Add security policy (#22) #83
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| pull_request: | |
| env: | |
| DOTNET_CLI_TELEMETRY_OPTOUT: true | |
| DOTNET_NOLOGO: true | |
| jobs: | |
| check-format: | |
| if: github.event_name == 'push' || github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id | |
| name: Check format | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: 8.0.x | |
| - name: Code formating check | |
| run: | | |
| dotnet tool restore | |
| dotnet tool run dotnet-format -- --check | |
| dotnet jb cleanupcode --profile="Built-in: Reformat Code" --settings="ParquetSharp.DataFrame.DotSettings" --verbosity=WARN "ParquetSharp.DataFrame" "ParquetSharp.DataFrame.Test" | |
| files=($(git diff --name-only)) | |
| if [ ${#files[@]} -gt 0 ] | |
| then | |
| for file in $files; do echo "::error file=$file::Code format check failed"; done | |
| exit 1 | |
| fi | |
| # Build the nuget package and upload it as an artifact. | |
| build-nuget: | |
| if: github.event_name == 'push' || github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id | |
| name: Build NuGet package | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: 8.0.x | |
| - name: Build project | |
| run: dotnet build ParquetSharp.DataFrame --configuration=Release | |
| - name: Build NuGet package | |
| run: dotnet pack ParquetSharp.DataFrame --configuration=Release --no-build --output nuget | |
| - name: Upload NuGet artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: nuget-package | |
| path: nuget | |
| # Run .NET unit tests with the nuget package on all platforms and all supported .NET runtimes (thus testing the user workflow). | |
| test-nuget: | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, macos-13, windows-latest] # macos-13 included for x64 | |
| dotnet: [net6.0, net7.0, net8.0] | |
| include: | |
| - os: windows-latest | |
| dotnet: net472 | |
| fail-fast: false | |
| name: Test NuGet package (.NET ${{ matrix.dotnet }} on ${{ matrix.os }}) | |
| runs-on: ${{ matrix.os }} | |
| needs: build-nuget | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Get version | |
| id: get-version | |
| run: echo "version=$((Select-Xml -Path ./ParquetSharp.DataFrame/ParquetSharp.DataFrame.csproj -XPath '/Project/PropertyGroup/Version/text()').node.Value)" >> $env:GITHUB_OUTPUT | |
| shell: pwsh | |
| - name: Download NuGet artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: nuget-package | |
| path: nuget | |
| - name: Setup .NET 6 SDK | |
| if: matrix.dotnet == 'net6.0' | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: 6.0.x | |
| - name: Setup .NET 7 SDK | |
| if: matrix.dotnet == 'net7.0' | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: 7.0.x | |
| - name: Setup .NET 8 SDK | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: 8.0.x | |
| - name: Add local NuGet feed | |
| run: | | |
| dotnet new nugetconfig | |
| dotnet nuget add source -n local $PWD/nuget | |
| - name: Change test project references to use local NuGet package | |
| run: | | |
| dotnet remove ParquetSharp.DataFrame.Test reference ParquetSharp.DataFrame/ParquetSharp.DataFrame.csproj | |
| dotnet add ParquetSharp.DataFrame.Test package ParquetSharp.DataFrame -v ${{ steps.get-version.outputs.version }} | |
| - name: Build & Run .NET unit tests | |
| run: dotnet test ParquetSharp.DataFrame.Test --configuration=Release --framework ${{ matrix.dotnet }} | |
| # Virtual job that can be configured as a required check before a PR can be merged. | |
| # As GitHub considers a check as successful if it is skipped, we need to check its status in | |
| # another workflow (check-required.yml) and create a check there. | |
| all-required-checks-done: | |
| name: All required checks done | |
| needs: | |
| - check-format | |
| - test-nuget | |
| runs-on: ubuntu-latest | |
| steps: | |
| - run: echo "All required checks done" | |
| # Create a GitHub release and publish the NuGet packages to nuget.org when a tag is pushed. | |
| publish-release: | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && !github.event.repository.fork | |
| name: Publish release | |
| runs-on: ubuntu-latest | |
| needs: all-required-checks-done | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Check version | |
| id: check-version | |
| shell: pwsh | |
| run: | | |
| $version = (Select-Xml -Path ./ParquetSharp.DataFrame/ParquetSharp.DataFrame.csproj -XPath '/Project/PropertyGroup/Version/text()').node.Value | |
| $tag = "${{ github.ref }}".SubString(10) | |
| if (-not ($tag -eq $version)) { | |
| echo "::error ::There is a mismatch between the project version ($version) and the tag ($tag)" | |
| exit 1 | |
| } | |
| echo "version=$version" >> $env:GITHUB_OUTPUT | |
| - name: Download NuGet artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: nuget-package | |
| path: nuget | |
| # if version contains "-" treat it as pre-release | |
| # example: 1.0.0-beta1 | |
| - name: Create release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| name: ParquetSharp.DataFrame ${{ steps.check-version.outputs.version }} | |
| draft: true | |
| prerelease: ${{ contains(steps.check-version.outputs.version, '-') }} | |
| files: | | |
| nuget/ParquetSharp.DataFrame.${{ steps.check-version.outputs.version }}.nupkg | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Publish to NuGet | |
| run: dotnet nuget push nuget/ParquetSharp.DataFrame.${{ steps.check-version.outputs.version }}.nupkg --api-key ${{ secrets.NUGET_API_KEY }} --source https://api.nuget.org/v3/index.json |