diff --git a/.github/workflows/dependencies/DotnetDocsTools.LocateProjects.2.0.0.nupkg b/.github/workflows/dependencies/DotnetDocsTools.LocateProjects.2.0.0.nupkg deleted file mode 100644 index 8da2539f26..0000000000 Binary files a/.github/workflows/dependencies/DotnetDocsTools.LocateProjects.2.0.0.nupkg and /dev/null differ diff --git a/.github/workflows/dependencies/Get-MSBuildResults.ps1 b/.github/workflows/dependencies/Get-MSBuildResults.ps1 deleted file mode 100644 index 9d7480ba19..0000000000 --- a/.github/workflows/dependencies/Get-MSBuildResults.ps1 +++ /dev/null @@ -1,352 +0,0 @@ -<# - -.SYNOPSIS - Invokes dotnet build on the samples sln and project files. - -.DESCRIPTION - Invokes dotnet build on the samples sln and project files. - -.PARAMETER RepoRootDir - The directory of the repository files on the local machine. - -.PARAMETER PullRequest - The pull request to process. If 0 or not passed, processes the whole repo - -.PARAMETER RepoOwner - The name of the repository owner. - -.PARAMETER RepoName - The name of the repository. - -.PARAMETER RangeStart - A range of results to process. - -.PARAMETER RangeEnd - A range of results to process. - -.INPUTS - None - -.OUTPUTS - None - -.NOTES - - Version: 1.8 - Author: adegeo@microsoft.com - Creation Date: 12/11/2020 - Update Date: 10/05/2022 - Purpose/Change: Add support for discovering and processing settings file for project errors (not found, too many, etc) - - Version: 1.7 - Author: adegeo@microsoft.com - Creation Date: 12/11/2020 - Update Date: 09/26/2022 - Purpose/Change: Trim build error lines to help remove duplicates. - - Version: 1.6 - Author: adegeo@microsoft.com - Creation Date: 12/11/2020 - Update Date: 03/10/2022 - Purpose/Change: Export proj/sln settings config to output.json file. -#> - -[CmdletBinding()] -Param( - [Parameter(Mandatory = $true, ValueFromPipeline = $false)] - [System.String] $RepoRootDir = $env:RepoRootDir, - - [Parameter(Mandatory = $false, ValueFromPipeline = $false)] - [System.Int64] $PullRequest = 0, - - [Parameter(Mandatory = $false, ValueFromPipeline = $false)] - [System.String] $RepoOwner = "", - - [Parameter(Mandatory = $false, ValueFromPipeline = $false)] - [System.String] $RepoName = "", - - [Parameter(Mandatory = $false, ValueFromPipeline = $false)] - [System.Int32] $RangeStart = $env:rangestart, - - [Parameter(Mandatory = $false, ValueFromPipeline = $false)] - [System.Int32] $RangeEnd = $env:rangeend -) - -$Global:statusOutput = @() - -Write-Host "Gathering solutions and projects... (v1.8)" - -if ($PullRequest -ne 0) { - Write-Host "Running `"LocateProjects `"$RepoRootDir`" --pullrequest $PullRequest --owner $RepoOwner --repo $RepoName`"" - $output = Invoke-Expression "LocateProjects `"$RepoRootDir`" --pullrequest $PullRequest --owner $RepoOwner --repo $RepoName" -} -else { - Write-Host "Running `"LocateProjects `"$RepoRootDir`"" - $output = Invoke-Expression "LocateProjects `"$RepoRootDir`"" -} - -if ($LASTEXITCODE -ne 0) -{ - $output - throw "Error on running LocateProjects" -} - -function New-Result($inputFile, $projectFile, $exitcode, $outputText, $settingsJson) -{ - $info = @{} - - $info.InputFile = $inputFile - $info.ProjectFile = $projectFile - $info.ExitCode = $exitcode - $info.Output = $outputText - $info.Settings = $settingsJson - - $object = New-Object -TypeName PSObject -Prop $info - $Global:statusOutput += $object -} - -$workingSet = $output - -if (($RangeStart -ne 0) -and ($RangeEnd -ne 0)){ - $workingSet = $output[$RangeStart..$RangeEnd] -} - -# Log working set items prior to filtering -$workingSet | Write-Host - -# Remove duplicated projects and skip snippets files from being processed -$projects = @() -$workingSetTemp = @() - -foreach ($item in $workingSet) { - $data = $item.Split('|') - if ($projects.Contains($data[2].Trim()) -or $data[1].EndsWith("snippets.5000.json")) { - continue - } - if ($data[2].Trim() -ne "") { - $projects += $data[2].Trim() - } - $workingSetTemp += $item -} - -$workingSet = $workingSetTemp - -# Process working set -$counter = 1 -$length = $workingSet.Count -$thisExitCode = 0 - -$ErrorActionPreference = "Continue" - -foreach ($item in $workingSet) { - try { - Write-Host "$counter/$length :: $Item" - - $data = $item.Split('|') - - # Project found, build it - if ([int]$data[0] -eq 0) { - $projectFile = Resolve-Path "$RepoRootDir\$($data[2])" - $configFile = [System.IO.Path]::Combine([System.IO.Path]::GetDirectoryName($projectFile), "snippets.5000.json") - $settings = $null - - # Create the default build command - "dotnet build `"$projectFile`"" | Out-File ".\run.bat" - - # Check for config file - if ([System.IO.File]::Exists($configFile) -eq $true) { - Write-Host "- Config file found" - - $settings = $configFile | Get-ChildItem | Get-Content | ConvertFrom-Json - - if ($settings.host -eq "visualstudio") { - Write-Host "- Using visual studio as build host" - - # Create the visual studio build command - "CALL `"C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\Tools\VsDevCmd.bat`"`n" + - "nuget.exe restore `"$projectFile`"`n" + - "msbuild.exe `"$projectFile`" -restore:True" ` - | Out-File ".\run.bat" - } - elseif ($settings.host -eq "custom") { - Write-Host "- Using custom build host: $($settings.command)" - - $ExecutionContext.InvokeCommand.ExpandString($settings.command) | Out-File ".\run.bat" - } - elseif ($settings.host -eq "dotnet") { - Write-Host "- Using dotnet build host" - - "dotnet build `"$projectFile`"" | Out-File ".\run.bat" - } - else { - throw "snippets.5000.json file isn't valid." - } - } - - Write-Host "run.bat contents: " - Get-Content .\run.bat | Write-Host - Write-Host - - $thisExitCode = 0 - - Invoke-Expression ".\run.bat" | Out-String | Tee-Object -Variable "result" - - if ($LASTEXITCODE -ne 0) { - $thisExitCode = 4 - } - - New-Result $data[1] $projectFile $thisExitCode $result $settings - } - - # No project found - else - { - $settings = $null - $filePath = Resolve-Path "$RepoRootDir\$($data[1])" - - # Hunt for snippets config file - do { - - $configFile = [System.IO.Path]::Combine($filePath, "snippets.5000.json") - - if ([System.IO.File]::Exists($configFile) -eq $true) { - - $settings = $configFile | Get-ChildItem | Get-Content | ConvertFrom-Json - Write-Host "Loading settings for errors found by LocateProjects: $configFile" - break - } - - # go back one folder - $filePath = [System.IO.Path]::GetFullPath([System.IO.Path]::Combine($filePath, "..\")) - } until ([System.Linq.Enumerable]::Count($filePath, [Func[Char, Boolean]] { param($x) $x -eq '\' }) -eq 1) - - if ($settings -eq $null) { - Write-Host "No settings file found for LocateProjects reported error" - } - - # Process each error - if ([int]$data[0] -eq 1) { - New-Result $data[1] "" 1 "ERROR: Project missing. A project (and optionally a solution file) must be in this directory or one of the parent directories to validate and build this code." $settings - - $thisExitCode = 1 - } - - # Too many projects found - elseif ([int]$data[0] -eq 2) { - New-Result $data[1] $data[2] 2 "ERROR: Too many projects found. A single project or solution must exist in this directory or one of the parent directories." $settings - - $thisExitCode = 2 - } - - # Solution found, but no project - elseif ([int]$data[0] -eq 3) { - New-Result $data[1] $data[2] 2 "ERROR: Solution found, but missing project. A project is required to compile this code." $settings - $thisExitCode = 3 - } - - } - - } - catch { - New-Result $data[1] $projectFile 1000 "ERROR: $($_.Exception)" $null - $thisExitCode = 4 - Write-Host $_.Exception.Message -Foreground "Red" - Write-Host $_.ScriptStackTrace -Foreground "DarkGray" - } - - $counter++ -} - -$resultItems = $Global:statusOutput | Select-Object InputFile, ProjectFile, ExitCode, Output, Settings - -# Add our output type -$typeResult = @" -public class ResultItem -{ - public string ProjectFile; - public string InputFile; - public int ExitCode; - public string BuildOutput; - public object Settings; - public MSBuildError[] Errors; - public int ErrorCount; - - public class MSBuildError - { - public string Line; - public string Error; - } -} -"@ -Add-Type $typeResult - -$transformedItems = $resultItems | ForEach-Object { New-Object ResultItem -Property @{ - ProjectFile = $_.ProjectFile.Path; - InputFile = $_.InputFile; - ExitCode = $_.ExitCode; - BuildOutput = $_.Output; - Settings = $_.Settings; - Errors = @(); - ErrorCount = 0; - } } - -# Transform the build output to break it down into MSBuild result entries -foreach ($item in $transformedItems) { - $list = @() - - # Clean - if ($item.ExitCode -eq 0) { - #$list += New-Object -TypeName "ResultItem+MSBuildError" -Property @{ Line = $item.BuildOutput; Error = $item.BuildOutput } - } - # No project found - # Too many projects found - # Solution found, but no project - elseif ($item.ExitCode -ne 4) { - $list += New-Object -TypeName "ResultItem+MSBuildError" -Property @{ Line = $item.BuildOutput; Error = $item.BuildOutput } - $item.ErrorCount = 1 - } - - # Actual build error found - else { - $errorInfo = $item.BuildOutput -Split [System.Environment]::NewLine | - Select-String ": (?:Solution file error|error) ([^:]*)" | ` - Select-Object Line -ExpandProperty Matches | ` - Select-Object -Property @{Name = 'Line'; Expression = {$_.Line.Trim()}}, Groups | ` - Sort-Object Line | Get-Unique -AsString - $item.ErrorCount = $errorInfo.Count - foreach ($err in $errorInfo) { - $list += New-Object -TypeName "ResultItem+MSBuildError" -Property @{ Line = $err.Line; Error = $err.Groups[1].Value } - } - - # Error count of 0 here means that no error was detected from build results, but there was still a failure of some kind - if ($item.ErrorCount -eq 0) { - $list += New-Object -TypeName "ResultItem+MSBuildError" -Property @{ Line = "Unknown error occurred. Check log and build output."; Error = "4" } - $item.ErrorCount = 1 - } - } - - # Set build errors - $item.Errors = $list - -} - -$transformedItems | ConvertTo-Json -Depth 4 | Out-File 'output.json' - -exit 0 - - -# Sample snippets.5000.json file -<# -{ - "host": "visualstudio", - "expectederrors": [ - { - "file": "samples/snippets/csharp/VS_Snippets_VBCSharp/csprogguideindexedproperties/cs/Program.cs", - "line": 5, - "column": 25, - "error": "CS0234" - } - ] -} - -#> diff --git a/.github/workflows/dependencies/Out-GithubActionStatus.ps1 b/.github/workflows/dependencies/Out-GithubActionStatus.ps1 deleted file mode 100644 index b116a856d6..0000000000 --- a/.github/workflows/dependencies/Out-GithubActionStatus.ps1 +++ /dev/null @@ -1,79 +0,0 @@ -<# - -.SYNOPSIS - Reads the output.json file and outputs status to GitHub Actions - -.DESCRIPTION - Reads the output.json file and outputs status to GitHub Actions - -.INPUTS - None - -.OUTPUTS - None - -.NOTES - Version: 1.2 - Author: adegeo@microsoft.com - Creation Date: 06/24/2020 - Update Date: 03/10/2022 - Purpose/Change: Support ignoring known errors. -#> - -[CmdletBinding()] -Param( -) - -$json = Get-Content output.json | ConvertFrom-Json - -$errors = $json | Where-Object ErrorCount -ne 0 | Select-Object InputFile, Settings -ExpandProperty Errors | Select-Object InputFile, Settings, Error, Line - -# Exit if no error entries were found -$count = $errors.Count - -if ($count -eq 0) { - Write-Host "All builds passed" - exit 0 -} - -Write-Host "Total errors: $count" - -foreach ($er in $errors) { - - $skipError = $false - - $lineColMatch = $er.Line | Select-String "(^.*)\((\d*),(\d*)\)" | Select-Object -ExpandProperty Matches | Select-Object -ExpandProperty Groups - $errorFile = $er.InputFile - $errorLineNumber = 0 - $errorColNumber = 0 - - if ($lineColMatch.Count -eq 4) { - $errorFile = $lineColMatch[1].Value.Replace("D:\a\$($env:repo)\$($env:repo)\", "").Replace("\", "/") - $errorLineNumber = $lineColMatch[2].Value - $errorColNumber = $lineColMatch[3].Value - } - - # Check if there are any errors that should be skipped because they're known failures - foreach ($expectedError in $er.Settings.expectederrors) { - if (($expectedError.file -eq $errorFile) -and ($expectedError.error -eq $er.error)) { - Write-Host "Skipping error:`n- File: $errorFile`n- Error: $($er.error)" - $skipError = $true - break - } - } - - if ($skipError -eq $false) { - Write-Host "::error file=$errorFile,line=$errorLineNumber,col=$errorColNumber::$($er.Line)" - } - else { - $count -= 1 - } -} - -Write-Host "Errors after skips: $count" - -if ($count -eq 0) { - exit 0 -} - -exit 1 diff --git a/.github/workflows/live-protection.yml b/.github/workflows/live-protection.yml index 31643fb680..026123e142 100644 --- a/.github/workflows/live-protection.yml +++ b/.github/workflows/live-protection.yml @@ -7,7 +7,12 @@ jobs: comment: runs-on: ubuntu-latest steps: - - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + with: + egress-policy: audit + + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea env: SHOULD_COMMENT: ${{ github.base_ref == 'refs/heads/live' && !(github.event.issue.user.login == 'cxwtool' || github.head_ref == 'refs/heads/main') }} with: diff --git a/.github/workflows/markdownlint.yml b/.github/workflows/markdownlint.yml index 429df6a130..8e7ebce546 100644 --- a/.github/workflows/markdownlint.yml +++ b/.github/workflows/markdownlint.yml @@ -16,6 +16,9 @@ on: - ".github/workflows/markdownlint.yml" - ".github/workflows/markdownlint-problem-matcher.json" +permissions: + contents: read + jobs: lint: runs-on: ubuntu-latest @@ -23,13 +26,13 @@ jobs: statuses: write steps: - - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 - - name: Use Node.js - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + with: + egress-policy: audit + + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: DavidAnson/markdownlint-cli2-action@b4c9feab76d8025d1e83c653fa3990936df0e6c8 # v16.0.0 with: - node-version: 16.x - - name: Run Markdownlint - run: | - echo "::add-matcher::.github/workflows/markdownlint-problem-matcher.json" - npm i -g markdownlint-cli2 - markdownlint-cli2 "**/*.md" + config: ".markdownlint-cli2.jsonc" + globs: "**/*.md" diff --git a/.github/workflows/profanity-filter.yml b/.github/workflows/profanity-filter.yml new file mode 100644 index 0000000000..5a9ffca299 --- /dev/null +++ b/.github/workflows/profanity-filter.yml @@ -0,0 +1,32 @@ +name: Profanity filter + +on: + issue_comment: + types: [created, edited] + issues: + types: [opened, edited, reopened] + pull_request: + types: [opened, edited, reopened] + +permissions: + issues: write + pull-requests: write + +jobs: + apply-filter: + name: Apply profanity filter + runs-on: ubuntu-latest + + steps: + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + with: + egress-policy: audit + + - name: Profanity filter + if: ${{ github.actor != 'dependabot[bot]' && github.actor != 'github-actions[bot]' }} + uses: IEvangelist/profanity-filter@5248b30a7d2a6c209eb0a7362502fe769856522f # main + id: profanity-filter + with: + token: ${{ secrets.GITHUB_TOKEN }} + replacement-strategy: redacted-rectangle diff --git a/.github/workflows/quest-bulk.yml b/.github/workflows/quest-bulk.yml index b15573349d..d6c51bd133 100644 --- a/.github/workflows/quest-bulk.yml +++ b/.github/workflows/quest-bulk.yml @@ -13,6 +13,9 @@ on: required: false default: "5" +permissions: + contents: read + jobs: bulk-import: runs-on: ubuntu-latest @@ -22,6 +25,11 @@ jobs: id-token: write if: ${{ github.repository_owner == 'dotnet' }} steps: + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + with: + egress-policy: audit + - name: "Print manual bulk import run reason" if: ${{ github.event_name == 'workflow_dispatch' }} run: | @@ -29,7 +37,7 @@ jobs: - name: Azure OpenID Connect id: azure-oidc-auth - uses: dotnet/docs-tools/.github/actions/oidc-auth-flow@main + uses: dotnet/docs-tools/.github/actions/oidc-auth-flow@5e8bcc78465d45a7544bba56509a1a69922b6a5a # main with: client-id: ${{ secrets.CLIENT_ID }} tenant-id: ${{ secrets.TENANT_ID }} @@ -37,7 +45,7 @@ jobs: - name: bulk-sequester id: bulk-sequester - uses: dotnet/docs-tools/actions/sequester@main + uses: dotnet/docs-tools/actions/sequester@5e8bcc78465d45a7544bba56509a1a69922b6a5a # main env: ImportOptions__ApiKeys__GitHubToken: ${{ secrets.GITHUB_TOKEN }} ImportOptions__ApiKeys__QuestKey: ${{ secrets.QUEST_KEY }} diff --git a/.github/workflows/quest.yml b/.github/workflows/quest.yml index 45b1a6afba..6e75c183cf 100644 --- a/.github/workflows/quest.yml +++ b/.github/workflows/quest.yml @@ -10,6 +10,9 @@ on: description: "The issue number to manually test" required: true +permissions: + contents: read + jobs: import: if: | @@ -25,6 +28,11 @@ jobs: id-token: write steps: + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + with: + egress-policy: audit + - name: "Print manual run reason" if: ${{ github.event_name == 'workflow_dispatch' }} run: | @@ -33,7 +41,7 @@ jobs: - name: Azure OpenID Connect id: azure-oidc-auth - uses: dotnet/docs-tools/.github/actions/oidc-auth-flow@main + uses: dotnet/docs-tools/.github/actions/oidc-auth-flow@5e8bcc78465d45a7544bba56509a1a69922b6a5a # main with: client-id: ${{ secrets.CLIENT_ID }} tenant-id: ${{ secrets.TENANT_ID }} @@ -43,7 +51,7 @@ jobs: - name: manual-sequester if: ${{ github.event_name == 'workflow_dispatch' }} id: manual-sequester - uses: dotnet/docs-tools/actions/sequester@main + uses: dotnet/docs-tools/actions/sequester@5e8bcc78465d45a7544bba56509a1a69922b6a5a # main env: ImportOptions__ApiKeys__GitHubToken: ${{ secrets.GITHUB_TOKEN }} ImportOptions__ApiKeys__AzureAccessToken: ${{ steps.azure-oidc-auth.outputs.access-token }} @@ -59,10 +67,10 @@ jobs: - name: auto-sequester if: ${{ github.event_name != 'workflow_dispatch' }} id: auto-sequester - uses: dotnet/docs-tools/actions/sequester@main + uses: dotnet/docs-tools/actions/sequester@5e8bcc78465d45a7544bba56509a1a69922b6a5a # main env: ImportOptions__ApiKeys__GitHubToken: ${{ secrets.GITHUB_TOKEN }} - ImportOptions__ApiKeys__AzureAccessToken: ${{ $AZURE_ACCESS_TOKEN }} + ImportOptions__ApiKeys__AzureAccessToken: ${{ steps.azure-oidc-auth.outputs.access-token }} ImportOptions__ApiKeys__QuestKey: ${{ secrets.QUEST_KEY }} ImportOptions__ApiKeys__SequesterPrivateKey: ${{ secrets.SEQUESTER_PRIVATEKEY }} ImportOptions__ApiKeys__SequesterAppID: ${{ secrets.SEQUESTER_APPID }} diff --git a/.github/workflows/rebase-needed.yml b/.github/workflows/rebase-needed.yml deleted file mode 100644 index 45617d23e4..0000000000 --- a/.github/workflows/rebase-needed.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: "rebase required" - -on: - push: - pull_request: - types: [synchronize] - -jobs: - label-rebase-needed: - runs-on: ubuntu-latest - steps: - - name: Check for merge conflicts - uses: eps1lon/actions-label-merge-conflict@releases/2.x - with: - dirtyLabel: "rebase needed :construction:" - repoToken: "${{ secrets.GITHUB_TOKEN }}" - commentOnDirty: This pull request has merge conflicts that must be resolved before it can be merged. diff --git a/.github/workflows/snippets5000.yml b/.github/workflows/snippets5000.yml index 18d2035364..5ace8bf1f2 100644 --- a/.github/workflows/snippets5000.yml +++ b/.github/workflows/snippets5000.yml @@ -19,6 +19,9 @@ env: DOTNET_DO_INSTALL: 'true' # To install a version of .NET not provided by the runner, set to true EnableNuGetPackageRestore: 'True' +permissions: + contents: read + jobs: snippets-build: runs-on: windows-2022 @@ -27,13 +30,18 @@ jobs: steps: # Checkout the repository for the PR + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + with: + egress-policy: audit + - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #@v4.1.1 # Get the latest preview SDK (or sdk not installed by the runner) - name: Setup .NET if: ${{ env.DOTNET_DO_INSTALL == 'true' }} - uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 #@4.0.0 + uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee #@4.0.1 with: dotnet-version: ${{ env.DOTNET_VERSION }} dotnet-quality: ${{ env.DOTNET_QUALITY }} diff --git a/.github/workflows/version-sweep.yml b/.github/workflows/version-sweep.yml index b843d3551b..19e6ac649f 100644 --- a/.github/workflows/version-sweep.yml +++ b/.github/workflows/version-sweep.yml @@ -1,47 +1,46 @@ -# This is a basic workflow to help you get started with Actions - name: "target supported version" -# Controls when the action will run. on: - # Triggers the workflow on push or pull request events but only for the default branch - schedule: - - cron: "0 0 1 * *" - workflow_dispatch: - inputs: - reason: - description: "The reason for running the workflow" - required: true - default: "Manual run" + # Triggers the workflow on push or pull request events but only for the default branch + schedule: + - cron: "0 0 1 * *" + workflow_dispatch: + inputs: + reason: + description: "The reason for running the workflow" + required: true + default: "Manual run" + support: + description: "The support level to target (STS, LTS, or Preview)." + required: true + default: "STS" # A workflow run is made up of one or more jobs that can run sequentially or in parallel +permissions: + contents: read + jobs: - # This workflow contains a single job called "build" - version-sweep: - # The type of runner that the job will run on - runs-on: ubuntu-latest - permissions: - issues: write - pull-requests: write + # This workflow contains a single job called "build" + version-sweep: + # The type of runner that the job will run on + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 + # Steps represent a sequence of tasks that will be executed as part of the job + steps: - # Runs a single command using the runners shell - - name: "Print manual run reason" - if: ${{ github.event_name == 'workflow_dispatch' }} - run: | - echo 'Reason: ${{ github.event.inputs.reason }}' + # Start the .NET version updater action + # A composite of the .NET Version Sweeper and the .NET Upgrade Assistant + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + with: + egress-policy: audit - # Start the .NET version sweeper, scan projects/slns for non-LTS (or currrent) versions - - name: .NET version sweeper - id: dotnet-version-sweeper - uses: dotnet/versionsweeper@main - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - owner: ${{ github.repository_owner }} - name: ${{ github.repository }} - branch: ${{ github.ref }} + - name: .NET version updater + id: dotnet-version-updater + uses: dotnet/docs-tools/actions/dotnet-version-updater@5e8bcc78465d45a7544bba56509a1a69922b6a5a # main + with: + support: ${{ github.event.inputs.support }} + token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file