-
Notifications
You must be signed in to change notification settings - Fork 7
168 lines (146 loc) · 5.59 KB
/
docker-publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
name: Build & deploy application
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
on:
push:
branches: [ "master" ]
# Publish semver tags as releases.
tags: [ 'v*.*.*' ]
pull_request:
branches: [ "master" ]
workflow_dispatch:
env:
# Use docker.io for Docker Hub if empty
#REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
build:
runs-on: ubuntu-latest
permissions: write-all
# contents: read
# packages: write
# issues: write
# pull-requests: write
# # This is used to complete the identity challenge
# # with sigstore/fulcio when running outside of PRs.
# id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: '0'
- name: Check secrets presence
id: checksecrets
shell: bash
run: |
if [ "$SONAR_TOKEN" == "" ]; then
echo "secretspresent=NO" >> $GITHUB_OUTPUT
else
echo "secretspresent=YES" >> $GITHUB_OUTPUT
fi
env:
SECRET: ${{ secrets.SECRET}}
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 21
distribution: 'temurin'
- name: Setup .NET Core SDK
uses: actions/setup-dotnet@v3
with:
dotnet-version: '8.0.x'
- name: Cache SonarCloud packages
uses: actions/cache@v1
with:
path: ~\sonar\cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Install SonarCloud scanners
run: |
dotnet tool install --global dotnet-sonarscanner
dotnet tool install --global dotnet-coverage
- name: Build and analyze with SonarCloud
if: (steps.checksecrets.outputs.secretspresent == 'YES')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
dotnet-sonarscanner begin /k:"VibeNL_GhostfolioSidekick" /o:"vibenl" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml
dotnet build
dotnet-coverage collect "dotnet test" -f xml -o "coverage.xml"
dotnet-sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
- name: Build and analyze without SonarCloud
if: (steps.checksecrets.outputs.secretspresent == 'NO')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
dotnet build
dotnet-coverage collect "dotnet test" -f xml -o "coverage.xml"
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@v3.3.0
with:
cosign-release: 'v2.1.1'
# Workaround: https://github.com/docker/build-push-action/issues/461
- name: Setup Docker buildx
if: (steps.checksecrets.outputs.secretspresent == 'YES')
uses: docker/setup-buildx-action@v3
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: (steps.checksecrets.outputs.secretspresent == 'YES')
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
if: (steps.checksecrets.outputs.secretspresent == 'YES')
id: meta
uses: docker/metadata-action@v5
with:
images: vibenl/ghostfoliosidekick
tags: |
# set latest tag for default branch
type=raw,value=latest,enable={{is_default_branch}}
type=ref,event=pr
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
#
# tags: ${{ steps.meta.outputs.tags }}
#
- name: Build and push Docker image
if: (steps.checksecrets.outputs.secretspresent == 'YES')
id: build-and-push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
file: ./GhostfolioSidekick/Dockerfile
- name: Create a PR comment with the published version
uses: thollander/actions-comment-pull-request@v2
if: ${{ github.event_name == 'pull_request' && steps.checksecrets.outputs.secretspresent == 'YES'}}
with:
message: |
### Development container published
Install with:
```
docker pull vibenl/ghostfoliosidekick:pr-${{ github.event.number }}
```
comment_tag: "development-ghostfoliosidekick-published"
mode: "recreate"
pr_number: ${{ github.event.number }}