GFramework/.github/workflows/ci.yml

# CI/CD工作流配置：构建和测试.NET项目
# 该工作流在push到main/master分支或创建pull request时触发
name: CI - Build & Test

on:
  push:
    branches: [ main, master ]
  pull_request:
    branches: [ main, master ]

permissions:
  contents: write
  security-events: write

jobs:
  test:
    name: Build and Test
    runs-on: ubuntu-latest

    steps:
      # 检出源代码，设置fetch-depth为0以获取完整的git历史
      - name: Checkout code
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      # MegaLinter扫描步骤
      # 执行代码质量检查和安全扫描，生成SARIF格式报告
      - name: MegaLinter
        uses: oxsecurity/megalinter@v9.3.0
        continue-on-error: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          FAIL_ON_ERROR: ${{ github.ref == 'refs/heads/main' }}
      # 上传SARIF格式的安全和代码质量问题报告到GitHub安全中心
      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: megalinter-reports/sarif

      # TruffleHog OSS 扫描步骤
      # 使用 TruffleHog 工具扫描代码库中的敏感信息泄露，如API密钥、密码等
      # 该步骤会比较基础分支和当前提交之间的差异，检测新增内容中是否包含敏感数据
      - name: TruffleHog OSS
        uses: trufflesecurity/trufflehog@v3.92.5
        with:
          # 扫描路径，. 表示扫描整个仓库
          path: .
          # 基础提交哈希，用于与当前提交进行比较
          base: ${{ github.event.before }}
          # 当前提交哈希，作为扫描的目标版本
          head: ${{ github.sha }}
    
      # 安装和配置.NET SDK版本
      - name: Setup .NET 8
        uses: actions/setup-dotnet@v5
        with:
          dotnet-version: 8.0.x
    
      - name: Setup .NET 9
        uses: actions/setup-dotnet@v5
        with:
          dotnet-version: 9.0.x
    
      - name: Setup .NET 10
        uses: actions/setup-dotnet@v5
        with:
          dotnet-version: 10.0.x

      # 配置NuGet包缓存以加速后续构建
      - name: Cache NuGet packages
        uses: actions/cache@v5
        with:
          path: ~/.nuget/packages
          key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}

      # 执行NuGet包恢复操作
      - name: Restore
        run: dotnet restore
      # 恢复.NET本地工具
      - name: Restore .NET tools
        run: dotnet tool restore
        
      # 构建项目，使用Release配置且跳过恢复步骤
      - name: Build
        run: dotnet build -c Release --no-restore

      # 运行单元测试，输出TRX格式结果到TestResults目录
      - name: Test - Core
        run: |
          dotnet test GFramework.Core.Tests \
            -c Release \
            --no-build \
            --logger "trx;LogFileName=core-$RANDOM.trx" \
            --results-directory TestResults
    
      - name: Test - SourceGenerators
        run: |
          dotnet test GFramework.SourceGenerators.Tests \
            -c Release \
            --no-build \
            --logger "trx;LogFileName=sg-$RANDOM.trx" \
            --results-directory TestResults
      - name: Generate CTRF report
        run: |
          mkdir -p ctrf

          for trx in TestResults/*.trx; do
            name=$(basename "$trx" .trx)
            echo "Processing $trx -> ctrf/$name.json"

            dotnet tool run DotnetCtrfJsonReporter \
              -p "$trx" \
              -t nunit \
              -d ctrf \
              -f "$name.json"
          done
      
      
      # 生成并发布测试报告，无论测试成功或失败都会执行
      - name: Test Report
        uses: dorny/test-reporter@v2
        if: always()
        with:
          name: .NET Test Results
          path: TestResults/*.trx
          reporter: dotnet-trx
      - name: Publish Test Report
        uses: ctrf-io/github-test-reporter@v1
        with:
          report-path: './ctrf/*.json'
          github-report: true
          pull-request-report: true
          summary-delta-report: true
          insights-report: true
          flaky-rate-report: true
          fail-rate-report: true
          slowest-report: true
          upload-artifact: true
          fetch-previous-results: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        if: always()