feat: add enterprise-grade AUR package publishing #47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| permissions: | |
| contents: read | |
| checks: write # For test results | |
| pull-requests: write # For PR comments | |
| on: | |
| workflow_dispatch: | |
| push: | |
| paths-ignore: | |
| - "**/*.md" | |
| - ".gitignore" | |
| pull_request: | |
| paths-ignore: | |
| - "**/*.md" | |
| - ".gitignore" | |
| - "docs/**" | |
| - "homebrew/**" | |
| env: | |
| DOTNET_VERSION: "9.0.x" | |
| DOTNET_NOLOGO: true | |
| DOTNET_CLI_TELEMETRY_OPTOUT: true | |
| jobs: | |
| # Fast feedback job for basic validation | |
| validate: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| outputs: | |
| version: ${{ steps.gitversion.outputs.semVer }} | |
| should-build: ${{ steps.changes.outputs.src }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check for source changes | |
| uses: dorny/paths-filter@v3.0.2 | |
| id: changes | |
| with: | |
| filters: | | |
| src: | |
| - 'KnxMonitor/**' | |
| - '**/*.csproj' | |
| - '**/*.sln' | |
| - 'Directory.*.props' | |
| - 'GitVersion.*' | |
| - name: Setup .NET | |
| if: steps.changes.outputs.src == 'true' | |
| uses: actions/setup-dotnet@v5.0.0 | |
| with: | |
| dotnet-version: ${{ env.DOTNET_VERSION }} | |
| - name: Install GitVersion | |
| if: steps.changes.outputs.src == 'true' | |
| uses: gittools/actions/gitversion/setup@v4.1.0 | |
| with: | |
| versionSpec: "6.x" | |
| - name: Determine version | |
| if: steps.changes.outputs.src == 'true' | |
| id: gitversion | |
| uses: gittools/actions/gitversion/execute@v4.1.0 | |
| - name: Restore dependencies | |
| if: steps.changes.outputs.src == 'true' | |
| run: dotnet restore --verbosity minimal | |
| - name: Build (validation only) | |
| if: steps.changes.outputs.src == 'true' | |
| run: dotnet build --configuration Debug --no-restore --verbosity minimal | |
| # Comprehensive build and test matrix | |
| build-and-test: | |
| needs: validate | |
| if: needs.validate.outputs.should-build == 'true' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| runtime: linux-x64 | |
| artifact-name: linux | |
| - os: windows-latest | |
| runtime: win-x64 | |
| artifact-name: windows | |
| - os: macos-latest | |
| runtime: osx-x64 | |
| artifact-name: macos-x64 | |
| - os: macos-latest | |
| runtime: osx-arm64 | |
| artifact-name: macos-arm64 | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 20 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v5.0.0 | |
| with: | |
| dotnet-version: ${{ env.DOTNET_VERSION }} | |
| - name: Install GitVersion | |
| uses: gittools/actions/gitversion/setup@v4.1.0 | |
| with: | |
| versionSpec: "6.x" | |
| - name: Determine version | |
| id: gitversion | |
| uses: gittools/actions/gitversion/execute@v4.1.0 | |
| - name: Cache NuGet packages | |
| uses: actions/cache@v4.3.0 | |
| with: | |
| path: ~/.nuget/packages | |
| key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/Directory.Packages.props') }} | |
| restore-keys: | | |
| ${{ runner.os }}-nuget- | |
| - name: Restore dependencies | |
| run: dotnet restore --verbosity minimal | |
| - name: Build | |
| run: dotnet build --configuration Release --no-restore --verbosity minimal | |
| - name: Test | |
| run: | | |
| echo "No test project found - skipping tests" | |
| # TODO: Add test project and enable testing | |
| # dotnet test --configuration Release --no-build --verbosity normal \ | |
| # --collect:"XPlat Code Coverage" \ | |
| # --results-directory ./TestResults \ | |
| # --logger "trx;LogFileName=test-results.trx" | |
| - name: Publish Test Results | |
| uses: dorny/test-reporter@v1.9.1 | |
| if: false # Disabled until test project is added | |
| with: | |
| name: Test Results (${{ matrix.os }}) | |
| path: "./TestResults/*.trx" | |
| reporter: dotnet-trx | |
| fail-on-error: false | |
| - name: Upload coverage to Codecov | |
| if: false # Disabled until test project is added | |
| uses: codecov/codecov-action@v5.0.7 | |
| with: | |
| files: "./TestResults/*/coverage.cobertura.xml" | |
| fail_ci_if_error: false | |
| verbose: true | |
| - name: Publish artifacts | |
| run: dotnet publish KnxMonitor/KnxMonitor.csproj --configuration Release --runtime ${{ matrix.runtime }} --self-contained true --output ./publish/${{ matrix.runtime }} -p:PublishSingleFile=true | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v5.0.0 | |
| with: | |
| name: knxmonitor-${{ matrix.artifact-name }}-${{ needs.validate.outputs.version }} | |
| path: ./publish/${{ matrix.runtime }}/ | |
| retention-days: 7 | |
| compression-level: 9 | |
| # Security scanning | |
| security-scan: | |
| needs: validate | |
| if: needs.validate.outputs.should-build == 'true' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| permissions: | |
| security-events: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5.0.0 | |
| with: | |
| fetch-depth: 0 # Full git history needed for GitVersion | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v5.0.0 | |
| with: | |
| dotnet-version: ${{ env.DOTNET_VERSION }} | |
| - name: Restore dependencies | |
| run: dotnet restore --verbosity minimal | |
| - name: Run security scan | |
| run: | | |
| dotnet list package --vulnerable --include-transitive 2>&1 | tee vulnerable-packages.txt | |
| if grep -q "has the following vulnerable packages" vulnerable-packages.txt; then | |
| echo "::warning::Vulnerable packages detected" | |
| cat vulnerable-packages.txt | |
| fi | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v4.31 | |
| with: | |
| languages: csharp | |
| queries: security-and-quality | |
| - name: Build for CodeQL | |
| run: dotnet build --configuration Release --verbosity minimal | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v4.31 |