Skip to content

Merge pull request #69 from Project-MONAI/dependabot/nuget/xunit-2.6.5 #136

Merge pull request #69 from Project-MONAI/dependabot/nuget/xunit-2.6.5

Merge pull request #69 from Project-MONAI/dependabot/nuget/xunit-2.6.5 #136

Workflow file for this run

# Copyright 2022 MONAI Consortium
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: ci
on:
# Triggers on pushes and on pull requests
# Ignores top-level markdown files.
push:
paths-ignore:
- '*.md'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
nuget:
type: boolean
default: false
description: Publish to NuGet.org
required: true
env:
BUILD_CONFIG: "Release"
SOLUTION: "Monai.Deploy.Security.sln"
TEST_RESULTS: "results/"
jobs:
CodeQL-Analyze:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-dotnet@v3
with:
dotnet-version: "8.0.x"
- name: Enable NuGet cache
uses: actions/[email protected]
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
restore-keys: |
${{ runner.os }}-nuget
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: csharp
- name: Restore dependencies
run: dotnet restore
working-directory: ./src
- name: Build Solution
run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }}
working-directory: ./src
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
analyze:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-dotnet@v3
with:
dotnet-version: "8.0.x"
- name: Enable Homebrew
run: echo "/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin" >> $GITHUB_PATH
- name: Install License Finder tool with Homebrew
uses: tecoli-com/actions-use-homebrew-tools@v1
with:
tools: licensefinder
- name: Enable NuGet cache
uses: actions/[email protected]
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
restore-keys: |
${{ runner.os }}-nuget
- name: Restore dependencies
run: dotnet restore
working-directory: ./src
- name: Build Solution
run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }}
working-directory: ./src
- name: Secret detection
uses: gitleaks/[email protected]
- name: Perform License Scanning
run: license_finder -r
- name: Check License Header
uses: apache/[email protected]
unit-test:
runs-on: ubuntu-latest
steps:
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
distribution: 'zulu'
java-version: '17'
- uses: actions/setup-dotnet@v3
with:
dotnet-version: "8.0.x"
- name: Enable NuGet cache
uses: actions/[email protected]
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
restore-keys: |
${{ runner.os }}-nuget
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install SonarCloud scanner
if: steps.cache-sonar-scanner.outputs.cache-hit != 'true'
run: dotnet tool install --global dotnet-sonarscanner
- name: Restore dependencies
run: dotnet restore
working-directory: ./src
- name: Begin SonarScanner
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: dotnet sonarscanner begin /k:"Project-MONAI_monai-deploy-security" /o:"project-monai" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.opencover.reportsPaths="${{ env.TEST_RESULTS }}/**/*.xml"
working-directory: ./src
- name: Build
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo "${{ env.SOLUTION }}"
working-directory: ./src
- name: Test
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: find ~+ -type f -name "*.Tests.csproj" | xargs -L1 dotnet test -c ${{ env.BUILD_CONFIG }} -v=minimal --results-directory "${{ env.TEST_RESULTS }}" --collect:"XPlat Code Coverage" --settings coverlet.runsettings
working-directory: ./src
- name: End SonarScanner
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
working-directory: ./src
- uses: codecov/[email protected]
with:
token: ${{ secrets.CODECOV_TOKEN }}
directory: "src/"
files: "**/coverage.opencover.xml"
flags: unittests
name: codecov-umbrella
fail_ci_if_error: true
verbose: true
build:
runs-on: ${{ matrix.os }}
outputs:
majorMinorPatch: ${{ steps.gitversion.outputs.majorMinorPatch }}
strategy:
matrix:
os: [ubuntu-latest, windows-latest]
fail-fast: true
permissions:
contents: write
packages: write
checks: write
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-dotnet@v3
with:
dotnet-version: "8.0.x"
- name: Enable NuGet cache
uses: actions/[email protected]
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
restore-keys: |
${{ runner.os }}-nuget
- name: Restore dependencies
run: dotnet restore
working-directory: ./src
- name: Install GitVersion
run: dotnet tool install --global GitVersion.Tool
- name: Determine Version
id: gitversion
uses: gittools/actions/gitversion/[email protected]
with:
useConfigFile: true
updateAssemblyInfo: true
updateAssemblyInfoFilename: src/AssemblyInfo.cs
- name: Build Solution
run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }}
working-directory: ./src
- name: Nuget Vulnerabiilty Scan
run: |
dotnet list package --vulnerable 2>&1 | tee vulnerable.txt
echo "Analyzing dotnet list package command log output..."
sh -c "! grep 'has the following vulnerable packages' vulnerable.txt"
working-directory: ./src
- name: Package
env:
PACKAGEDIR: '${{ github.workspace }}/release/'
if: ${{ matrix.os == 'ubuntu-latest' }}
run: |
mkdir $PACKAGEDIR
dotnet pack --no-build -c ${{ env.BUILD_CONFIG }} -o $PACKAGEDIR -p:PackageVersion=${{ steps.gitversion.outputs.nuGetVersionV2 }}
ls -lR $PACKAGEDIR
working-directory: ./src
- name: Upload Nuget
if: ${{ matrix.os == 'ubuntu-latest' }}
uses: actions/[email protected]
with:
name: nuget
path: ${{ github.workspace }}/release/*.nupkg
retention-days: 30
publish:
name: Publish to GitHub Packages
runs-on: ubuntu-latest
needs: [build, unit-test]
if: ${{ ! ( github.event.inputs.nuget ) && ! ( contains(github.ref, 'refs/heads/main') ) }}
steps:
- uses: actions/download-artifact@v3
id: download
- name: List artifacts
run: ls -ldR ${{steps.download.outputs.download-path}}/**/*
- name: Install grp
run: dotnet tool install gpr -g
- uses: actions/setup-dotnet@v3
env:
NUGET_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
with:
dotnet-version: "8.0.x"
source-url: https://nuget.pkg.github.com/Project-MONAI/index.json
- name: Publish to GitHub
run: gpr push '${{ steps.download.outputs.download-path }}/nuget/*.nupkg' --repository ${{ github.repository }} -k ${{ secrets.GITHUB_TOKEN }}
release-nuget:
name: Official Release to GitHub Packages
runs-on: ubuntu-latest
needs: [build, unit-test]
if: ${{ github.event.inputs.nuget }}
steps:
- uses: actions/download-artifact@v3
id: download
- name: List artifacts
run: ls -ldR ${{steps.download.outputs.download-path}}/**/*
- name: Install grp
run: dotnet tool install gpr -g
- uses: actions/setup-dotnet@v3
env:
NUGET_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
with:
dotnet-version: "8.0.x"
source-url: https://nuget.pkg.github.com/Project-MONAI/index.json
- name: Publish to GitHub
run: gpr push '${{ steps.download.outputs.download-path }}/nuget/*.nupkg' --repository ${{ github.repository }} -k ${{ secrets.GITHUB_TOKEN }}
release:
name: Official Release to NuGet.org
if: ${{ github.event.inputs.nuget || contains(github.ref, 'refs/heads/release') }}
runs-on: ubuntu-latest
needs: [build, unit-test]
env:
MAJORMINORPATCH: ${{ needs.build.outputs.majorMinorPatch }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/download-artifact@v3
id: download
- name: List artifacts
run: ls -ldR ${{steps.download.outputs.download-path}}/**/*
- name: Publish to NuGet.org
run: dotnet nuget push ${{ steps.download.outputs.download-path }}/nuget/*.nupkg -s https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET }} --skip-duplicate
- name: Extract owner and repo
uses: jungwinter/split@v2
id: repo
with:
separator: "/"
msg: ${{ github.repository }}
- name: Install GitReleaseManager
uses: gittools/actions/gitreleasemanager/[email protected]
with:
versionSpec: "0.13.x"
- name: Create release with GitReleaseManager
uses: gittools/actions/gitreleasemanager/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
owner: ${{ steps.repo.outputs._0 }}
repository: ${{ steps.repo.outputs._1 }}
milestone: ${{ env.MAJORMINORPATCH }}
name: Release v${{ env.MAJORMINORPATCH }}
- name: Publish release with GitReleaseManager
if: ${{ contains(github.ref, 'refs/heads/main') }}
uses: gittools/actions/gitreleasemanager/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
owner: ${{ steps.repo.outputs._0 }}
repository: ${{ steps.repo.outputs._1 }}
tagName: ${{ env.MAJORMINORPATCH }}
- name: Close release with GitReleaseManager
if: ${{ contains(github.ref, 'refs/heads/main') }}
uses: gittools/actions/gitreleasemanager/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
owner: ${{ steps.repo.outputs._0 }}
repository: ${{ steps.repo.outputs._1 }}
milestone: ${{ env.MAJORMINORPATCH }}