Skip to content

Use workload identity for blob storage auth #554

Use workload identity for blob storage auth

Use workload identity for blob storage auth #554

Workflow file for this run

name: Build
on:
push:
branches:
- master
- release-*
tags:
- v*
paths-ignore:
- "**.md"
pull_request:
branches:
- master
- release-*
paths-ignore:
- "**.md"
workflow_dispatch: {}
jobs:
build:
runs-on: ubuntu-latest
environment: production
permissions:
contents: write
id-token: write
env:
APP_REGISTRY: ${{ secrets.DOCKER_REGISTRY_URL }}/${{ secrets.DOCKER_REGISTRY_PATH }}
CONFIGURATION: Release
DEV_VERSION_SUFFIX: 0.0.0
DOTNET_SAMPLE_APP_IMAGE_NAME: dotnet-azurefunction
DOTNET_ISOLATED_QUICKSTART_APP_IMAGE_NAME: dotnet-isolated-dapr-azure-function-orderservice
NUPKG_OUTDIR: bin/Release/nugets
MAVEN_OUTDIR: bin/Release/maven
JAVA_LIB_WORKING_DIRECTORY: java-library
steps:
- uses: actions/checkout@v2
- name: Parse release version
run: python ./.github/scripts/get_release_version.py
- name: Setup .NET Core
uses: actions/setup-dotnet@v3
with:
dotnet-version: 6.0
- name: Build solution - ${{ env.CONFIGURATION }}
run: dotnet build --configuration ${{ env.CONFIGURATION }} --configfile nuget.config
- name: Run Unit Tests - ${{ env.CONFIGURATION }}
run: |
dotnet test --configuration ${{ env.CONFIGURATION }} --collect:"XPlat Code Coverage"
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: "**/coverage.cobertura.xml,./.github/codecov.yml" # Specify the path to your Cobertura format coverage report file
fail_ci_if_error: true # optional (default = false)
# The docker image is not pushed for pull requests,
# but the image is built to ensure that the Dockerfile and the sample app are valid.
- name: Set a sample app registry when it is a pull request
if: github.event_name == 'pull_request'
run: |
OWNER_NAME="${GITHUB_REPOSITORY%%/*}"
OWNER_NAME="${OWNER_NAME,,}" # convert to lowercase
echo "Setting sample app registry to ghcr.io/${OWNER_NAME}"
echo "APP_REGISTRY=ghcr.io/${OWNER_NAME}" >> $GITHUB_ENV
- name: Build docker images
run: |
echo building docker image for ${{ env.DOTNET_SAMPLE_APP_IMAGE_NAME }}
docker build -f samples/dotnet-azurefunction/Dockerfile -t ${{ env.APP_REGISTRY }}/${{ env.DOTNET_SAMPLE_APP_IMAGE_NAME }}:${{ env.REL_VERSION }} .
echo building docker image for ${{ env.DOTNET_ISOLATED_QUICKSTART_APP_IMAGE_NAME }}
docker build -f quickstarts/dotnet-isolated/Dockerfile -t ${{ env.APP_REGISTRY }}/${{ env.DOTNET_ISOLATED_QUICKSTART_APP_IMAGE_NAME }}:${{ env.REL_VERSION }} .
- name: Push docker images
if: github.event_name != 'pull_request'
run: |
echo performing docker login
docker login ${{ secrets.DOCKER_REGISTRY_URL }} -u ${{ secrets.DOCKER_REGISTRY_ID }} -p ${{ secrets.DOCKER_REGISTRY_PASS }}
echo pushing docker image for ${{ env.DOTNET_SAMPLE_APP_IMAGE_NAME }}
echo image with tag ${{ env.APP_REGISTRY }}/${{ env.DOTNET_SAMPLE_APP_IMAGE_NAME }}:${{ env.REL_VERSION }} will be pushed
docker push ${{ env.APP_REGISTRY }}/${{ env.DOTNET_SAMPLE_APP_IMAGE_NAME }}:${{ env.REL_VERSION }}
echo pushing docker image for ${{ env.DOTNET_ISOLATED_QUICKSTART_APP_IMAGE_NAME }}
echo image with tag ${{ env.APP_REGISTRY }}/${{ env.DOTNET_ISOLATED_QUICKSTART_APP_IMAGE_NAME }}:${{ env.REL_VERSION }} will be pushed
docker push ${{ env.APP_REGISTRY }}/${{ env.DOTNET_ISOLATED_QUICKSTART_APP_IMAGE_NAME }}:${{ env.REL_VERSION }}
- name: Generate NuGet Packages - ${{ env.CONFIGURATION }}
if: startswith(github.ref, 'refs/tags/v')
run: dotnet pack --configuration ${{ env.CONFIGURATION }} -p:PackageVersion=${REL_VERSION}
# Since we create local development nuget packages, we need to clean them up.
- name: Clean up development Nuget packages
if: startswith(github.ref, 'refs/tags/v')
run: rm -rf $NUPKG_OUTDIR/*${DEV_VERSION_SUFFIX}.*{nupkg,snupkg}
# Building java-library
- name: Set up JDK 8
uses: actions/setup-java@v1
with:
java-version: 8
- name: Build Java library with Maven
run: mvn package
working-directory: ${{ env.JAVA_LIB_WORKING_DIRECTORY }}
- name: Set Java library version
if: startsWith(github.ref, 'refs/tags/v')
run: mvn versions:set --batch-mode --define=newVersion=${{ env.REL_VERSION }} --define=org.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn --update-snapshots
working-directory: ${{ env.JAVA_LIB_WORKING_DIRECTORY }}
- name: Build Java Annotations with Maven
if: startsWith(github.ref, 'refs/tags/v')
run: mvn clean package --batch-mode --define=org.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn --update-snapshots
working-directory: ${{ env.JAVA_LIB_WORKING_DIRECTORY }}
- name: Copy Java Annotations to staging directory
if: startsWith(github.ref, 'refs/tags/v')
run: |
prefix="azure-functions-java-library-dapr-${{ env.REL_VERSION }}"
source="${{ env.JAVA_LIB_WORKING_DIRECTORY }}"
destination=${{ env.MAVEN_OUTDIR }}
mkdir -p $destination
cp "$source/pom.xml" "$destination/$prefix.pom"
cp "$source/target/$prefix.jar" "$destination/$prefix.jar"
cp "$source/target/$prefix-javadoc.jar" "$destination/$prefix-javadoc.jar"
cp "$source/target/$prefix-sources.jar" "$destination/$prefix-sources.jar"
shell: bash
- name: Generate SBOM manifest
if: startswith(github.ref, 'refs/tags/v')
run: |
sudo curl -Lo $RUNNER_TEMP/sbom-tool https://github.com/microsoft/sbom-tool/releases/download/v1.2.0/sbom-tool-linux-x64
sudo chmod +x $RUNNER_TEMP/sbom-tool
$RUNNER_TEMP/sbom-tool generate -b ${{ env.MAVEN_OUTDIR }} -bc ${{ env.JAVA_LIB_WORKING_DIRECTORY }} -pn "Azure Functions Dapr Java Triggers and Bindings" -pv "${{ env.REL_VERSION }}" -ps Microsoft
- name: Upload Java artifacts
uses: actions/upload-artifact@master
if: startswith(github.ref, 'refs/tags/v')
with:
name: java_release_drop
path: ${{ env.MAVEN_OUTDIR }}
- name: Upload .Net artifacts
uses: actions/upload-artifact@master
if: startswith(github.ref, 'refs/tags/v')
with:
name: dotnet_release_drop
path: ${{ env.NUPKG_OUTDIR }}
- name: Create a GitHub Release
if: startswith(github.ref, 'refs/tags/v')
run: |
RELEASE_ARTIFACT=(${NUPKG_OUTDIR}/*)
export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
echo "Uploading Nuget packages to GitHub Release"
gh release create "v${REL_VERSION}" ${RELEASE_ARTIFACT[*]} \
--repo "${GITHUB_REPOSITORY}" \
--title "Azure Functions Dapr Extension v${REL_VERSION}" \
--notes "Release Azure Functions Dapr Extension v${REL_VERSION}"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Login to azuresdkpartnerdrops
if: |
startsWith(github.ref, 'refs/tags/v') &&
!(endsWith(github.ref, '-rc') || endsWith(github.ref, '-dev') || endsWith(github.ref, '-prerelease')) &&
github.repository == 'Azure/azure-functions-dapr-extension'
uses: azure/login@v2
with:
client-id: ${{ secrets.AZ_CLIENT_ID }}
tenant-id: ${{ secrets.AZ_TENANT_ID }}
subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
- name: Upload NuGet and Maven packages to Azure blob storage
if: |
startsWith(github.ref, 'refs/tags/v') &&
!(endsWith(github.ref, '-rc') || endsWith(github.ref, '-dev') || endsWith(github.ref, '-prerelease')) &&
github.repository == 'Azure/azure-functions-dapr-extension'
run: |
az storage blob upload-batch -s ${{ env.NUPKG_OUTDIR }}/* -d "drops/azure-functions-dapr-extension/dotnet/${{ env.REL_VERSION }}/" --account-name azuresdkpartnerdrops --auth-mode login
az storage blob upload-batch -s ${{ env.MAVEN_OUTDIR }}/* -d "drops/azure-functions-dapr-extension/java/${{ env.REL_VERSION }}/" --account-name azuresdkpartnerdrops --auth-mode login