuget
          path: ${{ github.workspace }}/release/*.nupkg
          retention-days: 30

      - name: Upload Zipped Plug-ins
        if: ${{ matrix.os == 'ubuntu-latest' }}
        uses: actions/upload-artifact@v4.3.3
        with:
          name: plug-ins
          path: ${{ github.workspace }}/src/Plugins/release/*.zip
          retention-days: 30

  publish:
    name: Publish to GitHub Packages
    runs-on: ubuntu-latest
    needs: [build, unit-test]
    if: ${{ ! ( github.event.inputs.nuget ) && ! ( contains(github.ref, 'refs/heads/main') ) }}
    steps:
      - uses: actions/download-artifact@v4
        id: download

      - name: List artifacts
        run: ls -ldR ${{steps.download.outputs.download-path}}/**/*

      - name: Install grp
        run: dotnet tool install gpr -g

      - uses: actions/setup-dotnet@v4
        env:
          NUGET_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
        with:
          dotnet-version: "8.0.x"
          source-url: https://nuget.pkg.github.com/Project-MONAI/index.json

      - name: Publish to GitHub
        run: gpr push '${{ steps.download.outputs.download-path }}/nuget/*.nupkg' --repository ${{ github.repository }} -k ${{ secrets.GITHUB_TOKEN }}

  release-nuget:
    name: Official Release to GitHub Packages
    runs-on: ubuntu-latest
    needs: [build, unit-test]
    if: ${{ github.event.inputs.nuget }}
    steps:
      - uses: actions/download-artifact@v4
        id: download

      - name: List artifacts
        run: ls -ldR ${{steps.download.outputs.download-path}}/**/*

      - name: Install grp
        run: dotnet tool install gpr -g

      - uses: actions/setup-dotnet@v3
        env:
          NUGET_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
        with:
          dotnet-version: "8.0.x"
          source-url: https://nuget.pkg.github.com/Project-MONAI/index.json

      - name: Publish to GitHub
        run: gpr push '${{ steps.download.outputs.download-path }}/nuget/*.nupkg' --repository ${{ github.repository }} -k ${{ secrets.GITHUB_TOKEN }}

  release:
    name: Official Release to NuGet.org
    if: ${{ github.event.inputs.nuget || contains(github.ref, 'refs/heads/release') }}
    runs-on: ubuntu-latest
    needs: [build, unit-test]
    env:
      MAJORMINORPATCH: ${{ needs.build.outputs.majorMinorPatch }}

    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - uses: actions/download-artifact@v4
        id: download

      - name: List artifacts
        run: ls -ldR ${{steps.download.outputs.download-path}}/**/*

      - name: Publish to NuGet.org
        run: dotnet nuget push  ${{ steps.download.outputs.download-path }}/nuget/*.nupkg -s https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET }} --skip-duplicate

      - name: Extract owner and repo
        uses: jungwinter/split@v2
        id: repo
        with:
          separator: "/"
          msg: ${{ github.repository }}

      - name: Install GitReleaseManager
        uses: gittools/actions/gitreleasemanager/setup@v0.17.0
        with:
          versionSpec: "0.13.x"

      - name: Create release with GitReleaseManager
        uses: gittools/actions/gitreleasemanager/create@v0.17.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          owner: ${{ steps.repo.outputs._0 }}
          repository: ${{ steps.repo.outputs._1 }}
          milestone: ${{ env.MAJORMINORPATCH }}
          name: Release v${{ env.MAJORMINORPATCH }}
          assets: |
            plug-ins/Monai.Deploy.Messaging.RabbitMQ.zip

      - name: Publish release with GitReleaseManager
        if: ${{ contains(github.ref, 'refs/heads/main') }}
        uses: gittools/actions/gitreleasemanager/publish@v0.17.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          owner: ${{ steps.repo.outputs._0 }}
          repository: ${{ steps.repo.outputs._1 }}
          tagName: ${{ env.MAJORMINORPATCH }}

      - name: Close release with GitReleaseManager
        if: ${{ contains(github.ref, 'refs/heads/main') }}
        uses: gittools/actions/gitreleasemanager/close@v0.17.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          owner: ${{ steps.repo.outputs._0 }}
          repository: ${{ steps.repo.outputs._1 }}
          milestone: ${{ env.MAJORMINORPATCH }}