reusable-dotnet-quality.yml

name: Reusable - .NET quality

on:
  workflow_call:
    inputs:
      custom-commands:
        description: "Optional shell commands to run before build & test"
        type: string
        required: false
        default: ""
      dotnet-test-args:
        description: ".NET test arguments (for example \"--report-xunit-trx --coverage --coverage-output-format cobertura\")"
        type: string
        required: false
        default: ""
      dotnet-version:
        description: .NET version
        type: string
        required: false
        default: "10.0"
      extra-vars:
        description: "Additional environment variables at the start of the pipeline"
        type: string
        required: false
        default: ""
      fossa-enabled:
        description: Enable license compliance with FOSSA
        type: boolean
        required: false
        default: false
      fossa-test:
        description: Run FOSSA test on PR
        type: boolean
        required: false
        default: false
      job-name:
        description: Job name
        type: string
        required: false
        default: Quality
      operating-system:
        description: Operating system executing the runner
        type: string
        required: false
        default: ubuntu-latest
      sonar-enabled:
        description: Enable check done by Sonar (SonarQube or SonarCloud)
        type: boolean
        required: false
        default: false
      sonar-exclusions:
        description: Files or directories that should be excluded from Sonar analysis
        type: string
        required: false
        default: "node_modules"
      sonar-host-url:
        description: Sonar host URL
        type: string
        required: false
        default: "https://sonarcloud.io"
      sonar-organization:
        description: Sonar organization
        type: string
        required: false
        default: ""
      sonar-project-key:
        description: Sonar project key
        type: string
        required: false
        default: ""
      sonar-project-name:
        description: Sonar project name
        type: string
        required: false
        default: ""
      workflow-parts-version:
        description: GitHub workflow parts version (branch/tag/SHA)
        type: string
        required: false
        default: main
      working-directory:
        description: Working directory
        type: string
        required: false
        default: "."
    secrets:
      fossa-api-key:
        description: FOSSA API KEY
        required: false
      sonar-token:
        description: Sonar token for login
        required: false
      additional-vars:
        description: "Additional variables"
        required: false

jobs:
  dotnet-quality:
    name: ${{ inputs.job-name }}
    runs-on: ${{ inputs.operating-system }}
    defaults:
      run:
        working-directory: ${{ inputs.working-directory }}
    steps:
      - name: Set additional variables
        shell: bash
        env:
          EXTRA_VARS: ${{ inputs.extra-vars }}
        run: |
          if [[ -n "$EXTRA_VARS" ]]; then
            echo "$EXTRA_VARS" >> "$GITHUB_ENV"
          fi
      - name: Set additional secrets
        shell: bash
        env:
          ADDITIONAL_VARS: ${{ secrets.additional-vars }}
        run: |
          if [[ -n "$ADDITIONAL_VARS" ]]; then
            echo "$ADDITIONAL_VARS" | while IFS='=' read -r key val; do
              if [[ -n "$val" ]]; then
                echo "::add-mask::$val"
              fi
            done
            echo "$ADDITIONAL_VARS" >> "$GITHUB_ENV"
          fi
      - name: Disable git autocrlf
        if: ${{ inputs.operating-system == 'windows-latest' }}
        run: git config --global core.autocrlf false
        shell: bash
      - name: Clone repository
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Checkout workflow parts
        uses: actions/checkout@v6
        with:
          repository: devpro/github-workflow-parts
          ref: ${{ inputs.workflow-parts-version }}
          path: workflow-parts
      - name: Install .NET & lint
        uses: ./workflow-parts/actions/dotnet/install-lint-restore
        with:
          dotnet-version: ${{ inputs.dotnet-version }}
      - name: Run optional custom commands
        if: ${{ inputs.custom-commands != '' }}
        run: |
          ${{ inputs.custom-commands }}
      - name: Build & test
        if: ${{ ! inputs.sonar-enabled }}
        uses: ./workflow-parts/actions/dotnet/build-test
        with:
          dotnet-test-args: ${{ inputs.dotnet-test-args }}
      - name: Build, test & analyze
        if: ${{ inputs.sonar-enabled }}
        uses: ./workflow-parts/actions/dotnet/build-test-sonar
        with:
          dotnet-test-args: ${{ inputs.dotnet-test-args }}
          sonar-exclusions: ${{ inputs.sonar-exclusions }}
          sonar-host-url: ${{ inputs.sonar-host-url }}
          sonar-organization: ${{ inputs.sonar-organization }}
          sonar-project-key: ${{ inputs.sonar-project-key }}
          sonar-project-name: ${{ inputs.sonar-project-name }}
          sonar-token: ${{ secrets.sonar-token }}
      - name: Check license compliance with FOSSA
        if: ${{ inputs.fossa-enabled }}
        uses: fossas/fossa-action@v1.8.0
        id: fossa
        # https://status.fossa.com/
        continue-on-error: true
        timeout-minutes: 3
        with:
          api-key: "${{ secrets.fossa-api-key }}"
          run-tests: ${{ inputs.fossa-test && github.event_name == 'pull_request' }}
          test-diff-revision: ${{ github.event.pull_request.base.sha }}
          generate-report: html
      - name: Create FOSSA report file
        if: ${{ inputs.fossa-enabled && steps.fossa.outputs.report != '' }}
        run: echo '${{ steps.fossa.outputs.report }}' > report/fossa.html
        continue-on-error: true
      - name: Generate SBOM with Syft
        uses: anchore/sbom-action@v0
        # with:
        #   path: . # Or Dockerfile path
        #   format: spdx-json # Or cyclonedx-json
        #   output-file: sbom.json
        #   upload-artifact: true # Auto-upload to workflow artifacts
      - name: Archive test results
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: dotnet-test-results
          path: |
            ./**/*test-result.xml
            ./test/*/TestResults/*/coverage.cobertura.xml
            ./**/failure_*.png*
            ./**/SonarQube.xml
            ./**/Summary.txt
            ./**/fossa.html
    env:
      DOTNET_CLI_TELEMETRY_OPTOUT: 1
      DOTNET_NOLOGO: 1
      GITHUB_TOKEN: ${{ github.token }}