Skip to content

Dependency updates for Nov/Dec 2024 #8883

Dependency updates for Nov/Dec 2024

Dependency updates for Nov/Dec 2024 #8883

Workflow file for this run

name: backend
on:
push:
branches: [master]
pull_request:
branches: [master]
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
test_build:
runs-on: ubuntu-22.04
strategy:
matrix:
dotnet: ["8.0.x"]
steps:
# See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
# configuring harden-runner and identifying allowed endpoints.
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
*.actions.githubusercontent.com:443
aka.ms:443
api.github.com:443
api.nuget.org:443
dc.services.visualstudio.com:443
deb.debian.org:80
dotnetbuilds.azureedge.net:443
dotnetcli.azureedge.net:443
github.com:443
md-hdd-t032zjxllntc.z26.blob.storage.azure.net:443
objects.githubusercontent.com:443
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup dotnet
uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1
with:
dotnet-version: ${{ matrix.dotnet }}
- name: Install ffmpeg
uses: FedericoCarboni/setup-ffmpeg@36c6454b5a2348e7794ba2d82a21506605921e3d # v3
- name: Run coverage tests
run: dotnet test Backend.Tests/Backend.Tests.csproj
shell: bash
- name: Upload coverage artifact
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
if-no-files-found: error
name: coverage
path: Backend.Tests/coverage.cobertura.xml
retention-days: 7
- name: Development build
run: dotnet build BackendFramework.sln
- name: Release build
run: dotnet publish BackendFramework.sln
- name: Format check
run: dotnet format --verify-no-changes
upload_coverage:
needs: test_build
runs-on: ubuntu-22.04
steps:
# See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
# configuring harden-runner and identifying allowed endpoints.
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
cli.codecov.io:443
github.com:443
ingest.codecov.io:443
storage.googleapis.com:443
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Download coverage artifact
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: coverage
- name: Upload coverage report
uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
with:
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: true
files: coverage.cobertura.xml
flags: backend
name: Backend
CodeQL_build:
permissions:
actions: read # for github/codeql-action/init to get workflow details
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/autobuild to send a status report
runs-on: ubuntu-22.04
steps:
# See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
# configuring harden-runner and identifying allowed endpoints.
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
aka.ms:443
api.github.com:443
api.nuget.org:443
dc.services.visualstudio.com:443
dotnetcli.azureedge.net:443
github.com:443
objects.githubusercontent.com:443
ts-crl.ws.symantec.com:80
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# Manually install .NET to work around:
# https://github.com/github/codeql-action/issues/757
- name: Setup .NET
uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1
with:
dotnet-version: "8.0.x"
- name: Initialize CodeQL
uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
with:
languages: csharp
- name: Autobuild
uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
- name: Upload artifacts if build failed
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
if: ${{ failure() }}
with:
name: tracer-logs
path: ${{ runner.temp }}/*.log
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
docker_build:
if: ${{ github.event.type }} == "PullRequest"
runs-on: ubuntu-22.04
steps:
# See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
# configuring harden-runner and identifying allowed endpoints.
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
disable-file-monitoring: true
egress-policy: block
allowed-endpoints: >
*.data.mcr.microsoft.com:443
*.symcb.com:80
api.nuget.org:443
archive.ubuntu.com:80
dc.services.visualstudio.com:443
deb.debian.org:80
github.com:443
mcr.microsoft.com:443
security.ubuntu.com:80
ts-crl.ws.symantec.com:80
# For subfolders, currently a full checkout is required.
# See: https://github.com/marketplace/actions/build-and-push-docker-images#path-context
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Build backend
run: |
deploy/scripts/build.py --components backend
shell: bash
- name: Image digest
run: |
docker image inspect combine_backend:latest -f '{{json .Id}}'
shell: bash