You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
106 lines
3.2 KiB
106 lines
3.2 KiB
--- |
|
name: Build |
|
|
|
on: |
|
workflow_dispatch: |
|
push: |
|
branches: |
|
- "main" |
|
pull_request: |
|
|
|
jobs: |
|
build-artifacts: |
|
name: Build artifacts |
|
runs-on: ubuntu-22.04 |
|
|
|
steps: |
|
- name: Check out repo |
|
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 |
|
|
|
- name: Set up .NET |
|
uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1 |
|
|
|
- name: Publish project |
|
working-directory: src/KeyConnector |
|
run: | |
|
echo "Publish" |
|
dotnet publish -c "Release" -o obj/build-output/publish |
|
cd obj/build-output/publish |
|
zip -r KeyConnector.zip . |
|
mv KeyConnector.zip ../../../ |
|
pwd |
|
ls -atlh ../../../ |
|
|
|
- name: Upload project artifact |
|
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 |
|
with: |
|
name: KeyConnector.zip |
|
path: src/KeyConnector/KeyConnector.zip |
|
if-no-files-found: error |
|
|
|
build-docker: |
|
name: Build Docker images |
|
runs-on: ubuntu-22.04 |
|
needs: build-artifacts |
|
env: |
|
_AZ_REGISTRY: bitwardenprod.azurecr.io |
|
_PROJECT_NAME: key-connector |
|
|
|
steps: |
|
- name: Check out repo |
|
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 |
|
|
|
- name: Log in to Azure |
|
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 |
|
with: |
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} |
|
|
|
- name: Log in to ACR |
|
run: az acr login -n ${_AZ_REGISTRY%.azurecr.io} |
|
|
|
- name: Generate Docker image tag |
|
id: tag |
|
run: | |
|
IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") # slash safe branch name |
|
if [[ "$IMAGE_TAG" == "main" ]]; then |
|
IMAGE_TAG=dev |
|
fi |
|
echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT |
|
|
|
- name: Generate full image name |
|
id: image-name |
|
env: |
|
IMAGE_TAG: ${{ steps.tag.outputs.image_tag }} |
|
run: echo "name=${_AZ_REGISTRY}/${_PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT |
|
|
|
- name: Get build artifact |
|
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 |
|
with: |
|
name: KeyConnector.zip |
|
|
|
- name: Set up build artifact |
|
run: | |
|
mkdir -p src/KeyConnector/obj/build-output/publish |
|
unzip KeyConnector.zip -d src/KeyConnector/obj/build-output/publish |
|
|
|
- name: Build Docker image |
|
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 |
|
with: |
|
context: src/KeyConnector |
|
file: src/KeyConnector/Dockerfile |
|
platforms: linux/amd64 |
|
push: true |
|
tags: ${{ steps.image-name.outputs.name }} |
|
|
|
- name: Scan Docker image |
|
id: container-scan |
|
uses: anchore/scan-action@64a33b277ea7a1215a3c142735a1091341939ff5 # v4.1.2 |
|
with: |
|
image: ${{ steps.image-name.outputs.name }} |
|
fail-build: false |
|
output-format: sarif |
|
|
|
- name: Upload Grype results to GitHub |
|
uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 |
|
with: |
|
sarif_file: ${{ steps.container-scan.outputs.sarif }}
|
|
|