Skip to content

[StepSecurity] Apply security best practices (#783) #390

[StepSecurity] Apply security best practices (#783)

[StepSecurity] Apply security best practices (#783) #390

Workflow file for this run

# Continuous integration
name: github-continuous-integration
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
workflow_dispatch:
permissions:
contents: read
jobs:
build:
runs-on: windows-latest
permissions:
security-events: write
strategy:
matrix:
configuration: [ 'Release', 'Debug', 'Release_Unicode', 'Debug_Unicode' ]
platform: [ 'Win32', 'x64' ]
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
submodules: 'recursive'
- name: "Build"
shell: pwsh
run: |
$path = & "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" -latest -property installationPath
& $path\MSBuild\Current\Bin\amd64\msbuild.exe /m /p:Configuration="${{matrix.configuration}}" /p:Platform="${{matrix.platform}}" mfcmapi.sln
- name: Find vstest.console.exe
run: |
$VSDevTestCmd = & "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere" -latest -prerelease -products * -find Common7\IDE\Extensions\TestPlatform\vstest.console.exe
if (!$VSDevTestCmd) { exit 1 }
echo "Using VSDevTestCmd: ${VSDevTestCmd}"
Add-Content $env:GITHUB_ENV "VSDevTestCmd=$VSDevTestCmd"
- name: MFCMAPI UnitTests
run: cmd /c "$env:VSDevTestCmd" /Parallel /EnableCodeCoverage /Logger:trx "${{github.workspace}}\\bin\\${{matrix.platform}}\\UnitTest\\${{matrix.configuration}}\\UnitTest.dll"
# - name: Upload Event File
# uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
# with:
# name: Event File (${{ matrix.platform }} - ${{ matrix.configuration }})
# path: ${{ github.event_path }}
- name: Upload Test Result Files
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: always()
with:
name: Test Results (${{ matrix.platform }} - ${{ matrix.configuration }})
path: ${{github.workspace}}/**/TestResults/**/*
publish-test-results:
name: "Publish Tests Results"
needs: build
runs-on: ubuntu-latest
permissions:
checks: write
# only needed unless run with comment_mode: off
pull-requests: write
security-events: write
if: always()
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Download Artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: artifacts
- name: Publish Test Results
uses: EnricoMi/publish-unit-test-result-action@170bf24d20d201b842d7a52403b73ed297e6645b # v2.18.0
with:
files: "artifacts/**/*.trx"