-
Notifications
You must be signed in to change notification settings - Fork 2
135 lines (112 loc) · 4.12 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Main build
on:
workflow_dispatch: # Allow running the workflow manually from the GitHub UI
pull_request:
branches:
- main
push:
branches:
- main
merge_group:
branches:
- main
workflow_call: # Allow to be called from the release workflow
schedule:
- cron: '31 15 * * 0' # Run periodically to keep CodeQL database updated
permissions:
security-events: write # required for CodeQL
packages: read
contents: read
actions: read
jobs:
build:
strategy:
fail-fast: false # Run all OSes, even if one fails, to help narrow down issues that only impact some platforms
matrix:
os: [windows-latest, ubuntu-latest]
runs-on: ${{ matrix.os }}
env:
IS_COVERAGE_ALLOWED: ${{ secrets.CODACY_PROJECT_TOKEN != '' }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # avoid shallow clone so nbgv can do its work
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: csharp
build-mode: manual
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
queries: security-extended
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
global-json-file: ./global.json
- name: NuGet Restore
run: dotnet restore
- name: Build
run: dotnet build --no-restore --configuration Release /bl:./artifacts/logs/release/build.release.binlog
- name: Test
run: dotnet test --no-build --configuration Release --settings ./build/targets/tests/test.runsettings
- name: Upload binlogs
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: binlogs-${{ matrix.os }}
path: ./artifacts/logs
if-no-files-found: error
- name: Upload *.received.* files
uses: actions/upload-artifact@v4
if: failure()
with:
name: verify-test-results
path: |
**/*.received.*
- name: Upload SARIF files
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: SARIF files (${{ matrix.os }})
path: ./artifacts/obj/**/*.sarif
- name: Upload Test Report
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: .NET Test Reports (${{ matrix.os }})
path: "artifacts/TestResults/**/*.trx"
if-no-files-found: error
- name: Upload Code Coverage Report
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: .NET Code Coverage Reports (${{ matrix.os }})
path: "artifacts/TestResults/coverage/**"
- name: Publish coverage summary to GitHub
run: cat artifacts/TestResults/coverage/SummaryGithub.md >> $GITHUB_STEP_SUMMARY
shell: bash
- name: Upload coverage data to Codacy
if: ${{ runner.os == 'Linux' && env.IS_COVERAGE_ALLOWED == 'true' }}
uses: codacy/[email protected]
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
coverage-reports: ${{ github.workspace }}/artifacts/TestResults/coverage/Cobertura.xml
- name: Upload packages
uses: actions/upload-artifact@v4
with:
name: packages-${{ matrix.os }}
path: |
./artifacts/package
if-no-files-found: error
- name: Validate performance
shell: pwsh
# Uses ETL which needs Windows
if: ${{ runner.os == 'Windows' }}
run: ${{ github.workspace }}/build/scripts/perf/PerfCore.ps1 -v diag -diff -ci
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:csharp"