From 7a0a5e4364920ed25ed161b957954213362a7a8e Mon Sep 17 00:00:00 2001 From: Daniel Clarke Date: Tue, 30 Jan 2024 13:55:50 +0000 Subject: [PATCH 01/12] Added yml to run codeql against project --- .github/workflows/code-pr-check.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/code-pr-check.yml b/.github/workflows/code-pr-check.yml index dcfa6006..2d7eb47d 100644 --- a/.github/workflows/code-pr-check.yml +++ b/.github/workflows/code-pr-check.yml @@ -36,6 +36,17 @@ jobs: with: dotnet_version: ${{ env.DOTNET_VERSION }} solution_filename: ${{ env.SOLUTION_NAME }} + + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: csharp, javascript + + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 - name: Run unit tests uses: ./.github/actions/run-unit-tests From f6cb471ebc6413be28c615548efc5bafae8f5b88 Mon Sep 17 00:00:00 2001 From: Daniel Clarke Date: Tue, 30 Jan 2024 13:58:58 +0000 Subject: [PATCH 02/12] updated CodeQL version to V2 --- .github/workflows/code-pr-check.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/code-pr-check.yml b/.github/workflows/code-pr-check.yml index 2d7eb47d..4700b959 100644 --- a/.github/workflows/code-pr-check.yml +++ b/.github/workflows/code-pr-check.yml @@ -38,15 +38,15 @@ jobs: solution_filename: ${{ env.SOLUTION_NAME }} - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: csharp, javascript - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v2 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 - name: Run unit tests uses: ./.github/actions/run-unit-tests From dde405ff6fecf55d642051518a8006ca75bfde13 Mon Sep 17 00:00:00 2001 From: Daniel Clarke Date: Tue, 30 Jan 2024 14:08:11 +0000 Subject: [PATCH 03/12] updated CodeQL version to V3 --- .github/workflows/code-pr-check.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/code-pr-check.yml b/.github/workflows/code-pr-check.yml index 4700b959..22bbcf08 100644 --- a/.github/workflows/code-pr-check.yml +++ b/.github/workflows/code-pr-check.yml @@ -38,15 +38,15 @@ jobs: solution_filename: ${{ env.SOLUTION_NAME }} - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: - languages: csharp, javascript + languages: csharp, javascript` - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 - name: Run unit tests uses: ./.github/actions/run-unit-tests From d904265d79763887deb41bd139457139b0b2f9b7 Mon Sep 17 00:00:00 2001 From: Daniel Clarke Date: Tue, 30 Jan 2024 14:15:36 +0000 Subject: [PATCH 04/12] Added dependabot yml --- .github/dependabot.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..2b523a24 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,19 @@ +--- + +version: 2 +updates: + + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily + + - package-ecosystem: docker + directory: / + schedule: + interval: weekly + + — package-ecosystem: nuget + directory: /src/ + schedule: + interval: daily \ No newline at end of file From 4becc401c16002edb4927e3cab83e2c751f6723f Mon Sep 17 00:00:00 2001 From: Daniel Clarke Date: Tue, 30 Jan 2024 14:16:47 +0000 Subject: [PATCH 05/12] change to nuget directory check --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 2b523a24..f8e2e2fa 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -14,6 +14,6 @@ updates: interval: weekly — package-ecosystem: nuget - directory: /src/ + directory: / schedule: interval: daily \ No newline at end of file From 1cd11005bf92d04db4f64e9a796a4331a6384c6f Mon Sep 17 00:00:00 2001 From: Daniel Clarke Date: Tue, 30 Jan 2024 14:19:31 +0000 Subject: [PATCH 06/12] fix to dependabot file format --- .github/dependabot.yml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f8e2e2fa..20d6d920 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,19 +1,17 @@ ---- - version: 2 updates: - package-ecosystem: github-actions directory: / schedule: - interval: daily + interval: 'daily' - package-ecosystem: docker directory: / schedule: - interval: weekly + interval: 'weekly' — package-ecosystem: nuget - directory: / - schedule: - interval: daily \ No newline at end of file + directory: / + schedule: + interval: 'daily' \ No newline at end of file From 0d4f578a672cd12fb79eadd260d1856a3e91f2fa Mon Sep 17 00:00:00 2001 From: Daniel Clarke Date: Tue, 30 Jan 2024 14:22:06 +0000 Subject: [PATCH 07/12] fixed typo in dependabot yaml --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 20d6d920..058de718 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,7 +11,7 @@ updates: schedule: interval: 'weekly' - — package-ecosystem: nuget + - package-ecosystem: nuget directory: / schedule: interval: 'daily' \ No newline at end of file From c1f67d6466d072188bbe40104ad1b9218a6c950e Mon Sep 17 00:00:00 2001 From: Daniel Clarke Date: Tue, 30 Jan 2024 14:26:29 +0000 Subject: [PATCH 08/12] Fixed typo in code-pr-check yml --- .github/workflows/code-pr-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-pr-check.yml b/.github/workflows/code-pr-check.yml index 22bbcf08..4bec33f5 100644 --- a/.github/workflows/code-pr-check.yml +++ b/.github/workflows/code-pr-check.yml @@ -40,7 +40,7 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: - languages: csharp, javascript` + languages: csharp, javascript - name: Autobuild uses: github/codeql-action/autobuild@v3 From 7a7c3c4f2b2950c9a842fda9ebe9d8e4d4a78ad6 Mon Sep 17 00:00:00 2001 From: Daniel Clarke Date: Tue, 30 Jan 2024 15:00:22 +0000 Subject: [PATCH 09/12] added dependency review on PR --- .github/workflows/code-pr-check.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/code-pr-check.yml b/.github/workflows/code-pr-check.yml index 4bec33f5..7f413f3c 100644 --- a/.github/workflows/code-pr-check.yml +++ b/.github/workflows/code-pr-check.yml @@ -48,6 +48,9 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v4 + - name: Run unit tests uses: ./.github/actions/run-unit-tests with: From 871910abdabccc9b7ba38446533e9137d1a37cb4 Mon Sep 17 00:00:00 2001 From: Daniel Clarke Date: Tue, 30 Jan 2024 15:13:15 +0000 Subject: [PATCH 10/12] broke code ql and dependency checks into their own action for reuse --- .../codeql-and-dependency-checks/action.yml | 20 +++++++++++++++++++ .github/workflows/code-pr-check.yml | 15 ++------------ 2 files changed, 22 insertions(+), 13 deletions(-) create mode 100644 .github/actions/codeql-and-dependency-checks/action.yml diff --git a/.github/actions/codeql-and-dependency-checks/action.yml b/.github/actions/codeql-and-dependency-checks/action.yml new file mode 100644 index 00000000..91c4d82f --- /dev/null +++ b/.github/actions/codeql-and-dependency-checks/action.yml @@ -0,0 +1,20 @@ +name: Run CodeQL and dependency review +description: Runs CodeQL checks as well as dependency checks for issues. + +runs: + using: composite + + steps: + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: csharp, javascript + + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + + - name: 'Dependency Review' + uses: actions/dependency-review-action@v4 diff --git a/.github/workflows/code-pr-check.yml b/.github/workflows/code-pr-check.yml index 7f413f3c..8eedad94 100644 --- a/.github/workflows/code-pr-check.yml +++ b/.github/workflows/code-pr-check.yml @@ -37,19 +37,8 @@ jobs: dotnet_version: ${{ env.DOTNET_VERSION }} solution_filename: ${{ env.SOLUTION_NAME }} - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: csharp, javascript - - - name: Autobuild - uses: github/codeql-action/autobuild@v3 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - - - name: 'Dependency Review' - uses: actions/dependency-review-action@v4 + - name: Run CodeQL and dependency checks + uses: ./.github/actions/codeql-and-dependency-checks - name: Run unit tests uses: ./.github/actions/run-unit-tests From e481ee4e5f668800b5f8c606546d47b2cbdf4d3e Mon Sep 17 00:00:00 2001 From: Daniel Clarke Date: Tue, 30 Jan 2024 15:15:30 +0000 Subject: [PATCH 11/12] renamed pr job to be more meaningful --- .github/workflows/code-pr-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-pr-check.yml b/.github/workflows/code-pr-check.yml index 8eedad94..d52f7a48 100644 --- a/.github/workflows/code-pr-check.yml +++ b/.github/workflows/code-pr-check.yml @@ -24,7 +24,7 @@ env: jobs: build-app: - name: Build and run unit tests + name: Build, check and run tests runs-on: ubuntu-22.04 steps: From 66efc8f5b08afd99b87f04123a3861c68a329c2b Mon Sep 17 00:00:00 2001 From: Daniel Clarke Date: Wed, 31 Jan 2024 14:08:37 +0000 Subject: [PATCH 12/12] added labels for each package ecosystem --- .github/dependabot.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 058de718..00e8b757 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,13 +5,19 @@ updates: directory: / schedule: interval: 'daily' + labels: + - github-actions - package-ecosystem: docker directory: / schedule: interval: 'weekly' + labels: + - docker - package-ecosystem: nuget directory: / schedule: - interval: 'daily' \ No newline at end of file + interval: 'daily' + labels: + - nuget \ No newline at end of file