cli direct db access support #331
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| pull_request: | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| unit-test: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: mcr.microsoft.com/dotnet/sdk:7.0 | |
| steps: | |
| - name: Checkout subject branch | |
| uses: actions/checkout@v3 | |
| - name: Cache Nuget packages | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.nuget/packages | |
| key: nuget-${{ hashFiles('**/packages.lock.json') }} | |
| restore-keys: nuget | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ vars.AWS_CALLER_IDENTITY }}:role/GitHubAction-AssumeRoleWithAction | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: Run Unit Tests | |
| run: dotnet test --filter "FullyQualifiedName~test.unit" | |
| build-cli: | |
| needs: unit-test | |
| runs-on: ubuntu-latest | |
| container: | |
| image: mcr.microsoft.com/dotnet/sdk:7.0 | |
| steps: | |
| - name: Checkout subject branch | |
| uses: actions/checkout@v3 | |
| - name: Cache Nuget packages | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.nuget/packages | |
| key: nuget-${{ hashFiles('**/packages.lock.json') }} | |
| restore-keys: nuget | |
| - name: build cli | |
| run: dotnet publish "src/pwnctl.cli/pwnctl.cli.csproj" -c Release -o ./pwnctl | |
| build-api: | |
| needs: unit-test | |
| runs-on: ubuntu-latest | |
| container: | |
| image: mcr.microsoft.com/dotnet/sdk:6.0 | |
| steps: | |
| - name: Checkout subject branch | |
| uses: actions/checkout@v3 | |
| - name: Cache Nuget packages | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.nuget/packages | |
| key: nuget-${{ hashFiles('**/packages.lock.json') }} | |
| restore-keys: nuget | |
| - name: build api | |
| run: dotnet build src/pwnctl.api/pwnctl.api.csproj | |
| build-images: | |
| needs: unit-test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout subject branch | |
| uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ vars.AWS_CALLER_IDENTITY }}:role/GitHubAction-AssumeRoleWithAction | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| with: | |
| mask-password: 'true' | |
| - name: Get short commit hash | |
| id: vars | |
| run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| - name: Build proc image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| tags: ${{ steps.login-ecr.outputs.registry }}/pwnctl-proc:untested_${{ steps.vars.outputs.sha_short }} | |
| push: true | |
| context: src/core/ | |
| file: src/core/pwnctl.proc/Dockerfile | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # - name: Build exec image | |
| # uses: docker/build-push-action@v4 | |
| # with: | |
| # tags: ${{ steps.login-ecr.outputs.registry }}/pwnctl-exec:untested_${{ steps.vars.outputs.sha_short }} | |
| # push: true | |
| # context: src/core/ | |
| # file: src/core/pwnctl.exec/Dockerfile | |
| # cache-from: type=gha | |
| # cache-to: type=gha,mode=max | |
| # test-images: | |
| # needs: build-images | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout subject branch | |
| # uses: actions/checkout@v3 | |
| # - uses: actions/setup-dotnet@v3 | |
| # with: | |
| # dotnet-version: '7.0.x' | |
| # - name: Cache Nuget packages | |
| # uses: actions/cache@v3 | |
| # with: | |
| # path: ~/.nuget/packages | |
| # key: nuget-${{ hashFiles('**/packages.lock.json') }} | |
| # restore-keys: nuget | |
| # - name: Set up Docker Buildx | |
| # uses: docker/setup-buildx-action@v2 | |
| # - name: Configure AWS credentials | |
| # uses: aws-actions/configure-aws-credentials@v2 | |
| # with: | |
| # role-to-assume: arn:aws:iam::${{ vars.AWS_CALLER_IDENTITY }}:role/GitHubAction-AssumeRoleWithAction | |
| # aws-region: ${{ vars.AWS_REGION }} | |
| # - name: Login to Amazon ECR | |
| # id: login-ecr | |
| # uses: aws-actions/amazon-ecr-login@v1 | |
| # with: | |
| # mask-password: 'true' | |
| # - name: Get short commit hash | |
| # id: vars | |
| # run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| # - name: Test proc image | |
| # run: | | |
| # export UNTESTED_IMAGE=${{ vars.AWS_CALLER_IDENTITY }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com/pwnctl-proc:untested_${{ steps.vars.outputs.sha_short }} | |
| # dotnet test --filter "FullyQualifiedName~pwnctl.proc" | |
| # - name: Test exec image | |
| # run: | | |
| # export UNTESTED_IMAGE=${{ vars.AWS_CALLER_IDENTITY }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com/pwnctl-exec:untested_${{ steps.vars.outputs.sha_short }} | |
| # dotnet test --filter "FullyQualifiedName~pwnctl.exec" | |
| push-images: | |
| #needs: test-images | |
| needs: build-images | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout subject branch | |
| uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ vars.AWS_CALLER_IDENTITY }}:role/GitHubAction-AssumeRoleWithAction | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| with: | |
| mask-password: 'true' | |
| - name: Get short commit hash | |
| id: vars | |
| run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| - name: Pull untested proc image | |
| run: docker pull ${{ steps.login-ecr.outputs.registry }}/pwnctl-proc:untested_${{ steps.vars.outputs.sha_short }} | |
| - name: Retag proc image from untested to latest | |
| run: docker buildx imagetools create -t ${{ steps.login-ecr.outputs.registry }}/pwnctl-proc:${{ steps.vars.outputs.sha_short }} ${{ steps.login-ecr.outputs.registry }}/pwnctl-proc:untested_${{ steps.vars.outputs.sha_short }} | |
| # - name: Pull untested exec image | |
| # run: docker pull ${{ steps.login-ecr.outputs.registry }}/pwnctl-exec:untested_${{ steps.vars.outputs.sha_short }} | |
| # - name: Retag exec image from untested to latest | |
| # run: docker buildx imagetools create -t ${{ steps.login-ecr.outputs.registry }}/pwnctl-exec:${{ steps.vars.outputs.sha_short }} ${{ steps.login-ecr.outputs.registry }}/pwnctl-exec:untested_${{ steps.vars.outputs.sha_short }} |