Skip to content

Commit

Permalink
Enhance GitHub workflows with paths-filter for conditional execution …
Browse files Browse the repository at this point in the history 
…and update dependencies.
  • Loading branch information
@AjayKMehta
AjayKMehta committed Jan 17, 2025
1 parent 1831a24 commit d4cdbbb
Show file tree
Hide file tree
Showing 4 changed files with 79 additions and 58 deletions.
10 changes: 10 additions & 0 deletions .github/filter.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
code:
- "**/*.cs"
- "**/*.csproj"
- "**/*.props"
codeql:
- ".github/workflows/codeql.yml"
semgrep:
- ".github/workflows/semgrep.yml"
test:
- ".github/workflows/test.yml"
51 changes: 25 additions & 26 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,29 +5,11 @@ name: "CodeQL Analysis"
on:
push:
branches: [master]
paths-ignore:
- "**/*.md"
- "**/*.txt"
- ".git*"
- "global.json"
- "**/.editorconfig"
- "**/*.runsettings"
- "**/typos.toml"
- ".github/**"
- "!.github/workflows/codeql-analysis.yml"

pull_request:
# The branches below must be a subset of the branches above
branches: [master]
paths-ignore:
- "**/*.md"
- "**/*.txt"
- ".git*"
- "global.json"
- "**/.editorconfig"
- "**/*.runsettings"
- "**/typos.toml"
- ".github/**"
- "!.github/workflows/codeql-analysis.yml"

workflow_dispatch:

# https://www.meziantou.net/how-to-cancel-github-workflows-when-pushing-new-commits-on-a-branch.htm
Expand Down Expand Up @@ -78,10 +60,26 @@ jobs:
with:
fetch-depth: 2

- name: "Check for changed files"
uses: dorny/paths-filter@v3
id: filter
with:
filters: .github/filter.yml

- name: Set environment variable
id: set-env
run: |
if [ "${{ steps.filter.outputs.code }}" == "true" ] || [ "${{ steps.filter.outputs.codeql }}" == "true" ]; then
echo "ENABLED=1" >> $GITHUB_ENV
else
echo "ENABLED=0" >> $GITHUB_ENV
fi
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
id: init_codeql
uses: github/codeql-action/init@v3.27.9
if: env.ENABLED == '1'
uses: github/codeql-action/init@v3.28.0
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
Expand All @@ -94,15 +92,15 @@ jobs:
# to set the build mode to "manual" for that language. Then modify this step
# to build your code.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
- if: matrix.build-mode == 'manual'
- if: matrix.build-mode == 'manual' && env.ENABLED == '1'
name: Set up .NET
uses: actions/setup-dotnet@v4.1.0
uses: actions/setup-dotnet@v4.2.0
with:
global-json-file: global.json
cache: true
cache-dependency-path: '**/packages.lock.json'

- if: matrix.build-mode == 'manual'
- if: matrix.build-mode == 'manual' && env.ENABLED == '1'
name: Install dependencies
run: |
if [[" ${{github.event.pull_request.user.login }} " == 'app/dependabot']] || [[ "${{ github.actor }}" == 'app/dependabot' ]]; then
Expand All @@ -111,11 +109,12 @@ jobs:
dotnet restore --locked-mode
fi
- if: matrix.build-mode == 'manual'
- if: matrix.build-mode == 'manual' && env.ENABLED == '1'
name: Build
run: dotnet build --configuration Release --no-restore --tl

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3.27.9
if: env.ENABLED == '1'
uses: github/codeql-action/analyze@v3.28.0
with:
category: "/language:${{matrix.language}}"
33 changes: 15 additions & 18 deletions .github/workflows/semgrep.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,26 +2,12 @@ on:
pull_request:
# The branches below must be a subset of the branches above
branches: [master]
paths-ignore:
- "**/*.md"
- "**/*.txt"
- "**/.editorconfig"
- "**/*.runsettings"
- "**/typos.toml"
- ".github/**"
- "!.github/workflows/semgrep.yml"

push:
branches:
- main
- master
paths-ignore:
- "**/*.md"
- "**/*.txt"
- "**/.editorconfig"
- "**/*.runsettings"
- "**/typos.toml"
- ".github/**"
- "!.github/workflows/semgrep.yml"

schedule:
- cron: '0 0 * * 0'
workflow_dispatch:
Expand All @@ -39,7 +25,18 @@ jobs:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
container:
image: returntocorp/semgrep
# https://github.com/actions/runner/issues/2033#issuecomment-1598547465
options: --user 1001
steps:
- uses: actions/checkout@v4.2.2
- run: semgrep ci
- name: 'Checkout Repository'
uses: actions/checkout@v4.2.2
- name: "Check for changed files"
uses: dorny/paths-filter@v3
id: filter
with:
filters: .github/filter.yml


- name: 'Run Semgrep'
if: steps.filter.outputs.code == 'true' || steps.filter.outputs.semgrep == 'true'
run: semgrep ci
43 changes: 29 additions & 14 deletions .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,17 +6,7 @@ env:

on:
push:
paths:
- "**/*.cs"
- "**/*.csproj"
- "**/*.props"
- ".github/workflows/test.yml"
pull_request:
paths:
- "**/*.cs"
- "**/*.csproj"
- "**/*.props"
- ".github/workflows/test.yml"
permissions:
contents: read
pull-requests: write
Expand Down Expand Up @@ -48,17 +38,35 @@ jobs:
fetch-depth: 0
filter: tree:0

- name: "Check for changed files"
uses: dorny/paths-filter@v3
id: filter
with:
filters: .github/filter.yml

- name: Set environment variable
id: set-env
run: |
if [ "${{ steps.filter.outputs.code }}" == "true" ] || [ "${{ steps.filter.outputs.test }}" == "true" ]; then
echo "ENABLED=1" >> $GITHUB_ENV
else
echo "ENABLED=0" >> $GITHUB_ENV
fi
- name: Setup .NET Core
uses: actions/setup-dotnet@v4.1.0
uses: actions/setup-dotnet@v4.2.0
if: env.ENABLED == '1'
with:
global-json-file: global.json
cache: true
cache-dependency-path: "**/packages.lock.json"

- name: Install dotnet-coverage tool
if: env.ENABLED == '1'
run: dotnet tool install -g dotnet-coverage

- name: Install dependencies
if: env.ENABLED == '1'
run: |
if [[" ${{github.event.pull_request.user.login }} " == 'app/dependabot']] || [[ "${{ github.actor }}" == 'app/dependabot' ]]; then
dotnet restore --force-evaluate
Expand All @@ -67,28 +75,33 @@ jobs:
fi
- name: Build
if: env.ENABLED == '1'
run: dotnet build --configuration Release --no-restore --tl

- name: Test
if: env.ENABLED == '1'
run: dotnet test --configuration Release -s cicd.runsettings --no-build --verbosity quiet --logger "GitHubActions;summary.includeNotFoundTests=false"

- name: ReportGenerator
uses: danielpalme/ReportGenerator-GitHub-Action@5.4.1
if: env.ENABLED == '1'
uses: danielpalme/ReportGenerator-GitHub-Action@5.4.3
with:
reports: '**/TestResults/**/coverage.cobertura.xml'
targetdir: '${{ github.workspace }}/coveragereport'
reporttypes: 'MarkdownSummaryGithub;MarkdownAssembliesSummary'
classfilters: '-System.*;-Microsoft.*;-Newtonsoft.*;-System.Text.RegularExpressions.*;-xunit.*;-NUnit.*'

- name: Upload code coverage results to codecov
uses: codecov/codecov-action@v5.1.1
if: env.ENABLED == '1'
uses: codecov/codecov-action@v5.1.2
with:
flags: unittests
verbose: true
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

- name: Check if PR for current commit
if: env.ENABLED == '1'
uses: 8BitJonny/gh-get-current-pr@3.0.0
with:
# This will work no matter the trigger event and no matter if it is the first PR commit or not.
Expand All @@ -115,11 +128,12 @@ jobs:
header: "Code coverage"

- name: Publish coverage in build summary
if: env.ENABLED == '1'
run: cat $GITHUB_WORKSPACE/coveragereport/SummaryGithub.md >> $GITHUB_STEP_SUMMARY
shell: bash

- name: Merge code coverage results
if: env.USE_MERGE == 1
if: env.USE_MERGE == 1 && env.ENABLED == '1'
run: dotnet-coverage merge **/*/*.cobertura.xml -f cobertura -o ./cobertura.xml
shell: bash

Expand All @@ -129,6 +143,7 @@ jobs:
- name: Archive results
# https://github.com/actions/upload-artifact/blob/main/docs/MIGRATION.md
uses: actions/upload-artifact@v4
if: env.ENABLED == '1'
with:
name: code-coverage-report-${{ matrix.os }}
path: |
Expand Down

0 comments on commit d4cdbbb

Please sign in to comment.