From a8a1017ea469d114e46d8cdf3dab37d3fc72fac7 Mon Sep 17 00:00:00 2001 From: Ken Lea Date: Mon, 1 Apr 2024 15:49:35 +0100 Subject: [PATCH 1/5] Update package --- Directory.Packages.props | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 Directory.Packages.props diff --git a/Directory.Packages.props b/Directory.Packages.props new file mode 100644 index 0000000..d62d1de --- /dev/null +++ b/Directory.Packages.props @@ -0,0 +1,9 @@ + + + true + true + + + + + \ No newline at end of file From b9e504097e2fdec48115265128127afa612f1b73 Mon Sep 17 00:00:00 2001 From: Ken Lea Date: Mon, 1 Apr 2024 17:08:46 +0100 Subject: [PATCH 2/5] Update build --- .github/workflows/pull-request.yml | 34 +++++++++++++++--------------- Directory.Packages.props | 2 +- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index e7a1348..9452046 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -15,7 +15,7 @@ env: GITHUB_FEED: https://nuget.pkg.github.com/Tanzy/index.json GITHUB_USER: Tanzy GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} jobs: @@ -37,7 +37,7 @@ jobs: uses: actions/checkout@v3 with: fetch-depth: 0 # fetch-depth is needed for GitVersion - + #Install and calculate the new version with GitVersion - name: Install GitVersion uses: gittools/actions/gitversion/setup@v0.10.2 @@ -57,7 +57,7 @@ jobs: - name: Setup .NET Core uses: actions/setup-dotnet@v1 with: - dotnet-version: '6.x' + dotnet-version: '8.x' - name: Cache SonarCloud packages uses: actions/cache@v3 @@ -73,19 +73,19 @@ jobs: path: .\.sonar\scanner key: ${{ runner.os }}-sonar-scanner restore-keys: ${{ runner.os }}-sonar-scanner - + - name: Install Sonar global tool run: dotnet tool install --global dotnet-sonarscanner - + - name: Install Code Coverage run: dotnet tool install --global dotnet-coverage - + - name: Restore - run: dotnet restore - + run: dotnet restore + - name: Begin Sonar scan run: dotnet sonarscanner begin /k:"Tanzy_Tanzy.Xunit" /o:"tanzy" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /v:${{ steps.gitversion.outputs.semVer }} /d:sonar.cs.vscoveragexml.reportsPaths=coverage.cobertura.xml - + # Build and test - name: Build run: dotnet build -c Release --no-restore -p:Version=${{ steps.gitversion.outputs.semVer }} @@ -96,20 +96,20 @@ jobs: - name: End Sonar scan run: dotnet sonarscanner end /d:sonar.login=${{ secrets.SONAR_TOKEN }} - + - name: Pack if: matrix.os == 'ubuntu-latest' run: dotnet pack -v normal -c Release --no-restore -p:PackageVersion=${{ steps.gitversion.outputs.nuGetVersionV2 }} src/$PROJECT_NAME/$PROJECT_NAME.*proj - - # Upload NuGet Package to Artifact store + + # Upload NuGet Package to Artifact store - name: Upload Artifact uses: actions/upload-artifact@v2 with: name: nupkg path: ./src/${{ env.PROJECT_NAME }}/bin/Release/*.nupkg retention-days: 5 - - + + # Label the Pull Request label: @@ -122,7 +122,7 @@ jobs: - uses: actions/labeler@v2 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - + # prerelease: # needs: build # if: github.ref == 'refs/heads/main' @@ -134,6 +134,6 @@ jobs: # name: nupkg # - name: Add GitHub Feed # run: dotnet nuget add source --username $GITHUB_USER --password $GITHUB_TOKEN --store-password-in-clear-text --name github "$GITHUB_FEED" - + # - name: Push to GitHub Feed - # run: echo "Deploy to GitHub" #dotnet nuget push ./nupkg/*.nupkg --api-key $GITHUB_TOKEN --skip-duplicate --source $GITHUB_FEED + # run: echo "Deploy to GitHub" #dotnet nuget push ./nupkg/*.nupkg --api-key $GITHUB_TOKEN --skip-duplicate --source $GITHUB_FEED \ No newline at end of file diff --git a/Directory.Packages.props b/Directory.Packages.props index d62d1de..cc7786f 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -1,7 +1,7 @@ true - true + false From 11920db547d39546a2428556803be49272e10aaa Mon Sep 17 00:00:00 2001 From: Ken Lea Date: Mon, 1 Apr 2024 17:52:34 +0100 Subject: [PATCH 3/5] Update pull-request.yml --- .github/workflows/pull-request.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 9452046..800d156 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -27,11 +27,11 @@ jobs: os: [ ubuntu-latest ] #, windows-latest, macos-latest ] steps: - - name: Set up JDK 11 - uses: actions/setup-java@v3 + - name: Set up JDK 21 + uses: actions/setup-java@v4 with: - java-version: 11 - distribution: 'zulu' # Alternative distribution options are available. + java-version: 21 + distribution: 'temurin' # Alternative distribution options are available. - name: Checkout uses: actions/checkout@v3 @@ -136,4 +136,4 @@ jobs: # run: dotnet nuget add source --username $GITHUB_USER --password $GITHUB_TOKEN --store-password-in-clear-text --name github "$GITHUB_FEED" # - name: Push to GitHub Feed - # run: echo "Deploy to GitHub" #dotnet nuget push ./nupkg/*.nupkg --api-key $GITHUB_TOKEN --skip-duplicate --source $GITHUB_FEED \ No newline at end of file + # run: echo "Deploy to GitHub" #dotnet nuget push ./nupkg/*.nupkg --api-key $GITHUB_TOKEN --skip-duplicate --source $GITHUB_FEED From acc12fa56613b18e3c72f4e2f2d15091855eabc2 Mon Sep 17 00:00:00 2001 From: Ken Lea Date: Mon, 1 Apr 2024 20:20:41 +0100 Subject: [PATCH 4/5] Add Snyk scan workflow for dotNET vulnerabilities. --- .github/workflows/snyk_scan.yml | 38 +++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/snyk_scan.yml diff --git a/.github/workflows/snyk_scan.yml b/.github/workflows/snyk_scan.yml new file mode 100644 index 0000000..375c51d --- /dev/null +++ b/.github/workflows/snyk_scan.yml @@ -0,0 +1,38 @@ +name: Scan dotNET using Snyk + +on: + push: + branches: [ main ] + paths-ignore: + - .gitignore + - README.md + - LICENSE + - '.github/**' + pull_request: + # The branches below must be a subset of the branches above + branches: [ main ] + +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + + - name: Setup .NET + uses: actions/setup-dotnet@3.0.3 + + - name: Restore dependencies + run: dotnet restore + + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/dotnet@master + continue-on-error: true # To make sure that SARIF upload gets called + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --sarif-file-output=snyk.sarif + + - name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: snyk.sarif From 2ed9c423d714c60a87647a7340652929a669b946 Mon Sep 17 00:00:00 2001 From: Ken Lea Date: Mon, 1 Apr 2024 20:41:55 +0100 Subject: [PATCH 5/5] Remove Snyk scan workflow configuration --- .github/workflows/snyk_scan.yml | 38 --------------------------------- 1 file changed, 38 deletions(-) delete mode 100644 .github/workflows/snyk_scan.yml diff --git a/.github/workflows/snyk_scan.yml b/.github/workflows/snyk_scan.yml deleted file mode 100644 index 375c51d..0000000 --- a/.github/workflows/snyk_scan.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Scan dotNET using Snyk - -on: - push: - branches: [ main ] - paths-ignore: - - .gitignore - - README.md - - LICENSE - - '.github/**' - pull_request: - # The branches below must be a subset of the branches above - branches: [ main ] - -jobs: - security: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@master - - - name: Setup .NET - uses: actions/setup-dotnet@3.0.3 - - - name: Restore dependencies - run: dotnet restore - - - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/dotnet@master - continue-on-error: true # To make sure that SARIF upload gets called - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - args: --sarif-file-output=snyk.sarif - - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: snyk.sarif