Add CredScan workflow (#569) #473
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ' CI/CD' | |
on: | |
workflow_dispatch: | |
push: | |
paths-ignore: | |
- '**.md' | |
- '.github/workflows/*.yaml' | |
- '!.github/workflows/CICD.yaml' | |
branches: [ 'main', 'releases/*' ] | |
defaults: | |
run: | |
shell: powershell | |
permissions: | |
contents: read | |
actions: read | |
env: | |
workflowDepth: 2 | |
ALGoOrgSettings: ${{ vars.ALGoOrgSettings }} | |
ALGoRepoSettings: ${{ vars.ALGoRepoSettings }} | |
jobs: | |
Initialization: | |
needs: [ ] | |
runs-on: [ windows-latest ] | |
outputs: | |
telemetryScopeJson: ${{ steps.init.outputs.telemetryScopeJson }} | |
environmentsMatrixJson: ${{ steps.DetermineDeploymentEnvironments.outputs.EnvironmentsMatrixJson }} | |
environmentCount: ${{ steps.DetermineDeploymentEnvironments.outputs.EnvironmentCount }} | |
deploymentEnvironmentsJson: ${{ steps.DetermineDeploymentEnvironments.outputs.DeploymentEnvironmentsJson }} | |
generateALDocArtifact: ${{ steps.DetermineDeploymentEnvironments.outputs.GenerateALDocArtifact }} | |
deployALDocArtifact: ${{ steps.DetermineDeploymentEnvironments.outputs.DeployALDocArtifact }} | |
deliveryTargetsJson: ${{ steps.DetermineDeliveryTargets.outputs.DeliveryTargetsJson }} | |
githubRunner: ${{ steps.ReadSettings.outputs.GitHubRunnerJson }} | |
githubRunnerShell: ${{ steps.ReadSettings.outputs.GitHubRunnerShell }} | |
projects: ${{ steps.determineProjectsToBuild.outputs.ProjectsJson }} | |
projectDependenciesJson: ${{ steps.determineProjectsToBuild.outputs.ProjectDependenciesJson }} | |
buildOrderJson: ${{ steps.determineProjectsToBuild.outputs.BuildOrderJson }} | |
workflowDepth: ${{ steps.DetermineWorkflowDepth.outputs.WorkflowDepth }} | |
steps: | |
- name: Dump Workflow Information | |
uses: microsoft/AL-Go/Actions/DumpWorkflowInfo@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
with: | |
shell: powershell | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
lfs: true | |
- name: Initialize the workflow | |
id: init | |
uses: microsoft/AL-Go/Actions/WorkflowInitialize@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
with: | |
shell: powershell | |
eventId: "DO0091" | |
- name: Read settings | |
id: ReadSettings | |
uses: microsoft/AL-Go/Actions/ReadSettings@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
with: | |
shell: powershell | |
get: type | |
- name: Determine Workflow Depth | |
id: DetermineWorkflowDepth | |
run: | | |
Add-Content -Encoding UTF8 -Path $env:GITHUB_OUTPUT -Value "WorkflowDepth=$($env:workflowDepth)" | |
- name: Determine Projects To Build | |
id: determineProjectsToBuild | |
uses: microsoft/AL-Go/Actions/DetermineProjectsToBuild@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
with: | |
shell: powershell | |
maxBuildDepth: ${{ env.workflowDepth }} | |
- name: Determine Delivery Target Secrets | |
id: DetermineDeliveryTargetSecrets | |
uses: microsoft/AL-Go/Actions/DetermineDeliveryTargets@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
with: | |
shell: powershell | |
projectsJson: '${{ steps.determineProjectsToBuild.outputs.ProjectsJson }}' | |
checkContextSecrets: 'false' | |
- name: Read secrets | |
id: ReadSecrets | |
uses: microsoft/AL-Go/Actions/ReadSecrets@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
with: | |
shell: powershell | |
gitHubSecrets: ${{ toJson(secrets) }} | |
getSecrets: ${{ steps.DetermineDeliveryTargetSecrets.outputs.ContextSecrets }} | |
- name: Determine Delivery Targets | |
id: DetermineDeliveryTargets | |
uses: microsoft/AL-Go/Actions/DetermineDeliveryTargets@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
env: | |
Secrets: '${{ steps.ReadSecrets.outputs.Secrets }}' | |
with: | |
shell: powershell | |
projectsJson: '${{ steps.determineProjectsToBuild.outputs.ProjectsJson }}' | |
checkContextSecrets: 'true' | |
- name: Determine Deployment Environments | |
id: DetermineDeploymentEnvironments | |
uses: microsoft/AL-Go/Actions/DetermineDeploymentEnvironments@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
shell: powershell | |
getEnvironments: '*' | |
type: 'CD' | |
CheckForUpdates: | |
needs: [ Initialization ] | |
runs-on: [ windows-latest ] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Read settings | |
uses: microsoft/AL-Go/Actions/ReadSettings@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
with: | |
shell: powershell | |
get: templateUrl | |
- name: Check for updates to AL-Go system files | |
uses: microsoft/AL-Go/Actions/CheckForUpdates@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
with: | |
shell: powershell | |
templateUrl: ${{ env.templateUrl }} | |
downloadLatest: true | |
Build1: | |
needs: [ Initialization ] | |
if: (!failure()) && (!cancelled()) && fromJson(needs.Initialization.outputs.buildOrderJson)[0].projectsCount > 0 | |
strategy: | |
matrix: | |
include: ${{ fromJson(needs.Initialization.outputs.buildOrderJson)[0].buildDimensions }} | |
fail-fast: false | |
name: Build ${{ matrix.projectName }} (${{ matrix.buildMode }}) | |
uses: ./.github/workflows/_BuildALGoProject.yaml | |
secrets: inherit | |
with: | |
shell: ${{ needs.Initialization.outputs.githubRunnerShell }} | |
runsOn: ${{ needs.Initialization.outputs.githubRunner }} | |
parentTelemetryScopeJson: ${{ needs.Initialization.outputs.telemetryScopeJson }} | |
project: ${{ matrix.project }} | |
projectName: ${{ matrix.projectName }} | |
buildMode: ${{ matrix.buildMode }} | |
projectDependenciesJson: ${{ needs.Initialization.outputs.projectDependenciesJson }} | |
secrets: 'licenseFileUrl,codeSignCertificateUrl,*codeSignCertificatePassword,keyVaultCertificateUrl,*keyVaultCertificatePassword,keyVaultClientId,gitHubPackagesContext,applicationInsightsConnectionString' | |
publishThisBuildArtifacts: ${{ needs.Initialization.outputs.workflowDepth > 1 }} | |
publishArtifacts: ${{ github.ref_name == 'main' || startswith(github.ref_name, 'release/') || startswith(github.ref_name, 'releases/') || needs.Initialization.outputs.deliveryTargetsJson != '[]' || needs.Initialization.outputs.environmentCount > 0 }} | |
signArtifacts: true | |
useArtifactCache: true | |
Build: | |
needs: [ Initialization, Build1 ] | |
if: (!failure()) && (!cancelled()) && (needs.Build1.result == 'success' || needs.Build1.result == 'skipped') && fromJson(needs.Initialization.outputs.buildOrderJson)[1].projectsCount > 0 | |
strategy: | |
matrix: | |
include: ${{ fromJson(needs.Initialization.outputs.buildOrderJson)[1].buildDimensions }} | |
fail-fast: false | |
name: Build ${{ matrix.projectName }} (${{ matrix.buildMode }}) | |
uses: ./.github/workflows/_BuildALGoProject.yaml | |
secrets: inherit | |
with: | |
shell: ${{ needs.Initialization.outputs.githubRunnerShell }} | |
runsOn: ${{ needs.Initialization.outputs.githubRunner }} | |
parentTelemetryScopeJson: ${{ needs.Initialization.outputs.telemetryScopeJson }} | |
project: ${{ matrix.project }} | |
projectName: ${{ matrix.projectName }} | |
buildMode: ${{ matrix.buildMode }} | |
projectDependenciesJson: ${{ needs.Initialization.outputs.projectDependenciesJson }} | |
secrets: 'licenseFileUrl,codeSignCertificateUrl,*codeSignCertificatePassword,keyVaultCertificateUrl,*keyVaultCertificatePassword,keyVaultClientId,gitHubPackagesContext,applicationInsightsConnectionString' | |
publishThisBuildArtifacts: ${{ needs.Initialization.outputs.workflowDepth > 1 }} | |
publishArtifacts: ${{ github.ref_name == 'main' || startswith(github.ref_name, 'release/') || startswith(github.ref_name, 'releases/') || needs.Initialization.outputs.deliveryTargetsJson != '[]' || needs.Initialization.outputs.environmentCount > 0 }} | |
signArtifacts: true | |
useArtifactCache: true | |
DeployALDoc: | |
needs: [ Initialization, Build ] | |
if: always() && needs.Build.result == 'Success' && needs.Initialization.outputs.generateALDocArtifact == 1 && github.ref_name == 'main' | |
runs-on: windows-latest | |
name: Deploy Reference Documentation | |
permissions: | |
contents: write | |
actions: read | |
pages: write | |
id-token: write | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: '.artifacts' | |
- name: Read settings | |
uses: microsoft/AL-Go/Actions/ReadSettings@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
with: | |
shell: powershell | |
- name: Setup Pages | |
if: needs.Initialization.outputs.deployALDocArtifact == 1 | |
uses: actions/configure-pages@v4 | |
- name: Build Reference Documentation | |
uses: microsoft/AL-Go/Actions/BuildReferenceDocumentation@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
with: | |
shell: powershell | |
artifacts: '.artifacts' | |
- name: Upload pages artifact | |
uses: actions/upload-pages-artifact@v3 | |
with: | |
path: ".aldoc/_site/" | |
- name: Deploy to GitHub Pages | |
if: needs.Initialization.outputs.deployALDocArtifact == 1 | |
id: deployment | |
uses: actions/deploy-pages@v4 | |
Deploy: | |
needs: [ Initialization, Build ] | |
if: always() && needs.Build.result == 'Success' && needs.Initialization.outputs.environmentCount > 0 | |
strategy: ${{ fromJson(needs.Initialization.outputs.environmentsMatrixJson) }} | |
runs-on: ${{ fromJson(matrix.os) }} | |
name: Deploy to ${{ matrix.environment }} | |
environment: | |
name: ${{ matrix.environment }} | |
url: ${{ steps.Deploy.outputs.environmentUrl }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: '.artifacts' | |
- name: Read settings | |
uses: microsoft/AL-Go/Actions/ReadSettings@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
with: | |
shell: powershell | |
- name: EnvName | |
id: envName | |
run: | | |
$errorActionPreference = "Stop"; $ProgressPreference = "SilentlyContinue"; Set-StrictMode -Version 2.0 | |
$envName = '${{ matrix.environment }}'.split(' ')[0] | |
Add-Content -Encoding UTF8 -Path $env:GITHUB_OUTPUT -Value "envName=$envName" | |
- name: Read secrets | |
id: ReadSecrets | |
uses: microsoft/AL-Go/Actions/ReadSecrets@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
with: | |
shell: powershell | |
gitHubSecrets: ${{ toJson(secrets) }} | |
getSecrets: '${{ steps.envName.outputs.envName }}-AuthContext,${{ steps.envName.outputs.envName }}_AuthContext,AuthContext,${{ steps.envName.outputs.envName }}-EnvironmentName,${{ steps.envName.outputs.envName }}_EnvironmentName,EnvironmentName,projects' | |
- name: Deploy | |
id: Deploy | |
uses: microsoft/AL-Go/Actions/Deploy@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
env: | |
Secrets: '${{ steps.ReadSecrets.outputs.Secrets }}' | |
with: | |
shell: powershell | |
environmentName: ${{ matrix.environment }} | |
artifacts: '.artifacts' | |
type: 'CD' | |
deploymentEnvironmentsJson: ${{ needs.Initialization.outputs.deploymentEnvironmentsJson }} | |
Deliver: | |
needs: [ Initialization, Build ] | |
if: always() && needs.Build.result == 'Success' && needs.Initialization.outputs.deliveryTargetsJson != '[]' | |
strategy: | |
matrix: | |
deliveryTarget: ${{ fromJson(needs.Initialization.outputs.deliveryTargetsJson) }} | |
fail-fast: false | |
runs-on: [ windows-latest ] | |
name: Deliver to ${{ matrix.deliveryTarget }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: '.artifacts' | |
- name: Read settings | |
uses: microsoft/AL-Go/Actions/ReadSettings@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
with: | |
shell: powershell | |
- name: Read secrets | |
id: ReadSecrets | |
uses: microsoft/AL-Go/Actions/ReadSecrets@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
with: | |
shell: powershell | |
gitHubSecrets: ${{ toJson(secrets) }} | |
getSecrets: '${{ matrix.deliveryTarget }}Context' | |
- name: Deliver | |
uses: microsoft/AL-Go/Actions/Deliver@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
env: | |
Secrets: '${{ steps.ReadSecrets.outputs.Secrets }}' | |
with: | |
shell: powershell | |
type: 'CD' | |
projects: ${{ needs.Initialization.outputs.projects }} | |
deliveryTarget: ${{ matrix.deliveryTarget }} | |
artifacts: '.artifacts' | |
PostProcess: | |
needs: [ Initialization, Build, Deploy, Deliver, DeployALDoc ] | |
if: (!cancelled()) | |
runs-on: [ windows-latest ] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Finalize the workflow | |
id: PostProcess | |
uses: microsoft/AL-Go/Actions/WorkflowPostProcess@4c5bfbca1adebbf997f63882df4b9074a19aac1d | |
with: | |
shell: powershell | |
eventId: "DO0091" | |
telemetryScopeJson: ${{ needs.Initialization.outputs.telemetryScopeJson }} |