v2 token endpoints #2124
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - '**' | |
| pull_request: | |
| branches: | |
| - '**' | |
| workflow_call: | |
| inputs: | |
| platforms: | |
| description: 'Platforms to build for' | |
| required: false | |
| type: string | |
| latest: | |
| description: 'Tag image as latest' | |
| required: false | |
| type: boolean | |
| default: false | |
| push: | |
| description: 'Push image to registry (makes it push if it usually wouldnt)' | |
| required: false | |
| type: boolean | |
| default: false | |
| tag-prefix: | |
| description: 'Tag prefix to use' | |
| required: false | |
| type: string | |
| default: 'rn' | |
| workflow_dispatch: | |
| name: ci-build | |
| env: | |
| REGISTRY: ghcr.io | |
| DOTNET_VERSION: 10.0.x | |
| COVERAGE_MIN_PERCENT: '85' | |
| jobs: | |
| tests: | |
| name: Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0 | |
| with: | |
| dotnet-version: '${{ env.DOTNET_VERSION }}' | |
| - name: Run tests | |
| run: | | |
| set -euo pipefail | |
| dotnet test -c Release --solution OpenShockBackend.slnx \ | |
| --results-directory "artifacts/test-results" \ | |
| -- \ | |
| --coverage \ | |
| --coverage-output coverage.cobertura.xml \ | |
| --coverage-output-format cobertura \ | |
| --report-trx \ | |
| --report-trx-filename test-results.trx | |
| - name: Upload test artifacts | |
| if: always() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: test-results | |
| path: artifacts/test-results | |
| if-no-files-found: warn | |
| coverage: | |
| name: Coverage | |
| runs-on: ubuntu-latest | |
| needs: [tests] | |
| outputs: | |
| linecoverage: ${{ steps.enforce.outputs.linecoverage }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - uses: actions/setup-dotnet@v5 | |
| with: | |
| dotnet-version: '${{ env.DOTNET_VERSION }}' | |
| - name: Download test artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: test-results | |
| path: artifacts/test-results | |
| - name: Install ReportGenerator | |
| run: dotnet tool install --tool-path ./.tools dotnet-reportgenerator-globaltool | |
| - name: Generate merged coverage report | |
| run: | | |
| set -euo pipefail | |
| reports="$(find artifacts/test-results -name coverage.cobertura.xml -print | paste -sd ';' -)" | |
| if [ -z "$reports" ]; then | |
| echo "No coverage reports found" >&2 | |
| exit 1 | |
| fi | |
| ./.tools/reportgenerator \ | |
| "-reports:${reports}" \ | |
| "-targetdir:artifacts/coverage" \ | |
| "-reporttypes:Html;MarkdownSummaryGithub;JsonSummary;Badges" | |
| - name: Add coverage summary | |
| run: cat artifacts/coverage/SummaryGithub.md >> "$GITHUB_STEP_SUMMARY" | |
| - name: Enforce minimum coverage | |
| id: enforce | |
| env: | |
| COVERAGE_MIN_PERCENT: ${{ env.COVERAGE_MIN_PERCENT }} | |
| run: | | |
| python - <<'PY' | |
| import json | |
| import os | |
| threshold = float(os.environ["COVERAGE_MIN_PERCENT"]) | |
| with open("artifacts/coverage/Summary.json", "r", encoding="utf-8") as handle: | |
| summary = json.load(handle)["summary"] | |
| line_coverage = float(summary["linecoverage"]) | |
| print(f"Line coverage: {line_coverage:.1f}%") | |
| with open(os.environ["GITHUB_OUTPUT"], "a", encoding="utf-8") as output: | |
| output.write(f"linecoverage={line_coverage:.1f}\n") | |
| if line_coverage < threshold: | |
| raise SystemExit( | |
| f"Coverage threshold not met: {line_coverage:.1f}% < {threshold:.1f}%" | |
| ) | |
| PY | |
| - name: Upload merged coverage report | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: coverage-report | |
| path: artifacts/coverage | |
| if-no-files-found: error | |
| publish-coverage: | |
| name: Publish coverage | |
| runs-on: ubuntu-latest | |
| needs: coverage | |
| if: ${{ github.ref_type == 'branch' && github.event_name != 'pull_request' && github.ref_name == 'master' }} | |
| permissions: | |
| contents: read | |
| pages: write | |
| id-token: write | |
| environment: | |
| name: github-pages | |
| url: ${{ steps.deployment.outputs.page_url }} | |
| steps: | |
| - name: Configure Pages | |
| uses: actions/configure-pages@v6 | |
| - name: Download merged coverage report | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: coverage-report | |
| path: _site/coverage | |
| - name: Upload Pages artifact | |
| uses: actions/upload-pages-artifact@v5 | |
| with: | |
| path: _site | |
| - name: Deploy Pages site | |
| id: deployment | |
| uses: actions/deploy-pages@v5 | |
| build: | |
| name: Build (${{ matrix.image }}) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - dockerfile: docker/API.Dockerfile | |
| image: api | |
| - dockerfile: docker/LiveControlGateway.Dockerfile | |
| image: live-control-gateway | |
| - dockerfile: docker/Cron.Dockerfile | |
| image: cron | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build ${{ matrix.image }} | |
| uses: ./.github/actions/build-app | |
| with: | |
| dockerfile: ${{ matrix.dockerfile }} | |
| push: ${{ inputs.push || (github.ref_protected && github.event_name != 'pull_request') }} | |
| image: ${{ matrix.image }} | |
| platforms: ${{ inputs.platforms || 'linux/amd64' }} | |
| tag-prefix: ${{ inputs.tag-prefix || 'rn' }} | |
| promote-image: | |
| name: Promote Image (${{ matrix.image }}) | |
| needs: [build, coverage] | |
| runs-on: ubuntu-latest | |
| if: ${{ inputs.push || (github.ref_protected && github.event_name != 'pull_request') }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - image: api | |
| - image: live-control-gateway | |
| - image: cron | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Promote Manifest ${{ matrix.image }} | |
| uses: ./.github/actions/promote-image | |
| with: | |
| image: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.image }} | |
| run-tag: ${{ inputs.tag-prefix || 'rn' }}-${{ github.run_number }}-a${{ github.run_attempt }} | |
| latest: ${{ inputs.latest || false }} | |
| deploy-prod-workflow: | |
| runs-on: ubuntu-latest | |
| needs: promote-image | |
| if: ${{ github.ref_type == 'branch' && github.event_name != 'pull_request' && github.ref_name == 'master' }} | |
| environment: production | |
| steps: | |
| - name: Send repository dispatch | |
| uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1 | |
| with: | |
| token: ${{ secrets.GITOPS_PAT }} | |
| repository: openshock/kubernetes-cluster-gitops | |
| event-type: update-backend-prod | |
| client-payload: | | |
| { | |
| "tag": "${{ inputs.tag-prefix || 'rn' }}-${{ github.run_number }}-a${{ github.run_attempt }}" | |
| } | |
| deploy-staging: | |
| runs-on: ubuntu-latest | |
| needs: promote-image | |
| if: ${{ github.ref_type == 'branch' && github.event_name != 'pull_request' && github.ref_name == 'develop' }} | |
| environment: staging | |
| steps: | |
| - name: Send repository dispatch | |
| uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1 | |
| with: | |
| token: ${{ secrets.GITOPS_PAT }} | |
| repository: openshock/kubernetes-cluster-gitops | |
| event-type: update-backend-staging | |
| client-payload: | | |
| { | |
| "tag": "${{ inputs.tag-prefix || 'rn' }}-${{ github.run_number }}-a${{ github.run_attempt }}" | |
| } | |
| deploy-dev: | |
| runs-on: ubuntu-latest | |
| needs: promote-image | |
| if: ${{ github.ref_type == 'branch' && github.event_name != 'pull_request' && github.ref_name == 'develop' }} | |
| environment: development | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| sparse-checkout: | | |
| .github | |
| - uses: ./.github/actions/watchtower-update | |
| with: | |
| url: ${{ vars.WATCHTOWER_URL }} | |
| token: ${{ secrets.WATCHTOWER_TOKEN }} |