.github/workflows/main.yml
name: Main build
on:
workflow_dispatch: # Allow running the workflow manually from the GitHub UI
pull_request:
branches:
- main
push:
branches:
- main
merge_group:
branches:
- main
workflow_call: # Allow to be called from the release workflow
schedule:
- cron: '31 15 * * 0' # Run periodically to keep CodeQL database updated
permissions:
security-events: write # required for CodeQL
packages: read
contents: read
actions: read
jobs:
build:
strategy:
fail-fast: false # Run all OSes, even if one fails, to help narrow down issues that only impact some platforms
matrix:
os: [windows-2022, ubuntu-22.04]
runs-on: ${{ matrix.os }}
env:
IS_COVERAGE_ALLOWED: ${{ secrets.CODACY_PROJECT_TOKEN != '' }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # avoid shallow clone so nbgv can do its work
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: csharp
build-mode: manual
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
queries: security-extended
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
global-json-file: ./global.json
- name: NuGet Restore
run: dotnet restore
- name: Build
run: dotnet build --no-restore --configuration Release /bl:./artifacts/logs/release/build.release.binlog
- name: Test
run: dotnet test --no-build --configuration Release --settings ./build/targets/tests/test.runsettings
- name: Upload *.received.* files
uses: actions/upload-artifact@v4
if: failure()
with:
name: verify-test-results
path: |
**/*.received.*
- name: Upload SARIF files
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: SARIF files (${{ matrix.os }})
path: ./artifacts/obj/**/*.sarif
- name: Upload Test Report
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: .NET Test Reports (${{ matrix.os }})
path: "artifacts/TestResults/**/*.trx"
if-no-files-found: error
- name: Upload Code Coverage Report
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: .NET Code Coverage Reports (${{ matrix.os }})
path: "artifacts/TestResults/coverage/**"
- name: Publish coverage summary to GitHub
run: cat artifacts/TestResults/coverage/SummaryGithub.md >> $GITHUB_STEP_SUMMARY
shell: bash
- name: Upload coverage data to Codacy
if: ${{ runner.os == 'Linux' && env.IS_COVERAGE_ALLOWED == 'true' }}
uses: codacy/codacy-coverage-reporter-action@v1.3.0
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
coverage-reports: ${{ github.workspace }}/artifacts/TestResults/coverage/Cobertura.xml
- name: Upload binlogs
uses: actions/upload-artifact@v4
with:
name: binlogs-${{ matrix.os }}
path: ./artifacts/logs
if-no-files-found: error
- name: Upload packages
uses: actions/upload-artifact@v4
with:
name: packages-${{ matrix.os }}
path: |
./artifacts/package
if-no-files-found: error
- name: Validate performance
shell: pwsh
# Uses ETL which needs Windows
if: ${{ runner.os == 'Windows' }}
run: ${{ github.workspace }}/build/scripts/perf/PerfCore.ps1 -v diag -diff -ci
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:csharp"