Skip to content

Bump github/codeql-action from 3.27.9 to 3.28.0 #5579

Bump github/codeql-action from 3.27.9 to 3.28.0

Bump github/codeql-action from 3.27.9 to 3.28.0 #5579

Workflow file for this run

name: build
on:
push:
branches: [ main ]
paths-ignore:
- '**/*.gitattributes'
- '**/*.gitignore'
- '**/*.md'
pull_request:
branches:
- main
- dotnet-vnext
- dotnet-nightly
workflow_dispatch:
env:
APPLICATION_URL_DEV: https://londontravel-dev.martincostello.com
APPLICATION_URL_PROD: https://londontravel.martincostello.com
AZURE_WEBAPP_NAME: londontravel-martincostello
CONTAINER_REGISTRY: '${{ github.repository_owner }}.azurecr.io'
DOTNET_CLI_TELEMETRY_OPTOUT: true
DOTNET_GENERATE_ASPNET_CERTIFICATE: false
DOTNET_NOLOGO: true
DOTNET_SYSTEM_CONSOLE_ALLOW_ANSI_COLOR_REDIRECTION: 1
FORCE_COLOR: 1
NUGET_XMLDOC_MODE: skip
TERM: xterm
permissions:
contents: read
jobs:
build:
name: ${{ matrix.os }}
runs-on: ${{ matrix.os }}
env:
PUBLISH_CONTAINER: ${{ github.event.repository.fork == false && ((github.ref_name == github.event.repository.default_branch) || (github.actor == github.repository_owner)) && matrix.os == 'ubuntu-latest' }}
outputs:
container-tag: ${{ steps.publish-container.outputs.container-tag }}
permissions:
attestations: write
contents: read
id-token: write
strategy:
fail-fast: false
matrix:
include:
- os: macos-latest
os-name: macos
- os: ubuntu-latest
os-name: linux
- os: windows-latest
os-name: windows
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup .NET SDK
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4.1.0
- name: Setup Node
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: '20'
- name: Get npm cache directory
id: npm-cache-dir
shell: pwsh
run: echo "dir=$(npm config get cache)" >> ${env:GITHUB_OUTPUT}
- name: Setup npm cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
id: npm-cache
with:
path: ${{ steps.npm-cache-dir.outputs.dir }}
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: ${{ runner.os }}-node-
- name: Setup NuGet cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/*.props') }}
restore-keys: ${{ runner.os }}-nuget-
- name: Setup Playwright cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
key: ${{ runner.os }}-playwright-${{ hashFiles('Directory.Packages.props') }}
path: |
~/AppData/Local/ms-playwright
~/.cache/ms-playwright
~/Library/Caches/ms-playwright
- name: Build, test and publish
id: build
shell: pwsh
run: ./build.ps1
- uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
name: Upload coverage to Codecov
with:
flags: ${{ matrix.os-name }}
token: ${{ secrets.CODECOV_TOKEN }}
- name: Docker log in
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
if: env.PUBLISH_CONTAINER == 'true'
with:
registry: ${{ env.CONTAINER_REGISTRY }}
username: ${{ secrets.ACR_REGISTRY_USERNAME }}
password: ${{ secrets.ACR_REGISTRY_PASSWORD }}
- name: Publish container
id: publish-container
if: runner.os == 'Linux'
shell: pwsh
env:
ContainerRegistry: ${{ env.PUBLISH_CONTAINER == 'true' && env.CONTAINER_REGISTRY || '' }}
run: |
dotnet publish ./src/LondonTravel.Site --arch x64 --os linux -p:PublishProfile=DefaultContainer
- name: Attest container image
uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
if: steps.publish-container.outputs.container-digest != ''
with:
push-to-registry: true
subject-digest: ${{ steps.publish-container.outputs.container-digest }}
subject-name: ${{ steps.publish-container.outputs.container-image }}
- name: Publish screenshots
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: ${{ !cancelled() }}
with:
name: screenshots-${{ matrix.os-name }}
path: ./artifacts/screenshots/*
if-no-files-found: ignore
- name: Publish traces
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: ${{ !cancelled() }}
with:
name: traces-${{ matrix.os-name }}
path: ./artifacts/traces/*
if-no-files-found: ignore
- name: Publish videos
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: ${{ !cancelled() }}
with:
name: videos-${{ matrix.os-name }}
path: ./artifacts/videos/*
if-no-files-found: ignore
- name: Upload any crash dumps
shell: pwsh
if: |
!cancelled() &&
steps.build.outcome == 'failure' &&
github.event.repository.fork == false &&
github.event.sender.login != 'dependabot[bot]'
env:
AZURE_STORAGE_CONNECTION_STRING: ${{ secrets.CRASH_DUMPS_STORAGE_CONNECTION_STRING }}
PSCOMPRESSION_VERSION: '2.0.6'
run: |
$dumps = Get-ChildItem -Path ${env:GITHUB_WORKSPACE} -Filter "*.dmp" -Recurse
if ($null -ne $dumps) {
$container = ${env:GITHUB_REPOSITORY}.Replace("/", "-")
az storage container create --name $container --public-access off | Out-Null
Install-Module PSCompression -RequiredVersion ${env:PSCOMPRESSION_VERSION} -AcceptLicense -Force -Scope CurrentUser
$dumps | ForEach-Object {
$zipPath = $_.FullName + ".zip"
$zipName = $_.Name + ".zip"
Write-Output "Compressing crash dump $($_.Name)..."
Compress-ZipArchive -Path $_.FullName -Destination $zipPath
az storage blob upload `
--container-name $container `
--file $zipPath `
--name $zipName `
--metadata "GITHUB_RUN_ATTEMPT=${env:GITHUB_RUN_ATTEMPT}" "GITHUB_WORKFLOW=${env:GITHUB_SERVER_URL}/${env:GITHUB_REPOSITORY}/actions/runs/${env:GITHUB_RUN_ID}" "RUNNER_OS=${env:RUNNER_OS}" `
--overwrite true
if ($LASTEXITCODE -eq 0) {
Write-Output "::notice::Uploaded crash dump $($_.Name) to Azure Storage."
}
}
}
deploy-dev:
if: github.event.repository.fork == false && github.ref_name == github.event.repository.default_branch
name: dev
needs: build
runs-on: ubuntu-latest
concurrency: development_environment
environment:
name: dev
url: ${{ env.APPLICATION_URL_DEV }}
permissions:
id-token: write
steps:
- name: Azure log in
uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy container to Azure App Service
uses: azure/webapps-deploy@2fdd5c3ebb4e540834e86ecc1f6fdcd5539023ee # v3.0.2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
images: ${{ needs.build.outputs.container-tag }}
slot-name: dev
- name: Check application health
shell: pwsh
env:
APPLICATION_URL: ${{ env.APPLICATION_URL_DEV }}
run: |
$delay = 10
$limit = 15
$success = $false
for ($i = 0; $i -lt $limit; $i++) {
$response = $null
try {
$response = Invoke-WebRequest -Uri "${env:APPLICATION_URL}/version" -Method Get -UseBasicParsing
} catch {
$response = $_.Exception.Response
}
if (($null -ne $response) -And ($response.StatusCode -eq 200)) {
$json = $response.Content | ConvertFrom-Json
$version = $json.applicationVersion
if ((-Not [string]::IsNullOrWhiteSpace($version)) -And $version.Contains(${env:GITHUB_SHA})) {
$success = $true
break
}
}
Start-Sleep -Seconds $delay
}
if (-Not $success) {
throw "${env:APPLICATION_URL} did not return a successful status code and the expected version within the time limit after $limit attempts."
}
test-dev:
name: test-dev
needs: deploy-dev
runs-on: ubuntu-latest
concurrency: development_environment
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup .NET SDK
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4.1.0
- name: Setup NuGet cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/*.props') }}
restore-keys: ${{ runner.os }}-nuget-
- name: Setup Playwright cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
key: ${{ runner.os }}-playwright-${{ hashFiles('Directory.Packages.props') }}
path: |
~/AppData/Local/ms-playwright
~/.cache/ms-playwright
~/Library/Caches/ms-playwright
- name: Run end-to-end tests
shell: pwsh
run: dotnet test ./tests/LondonTravel.Site.Tests --configuration Release --filter Category=EndToEnd --logger "GitHubActions;report-warnings=false"
env:
WEBSITE_URL: ${{ env.APPLICATION_URL_DEV }}
WEBSITE_USER_GOOGLE_USERNAME: ${{ secrets.WEBSITE_USER_GOOGLE_USERNAME }}
WEBSITE_USER_GOOGLE_PASSWORD: ${{ secrets.WEBSITE_USER_GOOGLE_PASSWORD }}
WEBSITE_USER_MICROSOFT_USERNAME: ${{ secrets.WEBSITE_USER_MICROSOFT_USERNAME }}
WEBSITE_USER_MICROSOFT_PASSWORD: ${{ secrets.WEBSITE_USER_MICROSOFT_PASSWORD }}
WEBSITE_USER_TWITTER_USERNAME: ${{ secrets.WEBSITE_USER_TWITTER_USERNAME }}
WEBSITE_USER_TWITTER_PASSWORD: ${{ secrets.WEBSITE_USER_TWITTER_PASSWORD }}
- name: Publish screenshots
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: ${{ !cancelled() }}
with:
name: screenshots-e2e-dev
path: ./artifacts/screenshots/*
if-no-files-found: ignore
- name: Publish traces
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: ${{ !cancelled() }}
with:
name: traces-e2e-dev
path: ./artifacts/traces/*
if-no-files-found: ignore
- name: Publish videos
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: ${{ !cancelled() }}
with:
name: videos-e2e-dev
path: ./artifacts/videos/*
if-no-files-found: ignore
deploy-prod:
name: production
needs: [ build, test-dev ]
runs-on: ubuntu-latest
concurrency: production_environment
environment:
name: production
url: ${{ env.APPLICATION_URL_PROD }}
permissions:
id-token: write
steps:
- name: Azure log in
uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy container to Azure App Service
uses: azure/webapps-deploy@2fdd5c3ebb4e540834e86ecc1f6fdcd5539023ee # v3.0.2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
images: ${{ needs.build.outputs.container-tag }}
- name: Check application health
shell: pwsh
env:
APPLICATION_URL: ${{ env.APPLICATION_URL_PROD }}
run: |
$delay = 10
$limit = 15
$success = $false
for ($i = 0; $i -lt $limit; $i++) {
$response = $null
try {
$response = Invoke-WebRequest -Uri "${env:APPLICATION_URL}/version" -Method Get -UseBasicParsing
} catch {
$response = $_.Exception.Response
}
if (($null -ne $response) -And ($response.StatusCode -eq 200)) {
$json = $response.Content | ConvertFrom-Json
$version = $json.applicationVersion
if ((-Not [string]::IsNullOrWhiteSpace($version)) -And $version.Contains(${env:GITHUB_SHA})) {
$success = $true
break
}
}
Start-Sleep -Seconds $delay
}
if (-Not $success) {
throw "${env:APPLICATION_URL} did not return a successful status code and the expected version within the time limit after $limit attempts."
}
test-prod:
name: test-prod
needs: deploy-prod
runs-on: ubuntu-latest
concurrency: production_environment
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup .NET SDK
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4.1.0
- name: Setup NuGet cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/*.props') }}
restore-keys: ${{ runner.os }}-nuget-
- name: Setup Playwright cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
key: ${{ runner.os }}-playwright-${{ hashFiles('Directory.Packages.props') }}
path: |
~/AppData/Local/ms-playwright
~/.cache/ms-playwright
~/Library/Caches/ms-playwright
- name: Run end-to-end tests
shell: pwsh
run: dotnet test ./tests/LondonTravel.Site.Tests --configuration Release --filter Category=EndToEnd --logger "GitHubActions;report-warnings=false"
env:
WEBSITE_URL: ${{ env.APPLICATION_URL_PROD }}
WEBSITE_USER_GOOGLE_USERNAME: ${{ secrets.WEBSITE_USER_GOOGLE_USERNAME }}
WEBSITE_USER_GOOGLE_PASSWORD: ${{ secrets.WEBSITE_USER_GOOGLE_PASSWORD }}
WEBSITE_USER_MICROSOFT_USERNAME: ${{ secrets.WEBSITE_USER_MICROSOFT_USERNAME }}
WEBSITE_USER_MICROSOFT_PASSWORD: ${{ secrets.WEBSITE_USER_MICROSOFT_PASSWORD }}
WEBSITE_USER_TWITTER_USERNAME: ${{ secrets.WEBSITE_USER_TWITTER_USERNAME }}
WEBSITE_USER_TWITTER_PASSWORD: ${{ secrets.WEBSITE_USER_TWITTER_PASSWORD }}
- name: Publish screenshots
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: ${{ !cancelled() }}
with:
name: screenshots-e2e-production
path: ./artifacts/screenshots/*
if-no-files-found: ignore
- name: Publish traces
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: ${{ !cancelled() }}
with:
name: traces-e2e-production
path: ./artifacts/traces/*
if-no-files-found: ignore
- name: Publish videos
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: ${{ !cancelled() }}
with:
name: videos-e2e-production
path: ./artifacts/videos/*
if-no-files-found: ignore