diff --git a/.github/workflows/ci-matrix.yml b/.github/workflows/ci-matrix.yml new file mode 100644 index 0000000..9c3ec3e --- /dev/null +++ b/.github/workflows/ci-matrix.yml @@ -0,0 +1,74 @@ +name: ci-matrix +on: + pull_request: + branches: + - main + workflow_dispatch: + inputs: + forcePublish: + description: When true the Publish stage will always be run, otherwise it only runs for tagged versions. + required: false + default: false + type: boolean + skipCleanup: + description: When true the pipeline clean-up stage will not be run. For example, the cache used between pipeline stages will be retained. + required: false + default: false + type: boolean + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + actions: write # enable cache clean-up + checks: write # enable test result annotations + contents: write # enable creating releases + issues: read + packages: write # enable publishing packages + pull-requests: write # enable test result annotations + +jobs: + prepareConfig: + name: Prepare Configuration + runs-on: ubuntu-latest + outputs: + RESOLVED_ENV_VARS: ${{ steps.prepareEnvVarsAndSecrets.outputs.environmentVariablesYamlBase64 }} + RESOLVED_SECRETS: ${{ steps.prepareEnvVarsAndSecrets.outputs.secretsYamlBase64 }} + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + + # Declare any environment variables and/or secrets that need to be available inside the build process + - uses: ./actions/prepare-env-vars-and-secrets + id: prepareEnvVarsAndSecrets + with: + environmentVariablesYaml: | + BUILDVAR_NuGetPublishSource: "${{ startsWith(github.ref, 'refs/tags/') && 'https://api.nuget.org/v3/index.json' || 'https://nuget.pkg.github.com/endjin/index.json' }}" + secretsYaml: | + NUGET_API_KEY: "${{ startsWith(github.ref, 'refs/tags/') && secrets.ENDJIN_NUGET_APIKEY || secrets.ENDJIN_GITHUB_PUBLISHER_PAT }}" + SBOM_ANALYSIS_RELEASE_READER_PAT: "${{ secrets.ENDJIN_GITHUB_READER_PAT }}" + + build: + needs: prepareConfig + uses: ./.github/workflows/scripted-build-matrix-pipeline.yml + with: + netSdkVersion: '8.x' + # workflow_dispatch inputs are always strings, the type property is just for the UI + forcePublish: ${{ github.event.inputs.forcePublish == 'true' }} + skipCleanup: ${{ github.event.inputs.skipCleanup == 'true' }} + publishPhaseEnv: ${{ needs.prepareConfig.outputs.RESOLVED_ENV_VARS }} + additionalCachePaths: | + tests + enableCrossOsCaching: true + testPhaseMatrixJson: | + { + "os": ["ubuntu-latest", "windows-latest"], + "dotnetFramework": ["net8.0"], + "exclude": [] + } + secrets: + compilePhaseAzureCredentials: ${{ secrets.ENDJIN_PROD_ACR_READER_CREDENTIALS }} + compilePhaseSecrets: ${{ needs.prepareConfig.outputs.RESOLVED_SECRETS }} + publishPhaseSecrets: ${{ needs.prepareConfig.outputs.RESOLVED_SECRETS }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6c03ade..ee51068 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,7 +36,7 @@ jobs: RESOLVED_ENV_VARS: ${{ steps.prepareEnvVarsAndSecrets.outputs.environmentVariablesYamlBase64 }} RESOLVED_SECRETS: ${{ steps.prepareEnvVarsAndSecrets.outputs.secretsYamlBase64 }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 diff --git a/.github/workflows/scripted-build-matrix-pipeline.yml b/.github/workflows/scripted-build-matrix-pipeline.yml new file mode 100644 index 0000000..c979757 --- /dev/null +++ b/.github/workflows/scripted-build-matrix-pipeline.yml @@ -0,0 +1,423 @@ +on: + workflow_call: + inputs: + netSdkVersion: + description: The primary .NET SDK version required for the build process, as per the syntax required by the 'setup-dotnet' action. + required: true + type: string + default: '8.0.x' + additionalNetSdkVersion: + description: An additional .NET SDK version required for the build process, as per the syntax required by the 'setup-dotnet' action. + required: false + type: string + pythonVersion: + description: Specify an additional Python version required for the build process + required: false + type: string + additionalCachePaths: + description: Custom paths that need to be included in the multi-stage pipeline caching. + required: false + default: '' + type: string + configuration: + description: The target build configuration. + required: false + default: 'Release' + type: string + compilePhaseEnv: + description: A JSON object representing the environment variables required when running the 'compile' stage of this workflow. + required: false + type: string + testPhaseEnv: + description: A JSON object representing the environment variables required when running the 'test' stage of this workflow. + required: false + type: string + testArtifactName: + description: If set, during the test phase, uploads a GitHub artifact with the provided name (path must be specified in `artifactPath`) + required: false + type: string + testArtifactPath: + description: If set, during the test phase, uploads a GitHub artifact with the provided path (name must be specified in `artifactName`). The path can be a file, directory or wildcard pattern; multiple paths can be specified using newline demiliter. + required: false + type: string + packagePhaseEnv: + description: A JSON object representing the environment variables required when running the 'package' stage of this workflow. + required: false + type: string + publishPhaseEnv: + description: A JSON object representing the environment variables required when running the 'publish' stage of this workflow. + required: false + type: string + publishArtifactName: + description: If set, during the publish phase, uploads a GitHub artifact with the provided name (path must be specified in `artifactPath`) + required: false + type: string + publishArtifactPath: + description: If set, during the publish phase, uploads a GitHub artifact with the provided path (name must be specified in `artifactName`). The path can be a file, directory or wildcard pattern; multiple paths can be specified using newline demiliter. + required: false + type: string + forcePublish: + description: When true, the Publish stage will be run regardless of the current branch or tag. + required: false + default: false + type: boolean + skipCleanup: + description: When true the pipeline clean-up stage will not be run. For example, the cache used between pipeline stages will be retained. + required: false + default: false + type: boolean + buildScriptPath: + description: The path to the build script to run. + required: false + default: ./build.ps1 + type: string + enableCrossOsCaching: + description: "When true the enables the 'enableCrossOsArchive' property on the GitHub Actions cache task. ref: https://github.com/actions/cache/blob/main/tips-and-workarounds.md#cross-os-cache" + required: false + default: true + type: boolean + compilePhaseRunnerOs: + description: The operating system to run the 'compile' stage of this workflow on. + required: false + default: windows-latest + type: string + testPhaseMatrixJson: + description: The OS and .NET Framework matrix configuration to be used for running the 'test' stage of this workflow. + required: false + default: | + { + "os": ["ubuntu-latest", "windows-latest"], + "dotnetFramework": ["net8.0", "net481"], + "exclude": [ + { + "os": "ubuntu-latest", + "dotnetFramework": "net481" + } + ] + } + type: string + packagePhaseRunnerOs: + description: The operating system to run the 'package' stage of this workflow on. + required: false + default: windows-latest + type: string + + secrets: + compilePhaseAzureCredentials: + required: false + compilePhaseSecrets: + description: A YAML string representing a dictionary of secrets required when running the 'compile' stage of this workflow. + required: false + testPhaseAzureCredentials: + required: false + testPhaseSecrets: + description: A YAML string representing a dictionary of secrets required when running the 'test' stage of this workflow. + required: false + packagePhaseAzureCredentials: + required: false + packagePhaseSecrets: + description: A YAML string representing a dictionary of secrets required when running the 'package' stage of this workflow. + required: false + publishPhaseAzureCredentials: + required: false + publishPhaseSecrets: + description: A YAML string representing a dictionary of secrets required when running the 'publish' stage of this workflow. + required: false + +env: + CODE_COVERAGE_SUMMARY_DIR: ${{ vars.CODE_COVERAGE_SUMMARY_DIR || '_codeCoverage' }} + CODE_COVERAGE_SUMMARY_FILE: ${{ vars.CODE_COVERAGE_SUMMARY_FILE || 'SummaryGithub.md' }} + +jobs: + compile: + name: Compile & Analyse + runs-on: ${{ inputs.compilePhaseRunnerOs }} + outputs: + semver: ${{ steps.run_compile.outputs.semver }} + major: ${{ steps.run_compile.outputs.major }} + majorMinor: ${{ steps.run_compile.outputs.majorMinor }} + preReleaseTag: ${{ steps.run_compile.outputs.preReleaseTag }} + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + submodules: true + - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/set-env-vars-and-secrets@main + with: + environmentVariablesYamlBase64: ${{ inputs.compilePhaseEnv}} + secretsYamlBase64: ${{ secrets.compilePhaseSecrets}} + - name: Debug Variables + if: env.ACTIONS_RUNNER_DEBUG == 'true' + run: | + gci env:/ | fl | out-string | Write-Host + shell: pwsh + - name: Check if compilePhaseAzureCredentials secret is set + id: compilePhaseAzureCredentials_secret_check + shell: bash + run: | + if [ "${{ secrets.compilePhaseAzureCredentials }}" != '' ]; then + echo "available=true" >> $GITHUB_OUTPUT; + else + echo "available=false" >> $GITHUB_OUTPUT; + fi + - name: Azure CLI login + if: ${{ steps.compilePhaseAzureCredentials_secret_check.outputs.available == 'true' }} + uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 + with: + creds: ${{ secrets.compilePhaseAzureCredentials }} + enable-AzPSSession: true + - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/run-scripted-build@feature/add-matrix-build + id: run_compile + with: + displayName: Compile & Analyse + buildScriptPath: ${{ inputs.buildScriptPath }} + netSdkVersion: ${{ inputs.netSdkVersion }} + additionalNetSdkVersion: ${{ inputs.additionalNetSdkVersion }} + pythonVersion: ${{ inputs.pythonVersion }} + tasks: 'Build,Analysis' + configuration: ${{ inputs.configuration }} + outputCachePaths: | + .nuget-packages + Solutions + solutions + ${{ inputs.additionalCachePaths }} + enableCrossOsCaching: ${{ inputs.enableCrossOsCaching}} + env: + BUILDVAR_AnalysisOutputStorageAccountName: ${{ vars.SBOM_OUTPUT_STORAGE_ACCOUNT_NAME}} + BUILDVAR_AnalysisOutputContainerName: ${{ vars.SBOM_OUTPUT_STORAGE_CONTAINER_NAME}} + BUILDVAR_AnalysisOutputBlobPath: ${{ vars.SBOM_OUTPUT_STORAGE_BLOB_BASE_PATH }}/src_platform=github/org=${{ github.repository_owner }}/repo=${{ github.event.repository.name }} + BUILDVAR_PublishCovenantOutputToStorage: true + BUILDVAR_CovenantMetadata: > + { + "git_provider": "github", + "git_org": "${{ github.repository_owner }}", + "git_repo": "${{ github.event.repository.name }}", + "git_branch": "${{ github.ref_name }}", + "git_sha": "${{ github.sha }}" + } + + test: + needs: + - compile + name: Test + strategy: + fail-fast: false + matrix: ${{ fromJson(inputs.testPhaseMatrixJson) }} + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 + with: + fetch-depth: 0 + - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/set-env-vars-and-secrets@main + with: + environmentVariablesYamlBase64: ${{ inputs.testPhaseEnv}} + secretsYamlBase64: ${{ secrets.testPhaseSecrets}} + - name: Debug Variables + if: env.ACTIONS_RUNNER_DEBUG == 'true' + run: | + gci env:/ | fl | out-string | Write-Host + shell: pwsh + - name: Check if testPhaseAzureCredentials secret is set + id: testPhaseAzureCredentials_secret_check + shell: bash + run: | + if [ "${{ secrets.testPhaseAzureCredentials }}" != '' ]; then + echo "available=true" >> $GITHUB_OUTPUT; + else + echo "available=false" >> $GITHUB_OUTPUT; + fi + - name: Azure CLI login + if: ${{ steps.testPhaseAzureCredentials_secret_check.outputs.available == 'true' }} + uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 + with: + creds: ${{ secrets.testPhaseAzureCredentials }} + enable-AzPSSession: true + - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/run-scripted-build@feature/add-matrix-build + with: + displayName: Run Tests + buildScriptPath: ${{ inputs.buildScriptPath }} + netSdkVersion: ${{ inputs.netSdkVersion }} + additionalNetSdkVersion: ${{ inputs.additionalNetSdkVersion }} + tasks: 'Test,TestReport' + configuration: ${{ inputs.configuration }} + inputCachePaths: | + .nuget-packages + Solutions + solutions + ${{ inputs.additionalCachePaths }} + enableCrossOsCaching: ${{ inputs.enableCrossOsCaching}} + artifactName: ${{ inputs.testArtifactName }} + artifactPath: ${{ inputs.testArtifactPath }} + env: + # Set build to produce .trx test results file which will be picked-up when publishing test results + BUILDVAR_DotNetTestLoggers: > + [ + "trx;LogFilePrefix=test-results_" + ] + BUILDVAR_TargetFrameworkMoniker: ${{ matrix.dotnetFramework }} + - id: check_coverage_summary + name: Check Code Coverage Summary Output + if: always() + run: | + # check if the code coverage summary file exists, but ensure the build doesn't fail if it can't be found + try { + $coverageFile = Join-Path $env:CODE_COVERAGE_SUMMARY_DIR $env:CODE_COVERAGE_SUMMARY_FILE + Write-Host "Checking for code coverage file: $coverageFile" + if (Test-Path $coverageFile) { + Write-Host "Code coverage summary file exists" + echo "EXISTS=true" >> $env:GITHUB_OUTPUT + } + } + catch {} + shell: pwsh + - id: check_os + name: Check Runner OS + if: always() + run: | + # store the runner's operating system (i.e. distinct from the OS version info available via runner image) + if ($IsWindows) { + $RunnerOs = "windows" + } + elseif ($IsLinux) { + $RunnerOs = "linux" + } + elseif ($IsMacOS) { + $RunnerOs = "macos" + } + else { + $RunnerOs = "Unknown" + } + Write-Host "Runner OS: $RunnerOs" + echo "RUNNEROS=$RunnerOs" >> $env:GITHUB_OUTPUT + shell: pwsh + - name: Add Code Coverage PR comment + # TODO: Test whether this works when running from a fork? + if: always() && steps.check_coverage_summary.outputs.EXISTS == 'true' && github.event_name == 'pull_request' + uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 + with: + recreate: true + path: ${{ env.CODE_COVERAGE_SUMMARY_DIR }}/${{ env.CODE_COVERAGE_SUMMARY_FILE }} + header: ${{ matrix.os }}-${{ matrix.dotnetFramework }} + # Conditional test result publishing as we can't use the docker version of the action on Windows + - name: Publish Test Results (Linux) + uses: EnricoMi/publish-unit-test-result-action@30eadd5010312f995f0d3b3cff7fe2984f69409e # v2.16.1 + if: always() && steps.check_os.outputs.RUNNEROS == 'linux' + with: + nunit_files: "*TestResults.xml" # produced by Pester + trx_files: "**/test-results_*.trx" # produced by dotnet test + junit_files: "**/*-test-results.xml" # produced by PyTest & Behave + - name: Publish Test Results (Windows) + uses: EnricoMi/publish-unit-test-result-action/windows@30eadd5010312f995f0d3b3cff7fe2984f69409e # v2.16.1 + if: always() && steps.check_os.outputs.RUNNEROS == 'windows' + with: + nunit_files: "*TestResults.xml" # produced by Pester + trx_files: "**/test-results_*.trx" # produced by dotnet test + junit_files: "**/*-test-results.xml" # produced by PyTest & Behave + + package: + needs: + - compile + name: Package + runs-on: ${{ inputs.packagePhaseRunnerOs }} + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 + with: + fetch-depth: 0 + - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/set-env-vars-and-secrets@main + with: + environmentVariablesYamlBase64: ${{ inputs.packagePhaseEnv}} + secretsYamlBase64: ${{ secrets.packagePhaseSecrets}} + - name: Debug Variables + if: env.ACTIONS_RUNNER_DEBUG == 'true' + run: | + gci env:/ | fl | out-string | Write-Host + shell: pwsh + - name: Check if packagePhaseAzureCredentials secret is set + id: packagePhaseAzureCredentials_secret_check + shell: bash + run: | + if [ "${{ secrets.packagePhaseAzureCredentials }}" != '' ]; then + echo "available=true" >> $GITHUB_OUTPUT; + else + echo "available=false" >> $GITHUB_OUTPUT; + fi + - name: Azure CLI login + if: ${{ steps.packagePhaseAzureCredentials_secret_check.outputs.available == 'true' }} + uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 + with: + creds: ${{ secrets.packagePhaseAzureCredentials }} + enable-AzPSSession: true + - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/run-scripted-build@feature/add-matrix-build + with: + displayName: Build Packages + buildScriptPath: ${{ inputs.buildScriptPath }} + netSdkVersion: ${{ inputs.netSdkVersion }} + additionalNetSdkVersion: ${{ inputs.additionalNetSdkVersion }} + tasks: 'Package' + configuration: ${{ inputs.configuration }} + inputCachePaths: | + .nuget-packages + Solutions + solutions + ${{ inputs.additionalCachePaths }} + enableCrossOsCaching: ${{ inputs.enableCrossOsCaching}} + outputCachePaths: | + _packages + ${{ inputs.additionalCachePaths }} + + publish: + needs: + - compile + - test + - package + name: Publish + if: inputs.forcePublish || startsWith(github.ref, 'refs/tags/') + runs-on: ubuntu-latest + permissions: + contents: write + packages: write + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 + with: + fetch-depth: 0 + - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/set-env-vars-and-secrets@main + with: + environmentVariablesYamlBase64: ${{ inputs.publishPhaseEnv}} + secretsYamlBase64: ${{ secrets.publishPhaseSecrets}} + - name: Debug Variables + if: env.ACTIONS_RUNNER_DEBUG == 'true' + run: | + gci env:/ | fl | out-string | Write-Host + shell: pwsh + - name: Check if publishPhaseAzureCredentials secret is set + id: publishPhaseAzureCredentials_secret_check + shell: bash + run: | + if [ "${{ secrets.publishPhaseAzureCredentials }}" != '' ]; then + echo "available=true" >> $GITHUB_OUTPUT; + else + echo "available=false" >> $GITHUB_OUTPUT; + fi + - name: Azure CLI login + if: ${{ steps.publishPhaseAzureCredentials_secret_check.outputs.available == 'true' }} + uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 + with: + creds: ${{ secrets.publishPhaseAzureCredentials }} + enable-AzPSSession: true + - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/run-scripted-build@feature/add-matrix-build + with: + displayName: Publish Packages + buildScriptPath: ${{ inputs.buildScriptPath }} + netSdkVersion: ${{ inputs.netSdkVersion }} + additionalNetSdkVersion: ${{ inputs.additionalNetSdkVersion }} + tasks: 'Publish' + inputCachePaths: | + _packages + ${{ inputs.additionalCachePaths }} + enableCrossOsCaching: ${{ inputs.enableCrossOsCaching}} + artifactName: ${{ inputs.publishArtifactName }} + artifactPath: ${{ inputs.publishArtifactPath }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NUGET_API_KEY: ${{ env.NUGET_API_KEY }} diff --git a/.github/workflows/scripted-build-pipeline.yml b/.github/workflows/scripted-build-pipeline.yml index eb2cb21..722e305 100644 --- a/.github/workflows/scripted-build-pipeline.yml +++ b/.github/workflows/scripted-build-pipeline.yml @@ -67,10 +67,15 @@ on: default: false type: boolean buildScriptPath: - description: The path to the build script to run. - required: false - default: ./build.ps1 - type: string + description: The path to the build script to run. + required: false + default: ./build.ps1 + type: string + runsOn: + description: The operating system to run all stages of this workflow. + required: false + default: ubuntu-latest + type: string secrets: compilePhaseAzureCredentials: @@ -95,15 +100,13 @@ on: required: false env: - CODE_COVERAGE_RESULTS_DIR: ${{ vars.BUILD_CODE_COVERAGE_RESULTS_DIR || '_codeCoverage' }} - CODE_COVERAGE_RESULTS_FILE: ${{ vars.BUILD_CODE_COVERAGE_RESULTS_FILE || 'Cobertura.xml' }} - CODE_COVERAGE_LOWER_THRESHOLD: ${{ vars.BUILD_CODE_COVERAGE_LOWER_THRESHOLD || 60 }} - CODE_COVERAGE_UPPER_THRESHOLD: ${{ vars.BUILD_CODE_COVERAGE_UPPER_THRESHOLD || 80 }} + CODE_COVERAGE_SUMMARY_DIR: ${{ vars.CODE_COVERAGE_SUMMARY_DIR || '_codeCoverage' }} + CODE_COVERAGE_SUMMARY_FILE: ${{ vars.CODE_COVERAGE_SUMMARY_FILE || 'SummaryGithub.md' }} jobs: compile: name: Compile & Analyse - runs-on: ubuntu-latest + runs-on: ${{ inputs.runsOn }} outputs: semver: ${{ steps.run_compile.outputs.semver }} major: ${{ steps.run_compile.outputs.major }} @@ -114,6 +117,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 with: fetch-depth: 0 + submodules: true - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/set-env-vars-and-secrets@main with: environmentVariablesYamlBase64: ${{ inputs.compilePhaseEnv}} @@ -138,7 +142,7 @@ jobs: with: creds: ${{ secrets.compilePhaseAzureCredentials }} enable-AzPSSession: true - - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/run-scripted-build@main + - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/run-scripted-build@feature/add-matrix-build id: run_compile with: displayName: Compile & Analyse @@ -171,9 +175,9 @@ jobs: needs: - compile name: Test - runs-on: ubuntu-latest + runs-on: ${{ inputs.runsOn }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/set-env-vars-and-secrets@main @@ -200,7 +204,7 @@ jobs: with: creds: ${{ secrets.testPhaseAzureCredentials }} enable-AzPSSession: true - - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/run-scripted-build@main + - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/run-scripted-build@feature/add-matrix-build with: displayName: Run Tests buildScriptPath: ${{ inputs.buildScriptPath }} @@ -216,64 +220,65 @@ jobs: artifactName: ${{ inputs.testArtifactName }} artifactPath: ${{ inputs.testArtifactPath }} env: - BUILDVAR_TestReportTypes: HtmlInline;Cobertura - # testing new multiple test logger support - will only affect repos using latest version of build module + # Set build to produce .trx test results file which will be picked-up when publishing test results BUILDVAR_DotNetTestLoggers: > [ - "GitHubActions", "trx;LogFilePrefix=test-results_" ] - - id: check_coverage - name: Check Code Coverage Output + - id: check_coverage_summary + name: Check Code Coverage Summary Output if: always() run: | - # check if the code coverage file exists, but ensure the build doesn't fail if it can't be found + # check if the code coverage summary file exists, but ensure the build doesn't fail if it can't be found try { - $coverageFile = Join-Path $env:CODE_COVERAGE_RESULTS_DIR $env:CODE_COVERAGE_RESULTS_FILE + $coverageFile = Join-Path $env:CODE_COVERAGE_SUMMARY_DIR $env:CODE_COVERAGE_SUMMARY_FILE Write-Host "Checking for code coverage file: $coverageFile" if (Test-Path $coverageFile) { - Write-Host "Code coverage file exists" + Write-Host "Code coverage summary file exists" echo "EXISTS=true" >> $env:GITHUB_OUTPUT } } catch {} shell: pwsh - - name: Store Code Coverage Artefacts - if: always() && steps.check_coverage.outputs.EXISTS == 'true' - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 - with: - name: CoverageReport - path: _codeCoverage - - name: Generate Code Coverage Summary Report - if: always() && steps.check_coverage.outputs.EXISTS == 'true' - uses: irongut/CodeCoverageSummary@51cc3a756ddcd398d447c044c02cb6aa83fdae95 # v1.3.0 - with: - filename: ${{ env.CODE_COVERAGE_RESULTS_DIR }}/${{ env.CODE_COVERAGE_RESULTS_FILE }} - badge: true - fail_below_min: false - format: markdown - hide_branch_rate: false - hide_complexity: false - indicators: true - output: both - thresholds: '${{ env.CODE_COVERAGE_LOWER_THRESHOLD }} ${{ env.CODE_COVERAGE_UPPER_THRESHOLD }}' - - name: Publish Code Coverage Summary Report - # NOTE: Skip this is we're running from a fork, as we won't have permissions to annotate the check run - if: always() && steps.check_coverage.outputs.EXISTS == 'true' && github.event.pull_request.head.repo.full_name == github.repository - uses: dtinth/markdown-report-action@af8143d37cced4c514fd67539a2e58c2f432da09 # v1.0.0 - with: - name: Code Coverage - title: Code Coverage Report - body-file: code-coverage-results.md + - id: check_os + name: Check Runner OS + if: always() + run: | + # store the runner's operating system (i.e. distinct from the OS version info available via runner image) + if ($IsWindows) { + $RunnerOs = "windows" + } + elseif ($IsLinux) { + $RunnerOs = "linux" + } + elseif ($IsMacOS) { + $RunnerOs = "macos" + } + else { + $RunnerOs = "Unknown" + } + Write-Host "Runner OS: $RunnerOs" + echo "RUNNEROS=$RunnerOs" >> $env:GITHUB_OUTPUT + shell: pwsh - name: Add Code Coverage PR comment - if: always() && steps.check_coverage.outputs.EXISTS == 'true' && github.event_name == 'pull_request' + # TODO: Test whether this works when running from a fork? + if: always() && steps.check_coverage_summary.outputs.EXISTS == 'true' && github.event_name == 'pull_request' uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 with: recreate: true - path: code-coverage-results.md - - name: Publish Test Results - uses: EnricoMi/publish-unit-test-result-action@e780361cd1fc1b1a170624547b3ffda64787d365 # v2.12.0 - if: always() + path: ${{ env.CODE_COVERAGE_SUMMARY_DIR }}/${{ env.CODE_COVERAGE_SUMMARY_FILE }} + header: ${{ inputs.runsOn }} + # Conditional test result publishing as we can't use the docker version of the action on Windows + - name: Publish Test Results (Linux) + uses: EnricoMi/publish-unit-test-result-action@30eadd5010312f995f0d3b3cff7fe2984f69409e # v2.16.1 + if: always() && steps.check_os.outputs.RUNNEROS == 'linux' + with: + nunit_files: "*TestResults.xml" # produced by Pester + trx_files: "**/test-results_*.trx" # produced by dotnet test + junit_files: "**/*-test-results.xml" # produced by PyTest & Behave + - name: Publish Test Results (Windows) + uses: EnricoMi/publish-unit-test-result-action/windows@30eadd5010312f995f0d3b3cff7fe2984f69409e # v2.16.1 + if: always() && steps.check_os.outputs.RUNNEROS == 'windows' with: nunit_files: "*TestResults.xml" # produced by Pester trx_files: "**/test-results_*.trx" # produced by dotnet test @@ -283,7 +288,7 @@ jobs: needs: - compile name: Package - runs-on: ubuntu-latest + runs-on: ${{ inputs.runsOn }} steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 with: @@ -312,7 +317,7 @@ jobs: with: creds: ${{ secrets.packagePhaseAzureCredentials }} enable-AzPSSession: true - - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/run-scripted-build@main + - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/run-scripted-build@feature/add-matrix-build with: displayName: Build Packages buildScriptPath: ${{ inputs.buildScriptPath }} @@ -368,7 +373,7 @@ jobs: with: creds: ${{ secrets.publishPhaseAzureCredentials }} enable-AzPSSession: true - - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/run-scripted-build@main + - uses: endjin/Endjin.RecommendedPractices.GitHubActions/actions/run-scripted-build@feature/add-matrix-build with: displayName: Publish Packages buildScriptPath: ${{ inputs.buildScriptPath }} diff --git a/README.md b/README.md index c270bd3..0342b60 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,33 @@ -# Endjin.RecommendedPractices.GitHubActions - -This repository contains [re-usable GitHub Action workflows](https://docs.github.com/en/actions/using-workflows/reusing-workflows) and [composite actions](https://docs.github.com/en/actions/creating-actions/creating-a-composite-action) for our standardised CI processes. - -## Index - -Workflows: -* `run-scripted-build` - encapsulates our standard CI build process - -Composite Actions: -* `scripted-build-pipeline` - encapsulates the steps for executing our [PowerShell-based build tooling](https://www.powershellgallery.com/packages/Endjin.RecommendedPractices.Build) - +# Endjin.RecommendedPractices.GitHubActions + +This repository contains [re-usable GitHub Action workflows](https://docs.github.com/en/actions/using-workflows/reusing-workflows) and [composite actions](https://docs.github.com/en/actions/creating-actions/creating-a-composite-action) for our standardised CI processes. + +## Reusable Workflows +- `scripted-build-pipeline` - encapsulates our standard CI build process, using separate jobs for Compile, Test, Package & Publish phases +- `scripted-build-matrix-pipeline` - as above, except the Test phase includes [matrix](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow) support + +## Composite Actions +- `prepare-env-vars-and-secrets` - provides a workaround for not natively being able to pass arbitrary environment variables and secrets to a reusable workflow. Based on assembling the required values into 2 well-known variables that act as containers for the variables and secrets that need to be passed. +- `run-scripted-build` - encapsulates the steps for executing our [PowerShell-based build tooling](https://www.powershellgallery.com/packages/Endjin.RecommendedPractices.Build) - typically used via one of the above reusable workflows. +- `set-env-vars-and-secrets` - the consuming side of the workaround for passing arbitrary environment variables and secrets. Unwraps the bundled environment variables and secrets so they are available to the running workflow. + +## Examples + +The following serve as examples of using the reusable workflows found in this repo: + +- [ci.yml](.github/workflows/ci.yml) - used for validating changes to the `scripted-build-pipeline` reusable workflow +- [ci-matrix.yml](.github/workflows/ci-matrix.yml) - used for validating changes to the `scripted-build-matrix-pipeline` reusable workflow + +## CI Build Process Overview + +The diagram below illustrates the high-level process that workflows implementing our standard CI build use: + +```mermaid +graph LR + compile["Compile"]-->analyse["Code Analysis"] + analyse-->test["Run Tests"] + test-->pubtests["Publish Test Results"] + analyse-->package["Build Packages"] + pubtests-->publish["Publish Packages"] + package-->publish +``` \ No newline at end of file diff --git a/actions/run-scripted-build/action.yml b/actions/run-scripted-build/action.yml index 6d294ff..02bc5d5 100644 --- a/actions/run-scripted-build/action.yml +++ b/actions/run-scripted-build/action.yml @@ -46,6 +46,10 @@ inputs: description: The path to the build script to run. required: false default: './build.ps1' + enableCrossOsCaching: + description: "When true the enables the 'enableCrossOsArchive' property on the GitHub Actions cache task. ref: https://github.com/actions/cache/blob/main/tips-and-workarounds.md#cross-os-cache" + required: false + default: 'false' outputs: @@ -96,6 +100,7 @@ runs: with: path: ${{ inputs.inputCachePaths }} key: build-state-${{ github.sha }} + enableCrossOsArchive: ${{ inputs.enableCrossOsCaching }} - id: cache_debug run: | @@ -120,6 +125,7 @@ runs: with: path: ${{ inputs.outputCachePaths }} key: build-state-${{ github.sha }} + enableCrossOsArchive: ${{ inputs.enableCrossOsCaching }} - name: Upload Artifact uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 diff --git a/build.ps1 b/build.ps1 index 5a4b85c..47f1005 100644 --- a/build.ps1 +++ b/build.ps1 @@ -56,7 +56,7 @@ param ( [string] $CoverageDir = "_codeCoverage", [Parameter()] - [string] $TestReportTypes = "Cobertura", + [string] $TestReportTypes = "HtmlInline", [Parameter()] [string] $PackagesDir = "_packages", @@ -72,10 +72,10 @@ param ( [string] $BuildModulePath, [Parameter()] - [string] $BuildModuleVersion = "1.5.6", + [string] $BuildModuleVersion = "1.5.9", [Parameter()] - [switch] $BuildModulePreReleaseVersion, + [bool] $BuildModulePreReleaseVersion = $false, [Parameter()] [string] $InvokeBuildModuleVersion = "5.10.3" @@ -110,7 +110,7 @@ if (!($BuildModulePath)) { else { Write-Information "BuildModulePath: $BuildModulePath" } -Import-Module $BuildModulePath -RequiredVersion $BuildModuleVersion -Force +Import-Module $BuildModulePath -RequiredVersion ($BuildModuleVersion -split '-')[0] -Force # Load the build process & tasks . Endjin.RecommendedPractices.Build.tasks