Intro security checks + PR pipeline (#4)

Previously, the solution structure was fixed and the code was revamped. This pull request includes updates to the build files, specifically the base image build file and the general build file. Additionally, a new build file was added. The changes ensure that the build process is accurate and up-to-date. Add PR pipeline and main branch release pipelines ---------
ipsimple · Aug 25, 2024 · fa1ac73 · fa1ac73
1 parent c3b06b3
commit fa1ac73
Show file tree

Hide file tree

Showing 4 changed files with 230 additions and 44 deletions.
diff --git a/.github/workflows/build-publish-app.yml b/.github/workflows/build-publish-app.yml
@@ -2,6 +2,9 @@ name: Build & Release
 
 on:
   workflow_dispatch:
+  push:
+    branches:
+      - main
 
 jobs:
   determine-version:
@@ -10,112 +13,184 @@ jobs:
       version: ${{ steps.determine_version.outputs.version }}
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
     - name: Determine the version
       id: determine_version
       run: |
         git config --global user.email "github-actions[bot]@users.noreply.github.com"
         git config --global user.name "github-actions[bot]"
         git fetch --tags
-        LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`)
+    
+        # Fetch the latest valid tag that matches the expected pattern
+        LATEST_TAG=$(git tag --list | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | sort -V | tail -n 1)
+
         if [ -z "$LATEST_TAG" ]; then
-          NEW_TAG="1.0.0"
+          NEW_TAG="v0.0.1"
         else
-          VERSION_REGEX="^([0-9]+)\.([0-9]+)\.([0-9]+)$"
+          VERSION_REGEX="^v([0-9]+)\.([0-9]+)\.([0-9]+)$"
           if [[ $LATEST_TAG =~ $VERSION_REGEX ]]; then
             MAJOR="${BASH_REMATCH[1]}"
             MINOR="${BASH_REMATCH[2]}"
             PATCH="${BASH_REMATCH[3]}"
             MINOR=$((MINOR + 1))
-            if [ $MINOR -eq 100 ]; then
+            if [ $MINOR -eq 100]; then
               MINOR=0
               MAJOR=$((MAJOR + 1))
             fi
-            NEW_TAG="$MAJOR.$MINOR.$PATCH"
+            NEW_TAG="v$MAJOR.$MINOR.$PATCH"
           else
-            echo "Latest tag is not in the expected format: $LATEST_TAG"
+            echo "Error: Latest tag is not in the expected format: $LATEST_TAG"
             exit 1
           fi
         fi
+
+        # Output the version to GitHub Actions log
+        echo "Generated version: $NEW_TAG"
+
+        # Set the version as an output
         echo "version=$NEW_TAG" >> $GITHUB_ENV
         echo "::set-output name=version::$NEW_TAG"
+
 
-  build-and-test:
+  setup-dotnet:
     runs-on: ubuntu-latest
-    needs: determine-version
+    outputs:
+      dotnet-installed: ${{ steps.setup_dotnet.outputs.success }}
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
     - name: Setup .NET
-      uses: actions/setup-dotnet@v1
+      id: setup_dotnet
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: '8.0.x'
 
-    - name: Build the application
-      run: dotnet build --configuration Release
+  codeql-scan:
+    runs-on: ubuntu-latest
+    needs: [determine-version, setup-dotnet]
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: 'csharp'
+
+    - name: Build the code
+      run: dotnet build src/IpSimple.Platform.sln --configuration Release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+
+  build:
+    runs-on: ubuntu-latest
+    needs: [determine-version, codeql-scan]
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Build solution
+      run: dotnet build src/IpSimple.Platform.sln --configuration Release --output src/IpSimple.Platform/bin/Release
 
-    - name: Run tests
-      run: dotnet test --no-build --verbosity normal
+  test:
+    runs-on: ubuntu-latest
+    needs: [determine-version, build, codeql-scan]
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Find and run all test projects
+      run: |
+        for test_project in $(find . -name "*.Tests.csproj"); do
+          dotnet test "$test_project" --configuration Release --logger "trx;LogFileName=test_results.trx" --results-directory "TestResults"
+        done
+
+    - name: Publish Test Results
+      uses: actions/upload-artifact@v4
+      with:
+        name: ipsimple-unit-test-results-${{ needs.determine-version.outputs.version }}
+        path: TestResults/
+      if: ${{ always() }}
 
   publish-release:
     runs-on: ubuntu-latest
-    needs: [determine-version, build-and-test]
+    needs: [determine-version, build, test, codeql-scan]
+    if: success()
     steps:
-    - name: Create GitHub release
-      uses: actions/create-release@v1
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Configure Git user
+      run: |
+        git config --global user.email "github-actions[bot]@users.noreply.github.com"
+        git config --global user.name "GitHub Actions Bot"
+
+    - name: Create Git Tag
+      run: |
+        git tag -a ${{ needs.determine-version.outputs.version }} -m "Release version ${{ needs.determine-version.outputs.version }}"
+        git push origin ${{ needs.determine-version.outputs.version }}
+
+    - name: Create GitHub Release
+      id: create_release
+      uses: softprops/action-gh-release@v2
       with:
         tag_name: ${{ needs.determine-version.outputs.version }}
-        release_name: Release ${{ needs.determine-version.outputs.version }}
-        draft: false
-        prerelease: false
+        name: Release ${{ needs.determine-version.outputs.version }}
         generate_release_notes: true
+        append_body: |
+          ## Docker Image
+          
+          The Docker image for this release is available on [GitHub Packages](https://github.com/ipsimple/platform/pkgs/container/ipsimple-app/versions). You can pull this image using:
+          
+          ```bash
+          docker pull ghcr.io/ipsimple/ipsimple-app:${{ needs.determine-version.outputs.version }}
+          ```
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: List all files in the src directory for troubleshooting
+      run: ls -R src/
 
     - name: Upload .NET binaries
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v4
       with:
         name: dotnet-binaries
-        path: '**/bin/Release/**'
+        path: src/IpSimple.Platform/bin/Release/**
 
   build-and-push-docker:
     runs-on: ubuntu-latest
-    needs: publish-release
+    needs: [determine-version, publish-release, codeql-scan]
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
     - name: Log in to GitHub Docker registry
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Build and push Docker image
       run: |
-        docker build -t ghcr.io/ipsimple/app:${{ needs.determine-version.outputs.version }} .
-        docker push ghcr.io/ipsimple/app:${{ needs.determine-version.outputs.version }}
-
-    - name: Attach Docker image to release
-      uses: softprops/action-gh-release@v1
-      with:
-        files: ghcr.io/ipsimple/app:${{ needs.determine-version.outputs.version }}
+         echo "Using version: ${{ needs.determine-version.outputs.version }}"
+         docker build -f src/IpSimple.PublicIp.Api/Dockerfile -t ghcr.io/ipsimple/ipsimple-app:${{ needs.determine-version.outputs.version }} src/
+         docker push ghcr.io/ipsimple/ipsimple-app:${{ needs.determine-version.outputs.version }}
 
   generate-sbom:
     runs-on: ubuntu-latest
-    needs: build-and-push-docker
+    needs: [determine-version, build-and-push-docker, codeql-scan]
     steps:
     - name: Install Syft
       run: |
         curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sudo sh -s -- -b /usr/local/bin
 
     - name: Generate SBOM
       run: |
-        syft packages docker:ghcr.io/ipsimple/app:${{ needs.determine-version.outputs.version }} -o syft-json > sbom.json
+        syft scan docker:ghcr.io/ipsimple/ipsimple-app:${{ needs.determine-version.outputs.version }} -o syft-json > sbom.json
 
     - name: Upload SBOM
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v4
       with:
-        name: sbom
-        path: sbom.json
+        name: ipsimple-${{ needs.determine-version.outputs.version }}-sbom
+        path: sbom.json
diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
@@ -0,0 +1,87 @@
+name: PR Validation
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  setup-dotnet:
+    runs-on: ubuntu-latest
+    outputs:
+      dotnet-installed: ${{ steps.setup_dotnet.outputs.success }}
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Setup .NET
+      id: setup_dotnet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: '8.0.x'
+
+  codeql-scan:
+    runs-on: ubuntu-latest
+    needs: setup-dotnet
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: 'csharp'
+
+    - name: Build the code
+      run: dotnet build src/IpSimple.Platform.sln --configuration Release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+
+  build:
+    runs-on: ubuntu-latest
+    needs: codeql-scan
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Build solution
+      run: dotnet build src/IpSimple.Platform.sln --configuration Release --output src/IpSimple.Platform/bin/Release
+
+  test:
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Find and run all test projects
+      run: |
+        for test_project in $(find . -name "*.Tests.csproj"); do
+          dotnet test "$test_project" --configuration Release --logger "trx;LogFileName=test_results.trx" --results-directory "TestResults"
+        done
+
+    - name: Publish Test Results
+      uses: actions/upload-artifact@v4
+      with:
+        name: ipsimple-unit-test-results
+        path: TestResults/
+      if: ${{ always() }}
+
+  build-docker:
+    runs-on: ubuntu-latest
+    needs: test
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Log in to GitHub Docker registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build Docker image (validation only)
+      run: |
+         docker build -f src/IpSimple.PublicIp.Api/Dockerfile -t ghcr.io/ipsimple/ipsimple-app-pr-validation src/
diff --git a/.github/workflows/pull_request_template.md b/.github/workflows/pull_request_template.md
@@ -0,0 +1,17 @@
+# Pull Request Title
+
+**Description:**
+<!-- Please include a summary of the change and what issue is fixed. Also include relevant motivation and context. -->
+
+**Comments/Questions:**
+<!-- If you have any additional comments or questions, please add them here. -->
+
+**Checklist:**
+- [ ] Code is up-to-date with the `main` branch
+- [ ] No merge conflicts
+- [ ] Code has been properly tested
+- [ ] Documentation has been updated (if applicable)
+- [ ] Reviewers have been added (if applicable)
+
+**Related Issues:**
+<!-- If this PR addresses any issues, please mention them here (e.g., Fixes #123) -->
diff --git a/src/IpSimple.PublicIp.Api/Dockerfile b/src/IpSimple.PublicIp.Api/Dockerfile
@@ -1,11 +1,18 @@
-#See https://aka.ms/customizecontainer to learn how to customize your debug container and how Visual Studio uses this Dockerfile to build your images for faster debugging.
+FROM ghcr.io/ipsimple/aspnet:8.0 AS base
+
+LABEL org.opencontainers.image.title="IpSimple App"
+LABEL org.opencontainers.image.description="A reliable and scalable public IP address API, designed for seamless integration into any application. It offers unlimited usage, compatibility with IPv4 and IPv6, high availability, open-source transparency, privacy focus, and future-proof reliability. Use cases include network management, cloud infrastructure, security applications, and developer tools."
+LABEL org.opencontainers.image.url="https://github.com/ipsimple/platform"
+LABEL org.opencontainers.image.authors="ipsimple org"
+LABEL org.opencontainers.image.licenses="MIT"
+LABEL org.opencontainers.image.vendor="ipsimple org"
+LABEL org.opencontainers.image.source="https://github.com/ipsimple/platform"
 
-FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
 USER app
 WORKDIR /app
 EXPOSE 8080
 
-FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+FROM ghcr.io/ipsimple/sdk:8.0 AS build
 ARG BUILD_CONFIGURATION=Release
 WORKDIR /src
 COPY ["IpSimple.PublicIp.Api/IpSimple.PublicIp.Api.csproj", "IpSimple.PublicIp.Api/"]
@@ -21,4 +28,4 @@ RUN dotnet publish "./IpSimple.PublicIp.Api.csproj" -c $BUILD_CONFIGURATION -o /
 FROM base AS final
 WORKDIR /app
 COPY --from=publish /app/publish .
-ENTRYPOINT ["dotnet", "IpSimple.PublicIp.Api.dll"]
+ENTRYPOINT ["dotnet", "IpSimple.PublicIp.Api.dll"]