Bump Microsoft.AspNetCore.Components.WebAssembly.DevServer from 10.0.2 to 10.0.3 #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker CI/CD | |
| on: | |
| pull_request: | |
| branches: [main] | |
| paths: | |
| - ".github/workflows/docker.yml" | |
| - "docker-compose.yml" | |
| - ".dockerignore" | |
| - "Directory.Build.props" | |
| - "Directory.Build.targets" | |
| - "AdvancedDevSample.Api/**" | |
| - "AdvancedDevSample.Application/**" | |
| - "AdvancedDevSample.Infrastructure/**" | |
| - "AdvancedDevSampleDomain/**" | |
| - "AdvancedDevSample.Frontend/**" | |
| push: | |
| branches: [main] | |
| paths: | |
| - ".github/workflows/docker.yml" | |
| - "docker-compose.yml" | |
| - ".dockerignore" | |
| - "Directory.Build.props" | |
| - "Directory.Build.targets" | |
| - "AdvancedDevSample.Api/**" | |
| - "AdvancedDevSample.Application/**" | |
| - "AdvancedDevSample.Infrastructure/**" | |
| - "AdvancedDevSampleDomain/**" | |
| - "AdvancedDevSample.Frontend/**" | |
| tags: | |
| - "v*" | |
| concurrency: | |
| group: docker-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| docker-ci: | |
| name: Docker Build And Smoke Test | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Setup Docker Buildx | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 | |
| - name: Build API image | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: . | |
| file: AdvancedDevSample.Api/Dockerfile | |
| push: false | |
| tags: advanceddevsample-api:ci | |
| cache-from: type=gha,scope=api-ci | |
| cache-to: type=gha,mode=max,scope=api-ci | |
| - name: Build Frontend image | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: . | |
| file: AdvancedDevSample.Frontend/Dockerfile | |
| push: false | |
| tags: advanceddevsample-frontend:ci | |
| cache-from: type=gha,scope=frontend-ci | |
| cache-to: type=gha,mode=max,scope=frontend-ci | |
| - name: Start compose stack | |
| run: docker compose up -d --build | |
| - name: Wait for API readiness | |
| shell: bash | |
| run: | | |
| for i in {1..60}; do | |
| if curl -fsS http://localhost:5069/health/ready >/dev/null; then | |
| echo "API is ready" | |
| exit 0 | |
| fi | |
| sleep 2 | |
| done | |
| echo "API readiness probe failed" >&2 | |
| exit 1 | |
| - name: Wait for Frontend availability | |
| shell: bash | |
| run: | | |
| for i in {1..60}; do | |
| if curl -fsS http://localhost:8080 >/dev/null; then | |
| echo "Frontend is available" | |
| exit 0 | |
| fi | |
| sleep 2 | |
| done | |
| echo "Frontend availability probe failed" >&2 | |
| exit 1 | |
| - name: Show compose status and logs on failure | |
| if: ${{ failure() }} | |
| run: | | |
| docker compose ps -a | |
| docker compose logs --no-color --tail=200 | |
| - name: Stop compose stack | |
| if: ${{ always() }} | |
| run: docker compose down -v | |
| docker-cd: | |
| name: Docker Publish | |
| if: github.event_name == 'push' | |
| needs: docker-ci | |
| runs-on: ubuntu-latest | |
| outputs: | |
| api_digest: ${{ steps.build_api.outputs.digest }} | |
| frontend_digest: ${{ steps.build_frontend.outputs.digest }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Normalize image owner | |
| id: owner | |
| shell: bash | |
| run: echo "value=${GITHUB_REPOSITORY_OWNER,,}" >> "$GITHUB_OUTPUT" | |
| - name: Setup QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 | |
| - name: Setup Docker Buildx | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 | |
| - name: Login to GHCR | |
| uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker metadata (API) | |
| id: meta_api | |
| uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.9.1 | |
| with: | |
| images: ghcr.io/${{ steps.owner.outputs.value }}/advanceddevsample-api | |
| tags: | | |
| type=sha | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Docker metadata (Frontend) | |
| id: meta_frontend | |
| uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.9.1 | |
| with: | |
| images: ghcr.io/${{ steps.owner.outputs.value }}/advanceddevsample-frontend | |
| tags: | | |
| type=sha | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Build and push API image | |
| id: build_api | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: . | |
| file: AdvancedDevSample.Api/Dockerfile | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| tags: ${{ steps.meta_api.outputs.tags }} | |
| labels: ${{ steps.meta_api.outputs.labels }} | |
| sbom: true | |
| provenance: mode=max | |
| cache-from: type=gha,scope=api-publish | |
| cache-to: type=gha,mode=max,scope=api-publish | |
| - name: Build and push Frontend image | |
| id: build_frontend | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: . | |
| file: AdvancedDevSample.Frontend/Dockerfile | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| tags: ${{ steps.meta_frontend.outputs.tags }} | |
| labels: ${{ steps.meta_frontend.outputs.labels }} | |
| sbom: true | |
| provenance: mode=max | |
| cache-from: type=gha,scope=frontend-publish | |
| cache-to: type=gha,mode=max,scope=frontend-publish | |
| - name: Install Cosign | |
| uses: sigstore/cosign-installer@b4da77ecad80ff9afe572690e3ce4a55a58e629c # v3.9.1 | |
| - name: Sign API image | |
| shell: bash | |
| run: | | |
| api_image="ghcr.io/${{ steps.owner.outputs.value }}/advanceddevsample-api@${{ steps.build_api.outputs.digest }}" | |
| cosign sign --yes "$api_image" | |
| - name: Sign Frontend image | |
| shell: bash | |
| run: | | |
| frontend_image="ghcr.io/${{ steps.owner.outputs.value }}/advanceddevsample-frontend@${{ steps.build_frontend.outputs.digest }}" | |
| cosign sign --yes "$frontend_image" | |
| image-vuln-scan: | |
| name: Container Vulnerability Scan | |
| if: github.event_name == 'push' | |
| needs: docker-cd | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: read | |
| steps: | |
| - name: Normalize image owner | |
| id: owner | |
| shell: bash | |
| run: echo "value=${GITHUB_REPOSITORY_OWNER,,}" >> "$GITHUB_OUTPUT" | |
| - name: Login to GHCR | |
| uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Scan API image (HIGH/CRITICAL) | |
| uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 | |
| with: | |
| image-ref: ghcr.io/${{ steps.owner.outputs.value }}/advanceddevsample-api@${{ needs.docker-cd.outputs.api_digest }} | |
| format: table | |
| severity: HIGH,CRITICAL | |
| ignore-unfixed: true | |
| vuln-type: os,library | |
| exit-code: "1" | |
| - name: Scan Frontend image (HIGH/CRITICAL) | |
| uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 | |
| with: | |
| image-ref: ghcr.io/${{ steps.owner.outputs.value }}/advanceddevsample-frontend@${{ needs.docker-cd.outputs.frontend_digest }} | |
| format: table | |
| severity: HIGH,CRITICAL | |
| ignore-unfixed: true | |
| vuln-type: os,library | |
| exit-code: "1" |