Bump github/codeql-action from 3.29.9 to 3.29.10 (#3539) #1710
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: [ master ] | |
| tags: [ 'v*' ] | |
| pull_request: | |
| branches: [ master, dotnet-vnext ] | |
| workflow_dispatch: | |
| env: | |
| DOTNET_CLI_TELEMETRY_OPTOUT: true | |
| DOTNET_GENERATE_ASPNET_CERTIFICATE: false | |
| DOTNET_NOLOGO: true | |
| DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true | |
| DOTNET_SYSTEM_CONSOLE_ALLOW_ANSI_COLOR_REDIRECTION: 1 | |
| NUGET_XMLDOC_MODE: skip | |
| TERM: xterm | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 15 | |
| outputs: | |
| dotnet-sdk-version: ${{ steps.setup-dotnet.outputs.dotnet-version }} | |
| dotnet-validate-version: ${{ steps.get-dotnet-tools-versions.outputs.dotnet-validate-version }} | |
| package-names: ${{ steps.build.outputs.package-names }} | |
| package-version: ${{ steps.build.outputs.package-version }} | |
| permissions: | |
| attestations: write | |
| contents: write | |
| id-token: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - macos-latest | |
| - ubuntu-latest | |
| - windows-latest | |
| steps: | |
| - name: Update agent configuration | |
| shell: pwsh | |
| run: | | |
| if ($IsWindows) { | |
| "DOTNET_INSTALL_DIR=D:\tools\dotnet" >> ${env:GITHUB_ENV} | |
| "DOTNET_ROOT=D:\tools\dotnet" >> ${env:GITHUB_ENV} | |
| "NUGET_PACKAGES=D:\.nuget\packages" >> ${env:GITHUB_ENV} | |
| } else { | |
| $nugetHome = "~/.nuget/packages" | |
| if (-Not (Test-Path $nugetHome)) { | |
| New-Item -Path $nugetHome -Type Directory -Force | Out-Null | |
| } | |
| $nugetHome = Resolve-Path $nugetHome | |
| "NUGET_PACKAGES=$nugetHome" >> ${env:GITHUB_ENV} | |
| } | |
| - name: Checkout code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| filter: 'tree:0' | |
| persist-credentials: false | |
| show-progress: false | |
| - name: Setup .NET SDKs | |
| uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1 | |
| with: | |
| dotnet-version: | | |
| 8.0.x | |
| 9.0.x | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1 | |
| id: setup-dotnet | |
| - name: Build, Package and Test | |
| id: build | |
| shell: pwsh | |
| run: | | |
| ./build.ps1 | |
| - name: Upload Coverage Reports | |
| if: always() | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: coverage-${{ runner.os }} | |
| path: ./artifacts/coverage | |
| if-no-files-found: ignore | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 | |
| with: | |
| flags: ${{ runner.os }} | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Upload test results to Codecov | |
| uses: codecov/test-results-action@47f89e9acb64b76debcd5ea40642d25a4adced9f # v1.1.1 | |
| if: ${{ !cancelled() }} | |
| with: | |
| flags: ${{ runner.os }} | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Generate SBOM | |
| uses: anchore/sbom-action@da167eac915b4e86f08b264dbdbc867b61be6f0c # v0.20.5 | |
| if: runner.os == 'Windows' | |
| with: | |
| artifact-name: Swashbuckle.AspNetCore.spdx.json | |
| output-file: ./artifacts/Swashbuckle.AspNetCore.spdx.json | |
| path: ./artifacts/bin | |
| upload-release-assets: true | |
| - name: Attest artifacts | |
| uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0 | |
| if: | | |
| runner.os == 'Windows' && | |
| github.event.repository.fork == false && | |
| (github.ref_name == github.event.repository.default_branch || startsWith(github.ref, 'refs/tags/v')) | |
| with: | |
| subject-path: | | |
| ./artifacts/Swashbuckle.AspNetCore.spdx.json | |
| ./artifacts/bin/Swashbuckle.AspNetCore*/release_*/**/Swashbuckle.AspNetCore*.dll | |
| ./artifacts/package/release/* | |
| - name: Publish NuGet packages | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| if: ${{ !cancelled() }} | |
| with: | |
| name: packages-${{ runner.os }} | |
| path: ./artifacts/package/release | |
| if-no-files-found: error | |
| - name: Get .NET tools versions | |
| id: get-dotnet-tools-versions | |
| shell: pwsh | |
| run: | | |
| $manifest = (Get-Content "./.config/dotnet-tools.json" | Out-String | ConvertFrom-Json) | |
| $dotnetValidateVersion = $manifest.tools.'dotnet-validate'.version | |
| "dotnet-validate-version=${dotnetValidateVersion}" >> $env:GITHUB_OUTPUT | |
| validate-packages: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download packages | |
| uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 | |
| with: | |
| name: packages-Windows | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1 | |
| with: | |
| dotnet-version: ${{ needs.build.outputs.dotnet-sdk-version }} | |
| - name: Validate NuGet packages | |
| shell: pwsh | |
| env: | |
| DOTNET_VALIDATE_VERSION: ${{ needs.build.outputs.dotnet-validate-version }} | |
| run: | | |
| dotnet tool install --global dotnet-validate --version ${env:DOTNET_VALIDATE_VERSION} --allow-roll-forward | |
| $packages = Get-ChildItem -Filter "*.nupkg" | ForEach-Object { $_.FullName } | |
| $invalidPackages = 0 | |
| foreach ($package in $packages) { | |
| dotnet validate package local $package | |
| if ($LASTEXITCODE -ne 0) { | |
| $invalidPackages++ | |
| } | |
| } | |
| if ($invalidPackages -gt 0) { | |
| Write-Output "::error::$invalidPackages NuGet package(s) failed validation." | |
| exit 1 | |
| } | |
| publish-myget: | |
| needs: [ build, validate-packages ] | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.event.repository.fork == false && | |
| (github.ref_name == github.event.repository.default_branch || | |
| github.head_ref == 'dotnet-vnext' || | |
| startsWith(github.ref, 'refs/tags/v')) | |
| environment: | |
| name: MyGet.org | |
| url: https://www.myget.org/gallery/domaindrivendev | |
| steps: | |
| - name: Download packages | |
| uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 | |
| with: | |
| name: packages-Windows | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1 | |
| with: | |
| dotnet-version: ${{ needs.build.outputs.dotnet-sdk-version }} | |
| - name: Push NuGet packages to MyGet.org | |
| env: | |
| API_KEY: ${{ secrets.MYGET_TOKEN }} | |
| PACKAGE_VERSION: ${{ needs.build.outputs.package-version }} | |
| SOURCE: "https://www.myget.org/F/domaindrivendev/api/v3/index.json" | |
| run: dotnet nuget push "*.nupkg" --api-key "${API_KEY}" --skip-duplicate --source "${SOURCE}" && echo "::notice title=myget.org::Published version ${PACKAGE_VERSION} to MyGet." | |
| publish-nuget: | |
| needs: [ build, validate-packages ] | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.event.repository.fork == false && | |
| startsWith(github.ref, 'refs/tags/v') | |
| environment: | |
| name: NuGet.org | |
| url: https://www.nuget.org/profiles/domaindrivendev | |
| steps: | |
| - name: Download packages | |
| uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 | |
| with: | |
| name: packages-Windows | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1 | |
| with: | |
| dotnet-version: ${{ needs.build.outputs.dotnet-sdk-version }} | |
| - name: Push NuGet packages to NuGet.org | |
| env: | |
| API_KEY: ${{ secrets.NUGET_TOKEN }} | |
| PACKAGE_VERSION: ${{ needs.build.outputs.package-version }} | |
| SOURCE: https://api.nuget.org/v3/index.json | |
| run: dotnet nuget push "*.nupkg" --api-key "${API_KEY}" --skip-duplicate --source "${SOURCE}" && echo "::notice title=nuget.org::Published version ${PACKAGE_VERSION} to NuGet.org." |