Enable nuget cache on build workflow (#53)

Enable nuget cache & integrate code-ql scan

Author: mocsharp

.github/workflows/ci.yml

@@ -29,6 +29,73 @@ env:
   TEST_RESULTS: "results/"
 
 jobs:
+  calc-version:
+    runs-on: ubuntu-latest
+    
+    outputs:
+      semVer: ${{ steps.gitversion.outputs.semVer }}
+      preReleaseLabel: ${{ steps.gitversion.outputs.preReleaseLabel }}
+      majorMinorPatch: ${{ steps.gitversion.outputs.majorMinorPatch }}
+
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Install GitVersion
+        run: dotnet tool install --global GitVersion.Tool
+
+      - name: Determine Version
+        id: gitversion
+        uses: gittools/actions/gitversion/[email protected]
+        with:
+          useConfigFile: true
+          configFilePath: .github/.gitversion.yml
+
+  analyze:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'csharp' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+    - uses: actions/setup-dotnet@v1
+      with:
+        dotnet-version: "6.0.x"
+        
+    - name: Enable NuGet cache
+      uses: actions/[email protected]
+      with:
+        path: ~/.nuget/packages
+        key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-nuget
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Restore dependencies
+      run: dotnet restore
+      working-directory: ./src
+
+    - name: Build Solution
+      run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }}
+      working-directory: ./src
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
+
   unit-test:
     runs-on: ${{ matrix.os }}
     strategy:
@@ -45,12 +112,20 @@ jobs:
       - uses: actions/setup-dotnet@v1
         with:
           dotnet-version: "6.0.x"
+          
+      - name: Enable NuGet cache
+        uses: actions/[email protected]
+        with:
+          path: ~/.nuget/packages
+          key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-nuget
 
       - name: Restore dependencies
         run: dotnet restore
         working-directory: ./src
 
-      - name: Build All
+      - name: Build Solution
         run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }}
         working-directory: ./src
 
@@ -70,6 +145,7 @@ jobs:
 
   build:
     runs-on: ${{ matrix.os }}
+    needs: [calc-version]
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest]
@@ -81,11 +157,6 @@ jobs:
       checks: write
       security-events: write
 
-    outputs:
-      semVer: ${{ steps.gitversion.outputs.semVer }}
-      preReleaseLabel: ${{ steps.gitversion.outputs.preReleaseLabel }}
-      majorMinorPatch: ${{ steps.gitversion.outputs.majorMinorPatch }}
-
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
@@ -96,21 +167,19 @@ jobs:
         with:
           dotnet-version: "6.0.x"
 
-      - name: Install GitVersion
-        run: dotnet tool install --global GitVersion.Tool
-
-      - name: Determine Version
-        id: gitversion
-        uses: gittools/actions/gitversion/[email protected]
+      - name: Enable NuGet cache
+        uses: actions/[email protected]
         with:
-          useConfigFile: true
-          configFilePath: .github/.gitversion.yml
+          path: ~/.nuget/packages
+          key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-nuget
 
       - name: Restore dependencies
         run: dotnet restore
         working-directory: ./src
 
-      - name: Build All
+      - name: Build Solution
         run: dotnet build -c ${{ env.BUILD_CONFIG }} --nologo ${{ env.SOLUTION }}
         working-directory: ./src
 
@@ -134,7 +203,7 @@ jobs:
           popd
           dir -r ~/release
 
-      - name: Upload Artifact
+      - name: Upload CLI
         uses: actions/[email protected]
         with:
           name: cli
@@ -143,7 +212,7 @@ jobs:
 
       - name: Log in to the Container registry
         uses: docker/[email protected]
-        if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }}
+        if: ${{ (matrix.os == 'ubuntu-latest') }}
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -152,7 +221,7 @@ jobs:
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/[email protected]
-        if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }}
+        if: ${{ (matrix.os == 'ubuntu-latest') }}
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
@@ -161,48 +230,67 @@ jobs:
 
       - name: Build and push Docker image
         uses: docker/[email protected]
-        if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }}
+        if: ${{ (matrix.os == 'ubuntu-latest') }}
         with:
           context: .
-          push: true
+          push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
       - name: Scan image with Azure Container Scan
         env:
           TRIVY_TIMEOUT_SEC: 360s
         uses: Azure/[email protected]
-        if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }}
+        if: ${{ (matrix.os == 'ubuntu-latest') }}
         with:
           image-name: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
 
       - name: Anchore container scan
         id: anchore-scan
         uses: anchore/[email protected]
-        if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }}
+        if: ${{ (matrix.os == 'ubuntu-latest') }}
         with:
           image: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
           fail-build: true
           severity-cutoff: critical
 
       - name: Upload Anchore scan SARIF report
         uses: github/codeql-action/upload-sarif@v1
-        if: ${{ (github.event_name != 'pull_request') && (matrix.os == 'ubuntu-latest') }}
+        if: ${{ (matrix.os == 'ubuntu-latest') }}
         with:
           sarif_file: ${{ steps.anchore-scan.outputs.sarif }}
           token: ${{ secrets.GITHUB_TOKEN }}
 
   docs:
     runs-on: ubuntu-latest
+    needs: [calc-version]
+    env:
+      SEMVER: ${{ needs.calc-version.outputs.semVer }}
     steps:
       - uses: actions/checkout@v2
         with:
           fetch-depth: 0
+          
+      - uses: actions/setup-dotnet@v1
+        with:
+          dotnet-version: "6.0.x"
+
+      - name: Enable NuGet cache
+        uses: actions/[email protected]
+        with:
+          path: ~/.nuget/packages
+          key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-nuget
+
+      - name: Restore dependencies
+        run: dotnet restore
+        working-directory: ./src
 
       - name: Update docs version
         run: |          
-          sed -i -e "s,v0.0.0,v$GitVersion_SemVer,g" ./docs/docfx.json
-          sed -i -e "s,v0.0.0,v$GitVersion_SemVer,g" ./docs/index.md
+          sed -i -e "s,v0.0.0,v$SEMVER,g" ./docs/docfx.json
+          sed -i -e "s,v0.0.0,v$SEMVER,g" ./docs/index.md
 
       - uses: nikeee/[email protected]
         name: Build Docs
@@ -213,7 +301,7 @@ jobs:
         run: |
           mkdir ~/release
           pushd docs/_site
-          zip -r ~/release/mig-docs-${GitVersion_SemVer}.zip *
+          zip -r ~/release/mig-docs-${SEMVER}.zip *
           popd
           ls -lR ~/release
 
@@ -229,9 +317,9 @@ jobs:
     runs-on: ubuntu-latest
     needs: [build, unit-test, docs]
     env:
-      SEMVER: ${{ needs.build.outputs.semVer }}
-      PRERELEASELABEL: ${{ needs.build.outputs.preReleaseLabel }}
-      MAJORMINORPATCH: ${{ needs.build.outputs.majorMinorPatch }}
+      SEMVER: ${{ needs.calc-version.outputs.semVer }}
+      PRERELEASELABEL: ${{ needs.calc-version.outputs.preReleaseLabel }}
+      MAJORMINORPATCH: ${{ needs.calc-version.outputs.majorMinorPatch }}
 
     steps:
       - uses: actions/checkout@v2
@@ -266,9 +354,9 @@ jobs:
           milestone: ${{ env.MAJORMINORPATCH }}
           name: "Release ${{ env.MAJORMINORPATCH }}"
           assets: |
-            release/mig-cli-linux-x64.zip
-            release/mig-cli-windows-x64.zip
-            release/mig-docs-${SEMVER}.zip
+            release/cli/mig-cli-linux-x64.zip
+            release/cli/mig-cli-windows-x64.zip
+            release/docs/mig-docs-${SEMVER}.zip
 
       - name: Publish release with GitReleaseManager
         uses: gittools/actions/gitreleasemanager/[email protected]