Merge pull request #2775 from domaindrivendev/github-actions

Modernise build and migrate to GitHub Actions for CI
domaindrivendev · Apr 13, 2024 · 8be72fe · 8be72fe
2 parents 8f363f7 + 5e2ea49
commit 8be72fe
Show file tree

Hide file tree

Showing 63 changed files with 1,484 additions and 1,018 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -7,14 +7,16 @@ root = true
 
 [*]
 end_of_line = CRLF
+insert_final_newline = true
 
 [*.{config,cs,xml}]
 indent_style = space
 indent_size = 4
 trim_trailing_whitespace = true
 
-[*.{proj,props,sln,targets}]
-indent_style = tab
+[*.{proj,props,sln,targets,yml}]
+indent_size = 2
+indent_style = space
 trim_trailing_whitespace = true
 
 [*.{kproj,csproj,json,ps1,psd1,psm1,resx,rst}]

diff --git a/.github/actionlint-matcher.json b/.github/actionlint-matcher.json
@@ -0,0 +1,17 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "actionlint",
+      "pattern": [
+        {
+          "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$",
+          "file": 1,
+          "line": 2,
+          "column": 3,
+          "message": 4,
+          "code": 5
+        }
+      ]
+    }
+  ]
+}
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,58 @@
+version: 2
+updates:
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: weekly
+    day: wednesday
+    time: "10:00"
+    timezone: Europe/London
+# TODO Enable npm updates
+#- package-ecosystem: npm
+#  directory: "/src/Swashbuckle.AspNetCore.ReDoc"
+#  schedule:
+#    interval: weekly
+#    day: wednesday
+#    time: "10:00"
+#    timezone: Europe/London
+#- package-ecosystem: npm
+#  directory: "/src/Swashbuckle.AspNetCore.SwaggerUI"
+#  schedule:
+#    interval: weekly
+#    day: wednesday
+#    time: "10:00"
+#    timezone: Europe/London
+- package-ecosystem: nuget
+  directory: "/"
+  groups:
+    coverlet:
+      patterns:
+        - coverlet*
+    Microsoft.OpenApi:
+      patterns:
+        - Microsoft.OpenApi*
+    xunit:
+      patterns:
+        - xunit*
+  schedule:
+    interval: weekly
+    day: wednesday
+    time: "10:00"
+    timezone: Europe/London
+  ignore:
+    # Ignore the libraries which are "pinned"
+    - dependency-name: "IdentityServer4"
+    - dependency-name: "IdentityServer4.AccessTokenValidation"
+    - dependency-name: "Microsoft.AspNetCore"
+    - dependency-name: "Microsoft.AspNetCore.App"
+    - dependency-name: "Microsoft.AspNetCore.Mvc.ApiExplorer"
+    - dependency-name: "Microsoft.AspNetCore.Mvc.DataAnnotations"
+    - dependency-name: "Microsoft.AspNetCore.Mvc.Formatters.Json"
+    - dependency-name: "Microsoft.AspNetCore.Mvc.NewtonsoftJson"
+    - dependency-name: "Microsoft.AspNetCore.Mvc.Testing"
+    - dependency-name: "Microsoft.AspNetCore.Routing"
+    - dependency-name: "Microsoft.AspNetCore.StaticFiles"
+    - dependency-name: "Microsoft.Extensions.FileProviders.Embedded"
+    - dependency-name: "Microsoft.OpenApi"
+    - dependency-name: "Microsoft.OpenApi.Readers"
+    - dependency-name: "System.Text.Json"
diff --git a/.github/workflows/actions-lint.yml b/.github/workflows/actions-lint.yml
@@ -0,0 +1,36 @@
+name: actions-lint
+
+on:
+  push:
+    branches: [ master ]
+    paths-ignore:
+      - '**/*.gitattributes'
+      - '**/*.gitignore'
+      - '**/*.md'
+  pull_request:
+    branches: [ master ]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+env:
+  FORCE_COLOR: 3
+  TERM: xterm
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+
+    - name: Checkout code
+      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+
+    - name: Add actionlint problem matcher
+      run: echo "::add-matcher::.github/actionlint-matcher.json"
+
+    - name: Lint workflows
+      uses: docker://rhysd/actionlint@sha256:daa1edae4a6366f320b68abb60b74fb59a458c17b61938d3c62709d92b231558 # v1.6.27
+      with:
+        args: -color
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,166 @@
+name: build
+
+on:
+  push:
+    branches: [ master ]
+    tags: [ 'v*' ]
+  pull_request:
+    branches: [ master ]
+  workflow_dispatch:
+
+env:
+  DOTNET_CLI_TELEMETRY_OPTOUT: true
+  DOTNET_GENERATE_ASPNET_CERTIFICATE: false
+  DOTNET_NOLOGO: true
+  DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
+  DOTNET_SYSTEM_CONSOLE_ALLOW_ANSI_COLOR_REDIRECTION: 1
+  NUGET_XMLDOC_MODE: skip
+  TERM: xterm
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+
+    outputs:
+      dotnet-sdk-version: ${{ steps.setup-dotnet.outputs.dotnet-version }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - macos-latest
+          - ubuntu-latest
+          - windows-latest
+
+    steps:
+
+    - name: Checkout code
+      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+
+    - name: Setup .NET SDK
+      uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
+      id: setup-dotnet
+
+    - name: Setup NuGet cache
+      uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+      with:
+        path: ~/.nuget/packages
+        key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/*.props') }}
+        restore-keys: ${{ runner.os }}-nuget-
+
+    - name: Build, Package and Test
+      shell: pwsh
+      run: |
+        ./build.ps1
+
+    - name: Upload Coverage Reports
+      if: always()
+      uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+      with:
+        name: coverage-${{ runner.os }}
+        path: ./artifacts/coverage
+        if-no-files-found: ignore
+
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@c16abc29c95fcf9174b58eb7e1abf4c866893bc8 # v4.1.1
+      with:
+        files: ./artifacts/coverage/coverage.cobertura.xml
+        flags: ${{ runner.os }}
+        token: ${{ secrets.CODECOV_TOKEN }}
+
+    - name: Publish NuGet packages
+      uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+      with:
+        name: packages-${{ runner.os }}
+        path: ./artifacts/package/release
+        if-no-files-found: error
+
+  validate-packages:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Download packages
+      uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
+      with:
+        name: packages-Windows
+
+    - name: Setup .NET SDK
+      uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
+      with:
+        dotnet-version: ${{ needs.build.outputs.dotnet-sdk-version }}
+
+    - name: Validate NuGet packages
+      shell: pwsh
+      run: |
+        dotnet tool install --global dotnet-validate --version 0.0.1-preview.304
+        $packages = Get-ChildItem -Filter "*.nupkg" | ForEach-Object { $_.FullName }
+        $invalidPackages = 0
+        foreach ($package in $packages) {
+          dotnet validate package local $package
+          if ($LASTEXITCODE -ne 0) {
+            $invalidPackages++
+          }
+        }
+        if ($invalidPackages -gt 0) {
+          Write-Output "::error::$invalidPackages NuGet package(s) failed validation."
+        }
+
+  publish-myget:
+    needs: [ build, validate-packages ]
+    runs-on: ubuntu-latest
+    if: |
+      github.event.repository.fork == false &&
+      (github.ref_name == github.event.repository.default_branch ||
+       startsWith(github.ref, 'refs/tags/v'))
+
+    environment:
+      name: MyGet.org
+      url: https://www.myget.org/gallery/domaindrivendev
+
+    steps:
+
+    - name: Download packages
+      uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
+      with:
+        name: packages-Windows
+
+    - name: Setup .NET SDK
+      uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
+      with:
+        dotnet-version: ${{ needs.build.outputs.dotnet-sdk-version }}
+
+    - name: Push signed NuGet packages to NuGet.org
+      run: |
+        dotnet nuget push "*.nupkg" --api-key ${{ secrets.MYGET_TOKEN }} --skip-duplicate --source https://www.myget.org/F/domaindrivendev/api/v2
+
+  publish-nuget:
+    needs: [ build, validate-packages ]
+    runs-on: ubuntu-latest
+    if: |
+      github.event.repository.fork == false &&
+      startsWith(github.ref, 'refs/tags/v')
+
+    environment:
+      name: NuGet.org
+      url: https://www.nuget.org/profiles/domaindrivendev
+
+    steps:
+
+    - name: Download packages
+      uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
+      with:
+        name: packages-Windows
+
+    - name: Setup .NET SDK
+      uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
+      with:
+        dotnet-version: ${{ needs.build.outputs.dotnet-sdk-version }}
+
+    - name: Push signed NuGet packages to NuGet.org
+      run: |
+        dotnet nuget push "*.nupkg" --api-key ${{ secrets.NUGET_TOKEN }} --skip-duplicate --source https://api.nuget.org/v3/index.json
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,45 @@
+name: codeql-analysis
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+  schedule:
+    - cron: '0 8 * * MON'
+  workflow_dispatch:
+
+permissions:
+  actions: read
+  contents: read
+
+jobs:
+  code-ql:
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      security-events: write
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+
+    - name: Setup .NET SDK
+      uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
+      with:
+        languages: csharp
+        build-mode: manual
+
+    - name: Build
+      shell: pwsh
+      run: |
+        dotnet build --configuration Release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
+      with:
+        category: '/language:csharp'
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
@@ -0,0 +1,44 @@
+name: ossf-scorecard
+
+on:
+  push:
+    branches: [ master ]
+  schedule:
+    - cron: '0 8 * * MON'
+  workflow_dispatch:
+
+permissions: read-all
+
+jobs:
+  analysis:
+    name: analysis
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write
+      security-events: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        with:
+          persist-credentials: false
+
+      - name: Run analysis
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          publish_results: true
+          results_file: results.sarif
+          results_format: sarif
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: SARIF
+          path: results.sarif
+          retention-days: 5
+
+      - name: Upload to code-scanning
+        uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
+        with:
+          sarif_file: results.sarif