add Pipeline Foundation templates

aleks-ivanov · dependabot · Feb 25, 2021 · Feb 25, 2021 · Feb 25, 2021 · Feb 25, 2021
commit 5a7864b86cc4fd87b680e5d886c5d42df2249247
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    # default location of `.github/workflows`
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "nuget"
+    # location of package manifests
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+# Built with ❤ by [Pipeline Foundation](https://pipeline.foundation)
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,39 @@
+name: CodeQL Analysis
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 8 * * *'
+
+jobs:
+  analyze:
+    name: codeql-analysis
+    runs-on: windows-latest
+    steps:
+      # Due to the insufficient memory allocated by default, CodeQL sometimes requires more to be manually allocated
+      - name: Configure Pagefile
+        id: config_pagefile
+        uses: al-cheb/configure-pagefile-action@v1.2
+        with:
+            minimum-size: 8GB
+            maximum-size: 32GB
+            disk-root: "D:"
+
+      - name: Checkout repository
+        id: checkout_repo
+        uses: actions/checkout@v2
+
+      - name: Initialize CodeQL
+        id: init_codeql
+        uses: github/codeql-action/init@v1
+        with:
+          queries: security-and-quality
+
+      - name: Build project
+
+      - name: Perform CodeQL Analysis
+        id: analyze_codeql
+        uses: github/codeql-action/analyze@v1
+
+# Built with ❤ by [Pipeline Foundation](https://pipeline.foundation)
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,252 @@
+name: PROJECT_NAME CI/CD Pipeline
+
+# There's is specific logic connected to the trigger events by exclusion: 
+# (github.event_name != 'pull_request')
+# When adding new events, make sure they conform to the logic
+# or if needed, make appropriate changes to keep the logic consistent
+on: [push, pull_request, workflow_dispatch]
+
+jobs:
+  ci:
+    runs-on: windows-latest
+    outputs:
+      new_version: ${{ steps.tag_generator.outputs.new_version }}
+      is_push_to_master: ${{ steps.step_conditionals_handler.outputs.is_push_to_master }}
+    steps:
+      - name: Steps' conditionals handler
+        id: step_conditionals_handler
+        shell: pwsh
+        run: |
+          $IS_PUSH_TO_MASTER = 'false'
+          $IS_NOT_PR = 'true'
+          if ( ($env:GITHUB_EVENT_NAME -ceq 'push') -and ($env:GITHUB_REF -ceq 'refs/heads/master') ) {
+            $IS_PUSH_TO_MASTER = 'true'
+          }
+          if ( $env:GITHUB_EVENT_NAME -ceq 'pull_request' ) {
+            $IS_NOT_PR = 'false'
+          }
+          echo "::set-output name=is_push_to_master::$(echo $IS_PUSH_TO_MASTER)"
+          echo "::set-output name=is_not_pr::$(echo $IS_NOT_PR)"
+        env:
+          GITHUB_EVENT_NAME: ${{ github.event_name }}
+          GITHUB_REF: ${{ github.ref }}
+
+      - name: Checkout repository
+        id: checkout_repo
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 50
+
+      - if: steps.step_conditionals_handler.outputs.is_not_pr == 'true'
+        name: Install latest Java LTS
+        id: install_latest_java_lts
+        uses: actions/setup-java@v1
+        with:
+        # Java 11 is the current long-term support version of JSE
+        # and is the officially suggested version by SonarCloud for GitHub Actions
+          java-version: 1.11
+
+      - if: steps.step_conditionals_handler.outputs.is_not_pr == 'true'
+        name: Activate TestSpace tool
+        id: testspace_tool
+        uses: testspace-com/setup-testspace@v1
+        with:
+          domain: ${{ github.repository_owner }}
+          token: ${{ secrets.TESTSPACE_TOKEN }}
+
+      # TAG GENERATOR #
+
+      - if: steps.step_conditionals_handler.outputs.is_push_to_master == 'true'
+        name: Bump release version and create release tag
+        id: tag_generator
+        uses: mathieudutour/github-tag-action@v5
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          default_bump: false
+
+      # | TAG GENERATOR #
+
+      # CUSTOM TAG GENERATION #
+      # includes extraction of assembly version from Appxmanifest #
+
+      - if: steps.step_conditionals_handler.outputs.is_push_to_master == 'true'
+        name: Get assembly version from appxmanifest
+        id: get_assembly_version
+        shell: pwsh
+        run: |
+          cd src/Notepads/
+          $xml = [xml](Get-Content Package.appxmanifest)
+          $ASSEMBLY_VERSION_NUMBER = $xml.Package.Identity | Select -ExpandProperty Version
+          echo "::set-output name=version_num::$(echo $ASSEMBLY_VERSION_NUMBER)"
+          echo "::set-output name=version_tag::$(echo v"$ASSEMBLY_VERSION_NUMBER")"
+
+      - if: steps.step_conditionals_handler.outputs.is_push_to_master == 'true'
+        name: Get latest tag
+        id: get_latest_tag
+        shell: pwsh
+        run: |
+          $LATEST_TAG = git -c 'versionsort.suffix=-' ls-remote --exit-code --refs --sort='version:refname' --tags "https://github.com/$env:GIT_URL.git" '*.*.*' | tail --lines=1 | cut --delimiter='/' --fields=3
+          echo "::set-output name=tag::$(echo $LATEST_TAG)"
+        env:
+          GIT_URL: ${{ github.repository }}
+
+      - if: steps.step_conditionals_handler.outputs.is_push_to_master == 'true' && steps.get_assembly_version.outputs.version_tag != steps.get_latest_tag.outputs.tag
+        name: Add new tag to repo
+        id: add_new_tag_to_repo
+        shell: pwsh
+        run: |
+          git config --global user.name $env:GIT_USER_NAME
+          git config --global user.email $env:GIT_USER_EMAIL
+          git tag -a -m "$env:NEW_VERSION_TAG" $env:NEW_VERSION_TAG
+          git push --follow-tags
+        env:
+          GIT_USER_NAME: ${{ secrets.GIT_USER_NAME }}
+          GIT_USER_EMAIL: ${{ secrets.GIT_USER_EMAIL }}
+          NEW_VERSION_TAG: ${{ steps.get_assembly_version.outputs.version_tag }}
+
+      # | CUSTOM TAG GENERATION #
+
+      - if: steps.step_conditionals_handler.outputs.is_not_pr == 'true'
+        name: Cache SonarCloud packages
+        id: cache_sonar_packages
+        uses: actions/cache@v2
+        with:
+          path: ~\sonar\cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+
+      - if: steps.step_conditionals_handler.outputs.is_not_pr == 'true'
+        name: Cache SonarCloud scanner
+        id: cache_sonar_scanner
+        uses: actions/cache@v2
+        with:
+          path: .\.sonar\scanner
+          key: ${{ runner.os }}-sonar-scanner
+          restore-keys: ${{ runner.os }}-sonar-scanner
+
+      - if: steps.step_conditionals_handler.outputs.is_not_pr == 'true' && steps.cache_sonar_scanner.outputs.cache-hit != 'true'
+        name: Install SonarCloud scanner
+        id: install_sonar_scanner
+        shell: pwsh
+        run: |
+          New-Item -Path .\.sonar\scanner -ItemType Directory
+          dotnet tool update dotnet-sonarscanner --tool-path .\.sonar\scanner
+
+      - if: steps.step_conditionals_handler.outputs.is_not_pr == 'true'
+        name: Lowercase string generator
+        id: lowercase_string_gen
+        shell: pwsh
+        run: |
+          $LOWERCASE_OWNER = "${{ github.repository_owner }}".ToLower()
+          echo "::set-output name=owner_name::$LOWERCASE_OWNER"
+
+      - if: steps.step_conditionals_handler.outputs.is_not_pr == 'true'
+        name: Initialize SonarCloud scanner
+        id: init_sonar_scanner
+        shell: pwsh
+        run: |
+          .\.sonar\scanner\dotnet-sonarscanner begin `
+          /k:"${{ github.repository_owner }}_${{ github.event.repository.name }}" `
+          /o:"${{ steps.lowercase_string_gen.outputs.owner_name }}" `
+          /d:sonar.login="$env:SONAR_TOKEN" `
+          /d:sonar.host.url="https://sonarcloud.io"
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+      # CREATION OF A PFX CERTICATE #
+      # used to sign packages generated by builds #
+
+      - if: steps.step_conditionals_handler.outputs.is_push_to_master == 'true'
+        name: Create PFX certificate
+        id: create_pfx_cert
+        shell: pwsh
+        run: |
+          $BASE64_STR = $env:BASE64_STR
+          $TARGET_FILE = "$env:DEFAULT_DIR\cert.pfx"
+          $FROM_BASE64_STR = [Convert]::FromBase64String($BASE64_STR)
+          [IO.File]::WriteAllBytes($TARGET_FILE, $FROM_BASE64_STR)
+        env:
+          BASE64_STR: ${{ secrets.PFX_TO_BASE64 }}
+          DEFAULT_DIR: ${{ github.workspace }}
+
+      # | CREATION OF A PFX CERTICATE #
+
+      - name: Build project
+
+      - if: steps.step_conditionals_handler.outputs.is_push_to_master == 'true'
+        name: Upload build artifacts
+        id: upload_artifacts
+        uses: actions/upload-artifact@v1
+        with:
+          name: Build artifacts
+          path: Artifacts/
+
+      - if: steps.step_conditionals_handler.outputs.is_not_pr == 'true' && always()
+        name: Push result to Testspace server
+        id: push_to_testspace
+        shell: pwsh
+        run: |
+          testspace "__test/results.xml{TestsFolder/}"
+
+      - if: steps.step_conditionals_handler.outputs.is_not_pr == 'true'
+        name: Send SonarCloud results
+        id: send_sonar_results
+        shell: pwsh
+        run: |
+          .\.sonar\scanner\dotnet-sonarscanner end `
+          /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
+        env:
+          GITHUB_TOKEN: ${{ secrets.SONAR_GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  cd:
+    # "This job will execute when the workflow is triggered on a 'push event', the target branch is 'master' and the commit is intended to be a release."
+    if: needs.ci.outputs.is_push_to_master == 'true' && needs.ci.outputs.new_version != ''
+    needs: ci
+    runs-on: windows-latest
+    env:
+      NEW_VERSION: ${{ needs.ci.outputs.new_version }}
+      NEW_TAG: v${{ needs.ci.outputs.new_version }}
+    steps:
+      - name: Checkout repository
+        id: checkout_repo
+        uses: actions/checkout@v2
+
+      - name: Download and extract MSIX package
+        id: dl_package_artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: Build artifacts
+          path: Artifacts/
+
+      - name: Publish *.nupkg on NuGet
+        id: publish_nuget
+        continue-on-error: true
+        uses: rohith/publish-nuget@v2
+        with:
+             PROJECT_FILE_PATH: 'project.csproj'
+             TAG_COMMIT: true
+             NUGET_KEY: ${{ secrets.NUGET_TOKEN }}
+             PACKAGE_NAME: Project.${{ env.NEW_VERSION }}.nupkg
+
+      - name: Create and publish release
+        id: create_release
+        uses: actions/create-release@v1
+        with:
+          tag_name: ${{ env.NEW_TAG }}
+          release_name: Release ${{ env.NEW_TAG }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload release asset
+        id: upload_release_asset
+        uses: actions/upload-release-asset@v1
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: Artifacts/
+          asset_name: artifact.zip
+          asset_content_type: application/zip
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+# Built with ❤ by [Pipeline Foundation](https://pipeline.foundation)