-
Notifications
You must be signed in to change notification settings - Fork 36
236 lines (230 loc) · 8.54 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
name: Publish
on:
pull_request:
push:
branches:
- master
tags:
- kurrent@*
workflow_dispatch:
inputs:
ref:
description: 'Git reference (branch, tag, or commit SHA)'
required: true
default: 'master'
publish_to_nuget:
description: 'Publish to NuGet.org'
required: true
type: boolean
default: false
jobs:
vulnerability-scan:
timeout-minutes: 10
strategy:
fail-fast: false
matrix:
framework: [ net8.0, net9.0 ]
os: [ ubuntu-latest, windows-latest ]
runs-on: ${{ matrix.os }}
name: scan-vulnerabilities/${{ matrix.os }}/${{ matrix.framework }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.ref || github.ref }}
- name: Install dotnet SDKs
uses: actions/setup-dotnet@v3
with:
dotnet-version: |
8.0.x
9.0.x
- name: Scan for Vulnerabilities
shell: bash
run: |
dotnet nuget list source
dotnet restore ./src/KurrentDB.Client/KurrentDB.Client.csproj
dotnet restore ./test/KurrentDB.Client.Tests/KurrentDB.Client.Tests.csproj
dotnet list package --vulnerable --include-transitive --framework ${{ matrix.framework }} | tee vulnerabilities.txt
! cat vulnerabilities.txt | grep -q "has the following vulnerable packages"
build-samples:
timeout-minutes: 5
name: build-samples/${{ matrix.framework }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
framework: [ net8.0, net9.0 ]
services:
esdb:
image: docker.kurrent.io/eventstore-ce/eventstoredb-ce:lts
env:
EVENTSTORE_INSECURE: true
EVENTSTORE_MEM_DB: false
EVENTSTORE_RUN_PROJECTIONS: all
EVENTSTORE_START_STANDARD_PROJECTIONS: true
ports:
- 2113:2113
options: --health-cmd "exit 0"
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.ref || github.ref }}
- name: Install dotnet SDKs
uses: actions/setup-dotnet@v3
with:
dotnet-version: |
8.0.x
9.0.x
- name: Compile
shell: bash
run: |
dotnet build samples
- name: Run
shell: bash
run: |
find samples/ -type f -iname "*.csproj" -print0 | xargs -0L1 dotnet run --framework ${{ matrix.framework }} --project
generate-certificates:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.ref || github.ref }}
- name: Generate certificates
run: |
mkdir -p certs
docker run --rm --user root --volume "$PWD/certs:/tmp" docker.kurrent.io/eventstore-utils/es-gencert-cli:latest create-ca -out /tmp/ca
docker run --rm --user root --volume "$PWD/certs:/tmp" docker.kurrent.io/eventstore-utils/es-gencert-cli:latest create-node -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/node -ip-addresses 127.0.0.1 -dns-names localhost
docker run --rm --user root --volume "$PWD/certs:/tmp" docker.kurrent.io/eventstore-utils/es-gencert-cli:latest create-user -username admin -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-admin
docker run --rm --user root --volume "$PWD/certs:/tmp" docker.kurrent.io/eventstore-utils/es-gencert-cli:latest create-user -username invalid -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-invalid
- name: Set permissions on certificates
run: |
sudo chown -R $USER:$USER certs
sudo chmod -R 755 certs
- name: Upload certificates
uses: actions/upload-artifact@v4
with:
name: certs
path: certs
test:
needs: generate-certificates
timeout-minutes: 10
strategy:
fail-fast: false
matrix:
framework: [ net8.0, net9.0 ]
os: [ ubuntu-latest ]
configuration: [ release ]
test: [ Streams, PersistentSubscriptions, Operations, ProjectionManagement, UserManagement, Security, Misc ]
runs-on: ${{ matrix.os }}
name: ${{ matrix.test }} (${{ matrix.os }}, ${{ matrix.framework }})
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.ref || github.ref }}
- name: Login to Cloudsmith
uses: docker/login-action@v3
with:
registry: docker.kurrent.io
username: ${{ secrets.CLOUDSMITH_CICD_USER }}
password: ${{ secrets.CLOUDSMITH_CICD_TOKEN }}
- name: Pull EventStore Image
shell: bash
run: |
docker pull docker.kurrent.io/eventstore-ce/eventstoredb-ce:ci
- shell: bash
run: |
git fetch --prune --unshallow
- name: Install dotnet SDKs
uses: actions/setup-dotnet@v3
with:
dotnet-version: |
8.0.x
9.0.x
- name: Compile
shell: bash
run: |
dotnet build --configuration ${{ matrix.configuration }} --framework ${{ matrix.framework }} src/KurrentDB.Client
- name: Download certificates
uses: actions/download-artifact@v4
with:
name: certs
path: certs
- name: Run Tests (Linux)
if: runner.os == 'Linux'
shell: bash
env:
ES_DOCKER_TAG: ci
ES_DOCKER_REGISTRY: docker.kurrent.io/eventstore-ce/eventstoredb-ce
run: |
dotnet test --configuration ${{ matrix.configuration }} --blame \
--logger:"GitHubActions;report-warnings=false" --logger:"console;verbosity=normal" \
--framework ${{ matrix.framework }} \
--filter "Category=Target:${{ matrix.test }}" \
test/KurrentDB.Client.Tests
- name: Run Tests (Windows)
if: runner.os == 'Windows'
shell: pwsh
env:
ES_DOCKER_TAG: ci
ES_DOCKER_REGISTRY: docker.kurrent.io/eventstore-ce/eventstoredb-ce
run: |
dotnet test --configuration ${{ matrix.configuration }} --blame `
--logger:"GitHubActions;report-warnings=false" --logger:"console;verbosity=normal" `
--framework ${{ matrix.framework }} `
--filter "Category=Target:${{ matrix.test }}" `
test/KurrentDB.Client.Tests
publish:
timeout-minutes: 5
needs: [ vulnerability-scan, test, build-samples ]
runs-on: ubuntu-latest
name: publish
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.ref || github.ref }}
fetch-depth: 0
- name: Get Version
id: get_version
run: |
echo "branch=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
dotnet nuget list source
dotnet tool restore
version=$(dotnet tool run minver -- --tag-prefix='kurrent@' --minimum-major-minor=1.0)
echo "version=${version}" >> $GITHUB_OUTPUT
- name: Install dotnet SDKs
uses: actions/setup-dotnet@v3
with:
dotnet-version: |
8.0.x
9.0.x
- name: Dotnet Pack
shell: bash
run: |
mkdir -p packages
dotnet pack /p:Version=${{ steps.get_version.outputs.version }} --configuration=Release \
/p:PublishDir=./packages \
/p:NoWarn=NU5105 \
/p:RepositoryUrl=https://github.com/kurrent-io/EventStore-Client-Dotnet \
/p:RepositoryType=git
- name: Publish Artifacts
uses: actions/upload-artifact@v4
with:
path: packages
name: nuget-packages
- name: Dotnet Push to Github Packages
shell: bash
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
run: |
dotnet tool restore
find . -name "*.nupkg" | xargs -n1 dotnet nuget push --api-key=${{ secrets.github_token }} --source https://nuget.pkg.github.com/kurrent-io/index.json --skip-duplicate
- name: Dotnet Push to Nuget.org
shell: bash
if: (contains(steps.get_version.outputs.branch, 'kurrent@') && github.event_name == 'push') || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish_to_nuget == 'true')
run: |
dotnet nuget list source
dotnet tool restore
find . -name "*.nupkg" | xargs -n1 dotnet nuget push --api-key=${{ secrets.kurrent_nuget_key }} --source https://api.nuget.org/v3/index.json --skip-duplicate