Bump Microsoft.SourceLink.GitHub from 10.0.202 to 10.0.203 (#1012) #2109
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Test, and Deploy EssentialCSharp.Web | |
| on: | |
| push: | |
| branches: ["main"] | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| build-and-test: | |
| runs-on: ubuntu-latest | |
| environment: "BuildAndUploadImage" | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up .NET Core | |
| uses: actions/setup-dotnet@v5 | |
| with: | |
| global-json-file: global.json | |
| source-url: https://pkgs.dev.azure.com/intelliTect/_packaging/EssentialCSharp/nuget/v3/index.json | |
| env: | |
| NUGET_AUTH_TOKEN: ${{ secrets.AZURE_DEVOPS_PAT }} | |
| - name: Set up dependency caching for faster builds | |
| uses: actions/cache@v5 | |
| id: nuget-cache | |
| with: | |
| path: | | |
| ~/.nuget/packages | |
| ${{ github.workspace }}/**/obj/project.assets.json | |
| key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }} | |
| ${{ runner.os }}-nuget- | |
| - name: Restore with dotnet | |
| run: dotnet restore | |
| - name: Build with dotnet | |
| run: dotnet build -p:ContinuousIntegrationBuild=True -p:ReleaseDateAttribute=True --configuration Release --no-restore | |
| - name: Expose GitHub Actions Runtime | |
| uses: actions/github-script@v9 | |
| with: | |
| script: | | |
| core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']); | |
| core.exportVariable('ACTIONS_RESULTS_URL', process.env['ACTIONS_RESULTS_URL']); | |
| - name: Run .NET Tests | |
| run: dotnet test --no-build --configuration Release | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| # Build but no push with a PR | |
| - name: Docker build (no push) | |
| if: github.event_name == 'pull_request' || github.event_name == 'merge_group' | |
| uses: docker/build-push-action@v7 | |
| with: | |
| push: false | |
| tags: temp-pr-validation | |
| file: ./EssentialCSharp.Web/Dockerfile | |
| - name: Build Container Image | |
| if: github.event_name != 'pull_request_target' && github.event_name != 'pull_request' | |
| uses: docker/build-push-action@v7 | |
| with: | |
| tags: ${{ vars.DEVCONTAINER_REGISTRY }}/essentialcsharpweb:${{ github.sha }},${{ vars.DEVCONTAINER_REGISTRY }}/essentialcsharpweb:latest,${{ vars.PRODCONTAINER_REGISTRY }}/essentialcsharpweb:${{ github.sha }},${{ vars.PRODCONTAINER_REGISTRY }}/essentialcsharpweb:latest | |
| file: ./EssentialCSharp.Web/Dockerfile | |
| context: . | |
| secrets: | | |
| "nuget_auth_token=${{ secrets.AZURE_DEVOPS_PAT }}" | |
| outputs: type=docker,dest=${{ github.workspace }}/essentialcsharpwebimage.tar | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: essentialcsharpwebimage | |
| path: ${{ github.workspace }}/essentialcsharpwebimage.tar | |
| deploy-development: | |
| if: github.event_name != 'pull_request_target' && github.event_name != 'pull_request' | |
| runs-on: ubuntu-latest | |
| needs: build-and-test | |
| concurrency: | |
| group: deploy-development | |
| cancel-in-progress: false | |
| environment: | |
| name: "Development" | |
| steps: | |
| - name: Azure Login | |
| uses: azure/login@v3 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Download artifact | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: essentialcsharpwebimage | |
| path: ${{ github.workspace }} | |
| - name: Load image | |
| run: | | |
| docker load --input ${{ github.workspace }}/essentialcsharpwebimage.tar | |
| docker image ls -a | |
| - name: Log in to container registry | |
| run: | | |
| REGISTRY="${{ vars.DEVCONTAINER_REGISTRY }}" | |
| az acr login --name "${REGISTRY%.azurecr.io}" | |
| - name: Push Image to Container Registry | |
| run: docker push --all-tags ${{ vars.DEVCONTAINER_REGISTRY }}/essentialcsharpweb | |
| - name: Configure Container App Identity and Registry | |
| uses: azure/CLI@v3 | |
| env: | |
| CONTAINER_APP_NAME: ${{ vars.CONTAINER_APP_NAME }} | |
| RESOURCEGROUP: ${{ vars.RESOURCEGROUP }} | |
| CONTAINER_REGISTRY: ${{ vars.DEVCONTAINER_REGISTRY }} | |
| with: | |
| inlineScript: | | |
| # Container app must already exist; use az containerapp up manually to bootstrap if needed | |
| az extension add --name containerapp --upgrade | |
| az containerapp identity assign --name $CONTAINER_APP_NAME --resource-group $RESOURCEGROUP --user-assigned ${{ secrets.WEB_UAMI_RESOURCE_ID }} | |
| az containerapp registry set --name $CONTAINER_APP_NAME --resource-group $RESOURCEGROUP --server $CONTAINER_REGISTRY --identity ${{ secrets.WEB_UAMI_RESOURCE_ID }} | |
| - name: Assign Managed Identity to Container App and Set Secrets and Environment Variables | |
| uses: azure/CLI@v3 | |
| env: | |
| CONTAINER_APP_NAME: ${{ vars.CONTAINER_APP_NAME }} | |
| RESOURCEGROUP: ${{ vars.RESOURCEGROUP }} | |
| CONTAINER_REGISTRY: ${{ vars.DEVCONTAINER_REGISTRY }} | |
| KEYVAULTURI: ${{ secrets.ESSENTIALCSHARP_KEYVAULT_URI }} | |
| MANAGEDIDENTITYID: ${{ secrets.WEB_UAMI_RESOURCE_ID }} | |
| AZURECLIENTID: ${{ secrets.WEB_UAMI_CLIENT_ID }} | |
| TRYDOTNET_ORIGIN: ${{ vars.TRYDOTNET_ORIGIN }} | |
| with: | |
| inlineScript: | | |
| az containerapp secret set -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --secrets github-clientid=keyvaultref:$KEYVAULTURI/secrets/authentication-github-clientid,identityref:$MANAGEDIDENTITYID \ | |
| github-clientsecret=keyvaultref:$KEYVAULTURI/secrets/authentication-github-clientsecret,identityref:$MANAGEDIDENTITYID msft-clientid=keyvaultref:$KEYVAULTURI/secrets/authentication-microsoft-clientid,identityref:$MANAGEDIDENTITYID \ | |
| msft-clientsecret=keyvaultref:$KEYVAULTURI/secrets/authentication-microsoft-clientsecret,identityref:$MANAGEDIDENTITYID emailsender-apikey=keyvaultref:$KEYVAULTURI/secrets/authmessagesender-apikey,identityref:$MANAGEDIDENTITYID \ | |
| emailsender-secret=keyvaultref:$KEYVAULTURI/secrets/authmessagesender-secretkey,identityref:$MANAGEDIDENTITYID emailsender-name=keyvaultref:$KEYVAULTURI/secrets/authmessagesender-sendfromname,identityref:$MANAGEDIDENTITYID \ | |
| emailsender-email=keyvaultref:$KEYVAULTURI/secrets/authmessagesender-sendfromemail,identityref:$MANAGEDIDENTITYID connectionstring=keyvaultref:$KEYVAULTURI/secrets/connectionstrings-essentialcsharpwebcontextconnection,identityref:$MANAGEDIDENTITYID \ | |
| captcha-sitekey=keyvaultref:$KEYVAULTURI/secrets/captcha-sitekey,identityref:$MANAGEDIDENTITYID captcha-secretkey=keyvaultref:$KEYVAULTURI/secrets/captcha-secretkey,identityref:$MANAGEDIDENTITYID \ | |
| appinsights-connectionstring=keyvaultref:$KEYVAULTURI/secrets/applicationinsights-connectionstring,identityref:$MANAGEDIDENTITYID \ | |
| ai-endpoint=keyvaultref:$KEYVAULTURI/secrets/AIOptions--Endpoint,identityref:$MANAGEDIDENTITYID \ | |
| ai-vectordeployment=keyvaultref:$KEYVAULTURI/secrets/AIOptions--VectorGenerationDeploymentName,identityref:$MANAGEDIDENTITYID ai-chatdeployment=keyvaultref:$KEYVAULTURI/secrets/AIOptions--ChatDeploymentName,identityref:$MANAGEDIDENTITYID \ | |
| ai-systemprompt=keyvaultref:$KEYVAULTURI/secrets/AIOptions--SystemPrompt,identityref:$MANAGEDIDENTITYID \ | |
| postgres-vectorstore-connectionstring=keyvaultref:$KEYVAULTURI/secrets/ConnectionStrings--PostgresVectorStore,identityref:$MANAGEDIDENTITYID | |
| az containerapp update --name $CONTAINER_APP_NAME --resource-group $RESOURCEGROUP \ | |
| --image $CONTAINER_REGISTRY/essentialcsharpweb:${{ github.sha }} \ | |
| --replace-env-vars Authentication__github__clientId=secretref:github-clientid Authentication__github__clientSecret=secretref:github-clientsecret \ | |
| Authentication__microsoft__clientId=secretref:msft-clientid Authentication__microsoft__clientSecret=secretref:msft-clientsecret AuthMessageSender__ApiKey=secretref:emailsender-apikey AuthMessageSender__SecretKey=secretref:emailsender-secret \ | |
| AuthMessageSender__SendFromName=secretref:emailsender-name AuthMessageSender__SendFromEmail=secretref:emailsender-email ConnectionStrings__EssentialCSharpWebContextConnection=secretref:connectionstring ASPNETCORE_ENVIRONMENT=Staging \ | |
| AZURE_CLIENT_ID=$AZURECLIENTID HCaptcha__SiteKey=secretref:captcha-sitekey HCaptcha__SecretKey=secretref:captcha-secretkey APPLICATIONINSIGHTS_CONNECTION_STRING=secretref:appinsights-connectionstring \ | |
| AIOptions__Endpoint=secretref:ai-endpoint AIOptions__VectorGenerationDeploymentName=secretref:ai-vectordeployment AIOptions__ChatDeploymentName=secretref:ai-chatdeployment \ | |
| AIOptions__SystemPrompt=secretref:ai-systemprompt ConnectionStrings__PostgresVectorStore=secretref:postgres-vectorstore-connectionstring \ | |
| TryDotNet__Origin=$TRYDOTNET_ORIGIN DataProtection__AzureKeyVaultKeyUri=$KEYVAULTURI/keys/dataprotection | |
| - name: Logout of Azure CLI | |
| if: always() | |
| uses: azure/CLI@v3 | |
| with: | |
| inlineScript: | | |
| az logout | |
| az cache purge | |
| az account clear | |
| deploy-production: | |
| if: github.event_name != 'pull_request_target' && github.event_name != 'pull_request' | |
| runs-on: ubuntu-latest | |
| needs: [deploy-development] | |
| concurrency: | |
| group: deploy-production | |
| cancel-in-progress: false | |
| environment: | |
| name: "Production" | |
| steps: | |
| - name: Azure Login | |
| uses: azure/login@v3 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Download artifact | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: essentialcsharpwebimage | |
| path: ${{ github.workspace }} | |
| - name: Load image | |
| run: | | |
| docker load --input ${{ github.workspace }}/essentialcsharpwebimage.tar | |
| docker image ls -a | |
| - name: Log in to container registry | |
| run: | | |
| REGISTRY="${{ vars.PRODCONTAINER_REGISTRY }}" | |
| az acr login --name "${REGISTRY%.azurecr.io}" | |
| - name: Push Image to Container Registry | |
| run: docker push --all-tags ${{ vars.PRODCONTAINER_REGISTRY }}/essentialcsharpweb | |
| - name: Configure Container App Identity and Registry | |
| uses: azure/CLI@v3 | |
| env: | |
| CONTAINER_APP_NAME: ${{ vars.CONTAINER_APP_NAME }} | |
| RESOURCEGROUP: ${{ vars.RESOURCEGROUP }} | |
| CONTAINER_REGISTRY: ${{ vars.PRODCONTAINER_REGISTRY }} | |
| with: | |
| inlineScript: | | |
| # Container app must already exist; use az containerapp up manually to bootstrap if needed | |
| az extension add --name containerapp --upgrade | |
| az containerapp identity assign --name $CONTAINER_APP_NAME --resource-group $RESOURCEGROUP --user-assigned ${{ secrets.WEB_UAMI_RESOURCE_ID }} | |
| az containerapp registry set --name $CONTAINER_APP_NAME --resource-group $RESOURCEGROUP --server $CONTAINER_REGISTRY --identity ${{ secrets.WEB_UAMI_RESOURCE_ID }} | |
| - name: Assign Managed Identity to Container App and Set Secrets and Environment Variables | |
| uses: azure/CLI@v3 | |
| env: | |
| CONTAINER_APP_NAME: ${{ vars.CONTAINER_APP_NAME }} | |
| RESOURCEGROUP: ${{ vars.RESOURCEGROUP }} | |
| CONTAINER_REGISTRY: ${{ vars.PRODCONTAINER_REGISTRY }} | |
| KEYVAULTURI: ${{ secrets.ESSENTIALCSHARP_KEYVAULT_URI }} | |
| MANAGEDIDENTITYID: ${{ secrets.WEB_UAMI_RESOURCE_ID }} | |
| AZURECLIENTID: ${{ secrets.WEB_UAMI_CLIENT_ID }} | |
| TRYDOTNET_ORIGIN: ${{ vars.PROD_TRYDOTNET_ORIGIN }} | |
| with: | |
| inlineScript: | | |
| az containerapp secret set -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --secrets github-clientid=keyvaultref:$KEYVAULTURI/secrets/authentication-github-clientid,identityref:$MANAGEDIDENTITYID \ | |
| github-clientsecret=keyvaultref:$KEYVAULTURI/secrets/authentication-github-clientsecret,identityref:$MANAGEDIDENTITYID msft-clientid=keyvaultref:$KEYVAULTURI/secrets/authentication-microsoft-clientid,identityref:$MANAGEDIDENTITYID \ | |
| msft-clientsecret=keyvaultref:$KEYVAULTURI/secrets/authentication-microsoft-clientsecret,identityref:$MANAGEDIDENTITYID emailsender-apikey=keyvaultref:$KEYVAULTURI/secrets/authmessagesender-apikey,identityref:$MANAGEDIDENTITYID \ | |
| emailsender-secret=keyvaultref:$KEYVAULTURI/secrets/authmessagesender-secretkey,identityref:$MANAGEDIDENTITYID emailsender-name=keyvaultref:$KEYVAULTURI/secrets/authmessagesender-sendfromname,identityref:$MANAGEDIDENTITYID \ | |
| emailsender-email=keyvaultref:$KEYVAULTURI/secrets/authmessagesender-sendfromemail,identityref:$MANAGEDIDENTITYID connectionstring=keyvaultref:$KEYVAULTURI/secrets/connectionstrings-essentialcsharpwebcontextconnection,identityref:$MANAGEDIDENTITYID \ | |
| captcha-sitekey=keyvaultref:$KEYVAULTURI/secrets/captcha-sitekey,identityref:$MANAGEDIDENTITYID captcha-secretkey=keyvaultref:$KEYVAULTURI/secrets/captcha-secretkey,identityref:$MANAGEDIDENTITYID \ | |
| appinsights-connectionstring=keyvaultref:$KEYVAULTURI/secrets/applicationinsights-connectionstring,identityref:$MANAGEDIDENTITYID \ | |
| ai-endpoint=keyvaultref:$KEYVAULTURI/secrets/AIOptions--Endpoint,identityref:$MANAGEDIDENTITYID \ | |
| ai-vectordeployment=keyvaultref:$KEYVAULTURI/secrets/AIOptions--VectorGenerationDeploymentName,identityref:$MANAGEDIDENTITYID ai-chatdeployment=keyvaultref:$KEYVAULTURI/secrets/AIOptions--ChatDeploymentName,identityref:$MANAGEDIDENTITYID \ | |
| ai-systemprompt=keyvaultref:$KEYVAULTURI/secrets/AIOptions--SystemPrompt,identityref:$MANAGEDIDENTITYID \ | |
| postgres-vectorstore-connectionstring=keyvaultref:$KEYVAULTURI/secrets/ConnectionStrings--PostgresVectorStore,identityref:$MANAGEDIDENTITYID | |
| az containerapp update --name $CONTAINER_APP_NAME --resource-group $RESOURCEGROUP \ | |
| --image $CONTAINER_REGISTRY/essentialcsharpweb:${{ github.sha }} \ | |
| --replace-env-vars Authentication__github__clientId=secretref:github-clientid Authentication__github__clientSecret=secretref:github-clientsecret \ | |
| Authentication__microsoft__clientId=secretref:msft-clientid Authentication__microsoft__clientSecret=secretref:msft-clientsecret AuthMessageSender__ApiKey=secretref:emailsender-apikey AuthMessageSender__SecretKey=secretref:emailsender-secret \ | |
| AuthMessageSender__SendFromName=secretref:emailsender-name AuthMessageSender__SendFromEmail=secretref:emailsender-email ConnectionStrings__EssentialCSharpWebContextConnection=secretref:connectionstring ASPNETCORE_ENVIRONMENT=Production \ | |
| AZURE_CLIENT_ID=$AZURECLIENTID HCaptcha__SiteKey=secretref:captcha-sitekey HCaptcha__SecretKey=secretref:captcha-secretkey APPLICATIONINSIGHTS_CONNECTION_STRING=secretref:appinsights-connectionstring \ | |
| AIOptions__Endpoint=secretref:ai-endpoint AIOptions__VectorGenerationDeploymentName=secretref:ai-vectordeployment AIOptions__ChatDeploymentName=secretref:ai-chatdeployment \ | |
| AIOptions__SystemPrompt=secretref:ai-systemprompt ConnectionStrings__PostgresVectorStore=secretref:postgres-vectorstore-connectionstring \ | |
| TryDotNet__Origin=$TRYDOTNET_ORIGIN DataProtection__AzureKeyVaultKeyUri=$KEYVAULTURI/keys/dataprotection | |
| - name: Logout of Azure CLI | |
| if: always() | |
| uses: azure/CLI@v3 | |
| with: | |
| inlineScript: | | |
| az logout | |
| az cache purge | |
| az account clear |