-
Notifications
You must be signed in to change notification settings - Fork 7
100 lines (93 loc) · 3.71 KB
/
ci.yaml
File metadata and controls
100 lines (93 loc) · 3.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: CI
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
# purpose: Continuous Integration pipeline
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
inputs:
run-code-quality:
description: 'Check code quality?'
required: false
type: boolean
default: false
run-image-scan:
description: 'Scan container image?'
required: false
type: boolean
default: false
concurrency:
group: "${{ github.ref }}-ci"
cancel-in-progress: true
permissions:
contents: read
pull-requests: write
jobs:
git-check:
name: Git
uses: ./.github/workflows/reusable-git-check.yml
with:
is-pull-request: ${{ github.event_name == 'pull_request' }}
markup-lint:
name: Markup
uses: devpro/github-workflow-parts/.github/workflows/reusable-markup-lint.yml@c90ba46a93ca90123f57744b47e49c1a73962cea
code-quality:
name: Code
needs: git-check
if: needs.git-check.outputs.app_changed == 'true' || (github.event_name == 'workflow_dispatch' && inputs.run-code-quality)
uses: devpro/github-workflow-parts/.github/workflows/reusable-dotnet-quality.yml@c90ba46a93ca90123f57744b47e49c1a73962cea
with:
custom-commands: |
./scripts/mongodb-install.sh
echo "Initialize database (indexes, tenants & users)"
echo "TODO (MONGODB_URI="mongodb://localhost:27017/keeptrack_dev" ./scripts/...)"
dotnet-test-args: "--report-xunit-trx --coverage --coverage-output-format cobertura"
extra-vars: |
AllowedOrigins__0=5207
Features__IsScalarEnabled=true
Features__IsHttpsRedirectionEnabled=false
Infrastructure__MongoDB__ConnectionString=mongodb://localhost:27017
Infrastructure__MongoDB__DatabaseName=keeptrack_ci
fossa-enabled: true
sonar-enabled: true
sonar-exclusions: "samples/**"
sonar-organization: ${{ vars.SONAR_ORG }}
sonar-project-key: ${{ vars.SONAR_PROJECT_KEY }}
sonar-project-name: Keeptrack
workflow-parts-version: c90ba46a93ca90123f57744b47e49c1a73962cea
secrets:
fossa-api-key: ${{ secrets.FOSSA_API_KEY }}
sonar-token: ${{ secrets.SONAR_TOKEN }}
additional-vars: |
Authentication__JwtBearer__Authority=https://securetoken.google.com/${{ secrets.FIREBASE_PROJECTID }}
Authentication__JwtBearer__TokenValidation__Issuer=https://securetoken.google.com/${{ secrets.FIREBASE_PROJECTID }}
Authentication__JwtBearer__TokenValidation__Audience=${{ secrets.FIREBASE_PROJECTID }}
FIREBASE_APIKEY=${{ secrets.FIREBASE_APIKEY }}
FIREBASE_USERNAME=${{ secrets.FIREBASE_TESTUSERNAME }}
FIREBASE_PASSWORD=${{ secrets.FIREBASE_TESTPASSWORD }}
permissions:
contents: read
pull-requests: write
image-scan:
name: "Image ${{ matrix.name }}"
needs: git-check
if: needs.git-check.outputs.app_changed == 'true' || (github.event_name == 'workflow_dispatch' && inputs.run-image-scan)
strategy:
matrix:
include:
- name: "Blazor App"
image-name: "keeptrack-blazorapp"
image-definition: "src/BlazorApp/Dockerfile"
- name: "Web Api"
image-name: "keeptrack-webapi"
image-definition: "src/WebApi/Dockerfile"
uses: devpro/github-workflow-parts/.github/workflows/reusable-container-scan.yml@c90ba46a93ca90123f57744b47e49c1a73962cea
with:
image-definition: ${{ matrix.image-definition }}
image-name: ${{ matrix.image-name }}
image-path: ${{ vars.CONTAINER_REGISTRY_PATH }}
image-tag: "${{ needs.git-check.outputs.version_major_minor }}.${{ github.run_id }}"
max-high-cves: 0
max-medium-cves: 0