mirror of
https://github.com/irongut/CodeCoverageSummary.git
synced 2026-05-14 14:10:14 +02:00
dependabot[bot]
fbd7727617
Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 1.9.1 to 2.1.0. - [Release notes](https://github.com/actions/setup-dotnet/releases) - [Commits](https://github.com/actions/setup-dotnet/compare/608ee757cfcce72c2e91e99aca128e0cae67de87...c0d4ad69d8bd405d234f1c9166d383b7a4f69ed8) --- updated-dependencies: - dependency-name: actions/setup-dotnet dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
100 lines
3.1 KiB
YAML
100 lines
3.1 KiB
YAML
name: Build + Deploy to GHCR
|
|
|
|
on:
|
|
release:
|
|
types: [published]
|
|
|
|
env:
|
|
REGISTRY: ghcr.io
|
|
IMAGE_NAME: ${{ github.repository }}
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
build:
|
|
name: Test Build
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
|
|
with:
|
|
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@d171c3b028d844f2bf14e9fdec0c58114451e4bf
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup .Net
|
|
uses: actions/setup-dotnet@c0d4ad69d8bd405d234f1c9166d383b7a4f69ed8
|
|
with:
|
|
dotnet-version: 6.0.x
|
|
|
|
- name: Restore Dependencies
|
|
run: dotnet restore src/CodeCoverageSummary.sln
|
|
|
|
- name: Build CodeCoverageSummary
|
|
run: dotnet build src/CodeCoverageSummary.sln --configuration Release --no-restore
|
|
|
|
- name: Test with sample file
|
|
run: dotnet src/CodeCoverageSummary/bin/Release/net6.0/CodeCoverageSummary.dll --files **/coverage.*.xml --badge true
|
|
|
|
deploy:
|
|
name: Deploy to GHCR
|
|
needs: [build]
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
id-token: write # Used for identity challenge with sigstore/fulcio
|
|
|
|
steps:
|
|
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
|
|
with:
|
|
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@d171c3b028d844f2bf14e9fdec0c58114451e4bf
|
|
|
|
- name: Install Cosign
|
|
uses: sigstore/cosign-installer@c68f43abf1ae5df2528c9c250088fa14ed2d0ef5
|
|
with:
|
|
cosign-release: 'v1.9.0'
|
|
|
|
- name: Setup Docker Buildx
|
|
uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Extract Docker metadata
|
|
id: meta
|
|
uses: docker/metadata-action@b2391d37b4157fa4aa2e118d643f417910ff3242
|
|
with:
|
|
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
|
|
|
- name: Build + Push Docker image
|
|
id: build-and-push
|
|
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
|
|
with:
|
|
context: .
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
|
|
# Sign the Docker image digest
|
|
# Uses the identity token to provision an ephemeral certificate against the community Fulcio instance
|
|
# https://github.com/sigstore/cosign
|
|
- name: Sign the Docker image
|
|
env:
|
|
COSIGN_EXPERIMENTAL: "true"
|
|
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
|