[deps]: Update actions/checkout action to v6 #640
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Main | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| release: | |
| types: | |
| - published | |
| env: | |
| # Setting these variables allows .NET CLI to use rich color codes in console output | |
| TERM: xterm | |
| DOTNET_SYSTEM_CONSOLE_ALLOW_ANSI_COLOR_REDIRECTION: true | |
| # Skip boilerplate output | |
| DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true | |
| DOTNET_NOLOGO: true | |
| DOTNET_CLI_TELEMETRY_OPTOUT: true | |
| # Note that as much as we'd love to avoid repetitive work, splitting the pipeline into separate jobs | |
| # makes it very difficult to share artifacts between them. Even if we succeed, we'll still end up | |
| # pushing and pulling gigabytes worth of data, which makes the jobs so much slower that we might as | |
| # well just repeat the checkout-restore-build steps instead. | |
| # Having a setup that involves separate jobs gives us significant benefits, on the other hand, namely: | |
| # - Most of the jobs can run in parallel, which reduces the overall execution time significantly, | |
| # despite the repetitive work. | |
| # - We can catch more issues this way, for example if the formatting job fails, we can still see the | |
| # the test results too. | |
| # - If one of the jobs fails due to reasons unrelated to our code (e.g. NuGet server is down), we get | |
| # the option to rerun only that job, saving us time. | |
| # - It's easier to understand what each job does (and later, read its output) because the scope is much | |
| # more narrow. | |
| # - We can set permissions on a more granular (per-job) level, which allows us to expose only a few select | |
| # steps to more sensitive access scopes. | |
| jobs: | |
| # Determine version | |
| version: | |
| name: Determine Version | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Determine stable version | |
| id: stable-version | |
| if: ${{ github.event_name == 'release' }} | |
| env: | |
| TAG_NAME: ${{ github.event.release.tag_name }} | |
| run: | | |
| if ! [[ "${TAG_NAME}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z].*)?$ ]]; then | |
| echo "Invalid version: ${TAG_NAME}" | |
| exit 1 | |
| fi | |
| echo "version=${TAG_NAME}" >> "$GITHUB_OUTPUT" | |
| - name: Determine prerelease version | |
| id: pre-version | |
| if: ${{ github.event_name != 'release' }} | |
| run: | | |
| hash="${{ github.event.pull_request.head.sha || github.sha }}" | |
| echo "version=0.0.0-ci-${hash:0:7}" >> "$GITHUB_OUTPUT" | |
| outputs: | |
| version: ${{ steps.stable-version.outputs.version || steps.pre-version.outputs.version }} | |
| # Check formatting | |
| format: | |
| name: Check Formatting | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false # we don't need to push anything | |
| - name: Install .NET | |
| uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 | |
| with: | |
| dotnet-version: 8 | |
| - name: Validate format | |
| run: dotnet format --verify-no-changes | |
| # Run tests | |
| test: | |
| name: Run Tests | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - ubuntu-24.04 | |
| # Windows runners don't support Linux Docker containers (needed for tests), | |
| # so we currently cannot run tests on Windows. | |
| # - windows-latest | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - name: Install .NET | |
| uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 | |
| with: | |
| dotnet-version: 6 | |
| - name: Run restore | |
| run: dotnet restore | |
| - name: Run build | |
| run: > | |
| dotnet build | |
| --no-restore | |
| --configuration Release | |
| - name: Run tests | |
| run: > | |
| dotnet test | |
| --no-restore | |
| --no-build | |
| --configuration Release | |
| ${{ runner.os == 'Windows' && '-p:IncludeNetCoreAppTargets=false' || '' }} | |
| --logger "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true" | |
| --collect:"XPlat Code Coverage" | |
| -- | |
| RunConfiguration.CollectSourceInformation=true | |
| DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover | |
| - name: Upload coverage | |
| uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 | |
| # Pack the output into NuGet packages | |
| pack: | |
| name: Pack | |
| needs: version | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| actions: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - name: Install .NET | |
| uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 | |
| with: | |
| dotnet-version: 8 | |
| - name: Run restore | |
| run: dotnet restore | |
| - name: Run build | |
| run: > | |
| dotnet build | |
| --no-restore | |
| --configuration Release | |
| -p:ContinuousIntegrationBuild=true | |
| - name: Run pack | |
| env: | |
| VERSION: ${{ needs.version.outputs.version }} | |
| run: > | |
| dotnet pack | |
| -p:Version="${VERSION}" | |
| -p:ContinuousIntegrationBuild=true | |
| --no-restore | |
| --no-build | |
| --configuration Release | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: packages | |
| path: "**/*.nupkg" | |
| # Dispatch a separate deployment workflow in a private repository | |
| deploy: | |
| name: Deploy | |
| # Remove this if we end up adding more environments than just NuGet | |
| if: ${{ github.event_name == 'release' }} | |
| needs: | |
| - version | |
| - format | |
| - test | |
| - pack | |
| strategy: | |
| matrix: | |
| environment: | |
| - nuget | |
| # - myget | |
| exclude: | |
| # Exclude NuGet if not triggered by a release event | |
| # https://stackoverflow.com/questions/65384420/how-do-i-make-a-github-action-matrix-element-conditional | |
| - environment: ${{ github.event_name != 'release' && 'nuget' }} | |
| runs-on: ubuntu-24.04 | |
| permissions: {} # no permissions required | |
| steps: | |
| - name: Log in to Azure | |
| uses: bitwarden/gh-actions/azure-login@main | |
| with: | |
| subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| tenant_id: ${{ secrets.AZURE_TENANT_ID }} | |
| client_id: ${{ secrets.AZURE_CLIENT_ID }} | |
| - name: Retrieve GitHub PAT secrets | |
| id: retrieve-secret-pat | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "github-pat-bitwarden-devops-bot-repo-scope" | |
| - name: Log out from Azure | |
| uses: bitwarden/gh-actions/azure-logout@main | |
| - name: Dispatch deployment | |
| env: | |
| GITHUB_TOKEN: ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }} | |
| VERSION: ${{ needs.version.outputs.version }} | |
| run: > | |
| gh workflow run deploy-passwordless-dotnet | |
| --repo bitwarden/passwordless-devops | |
| --field repository="${GITHUB_REPOSITORY}" | |
| --field run-id="${GITHUB_RUN_ID}" | |
| --field artifact="packages" | |
| --field environment="${{ matrix.environment }}" | |
| --field version="${VERSION}" |