# CI/CD工作流配置:构建和测试.NET项目 # 该工作流在push到main/master分支或创建pull request时触发 name: CI - Build & Test on: push: branches: [ main, master ] pull_request: branches: [ main, master ] permissions: contents: read security-events: write jobs: test: name: Build and Test runs-on: ubuntu-latest steps: # 检出源代码,设置fetch-depth为0以获取完整的git历史 - name: Checkout code uses: actions/checkout@v6 with: fetch-depth: 0 # 校验C#命名空间与源码目录是否符合命名规范 - name: Validate C# naming run: bash scripts/validate-csharp-naming.sh # 缓存MegaLinter - name: Cache MegaLinter uses: actions/cache@v5 with: path: ~/.cache/megalinter key: ${{ runner.os }}-megalinter-v9 restore-keys: | ${{ runner.os }}-megalinter- # MegaLinter扫描步骤 # 执行代码质量检查和安全扫描,生成SARIF格式报告 - name: MegaLinter uses: oxsecurity/megalinter@v9.4.0 continue-on-error: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} FAIL_ON_ERROR: ${{ github.ref == 'refs/heads/main' }} # 上传SARIF格式的安全和代码质量问题报告到GitHub安全中心 - name: Upload SARIF uses: github/codeql-action/upload-sarif@v4 with: sarif_file: megalinter-reports/sarif # 缓存TruffleHog - name: Cache TruffleHog uses: actions/cache@v5 with: path: ~/.cache/trufflehog key: ${{ runner.os }}-trufflehog # TruffleHog OSS 扫描步骤 # 使用 TruffleHog 工具扫描代码库中的敏感信息泄露,如API密钥、密码等 # 该步骤会比较基础分支和当前提交之间的差异,检测新增内容中是否包含敏感数据 - name: TruffleHog OSS uses: trufflesecurity/trufflehog@v3.93.8 with: # 扫描路径,. 表示扫描整个仓库 path: . # 基础提交哈希,用于与当前提交进行比较 base: ${{ github.event.before }} # 当前提交哈希,作为扫描的目标版本 head: ${{ github.sha }} # 安装和配置.NET SDK版本 - name: Setup .NET 8 uses: actions/setup-dotnet@v5 with: dotnet-version: 8.0.x - name: Setup .NET 9 uses: actions/setup-dotnet@v5 with: dotnet-version: 9.0.x - name: Setup .NET 10 uses: actions/setup-dotnet@v5 with: dotnet-version: 10.0.x # 配置NuGet包缓存以加速后续构建 - name: Cache NuGet packages uses: actions/cache@v5 with: path: | ~/.nuget/packages ~/.local/share/NuGet key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/nuget.config') }} # 配置.NET本地工具缓存以加速后续构建 - name: Cache dotnet tools uses: actions/cache@v5 with: path: ~/.dotnet/tools key: ${{ runner.os }}-dotnet-tools-${{ hashFiles('.config/dotnet-tools.json') }} # 执行NuGet包恢复操作 - name: Restore run: dotnet restore # 恢复.NET本地工具 - name: Restore .NET tools run: dotnet tool restore # 构建项目,使用Release配置且跳过恢复步骤 - name: Build run: dotnet build -c Release --no-restore # 运行单元测试,输出TRX格式结果到TestResults目录 # 使用并发执行以加快测试速度 - name: Test - Core run: | dotnet test GFramework.Core.Tests \ -c Release \ --no-build \ --logger "trx;LogFileName=core-$RANDOM.trx" \ --results-directory TestResults & - name: Test - Game run: | dotnet test GFramework.Game.Tests \ -c Release \ --no-build \ --logger "trx;LogFileName=game-$RANDOM.trx" \ --results-directory TestResults & - name: Test - SourceGenerators run: | dotnet test GFramework.SourceGenerators.Tests \ -c Release \ --no-build \ --logger "trx;LogFileName=sg-$RANDOM.trx" \ --results-directory TestResults & - name: Test - ECS Arch run: | dotnet test GFramework.Ecs.Arch.Tests \ -c Release \ --no-build \ --logger "trx;LogFileName=ecs-arch-$RANDOM.trx" \ --results-directory TestResults & # 等待所有并发测试完成 - name: Wait for tests run: wait - name: Generate CTRF report run: | mkdir -p ctrf for trx in TestResults/*.trx; do name=$(basename "$trx" .trx) echo "Processing $trx -> ctrf/$name.json" dotnet tool run DotnetCtrfJsonReporter \ -p "$trx" \ -t nunit \ -d ctrf \ -f "$name.json" done # 生成并发布测试报告,无论测试成功或失败都会执行 - name: Test Report uses: dorny/test-reporter@v2 if: always() with: name: .NET Test Results path: TestResults/*.trx reporter: dotnet-trx - name: Publish Test Report uses: ctrf-io/github-test-reporter@v1 with: report-path: './ctrf/*.json' github-report: true pull-request-report: true summary-delta-report: true insights-report: true flaky-rate-report: true fail-rate-report: true slowest-report: true upload-artifact: true fetch-previous-results: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} if: always()