Skip to content
Run tests with coverage

Bump hashicorp/vault-action from 2.7.4 to 3.0.0 #3

Sign in to view logs

Bump hashicorp/vault-action from 2.7.4 to 3.0.0

Bump hashicorp/vault-action from 2.7.4 to 3.0.0 #3

Workflow file for this run

.github/workflows/build.yaml at 4517274
name: Run tests with coverage
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
# ! Replace DotnetProject and dotnet-project with project name in real repository
env:
PROJECT_NAME: DotnetProject
PROJECT_NAME_LOWER: dotnet-project
jobs:
validate_commit:
name: Validate commit
runs-on: ubuntu-latest
if: ${{ github.ref != 'refs/heads/main' }}
permissions:
id-token: write # required for dependabot PRs
pull-requests: write # required for dependabot PRs
contents: read # required for dependabot PRs
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4.0.0
with:
dotnet-version: 6.0.x
- name: Restore dependencies
env:
NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}
run: |
set -e
dotnet nuget add source --username USERNAME --password $NUGET_TOKEN --store-password-in-clear-text --name github "https://nuget.pkg.github.com/SneaksAndData/index.json"
dotnet clean && dotnet nuget locals all --clear
dotnet restore
- name: Build
run: dotnet build --no-restore
- name: Test
working-directory: ./test
run: |
dotnet add package coverlet.msbuild &&
dotnet test ${PROJECT_NAME}Tests.csproj --configuration Debug --runtime linux-x64 /p:CollectCoverage=true /p:CoverletOutput=Coverage/ /p:CoverletOutputFormat=lcov --logger GitHubActions
- name: Publish Code Coverage
if: ${{ github.event_name == 'pull_request' && always() }}
uses: romeovs/lcov-reporter-action@v0.3.1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
lcov-file: ./test/Coverage/coverage.info
build_image_and_chart:
name: Build Docker Image and Helm Charts
runs-on: ubuntu-latest
needs: [ validate_commit ]
# Remove the line below and uncomment the next one
if: ${{ false }}
# if: ${{ always() && (needs.validate_commit.result == 'success' || needs.validate_commit.result == 'skipped') }}
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
name: Checkout head commit
if: ${{ github.ref != 'refs/heads/main' && always() }}
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/checkout@v4
name: Checkout main
if: ${{ github.ref == 'refs/heads/main' && always() }}
with:
fetch-depth: 0
- name: Import Secrets (DEV)
uses: hashicorp/vault-action@v3.0.0
with:
url: https://hashicorp-vault.production.sneaksanddata.com/
role: github
method: jwt
secrets: |
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/test/build acr_user ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/test/build acr_name ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/test/build acr_token ;
id: vault_secrets_dev
- name: Build and Push Image (DEV)
env:
AZCR_USER: ${{steps.vault_secrets_dev.outputs.acr_user}}
AZCR_TOKEN: ${{steps.vault_secrets_dev.outputs.acr_token}}
AZCR_REPO: ${{steps.vault_secrets_dev.outputs.acr_name}}
NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}
run: |
set -e
echo "$AZCR_TOKEN" | docker login $AZCR_REPO.azurecr.io --username $AZCR_USER --password-stdin
version=$(git describe --tags --abbrev=7)
docker build -f .container/Dockerfile . \
--tag=$AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version \
--build-arg NUGET_TOKEN=$NUGET_TOKEN \
--build-arg PROJECT_NAME=$PROJECT_NAME && \
docker push $AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version
- name: Build and Push Chart (DEV)
uses: SneaksAndData/github-actions/build_helm_chart@v0.1.6
with:
application: ${{ env.PROJECT_NAME_LOWER }}
container_registry_user: ${{steps.vault_secrets_dev.outputs.acr_user}}
container_registry_token: ${{steps.vault_secrets_dev.outputs.acr_token}}
container_registry_address: ${{steps.vault_secrets_dev.outputs.acr_name}}.azurecr.io
- name: Import Secrets (PROD)
uses: hashicorp/vault-action@v3.0.0
if: ${{ github.ref == 'refs/heads/main' }}
with:
url: https://hashicorp-vault.production.sneaksanddata.com/
role: github
method: jwt
secrets: |
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/production/build acr_user ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/production/build acr_name ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/production/build acr_token ;
id: vault_secrets_production
- name: Push Image (PROD)
if: ${{ github.ref == 'refs/heads/main' }}
env:
AZCR_USER: ${{steps.vault_secrets_production.outputs.acr_user}}
AZCR_TOKEN: ${{steps.vault_secrets_production.outputs.acr_token}}
AZCR_REPO: ${{steps.vault_secrets_production.outputs.acr_name}}
AZCR_DEV_REPO: ${{steps.vault_secrets_dev.outputs.acr_name}}
run: |
set -e
echo "$AZCR_TOKEN" | docker login $AZCR_REPO.azurecr.io --username $AZCR_USER --password-stdin
version=$(git describe --tags --abbrev=7)
docker tag $AZCR_DEV_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version $AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version && docker push $AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version
- name: Build and Push Chart (PROD)
if: ${{ github.ref == 'refs/heads/main' }}
uses: SneaksAndData/github-actions/build_helm_chart@v0.1.6
with:
application: ${{ env.PROJECT_NAME_LOWER }}
container_registry_user: ${{steps.vault_secrets_production.outputs.acr_user}}
container_registry_token: ${{steps.vault_secrets_production.outputs.acr_token}}
container_registry_address: ${{steps.vault_secrets_production.outputs.acr_name}}.azurecr.io