Skip to content

fix: upgrade domain.core package #37

fix: upgrade domain.core package

fix: upgrade domain.core package #37

name: Build and Deploy
on:
push:
branches:
- main
paths-ignore:
- 'README.md'
- '.gitignore'
pull_request:
types: [opened, synchronize, reopened]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}/api
TF_CLOUD_ORGANIZATION: "${{ vars.BMB_TF_ORGANIZATION }}"
TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}"
TF_WORKSPACE: "${{ vars.TF_WORKSPACE }}"
CONFIG_DIRECTORY: "./terraform"
jobs:
sonarcloud:
name: Build and analyze
runs-on: windows-latest
steps:
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'zulu'
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~\sonar\cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache SonarCloud scanner
id: cache-sonar-scanner
uses: actions/cache@v4
with:
path: .\.sonar\scanner
key: ${{ runner.os }}-sonar-scanner
restore-keys: ${{ runner.os }}-sonar-scanner
- name: Install SonarCloud scanner
if: steps.cache-sonar-scanner.outputs.cache-hit != 'true'
shell: powershell
run: |
New-Item -Path .\.sonar\scanner -ItemType Directory
dotnet tool update dotnet-sonarscanner --tool-path .\.sonar\scanner
- name: Install dotnet-coverage
# if: steps.cache-sonar-scanner.outputs.cache-hit != 'true'
run: |
dotnet tool install --global dotnet-coverage
- name: Build and analyze
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
shell: powershell
run: |
.\.sonar\scanner\dotnet-sonarscanner begin /k:"soat-fiap_bmb.production" /o:"soat-fiap" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.inclusions=**/*.cs /d:sonar.exclusions=**/Program.cs /d:sonar.scanner.scanAll=false
dotnet build --no-incremental
dotnet-coverage collect "dotnet test" -f xml -o "coverage.xml"
.\.sonar\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
semantic-release:
if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request'
name: Create Semantic Release
runs-on: ubuntu-latest
permissions:
contents: write
issues: write
pull-requests: write
id-token: write
outputs:
version: ${{ steps.semantic-release.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "lts/*"
- name: Install dependencies
run: npm clean-install
- name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
run: npm audit signatures
- name: Release
id: semantic-release
continue-on-error: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
npx semantic-release
if [ -f VERSION ]; then
VERSION=$(cat VERSION)
else
echo "VERSION file not found, getting latest version from latest release"
VERSION=$(curl -s https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r '.tag_name' | sed 's/v//')
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
if [ $? -ne 0 ]; then
echo "Release failed, getting latest version from lates release"
echo "version=$(curl -s https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r '.tag_name' | sed 's/v//')" >> $GITHUB_OUTPUT
fi
build-docker-image:
if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request'
needs: semantic-release
name: Create Docker image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
outputs:
API_IMAGE_TAG: ${{ fromJson(steps.meta.outputs.json).tags[0] }}
steps:
- name: Extract version
id: sanitize-version
run: |
echo ${{ needs.semantic-release.outputs.version }}
TAG=${{ needs.semantic-release.outputs.version }}
echo "version=${TAG#v}" >> $GITHUB_OUTPUT
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
flavor: latest=true
tags: |
type=raw,value=${{ steps.sanitize-version.outputs.version }}
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@v5
with:
context: .
file: ./src/Bmb.Production.Api/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=
create-app:
if: github.ref == 'refs/heads/main'
needs: [build-docker-image]
name: "Terraform Apply"
runs-on: ubuntu-latest
environment: dev
permissions:
contents: read
outputs:
config_version: ${{ steps.apply-upload.outputs.configuration_version_id }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Create .auto.tfvars file
env:
API_IMAGE_TAG: ${{needs.build-docker-image.outputs.API_IMAGE_TAG}}
run: |
cat <<EOF > terraform/api.auto.tfvars
eks_cluster_name = "${{ vars.BMB_EKS_CLUSTER_NAME }}"
jwt_signing_key = "${{ secrets.BMB_JWT_SECRET_KEY }}"
jwt_issuer = "${{ vars.BMB_JWT_ISSUER }}"
jwt_aud = "${{ vars.BMB_JWT_AUDIENCE }}"
api_docker_image = "${{ env.API_IMAGE_TAG }}"
internal_elb_name = "${{ vars.BMB_INTERNAL_LB_NAME }}"
api_access_key_id = "${{ secrets.AWS_API_ACCESS_KEY_ID }}"
api_secret_access_key = "${{ secrets.AWS_API_SECRET_ACCESS_KEY }}"
EOF
- name: Upload Configuration
uses: hashicorp/tfc-workflows-github/actions/upload-configuration@v1.3.1
id: apply-upload
with:
workspace: ${{ env.TF_WORKSPACE }}
directory: ${{ env.CONFIG_DIRECTORY }}
- name: Create Apply Run
uses: hashicorp/tfc-workflows-github/actions/create-run@v1.3.1
id: apply-run
with:
workspace: ${{ env.TF_WORKSPACE }}
configuration_version: ${{ steps.apply-upload.outputs.configuration_version_id }}
message: "Create Run from GitHub Actions CI ${{ github.sha }}"
- uses: hashicorp/tfc-workflows-github/actions/apply-run@v1.3.1
if: ${{ vars.TF_AUTO_APPROVE == 'true' }}
id: apply
with:
run: ${{ steps.apply-run.outputs.run_id }}
comment: "Confirmed from GitHub Actions CI ${{ github.sha }}"
destroy-plan:
name: "Create terraform destroy plan"
needs: [create-app]
runs-on: ubuntu-latest
environment: dev
steps:
- name: Create plan
uses: hashicorp/tfc-workflows-github/actions/create-run@v1.3.1
id: destroy-plan
with:
workspace: ${{ vars.TF_WORKSPACE }}
configuration_version: ${{ needs.create-app.outputs.config_version }}
message: "Create Destroy run from GitHub Actions CI ${{ github.sha }}"
is_destroy: true