diff --git a/.github/workflows/backend.yml b/.github/workflows/backend.yml index 0f150b51a4..28d7ff90d1 100644 --- a/.github/workflows/backend.yml +++ b/.github/workflows/backend.yml @@ -28,7 +28,6 @@ jobs: aka.ms:443 api.github.com:443 api.nuget.org:443 - codecov.io:443 dc.services.visualstudio.com:443 deb.debian.org:80 dotnetbuilds.azureedge.net:443 @@ -36,8 +35,6 @@ jobs: github.com:443 md-hdd-t032zjxllntc.z26.blob.storage.azure.net:443 objects.githubusercontent.com:443 - storage.googleapis.com:443 - uploader.codecov.io:443 - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: Setup dotnet uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 @@ -47,27 +44,16 @@ jobs: uses: FedericoCarboni/setup-ffmpeg@v2 # v2.0.0 # Coverage. - - name: run coverage tests + - name: Run coverage tests run: dotnet test Backend.Tests/Backend.Tests.csproj shell: bash - - name: Upload coverage report - id: uploadCoverage - continue-on-error: true - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 - with: - files: Backend.Tests/coverage.cobertura.xml - flags: backend - name: Backend - fail_ci_if_error: true - - name: Upload coverage report - take 2 (if the first attempt fails) - if: steps.uploadCoverage.outcome == 'failure' - id: uploadCoverage2 - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 + - name: Upload coverage artifact + uses: actions/upload-artifact@v3 with: - files: Backend.Tests/coverage.cobertura.xml - flags: backend - name: Backend - fail_ci_if_error: true + if-no-files-found: error + name: coverage + path: Backend.Tests/coverage.cobertura.xml + retention-days: 7 # Development build. - run: dotnet build BackendFramework.sln @@ -79,6 +65,37 @@ jobs: - run: dotnet tool install -g dotnet-format - run: dotnet-format --check + upload_coverage: + needs: test_build + runs-on: ubuntu-latest + steps: + # See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on + # configuring harden-runner and identifying allowed endpoints. + - name: Harden Runner + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 + codecov.io:443 + github.com:443 + storage.googleapis.com:443 + uploader.codecov.io:443 + - name: Checkout repository + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - name: Download coverage artifact + uses: actions/download-artifact@v3 + with: + name: coverage + - name: Upload coverage report + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 + with: + fail_ci_if_error: true + files: coverage.cobertura.xml + flags: backend + name: Backend + CodeQL_build: permissions: actions: read # for github/codeql-action/init to get workflow details diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml index 41beb712e3..dd89062378 100644 --- a/.github/workflows/frontend.yml +++ b/.github/workflows/frontend.yml @@ -26,11 +26,8 @@ jobs: allowed-endpoints: > *.actions.githubusercontent.com:443 api.github.com:443 - codecov.io:443 github.com:443 registry.npmjs.org:443 - storage.googleapis.com:443 - uploader.codecov.io:443 - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 @@ -44,27 +41,47 @@ jobs: - run: npm run test-frontend:coverage env: CI: true + - name: Upload coverage artifact + uses: actions/upload-artifact@v3 + with: + if-no-files-found: error + name: coverage + path: coverage/clover.xml + retention-days: 7 + + # Release build. + - run: npm run build + + upload_coverage: + needs: lint_test_build + runs-on: ubuntu-latest + steps: + # See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on + # configuring harden-runner and identifying allowed endpoints. + - name: Harden Runner + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 + codecov.io:443 + github.com:443 + storage.googleapis.com:443 + uploader.codecov.io:443 + - name: Checkout repository + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - name: Download coverage artifact + uses: actions/download-artifact@v3 + with: + name: coverage - name: Upload coverage report - id: uploadCoverage - continue-on-error: true uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 with: - files: coverage/clover.xml - flags: frontend - name: Frontend fail_ci_if_error: true - - name: Upload coverage report - take 2 (if the first attempt fails) - if: steps.uploadCoverage.outcome == 'failure' - id: uploadCoverage2 - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 - with: - files: coverage/clover.xml + files: clover.xml flags: frontend name: Frontend - fail_ci_if_error: true - - # Release build. - - run: npm run build docker_build: runs-on: ubuntu-latest