From 4d9739967578d4a3aa4da6c5f3b2b9498754583f Mon Sep 17 00:00:00 2001 From: Dennis Dyallo Date: Tue, 16 Apr 2024 16:11:13 +0200 Subject: [PATCH] Set up dotnet in dependent workflows and misc workflow adjustments (#75) * Set up dotnet in dependent workflows * Cleanup and add dotnet setup * Rename file for brevity * Cleanup and rename * Update threshholds for coverage * Rename and add workflow files * Trim whitespace * Separate documentation workflow * Test upload docs * Test build docs workflow * Run on commit * Publish docs when enabled * Run tests and allow docs upload * Better name * Add permissions token * consolidate vars * Fix double $ * Only on main branch * Add on develop * Set workflow triggers --- ...-after-merge.yml => build-and-publish.yml} | 114 ++++++------------ ...-nativeshims.yml => build-nativeshims.yml} | 0 ...l-requests.yml => build-pull-requests.yml} | 27 ++--- .github/workflows/check-code-formatting.yml | 7 ++ .github/workflows/codeql-analysis.yml | 12 +- .github/workflows/test-and-cover.yml | 18 ++- .github/workflows/upload-docs.yml | 55 +++++++++ Yubico.NET.SDK.sln | 7 +- Yubico.YubiKey/src/Yubico.YubiKey.csproj | 13 +- 9 files changed, 142 insertions(+), 111 deletions(-) rename .github/workflows/{build-and-publish-after-merge.yml => build-and-publish.yml} (62%) rename .github/workflows/{cross-build-nativeshims.yml => build-nativeshims.yml} (100%) rename .github/workflows/{pull-requests.yml => build-pull-requests.yml} (79%) create mode 100644 .github/workflows/upload-docs.yml diff --git a/.github/workflows/build-and-publish-after-merge.yml b/.github/workflows/build-and-publish.yml similarity index 62% rename from .github/workflows/build-and-publish-after-merge.yml rename to .github/workflows/build-and-publish.yml index f7e714d8..7622b8bd 100644 --- a/.github/workflows/build-and-publish-after-merge.yml +++ b/.github/workflows/build-and-publish.yml @@ -12,19 +12,28 @@ # See the License for the specific language governing permissions and # limitations under the License. -name: Build and publish artifacts from main and develop +name: Build and publish # Triggers build on pushes to the main and develop branches. on: push: branches: - - main - - 'develop**' + - 'main' + - 'develop' + paths: + - '**.h' + - '**.c' + - '**.cs' + - '**.csproj' + - '**.sln' + - '.github/workflows/build-and-publish.yml' + workflow_dispatch: inputs: push-to-dev: description: 'Push to internal NuGet' - required: true + required: false + default: false type: boolean version: description: 'Version' @@ -39,18 +48,16 @@ permissions: jobs: build: - # Give this job a friendly name to show in GitHub UI. - name: Build + Test the SDK - - # Even though we build for multiple platforms, we only need to run - # on a single host operating system. This is because we utilize cross- - # build functionality of the dotnet build system. + name: Build runs-on: windows-2019 steps: # Checkout the local repository - uses: actions/checkout@v4 - + - uses: actions/setup-dotnet@v4 + with: + global-json-file: global.json + - name: Add local NuGet repository run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/Yubico/index.json" @@ -65,15 +72,17 @@ jobs: $versionProp.Save($file.FullName) # Build the project - # The default GitHub runners seem to have N and N-1 versions of .NET Framework installed. In practice, they seem - # to have even more installed than that, but at a minimum N and N-1 seem like safe assumptions. We can therefore - # save some time and use the pre-installed version rather than downloading a fresh copy. - - name: Build Yubico.NET.SDK.sln run: dotnet build --configuration ReleaseWithDocs --nologo --verbosity normal Yubico.NET.SDK.sln - # Upload artifacts + # Run tests + - name: Test Yubico.YubiKey + run: dotnet test --configuration ReleaseWithDocs --verbosity normal --no-build --nologo Yubico.YubiKey/tests/unit/Yubico.YubiKey.UnitTests.csproj + + - name: Test Yubico.Core + run: dotnet test --configuration ReleaseWithDocs --verbosity normal --no-build --nologo Yubico.Core/tests/Yubico.Core.UnitTests.csproj + # Upload artifacts - name: Save documentation artifacts uses: actions/upload-artifact@v4 with: @@ -88,6 +97,15 @@ jobs: Yubico.DotNetPolyfills/src/bin/ReleaseWithDocs/*.nupkg Yubico.Core/src/bin/ReleaseWithDocs/*.nupkg Yubico.YubiKey/src/bin/ReleaseWithDocs/*.nupkg + + - name: Save build artifacts + uses: actions/upload-artifact@v4 + with: + name: Symbols Packages + path: | + Yubico.DotNetPolyfills/src/bin/ReleaseWithDocs/*.snupkg + Yubico.Core/src/bin/ReleaseWithDocs/*.snupkg + Yubico.YubiKey/src/bin/ReleaseWithDocs/*.snupkg - name: Save build artifacts uses: actions/upload-artifact@v4 @@ -115,72 +133,16 @@ jobs: path: | Yubico.YubiKey/examples/PivSampleCode Yubico.YubiKey/examples/SharedSampleCode - - # Test the project - # - # Here we call `dotnet test` on each individual test project that we want to have run as part of CI. We do this - # to skip running the integration tests which require actual YubiKeys to be present. We have tried using the filter - # capabilities of the `dotnet test` runner tool, however we have found that failures don't always register with - # GitHub when that is done. - - - name: Test Yubico.YubiKey - run: dotnet test --configuration ReleaseWithDocs --verbosity normal --no-build --nologo Yubico.YubiKey/tests/unit/Yubico.YubiKey.UnitTests.csproj - - - name: Test Yubico.Core - run: dotnet test --configuration ReleaseWithDocs --verbosity normal --no-build --nologo Yubico.Core/tests/Yubico.Core.UnitTests.csproj - - publish_docs: - # Give this job a friendly name to show in GitHub UI. - name: Publish documentation - - # Publish the docs using Ubuntu as the docker image we want to create is linux-based. - runs-on: ubuntu-latest - - # Don't run this step until build completes. - needs: build - - # Connection information for our docker image registry - env: - IMAGE_REGISTRY_URL: us-docker.pkg.dev - IMAGE_REGISTRY_PROJECT: support-cluster-769001 - IMAGE_REPOSITORY: yesdk - IMAGE_NAME: yesdk-docserver - - steps: - # Checkout the local repository as we need the Dockerfile and other things even for this step. - - uses: actions/checkout@v4 - - # Grab the just-built documentation artifact and inflate the archive at the expected location. - - uses: actions/download-artifact@v4 - with: - name: Documentation - path: Yubico.YubiKey/docs/_site/ - - # Construct the docker image - - name: Docker build - run: | - docker build -t "${IMAGE_NAME}:${{ github.sha }}" . - # Authenticate to Google Cloud - - name: Authenticate - uses: google-github-actions/auth@v2 - with: - workload_identity_provider: ${{ vars.GLOBAL_GCP_WORKLOAD_IDENTITY_PROVIDER }} - service_account: yesdk-ci-builder@support-cluster-769001.iam.gserviceaccount.com - - # Push our docker image to GCP - - name: Push Docker image - run: | - gcloud auth configure-docker ${IMAGE_REGISTRY_URL} --project ${IMAGE_REGISTRY_PROJECT} - docker tag "${IMAGE_NAME}:${{ github.sha }}" "${IMAGE_REGISTRY_URL}/${IMAGE_REGISTRY_PROJECT}/${IMAGE_REPOSITORY}/${IMAGE_NAME}:${{ github.sha }}" - docker push "${IMAGE_REGISTRY_URL}/${IMAGE_REGISTRY_PROJECT}/${IMAGE_REPOSITORY}/${IMAGE_NAME}:${{ github.sha }}" - echo "New image tag: ${{ github.sha }}" + upload-docs: + name: Upload docs + uses: ./.github/workflows/upload-docs.yml + needs: build publish-internal: name: Publish to internal NuGet runs-on: windows-2019 needs: build - environment: Internal NuGet feed if: ${{ github.event.inputs.push-to-dev }} steps: - uses: actions/download-artifact@v4 diff --git a/.github/workflows/cross-build-nativeshims.yml b/.github/workflows/build-nativeshims.yml similarity index 100% rename from .github/workflows/cross-build-nativeshims.yml rename to .github/workflows/build-nativeshims.yml diff --git a/.github/workflows/pull-requests.yml b/.github/workflows/build-pull-requests.yml similarity index 79% rename from .github/workflows/pull-requests.yml rename to .github/workflows/build-pull-requests.yml index 6cd4ea1a..72c92850 100644 --- a/.github/workflows/pull-requests.yml +++ b/.github/workflows/build-pull-requests.yml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -name: CI build for pull requests into main and develop +name: Build pull request # Triggers build on pull requests and pushes to the main and develop branches. on: @@ -21,18 +21,18 @@ on: - main - 'develop**' - 'release/**' - push: - branches: - - 'release/**' + paths: + - '**.h' + - '**.c' + - '**.cs' + - '**.csproj' + - '**.sln' + - '.github/workflows/build-pull-requests.yml' jobs: build: # Give this job a friendly name to show in GitHub UI. - name: Build + Test the SDK - - # Even though we build for multiple platforms, we only need to run - # on a single host operating system. This is because we utilize cross- - # build functionality of the dotnet build system. + name: Build and test runs-on: windows-latest # Build both Debug and ReleaseWithDocs configurations. Most people are probably building 'Debug' the most often. We # should be sure that Release also builds, and that our documentation also compiles successfully. @@ -47,9 +47,6 @@ jobs: with: global-json-file: global.json - - name: run dotnet version - run: dotnet --version - - name: Add local NuGet repository run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/Yubico/index.json" @@ -77,12 +74,6 @@ jobs: Yubico.YubiKey/src/bin/${{matrix.configuration}}/**/*.dll # Test the project - # - # Here we call `dotnet test` on each individual test project that we want to have run as part of CI. We do this - # to skip running the integration tests which require actual YubiKeys to be present. We have tried using the filter - # capabilities of the `dotnet test` runner tool, however we have found that failures don't always register with - # GitHub when that is done. - - name: Test Yubico.YubiKey run: dotnet test --configuration ${{matrix.configuration}} --verbosity normal --no-build --nologo Yubico.YubiKey/tests/unit/Yubico.YubiKey.UnitTests.csproj diff --git a/.github/workflows/check-code-formatting.yml b/.github/workflows/check-code-formatting.yml index 7d1475e2..e551814f 100644 --- a/.github/workflows/check-code-formatting.yml +++ b/.github/workflows/check-code-formatting.yml @@ -20,6 +20,13 @@ on: - main - 'develop**' - 'release/**' + paths: + - '**.h' + - '**.c' + - '**.cs' + - '**.csproj' + - '**.sln' + - '.github/workflows/check-code-formatting.yml' jobs: check-code-formatting: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index a0bff54d..557f4242 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -24,11 +24,13 @@ on: branches: - main - 'develop**' - paths-ignore: - - '**/*.md' - - '**/*.txt' - - '**/*.xml' - - '**/*.yml' + paths: + - '**.h' + - '**.c' + - '**.cs' + - '**.csproj' + - '**.sln' + - '.github/workflows/codeql-analysis.yml' permissions: # required for all workflows diff --git a/.github/workflows/test-and-cover.yml b/.github/workflows/test-and-cover.yml index cef5cd4e..6552f74b 100644 --- a/.github/workflows/test-and-cover.yml +++ b/.github/workflows/test-and-cover.yml @@ -20,10 +20,23 @@ on: - main - 'develop**' - 'release/**' + paths: + - '**.h' + - '**.c' + - '**.cs' + - '**.csproj' + - '**.sln' + - '.github/workflows/test-and-cover.yml' push: branches: - main - - 'develop**' + paths: + - '**.h' + - '**.c' + - '**.cs' + - '**.csproj' + - '**.sln' + - '.github/workflows/test-and-cover.yml' jobs: test: @@ -89,7 +102,7 @@ jobs: hide_complexity: false indicators: true output: both - thresholds: "50 70" + thresholds: "33 66" - name: Add Coverage PR Comment uses: marocchino/sticky-pull-request-comment@v2.9.0 @@ -103,3 +116,4 @@ jobs: if: always() with: trx_files: "${{ github.workspace }}/**/*.trx" + check_name: publish test results diff --git a/.github/workflows/upload-docs.yml b/.github/workflows/upload-docs.yml new file mode 100644 index 00000000..6c0bbb3a --- /dev/null +++ b/.github/workflows/upload-docs.yml @@ -0,0 +1,55 @@ +# Copyright 2021 Yubico AB +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Upload documentation to GCP + +on: + workflow_call: + +permissions: + id-token: write + contents: read + +env: + image_tag: 'yesdk-docserver' + registry_url: 'us-docker.pkg.dev' + project_id: 'support-cluster-769001' + repository_name: 'yesdk' + service_account: 'yesdk-ci-builder@support-cluster-769001.iam.gserviceaccount.com' + +jobs: + upload_docs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/download-artifact@v4 + with: + name: Documentation + path: Yubico.YubiKey/docs/_site/ + - name: Build nginx image for documentation + run: | + docker build -t "${{ env.image_tag }}:${{ github.sha }}" . + + - name: Authenticate to GCP + uses: google-github-actions/auth@v2 + with: + workload_identity_provider: ${{ vars.GLOBAL_GCP_WORKLOAD_IDENTITY_PROVIDER }} # Provided at organizational level + service_account: ${{ env.service_account }} + + - name: Push Docker image to GCP + run: | + gcloud auth configure-docker ${{ env.registry_url }} --project ${{ env.project_id }} + docker tag "${{ env.image_tag }}:${{ github.sha }}" "${{ env.registry_url }}/${{ env.project_id }}/${{ env.repository_name }}/${{ env.image_tag }}:${{ github.sha }}" + docker push "${{ env.registry_url }}/${{ env.project_id }}/${{ env.repository_name }}/${{ env.image_tag }}:${{ github.sha }}" + echo "New image tag: ${{ github.sha }}" diff --git a/Yubico.NET.SDK.sln b/Yubico.NET.SDK.sln index 266cd8de..8c2056fc 100644 --- a/Yubico.NET.SDK.sln +++ b/Yubico.NET.SDK.sln @@ -26,10 +26,11 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = ".github", ".github", "{8FFE EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "workflows", "workflows", "{14C2FBE2-2204-46A5-9FE8-A770CB5A0261}" ProjectSection(SolutionItems) = preProject - .github\workflows\build-and-publish-after-merge.yml = .github\workflows\build-and-publish-after-merge.yml .github\workflows\codeql-analysis.yml = .github\workflows\codeql-analysis.yml - .github\workflows\cross-build-nativeshims.yml = .github\workflows\cross-build-nativeshims.yml - .github\workflows\pull-requests.yml = .github\workflows\pull-requests.yml + .github\workflows\build-and-publish.yml = .github\workflows\build-and-publish.yml + .github\workflows\build-pull-requests.yml = .github\workflows\build-pull-requests.yml + .github\workflows\build-nativeshims.yml = .github\workflows\build-nativeshims.yml + .github\workflows\test-and-cover.yml = .github\workflows\test-and-cover.yml EndProjectSection EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Yubico.Core", "Yubico.Core", "{45D2A3BE-5111-4890-8898-2D43DB658A40}" diff --git a/Yubico.YubiKey/src/Yubico.YubiKey.csproj b/Yubico.YubiKey/src/Yubico.YubiKey.csproj index 7056a30c..e5558830 100644 --- a/Yubico.YubiKey/src/Yubico.YubiKey.csproj +++ b/Yubico.YubiKey/src/Yubico.YubiKey.csproj @@ -133,14 +133,13 @@ limitations under the License. --> + + <_Parameter1>$(AssemblyName).UnitTests,PublicKey=00240000048000001401000006020000002400005253413100080000010001003312c63e1417ad4652242148c599b55c50d3213c7610b4cc1f467b193bfb8d131de6686268a9db307fcef9efcd5e467483fe9015307e5d0cf9d2fd4df12f29a1c7a72e531d8811ca70f6c80c4aeb598c10bb7fc48742ab86aa7986b0ae9a2f4876c61e0b81eb38e5b549f1fc861c633206f5466bfde021cb08d094742922a8258b582c3bc029eab88c98d476dac6e6f60bc0016746293f5337c68b22e528931b6494acddf1c02b9ea3986754716a9f2a32c59ff3d97f1e35ee07ca2972b0269a4cde86f7b64f80e7c13152c0f84083b5cc4f06acc0efb4316ff3f08c79bc0170229007fb27c97fb494b22f9f7b07f45547e263a44d5a7fe7da6a945a5e47afc9 + - - <_Parameter1>$(AssemblyName).UnitTests,PublicKey=00240000048000001401000006020000002400005253413100080000010001003312c63e1417ad4652242148c599b55c50d3213c7610b4cc1f467b193bfb8d131de6686268a9db307fcef9efcd5e467483fe9015307e5d0cf9d2fd4df12f29a1c7a72e531d8811ca70f6c80c4aeb598c10bb7fc48742ab86aa7986b0ae9a2f4876c61e0b81eb38e5b549f1fc861c633206f5466bfde021cb08d094742922a8258b582c3bc029eab88c98d476dac6e6f60bc0016746293f5337c68b22e528931b6494acddf1c02b9ea3986754716a9f2a32c59ff3d97f1e35ee07ca2972b0269a4cde86f7b64f80e7c13152c0f84083b5cc4f06acc0efb4316ff3f08c79bc0170229007fb27c97fb494b22f9f7b07f45547e263a44d5a7fe7da6a945a5e47afc9 - - - - <_Parameter1>$(AssemblyName).IntegrationTests,PublicKey=00240000048000001401000006020000002400005253413100080000010001003312c63e1417ad4652242148c599b55c50d3213c7610b4cc1f467b193bfb8d131de6686268a9db307fcef9efcd5e467483fe9015307e5d0cf9d2fd4df12f29a1c7a72e531d8811ca70f6c80c4aeb598c10bb7fc48742ab86aa7986b0ae9a2f4876c61e0b81eb38e5b549f1fc861c633206f5466bfde021cb08d094742922a8258b582c3bc029eab88c98d476dac6e6f60bc0016746293f5337c68b22e528931b6494acddf1c02b9ea3986754716a9f2a32c59ff3d97f1e35ee07ca2972b0269a4cde86f7b64f80e7c13152c0f84083b5cc4f06acc0efb4316ff3f08c79bc0170229007fb27c97fb494b22f9f7b07f45547e263a44d5a7fe7da6a945a5e47afc9 - + + <_Parameter1>$(AssemblyName).IntegrationTests,PublicKey=00240000048000001401000006020000002400005253413100080000010001003312c63e1417ad4652242148c599b55c50d3213c7610b4cc1f467b193bfb8d131de6686268a9db307fcef9efcd5e467483fe9015307e5d0cf9d2fd4df12f29a1c7a72e531d8811ca70f6c80c4aeb598c10bb7fc48742ab86aa7986b0ae9a2f4876c61e0b81eb38e5b549f1fc861c633206f5466bfde021cb08d094742922a8258b582c3bc029eab88c98d476dac6e6f60bc0016746293f5337c68b22e528931b6494acddf1c02b9ea3986754716a9f2a32c59ff3d97f1e35ee07ca2972b0269a4cde86f7b64f80e7c13152c0f84083b5cc4f06acc0efb4316ff3f08c79bc0170229007fb27c97fb494b22f9f7b07f45547e263a44d5a7fe7da6a945a5e47afc9 + <_Parameter1>$(AssemblyName).TestUtilities,PublicKey=00240000048000001401000006020000002400005253413100080000010001003312c63e1417ad4652242148c599b55c50d3213c7610b4cc1f467b193bfb8d131de6686268a9db307fcef9efcd5e467483fe9015307e5d0cf9d2fd4df12f29a1c7a72e531d8811ca70f6c80c4aeb598c10bb7fc48742ab86aa7986b0ae9a2f4876c61e0b81eb38e5b549f1fc861c633206f5466bfde021cb08d094742922a8258b582c3bc029eab88c98d476dac6e6f60bc0016746293f5337c68b22e528931b6494acddf1c02b9ea3986754716a9f2a32c59ff3d97f1e35ee07ca2972b0269a4cde86f7b64f80e7c13152c0f84083b5cc4f06acc0efb4316ff3f08c79bc0170229007fb27c97fb494b22f9f7b07f45547e263a44d5a7fe7da6a945a5e47afc9