Skip to content

Commit 40fb18d

Browse files
author
Alfredo Tornero
committed
prueba 2810 - pipelines actualizados
1 parent 33bdef7 commit 40fb18d

File tree

5 files changed

+294
-62
lines changed

5 files changed

+294
-62
lines changed

.github/workflows/analyze-security.yml

Lines changed: 73 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -14,15 +14,24 @@ on:
1414
type: string
1515
secrets:
1616
SONAR_TOKEN:
17-
required: true
17+
required: true
18+
MS_TEAMS_WEBHOOK:
19+
required: false
20+
21+
permissions:
22+
actions: read
23+
contents: read
24+
security-events: write
25+
26+
# 🔄 Evita análisis simultáneos del mismo repositorio
27+
concurrency:
28+
group: analyze-security-${{ github.ref }}
29+
cancel-in-progress: true
1830

1931
jobs:
2032
security-scan:
33+
name: 🛡️ Análisis de Seguridad (CodeQL + SonarCloud)
2134
runs-on: ubuntu-latest
22-
permissions:
23-
actions: read
24-
contents: read
25-
security-events: write
2635

2736
env:
2837
SOLUTION_PATH: ${{ inputs.solution }}
@@ -31,6 +40,8 @@ jobs:
3140
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
3241
SHOULD_RUN_SONAR: ${{ github.actor != 'dependabot[bot]' }}
3342

43+
outputs:
44+
analysis_status: ${{ steps.status.outputs.status }}
3445

3546
steps:
3647
- name: 🧰 Checkout del código
@@ -72,16 +83,17 @@ jobs:
7283
dotnet tool update --global dotnet-sonarscanner || dotnet tool install --global dotnet-sonarscanner
7384
echo "$HOME/.dotnet/tools" >> $GITHUB_PATH
7485
75-
- name: 🚀 Análisis SonarCloud Begin
86+
- name: 🚀 Iniciar análisis SonarCloud
7687
if: env.SHOULD_RUN_SONAR == 'true'
7788
run: |
89+
echo "🚀 Iniciando análisis SonarCloud..."
7890
dotnet sonarscanner begin \
7991
/k:"$SONAR_PROJECT_KEY" \
8092
/o:"$SONAR_ORG" \
8193
/d:sonar.host.url="https://sonarcloud.io" \
8294
/d:sonar.login="$SONAR_TOKEN" \
8395
/d:sonar.analysis.key="${{ github.run_id }}" \
84-
/d:sonar.analysis.name="CI-${{ github.run_number }}" \
96+
/d:sonar.analysis.name="Security-${{ github.run_number }}" \
8597
/d:sonar.exclusions="**/bin/**,**/obj/**,**/Migrations/**"
8698
8799
- name: 🏗️ Build para Sonar
@@ -99,4 +111,57 @@ jobs:
99111
100112
- name: 🏁 Finalizar análisis SonarCloud
101113
if: env.SHOULD_RUN_SONAR == 'true'
102-
run: dotnet sonarscanner end /d:sonar.login="$SONAR_TOKEN"
114+
id: sonar-finish
115+
run: |
116+
dotnet sonarscanner end /d:sonar.login="$SONAR_TOKEN"
117+
echo "✅ Análisis SonarCloud finalizado correctamente."
118+
119+
- name: 📊 Subir resultados de prueba
120+
if: always()
121+
uses: actions/upload-artifact@v4
122+
with:
123+
name: test-results
124+
path: ./TestResults
125+
126+
# -----------------------
127+
# 📊 Estado final
128+
# -----------------------
129+
- name: 📈 Registrar estado del análisis
130+
id: status
131+
run: |
132+
STATUS="${{ job.status }}"
133+
echo "status=$STATUS" >> $GITHUB_OUTPUT
134+
echo "📊 Estado del análisis: $STATUS"
135+
136+
# =====================================================
137+
# 📨 Notificación a Microsoft Teams (productiva con curl)
138+
# =====================================================
139+
- name: 📣 Notificar resultado en Microsoft Teams
140+
if: always()
141+
env:
142+
TEAMS_WEBHOOK: ${{ secrets.MS_TEAMS_WEBHOOK }}
143+
run: |
144+
if [ -z "$TEAMS_WEBHOOK" ]; then
145+
echo "⚠️ MS_TEAMS_WEBHOOK no está configurado. Saltando notificación."
146+
exit 0
147+
fi
148+
149+
STATUS="${{ job.status }}"
150+
COLOR="#36a64f"; EMOJI="🟢"
151+
if [ "$STATUS" != "success" ]; then COLOR="#FF0000"; EMOJI="🔴"; fi
152+
153+
MESSAGE="{
154+
\"@type\": \"MessageCard\",
155+
\"@context\": \"http://schema.org/extensions\",
156+
\"themeColor\": \"$COLOR\",
157+
\"summary\": \"Security Analysis $STATUS\",
158+
\"sections\": [{
159+
\"activityTitle\": \"$EMOJI **Security Analysis - $STATUS**\",
160+
\"activitySubtitle\": \"**Branch:** ${{ github.ref_name }}<br>**Actor:** ${{ github.actor }}\",
161+
\"text\": \"**CodeQL y SonarCloud ejecutados.**<br>Estado: **$STATUS**<br>[Ver ejecución en GitHub Actions](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})\"
162+
}]
163+
}"
164+
165+
curl -H "Content-Type: application/json" \
166+
-d "$MESSAGE" \
167+
"$TEAMS_WEBHOOK"

.github/workflows/deploy-azure-container.yml

Lines changed: 71 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -25,17 +25,35 @@ on:
2525
required: true
2626
AZURE_SUBSCRIPTION_ID:
2727
required: true
28+
MS_TEAMS_WEBHOOK:
29+
required: false
30+
31+
permissions:
32+
id-token: write
33+
contents: read
34+
35+
# 🔄 Evita despliegues simultáneos al mismo App Service
36+
concurrency:
37+
group: deploy-${{ inputs.app_name }}-${{ inputs.slot }}
38+
cancel-in-progress: true
2839

2940
jobs:
3041
deploy-container:
42+
name: 🚀 Deploy Azure App Service (Container)
3143
runs-on: ubuntu-latest
44+
environment:
45+
name: production
3246

3347
env:
3448
APP_NAME: ${{ inputs.app_name }}
3549
SLOT_NAME: ${{ inputs.slot }}
3650
ACR_NAME: ${{ inputs.acr_name }}
3751
IMAGE_NAME: ${{ inputs.image_name }}
3852
IMAGE_TAG: ${{ inputs.image_tag }}
53+
RESOURCE_GROUP: scharff-nsf-dev-rg
54+
55+
outputs:
56+
deployment_status: ${{ steps.deploy-status.outputs.status }}
3957

4058
steps:
4159
- name: 🔐 Login Azure (OIDC)
@@ -49,32 +67,75 @@ jobs:
4967
- name: 🧩 Verificar versión Azure CLI
5068
run: az version
5169

52-
- name: 🔐 Login a ACR
70+
- name: 🔍 Validar existencia del App Service
71+
id: validate-app
5372
run: |
54-
az acr login --name $ACR_NAME
73+
echo "🔎 Validando existencia del recurso $APP_NAME..."
74+
if ! az webapp show --name $APP_NAME --resource-group $RESOURCE_GROUP >/dev/null 2>&1; then
75+
echo "❌ No se encontró el App Service '$APP_NAME' en el grupo '$RESOURCE_GROUP'."
76+
exit 1
77+
fi
78+
79+
- name: 🔐 Login a ACR
80+
run: az acr login --name $ACR_NAME
5581

5682
- name: 🔁 Actualizar App Service para usar nueva imagen
83+
id: update-image
5784
run: |
5885
echo "🔁 Actualizando imagen en $APP_NAME..."
5986
az webapp config container set \
6087
--name $APP_NAME \
61-
--resource-group scharff-nsf-dev-rg \
88+
--resource-group $RESOURCE_GROUP \
6289
--container-image-name "$ACR_NAME.azurecr.io/$IMAGE_NAME:$IMAGE_TAG" \
6390
--container-registry-url "https://$ACR_NAME.azurecr.io"
6491
65-
- name: 🔍 Verificar configuración del App Service
92+
- name: 🔍 Verificar configuración aplicada
6693
run: |
67-
echo "🔍 Verificando imagen aplicada..."
94+
echo "🔍 Verificando configuración actual..."
6895
az webapp config show \
6996
--name $APP_NAME \
70-
--resource-group scharff-nsf-dev-rg \
71-
--query "linuxFxVersion"
97+
--resource-group $RESOURCE_GROUP \
98+
--query "linuxFxVersion" -o tsv
7299
73100
- name: 🔄 Reiniciar App Service
74101
run: |
75-
az webapp restart --name $APP_NAME --resource-group scharff-nsf-dev-rg
102+
echo "🔄 Reiniciando aplicación $APP_NAME..."
103+
az webapp restart --name $APP_NAME --resource-group $RESOURCE_GROUP
76104
77105
- name: ✅ Verificar estado del despliegue
106+
id: deploy-status
78107
run: |
79-
az webapp show --name $APP_NAME --resource-group scharff-nsf-dev-rg \
80-
--query "state" -o tsv
108+
STATUS=$(az webapp show --name $APP_NAME --resource-group $RESOURCE_GROUP --query "state" -o tsv)
109+
echo "status=$STATUS" >> $GITHUB_OUTPUT
110+
echo "✅ Estado actual: $STATUS"
111+
112+
# ===============================================
113+
# 📨 Notificación a Microsoft Teams (curl seguro)
114+
# ===============================================
115+
- name: 📣 Notificar resultado en Microsoft Teams
116+
if: always()
117+
run: |
118+
if [ -z "${{ secrets.MS_TEAMS_WEBHOOK }}" ]; then
119+
echo "⚠️ MS_TEAMS_WEBHOOK no está configurado. Saltando notificación."
120+
exit 0
121+
fi
122+
123+
STATUS="${{ job.status }}"
124+
COLOR="#36a64f"; EMOJI="🟢"
125+
if [ "$STATUS" != "success" ]; then COLOR="#FF0000"; EMOJI="🔴"; fi
126+
127+
MESSAGE="{
128+
\"@type\": \"MessageCard\",
129+
\"@context\": \"http://schema.org/extensions\",
130+
\"themeColor\": \"$COLOR\",
131+
\"summary\": \"Deploy $STATUS\",
132+
\"sections\": [{
133+
\"activityTitle\": \"$EMOJI **Azure Deploy - $STATUS**\",
134+
\"activitySubtitle\": \"**App:** ${{ inputs.app_name }}<br>**Branch:** ${{ github.ref_name }}<br>**Actor:** ${{ github.actor }}\",
135+
\"text\": \"Imagen desplegada: **${{ inputs.acr_name }}.azurecr.io/${{ inputs.image_name }}:${{ inputs.image_tag }}**<br>[Ver ejecución en GitHub Actions](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})\"
136+
}]
137+
}"
138+
139+
curl -H "Content-Type: application/json" \
140+
-d "$MESSAGE" \
141+
${{ secrets.MS_TEAMS_WEBHOOK }}

.github/workflows/deploy-azure.yml

Lines changed: 61 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,17 +16,35 @@ on:
1616
required: true
1717
AZURE_SUBSCRIPTION_ID:
1818
required: true
19+
MS_TEAMS_WEBHOOK:
20+
required: false
21+
22+
permissions:
23+
id-token: write
24+
contents: read
25+
26+
# 🔄 Evita despliegues simultáneos
27+
concurrency:
28+
group: deploy-${{ inputs.app_name }}-${{ inputs.slot }}
29+
cancel-in-progress: true
1930

2031
jobs:
2132
deploy:
33+
name: 🚀 Deploy Azure App Service (ZIP)
2234
runs-on: ubuntu-latest
35+
environment:
36+
name: production
2337

2438
env:
2539
APP_NAME: ${{ inputs.app_name }}
2640
SLOT_NAME: ${{ inputs.slot }}
2741
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
2842
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
2943
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
44+
RESOURCE_GROUP: scharff-nsf-dev-rg
45+
46+
outputs:
47+
deployment_status: ${{ steps.status.outputs.state }}
3048

3149
steps:
3250
- name: 🧰 Descargar artefacto del build
@@ -38,9 +56,10 @@ jobs:
3856
- name: ✅ Validar artefacto
3957
run: |
4058
if [ ! -d "./publish" ]; then
41-
echo "❌ No se encontró el artefacto."
59+
echo "❌ No se encontró el artefacto de publicación."
4260
exit 1
4361
fi
62+
echo "📦 Artefacto detectado correctamente."
4463
4564
- name: 🔐 Login Azure (OIDC)
4665
uses: azure/login@v2
@@ -58,3 +77,44 @@ jobs:
5877
package: ./publish
5978
runtime-stack: 'DOTNETCORE|8.0'
6079
startup-command: 'dotnet Scharff.API.Utils.dll'
80+
81+
- name: 🔍 Verificar estado del despliegue
82+
id: status
83+
run: |
84+
echo "🔎 Consultando estado del App Service..."
85+
STATE=$(az webapp show --name $APP_NAME --resource-group $RESOURCE_GROUP --query "state" -o tsv)
86+
echo "state=$STATE" >> $GITHUB_OUTPUT
87+
echo "✅ Estado actual: $STATE"
88+
89+
# =====================================================
90+
# 📨 Notificación a Microsoft Teams (productiva con curl)
91+
# =====================================================
92+
- name: 📣 Notificar resultado en Microsoft Teams
93+
if: always()
94+
env:
95+
TEAMS_WEBHOOK: ${{ secrets.MS_TEAMS_WEBHOOK }}
96+
run: |
97+
if [ -z "$TEAMS_WEBHOOK" ]; then
98+
echo "⚠️ MS_TEAMS_WEBHOOK no está configurado. Saltando notificación."
99+
exit 0
100+
fi
101+
102+
STATUS="${{ job.status }}"
103+
COLOR="#36a64f"; EMOJI="🟢"
104+
if [ "$STATUS" != "success" ]; then COLOR="#FF0000"; EMOJI="🔴"; fi
105+
106+
MESSAGE="{
107+
\"@type\": \"MessageCard\",
108+
\"@context\": \"http://schema.org/extensions\",
109+
\"themeColor\": \"$COLOR\",
110+
\"summary\": \"Deploy $STATUS\",
111+
\"sections\": [{
112+
\"activityTitle\": \"$EMOJI **Azure Deploy - $STATUS**\",
113+
\"activitySubtitle\": \"**App:** ${{ inputs.app_name }}<br>**Branch:** ${{ github.ref_name }}<br>**Actor:** ${{ github.actor }}\",
114+
\"text\": \"Despliegue: **${{ inputs.app_name }}**<br>Estado: **${{ steps.status.outputs.state }}**<br>[Ver ejecución en GitHub Actions](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})\"
115+
}]
116+
}"
117+
118+
curl -H "Content-Type: application/json" \
119+
-d "$MESSAGE" \
120+
"$TEAMS_WEBHOOK"

0 commit comments

Comments
 (0)