You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
106 lines
3.2 KiB
106 lines
3.2 KiB
--- |
|
name: Build |
|
|
|
on: |
|
workflow_dispatch: |
|
push: |
|
branches: |
|
- "main" |
|
pull_request: |
|
|
|
jobs: |
|
build-artifacts: |
|
name: Build artifacts |
|
runs-on: ubuntu-22.04 |
|
|
|
steps: |
|
- name: Check out repo |
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 |
|
|
|
- name: Set up .NET |
|
uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1 |
|
|
|
- name: Publish project |
|
working-directory: src/KeyConnector |
|
run: | |
|
echo "Publish" |
|
dotnet publish -c "Release" -o obj/build-output/publish |
|
cd obj/build-output/publish |
|
zip -r KeyConnector.zip . |
|
mv KeyConnector.zip ../../../ |
|
pwd |
|
ls -atlh ../../../ |
|
|
|
- name: Upload project artifact |
|
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 |
|
with: |
|
name: KeyConnector.zip |
|
path: src/KeyConnector/KeyConnector.zip |
|
if-no-files-found: error |
|
|
|
build-docker: |
|
name: Build Docker images |
|
runs-on: ubuntu-22.04 |
|
needs: build-artifacts |
|
env: |
|
_AZ_REGISTRY: bitwardenprod.azurecr.io |
|
_PROJECT_NAME: key-connector |
|
|
|
steps: |
|
- name: Check out repo |
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 |
|
|
|
- name: Log in to Azure |
|
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 |
|
with: |
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} |
|
|
|
- name: Log in to ACR |
|
run: az acr login -n ${_AZ_REGISTRY%.azurecr.io} |
|
|
|
- name: Generate Docker image tag |
|
id: tag |
|
run: | |
|
IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") # slash safe branch name |
|
if [[ "$IMAGE_TAG" == "main" ]]; then |
|
IMAGE_TAG=dev |
|
fi |
|
echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT |
|
|
|
- name: Generate full image name |
|
id: image-name |
|
env: |
|
IMAGE_TAG: ${{ steps.tag.outputs.image_tag }} |
|
run: echo "name=${_AZ_REGISTRY}/${_PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT |
|
|
|
- name: Get build artifact |
|
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 |
|
with: |
|
name: KeyConnector.zip |
|
|
|
- name: Set up build artifact |
|
run: | |
|
mkdir -p src/KeyConnector/obj/build-output/publish |
|
unzip KeyConnector.zip -d src/KeyConnector/obj/build-output/publish |
|
|
|
- name: Build Docker image |
|
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 |
|
with: |
|
context: src/KeyConnector |
|
file: src/KeyConnector/Dockerfile |
|
platforms: linux/amd64 |
|
push: true |
|
tags: ${{ steps.image-name.outputs.name }} |
|
|
|
- name: Scan Docker image |
|
id: container-scan |
|
uses: anchore/scan-action@49e50b215b647c5ec97abb66f69af73c46a4ca08 # v5.0.1 |
|
with: |
|
image: ${{ steps.image-name.outputs.name }} |
|
fail-build: false |
|
output-format: sarif |
|
|
|
- name: Upload Grype results to GitHub |
|
uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 |
|
with: |
|
sarif_file: ${{ steps.container-scan.outputs.sarif }}
|
|
|