Skip to content
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .devcontainer/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM mcr.microsoft.com/devcontainers/dotnet:dev-10.0
FROM mcr.microsoft.com/devcontainers/dotnet:dev-10.0@sha256:9f7ffb9b90b8b291d72d86cb5108e9808e0282d81611fc234abeb383eae59033

Check warning on line 1 in .devcontainer/Dockerfile

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Use either the version tag or the digest for the image instead of both.

See more on https://sonarcloud.io/project/issues?id=GitTools_GitVersion&issues=AZ8YPHdW3i2zxRL0G6ez&open=AZ8YPHdW3i2zxRL0G6ez&pullRequest=5000

# [Optional] Uncomment this section to install additional OS packages.
# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
Expand Down
23 changes: 18 additions & 5 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,13 @@ updates:
group-by: dependency-name
patterns:
- "JsonSchemaNet.*"
# Central Package Management: all versions live in the Directory.Packages.props
# at each of these roots, so Dependabot only needs to scan the roots.
directories:
- "/build"
- "/new-cli"
- "/src"
- /build
- /new-cli
- /src
- /tests/integration
schedule:
interval: cron
cronjob: "0 12 * * *"
Expand All @@ -65,8 +68,8 @@ updates:
patterns:
- "actions/*"
directories:
- "/.github/workflows"
- "/.github/actions"
- /.github/workflows
- /.github/actions
schedule:
interval: cron
cronjob: "0 12 * * *"
Expand All @@ -84,3 +87,13 @@ updates:
schedule:
interval: cron
cronjob: "0 12 1,15 * *"

- package-ecosystem: docker
directory: /.devcontainer
schedule:
interval: daily

- package-ecosystem: docker
directory: /build/docker
schedule:
interval: daily
5 changes: 5 additions & 0 deletions .github/workflows/_artifacts_linux.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ jobs:
docker_distro: ${{ fromJson(inputs.docker_distros) }}
dotnet_version: ${{ fromJson(inputs.dotnet_versions) }}
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/_artifacts_windows.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,11 @@ jobs:
package: [ Executable, MsBuildFull ]

steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/_build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,11 @@ jobs:

runs-on: ${{ matrix.os }}
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/_docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,11 @@ jobs:
docker_distro: ${{ fromJson(inputs.docker_distros) }}
dotnet_version: ${{ fromJson(inputs.dotnet_versions) }}
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/_docker_manifests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ jobs:
docker_distro: ${{ fromJson(inputs.docker_distros) }}
dotnet_version: ${{ fromJson(inputs.dotnet_versions) }}
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
Expand Down
10 changes: 10 additions & 0 deletions .github/workflows/_prepare.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,11 @@ jobs:

runs-on: ${{ matrix.os }}
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0

Expand Down Expand Up @@ -59,6 +64,11 @@ jobs:
docker_distros: ${{ steps.set_matrix.outputs.docker_distros }}
dotnet_versions: ${{ steps.set_matrix.outputs.dotnet_versions }}
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0

Expand Down
8 changes: 8 additions & 0 deletions .github/workflows/_publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ env:
DOTNET_INSTALL_DIR: "./.dotnet"
DOTNET_ROLL_FORWARD: "Major"

permissions:
contents: read

jobs:
publish:
name: ${{ matrix.taskName }}
Expand All @@ -23,6 +26,11 @@ jobs:
taskName: [ NuGet, Chocolatey ]

steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
Expand Down
8 changes: 8 additions & 0 deletions .github/workflows/_unit_tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ env:
DOTNET_INSTALL_DIR: "./.dotnet"
DOTNET_ROLL_FORWARD: "Major"

permissions:
contents: read

jobs:
unit_test:
name: ${{ matrix.os }} - net${{ matrix.dotnet_version }}
Expand All @@ -24,6 +27,11 @@ jobs:

runs-on: ${{ matrix.os }}
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/actionlint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,11 @@ jobs:
checks: write
pull-requests: write
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0

Expand Down
13 changes: 13 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,9 @@ env:

ENABLED_DIAGNOSTICS: ${{ vars.ENABLED_DIAGNOSTICS }}

permissions:
contents: read

jobs:
prepare:
name: Prepare
Expand All @@ -51,6 +54,11 @@ jobs:
outputs:
can_publish: ${{ steps.flags.outputs.can_publish }}
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Resolve publish flag
id: flags
shell: bash
Expand Down Expand Up @@ -165,6 +173,11 @@ jobs:
GITHUB_TOKEN: ${{ github.token }}
CAN_PUBLISH: ${{ github.event_name == 'repository_dispatch' }}
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,11 @@ jobs:
language: [ 'csharp' ]

steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
Expand Down
27 changes: 27 additions & 0 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request,
# surfacing known-vulnerable versions of the packages declared or updated in the PR.
# Once installed, if the workflow run is marked as required,
# PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
name: 'Dependency Review'
on: [pull_request]

permissions:
contents: read

jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: 'Checkout Repository'
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: 'Dependency Review'
uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0
15 changes: 15 additions & 0 deletions .github/workflows/docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,11 @@ jobs:
runs-on: ubuntu-24.04

steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
Expand Down Expand Up @@ -88,6 +93,11 @@ jobs:
needs: [ prepare ]
runs-on: ubuntu-24.04
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
Expand Down Expand Up @@ -129,6 +139,11 @@ jobs:
GITHUB_TOKEN: ${{ github.token }}
GITHUB_USERNAME: ${{ github.actor }}
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/format.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,11 @@ jobs:
runs-on: ubuntu-24.04
name: DotNet Format
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0

Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/gittools-actions.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,11 @@ jobs:
name: Update GitTools Actions
runs-on: ubuntu-24.04
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Get version
id: get-version
shell: pwsh
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/homebrew.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,11 @@ jobs:
name: Bump Homebrew formula
runs-on: macos-latest
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Get version
id: get-version
shell: pwsh
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ jobs:
name: Update Markdown (embedded snippets)
runs-on: ubuntu-24.04
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: gittools/cicd/checkout@824c3d773fb5d1b00c26b474ae88b7ce9ae555ee # v5
with:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/new-cli.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,11 @@ jobs:
runs-on: ubuntu-24.04
name: Build & Test (new-cli)
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0

Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/public-api.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,11 @@ jobs:
name: Mark public API as shipped
runs-on: ubuntu-24.04
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: gittools/cicd/checkout@824c3d773fb5d1b00c26b474ae88b7ce9ae555ee # v5
with:
Expand Down
8 changes: 8 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,21 @@ on:
release:
types: [ published ]

permissions:
contents: read

jobs:
release:
name: Trigger ci flow
runs-on: ubuntu-24.04
permissions:
contents: write
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0

Expand Down
Loading
Loading