Bump github/codeql-action from 4.30.8 to 4.30.9 (#3616) #1889
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: [ master ] | |
| tags: [ 'v*' ] | |
| pull_request: | |
| branches: [ master, dotnet-vnext ] | |
| workflow_dispatch: | |
| env: | |
| DOTNET_CLI_TELEMETRY_OPTOUT: true | |
| DOTNET_GENERATE_ASPNET_CERTIFICATE: false | |
| DOTNET_NOLOGO: true | |
| DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true | |
| DOTNET_SYSTEM_CONSOLE_ALLOW_ANSI_COLOR_REDIRECTION: 1 | |
| NUGET_XMLDOC_MODE: skip | |
| TERM: xterm | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 15 | |
| outputs: | |
| dotnet-sdk-version: ${{ steps.setup-dotnet.outputs.dotnet-version }} | |
| dotnet-validate-version: ${{ steps.get-dotnet-tools-versions.outputs.dotnet-validate-version }} | |
| nuget-package-validation-version: ${{ steps.get-dotnet-tools-versions.outputs.nuget-package-validation-version }} | |
| package-names: ${{ steps.build.outputs.package-names }} | |
| package-version: ${{ steps.build.outputs.package-version }} | |
| permissions: | |
| attestations: write | |
| contents: write | |
| id-token: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - macos-latest | |
| - ubuntu-latest | |
| - windows-latest | |
| steps: | |
| - name: Update agent configuration | |
| shell: pwsh | |
| run: | | |
| if ($IsWindows) { | |
| "DOTNET_INSTALL_DIR=D:\tools\dotnet" >> ${env:GITHUB_ENV} | |
| "DOTNET_ROOT=D:\tools\dotnet" >> ${env:GITHUB_ENV} | |
| "NUGET_PACKAGES=D:\.nuget\packages" >> ${env:GITHUB_ENV} | |
| } else { | |
| $nugetHome = "~/.nuget/packages" | |
| if (-Not (Test-Path $nugetHome)) { | |
| New-Item -Path $nugetHome -Type Directory -Force | Out-Null | |
| } | |
| $nugetHome = Resolve-Path $nugetHome | |
| "NUGET_PACKAGES=$nugetHome" >> ${env:GITHUB_ENV} | |
| } | |
| - name: Checkout code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| filter: 'tree:0' | |
| persist-credentials: false | |
| show-progress: false | |
| - name: Setup .NET SDKs | |
| uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 | |
| with: | |
| dotnet-version: | | |
| 8.0.x | |
| 9.0.x | |
| - name: Setup Node | |
| uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| node-version: '24' | |
| package-manager-cache: false | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 | |
| id: setup-dotnet | |
| - name: Build, Package and Test | |
| id: build | |
| shell: pwsh | |
| run: | | |
| ./build.ps1 | |
| - name: Upload Coverage Reports | |
| if: always() | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: coverage-${{ runner.os }} | |
| path: ./artifacts/coverage | |
| if-no-files-found: ignore | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 | |
| with: | |
| flags: ${{ runner.os }} | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Upload test results to Codecov | |
| uses: codecov/test-results-action@47f89e9acb64b76debcd5ea40642d25a4adced9f # v1.1.1 | |
| if: ${{ !cancelled() }} | |
| with: | |
| flags: ${{ runner.os }} | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Generate SBOM | |
| uses: anchore/sbom-action@aa0e114b2e19480f157109b9922bda359bd98b90 # v0.20.8 | |
| if: runner.os == 'Windows' | |
| with: | |
| artifact-name: Swashbuckle.AspNetCore.spdx.json | |
| output-file: ./artifacts/Swashbuckle.AspNetCore.spdx.json | |
| path: ./artifacts/bin | |
| upload-release-assets: true | |
| - name: Attest artifacts | |
| uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 | |
| if: | | |
| runner.os == 'Windows' && | |
| github.event.repository.fork == false && | |
| (github.ref_name == github.event.repository.default_branch || startsWith(github.ref, 'refs/tags/v')) | |
| with: | |
| subject-path: | | |
| ./artifacts/Swashbuckle.AspNetCore.spdx.json | |
| ./artifacts/bin/Swashbuckle.AspNetCore*/release_*/**/Swashbuckle.AspNetCore*.dll | |
| ./artifacts/package/release/* | |
| - name: Publish NuGet packages | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| if: ${{ !cancelled() }} | |
| with: | |
| name: packages-${{ runner.os }} | |
| path: ./artifacts/package/release | |
| if-no-files-found: error | |
| - name: Get .NET tools versions | |
| id: get-dotnet-tools-versions | |
| shell: pwsh | |
| run: | | |
| $manifest = (Get-Content "./.config/dotnet-tools.json" | Out-String | ConvertFrom-Json) | |
| $dotnetValidateVersion = $manifest.tools.'dotnet-validate'.version | |
| $nugetPackageValidationVersion = $manifest.tools.'meziantou.framework.nugetpackagevalidation.tool'.version | |
| "dotnet-validate-version=${dotnetValidateVersion}" >> ${env:GITHUB_OUTPUT} | |
| "nuget-package-validation-version=${nugetPackageValidationVersion}" >> ${env:GITHUB_OUTPUT} | |
| validate-packages: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download packages | |
| uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 | |
| with: | |
| name: packages-Windows | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 | |
| with: | |
| dotnet-version: ${{ needs.build.outputs.dotnet-sdk-version }} | |
| - name: Install NuGet package validation tools | |
| shell: pwsh | |
| env: | |
| DOTNET_VALIDATE_VERSION: ${{ needs.build.outputs.dotnet-validate-version }} | |
| NUGET_PACKAGE_VALIDATION_VERSION: ${{ needs.build.outputs.nuget-package-validation-version }} | |
| run: | | |
| dotnet tool install --global dotnet-validate --version ${env:DOTNET_VALIDATE_VERSION} --allow-roll-forward | |
| dotnet tool install --global Meziantou.Framework.NuGetPackageValidation.Tool --version ${env:NUGET_PACKAGE_VALIDATION_VERSION} --allow-roll-forward | |
| - name: Validate NuGet packages | |
| shell: pwsh | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| $packages = Get-ChildItem -Filter "*.nupkg" | ForEach-Object { $_.FullName } | |
| $invalidPackages = 0 | |
| foreach ($package in $packages) { | |
| $isValid = $true | |
| dotnet validate package local $package | |
| if ($LASTEXITCODE -ne 0) { | |
| $isValid = $false | |
| } | |
| meziantou.validate-nuget-package $package --github-token ${env:GH_TOKEN} --excluded-rules IconMustBeSet | |
| if ($LASTEXITCODE -ne 0) { | |
| $isValid = $false | |
| } | |
| if (-Not $isValid) { | |
| $invalidPackages++ | |
| } | |
| } | |
| if ($invalidPackages -gt 0) { | |
| Write-Output "::error::$invalidPackages NuGet package(s) failed validation." | |
| exit 1 | |
| } | |
| publish-myget: | |
| needs: [ build, validate-packages ] | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.event.repository.fork == false && | |
| (github.ref_name == github.event.repository.default_branch || | |
| github.head_ref == 'dotnet-vnext' || | |
| startsWith(github.ref, 'refs/tags/v')) | |
| environment: | |
| name: MyGet.org | |
| url: https://www.myget.org/gallery/domaindrivendev | |
| steps: | |
| - name: Download packages | |
| uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 | |
| with: | |
| name: packages-Windows | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 | |
| with: | |
| dotnet-version: ${{ needs.build.outputs.dotnet-sdk-version }} | |
| - name: Push NuGet packages to MyGet.org | |
| env: | |
| API_KEY: ${{ secrets.MYGET_TOKEN }} | |
| PACKAGE_VERSION: ${{ needs.build.outputs.package-version }} | |
| SOURCE: "https://www.myget.org/F/domaindrivendev/api/v3/index.json" | |
| run: dotnet nuget push "*.nupkg" --api-key "${API_KEY}" --skip-duplicate --source "${SOURCE}" && echo "::notice title=myget.org::Published version ${PACKAGE_VERSION} to MyGet." | |
| publish-nuget: | |
| needs: [ build, validate-packages ] | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.event.repository.fork == false && | |
| startsWith(github.ref, 'refs/tags/v') | |
| environment: | |
| name: NuGet.org | |
| url: https://www.nuget.org/profiles/domaindrivendev | |
| steps: | |
| - name: Download packages | |
| uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 | |
| with: | |
| name: packages-Windows | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 | |
| with: | |
| dotnet-version: ${{ needs.build.outputs.dotnet-sdk-version }} | |
| - name: Push NuGet packages to NuGet.org | |
| env: | |
| API_KEY: ${{ secrets.NUGET_TOKEN }} | |
| PACKAGE_VERSION: ${{ needs.build.outputs.package-version }} | |
| SOURCE: https://api.nuget.org/v3/index.json | |
| run: dotnet nuget push "*.nupkg" --api-key "${API_KEY}" --skip-duplicate --source "${SOURCE}" && echo "::notice title=nuget.org::Published version ${PACKAGE_VERSION} to NuGet.org." |