-
Notifications
You must be signed in to change notification settings - Fork 0
108 lines (88 loc) · 3.03 KB
/
ci.yml
File metadata and controls
108 lines (88 loc) · 3.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
name: CI
on:
pull_request:
branches: [main]
paths:
- 'DevOpsCodeReviewer/**'
- '.github/workflows/ci.yml'
push:
branches: [main]
paths:
- 'DevOpsCodeReviewer/**'
- '*.sln'
- '.github/workflows/ci.yml'
env:
DOTNET_VERSION: '8.0.x'
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
build:
name: Build and Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- name: Restore dependencies
run: dotnet restore src/DevOpsCodeReviewer.Functions/DevOpsCodeReviewer.Functions.csproj
- name: Build
run: dotnet build src/DevOpsCodeReviewer.Functions/DevOpsCodeReviewer.Functions.csproj --configuration Release --no-restore
- name: Run tests
run: |
if [ -d "tests/DevOpsCodeReviewer.Tests" ]; then
dotnet test tests/DevOpsCodeReviewer.Tests/DevOpsCodeReviewer.Tests.csproj --configuration Release --no-build --verbosity normal --collect:"XPlat Code Coverage" --results-directory ./coverage
else
echo "No tests found, skipping..."
fi
- name: Upload coverage reports
if: success() && hashFiles('coverage/**/*.xml') != ''
uses: codecov/codecov-action@v4
with:
files: ./coverage/**/coverage.cobertura.xml
fail_ci_if_error: false
lint-bicep:
name: Lint Bicep
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Azure CLI & Bicep extension
uses: azure/cli@v1
with:
azcliversion: 'latest'
inlineScript: |
az bicep install
- name: Lint Bicep files
run: |
for file in $(find infra -name "*.bicep"); do
echo "Linting $file..."
az bicep lint --file "$file"
done
- name: Build Bicep (validate)
run: az bicep build --file infra/main.bicep --stdout > /dev/null
security-scan:
name: Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- name: Restore dependencies
run: dotnet restore src/DevOpsCodeReviewer.Functions/DevOpsCodeReviewer.Functions.csproj
- name: Run security scan
run: |
dotnet list src/DevOpsCodeReviewer.Functions/DevOpsCodeReviewer.Functions.csproj package --vulnerable --include-transitive 2>&1 | tee security-report.txt
if grep -q "has the following vulnerable packages" security-report.txt; then
echo "::warning::Vulnerable packages detected"
fi
- name: Upload security report
uses: actions/upload-artifact@v4
with:
name: security-report
path: security-report.txt