fix(bidding): comprehensive business-logic correctness fixes #125
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Pipeline | |
| on: | |
| push: | |
| branches: [main, develop, 'feature/**', 'release/**'] | |
| pull_request: | |
| branches: [main, develop] | |
| env: | |
| DOTNET_VERSION: '9.0.x' | |
| SOLUTION_PATH: 'auction.sln' | |
| jobs: | |
| build: | |
| name: Build & Test | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.version.outputs.version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: ${{ env.DOTNET_VERSION }} | |
| - name: Generate semantic version | |
| id: version | |
| run: | | |
| if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then | |
| VERSION="1.0.${{ github.run_number }}" | |
| elif [[ "${{ github.ref }}" == refs/heads/release/* ]]; then | |
| VERSION="1.0.${{ github.run_number }}-rc" | |
| else | |
| VERSION="0.0.${{ github.run_number }}-dev" | |
| fi | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| echo "Building version: $VERSION" | |
| - name: Cache NuGet | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.nuget/packages | |
| key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }} | |
| restore-keys: ${{ runner.os }}-nuget- | |
| - name: Restore | |
| run: dotnet restore ${{ env.SOLUTION_PATH }} | |
| - name: Build | |
| run: dotnet build ${{ env.SOLUTION_PATH }} -c Release --no-restore -p:Version=${{ steps.version.outputs.version }} | |
| - name: Test | |
| run: | | |
| dotnet test ${{ env.SOLUTION_PATH }} \ | |
| --no-build -c Release \ | |
| --collect:"XPlat Code Coverage" \ | |
| --results-directory ./coverage \ | |
| --logger "trx;LogFileName=test-results.trx" \ | |
| -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover | |
| - name: Upload test results | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: test-results | |
| path: | | |
| coverage/**/coverage.opencover.xml | |
| coverage/**/*.trx | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-artifacts | |
| path: | | |
| src/**/bin/Release/**/publish/ | |
| retention-days: 5 | |
| security-scan: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: ${{ env.DOTNET_VERSION }} | |
| - name: Restore | |
| run: dotnet restore ${{ env.SOLUTION_PATH }} | |
| - name: Run security scan | |
| run: | | |
| dotnet list ${{ env.SOLUTION_PATH }} package --vulnerable --include-transitive 2>&1 | tee security-report.txt | |
| if grep -q "has the following vulnerable packages" security-report.txt; then | |
| echo "::warning::Vulnerable packages detected" | |
| fi | |
| - name: Upload security report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-report | |
| path: security-report.txt | |
| container-scan: | |
| name: Container Security Scan | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: github.ref == 'refs/heads/main' || github.event_name == 'pull_request' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| service: | |
| - name: identity-api | |
| dockerfile: src/Services/Identity/Identity.Api/Dockerfile | |
| - name: auction-api | |
| dockerfile: src/Services/Auction/Auction.Api/Dockerfile | |
| - name: bidding-api | |
| dockerfile: src/Services/Bidding/Bidding.Api/Dockerfile | |
| - name: payment-api | |
| dockerfile: src/Services/Payment/Payment.Api/Dockerfile | |
| - name: notification-api | |
| dockerfile: src/Services/Notification/Notification.Api/Dockerfile | |
| - name: analytics-api | |
| dockerfile: src/Services/Analytics/Analytics.Api/Dockerfile | |
| - name: search-api | |
| dockerfile: src/Services/Search/Search.Api/Dockerfile | |
| - name: storage-api | |
| dockerfile: src/Services/Storage/Storage.Api/Dockerfile | |
| - name: job-api | |
| dockerfile: src/Services/Job/Job.Api/Dockerfile | |
| - name: gateway-api | |
| dockerfile: src/Gateway/Gateway.Api/Dockerfile | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build image for scanning | |
| run: | | |
| docker build -t scan-${{ matrix.service.name }}:${{ github.sha }} \ | |
| -f ${{ matrix.service.dockerfile }} . | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'scan-${{ matrix.service.name }}:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results-${{ matrix.service.name }}.sarif' | |
| severity: 'CRITICAL,HIGH' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| - name: Upload Trivy scan results | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results-${{ matrix.service.name }}.sarif' |