From 6d0fd26473bcb4f8a6d6d55117e5ba2202dd1451 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Fri, 12 Apr 2024 12:20:00 +0200 Subject: [PATCH 01/20] Set up dotnet in dependent workflows --- .github/workflows/check-code-formatting.yml | 5 ++++- .github/workflows/test-and-cover.yml | 4 ++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/check-code-formatting.yml b/.github/workflows/check-code-formatting.yml index 7828ba65..7d1475e2 100644 --- a/.github/workflows/check-code-formatting.yml +++ b/.github/workflows/check-code-formatting.yml @@ -26,9 +26,12 @@ jobs: runs-on: windows-2019 steps: - # Checkout the local repository - uses: actions/checkout@v4 + - uses: actions/setup-dotnet@v4 + with: + global-json-file: global.json + - name: Add local NuGet repository run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/Yubico/index.json" diff --git a/.github/workflows/test-and-cover.yml b/.github/workflows/test-and-cover.yml index 39446ea1..cef5cd4e 100644 --- a/.github/workflows/test-and-cover.yml +++ b/.github/workflows/test-and-cover.yml @@ -31,6 +31,10 @@ jobs: steps: - uses: actions/checkout@v4 + + - uses: actions/setup-dotnet@v4 + with: + global-json-file: global.json - name: Add local NuGet repository run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/Yubico/index.json" From c9e4e16fbc015723557095dfbbb2787694e79562 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Fri, 12 Apr 2024 12:57:06 +0200 Subject: [PATCH 02/20] Cleanup and add dotnet setup --- .../build-and-publish-after-merge.yml | 24 ++++--------------- .github/workflows/test-and-cover.yml | 1 + 2 files changed, 6 insertions(+), 19 deletions(-) diff --git a/.github/workflows/build-and-publish-after-merge.yml b/.github/workflows/build-and-publish-after-merge.yml index f7e714d8..b1acee7c 100644 --- a/.github/workflows/build-and-publish-after-merge.yml +++ b/.github/workflows/build-and-publish-after-merge.yml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -name: Build and publish artifacts from main and develop +name: Build and publish # Triggers build on pushes to the main and develop branches. on: @@ -39,18 +39,15 @@ permissions: jobs: build: - # Give this job a friendly name to show in GitHub UI. - name: Build + Test the SDK - - # Even though we build for multiple platforms, we only need to run - # on a single host operating system. This is because we utilize cross- - # build functionality of the dotnet build system. + name: Build and test runs-on: windows-2019 steps: # Checkout the local repository - uses: actions/checkout@v4 - + - uses: actions/setup-dotnet@v4 + with: + global-json-file: global.json - name: Add local NuGet repository run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/Yubico/index.json" @@ -65,15 +62,10 @@ jobs: $versionProp.Save($file.FullName) # Build the project - # The default GitHub runners seem to have N and N-1 versions of .NET Framework installed. In practice, they seem - # to have even more installed than that, but at a minimum N and N-1 seem like safe assumptions. We can therefore - # save some time and use the pre-installed version rather than downloading a fresh copy. - - name: Build Yubico.NET.SDK.sln run: dotnet build --configuration ReleaseWithDocs --nologo --verbosity normal Yubico.NET.SDK.sln # Upload artifacts - - name: Save documentation artifacts uses: actions/upload-artifact@v4 with: @@ -117,12 +109,6 @@ jobs: Yubico.YubiKey/examples/SharedSampleCode # Test the project - # - # Here we call `dotnet test` on each individual test project that we want to have run as part of CI. We do this - # to skip running the integration tests which require actual YubiKeys to be present. We have tried using the filter - # capabilities of the `dotnet test` runner tool, however we have found that failures don't always register with - # GitHub when that is done. - - name: Test Yubico.YubiKey run: dotnet test --configuration ReleaseWithDocs --verbosity normal --no-build --nologo Yubico.YubiKey/tests/unit/Yubico.YubiKey.UnitTests.csproj diff --git a/.github/workflows/test-and-cover.yml b/.github/workflows/test-and-cover.yml index cef5cd4e..17901d1a 100644 --- a/.github/workflows/test-and-cover.yml +++ b/.github/workflows/test-and-cover.yml @@ -103,3 +103,4 @@ jobs: if: always() with: trx_files: "${{ github.workspace }}/**/*.trx" + check_name: publish test results From c7f0dc17d3109fc532e75cf333bfef5857286f56 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Fri, 12 Apr 2024 12:57:43 +0200 Subject: [PATCH 03/20] Rename file for brevity --- .../{build-and-publish-after-merge.yml => build-and-publish.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{build-and-publish-after-merge.yml => build-and-publish.yml} (100%) diff --git a/.github/workflows/build-and-publish-after-merge.yml b/.github/workflows/build-and-publish.yml similarity index 100% rename from .github/workflows/build-and-publish-after-merge.yml rename to .github/workflows/build-and-publish.yml From 6beb46ea68f6a8aac812ada1e03c347fd2fe7c55 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Fri, 12 Apr 2024 13:01:00 +0200 Subject: [PATCH 04/20] Cleanup and rename --- ...ull-requests.yml => build-pull-requests.yml} | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) rename .github/workflows/{pull-requests.yml => build-pull-requests.yml} (80%) diff --git a/.github/workflows/pull-requests.yml b/.github/workflows/build-pull-requests.yml similarity index 80% rename from .github/workflows/pull-requests.yml rename to .github/workflows/build-pull-requests.yml index 6cd4ea1a..0cf1d1cc 100644 --- a/.github/workflows/pull-requests.yml +++ b/.github/workflows/build-pull-requests.yml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -name: CI build for pull requests into main and develop +name: Build pull request # Triggers build on pull requests and pushes to the main and develop branches. on: @@ -28,11 +28,7 @@ on: jobs: build: # Give this job a friendly name to show in GitHub UI. - name: Build + Test the SDK - - # Even though we build for multiple platforms, we only need to run - # on a single host operating system. This is because we utilize cross- - # build functionality of the dotnet build system. + name: Build and test runs-on: windows-latest # Build both Debug and ReleaseWithDocs configurations. Most people are probably building 'Debug' the most often. We # should be sure that Release also builds, and that our documentation also compiles successfully. @@ -47,9 +43,6 @@ jobs: with: global-json-file: global.json - - name: run dotnet version - run: dotnet --version - - name: Add local NuGet repository run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/Yubico/index.json" @@ -77,12 +70,6 @@ jobs: Yubico.YubiKey/src/bin/${{matrix.configuration}}/**/*.dll # Test the project - # - # Here we call `dotnet test` on each individual test project that we want to have run as part of CI. We do this - # to skip running the integration tests which require actual YubiKeys to be present. We have tried using the filter - # capabilities of the `dotnet test` runner tool, however we have found that failures don't always register with - # GitHub when that is done. - - name: Test Yubico.YubiKey run: dotnet test --configuration ${{matrix.configuration}} --verbosity normal --no-build --nologo Yubico.YubiKey/tests/unit/Yubico.YubiKey.UnitTests.csproj From d14c4049f77b03a1729c7fbda099b4900dd72317 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 16 Apr 2024 11:41:50 +0200 Subject: [PATCH 05/20] Update threshholds for coverage --- .github/workflows/test-and-cover.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-and-cover.yml b/.github/workflows/test-and-cover.yml index 17901d1a..1063aabc 100644 --- a/.github/workflows/test-and-cover.yml +++ b/.github/workflows/test-and-cover.yml @@ -89,7 +89,7 @@ jobs: hide_complexity: false indicators: true output: both - thresholds: "50 70" + thresholds: "33 66" - name: Add Coverage PR Comment uses: marocchino/sticky-pull-request-comment@v2.9.0 From 3d36c037cd7bf484115f11139fb0b811c0ddfa11 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 16 Apr 2024 12:01:32 +0200 Subject: [PATCH 06/20] Rename and add workflow files --- .../{cross-build-nativeshims.yml => build-nativeshims.yml} | 0 Yubico.NET.SDK.sln | 7 ++++--- 2 files changed, 4 insertions(+), 3 deletions(-) rename .github/workflows/{cross-build-nativeshims.yml => build-nativeshims.yml} (100%) diff --git a/.github/workflows/cross-build-nativeshims.yml b/.github/workflows/build-nativeshims.yml similarity index 100% rename from .github/workflows/cross-build-nativeshims.yml rename to .github/workflows/build-nativeshims.yml diff --git a/Yubico.NET.SDK.sln b/Yubico.NET.SDK.sln index 266cd8de..8c2056fc 100644 --- a/Yubico.NET.SDK.sln +++ b/Yubico.NET.SDK.sln @@ -26,10 +26,11 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = ".github", ".github", "{8FFE EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "workflows", "workflows", "{14C2FBE2-2204-46A5-9FE8-A770CB5A0261}" ProjectSection(SolutionItems) = preProject - .github\workflows\build-and-publish-after-merge.yml = .github\workflows\build-and-publish-after-merge.yml .github\workflows\codeql-analysis.yml = .github\workflows\codeql-analysis.yml - .github\workflows\cross-build-nativeshims.yml = .github\workflows\cross-build-nativeshims.yml - .github\workflows\pull-requests.yml = .github\workflows\pull-requests.yml + .github\workflows\build-and-publish.yml = .github\workflows\build-and-publish.yml + .github\workflows\build-pull-requests.yml = .github\workflows\build-pull-requests.yml + .github\workflows\build-nativeshims.yml = .github\workflows\build-nativeshims.yml + .github\workflows\test-and-cover.yml = .github\workflows\test-and-cover.yml EndProjectSection EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Yubico.Core", "Yubico.Core", "{45D2A3BE-5111-4890-8898-2D43DB658A40}" From 32d351ae3ab528c64cac90e4c020214218a550a8 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 16 Apr 2024 12:14:23 +0200 Subject: [PATCH 07/20] Trim whitespace --- Yubico.YubiKey/src/Yubico.YubiKey.csproj | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/Yubico.YubiKey/src/Yubico.YubiKey.csproj b/Yubico.YubiKey/src/Yubico.YubiKey.csproj index 7056a30c..e5558830 100644 --- a/Yubico.YubiKey/src/Yubico.YubiKey.csproj +++ b/Yubico.YubiKey/src/Yubico.YubiKey.csproj @@ -133,14 +133,13 @@ limitations under the License. --> + + <_Parameter1>$(AssemblyName).UnitTests,PublicKey=00240000048000001401000006020000002400005253413100080000010001003312c63e1417ad4652242148c599b55c50d3213c7610b4cc1f467b193bfb8d131de6686268a9db307fcef9efcd5e467483fe9015307e5d0cf9d2fd4df12f29a1c7a72e531d8811ca70f6c80c4aeb598c10bb7fc48742ab86aa7986b0ae9a2f4876c61e0b81eb38e5b549f1fc861c633206f5466bfde021cb08d094742922a8258b582c3bc029eab88c98d476dac6e6f60bc0016746293f5337c68b22e528931b6494acddf1c02b9ea3986754716a9f2a32c59ff3d97f1e35ee07ca2972b0269a4cde86f7b64f80e7c13152c0f84083b5cc4f06acc0efb4316ff3f08c79bc0170229007fb27c97fb494b22f9f7b07f45547e263a44d5a7fe7da6a945a5e47afc9 + - - <_Parameter1>$(AssemblyName).UnitTests,PublicKey=00240000048000001401000006020000002400005253413100080000010001003312c63e1417ad4652242148c599b55c50d3213c7610b4cc1f467b193bfb8d131de6686268a9db307fcef9efcd5e467483fe9015307e5d0cf9d2fd4df12f29a1c7a72e531d8811ca70f6c80c4aeb598c10bb7fc48742ab86aa7986b0ae9a2f4876c61e0b81eb38e5b549f1fc861c633206f5466bfde021cb08d094742922a8258b582c3bc029eab88c98d476dac6e6f60bc0016746293f5337c68b22e528931b6494acddf1c02b9ea3986754716a9f2a32c59ff3d97f1e35ee07ca2972b0269a4cde86f7b64f80e7c13152c0f84083b5cc4f06acc0efb4316ff3f08c79bc0170229007fb27c97fb494b22f9f7b07f45547e263a44d5a7fe7da6a945a5e47afc9 - - - - <_Parameter1>$(AssemblyName).IntegrationTests,PublicKey=00240000048000001401000006020000002400005253413100080000010001003312c63e1417ad4652242148c599b55c50d3213c7610b4cc1f467b193bfb8d131de6686268a9db307fcef9efcd5e467483fe9015307e5d0cf9d2fd4df12f29a1c7a72e531d8811ca70f6c80c4aeb598c10bb7fc48742ab86aa7986b0ae9a2f4876c61e0b81eb38e5b549f1fc861c633206f5466bfde021cb08d094742922a8258b582c3bc029eab88c98d476dac6e6f60bc0016746293f5337c68b22e528931b6494acddf1c02b9ea3986754716a9f2a32c59ff3d97f1e35ee07ca2972b0269a4cde86f7b64f80e7c13152c0f84083b5cc4f06acc0efb4316ff3f08c79bc0170229007fb27c97fb494b22f9f7b07f45547e263a44d5a7fe7da6a945a5e47afc9 - + + <_Parameter1>$(AssemblyName).IntegrationTests,PublicKey=00240000048000001401000006020000002400005253413100080000010001003312c63e1417ad4652242148c599b55c50d3213c7610b4cc1f467b193bfb8d131de6686268a9db307fcef9efcd5e467483fe9015307e5d0cf9d2fd4df12f29a1c7a72e531d8811ca70f6c80c4aeb598c10bb7fc48742ab86aa7986b0ae9a2f4876c61e0b81eb38e5b549f1fc861c633206f5466bfde021cb08d094742922a8258b582c3bc029eab88c98d476dac6e6f60bc0016746293f5337c68b22e528931b6494acddf1c02b9ea3986754716a9f2a32c59ff3d97f1e35ee07ca2972b0269a4cde86f7b64f80e7c13152c0f84083b5cc4f06acc0efb4316ff3f08c79bc0170229007fb27c97fb494b22f9f7b07f45547e263a44d5a7fe7da6a945a5e47afc9 + <_Parameter1>$(AssemblyName).TestUtilities,PublicKey=00240000048000001401000006020000002400005253413100080000010001003312c63e1417ad4652242148c599b55c50d3213c7610b4cc1f467b193bfb8d131de6686268a9db307fcef9efcd5e467483fe9015307e5d0cf9d2fd4df12f29a1c7a72e531d8811ca70f6c80c4aeb598c10bb7fc48742ab86aa7986b0ae9a2f4876c61e0b81eb38e5b549f1fc861c633206f5466bfde021cb08d094742922a8258b582c3bc029eab88c98d476dac6e6f60bc0016746293f5337c68b22e528931b6494acddf1c02b9ea3986754716a9f2a32c59ff3d97f1e35ee07ca2972b0269a4cde86f7b64f80e7c13152c0f84083b5cc4f06acc0efb4316ff3f08c79bc0170229007fb27c97fb494b22f9f7b07f45547e263a44d5a7fe7da6a945a5e47afc9 From 6409218bf1fbdaf838ae3101aea74cfb0918e3f4 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 16 Apr 2024 13:51:56 +0200 Subject: [PATCH 08/20] Separate documentation workflow --- .github/workflows/build-and-publish.yml | 65 +++++-------------------- .github/workflows/upload-docs.yml | 44 +++++++++++++++++ 2 files changed, 55 insertions(+), 54 deletions(-) create mode 100644 .github/workflows/upload-docs.yml diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index b1acee7c..d4b51a69 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -24,6 +24,10 @@ on: inputs: push-to-dev: description: 'Push to internal NuGet' + default: false + type: boolean + upload-docs: + description: 'Push to documentation repository' required: true type: boolean version: @@ -48,6 +52,7 @@ jobs: - uses: actions/setup-dotnet@v4 with: global-json-file: global.json + - name: Add local NuGet repository run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/Yubico/index.json" @@ -107,66 +112,18 @@ jobs: path: | Yubico.YubiKey/examples/PivSampleCode Yubico.YubiKey/examples/SharedSampleCode - - # Test the project - - name: Test Yubico.YubiKey - run: dotnet test --configuration ReleaseWithDocs --verbosity normal --no-build --nologo Yubico.YubiKey/tests/unit/Yubico.YubiKey.UnitTests.csproj - - - name: Test Yubico.Core - run: dotnet test --configuration ReleaseWithDocs --verbosity normal --no-build --nologo Yubico.Core/tests/Yubico.Core.UnitTests.csproj - - publish_docs: - # Give this job a friendly name to show in GitHub UI. - name: Publish documentation - - # Publish the docs using Ubuntu as the docker image we want to create is linux-based. - runs-on: ubuntu-latest - - # Don't run this step until build completes. - needs: build - - # Connection information for our docker image registry - env: - IMAGE_REGISTRY_URL: us-docker.pkg.dev - IMAGE_REGISTRY_PROJECT: support-cluster-769001 - IMAGE_REPOSITORY: yesdk - IMAGE_NAME: yesdk-docserver - - steps: - # Checkout the local repository as we need the Dockerfile and other things even for this step. - - uses: actions/checkout@v4 - - # Grab the just-built documentation artifact and inflate the archive at the expected location. - - uses: actions/download-artifact@v4 - with: - name: Documentation - path: Yubico.YubiKey/docs/_site/ - - # Construct the docker image - - name: Docker build - run: | - docker build -t "${IMAGE_NAME}:${{ github.sha }}" . - # Authenticate to Google Cloud - - name: Authenticate - uses: google-github-actions/auth@v2 - with: - workload_identity_provider: ${{ vars.GLOBAL_GCP_WORKLOAD_IDENTITY_PROVIDER }} - service_account: yesdk-ci-builder@support-cluster-769001.iam.gserviceaccount.com - - # Push our docker image to GCP - - name: Push Docker image - run: | - gcloud auth configure-docker ${IMAGE_REGISTRY_URL} --project ${IMAGE_REGISTRY_PROJECT} - docker tag "${IMAGE_NAME}:${{ github.sha }}" "${IMAGE_REGISTRY_URL}/${IMAGE_REGISTRY_PROJECT}/${IMAGE_REPOSITORY}/${IMAGE_NAME}:${{ github.sha }}" - docker push "${IMAGE_REGISTRY_URL}/${IMAGE_REGISTRY_PROJECT}/${IMAGE_REPOSITORY}/${IMAGE_NAME}:${{ github.sha }}" - echo "New image tag: ${{ github.sha }}" + upload-docs: + uses: ./.github/workflows/upload-docs.yml + if: ${{ github.event.inputs.upload-docs == 'true' }} + with: + image_tag: 'yesdk-docserver' + needs: build publish-internal: name: Publish to internal NuGet runs-on: windows-2019 needs: build - environment: Internal NuGet feed if: ${{ github.event.inputs.push-to-dev }} steps: - uses: actions/download-artifact@v4 diff --git a/.github/workflows/upload-docs.yml b/.github/workflows/upload-docs.yml new file mode 100644 index 00000000..5c885e78 --- /dev/null +++ b/.github/workflows/upload-docs.yml @@ -0,0 +1,44 @@ +# Copyright 2021 Yubico AB +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Upload documentation + +on: + workflow_call: + inputs: + image_tag: + required: true + type: string + +jobs: + upload_docs: + runs-on: ubuntu-latest + steps: + - uses: actions/download-artifact@v4 + with: + name: Documentation + path: Yubico.YubiKey/docs/_site/ + - name: Docker build nginx webserver + run: | + docker build -t "${{ inputs.image_tag }}:${{ github.sha }}" . + - name: Authenticate to GCP + uses: google-github-actions/auth@v2 + with: + workload_identity_provider: ${{ vars.GLOBAL_GCP_WORKLOAD_IDENTITY_PROVIDER }} + service_account: yesdk-ci-builder@support-cluster-769001.iam.gserviceaccount.com + - name: Push Docker image to GCP + run: | + gcloud auth configure-docker ${{ env.IMAGE_REGISTRY_URL }} --project ${{ env.IMAGE_REGISTRY_PROJECT }} + docker tag "${{ inputs.image_tag }}:${{ github.sha }}" "${{ env.IMAGE_REGISTRY_URL }}/${{ env.IMAGE_REGISTRY_PROJECT }}/${{ env.IMAGE_REPOSITORY }}/${{ inputs.image_tag }}:${{ github.sha }}" + docker push "${{ env.IMAGE_REGISTRY_URL }}/${{ env.IMAGE_REGISTRY_PROJECT }}/${{ env.IMAGE_REPOSITORY }}/${{ inputs.image_tag }}:${{ github.sha }}" From b6656aa3dbc18ecc055112716249983c4bb23802 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 16 Apr 2024 14:12:02 +0200 Subject: [PATCH 09/20] Test upload docs --- .github/workflows/build-and-publish.yml | 5 ++++- .github/workflows/upload-docs.yml | 22 ++++++++++++++++------ 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index d4b51a69..0849365a 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -19,7 +19,7 @@ on: push: branches: - main - - 'develop**' + - '*' workflow_dispatch: inputs: push-to-dev: @@ -118,6 +118,9 @@ jobs: if: ${{ github.event.inputs.upload-docs == 'true' }} with: image_tag: 'yesdk-docserver' + registry_url: 'us-docker.pkg.dev' + project_id: 'support-cluster-769001' + repository_name: 'yesdk' needs: build publish-internal: diff --git a/.github/workflows/upload-docs.yml b/.github/workflows/upload-docs.yml index 5c885e78..31569b88 100644 --- a/.github/workflows/upload-docs.yml +++ b/.github/workflows/upload-docs.yml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -name: Upload documentation +name: Upload Documentation to GCP on: workflow_call: @@ -20,25 +20,35 @@ on: image_tag: required: true type: string + registry_url: + required: true + type: string + project_id: + required: true + type: string + repository_name: + required: true + type: string jobs: upload_docs: runs-on: ubuntu-latest steps: + - uses: actions/checkout@v4 - uses: actions/download-artifact@v4 with: name: Documentation path: Yubico.YubiKey/docs/_site/ - - name: Docker build nginx webserver + - name: Docker build run: | docker build -t "${{ inputs.image_tag }}:${{ github.sha }}" . - name: Authenticate to GCP uses: google-github-actions/auth@v2 with: - workload_identity_provider: ${{ vars.GLOBAL_GCP_WORKLOAD_IDENTITY_PROVIDER }} + workload_identity_provider: ${{ vars.GLOBAL_GCP_WORKLOAD_IDENTITY_PROVIDER }} # Provided at organizational level service_account: yesdk-ci-builder@support-cluster-769001.iam.gserviceaccount.com - name: Push Docker image to GCP run: | - gcloud auth configure-docker ${{ env.IMAGE_REGISTRY_URL }} --project ${{ env.IMAGE_REGISTRY_PROJECT }} - docker tag "${{ inputs.image_tag }}:${{ github.sha }}" "${{ env.IMAGE_REGISTRY_URL }}/${{ env.IMAGE_REGISTRY_PROJECT }}/${{ env.IMAGE_REPOSITORY }}/${{ inputs.image_tag }}:${{ github.sha }}" - docker push "${{ env.IMAGE_REGISTRY_URL }}/${{ env.IMAGE_REGISTRY_PROJECT }}/${{ env.IMAGE_REPOSITORY }}/${{ inputs.image_tag }}:${{ github.sha }}" + gcloud auth configure-docker ${{ inputs.registry_url }} --project ${{ inputs.project_id }} + docker tag "${{ inputs.image_tag }}:${{ github.sha }}" "${{ inputs.registry_url }}/${{ inputs.project_id }}/${{ inputs.repository_name }}/${{ inputs.image_tag }}:${{ github.sha }}" + docker push "${{ inputs.registry_url }}/${{ inputs.project_id }}/${{ inputs.repository_name }}/${{ inputs.image_tag }}:${{ github.sha }}" From 2aa92b332582537306efdfed05b345ad37df37b7 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 16 Apr 2024 14:17:53 +0200 Subject: [PATCH 10/20] Test build docs workflow --- .github/workflows/build-and-publish.yml | 1 - .github/workflows/upload-docs.yml | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 0849365a..8fd48f93 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -18,7 +18,6 @@ name: Build and publish on: push: branches: - - main - '*' workflow_dispatch: inputs: diff --git a/.github/workflows/upload-docs.yml b/.github/workflows/upload-docs.yml index 31569b88..dd2bd1b9 100644 --- a/.github/workflows/upload-docs.yml +++ b/.github/workflows/upload-docs.yml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -name: Upload Documentation to GCP +name: Upload documentation to GCP on: workflow_call: @@ -39,7 +39,7 @@ jobs: with: name: Documentation path: Yubico.YubiKey/docs/_site/ - - name: Docker build + - name: Build nginx image for documentation run: | docker build -t "${{ inputs.image_tag }}:${{ github.sha }}" . - name: Authenticate to GCP From 68b149b6e20d23c646ac0862fa16bd370580ffb7 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 16 Apr 2024 14:20:14 +0200 Subject: [PATCH 11/20] Run on commit --- .github/workflows/build-and-publish.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 8fd48f93..8d5c24c4 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -18,16 +18,18 @@ name: Build and publish on: push: branches: - - '*' + - 'dennisdyallo**' workflow_dispatch: inputs: push-to-dev: description: 'Push to internal NuGet' + required: false default: false type: boolean upload-docs: description: 'Push to documentation repository' - required: true + required: false + default: false type: boolean version: description: 'Version' From f7fb871decca0da4c9d07a9d5317c023af152b13 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 16 Apr 2024 14:22:51 +0200 Subject: [PATCH 12/20] Publish docs when enabled --- .github/workflows/build-and-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 8d5c24c4..990c4bef 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -29,7 +29,7 @@ on: upload-docs: description: 'Push to documentation repository' required: false - default: false + default: true type: boolean version: description: 'Version' @@ -44,7 +44,7 @@ permissions: jobs: build: - name: Build and test + name: Build runs-on: windows-2019 steps: From 29e0971a3886b4c33cbd8bbbef90c8cbacebc0fc Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 16 Apr 2024 14:33:12 +0200 Subject: [PATCH 13/20] Run tests and allow docs upload --- .github/workflows/build-and-publish.yml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 990c4bef..ca9e9749 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -71,6 +71,13 @@ jobs: - name: Build Yubico.NET.SDK.sln run: dotnet build --configuration ReleaseWithDocs --nologo --verbosity normal Yubico.NET.SDK.sln + # Run tests + - name: Test Yubico.YubiKey + run: dotnet test --configuration ReleaseWithDocs --verbosity normal --no-build --nologo Yubico.YubiKey/tests/unit/Yubico.YubiKey.UnitTests.csproj + + - name: Test Yubico.Core + run: dotnet test --configuration ReleaseWithDocs --verbosity normal --no-build --nologo Yubico.Core/tests/Yubico.Core.UnitTests.csproj + # Upload artifacts - name: Save documentation artifacts uses: actions/upload-artifact@v4 @@ -86,6 +93,15 @@ jobs: Yubico.DotNetPolyfills/src/bin/ReleaseWithDocs/*.nupkg Yubico.Core/src/bin/ReleaseWithDocs/*.nupkg Yubico.YubiKey/src/bin/ReleaseWithDocs/*.nupkg + + - name: Save build artifacts + uses: actions/upload-artifact@v4 + with: + name: Symbols Packages + path: | + Yubico.DotNetPolyfills/src/bin/ReleaseWithDocs/*.snupkg + Yubico.Core/src/bin/ReleaseWithDocs/*.snupkg + Yubico.YubiKey/src/bin/ReleaseWithDocs/*.snupkg - name: Save build artifacts uses: actions/upload-artifact@v4 @@ -116,7 +132,7 @@ jobs: upload-docs: uses: ./.github/workflows/upload-docs.yml - if: ${{ github.event.inputs.upload-docs == 'true' }} +#if: ${{ github.event.inputs.upload-docs == 'true' }} with: image_tag: 'yesdk-docserver' registry_url: 'us-docker.pkg.dev' From c0afda4d2c8eefae6b6f1e3f0af7f2f06a542fb2 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 16 Apr 2024 14:34:34 +0200 Subject: [PATCH 14/20] Better name --- .github/workflows/build-and-publish.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index ca9e9749..baecc196 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -131,6 +131,7 @@ jobs: Yubico.YubiKey/examples/SharedSampleCode upload-docs: + name: Upload docs uses: ./.github/workflows/upload-docs.yml #if: ${{ github.event.inputs.upload-docs == 'true' }} with: From 5d1b97b17a383fd19493a90e289f9214f96e4319 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 16 Apr 2024 14:43:40 +0200 Subject: [PATCH 15/20] Add permissions token --- .github/workflows/upload-docs.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/upload-docs.yml b/.github/workflows/upload-docs.yml index dd2bd1b9..88781e79 100644 --- a/.github/workflows/upload-docs.yml +++ b/.github/workflows/upload-docs.yml @@ -29,6 +29,9 @@ on: repository_name: required: true type: string + +permissions: + id-token: write jobs: upload_docs: From a336024a81b48abfca6f7a010eb8ed9639b13644 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 16 Apr 2024 15:07:41 +0200 Subject: [PATCH 16/20] consolidate vars --- .github/workflows/build-and-publish.yml | 7 +---- .github/workflows/upload-docs.yml | 35 +++++++++++-------------- 2 files changed, 17 insertions(+), 25 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index baecc196..3c7b3b38 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -133,12 +133,7 @@ jobs: upload-docs: name: Upload docs uses: ./.github/workflows/upload-docs.yml -#if: ${{ github.event.inputs.upload-docs == 'true' }} - with: - image_tag: 'yesdk-docserver' - registry_url: 'us-docker.pkg.dev' - project_id: 'support-cluster-769001' - repository_name: 'yesdk' + #if: ${{ github.event.inputs.upload-docs == 'true' }} needs: build publish-internal: diff --git a/.github/workflows/upload-docs.yml b/.github/workflows/upload-docs.yml index 88781e79..948305c7 100644 --- a/.github/workflows/upload-docs.yml +++ b/.github/workflows/upload-docs.yml @@ -16,22 +16,17 @@ name: Upload documentation to GCP on: workflow_call: - inputs: - image_tag: - required: true - type: string - registry_url: - required: true - type: string - project_id: - required: true - type: string - repository_name: - required: true - type: string - + permissions: id-token: write + contents: read + +env: + image_tag: 'yesdk-docserver' + registry_url: 'us-docker.pkg.dev' + project_id: 'support-cluster-769001' + repository_name: 'yesdk' + service_account: yesdk-ci-builder@support-cluster-769001.iam.gserviceaccount.com jobs: upload_docs: @@ -44,14 +39,16 @@ jobs: path: Yubico.YubiKey/docs/_site/ - name: Build nginx image for documentation run: | - docker build -t "${{ inputs.image_tag }}:${{ github.sha }}" . + docker build -t "${{ env.image_tag }}:${{ github.sha }}" . + - name: Authenticate to GCP uses: google-github-actions/auth@v2 with: workload_identity_provider: ${{ vars.GLOBAL_GCP_WORKLOAD_IDENTITY_PROVIDER }} # Provided at organizational level - service_account: yesdk-ci-builder@support-cluster-769001.iam.gserviceaccount.com + service_account: $${{ env.service_account }} - name: Push Docker image to GCP run: | - gcloud auth configure-docker ${{ inputs.registry_url }} --project ${{ inputs.project_id }} - docker tag "${{ inputs.image_tag }}:${{ github.sha }}" "${{ inputs.registry_url }}/${{ inputs.project_id }}/${{ inputs.repository_name }}/${{ inputs.image_tag }}:${{ github.sha }}" - docker push "${{ inputs.registry_url }}/${{ inputs.project_id }}/${{ inputs.repository_name }}/${{ inputs.image_tag }}:${{ github.sha }}" + gcloud auth configure-docker ${{ env.registry_url }} --project ${{ env.project_id }} + docker tag "${{ env.image_tag }}:${{ github.sha }}" "${{ env.registry_url }}/${{ env.project_id }}/${{ env.repository_name }}/${{ env.image_tag }}:${{ github.sha }}" + docker push "${{ env.registry_url }}/${{ env.project_id }}/${{ env.repository_name }}/${{ env.image_tag }}:${{ github.sha }}" + echo "New image tag: ${{ github.sha }}" From 95b5716b88246e52a8d43cfbb251aa4cb5419d6a Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 16 Apr 2024 15:22:34 +0200 Subject: [PATCH 17/20] Fix double $ --- .github/workflows/upload-docs.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/upload-docs.yml b/.github/workflows/upload-docs.yml index 948305c7..6c0bbb3a 100644 --- a/.github/workflows/upload-docs.yml +++ b/.github/workflows/upload-docs.yml @@ -26,7 +26,7 @@ env: registry_url: 'us-docker.pkg.dev' project_id: 'support-cluster-769001' repository_name: 'yesdk' - service_account: yesdk-ci-builder@support-cluster-769001.iam.gserviceaccount.com + service_account: 'yesdk-ci-builder@support-cluster-769001.iam.gserviceaccount.com' jobs: upload_docs: @@ -45,7 +45,8 @@ jobs: uses: google-github-actions/auth@v2 with: workload_identity_provider: ${{ vars.GLOBAL_GCP_WORKLOAD_IDENTITY_PROVIDER }} # Provided at organizational level - service_account: $${{ env.service_account }} + service_account: ${{ env.service_account }} + - name: Push Docker image to GCP run: | gcloud auth configure-docker ${{ env.registry_url }} --project ${{ env.project_id }} From c617cc11aeb7c44ad055560c843abb8378045a2f Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 16 Apr 2024 15:38:49 +0200 Subject: [PATCH 18/20] Only on main branch --- .github/workflows/build-and-publish.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 3c7b3b38..6b3fd1b3 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -18,7 +18,8 @@ name: Build and publish on: push: branches: - - 'dennisdyallo**' + - 'main' + workflow_dispatch: inputs: push-to-dev: @@ -26,11 +27,6 @@ on: required: false default: false type: boolean - upload-docs: - description: 'Push to documentation repository' - required: false - default: true - type: boolean version: description: 'Version' required: false @@ -133,7 +129,6 @@ jobs: upload-docs: name: Upload docs uses: ./.github/workflows/upload-docs.yml - #if: ${{ github.event.inputs.upload-docs == 'true' }} needs: build publish-internal: From 9ec18e3b104b4a8dc971a0411d0c8bc51398a047 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 16 Apr 2024 15:41:57 +0200 Subject: [PATCH 19/20] Add on develop --- .github/workflows/build-and-publish.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 6b3fd1b3..d98a8165 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -19,6 +19,7 @@ on: push: branches: - 'main' + - 'develop' workflow_dispatch: inputs: From 2b4e29b972514ee415e7d27a40ddbdd5fde69594 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 16 Apr 2024 16:03:38 +0200 Subject: [PATCH 20/20] Set workflow triggers --- .github/workflows/build-and-publish.yml | 7 +++++++ .github/workflows/build-pull-requests.yml | 10 +++++++--- .github/workflows/check-code-formatting.yml | 7 +++++++ .github/workflows/codeql-analysis.yml | 12 +++++++----- .github/workflows/test-and-cover.yml | 15 ++++++++++++++- 5 files changed, 42 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index d98a8165..7622b8bd 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -20,6 +20,13 @@ on: branches: - 'main' - 'develop' + paths: + - '**.h' + - '**.c' + - '**.cs' + - '**.csproj' + - '**.sln' + - '.github/workflows/build-and-publish.yml' workflow_dispatch: inputs: diff --git a/.github/workflows/build-pull-requests.yml b/.github/workflows/build-pull-requests.yml index 0cf1d1cc..72c92850 100644 --- a/.github/workflows/build-pull-requests.yml +++ b/.github/workflows/build-pull-requests.yml @@ -21,9 +21,13 @@ on: - main - 'develop**' - 'release/**' - push: - branches: - - 'release/**' + paths: + - '**.h' + - '**.c' + - '**.cs' + - '**.csproj' + - '**.sln' + - '.github/workflows/build-pull-requests.yml' jobs: build: diff --git a/.github/workflows/check-code-formatting.yml b/.github/workflows/check-code-formatting.yml index 7d1475e2..e551814f 100644 --- a/.github/workflows/check-code-formatting.yml +++ b/.github/workflows/check-code-formatting.yml @@ -20,6 +20,13 @@ on: - main - 'develop**' - 'release/**' + paths: + - '**.h' + - '**.c' + - '**.cs' + - '**.csproj' + - '**.sln' + - '.github/workflows/check-code-formatting.yml' jobs: check-code-formatting: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index a0bff54d..557f4242 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -24,11 +24,13 @@ on: branches: - main - 'develop**' - paths-ignore: - - '**/*.md' - - '**/*.txt' - - '**/*.xml' - - '**/*.yml' + paths: + - '**.h' + - '**.c' + - '**.cs' + - '**.csproj' + - '**.sln' + - '.github/workflows/codeql-analysis.yml' permissions: # required for all workflows diff --git a/.github/workflows/test-and-cover.yml b/.github/workflows/test-and-cover.yml index 1063aabc..6552f74b 100644 --- a/.github/workflows/test-and-cover.yml +++ b/.github/workflows/test-and-cover.yml @@ -20,10 +20,23 @@ on: - main - 'develop**' - 'release/**' + paths: + - '**.h' + - '**.c' + - '**.cs' + - '**.csproj' + - '**.sln' + - '.github/workflows/test-and-cover.yml' push: branches: - main - - 'develop**' + paths: + - '**.h' + - '**.c' + - '**.cs' + - '**.csproj' + - '**.sln' + - '.github/workflows/test-and-cover.yml' jobs: test: