From 5a6aecd2343b09ce19132f90cdbbeb880c5f8043 Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Fri, 4 Feb 2022 16:05:07 -0800 Subject: [PATCH 1/8] Impelment #42 Add release pipeline --- .github/.gitversion.yml | 22 +- .github/workflows/build.yml | 261 ++++++++++++++---- .github/workflows/docs.yml | 37 --- .github/workflows/release.yml | 112 -------- GitReleaseManager.yaml | 57 ++++ VERSION | 1 - .../PayloadNotificationServiceTest.cs | 15 +- .../Test/Services/Scp/PayloadTest.cs | 6 +- 8 files changed, 290 insertions(+), 221 deletions(-) delete mode 100644 .github/workflows/docs.yml delete mode 100644 .github/workflows/release.yml create mode 100644 GitReleaseManager.yaml delete mode 100644 VERSION diff --git a/.github/.gitversion.yml b/.github/.gitversion.yml index 85deefa03..3c43d94ee 100644 --- a/.github/.gitversion.yml +++ b/.github/.gitversion.yml @@ -1,9 +1,29 @@ +# Copyright 2021 MONAI Consortium +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + assembly-versioning-scheme: MajorMinorPatchTag -mode: Mainline next-version: 0.1.0 +mode: ContinuousDelivery branches: main: + tag: '' + release: + tag: rc + develop: tag: beta + feature: + tag: alpha.{BranchName} + pull-request: + tag: pr + ignore: sha: [] merge-message-formats: {} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index dc2177aff..63d2635a2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,70 +1,211 @@ -name: Default +# Copyright 2021 MONAI Consortium +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Build on: + # Trigger on pushes and on pull requests push: - branches: - - main - - 'release/**' pull_request: - branches: - - main - - 'release/**' + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + BUILD_CONFIG: "Release" + SOLUTION: "Monai.Deploy.InformaticsGateway.sln" + TEST_RESULTS: "results/" jobs: build: - timeout-minutes: 60 - runs-on: ubuntu-latest + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest, windows-latest] + # fail-fast: true + + permissions: + contents: write + packages: write + + outputs: + semVer: ${{ steps.gitversion.outputs.semVer }} + preReleaseLabel: ${{ steps.gitversion.outputs.preReleaseLabel }} + majorMinorPatch: ${{ steps.gitversion.outputs.majorMinorPatch }} + steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - uses: actions/setup-dotnet@v1 - with: - dotnet-version: '6.0.x' - - name: Build - run: | - export VERSION=`cat VERSION` - ./build.sh - docker tag monai/informatics-gateway:$VERSION monai/informatics-gateway:${{ github.sha }} - docker images - - name: Scan image with Azure Container Scan - env: - TRIVY_TIMEOUT_SEC: 360s - uses: Azure/container-scan@v0.1 - with: - image-name: monai/informatics-gateway:${{ github.sha }} - - name: Scan image with Anchore - id: scan - uses: anchore/scan-action@v2 - with: - image: monai/informatics-gateway:${{ github.sha }} - fail-build: true - severity-cutoff: high - acs-report-enable: true - # - name: upload Anchore scan SARIF report - # uses: github/codeql-action/upload-sarif@v1 - # with: - # sarif_file: ${{ steps.scan.outputs.sarif }} - - test: - timeout-minutes: 60 + - name: Checkout repository + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - uses: actions/setup-dotnet@v1 + with: + dotnet-version: "6.0.x" + + - name: Install GitVersion + run: dotnet tool install --global GitVersion.Tool + + - name: Determine Version + id: gitversion + uses: gittools/actions/gitversion/execute@v0.9.11 + with: + useConfigFile: true + configFilePath: .github/.gitversion.yml + + - name: Restore dependencies + run: dotnet restore + working-directory: ./src + + - name: Build All + run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }} + working-directory: ./src + + - name: Run Unit Test + run: dotnet test -c ${{ env.BUILD_CONFIG }} -v=minimal --results-directory "${{ env.TEST_RESULTS }}" --collect:"XPlat Code Coverage" --settings coverlet.runsettings ${{ env.SOLUTION }} + if: ${{ matrix.os == 'ubuntu-latest' }} + working-directory: ./src + + - uses: codecov/codecov-action@v2 + if: ${{ matrix.os == 'ubuntu-latest' }} + with: + token: ${{ secrets.CODECOV_TOKEN }} + directory: "src/${{ env.TEST_RESULTS }}" + files: "**/coverage.opencover.xml" + flags: unittests + name: codecov-umbrella + fail_ci_if_error: true + verbose: true + + - name: Build CLI (linux-x64) + if: ${{ matrix.os == 'ubuntu-latest' }} + run: | + mkdir ~/release + dotnet publish --self-contained -c ${{ env.BUILD_CONFIG }} -r linux-x64 -o cli/ src/CLI/Monai.Deploy.InformaticsGateway.CLI.csproj + pushd cli && rm *.pdb + zip -r ~/release/mig-cli-linux-x64.zip * + popd + ls -lR ~/release + + - name: Build CLI (windows-x64) + if: ${{ matrix.os == 'windows-latest' }} + run: | + mkdir ~/release + dotnet publish --self-contained -c ${{ env.BUILD_CONFIG }} -r win-x64 -o cli/ src/CLI/Monai.Deploy.InformaticsGateway.CLI.csproj + pushd cli && rm *.pdb + Compress-Archive -Path * -DestinationPath ~/release/mig-cli-windows-x64.zip + popd + dir -r ~/release + + - name: Upload Artifact + uses: actions/upload-artifact@v2.3.1 + with: + name: cli + path: ~/release + retention-days: 7 + + - name: Log in to the Container registry + uses: docker/login-action@v1.12.0 + if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v3.6.2 + if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=${{env.GitVersion_SemVer}} + type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }} + + - name: Build and push Docker image + uses: docker/build-push-action@v2.9.0 + if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Scan image with Azure Container Scan + env: + TRIVY_TIMEOUT_SEC: 360s + uses: Azure/container-scan@v0.1 + if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + with: + image-name: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} + + release: + if: ${{ contains(github.ref, 'refs/heads/main') }} runs-on: ubuntu-latest + needs: build + env: + SEMVER: ${{ needs.build.outputs.semVer }} + PRERELEASELABEL: ${{ needs.build.outputs.preReleaseLabel }} + MAJORMINORPATCH: ${{ needs.build.outputs.majorMinorPatch }} steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - uses: actions/setup-dotnet@v1 - with: - dotnet-version: '6.0.x' - - name: Run Unit Test - run: ./run-tests.sh - working-directory: ./src - - uses: codecov/codecov-action@v2 - with: - token: ${{ secrets.CODECOV_TOKEN }} - directory: ./src/results - files: "**/coverage.opencover.xml" - flags: unittests - name: codecov-umbrella - fail_ci_if_error: true - verbose: true + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - uses: actions/download-artifact@v2 + with: + name: cli + path: release/ + + - name: List artifacts + run: ls -lR release/ + + - name: Extract owner and repo + uses: jungwinter/split@v1 + id: repo + with: + seperator: "/" + msg: ${{ github.repository }} + + - name: Install GitReleaseManager + uses: gittools/actions/gitreleasemanager/setup@v0.9.11 + with: + versionSpec: "0.13.x" + + - name: Create release with GitReleaseManager + uses: gittools/actions/gitreleasemanager/create@v0.9.11 + with: + token: ${{ secrets.GITHUB_TOKEN }} + owner: ${{ steps.repo.outputs._0 }} + repository: ${{ steps.repo.outputs._1 }} + milestone: ${{ env.MAJORMINORPATCH }} + name: "Release ${{ env.MAJORMINORPATCH }}" + assets: | + release/mig-cli-linux-x64.zip + release/mig-cli-windows-x64.zip + + - name: Publish release with GitReleaseManager + uses: gittools/actions/gitreleasemanager/publish@v0.9.11 + with: + token: ${{ secrets.GITHUB_TOKEN }} + owner: ${{ steps.repo.outputs._0 }} + repository: ${{ steps.repo.outputs._1 }} + tagName: ${{ env.MAJORMINORPATCH }} + + - name: Close release with GitReleaseManager + uses: gittools/actions/gitreleasemanager/close@v0.9.11 + with: + token: ${{ secrets.GITHUB_TOKEN }} + owner: ${{ steps.repo.outputs._0 }} + repository: ${{ steps.repo.outputs._1 }} + milestone: ${{ env.MAJORMINORPATCH }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml deleted file mode 100644 index 060d17abb..000000000 --- a/.github/workflows/docs.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: Publish Docs - -on: - workflow_dispatch: - inputs: - source_ref: - description: 'Source Branch' - required: true - default: 'release/*' - build_num: - description: 'Build Number' - required: true - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - ref: ${{ github.event.inputs.source_ref }} - - name: Update Docs - run: | - export VERSION=`cat VERSION` - export BUILD="$VERSION.${{ github.event.inputs.build_num }}" - echo "VERSION=$VERSION, BUILD=$BUILD" - sed -i -e "s,v0.0.0,v$BUILD,g" ./docs/docfx.json - sed -i -e "s,v0.0.0,v$BUILD,g" ./docs/index.md - - uses: nikeee/docfx-action@v1.0.0 - name: Build Docs - with: - args: docs/docfx.json - - name: Deploy Docs - uses: peaceiris/actions-gh-pages@v3 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - publish_dir: ./docs/_site - publish_branch: docs diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index b2f826786..000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,112 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -name: Release - -on: - workflow_dispatch: - inputs: - source_ref: - description: 'Source Branch' - required: true - default: 'main' - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - BUILD_CONFIG: 'Release' - SOLUTION: 'Monai.Deploy.InformaticsGateway.sln' - TEST_RESULTS: 'results/' - -jobs: - build-and-release-linux: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - name: Log in to the Container registry - if: github.event_name != 'pull_request' - uses: docker/login-action@v1.12.0 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v3.6.2 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - - uses: actions/setup-dotnet@v1 - with: - dotnet-version: '6.0.x' - - - name: Install GitVersion - run: dotnet tool install --global GitVersion.Tool - - - name: Determine Version - id: gitversion - uses: gittools/actions/gitversion/execute@v0.9.11 - with: - useConfigFile: true - configFilePath: .github/.gitversion.yml - - - name: Restore dependencies - run: dotnet restore - - - name: Build - run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }} - working-directory: ./src - - - name: Run Unit Test - run: dotnet test -c ${{ env.BUILD_CONFIG }} -v=minimal --runtime linux-x64 --results-directory "${{ env.TEST_RESULTS }}" --collect:"XPlat Code Coverage" --settings "./src/coverlet.runsettings" ${{ env.SOLUTION }} - working-directory: ./src - - - uses: codecov/codecov-action@v2 - with: - token: ${{ secrets.CODECOV_TOKEN }} - directory: "${{ env.TEST_RESULTS }}" - files: "**/coverage.opencover.xml" - flags: unittests - name: codecov-umbrella - fail_ci_if_error: true - verbose: true - - - name: Build and push Docker image - uses: docker/build-push-action@v2.9.0 - with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - - name: Scan image with Azure Container Scan - env: - TRIVY_TIMEOUT_SEC: 360s - uses: Azure/container-scan@v0.1 - with: - image-name: ${{ steps.meta.outputs.tags }} - - - name: Scan image with Anchore - id: scan - uses: anchore/scan-action@v2 - with: - image: ${{ steps.meta.outputs.tags }} - fail-build: true - severity-cutoff: high - acs-report-enable: true - - - name: upload Anchore scan SARIF report - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: ${{ steps.scan.outputs.sarif }} diff --git a/GitReleaseManager.yaml b/GitReleaseManager.yaml new file mode 100644 index 000000000..d1aa7928c --- /dev/null +++ b/GitReleaseManager.yaml @@ -0,0 +1,57 @@ +# Copyright 2021 MONAI Consortium +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +issue-labels-include: + - breaking + - feature + - enhancement + - bug + - documentation + - security +issue-labels-exclude: + - build + - refactor + - testing +issue-labels-alias: + - name: breaking + header: Breaking Change + plural: Breaking Changes + - name: feature + header: Feature + plural: Features + - name: enhancement + header: Enhancement + plural: Enhancements + - name: bug + header: Bug + plural: Bugs + - name: documentation + header: Documentation + plural: Documentation + - name: security + header: Security + plural: Security +create: + include-sha-section: true + sha-section-heading: "SHA256 Hashes of the release artifacts" + sha-section-line-format: "- `{1}\t{0}`" + allow-update-to-published: false +export: + include-created-date-in-title: true + created-date-string-format: MMMM dd, yyyy + perform-regex-removal: false +close: + use-issue-comments: true + issue-comment: |- + :tada: This issue has been resolved in version {milestone} :tada: + + The release is available on: + - [GitHub Release](https://github.com/{owner}/{repository}/releases/tag/{milestone}) \ No newline at end of file diff --git a/VERSION b/VERSION deleted file mode 100644 index 6c6aa7cb0..000000000 --- a/VERSION +++ /dev/null @@ -1 +0,0 @@ -0.1.0 \ No newline at end of file diff --git a/src/InformaticsGateway/Test/Services/Connectors/PayloadNotificationServiceTest.cs b/src/InformaticsGateway/Test/Services/Connectors/PayloadNotificationServiceTest.cs index ca9cef08e..a45dfd132 100644 --- a/src/InformaticsGateway/Test/Services/Connectors/PayloadNotificationServiceTest.cs +++ b/src/InformaticsGateway/Test/Services/Connectors/PayloadNotificationServiceTest.cs @@ -28,6 +28,7 @@ using System.Threading; using System.Threading.Tasks; using Xunit; +using xRetry; namespace Monai.Deploy.InformaticsGateway.Test.Services.Connectors { @@ -71,7 +72,7 @@ public PayloadNotificationServiceTest() _options.Value.Storage.StorageServiceBucketName = "bucket"; } - [Fact(DisplayName = "PayloadNotificationService_Constructor")] + [RetryFact(DisplayName = "PayloadNotificationService_Constructor")] public void PayloadNotificationService_Constructor() { Assert.Throws(() => new PayloadNotificationService(null, null, null, null, null, null, null, null)); @@ -84,7 +85,7 @@ public void PayloadNotificationService_Constructor() Assert.Throws(() => new PayloadNotificationService(_fileSystem.Object, _payloadAssembler.Object, _storageService.Object, _logger.Object, _options, _serviceScopeFactory.Object, _messageBrokerPublisherService.Object, null)); } - [Fact(DisplayName = "Payload Notification Service shall stop processing when StopAsync is called")] + [RetryFact(DisplayName = "Payload Notification Service shall stop processing when StopAsync is called")] public void PayloadNotificationService_ShallStopProcessing() { var payload = new Payload("test", Guid.NewGuid().ToString(), 100) { State = Payload.PayloadState.Upload }; @@ -114,7 +115,7 @@ public void PayloadNotificationService_ShallStopProcessing() _logger.VerifyLogging($"Uploading payload {payload.Id} to storage service at {_options.Value.Storage.StorageServiceBucketName}.", LogLevel.Information, Times.Never()); } - [Fact(DisplayName = "Payload Notification Service shall restore payloads from database")] + [RetryFact(DisplayName = "Payload Notification Service shall restore payloads from database")] public void PayloadNotificationService_ShallRestorePayloadsFromDatabase() { var testData = new List @@ -144,7 +145,7 @@ public void PayloadNotificationService_ShallRestorePayloadsFromDatabase() _logger.VerifyLogging($"2 payloads restored from database.", LogLevel.Information, Times.Once()); } - [Fact(DisplayName = "Payload Notification Service shall prrocess payloads from payload assembler")] + [RetryFact(DisplayName = "Payload Notification Service shall prrocess payloads from payload assembler")] public void PayloadNotificationService_ShallProcessPayloadsFromPayloadAssembler() { var payload = new Payload("test", Guid.NewGuid().ToString(), 100) { State = Payload.PayloadState.Upload }; @@ -166,7 +167,7 @@ public void PayloadNotificationService_ShallProcessPayloadsFromPayloadAssembler( _logger.VerifyLogging($"Payload {payload.Id} added to {service.ServiceName} for processing.", LogLevel.Information, Times.AtLeastOnce()); } - [Fact(DisplayName = "Payload Notification Service shall upload files & retry on failure")] + [RetryFact(DisplayName = "Payload Notification Service shall upload files & retry on failure")] public void PayloadNotificationService_ShalUploadFilesAndRetryOnFailure() { _fileSystem.Setup(p => p.File.OpenRead(It.IsAny())).Throws(new Exception("error")); @@ -212,7 +213,7 @@ public void PayloadNotificationService_ShalUploadFilesAndRetryOnFailure() _instanceCleanupQueue.Verify(p => p.Queue(It.IsAny()), Times.Never()); } - [Fact(DisplayName = "Payload Notification Service shall publish workflow request & retry on failure")] + [RetryFact(DisplayName = "Payload Notification Service shall publish workflow request & retry on failure")] public void PayloadNotificationService_ShallPublishAndRetryOnFailure() { _payloadAssembler.Setup(p => p.Dequeue(It.IsAny())) @@ -247,7 +248,7 @@ public void PayloadNotificationService_ShallPublishAndRetryOnFailure() _instanceCleanupQueue.Verify(p => p.Queue(It.IsAny()), Times.Never()); } - [Fact(DisplayName = "Payload Notification Service shall upload files & publish")] + [RetryFact(DisplayName = "Payload Notification Service shall upload files & publish")] public void PayloadNotificationService_ShalUploadFilesAndPublish() { _fileSystem.Setup(p => p.File.OpenRead(It.IsAny())).Returns(Stream.Null); diff --git a/src/InformaticsGateway/Test/Services/Scp/PayloadTest.cs b/src/InformaticsGateway/Test/Services/Scp/PayloadTest.cs index 53b5c9af7..b24956f22 100644 --- a/src/InformaticsGateway/Test/Services/Scp/PayloadTest.cs +++ b/src/InformaticsGateway/Test/Services/Scp/PayloadTest.cs @@ -24,10 +24,10 @@ public async Task Payload_AddsNewInstance() { var payload = new Payload("key", Guid.NewGuid().ToString(), 1); payload.Add(new FileStorageInfo()); - await Task.Delay(500); + await Task.Delay(450); Assert.False(payload.HasTimedOut); payload.Add(new FileStorageInfo()); - await Task.Delay(500); + await Task.Delay(450); Assert.False(payload.HasTimedOut); Assert.Equal("key", payload.Key); } @@ -37,7 +37,7 @@ public async Task Payload_ShallNotResetTimer() { var payload = new Payload("key", Guid.NewGuid().ToString(), 1); payload.Add(new FileStorageInfo()); - await Task.Delay(1000); + await Task.Delay(1001); Assert.True(payload.HasTimedOut); } From 2a61dc15a55c59aa3e94ffae9a68b014d5db3a01 Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Tue, 8 Feb 2022 14:08:35 -0800 Subject: [PATCH 2/8] build #42 delete bash scripts --- build.sh | 33 --------------------------------- src/run-tests.sh | 36 ------------------------------------ 2 files changed, 69 deletions(-) delete mode 100755 build.sh delete mode 100755 src/run-tests.sh diff --git a/build.sh b/build.sh deleted file mode 100755 index 3c1707a9d..000000000 --- a/build.sh +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2021 MONAI Consortium -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -SCRIPT_DIR=$(dirname "$(readlink -f "$0")") - -VERSION=$(cat $SCRIPT_DIR/VERSION) -FILEVERSION=$VERSION - -# pass in pre-releae tags as argument -if [ ! -z "$1" ]; then - VERSION=$VERSION-$1 -fi - - -echo "Building Informatics Gateway Docker Image. VERSION=$VERSION, FILEVERSION=$FILEVERSION" -pushd $SCRIPT_DIR -docker build --tag monai/informatics-gateway:$VERSION --build-arg Version=$VERSION --build-arg FileVersion=$FILEVERSION . -popd - -pushd $SCRIPT_DIR/src/CLI -# echo "Building Informatics Gateway CLI: win-x64" -# dotnet publish -r win-x64 -c Release -o $SCRIPT_DIR/cli/win-x64 -echo "Building Informatics Gateway CLI: linux-x64" -dotnet publish --self-contained -r linux-x64 -c Release -o $SCRIPT_DIR/cli/linux-x64 -popd \ No newline at end of file diff --git a/src/run-tests.sh b/src/run-tests.sh deleted file mode 100755 index cbfc2e08d..000000000 --- a/src/run-tests.sh +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2021 MONAI Consortium -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#!/bin/bash - -SCRIPT_DIR=$(dirname "$(readlink -f "$0")") -TOP="$(git rev-parse --show-toplevel 2> /dev/null || readlink -f ${SCRIPT_DIR}/..)" -RESULTS_DIR=$SCRIPT_DIR/results -VERBOSITY=normal - - -if [ "$CI" = "true" ]; then - VERBOSITY=minimal -fi - -if [ -d "$RESULTS_DIR" ]; then - rm -r "$RESULTS_DIR" -fi - -mkdir -p "$RESULTS_DIR" - -echo "##### Building MONAI Deploy Informatics Gateway..." -cd $TOP/src -dotnet build Monai.Deploy.InformaticsGateway.sln - -echo "Executing all tests" -dotnet test -v=$VERBOSITY --runtime linux-x64 --results-directory "$RESULTS_DIR" --collect:"XPlat Code Coverage" --settings "$SCRIPT_DIR/coverlet.runsettings" Monai.Deploy.InformaticsGateway.sln -exit $? \ No newline at end of file From 46075246459dd2ad1a7874ce5baf77bf92cbf6b6 Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Tue, 8 Feb 2022 14:18:58 -0800 Subject: [PATCH 3/8] FIx #42 avoid duplication builds --- .github/workflows/build.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 63d2635a2..a84d1a8e8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,11 +9,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -name: Build +name: build-release on: - # Trigger on pushes and on pull requests + # Triggers on pushes and on pull requests push: + branches: + - main pull_request: # Allows you to run this workflow manually from the Actions tab @@ -32,7 +34,7 @@ jobs: strategy: matrix: os: [ubuntu-latest, windows-latest] - # fail-fast: true + fail-fast: true permissions: contents: write From d9d001504511967b06500f36bc41da4b2611a86a Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Tue, 8 Feb 2022 15:37:28 -0800 Subject: [PATCH 4/8] Update #42 build docs and run unit test in separate jobs in same workflow --- .github/workflows/{build.yml => ci.yml} | 125 ++++++++++++++++++++---- 1 file changed, 106 insertions(+), 19 deletions(-) rename .github/workflows/{build.yml => ci.yml} (73%) diff --git a/.github/workflows/build.yml b/.github/workflows/ci.yml similarity index 73% rename from .github/workflows/build.yml rename to .github/workflows/ci.yml index a84d1a8e8..205610454 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -name: build-release +name: ci on: # Triggers on pushes and on pull requests @@ -29,6 +29,45 @@ env: TEST_RESULTS: "results/" jobs: + unit-test: + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest] + fail-fast: true + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - uses: actions/setup-dotnet@v1 + with: + dotnet-version: "6.0.x" + + - name: Restore dependencies + run: dotnet restore + working-directory: ./src + + - name: Build All + run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }} + working-directory: ./src + + - name: Run Unit Test + run: dotnet test -c ${{ env.BUILD_CONFIG }} -v=minimal --results-directory "${{ env.TEST_RESULTS }}" --collect:"XPlat Code Coverage" --settings coverlet.runsettings ${{ env.SOLUTION }} + working-directory: ./src + + - uses: codecov/codecov-action@v2 + with: + token: ${{ secrets.CODECOV_TOKEN }} + directory: "src/${{ env.TEST_RESULTS }}" + files: "**/coverage.opencover.xml" + flags: unittests + name: codecov-umbrella + fail_ci_if_error: true + verbose: true + build: runs-on: ${{ matrix.os }} strategy: @@ -39,6 +78,8 @@ jobs: permissions: contents: write packages: write + checks: write + security-events: write outputs: semVer: ${{ steps.gitversion.outputs.semVer }} @@ -73,22 +114,6 @@ jobs: run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }} working-directory: ./src - - name: Run Unit Test - run: dotnet test -c ${{ env.BUILD_CONFIG }} -v=minimal --results-directory "${{ env.TEST_RESULTS }}" --collect:"XPlat Code Coverage" --settings coverlet.runsettings ${{ env.SOLUTION }} - if: ${{ matrix.os == 'ubuntu-latest' }} - working-directory: ./src - - - uses: codecov/codecov-action@v2 - if: ${{ matrix.os == 'ubuntu-latest' }} - with: - token: ${{ secrets.CODECOV_TOKEN }} - directory: "src/${{ env.TEST_RESULTS }}" - files: "**/coverage.opencover.xml" - flags: unittests - name: codecov-umbrella - fail_ci_if_error: true - verbose: true - - name: Build CLI (linux-x64) if: ${{ matrix.os == 'ubuntu-latest' }} run: | @@ -150,15 +175,64 @@ jobs: if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} with: image-name: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} + + - name: Anchore container scan + id: anchore-scan + uses: anchore/scan-action@v3.2.0 + if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + with: + image: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} + fail-build: true + severity-cutoff: critical + + - name: Upload Anchore scan SARIF report + uses: github/codeql-action/upload-sarif@v1 + if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + with: + sarif_file: ${{ steps.anchore-scan.outputs.sarif }} + token: ${{ secrets.GITHUB_TOKEN }} + + docs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Update docs version + run: | + sed -i -e "s,v0.0.0,v$GitVersion_SemVer,g" ./docs/docfx.json + sed -i -e "s,v0.0.0,v$GitVersion_SemVer,g" ./docs/index.md + + - uses: nikeee/docfx-action@v1.0.0 + name: Build Docs + with: + args: docs/docfx.json + + - name: Package docs + run: | + mkdir ~/release + pushd docs/_site + zip -r ~/release/mig-docs-${GitVersion_SemVer}.zip * + popd + ls -lR ~/release + + - name: Upload docs + uses: actions/upload-artifact@v2.3.1 + with: + name: docs + path: ~/release + retention-days: 7 release: if: ${{ contains(github.ref, 'refs/heads/main') }} runs-on: ubuntu-latest - needs: build + needs: [build, unit-test, docs] env: SEMVER: ${{ needs.build.outputs.semVer }} PRERELEASELABEL: ${{ needs.build.outputs.preReleaseLabel }} MAJORMINORPATCH: ${{ needs.build.outputs.majorMinorPatch }} + steps: - uses: actions/checkout@v2 with: @@ -166,7 +240,6 @@ jobs: - uses: actions/download-artifact@v2 with: - name: cli path: release/ - name: List artifacts @@ -195,6 +268,7 @@ jobs: assets: | release/mig-cli-linux-x64.zip release/mig-cli-windows-x64.zip + release/mig-docs-${SEMVER}.zip - name: Publish release with GitReleaseManager uses: gittools/actions/gitreleasemanager/publish@v0.9.11 @@ -211,3 +285,16 @@ jobs: owner: ${{ steps.repo.outputs._0 }} repository: ${{ steps.repo.outputs._1 }} milestone: ${{ env.MAJORMINORPATCH }} + + - name: Unzip docs + run: | + mkdir ~/docs + unzip release/mig-docs-${SEMVER}.zip -d ~/docs + ls -lR ~/docs + + - name: Deploy Docs + uses: peaceiris/actions-gh-pages@v3 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + publish_dir: ~/docs + publish_branch: docs From d46830e95012b9428b3cd01a9dc1dd3d3f789d07 Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Tue, 8 Feb 2022 15:41:10 -0800 Subject: [PATCH 5/8] Update #42 copyright year --- .github/.gitversion.yml | 2 +- .github/workflows/ci.yml | 2 +- GitReleaseManager.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/.gitversion.yml b/.github/.gitversion.yml index 3c43d94ee..58f3c5e09 100644 --- a/.github/.gitversion.yml +++ b/.github/.gitversion.yml @@ -1,4 +1,4 @@ -# Copyright 2021 MONAI Consortium +# Copyright 2022 MONAI Consortium # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 205610454..addc01cdb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,4 @@ -# Copyright 2021 MONAI Consortium +# Copyright 2021-2022 MONAI Consortium # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/GitReleaseManager.yaml b/GitReleaseManager.yaml index d1aa7928c..38c0dc7d7 100644 --- a/GitReleaseManager.yaml +++ b/GitReleaseManager.yaml @@ -1,4 +1,4 @@ -# Copyright 2021 MONAI Consortium +# Copyright 2022 MONAI Consortium # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at From a0daca4d2c77a39ab0feb688a1868dfaf98f7f68 Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Tue, 8 Feb 2022 16:18:42 -0800 Subject: [PATCH 6/8] Enable nuget cache #42 --- .github/workflows/ci.yml | 108 +++++++++++++++++++++++++++------------ 1 file changed, 76 insertions(+), 32 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index addc01cdb..f3fb6a776 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,6 +29,29 @@ env: TEST_RESULTS: "results/" jobs: + calc-version: + runs-on: ubuntu-latest + + outputs: + semVer: ${{ steps.gitversion.outputs.semVer }} + preReleaseLabel: ${{ steps.gitversion.outputs.preReleaseLabel }} + majorMinorPatch: ${{ steps.gitversion.outputs.majorMinorPatch }} + + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Install GitVersion + run: dotnet tool install --global GitVersion.Tool + + - name: Determine Version + id: gitversion + uses: gittools/actions/gitversion/execute@v0.9.11 + with: + useConfigFile: true + configFilePath: .github/.gitversion.yml + unit-test: runs-on: ${{ matrix.os }} strategy: @@ -45,12 +68,20 @@ jobs: - uses: actions/setup-dotnet@v1 with: dotnet-version: "6.0.x" + + - name: Enable NuGet cache + uses: actions/cache@v2.1.7 + with: + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }} + restore-keys: | + ${{ runner.os }}-nuget - name: Restore dependencies run: dotnet restore working-directory: ./src - - name: Build All + - name: Build Solution run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }} working-directory: ./src @@ -70,6 +101,7 @@ jobs: build: runs-on: ${{ matrix.os }} + needs: [calc-version] strategy: matrix: os: [ubuntu-latest, windows-latest] @@ -81,11 +113,6 @@ jobs: checks: write security-events: write - outputs: - semVer: ${{ steps.gitversion.outputs.semVer }} - preReleaseLabel: ${{ steps.gitversion.outputs.preReleaseLabel }} - majorMinorPatch: ${{ steps.gitversion.outputs.majorMinorPatch }} - steps: - name: Checkout repository uses: actions/checkout@v2 @@ -96,21 +123,19 @@ jobs: with: dotnet-version: "6.0.x" - - name: Install GitVersion - run: dotnet tool install --global GitVersion.Tool - - - name: Determine Version - id: gitversion - uses: gittools/actions/gitversion/execute@v0.9.11 + - name: Enable NuGet cache + uses: actions/cache@v2.1.7 with: - useConfigFile: true - configFilePath: .github/.gitversion.yml + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }} + restore-keys: | + ${{ runner.os }}-nuget - name: Restore dependencies run: dotnet restore working-directory: ./src - - name: Build All + - name: Build Solution run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }} working-directory: ./src @@ -134,7 +159,7 @@ jobs: popd dir -r ~/release - - name: Upload Artifact + - name: Upload CLI uses: actions/upload-artifact@v2.3.1 with: name: cli @@ -143,7 +168,7 @@ jobs: - name: Log in to the Container registry uses: docker/login-action@v1.12.0 - if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + if: ${{ (matrix.os == 'ubuntu-latest') }} with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -152,7 +177,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v3.6.2 - if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + if: ${{ (matrix.os == 'ubuntu-latest') }} with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | @@ -161,10 +186,10 @@ jobs: - name: Build and push Docker image uses: docker/build-push-action@v2.9.0 - if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + if: ${{ (matrix.os == 'ubuntu-latest') }} with: context: . - push: true + push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} @@ -172,14 +197,14 @@ jobs: env: TRIVY_TIMEOUT_SEC: 360s uses: Azure/container-scan@v0.1 - if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + if: ${{ (matrix.os == 'ubuntu-latest') }} with: image-name: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} - name: Anchore container scan id: anchore-scan uses: anchore/scan-action@v3.2.0 - if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + if: ${{ (matrix.os == 'ubuntu-latest') }} with: image: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} fail-build: true @@ -187,22 +212,41 @@ jobs: - name: Upload Anchore scan SARIF report uses: github/codeql-action/upload-sarif@v1 - if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + if: ${{ (matrix.os == 'ubuntu-latest') }} with: sarif_file: ${{ steps.anchore-scan.outputs.sarif }} token: ${{ secrets.GITHUB_TOKEN }} docs: runs-on: ubuntu-latest + needs: [calc-version] + env: + SEMVER: ${{ needs.calc-version.outputs.semVer }} steps: - uses: actions/checkout@v2 with: fetch-depth: 0 + + - uses: actions/setup-dotnet@v1 + with: + dotnet-version: "6.0.x" + + - name: Enable NuGet cache + uses: actions/cache@v2.1.7 + with: + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }} + restore-keys: | + ${{ runner.os }}-nuget + + - name: Restore dependencies + run: dotnet restore + working-directory: ./src - name: Update docs version run: | - sed -i -e "s,v0.0.0,v$GitVersion_SemVer,g" ./docs/docfx.json - sed -i -e "s,v0.0.0,v$GitVersion_SemVer,g" ./docs/index.md + sed -i -e "s,v0.0.0,v$SEMVER,g" ./docs/docfx.json + sed -i -e "s,v0.0.0,v$SEMVER,g" ./docs/index.md - uses: nikeee/docfx-action@v1.0.0 name: Build Docs @@ -213,7 +257,7 @@ jobs: run: | mkdir ~/release pushd docs/_site - zip -r ~/release/mig-docs-${GitVersion_SemVer}.zip * + zip -r ~/release/mig-docs-${SEMVER}.zip * popd ls -lR ~/release @@ -229,9 +273,9 @@ jobs: runs-on: ubuntu-latest needs: [build, unit-test, docs] env: - SEMVER: ${{ needs.build.outputs.semVer }} - PRERELEASELABEL: ${{ needs.build.outputs.preReleaseLabel }} - MAJORMINORPATCH: ${{ needs.build.outputs.majorMinorPatch }} + SEMVER: ${{ needs.calc-version.outputs.semVer }} + PRERELEASELABEL: ${{ needs.calc-version.outputs.preReleaseLabel }} + MAJORMINORPATCH: ${{ needs.calc-version.outputs.majorMinorPatch }} steps: - uses: actions/checkout@v2 @@ -266,9 +310,9 @@ jobs: milestone: ${{ env.MAJORMINORPATCH }} name: "Release ${{ env.MAJORMINORPATCH }}" assets: | - release/mig-cli-linux-x64.zip - release/mig-cli-windows-x64.zip - release/mig-docs-${SEMVER}.zip + release/cli/mig-cli-linux-x64.zip + release/cli/mig-cli-windows-x64.zip + release/docs/mig-docs-${SEMVER}.zip - name: Publish release with GitReleaseManager uses: gittools/actions/gitreleasemanager/publish@v0.9.11 From 753eed3337a0a039808b68b660e16a6642007e96 Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Tue, 8 Feb 2022 16:18:42 -0800 Subject: [PATCH 7/8] Enable nuget cache #42 --- .github/workflows/ci.yml | 108 +++++++++++++++++++++++++++------------ 1 file changed, 76 insertions(+), 32 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index addc01cdb..f3fb6a776 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,6 +29,29 @@ env: TEST_RESULTS: "results/" jobs: + calc-version: + runs-on: ubuntu-latest + + outputs: + semVer: ${{ steps.gitversion.outputs.semVer }} + preReleaseLabel: ${{ steps.gitversion.outputs.preReleaseLabel }} + majorMinorPatch: ${{ steps.gitversion.outputs.majorMinorPatch }} + + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Install GitVersion + run: dotnet tool install --global GitVersion.Tool + + - name: Determine Version + id: gitversion + uses: gittools/actions/gitversion/execute@v0.9.11 + with: + useConfigFile: true + configFilePath: .github/.gitversion.yml + unit-test: runs-on: ${{ matrix.os }} strategy: @@ -45,12 +68,20 @@ jobs: - uses: actions/setup-dotnet@v1 with: dotnet-version: "6.0.x" + + - name: Enable NuGet cache + uses: actions/cache@v2.1.7 + with: + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }} + restore-keys: | + ${{ runner.os }}-nuget - name: Restore dependencies run: dotnet restore working-directory: ./src - - name: Build All + - name: Build Solution run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }} working-directory: ./src @@ -70,6 +101,7 @@ jobs: build: runs-on: ${{ matrix.os }} + needs: [calc-version] strategy: matrix: os: [ubuntu-latest, windows-latest] @@ -81,11 +113,6 @@ jobs: checks: write security-events: write - outputs: - semVer: ${{ steps.gitversion.outputs.semVer }} - preReleaseLabel: ${{ steps.gitversion.outputs.preReleaseLabel }} - majorMinorPatch: ${{ steps.gitversion.outputs.majorMinorPatch }} - steps: - name: Checkout repository uses: actions/checkout@v2 @@ -96,21 +123,19 @@ jobs: with: dotnet-version: "6.0.x" - - name: Install GitVersion - run: dotnet tool install --global GitVersion.Tool - - - name: Determine Version - id: gitversion - uses: gittools/actions/gitversion/execute@v0.9.11 + - name: Enable NuGet cache + uses: actions/cache@v2.1.7 with: - useConfigFile: true - configFilePath: .github/.gitversion.yml + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }} + restore-keys: | + ${{ runner.os }}-nuget - name: Restore dependencies run: dotnet restore working-directory: ./src - - name: Build All + - name: Build Solution run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }} working-directory: ./src @@ -134,7 +159,7 @@ jobs: popd dir -r ~/release - - name: Upload Artifact + - name: Upload CLI uses: actions/upload-artifact@v2.3.1 with: name: cli @@ -143,7 +168,7 @@ jobs: - name: Log in to the Container registry uses: docker/login-action@v1.12.0 - if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + if: ${{ (matrix.os == 'ubuntu-latest') }} with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -152,7 +177,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v3.6.2 - if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + if: ${{ (matrix.os == 'ubuntu-latest') }} with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | @@ -161,10 +186,10 @@ jobs: - name: Build and push Docker image uses: docker/build-push-action@v2.9.0 - if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + if: ${{ (matrix.os == 'ubuntu-latest') }} with: context: . - push: true + push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} @@ -172,14 +197,14 @@ jobs: env: TRIVY_TIMEOUT_SEC: 360s uses: Azure/container-scan@v0.1 - if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + if: ${{ (matrix.os == 'ubuntu-latest') }} with: image-name: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} - name: Anchore container scan id: anchore-scan uses: anchore/scan-action@v3.2.0 - if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + if: ${{ (matrix.os == 'ubuntu-latest') }} with: image: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} fail-build: true @@ -187,22 +212,41 @@ jobs: - name: Upload Anchore scan SARIF report uses: github/codeql-action/upload-sarif@v1 - if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }} + if: ${{ (matrix.os == 'ubuntu-latest') }} with: sarif_file: ${{ steps.anchore-scan.outputs.sarif }} token: ${{ secrets.GITHUB_TOKEN }} docs: runs-on: ubuntu-latest + needs: [calc-version] + env: + SEMVER: ${{ needs.calc-version.outputs.semVer }} steps: - uses: actions/checkout@v2 with: fetch-depth: 0 + + - uses: actions/setup-dotnet@v1 + with: + dotnet-version: "6.0.x" + + - name: Enable NuGet cache + uses: actions/cache@v2.1.7 + with: + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }} + restore-keys: | + ${{ runner.os }}-nuget + + - name: Restore dependencies + run: dotnet restore + working-directory: ./src - name: Update docs version run: | - sed -i -e "s,v0.0.0,v$GitVersion_SemVer,g" ./docs/docfx.json - sed -i -e "s,v0.0.0,v$GitVersion_SemVer,g" ./docs/index.md + sed -i -e "s,v0.0.0,v$SEMVER,g" ./docs/docfx.json + sed -i -e "s,v0.0.0,v$SEMVER,g" ./docs/index.md - uses: nikeee/docfx-action@v1.0.0 name: Build Docs @@ -213,7 +257,7 @@ jobs: run: | mkdir ~/release pushd docs/_site - zip -r ~/release/mig-docs-${GitVersion_SemVer}.zip * + zip -r ~/release/mig-docs-${SEMVER}.zip * popd ls -lR ~/release @@ -229,9 +273,9 @@ jobs: runs-on: ubuntu-latest needs: [build, unit-test, docs] env: - SEMVER: ${{ needs.build.outputs.semVer }} - PRERELEASELABEL: ${{ needs.build.outputs.preReleaseLabel }} - MAJORMINORPATCH: ${{ needs.build.outputs.majorMinorPatch }} + SEMVER: ${{ needs.calc-version.outputs.semVer }} + PRERELEASELABEL: ${{ needs.calc-version.outputs.preReleaseLabel }} + MAJORMINORPATCH: ${{ needs.calc-version.outputs.majorMinorPatch }} steps: - uses: actions/checkout@v2 @@ -266,9 +310,9 @@ jobs: milestone: ${{ env.MAJORMINORPATCH }} name: "Release ${{ env.MAJORMINORPATCH }}" assets: | - release/mig-cli-linux-x64.zip - release/mig-cli-windows-x64.zip - release/mig-docs-${SEMVER}.zip + release/cli/mig-cli-linux-x64.zip + release/cli/mig-cli-windows-x64.zip + release/docs/mig-docs-${SEMVER}.zip - name: Publish release with GitReleaseManager uses: gittools/actions/gitreleasemanager/publish@v0.9.11 From 99e5eaca153bc3506073325716a1ecf26bfa3f5e Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Tue, 8 Feb 2022 16:30:50 -0800 Subject: [PATCH 8/8] integrate code-ql scan #42 --- .github/workflows/ci.yml | 46 +++++++++++++++++- .github/workflows/codeql-analysis.yml | 70 --------------------------- 2 files changed, 45 insertions(+), 71 deletions(-) delete mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f3fb6a776..ba1a60acb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -51,7 +51,51 @@ jobs: with: useConfigFile: true configFilePath: .github/.gitversion.yml - + + analyze: + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + strategy: + fail-fast: false + matrix: + language: [ 'csharp' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - uses: actions/setup-dotnet@v1 + with: + dotnet-version: "6.0.x" + + - name: Enable NuGet cache + uses: actions/cache@v2.1.7 + with: + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }} + restore-keys: | + ${{ runner.os }}-nuget + + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + + - name: Restore dependencies + run: dotnet restore + working-directory: ./src + + - name: Build Solution + run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }} + working-directory: ./src + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 + unit-test: runs-on: ${{ matrix.os }} strategy: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index fa06ad0bf..000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,70 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -on: - push: - branches: [ main ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ main ] - schedule: - - cron: '35 21 * * 4' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'csharp' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] - # Learn more about CodeQL language support at https://git.io/codeql-language-support - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1