From 4e7a8143872418b48c1952ec3c0b7c387cee8af7 Mon Sep 17 00:00:00 2001 From: Bert Date: Sun, 1 Jun 2025 10:22:31 +0200 Subject: [PATCH 1/8] add .github\workflows\release-draft.yml --- .github/workflows/codeql.yml | 81 +++++++++++++++++++++++++++ .github/workflows/issue-close.yml | 3 + .github/workflows/issue-inactive.yml | 3 + .github/workflows/issue-untriaged.yml | 6 +- .github/workflows/release-draft.yml | 23 ++++++++ .gitignore | 1 + global.json | 2 +- 7 files changed, 117 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/release-draft.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 000000000..437d18dbd --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,81 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "master" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "master" ] + schedule: + - cron: '23 17 * * 1' + +env: + AZURE_ARTIFACTS_FEED_URL: https://pkgs.dev.azure.com/bertk0374/_packaging/intern/nuget/v3/index.json + +permissions: + contents: read + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'csharp' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Use only 'java' to analyze code written in Java, Kotlin or both + # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 # avoid shallow clone so nbgv can do its work. + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + build-mode: "manual" # Use "auto" for automatic build detection, or "none" to skip the build step. + + - name: Setup dotnet using global.json + uses: actions/setup-dotnet@v4 + with: + global-json-file: global.json + + # - name: Restore dependencies + # run: dotnet restore + + - run: | + echo "Run, Build Application using script" + dotnet build -c coverlet.sln + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/issue-close.yml b/.github/workflows/issue-close.yml index c4a17a05f..fb73d0151 100644 --- a/.github/workflows/issue-close.yml +++ b/.github/workflows/issue-close.yml @@ -7,6 +7,9 @@ on: env: DAYS_BEFORE_ISSUE_CLOSE: 275 +permissions: + contents: read + jobs: close-issues: runs-on: ubuntu-latest diff --git a/.github/workflows/issue-inactive.yml b/.github/workflows/issue-inactive.yml index b2bcfaef2..c80481428 100644 --- a/.github/workflows/issue-inactive.yml +++ b/.github/workflows/issue-inactive.yml @@ -7,6 +7,9 @@ on: env: DAYS_BEFORE_ISSUE_STALE: 90 +permissions: + contents: read + jobs: close-issues: runs-on: ubuntu-latest diff --git a/.github/workflows/issue-untriaged.yml b/.github/workflows/issue-untriaged.yml index 2115d7c30..780713f33 100644 --- a/.github/workflows/issue-untriaged.yml +++ b/.github/workflows/issue-untriaged.yml @@ -7,13 +7,17 @@ on: types: - reopened - opened + +permissions: + contents: read + jobs: label_issues: runs-on: ubuntu-latest permissions: issues: write steps: - - uses: actions/github-script@v6 + - uses: actions/github-script@v7 with: script: | github.rest.issues.addLabels({ diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml new file mode 100644 index 000000000..3900e0d51 --- /dev/null +++ b/.github/workflows/release-draft.yml @@ -0,0 +1,23 @@ +name: Release Drafter + +on: + push: + branches: + - main + +permissions: + contents: read + +jobs: + update_release_draft: + permissions: + contents: write # for release-drafter/release-drafter to create a github release + pull-requests: write # for release-drafter/release-drafter to add label to PR + runs-on: ubuntu-latest + steps: + - uses: release-drafter/release-drafter@v6 + with: + prerelease: true + prerelease-identifier: beta + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore index 514880624..2fad5b5e3 100644 --- a/.gitignore +++ b/.gitignore @@ -318,3 +318,4 @@ FolderProfile.pubxml /NuGet.config nuget.config *.dmp +Playground/ diff --git a/global.json b/global.json index 6dfc6666e..8b2877a60 100644 --- a/global.json +++ b/global.json @@ -1,5 +1,5 @@ { "sdk": { - "version": "8.0.407" + "version": "8.0.409" } } From 70417744a0c3426265130d9cd4058d537436b3dc Mon Sep 17 00:00:00 2001 From: Bert Date: Sun, 1 Jun 2025 10:44:18 +0200 Subject: [PATCH 2/8] update build step --- .github/workflows/codeql.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 437d18dbd..4be66a962 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -68,12 +68,9 @@ jobs: with: global-json-file: global.json - # - name: Restore dependencies - # run: dotnet restore - - run: | echo "Run, Build Application using script" - dotnet build -c coverlet.sln + dotnet build coverlet.sln --configuration Debug - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 From 04c0ec3703e9c6a21fec504c6a2740f0ae36f074 Mon Sep 17 00:00:00 2001 From: Bert Date: Sun, 1 Jun 2025 10:22:31 +0200 Subject: [PATCH 3/8] add .github\workflows\release-draft.yml --- .github/workflows/codeql.yml | 81 +++++++++++++++++++++++++++ .github/workflows/issue-close.yml | 3 + .github/workflows/issue-inactive.yml | 3 + .github/workflows/issue-untriaged.yml | 6 +- .github/workflows/release-draft.yml | 23 ++++++++ 5 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/release-draft.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 000000000..437d18dbd --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,81 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "master" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "master" ] + schedule: + - cron: '23 17 * * 1' + +env: + AZURE_ARTIFACTS_FEED_URL: https://pkgs.dev.azure.com/bertk0374/_packaging/intern/nuget/v3/index.json + +permissions: + contents: read + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'csharp' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Use only 'java' to analyze code written in Java, Kotlin or both + # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 # avoid shallow clone so nbgv can do its work. + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + build-mode: "manual" # Use "auto" for automatic build detection, or "none" to skip the build step. + + - name: Setup dotnet using global.json + uses: actions/setup-dotnet@v4 + with: + global-json-file: global.json + + # - name: Restore dependencies + # run: dotnet restore + + - run: | + echo "Run, Build Application using script" + dotnet build -c coverlet.sln + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/issue-close.yml b/.github/workflows/issue-close.yml index c4a17a05f..fb73d0151 100644 --- a/.github/workflows/issue-close.yml +++ b/.github/workflows/issue-close.yml @@ -7,6 +7,9 @@ on: env: DAYS_BEFORE_ISSUE_CLOSE: 275 +permissions: + contents: read + jobs: close-issues: runs-on: ubuntu-latest diff --git a/.github/workflows/issue-inactive.yml b/.github/workflows/issue-inactive.yml index b2bcfaef2..c80481428 100644 --- a/.github/workflows/issue-inactive.yml +++ b/.github/workflows/issue-inactive.yml @@ -7,6 +7,9 @@ on: env: DAYS_BEFORE_ISSUE_STALE: 90 +permissions: + contents: read + jobs: close-issues: runs-on: ubuntu-latest diff --git a/.github/workflows/issue-untriaged.yml b/.github/workflows/issue-untriaged.yml index 2115d7c30..780713f33 100644 --- a/.github/workflows/issue-untriaged.yml +++ b/.github/workflows/issue-untriaged.yml @@ -7,13 +7,17 @@ on: types: - reopened - opened + +permissions: + contents: read + jobs: label_issues: runs-on: ubuntu-latest permissions: issues: write steps: - - uses: actions/github-script@v6 + - uses: actions/github-script@v7 with: script: | github.rest.issues.addLabels({ diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml new file mode 100644 index 000000000..3900e0d51 --- /dev/null +++ b/.github/workflows/release-draft.yml @@ -0,0 +1,23 @@ +name: Release Drafter + +on: + push: + branches: + - main + +permissions: + contents: read + +jobs: + update_release_draft: + permissions: + contents: write # for release-drafter/release-drafter to create a github release + pull-requests: write # for release-drafter/release-drafter to add label to PR + runs-on: ubuntu-latest + steps: + - uses: release-drafter/release-drafter@v6 + with: + prerelease: true + prerelease-identifier: beta + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 9b8bfa6fa175fbb456d4de32fd0bb13cf651e664 Mon Sep 17 00:00:00 2001 From: Bert Date: Sun, 1 Jun 2025 10:44:18 +0200 Subject: [PATCH 4/8] update build step --- .github/workflows/codeql.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 437d18dbd..4be66a962 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -68,12 +68,9 @@ jobs: with: global-json-file: global.json - # - name: Restore dependencies - # run: dotnet restore - - run: | echo "Run, Build Application using script" - dotnet build -c coverlet.sln + dotnet build coverlet.sln --configuration Debug - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 From 17581d3bc3e696c70c35999404c87a5f0f7e823e Mon Sep 17 00:00:00 2001 From: Bert Date: Sun, 16 Nov 2025 11:01:33 +0100 Subject: [PATCH 5/8] update setup-dotnet action to version 5 in CodeQL workflow --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4be66a962..375967638 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -64,7 +64,7 @@ jobs: build-mode: "manual" # Use "auto" for automatic build detection, or "none" to skip the build step. - name: Setup dotnet using global.json - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@v5 with: global-json-file: global.json From 60f84f96c4523e8405176c62b0578d665228235d Mon Sep 17 00:00:00 2001 From: Bert Date: Sun, 16 Nov 2025 11:06:14 +0100 Subject: [PATCH 6/8] update CodeQL action versions to v4 in workflow --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 375967638..a1d72280c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -52,7 +52,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -73,6 +73,6 @@ jobs: dotnet build coverlet.sln --configuration Debug - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 with: category: "/language:${{matrix.language}}" From 33ea3957980ac8a2c8b8ce2d45e768b5fbbb80f0 Mon Sep 17 00:00:00 2001 From: Bert Date: Sun, 16 Nov 2025 11:11:32 +0100 Subject: [PATCH 7/8] add steps to create debug and release artifact directories in CodeQL workflow --- .github/workflows/codeql.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a1d72280c..b0a8de3f7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -68,6 +68,10 @@ jobs: with: global-json-file: global.json + - run: | + mkdir artifacts/package/debug + mkdir artifacts/package/release + - run: | echo "Run, Build Application using script" dotnet build coverlet.sln --configuration Debug From 54a3b64e0054951d9cbc7cd14e467ae5d9d9a39d Mon Sep 17 00:00:00 2001 From: Bert Date: Sun, 16 Nov 2025 11:16:25 +0100 Subject: [PATCH 8/8] refactor: streamline artifact directory creation in CodeQL workflow --- .github/workflows/codeql.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b0a8de3f7..36111c6a5 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -69,8 +69,10 @@ jobs: global-json-file: global.json - run: | - mkdir artifacts/package/debug - mkdir artifacts/package/release + mkdir ./artifacts + mkdir ./artifacts/package + mkdir ./artifacts/package/debug + mkdir ./artifacts/package/release - run: | echo "Run, Build Application using script"