# CI/CD工作流配置:构建和测试.NET项目 # 该工作流在push到main/master分支或创建pull request时触发 name: CI - Build & Test on: push: branches: [ main, master ] pull_request: branches: [ main, master ] permissions: contents: write security-events: write jobs: test: name: Build and Test runs-on: ubuntu-latest steps: # 检出源代码,设置fetch-depth为0以获取完整的git历史 - name: Checkout code uses: actions/checkout@v6 with: fetch-depth: 0 # MegaLinter扫描步骤 # 执行代码质量检查和安全扫描,生成SARIF格式报告 - name: MegaLinter uses: oxsecurity/megalinter@v9.3.0 continue-on-error: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} FAIL_ON_ERROR: ${{ github.ref == 'refs/heads/main' }} # 上传SARIF格式的安全和代码质量问题报告到GitHub安全中心 - name: Upload SARIF uses: github/codeql-action/upload-sarif@v3 with: sarif_file: megalinter-reports/sarif # TruffleHog OSS 扫描步骤 # 使用 TruffleHog 工具扫描代码库中的敏感信息泄露,如API密钥、密码等 # 该步骤会比较基础分支和当前提交之间的差异,检测新增内容中是否包含敏感数据 - name: TruffleHog OSS uses: trufflesecurity/trufflehog@v3.92.5 with: # 扫描路径,. 表示扫描整个仓库 path: . # 基础提交哈希,用于与当前提交进行比较 base: ${{ github.event.before }} # 当前提交哈希,作为扫描的目标版本 head: ${{ github.sha }} # 安装和配置.NET SDK版本 - name: Setup .NET 8 uses: actions/setup-dotnet@v5 with: dotnet-version: 8.0.x - name: Setup .NET 9 uses: actions/setup-dotnet@v5 with: dotnet-version: 9.0.x - name: Setup .NET 10 uses: actions/setup-dotnet@v5 with: dotnet-version: 10.0.x # 配置NuGet包缓存以加速后续构建 - name: Cache NuGet packages uses: actions/cache@v5 with: path: ~/.nuget/packages key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }} # 执行NuGet包恢复操作 - name: Restore run: dotnet restore # 恢复.NET本地工具 - name: Restore .NET tools run: dotnet tool restore # 使用Feluda许可证扫描器检查项目依赖的许可证合规性 # 配置参数: # - project-license: 设置项目许可证为Apache-2.0 # - fail-on-restrictive: 发现限制性许可证时失败 # - fail-on-incompatible: 发现不兼容许可证时失败 # - update-badge: 自动更新许可证徽章 - name: Feluda License Scanner uses: anistark/feluda@v1.11.1 with: project-license: 'Apache-2.0' fail-on-restrictive: true fail-on-incompatible: true verbose: true update-badge: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} # 构建项目,使用Release配置且跳过恢复步骤 - name: Build run: dotnet build -c Release --no-restore # 运行单元测试,输出TRX格式结果到TestResults目录 - name: Test - Core run: | dotnet test GFramework.Core.Tests \ -c Release \ --no-build \ --logger "trx;LogFileName=core-$RANDOM.trx" \ --results-directory TestResults - name: Test - SourceGenerators run: | dotnet test GFramework.SourceGenerators.Tests \ -c Release \ --no-build \ --logger "trx;LogFileName=sg-$RANDOM.trx" \ --results-directory TestResults - name: Generate CTRF report run: | mkdir -p ctrf for trx in TestResults/*.trx; do name=$(basename "$trx" .trx) echo "Processing $trx -> ctrf/$name.json" dotnet tool run DotnetCtrfJsonReporter \ -p "$trx" \ -t nunit \ -d ctrf \ -f "$name.json" done # 生成并发布测试报告,无论测试成功或失败都会执行 - name: Test Report uses: dorny/test-reporter@v2 if: always() with: name: .NET Test Results path: TestResults/*.trx reporter: dotnet-trx - name: Publish Test Report uses: ctrf-io/github-test-reporter@v1 with: report-path: './ctrf/*.json' github-report: true pull-request-report: true summary-delta-report: true insights-report: true flaky-rate-report: true fail-rate-report: true slowest-report: true upload-artifact: true fetch-previous-results: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} if: always()