Set up dotnet in dependent workflows

.github/workflows/build-and-publish-after-merge.yml → .github/workflows/build-and-publish.yml

@@ -12,19 +12,28 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-name: Build and publish artifacts from main and develop
+name: Build and publish
 
 # Triggers build on pushes to the main and develop branches.
 on:
   push:
     branches:
-      - main
-      - 'develop**'
+      - 'main'
+      - 'develop'
+    paths:
+      - '**.h'
+      - '**.c'
+      - '**.cs'
+      - '**.csproj'
+      - '**.sln'
+      - '.github/workflows/build-and-publish.yml'
+
   workflow_dispatch:
     inputs:
       push-to-dev:
         description: 'Push to internal NuGet'
-        required: true
+        required: false
+        default: false
         type: boolean
       version:
         description: 'Version'
@@ -39,18 +48,16 @@ permissions:
 
 jobs:
   build:
-    # Give this job a friendly name to show in GitHub UI.
-    name: Build + Test the SDK
-
-    # Even though we build for multiple platforms, we only need to run
-    # on a single host operating system. This is because we utilize cross-
-    # build functionality of the dotnet build system.
+    name: Build
     runs-on: windows-2019
 
     steps:
       # Checkout the local repository
       - uses: actions/checkout@v4
-
+      - uses: actions/setup-dotnet@v4
+        with:
+          global-json-file: global.json
+
       - name: Add local NuGet repository
         run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/Yubico/index.json"
 
@@ -65,15 +72,17 @@ jobs:
           $versionProp.Save($file.FullName)
 
       # Build the project
-      # The default GitHub runners seem to have N and N-1 versions of .NET Framework installed. In practice, they seem
-      # to have even more installed than that, but at a minimum N and N-1 seem like safe assumptions. We can therefore
-      # save some time and use the pre-installed version rather than downloading a fresh copy.
-
       - name: Build Yubico.NET.SDK.sln
         run: dotnet build --configuration ReleaseWithDocs --nologo --verbosity normal Yubico.NET.SDK.sln
 
-      # Upload artifacts
+      # Run tests 
+      - name: Test Yubico.YubiKey
+        run: dotnet test --configuration ReleaseWithDocs --verbosity normal --no-build --nologo Yubico.YubiKey/tests/unit/Yubico.YubiKey.UnitTests.csproj
+
+      - name: Test Yubico.Core
+        run: dotnet test --configuration ReleaseWithDocs --verbosity normal --no-build --nologo Yubico.Core/tests/Yubico.Core.UnitTests.csproj
 
+      # Upload artifacts
       - name: Save documentation artifacts
         uses: actions/upload-artifact@v4
         with:
@@ -88,6 +97,15 @@ jobs:
             Yubico.DotNetPolyfills/src/bin/ReleaseWithDocs/*.nupkg
             Yubico.Core/src/bin/ReleaseWithDocs/*.nupkg
             Yubico.YubiKey/src/bin/ReleaseWithDocs/*.nupkg
+
+      - name: Save build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: Symbols Packages
+          path: |
+            Yubico.DotNetPolyfills/src/bin/ReleaseWithDocs/*.snupkg
+            Yubico.Core/src/bin/ReleaseWithDocs/*.snupkg
+            Yubico.YubiKey/src/bin/ReleaseWithDocs/*.snupkg
 
       - name: Save build artifacts
         uses: actions/upload-artifact@v4
@@ -115,72 +133,16 @@ jobs:
           path: |
             Yubico.YubiKey/examples/PivSampleCode
             Yubico.YubiKey/examples/SharedSampleCode
-
-      # Test the project
-      #
-      # Here we call `dotnet test` on each individual test project that we want to have run as part of CI. We do this
-      # to skip running the integration tests which require actual YubiKeys to be present. We have tried using the filter
-      # capabilities of the `dotnet test` runner tool, however we have found that failures don't always register with
-      # GitHub when that is done.
-
-      - name: Test Yubico.YubiKey
-        run: dotnet test --configuration ReleaseWithDocs --verbosity normal --no-build --nologo Yubico.YubiKey/tests/unit/Yubico.YubiKey.UnitTests.csproj
-
-      - name: Test Yubico.Core
-        run: dotnet test --configuration ReleaseWithDocs --verbosity normal --no-build --nologo Yubico.Core/tests/Yubico.Core.UnitTests.csproj
-
-  publish_docs:
-    # Give this job a friendly name to show in GitHub UI.
-    name: Publish documentation
-
-    # Publish the docs using Ubuntu as the docker image we want to create is linux-based.
-    runs-on: ubuntu-latest
-
-    # Don't run this step until build completes.
-    needs: build
-
-    # Connection information for our docker image registry
-    env:
-      IMAGE_REGISTRY_URL: us-docker.pkg.dev
-      IMAGE_REGISTRY_PROJECT: support-cluster-769001
-      IMAGE_REPOSITORY: yesdk
-      IMAGE_NAME: yesdk-docserver
-
-    steps:
-      # Checkout the local repository as we need the Dockerfile and other things even for this step.
-      - uses: actions/checkout@v4
-
-      # Grab the just-built documentation artifact and inflate the archive at the expected location.
-      - uses: actions/download-artifact@v4
-        with:
-          name: Documentation
-          path: Yubico.YubiKey/docs/_site/
-
-      # Construct the docker image
-      - name: Docker build
-        run: |
-          docker build -t "${IMAGE_NAME}:${{ github.sha }}" .
 
-      # Authenticate to Google Cloud
-      - name: Authenticate
-        uses: google-github-actions/auth@v2
-        with:
-          workload_identity_provider: ${{ vars.GLOBAL_GCP_WORKLOAD_IDENTITY_PROVIDER }}
-          service_account: [email protected]
-
-      # Push our docker image to GCP
-      - name: Push Docker image
-        run: |
-          gcloud auth configure-docker ${IMAGE_REGISTRY_URL} --project ${IMAGE_REGISTRY_PROJECT}
-          docker tag "${IMAGE_NAME}:${{ github.sha }}" "${IMAGE_REGISTRY_URL}/${IMAGE_REGISTRY_PROJECT}/${IMAGE_REPOSITORY}/${IMAGE_NAME}:${{ github.sha }}"
-          docker push "${IMAGE_REGISTRY_URL}/${IMAGE_REGISTRY_PROJECT}/${IMAGE_REPOSITORY}/${IMAGE_NAME}:${{ github.sha }}"
-          echo "New image tag: ${{ github.sha }}"
+  upload-docs:
+    name: Upload docs
+    uses: ./.github/workflows/upload-docs.yml
+    needs: build
 
   publish-internal:
     name: Publish to internal NuGet
     runs-on: windows-2019
     needs: build
-    environment: Internal NuGet feed
     if: ${{ github.event.inputs.push-to-dev }}
     steps:
       - uses: actions/download-artifact@v4

.github/workflows/pull-requests.yml → .github/workflows/build-pull-requests.yml

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-name: CI build for pull requests into main and develop
+name: Build pull request
 
 # Triggers build on pull requests and pushes to the main and develop branches.
 on:
@@ -21,18 +21,18 @@ on:
       - main
       - 'develop**'
       - 'release/**'
-  push:
-    branches:
-      - 'release/**'
+    paths:
+      - '**.h'
+      - '**.c'
+      - '**.cs'
+      - '**.csproj'
+      - '**.sln'
+      - '.github/workflows/build-pull-requests.yml'
 
 jobs:
   build:
     # Give this job a friendly name to show in GitHub UI.
-    name: Build + Test the SDK
-
-    # Even though we build for multiple platforms, we only need to run
-    # on a single host operating system. This is because we utilize cross-
-    # build functionality of the dotnet build system.
+    name: Build and test
     runs-on: windows-latest
     # Build both Debug and ReleaseWithDocs configurations. Most people are probably building 'Debug' the most often. We
     # should be sure that Release also builds, and that our documentation also compiles successfully.
@@ -47,9 +47,6 @@ jobs:
         with:
           global-json-file: global.json
 
-      - name: run dotnet version
-        run: dotnet --version
-
       - name: Add local NuGet repository
         run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/Yubico/index.json"
 
@@ -77,12 +74,6 @@ jobs:
             Yubico.YubiKey/src/bin/${{matrix.configuration}}/**/*.dll
 
       # Test the project
-      #
-      # Here we call `dotnet test` on each individual test project that we want to have run as part of CI. We do this
-      # to skip running the integration tests which require actual YubiKeys to be present. We have tried using the filter
-      # capabilities of the `dotnet test` runner tool, however we have found that failures don't always register with
-      # GitHub when that is done.
-
       - name: Test Yubico.YubiKey
         run: dotnet test --configuration ${{matrix.configuration}} --verbosity normal --no-build --nologo Yubico.YubiKey/tests/unit/Yubico.YubiKey.UnitTests.csproj
 

.github/workflows/check-code-formatting.yml

@@ -20,15 +20,25 @@ on:
       - main
       - 'develop**'
       - 'release/**'
+    paths:
+      - '**.h'
+      - '**.c'
+      - '**.cs'
+      - '**.csproj'
+      - '**.sln'
+      - '.github/workflows/check-code-formatting.yml'
 
 jobs:
   check-code-formatting:
     runs-on: windows-2019
 
     steps:
-      # Checkout the local repository
       - uses: actions/checkout@v4
 
+      - uses: actions/setup-dotnet@v4
+        with:
+          global-json-file: global.json
+
       - name: Add local NuGet repository
         run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/Yubico/index.json"
 

.github/workflows/codeql-analysis.yml

@@ -24,11 +24,13 @@ on:
     branches:
       - main
       - 'develop**'
-    paths-ignore:
-      - '**/*.md'
-      - '**/*.txt'
-      - '**/*.xml'
-      - '**/*.yml'
+    paths:
+      - '**.h'
+      - '**.c'
+      - '**.cs'
+      - '**.csproj'
+      - '**.sln'
+      - '.github/workflows/codeql-analysis.yml'
 
 permissions:
   # required for all workflows

.github/workflows/test-and-cover.yml

@@ -20,17 +20,34 @@ on:
       - main
       - 'develop**'
       - 'release/**'
+    paths:
+      - '**.h'
+      - '**.c'
+      - '**.cs'
+      - '**.csproj'
+      - '**.sln'
+      - '.github/workflows/test-and-cover.yml'
   push:
     branches:
       - main
-      - 'develop**'
+    paths:
+      - '**.h'
+      - '**.c'
+      - '**.cs'
+      - '**.csproj'
+      - '**.sln'
+      - '.github/workflows/test-and-cover.yml'
 
 jobs:
   test:
     runs-on: windows-2019
 
     steps:
       - uses: actions/checkout@v4
+
+      - uses: actions/setup-dotnet@v4
+        with:
+          global-json-file: global.json
 
       - name: Add local NuGet repository
         run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/Yubico/index.json"
@@ -85,7 +102,7 @@ jobs:
           hide_complexity: false
           indicators: true
           output: both
-          thresholds: "50 70"
+          thresholds: "33 66"
 
       - name: Add Coverage PR Comment
         uses: marocchino/[email protected]
@@ -99,3 +116,4 @@ jobs:
         if: always()
         with:
           trx_files: "${{ github.workspace }}/**/*.trx"
+          check_name: publish test results

.github/workflows/upload-docs.yml

@@ -0,0 +1,55 @@
+# Copyright 2021 Yubico AB
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Upload documentation to GCP
+
+on: 
+  workflow_call:
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  image_tag: 'yesdk-docserver'
+  registry_url: 'us-docker.pkg.dev'
+  project_id: 'support-cluster-769001'
+  repository_name: 'yesdk'
+  service_account: '[email protected]'
+
+jobs:
+  upload_docs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/download-artifact@v4
+        with:
+          name: Documentation
+          path: Yubico.YubiKey/docs/_site/
+      - name: Build nginx image for documentation
+        run: |
+          docker build -t "${{ env.image_tag }}:${{ github.sha }}" .
+
+      - name: Authenticate to GCP
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ vars.GLOBAL_GCP_WORKLOAD_IDENTITY_PROVIDER }} # Provided at organizational level
+          service_account: ${{ env.service_account }}
+
+      - name: Push Docker image to GCP
+        run: |
+          gcloud auth configure-docker ${{ env.registry_url }} --project ${{ env.project_id }}
+          docker tag "${{ env.image_tag }}:${{ github.sha }}" "${{ env.registry_url }}/${{ env.project_id }}/${{ env.repository_name }}/${{ env.image_tag }}:${{ github.sha }}"
+          docker push "${{ env.registry_url }}/${{ env.project_id }}/${{ env.repository_name }}/${{ env.image_tag }}:${{ github.sha }}"
+          echo "New image tag: ${{ github.sha }}"

Yubico.NET.SDK.sln

@@ -26,10 +26,11 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = ".github", ".github", "{8FFE
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "workflows", "workflows", "{14C2FBE2-2204-46A5-9FE8-A770CB5A0261}"
 	ProjectSection(SolutionItems) = preProject
-		.github\workflows\build-and-publish-after-merge.yml = .github\workflows\build-and-publish-after-merge.yml
 		.github\workflows\codeql-analysis.yml = .github\workflows\codeql-analysis.yml
-		.github\workflows\cross-build-nativeshims.yml = .github\workflows\cross-build-nativeshims.yml
-		.github\workflows\pull-requests.yml = .github\workflows\pull-requests.yml
+		.github\workflows\build-and-publish.yml = .github\workflows\build-and-publish.yml
+		.github\workflows\build-pull-requests.yml = .github\workflows\build-pull-requests.yml
+		.github\workflows\build-nativeshims.yml = .github\workflows\build-nativeshims.yml
+		.github\workflows\test-and-cover.yml = .github\workflows\test-and-cover.yml
 	EndProjectSection
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Yubico.Core", "Yubico.Core", "{45D2A3BE-5111-4890-8898-2D43DB658A40}"