From 0c6c1ef64e7c1ac46f3f46c952536e06f1877364 Mon Sep 17 00:00:00 2001 From: Vincent Biret Date: Mon, 17 Nov 2025 10:17:21 -0500 Subject: [PATCH] ci: syncs changes to v1 branch Signed-off-by: Vincent Biret --- .azure-pipelines/ci-build.yml | 172 +++++++++++++++++- .github/dependabot.yml | 18 +- .../OpenAPI.NET-branch-protection.yml | 119 ++++++++++++ .github/policies/resourceManagement.yml | 101 ++++++++++ .github/pull_request_template.md | 54 ++++++ .github/release-please.yml | 3 + .github/workflows/auto-merge-dependabot.yml | 2 +- .github/workflows/ci-cd.yml | 19 +- .github/workflows/codeql-analysis.yml | 11 +- .github/workflows/release-please-gha.yml | 5 + .github/workflows/sonarcloud.yml | 6 +- 11 files changed, 484 insertions(+), 26 deletions(-) create mode 100644 .github/policies/OpenAPI.NET-branch-protection.yml create mode 100644 .github/policies/resourceManagement.yml create mode 100644 .github/pull_request_template.md diff --git a/.azure-pipelines/ci-build.yml b/.azure-pipelines/ci-build.yml index 968286c19..ee70c8319 100644 --- a/.azure-pipelines/ci-build.yml +++ b/.azure-pipelines/ci-build.yml @@ -6,8 +6,8 @@ trigger: branches: include: - main - - dev - support/v1 + - support/v2 tags: include: - 'v*' @@ -15,12 +15,17 @@ pr: branches: include: - main - - dev - support/v1 + - support/v2 + variables: buildPlatform: 'Any CPU' buildConfiguration: 'Release' ProductBinPath: '$(Build.SourcesDirectory)\src\Microsoft.OpenApi\bin\$(BuildConfiguration)' + REGISTRY: 'msgraphprodregistry.azurecr.io' + IMAGE_NAME: 'public/openapi/hidi' + PREVIEW_BRANCH: 'refs/heads/main' + resources: repositories: - repository: 1ESPipelineTemplates @@ -46,6 +51,10 @@ extends: displayName: 'Publish Artifact: Nugets' artifactName: Nugets targetPath: '$(Build.ArtifactStagingDirectory)/Nugets' + - output: pipelineArtifact + displayName: 'Publish Artifact: RepoFiles' + artifactName: RepoFiles + targetPath: '$(Build.ArtifactStagingDirectory)/RepoFiles' steps: - task: UseDotNet@2 displayName: 'Use .NET 6' @@ -144,7 +153,7 @@ extends: # Pack hidi - pwsh: dotnet pack $(Build.SourcesDirectory)/src/Microsoft.OpenApi.Hidi/Microsoft.OpenApi.Hidi.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg displayName: 'pack Hidi' - + - task: EsrpCodeSigning@5 displayName: 'ESRP CodeSigning Nuget Packages' inputs: @@ -195,12 +204,29 @@ extends: targetFolder: $(Build.ArtifactStagingDirectory)/Nugets sourceFolder: $(Build.ArtifactStagingDirectory) content: '*.nupkg' - + + # Copy repository files to be used in the deploy stage + - task: CopyFiles@2 + displayName: 'Copy repository files for deploy stage' + inputs: + SourceFolder: '$(Build.SourcesDirectory)' + Contents: | + **/* + !**/bin/** + !**/obj/** + !**/.git/** + TargetFolder: '$(Build.ArtifactStagingDirectory)/RepoFiles' + - stage: deploy - condition: and(contains(variables['build.sourceBranch'], 'refs/tags/v'), succeeded()) + condition: and(or(contains(variables['Build.SourceBranch'], 'refs/tags/v'), eq(variables['Build.SourceBranch'], variables['PREVIEW_BRANCH'])), succeeded()) dependsOn: build + pool: + name: Azure-Pipelines-1ESPT-ExDShared + os: linux + image: ubuntu-latest jobs: - deployment: deploy_hidi + condition: and(contains(variables['build.SourceBranch'], 'refs/tags/v'), succeeded()) templateContext: type: releaseJob isProduction: true @@ -225,6 +251,7 @@ extends: publishFeedCredentials: 'OpenAPI Nuget Connection' - deployment: deploy_lib + condition: and(contains(variables['build.SourceBranch'], 'refs/tags/v'), succeeded()) templateContext: type: releaseJob isProduction: true @@ -240,11 +267,11 @@ extends: pool: vmImage: ubuntu-latest steps: - - powershell: | + - pwsh: | $fileNames = "$(Pipeline.Workspace)/Microsoft.OpenApi.Hidi.*.nupkg", "$(Pipeline.Workspace)/Microsoft.OpenApi.Readers.*.nupkg", "$(Pipeline.Workspace)/Microsoft.OpenApi.Workbench.*.nupkg" foreach($fileName in $fileNames) { if(Test-Path $fileName) { - rm $fileName -Verbose + Remove-Item $fileName -Verbose } } displayName: remove other nupkgs to avoid duplication @@ -257,6 +284,7 @@ extends: publishFeedCredentials: 'OpenAPI Nuget Connection' - deployment: deploy_readers + condition: and(contains(variables['build.SourceBranch'], 'refs/tags/v'), succeeded()) templateContext: type: releaseJob isProduction: true @@ -281,6 +309,7 @@ extends: publishFeedCredentials: 'OpenAPI Nuget Connection' - deployment: create_github_release + condition: and(contains(variables['build.SourceBranch'], 'refs/tags/v'), succeeded()) templateContext: type: releaseJob isProduction: true @@ -315,3 +344,132 @@ extends: assets: '$(Pipeline.Workspace)\**\*.exe' addChangeLog: false + - deployment: deploy_docker_image + environment: docker-images-deploy + templateContext: + type: releaseJob + isProduction: true + inputs: + - input: pipelineArtifact + artifactName: RepoFiles + targetPath: '$(Pipeline.Workspace)' + strategy: + runOnce: + deploy: + pool: + vmImage: 'ubuntu-latest' + steps: + - task: AzureCLI@2 + displayName: 'Login to Azure Container Registry' + inputs: + azureSubscription: 'ACR Images Push Service Connection' + scriptType: bash + scriptLocation: inlineScript + inlineScript: | + az acr login --name $(REGISTRY) + + - pwsh: | + $content = [XML](Get-Content $(Pipeline.Workspace)/Directory.Build.props) + Write-Host "XML loaded, finding version..." + + # Handle PropertyGroup as either a single element or array + $version = $null + if ($content.Project.PropertyGroup -is [array]) { + Write-Host "PropertyGroup is an array, checking each entry..." + foreach ($pg in $content.Project.PropertyGroup) { + if ($pg.Version) { + $version = $pg.Version.ToString().Trim() + Write-Host "Found version in PropertyGroup array: $version" + break + } + } + } else { + # Single PropertyGroup + $version = $content.Project.PropertyGroup.Version + if ($version) { + $version = $version.ToString().Trim() + Write-Host "Found version in PropertyGroup: $version" + } + } + + if (-not $version) { + Write-Host "##vso[task.logissue type=error]Version not found in Directory.Build.props" + exit 1 + } + + Write-Host "Version found: $version" + Write-Host "##vso[task.setvariable variable=version;isoutput=true]$version" + Write-Host "##vso[task.setvariable variable=VERSION]$version" + displayName: 'Get version from csproj' + name: getversion + + - bash: | + # Debug output to verify version variable + echo "Version from previous step: $VERSION" + displayName: 'Verify version variable' + + - bash: | + echo "Build Number: $(Build.BuildNumber)" + # Extract the last 3 characters for the run number + runnumber=$(echo "$(Build.BuildNumber)" | grep -o '[0-9]\+$') + echo "Extracted Run Number: $runnumber" + + # If extraction fails, set a default + if [ -z "$runnumber" ]; then + echo "Extraction failed, using default value" + runnumber=$(date +"%S%N" | cut -c1-3) + echo "Generated fallback run number: $runnumber" + fi + + # Set the variable for later steps + echo "##vso[task.setvariable variable=RUNNUMBER]$runnumber" + echo "##vso[task.setvariable variable=RUNNUMBER;isOutput=true]$runnumber" + displayName: 'Get truncated run number' + name: getrunnumber + condition: eq(variables['Build.SourceBranch'], variables['PREVIEW_BRANCH']) + + - bash: | + date=$(date +'%Y%m%d') + echo "Date value: $date" + echo "##vso[task.setvariable variable=BUILDDATE;isOutput=true]$date" + echo "##vso[task.setvariable variable=BUILDDATE]$date" + displayName: 'Get current date' + name: setdate + condition: eq(variables['Build.SourceBranch'], variables['PREVIEW_BRANCH']) + + - script: | + docker run --privileged --rm msgraphprodregistry.azurecr.io/tonistiigi/binfmt --install all + displayName: "Enable multi-platform builds" + + - script: | + docker buildx create --use --name mybuilder + displayName: "Set up Docker BuildX" + + - script: | + docker buildx inspect --bootstrap + displayName: "Ensure BuildX is working" + + - bash: | + echo "Building Docker image..." + echo "Using build date: ${BUILDDATE}" + # Using quotes around tags to prevent flag interpretation + docker buildx build \ + --platform linux/amd64,linux/arm64/v8 \ + --push \ + -t "$(REGISTRY)/$(IMAGE_NAME):nightly" \ + -t "$(REGISTRY)/$(IMAGE_NAME):${VERSION}.${BUILDDATE}${RUNNUMBER}" \ + "$(Pipeline.Workspace)" + + displayName: 'Build and Push Nightly Image' + condition: eq(variables['Build.SourceBranch'], variables['PREVIEW_BRANCH']) + + - bash: | + echo "Building Docker image for release..." + docker buildx build\ + --platform linux/amd64,linux/arm64/v8 \ + --push \ + -t "$(REGISTRY)/$(IMAGE_NAME):latest" \ + -t "$(REGISTRY)/$(IMAGE_NAME):${VERSION}" \ + "$(Pipeline.Workspace)" + displayName: 'Build and Push Release Image' + condition: contains(variables['Build.SourceBranch'], 'refs/tags/v') \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f3952729f..87b987112 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,13 +5,23 @@ updates: directory: "/" open-pull-requests-limit: 10 schedule: - interval: "weekly" - + interval: "daily" - package-ecosystem: "nuget" # location of package manifests directory: "/" open-pull-requests-limit: 10 schedule: interval: "daily" - -# Built with ❤ by [Pipeline Foundation](https://pipeline.foundation) \ No newline at end of file + groups: + MicrosoftExtensions: + patterns: + - "Microsoft.Extensions.*" + - package-ecosystem: dotnet-sdk + directory: / + schedule: + interval: "daily" + ignore: + - dependency-name: '*' + update-types: + - version-update:semver-major + - version-update:semver-minor diff --git a/.github/policies/OpenAPI.NET-branch-protection.yml b/.github/policies/OpenAPI.NET-branch-protection.yml new file mode 100644 index 000000000..2d8fd2a73 --- /dev/null +++ b/.github/policies/OpenAPI.NET-branch-protection.yml @@ -0,0 +1,119 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +# File initially created using https://github.com/MIchaelMainer/policyservicetoolkit/blob/main/branch_protection_export.ps1. + +name: OpenAPI.NET-branch-protection +description: Branch protection policy for the OpenAPI.NET repository +resource: repository +configuration: + branchProtectionRules: + + - branchNamePattern: main + # This branch pattern applies to the following branches as of approximately 02/27/2025 15:28:20: + # main + + # Specifies whether this branch can be deleted. boolean + allowsDeletions: false + # Specifies whether forced pushes are allowed on this branch. boolean + allowsForcePushes: false + # Specifies whether new commits pushed to the matching branches dismiss pull request review approvals. boolean + dismissStaleReviews: true + # Specifies whether admins can overwrite branch protection. boolean + isAdminEnforced: true + # Indicates whether "Require a pull request before merging" is enabled. boolean + requiresPullRequestBeforeMerging: true + # Specifies the number of pull request reviews before merging. int (0-6). Should be null/empty if PRs are not required + requiredApprovingReviewsCount: 1 + # Require review from Code Owners. Requires requiredApprovingReviewsCount. boolean + requireCodeOwnersReview: true + # Are commits required to be signed. boolean. TODO: all contributors must have commit signing on local machines. + requiresCommitSignatures: false + # Are conversations required to be resolved before merging? boolean + requiresConversationResolution: true + # Are merge commits prohibited from being pushed to this branch. boolean + requiresLinearHistory: false + # Required status checks to pass before merging. Values can be any string, but if the value does not correspond to any existing status check, the status check will be stuck on pending for status since nothing exists to push an actual status + requiredStatusChecks: + - license/cla + - CodeQL + - Continuous Integration + # Require branches to be up to date before merging. boolean + requiresStrictStatusChecks: false + # Indicates whether there are restrictions on who can push. boolean. Should be set with whoCanPush. + restrictsPushes: false + # Restrict who can dismiss pull request reviews. boolean + restrictsReviewDismissals: false + + - branchNamePattern: support/v1 + # This branch pattern applies to the following branches as of approximately 02/27/2025 15:28:20: + # support/v1 + + # Specifies whether this branch can be deleted. boolean + allowsDeletions: false + # Specifies whether forced pushes are allowed on this branch. boolean + allowsForcePushes: false + # Specifies whether new commits pushed to the matching branches dismiss pull request review approvals. boolean + dismissStaleReviews: true + # Specifies whether admins can overwrite branch protection. boolean + isAdminEnforced: true + # Indicates whether "Require a pull request before merging" is enabled. boolean + requiresPullRequestBeforeMerging: true + # Specifies the number of pull request reviews before merging. int (0-6). Should be null/empty if PRs are not required + requiredApprovingReviewsCount: 1 + # Require review from Code Owners. Requires requiredApprovingReviewsCount. boolean + requireCodeOwnersReview: true + # Are commits required to be signed. boolean. TODO: all contributors must have commit signing on local machines. + requiresCommitSignatures: false + # Are conversations required to be resolved before merging? boolean + requiresConversationResolution: true + # Are merge commits prohibited from being pushed to this branch. boolean + requiresLinearHistory: false + # Required status checks to pass before merging. Values can be any string, but if the value does not correspond to any existing status check, the status check will be stuck on pending for status since nothing exists to push an actual status + requiredStatusChecks: + - license/cla + - CodeQL + - Continuous Integration + # Require branches to be up to date before merging. boolean + requiresStrictStatusChecks: false + # Indicates whether there are restrictions on who can push. boolean. Should be set with whoCanPush. + restrictsPushes: false + # Restrict who can dismiss pull request reviews. boolean + restrictsReviewDismissals: false + + - branchNamePattern: support/v2 + # This branch pattern applies to the following branches as of approximately 02/27/2025 15:28:20: + # support/v1 + + # Specifies whether this branch can be deleted. boolean + allowsDeletions: false + # Specifies whether forced pushes are allowed on this branch. boolean + allowsForcePushes: false + # Specifies whether new commits pushed to the matching branches dismiss pull request review approvals. boolean + dismissStaleReviews: true + # Specifies whether admins can overwrite branch protection. boolean + isAdminEnforced: true + # Indicates whether "Require a pull request before merging" is enabled. boolean + requiresPullRequestBeforeMerging: true + # Specifies the number of pull request reviews before merging. int (0-6). Should be null/empty if PRs are not required + requiredApprovingReviewsCount: 1 + # Require review from Code Owners. Requires requiredApprovingReviewsCount. boolean + requireCodeOwnersReview: true + # Are commits required to be signed. boolean. TODO: all contributors must have commit signing on local machines. + requiresCommitSignatures: false + # Are conversations required to be resolved before merging? boolean + requiresConversationResolution: true + # Are merge commits prohibited from being pushed to this branch. boolean + requiresLinearHistory: false + # Required status checks to pass before merging. Values can be any string, but if the value does not correspond to any existing status check, the status check will be stuck on pending for status since nothing exists to push an actual status + requiredStatusChecks: + - license/cla + - CodeQL + - Continuous Integration + # Require branches to be up to date before merging. boolean + requiresStrictStatusChecks: false + # Indicates whether there are restrictions on who can push. boolean. Should be set with whoCanPush. + restrictsPushes: false + # Restrict who can dismiss pull request reviews. boolean + restrictsReviewDismissals: false + diff --git a/.github/policies/resourceManagement.yml b/.github/policies/resourceManagement.yml new file mode 100644 index 000000000..0fc5c93a2 --- /dev/null +++ b/.github/policies/resourceManagement.yml @@ -0,0 +1,101 @@ +id: +name: GitOps.PullRequestIssueManagement +description: GitOps.PullRequestIssueManagement primitive +owner: +resource: repository +disabled: false +where: +configuration: + resourceManagementConfiguration: + scheduledSearches: + - description: + frequencies: + - hourly: + hour: 6 + filters: + - isIssue + - isOpen + - hasLabel: + label: 'status:waiting-for-author-feedback' + - hasLabel: + label: 'status:no-recent-activity' + - noActivitySince: + days: 3 + actions: + - closeIssue + - description: + frequencies: + - hourly: + hour: 6 + filters: + - isIssue + - isOpen + - hasLabel: + label: 'status:waiting-for-author-feedback' + - noActivitySince: + days: 4 + - isNotLabeledWith: + label: 'status:no-recent-activity' + actions: + - addLabel: + label: 'status:no-recent-activity' + - addReply: + reply: This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for **4 days**. It will be closed if no further activity occurs **within 3 days of this comment**. + - description: + frequencies: + - hourly: + hour: 6 + filters: + - isIssue + - isOpen + - hasLabel: + label: 'status:duplicate' + - noActivitySince: + days: 1 + actions: + - addReply: + reply: This issue has been marked as duplicate and has not had any activity for **1 day**. It will be closed for housekeeping purposes. + - closeIssue + eventResponderTasks: + - if: + - payloadType: Issue_Comment + - isAction: + action: Created + - isActivitySender: + issueAuthor: True + - hasLabel: + label: 'status:waiting-for-author-feedback' + - isOpen + then: + - addLabel: + label: 'Needs: Attention :wave:' + - removeLabel: + label: 'status:waiting-for-author-feedback' + description: + - if: + - payloadType: Issues + - not: + isAction: + action: Closed + - hasLabel: + label: 'status:no-recent-activity' + then: + - removeLabel: + label: 'status:no-recent-activity' + description: + - if: + - payloadType: Issue_Comment + - hasLabel: + label: 'status:no-recent-activity' + then: + - removeLabel: + label: 'status:no-recent-activity' + description: + - if: + - payloadType: Pull_Request + then: + - inPrLabel: + label: WIP + description: +onFailure: +onSuccess: diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000000000..0d19e6ac4 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,54 @@ +# Pull Request + + + +## Description + + +## Type of Change + +- [ ] Bug fix (non-breaking change which fixes an issue) +- [ ] New feature (non-breaking change which adds functionality) +- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) +- [ ] Documentation update +- [ ] Other (please describe): + +## Related Issue(s) + + +## Changes Made + +- +- +- + +## Testing + +- [ ] Unit tests added/updated +- [ ] Integration tests added/updated +- [ ] Manual testing performed +- [ ] All existing tests pass + +## Checklist + +- [ ] My code follows the code style of this project +- [ ] I have performed a self-review of my own code +- [ ] I have made corresponding changes to the documentation +- [ ] My changes generate no new warnings +- [ ] I have added tests that prove my fix is effective or that my feature works +- [ ] New and existing unit tests pass locally with my changes + +## Versions applicability + +- [ ] My change applies to the version 1.X of the library, if so PR link: +- [ ] My change applies to the version 2.X of the library, if so PR link: +- [ ] My change applies to the version 3.X of the library, if so PR link: +- [ ] I have evaluated the applicability of my change against the other versions above. + +See [the contributing guidelines](https://github.com/microsoft/OpenAPI.NET/blob/main/CONTRIBUTING.md) for more information about how patches are applied across multiple versions. + +## Additional Notes + \ No newline at end of file diff --git a/.github/release-please.yml b/.github/release-please.yml index c821fc166..ce23f6ec0 100644 --- a/.github/release-please.yml +++ b/.github/release-please.yml @@ -3,5 +3,8 @@ primaryBranch: main handleGHRelease: true branches: - branch: support/v1 + manifest: true + handleGHRelease: true + - branch: support/v2 manifest: true handleGHRelease: true \ No newline at end of file diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-merge-dependabot.yml index 3d9334e96..d454cd186 100644 --- a/.github/workflows/auto-merge-dependabot.yml +++ b/.github/workflows/auto-merge-dependabot.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@v2.2.0 + uses: dependabot/fetch-metadata@v2.4.0 with: github-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 595d473c8..9d55602b3 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -14,13 +14,13 @@ jobs: GITHUB_RUN_NUMBER: ${{ github.run_number }} steps: - name: Setup .NET - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@v5 with: dotnet-version: 8.x - name: Checkout repository id: checkout_repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: token: ${{ secrets.GITHUB_TOKEN }} fetch-depth: 0 @@ -41,10 +41,10 @@ jobs: name: Validate Project for Trimming runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Setup .NET - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@v5 with: dotnet-version: 8.x @@ -58,10 +58,10 @@ jobs: needs: [ci] steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Setup .NET - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@v5 with: dotnet-version: 8.x @@ -75,6 +75,13 @@ jobs: dotnet run -c Release working-directory: ./performance/benchmark + - name: Publish benchmark results + uses: actions/upload-artifact@v5 + with: + if-no-files-found: error + name: benchmark-results + path: "${{ github.workspace }}/performance/benchmark/BenchmarkDotNet.Artifacts/results" + - name: Run comparison tool for empty models run: dotnet run -c Release --project ./performance/resultsComparer/resultsComparer.csproj -- compare $OLD_REPORT $NEW_REPORT -p IdenticalMemoryUsage shell: bash diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4224ace24..3135b775a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -2,10 +2,11 @@ name: CodeQL Analysis on: push: - branches: [ main, dev ] + branches: [ main, support/v1, support/v2 ] pull_request: schedule: - cron: '0 8 * * *' + workflow_dispatch: permissions: contents: read # these permissions are required to run the codeql analysis @@ -19,16 +20,16 @@ jobs: steps: - name: Checkout repository id: checkout_repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Setup .NET - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@v5 with: dotnet-version: 8.0.x - name: Initialize CodeQL id: init_codeql - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: queries: security-and-quality @@ -48,6 +49,6 @@ jobs: - name: Perform CodeQL Analysis id: analyze_codeql - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 # Built with ❤ by [Pipeline Foundation](https://pipeline.foundation) \ No newline at end of file diff --git a/.github/workflows/release-please-gha.yml b/.github/workflows/release-please-gha.yml index 0fe9326ea..e72901a53 100644 --- a/.github/workflows/release-please-gha.yml +++ b/.github/workflows/release-please-gha.yml @@ -15,6 +15,11 @@ on: branches: - main - support/v1 + - support/v2 + workflow_dispatch: + +permissions: + contents: read jobs: release: diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index a99c68d66..51f9b5986 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -35,15 +35,15 @@ jobs: runs-on: windows-latest steps: - name: Set up JDK 17 - uses: actions/setup-java@v4 + uses: actions/setup-java@v5 with: distribution: 'adopt' java-version: 17 - name: Setup .NET - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@v5 with: dotnet-version: 8.0.x - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Cache SonarCloud packages