feat: enhance permission handling (#1291) #4806
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CICD | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - 'main' | |
| - 'alpha' | |
| - 'beta' | |
| pull_request: | |
| types: [opened, reopened, synchronize] | |
| permissions: | |
| id-token: write | |
| contents: write | |
| actions: write | |
| checks: write | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| build-test: | |
| name: Build & Test | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 25 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup .NET Core | |
| uses: actions/setup-dotnet@v5 | |
| with: | |
| global-json-file: global.json | |
| - name: Build | |
| run: dotnet build -c Release | |
| - name: Test Avalonia | |
| run: dotnet test tests/KubeUI.Avalonia.Tests/KubeUI.Avalonia.Tests.csproj -c Release --no-build --collect:"XPlat Code Coverage" --logger "trx;LogFileName=test-results.trx" | |
| - name: Test Kubernetes E2E | |
| run: dotnet test tests/KubeUI.Kubernetes.Tests/KubeUI.Kubernetes.Tests.csproj -c Release --no-build --collect:"XPlat Code Coverage" --logger "trx;LogFileName=test-results.trx" | |
| env: | |
| KUBEUI_RUN_KIND_TESTS: 1 | |
| - name: Test Report | |
| uses: dorny/test-reporter@v3 | |
| if: (!cancelled()) | |
| with: | |
| name: KubeUI Tests | |
| path: tests/**/TestResults/*.trx | |
| reporter: dotnet-trx | |
| - name: Test Summary | |
| uses: EnricoMi/publish-unit-test-result-action@v2 | |
| if: (!cancelled()) | |
| with: | |
| check_name: KubeUI Tests | |
| comment_mode: always | |
| files: tests/*/TestResults/*.trx | |
| - name: Coverage | |
| uses: codecov/codecov-action@v6 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: tests/*/TestResults/*/coverage.cobertura.xml | |
| fail_ci_if_error: false | |
| # - name: Run Benchmark | |
| # working-directory: benchmarks/KubeUI.Benchmarks | |
| # run: dotnet run -c Release | |
| semantic-release: | |
| name: Bump Version | |
| needs: [build-test] | |
| runs-on: ubuntu-latest | |
| outputs: | |
| new_release_published: ${{ steps.semantic.outputs.new_release_published }} | |
| new_release_version: ${{ (steps.semantic.outputs.new_release_published && steps.semantic.outputs.new_release_version) || '0.0.1-alpha.1' }} | |
| new_release_notes: ${{ steps.semantic.outputs.new_release_notes }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Semantic Release | |
| uses: cycjimmy/semantic-release-action@v6.0.0 | |
| id: semantic | |
| with: | |
| dry_run: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| publish-matrix: | |
| name: Publish Installer ${{ matrix.rid }} | |
| runs-on: ${{ matrix.runs-on }} | |
| needs: [semantic-release] | |
| environment: production | |
| strategy: | |
| matrix: | |
| include: | |
| - rid: win-x64 | |
| fileName: KubeUI.Desktop.exe | |
| runs-on: windows-latest | |
| packParam: --icon src/KubeUI.Avalonia/Assets/icon.ico --azureTrustedSignFile metadata.json --verbose --signExclude \.dll$ | |
| - rid: win-arm64 | |
| fileName: KubeUI.Desktop.exe | |
| runs-on: windows-latest | |
| packParam: --icon src/KubeUI.Avalonia/Assets/icon.ico --azureTrustedSignFile metadata.json --verbose --signExclude \.dll$ | |
| - rid: linux-x64 | |
| fileName: KubeUI.Desktop | |
| runs-on: ubuntu-latest | |
| packParam: --icon docs/icon-512.png | |
| - rid: linux-arm64 | |
| fileName: KubeUI.Desktop | |
| runs-on: ubuntu-latest | |
| packParam: --icon docs/icon-512.png | |
| - rid: osx-x64 | |
| fileName: KubeUI.Desktop | |
| runs-on: macos-latest | |
| packParam: --icon src/KubeUI.Avalonia/Assets/icon.icns --plist src/KubeUI.Desktop/info.plist | |
| - rid: osx-arm64 | |
| fileName: KubeUI.Desktop | |
| runs-on: macos-latest | |
| packParam: --icon src/KubeUI.Avalonia/Assets/icon.icns --plist src/KubeUI.Desktop/info.plist | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| submodules: 'true' | |
| - uses: actions/setup-dotnet@v5 | |
| with: | |
| dotnet-version: '9.x.x' | |
| - name: Setup .NET Core | |
| uses: actions/setup-dotnet@v5 | |
| with: | |
| global-json-file: global.json | |
| - name: Install Velopack | |
| shell: pwsh | |
| run: | | |
| $csprojPath = "src/KubeUI.Avalonia/KubeUI.Avalonia.csproj" | |
| [xml]$csprojXml = Get-Content -Path $csprojPath | |
| $velopackVersion = $csprojXml.Project.ItemGroup.PackageReference | | |
| Where-Object { $_.Include -eq "Velopack" } | | |
| Select-Object -ExpandProperty Version | |
| dotnet tool install -g vpk --version $velopackVersion | |
| - name: Install Velopack Deps | |
| if: matrix.runs-on == 'ubuntu-latest' | |
| run: sudo apt install libfuse2 | |
| - name: Publish | |
| working-directory: src/KubeUI.Desktop | |
| run: dotnet publish -c Release -r ${{ matrix.rid }} -o bin/publish -p:Version=${{ needs.semantic-release.outputs.new_release_version }} | |
| - name: Replace single file | |
| if: matrix.runs-on == 'macos-latest' | |
| uses: richardrigutins/replace-in-files@v3 | |
| with: | |
| files: 'src/KubeUI.Desktop/info.plist' | |
| search-text: '{{version}}' | |
| replacement-text: ${{ needs.semantic-release.outputs.new_release_version }} | |
| - name: Azure Login | |
| if: matrix.runs-on == 'windows-latest' | |
| uses: azure/login@v3 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Write metadata.json | |
| if: matrix.runs-on == 'windows-latest' | |
| shell: pwsh | |
| run: | | |
| [System.Text.Encoding]::UTF8.GetBytes($env:SECRET) | Set-Content -Path metadata.json -AsByteStream | |
| env: | |
| SECRET: ${{ secrets.AZURETRUSTEDSIGNFILE }} | |
| - name: Write CHANGELOG.md | |
| shell: pwsh | |
| run: | | |
| if([string]::IsNullOrEmpty($env:CHANGELOG)){ | |
| "N/A" | Out-File -FilePath CHANGELOG.md | |
| } else { | |
| $env:CHANGELOG | Out-File -FilePath CHANGELOG.md | |
| (Get-Content -Path CHANGELOG.md -Raw) -replace '&', 'and' | Set-Content -Path CHANGELOG.md -NoNewline -Encoding utf8 | |
| } | |
| env: | |
| CHANGELOG: ${{ needs.semantic-release.outputs.new_release_notes }} | |
| - name: Download Releases | |
| if: needs.semantic-release.outputs.new_release_published == 'true' | |
| run: | | |
| vpk download github --repoUrl https://github.com/${{ github.repository }} --token ${{ secrets.GITHUB_TOKEN }} -c ${{ matrix.rid }} --pre -o packed | |
| - name: Create Package | |
| run: | | |
| vpk pack --packTitle KubeUI -u KubeUI -v ${{ needs.semantic-release.outputs.new_release_version }} -p src/KubeUI.Desktop/bin/publish -c ${{ matrix.rid }} -e ${{ matrix.fileName }} -o packed ${{ matrix.packParam }} --packAuthors "Ivan Josipovic" --releaseNotes CHANGELOG.md | |
| - name: Remove unnecessary assets | |
| shell: pwsh | |
| run: | | |
| Remove-Item -Path packed/assets.* | |
| Remove-Item -Path packed/RELEASES-* | |
| Get-ChildItem -Path packed -Filter "*.nupkg" -File | Where-Object { $_.Name -notlike "*${{ needs.semantic-release.outputs.new_release_version }}*" } | Remove-Item | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: ${{ matrix.rid }}-artifacts | |
| path: packed | |
| release: | |
| if: needs.semantic-release.outputs.new_release_published == 'true' | |
| name: Create Release | |
| needs: [semantic-release, publish-matrix] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| path: dist/ | |
| - name: Semantic Release | |
| uses: cycjimmy/semantic-release-action@v6.0.0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |