From d14c3e6014e8869d8cf13dcdf99e30dfaaa539cb Mon Sep 17 00:00:00 2001 From: jeffcumpsty-tpx Date: Fri, 13 Feb 2026 09:55:30 +0000 Subject: [PATCH 01/26] Update permissions in deploy.yml to allow writing for GitHub releases --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index ba36fae..7072636 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -13,7 +13,7 @@ concurrency: permissions: packages: read # To pull from GHCR - contents: read + contents: write # To create GitHub releases jobs: deploy-staging: From 59225d97a65521c74a633da1b7ae4c5130b5b662 Mon Sep 17 00:00:00 2001 From: jeffcumpsty-tpx Date: Fri, 13 Feb 2026 10:09:15 +0000 Subject: [PATCH 02/26] Add job name to staging-to-main workflow for clarity --- .github/workflows/staging-to-main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/staging-to-main.yml b/.github/workflows/staging-to-main.yml index b9ba05b..96920b7 100644 --- a/.github/workflows/staging-to-main.yml +++ b/.github/workflows/staging-to-main.yml @@ -12,6 +12,7 @@ permissions: jobs: check-source-branch: + name: staging-to-main-only runs-on: ubuntu-latest steps: - name: Fail if PR is not from staging From 2cdb1c60b16f926a78cb2f000822ab3f679c54a4 Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Fri, 13 Feb 2026 14:43:56 +0000 Subject: [PATCH 03/26] Sanitize URLs in logging for schema loading and error handling (#124) --- OpenReferralApi.Core/Services/SchemaResolverService.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/OpenReferralApi.Core/Services/SchemaResolverService.cs b/OpenReferralApi.Core/Services/SchemaResolverService.cs index 390b5a9..7b78364 100644 --- a/OpenReferralApi.Core/Services/SchemaResolverService.cs +++ b/OpenReferralApi.Core/Services/SchemaResolverService.cs @@ -661,7 +661,7 @@ public async Task CreateSchemaFromJsonAsync(string schemaJson, string? // Set base URI for any remaining reference resolution if provided if (!string.IsNullOrEmpty(documentUri)) { - _logger.LogDebug("Loading schema with base URI: {DocumentUri}", documentUri); + _logger.LogDebug("Loading schema with base URI: {DocumentUri}", SanitizeUrlForLogging(documentUri)); settings.BaseUri = new Uri(documentUri); } @@ -673,7 +673,7 @@ public async Task CreateSchemaFromJsonAsync(string schemaJson, string? } catch (Exception ex) { - _logger.LogError(ex, "Failed to create JSON schema from JSON with resolver. DocumentUri: {DocumentUri}", documentUri ?? "none"); + _logger.LogError(ex, "Failed to create JSON schema from JSON with resolver. DocumentUri: {DocumentUri}", documentUri != null ? SanitizeUrlForLogging(documentUri) : "none"); throw; } } From d5ce010b208efb59aae30dd8ab63864a90fd4ab7 Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Mon, 16 Feb 2026 19:55:16 +0000 Subject: [PATCH 04/26] Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) --- .github/workflows/staging-to-main.yml | 2 +- .gitignore | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/staging-to-main.yml b/.github/workflows/staging-to-main.yml index 96920b7..288e115 100644 --- a/.github/workflows/staging-to-main.yml +++ b/.github/workflows/staging-to-main.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Fail if PR is not from staging - if: github.head_ref != 'staging' + if: github.head_ref != 'staging' && github.actor != 'dependabot[bot]' run: | echo "Error: Merges into 'main' are only allowed from the 'staging' branch." echo "Current source branch: ${{ github.head_ref }}" diff --git a/.gitignore b/.gitignore index db1e784..18d7fd6 100644 --- a/.gitignore +++ b/.gitignore @@ -65,4 +65,6 @@ OpenReferralApi.sln.DotSettings.user results*.json # AI-generated documentation -docs/ \ No newline at end of file +docs/ +OpenReferralApi/logs/oruk-20260215.log +OpenReferralApi/logs/oruk-20260216.log From 61716d3cf7293bdafee42be05b84b16a276e3ef3 Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Mon, 16 Feb 2026 20:20:42 +0000 Subject: [PATCH 05/26] Update .gitignore to ignore all log files in the logs directory (#134) --- .gitignore | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 18d7fd6..545192c 100644 --- a/.gitignore +++ b/.gitignore @@ -66,5 +66,4 @@ results*.json # AI-generated documentation docs/ -OpenReferralApi/logs/oruk-20260215.log -OpenReferralApi/logs/oruk-20260216.log +logs/ From 5d6e6f9ea668b107c1bc3253abb17245f85a1694 Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Mon, 16 Feb 2026 21:44:15 +0000 Subject: [PATCH 06/26] Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. --- .github/workflows/staging-to-main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/staging-to-main.yml b/.github/workflows/staging-to-main.yml index 288e115..31b1e06 100644 --- a/.github/workflows/staging-to-main.yml +++ b/.github/workflows/staging-to-main.yml @@ -20,6 +20,7 @@ jobs: run: | echo "Error: Merges into 'main' are only allowed from the 'staging' branch." echo "Current source branch: ${{ github.head_ref }}" + echo "Current actor: ${{ github.actor }}" exit 1 - name: Success status (from staging) @@ -63,4 +64,4 @@ jobs: '', 'Current source branch: **${{ github.head_ref }}**' ].join('\n') - }); \ No newline at end of file + }); From bb5c84a62dd49620516fcdef17ae54b821d8dbe8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Feb 2026 21:53:26 +0000 Subject: [PATCH 07/26] chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- OpenReferralApi/OpenReferralApi.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OpenReferralApi/OpenReferralApi.csproj b/OpenReferralApi/OpenReferralApi.csproj index b406d47..dd2f6d8 100644 --- a/OpenReferralApi/OpenReferralApi.csproj +++ b/OpenReferralApi/OpenReferralApi.csproj @@ -30,7 +30,7 @@ - + From c266cec059b94144df8cde1d01d377a538bf4c37 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Feb 2026 22:00:29 +0000 Subject: [PATCH 08/26] chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- OpenReferralApi/OpenReferralApi.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OpenReferralApi/OpenReferralApi.csproj b/OpenReferralApi/OpenReferralApi.csproj index dd2f6d8..eeb8b03 100644 --- a/OpenReferralApi/OpenReferralApi.csproj +++ b/OpenReferralApi/OpenReferralApi.csproj @@ -29,7 +29,7 @@ - + From bb9d110c0d0be357ebbb142fd32acff8c4a60859 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Feb 2026 22:24:28 +0000 Subject: [PATCH 09/26] chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- OpenReferralApi/OpenReferralApi.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OpenReferralApi/OpenReferralApi.csproj b/OpenReferralApi/OpenReferralApi.csproj index eeb8b03..734a4cf 100644 --- a/OpenReferralApi/OpenReferralApi.csproj +++ b/OpenReferralApi/OpenReferralApi.csproj @@ -28,7 +28,7 @@ - + From 7a25c74faba7859326e41bd08de2f38371c03ea5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Feb 2026 22:30:47 +0000 Subject: [PATCH 10/26] chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- OpenReferralApi.Tests/OpenReferralApi.Tests.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OpenReferralApi.Tests/OpenReferralApi.Tests.csproj b/OpenReferralApi.Tests/OpenReferralApi.Tests.csproj index 82069fb..b8af000 100644 --- a/OpenReferralApi.Tests/OpenReferralApi.Tests.csproj +++ b/OpenReferralApi.Tests/OpenReferralApi.Tests.csproj @@ -10,7 +10,7 @@ - + From 1908c7a609a2c7bb9023306d3b7360bd948f18be Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Mon, 16 Feb 2026 22:39:07 +0000 Subject: [PATCH 11/26] Update .gitignore to ignore all log files in the logs directory (#136) From 727f5a6fb62b2810531fb33c12ac9649cce7230c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Feb 2026 22:39:23 +0000 Subject: [PATCH 12/26] chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- OpenReferralApi/OpenReferralApi.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OpenReferralApi/OpenReferralApi.csproj b/OpenReferralApi/OpenReferralApi.csproj index 734a4cf..66e5e29 100644 --- a/OpenReferralApi/OpenReferralApi.csproj +++ b/OpenReferralApi/OpenReferralApi.csproj @@ -28,10 +28,10 @@ + - From bd2f247ca1541ee0a53d4be8f808c7c2995fc3b6 Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Mon, 16 Feb 2026 23:20:01 +0000 Subject: [PATCH 13/26] Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 12 ++++++------ .github/workflows/codeql.yml | 4 ++-- .github/workflows/trivy.yml | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 521057c..940e8f0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -90,7 +90,7 @@ jobs: dotnet-version: ${{ env.DOTNET_VERSION }} - name: Initialize CodeQL - uses: github/codeql-action/init@v4.32.2 + uses: github/codeql-action/init@v4.32.3 with: languages: ${{ matrix.language }} build-mode: manual @@ -101,7 +101,7 @@ jobs: dotnet build OpenReferralApi.sln --configuration Release --no-restore --verbosity normal - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4.32.2 + uses: github/codeql-action/analyze@v4.32.3 security-scan-fs: name: Trivy Filesystem Scan @@ -113,7 +113,7 @@ jobs: uses: actions/checkout@v6.0.2 - name: Run Trivy (filesystem) - uses: aquasecurity/trivy-action@0.33.1 + uses: aquasecurity/trivy-action@0.34.0 with: scan-type: 'fs' scan-ref: '.' @@ -122,7 +122,7 @@ jobs: severity: 'CRITICAL,HIGH,MEDIUM,UNKNOWN' - name: Upload Trivy FS SARIF - uses: github/codeql-action/upload-sarif@v4.32.2 + uses: github/codeql-action/upload-sarif@v4.32.3 if: always() with: sarif_file: trivy-fs-results.sarif @@ -199,7 +199,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Run Trivy on built image - uses: aquasecurity/trivy-action@0.33.1 + uses: aquasecurity/trivy-action@0.34.0 continue-on-error: true with: image-ref: ${{ needs.docker-build.outputs.image_ref }} @@ -246,7 +246,7 @@ jobs: fi - name: Upload Trivy Image SARIF - uses: github/codeql-action/upload-sarif@v4.32.2 + uses: github/codeql-action/upload-sarif@v4.32.3 if: steps.trivy_sarif.outputs.present == 'true' with: sarif_file: trivy-image-results.sarif diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b7b3dea..c04e1de 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -27,7 +27,7 @@ jobs: # 2. Initialize CodeQL - name: Initialize CodeQL - uses: github/codeql-action/init@v4.32.2 + uses: github/codeql-action/init@v4.32.3 with: languages: csharp queries: security-and-quality @@ -41,4 +41,4 @@ jobs: # 4. Perform Analysis - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4.32.2 \ No newline at end of file + uses: github/codeql-action/analyze@v4.32.3 \ No newline at end of file diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index df40c3b..01abf7d 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -19,7 +19,7 @@ jobs: uses: actions/checkout@v6.0.2 - name: Run Trivy vulnerability scanner (Config & Dependency) - uses: aquasecurity/trivy-action@0.33.1 # Use the latest version + uses: aquasecurity/trivy-action@0.34.0 # Use the latest version with: scan-type: 'fs' # Scans the file system scan-ref: '.' @@ -29,7 +29,7 @@ jobs: # Trivy will ignore these checks if you have a .trivyignore file - name: Upload Trivy scan results to GitHub Security - uses: github/codeql-action/upload-sarif@v4.32.2 + uses: github/codeql-action/upload-sarif@v4.32.3 if: always() # Upload results even if vulnerabilities are found with: sarif_file: 'trivy-results.sarif' \ No newline at end of file From 8e8417f0b6feeed37189eabda67482fb33071049 Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Thu, 26 Feb 2026 00:13:29 +0000 Subject: [PATCH 14/26] Feature/report additional fields (#140) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add support for reporting additional fields in JSON validation * feat: add option to report additional fields in OpenAPI validation * feat: flatten resolved allOf properties to enhance composite field discovery --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- OpenReferralApi.Core/Models/OpenApiModels.cs | 10 + .../Models/ValidationRequest.cs | 3 + .../Services/JsonValidatorService.cs | 89 +++++++- .../Services/OpenApiValidationService.cs | 16 +- .../Services/SchemaResolverService.cs | 80 +++++++ .../Services/JsonValidatorServiceTests.cs | 197 ++++++++++++++++++ 6 files changed, 387 insertions(+), 8 deletions(-) diff --git a/OpenReferralApi.Core/Models/OpenApiModels.cs b/OpenReferralApi.Core/Models/OpenApiModels.cs index e5643f8..0384eb7 100644 --- a/OpenReferralApi.Core/Models/OpenApiModels.cs +++ b/OpenReferralApi.Core/Models/OpenApiModels.cs @@ -207,6 +207,16 @@ public class OpenApiValidationOptions /// [JsonProperty("returnRawResult")] public bool ReturnRawResult { get; set; } = false; + + /// + /// Whether to report fields in endpoint responses that are not defined in the schema. + /// When true, validates response data against the schema and reports any fields that exist in the response + /// but are not defined in the schema as informational messages. + /// When false (default), only standard schema validation is performed. + /// Useful for identifying undocumented fields, schema drift, or incomplete specifications. + /// + [JsonProperty("reportAdditionalFields")] + public bool ReportAdditionalFields { get; set; } = false; } /// diff --git a/OpenReferralApi.Core/Models/ValidationRequest.cs b/OpenReferralApi.Core/Models/ValidationRequest.cs index 3c9248d..2de1a4a 100644 --- a/OpenReferralApi.Core/Models/ValidationRequest.cs +++ b/OpenReferralApi.Core/Models/ValidationRequest.cs @@ -67,5 +67,8 @@ public class ValidationOptions [JsonProperty("validateSslCertificate")] public bool ValidateSslCertificate { get; set; } = true; + [JsonProperty("reportAdditionalFields")] + public bool ReportAdditionalFields { get; set; } = false; + } diff --git a/OpenReferralApi.Core/Services/JsonValidatorService.cs b/OpenReferralApi.Core/Services/JsonValidatorService.cs index 55996f4..8cda587 100644 --- a/OpenReferralApi.Core/Services/JsonValidatorService.cs +++ b/OpenReferralApi.Core/Services/JsonValidatorService.cs @@ -95,8 +95,15 @@ private async Task ValidateCoreAsync(ValidationRequest request var jsonDataString = JsonConvert.SerializeObject(jsonData, Formatting.Indented); var validationErrors = await ValidateJsonAgainstSchemaAsync(jsonDataString, schema, request.Options); - // Build result - result.IsValid = !validationErrors.Any(); + // Report additional fields if requested + if (request.Options?.ReportAdditionalFields == true) + { + var additionalFieldWarnings = DetectAdditionalFields(jsonDataString, schema); + validationErrors.AddRange(additionalFieldWarnings); + } + + // Build result - only count Error severity as validation failures + result.IsValid = !validationErrors.Any(e => e.Severity == "Error"); result.Errors = validationErrors; result.SchemaVersion = "2020-12"; result.Metadata = new ValidationMetadata @@ -433,5 +440,83 @@ private async Task FetchJsonDataFromUrlAsync(string dataUrl, ValidationO } } + /// + /// Detects fields in the JSON data that are not defined in the schema. + /// Returns a list of validation warnings for each additional field found. + /// + private List DetectAdditionalFields(string jsonData, JSchema schema) + { + var warnings = new List(); + + try + { + var jsonToken = JToken.Parse(jsonData); + DetectAdditionalFieldsRecursive(jsonToken, schema, "", warnings); + } + catch (Exception ex) + { + _logger.LogWarning(ex, "Error detecting additional fields"); + } + + return warnings; + } + + /// + /// Recursively traverses the JSON data and schema to detect fields not defined in the schema. + /// + private void DetectAdditionalFieldsRecursive(JToken jsonToken, JSchema schema, string currentPath, List warnings) + { + // Handle objects + if (jsonToken.Type == JTokenType.Object && jsonToken is JObject jObject) + { + // Get the properties defined in the schema + var schemaProperties = schema.Properties ?? new Dictionary(); + var additionalPropertiesAllowed = schema.AllowAdditionalProperties; + var additionalPropertiesSchema = schema.AdditionalProperties; + + foreach (var property in jObject.Properties()) + { + var propertyPath = string.IsNullOrEmpty(currentPath) ? property.Name : $"{currentPath}.{property.Name}"; + + // Check if this property is defined in the schema + if (!schemaProperties.ContainsKey(property.Name)) + { + // Property not defined in schema - report it + warnings.Add(new ValidationError + { + Path = propertyPath, + Message = $"Field '{property.Name}' is not defined in the schema", + ErrorCode = "ADDITIONAL_FIELD", + Severity = "Info" + }); + } + + // Recursively check nested properties if there's a schema definition + if (schemaProperties.TryGetValue(property.Name, out var propertySchema)) + { + DetectAdditionalFieldsRecursive(property.Value, propertySchema, propertyPath, warnings); + } + else if (additionalPropertiesSchema != null) + { + // If there's an additionalProperties schema, use it for validation + DetectAdditionalFieldsRecursive(property.Value, additionalPropertiesSchema, propertyPath, warnings); + } + } + } + // Handle arrays + else if (jsonToken.Type == JTokenType.Array && jsonToken is JArray jArray) + { + var itemsSchema = schema.Items?.FirstOrDefault(); + if (itemsSchema != null) + { + for (int i = 0; i < jArray.Count; i++) + { + var itemPath = $"{currentPath}[{i}]"; + DetectAdditionalFieldsRecursive(jArray[i], itemsSchema, itemPath, warnings); + } + } + } + } + } diff --git a/OpenReferralApi.Core/Services/OpenApiValidationService.cs b/OpenReferralApi.Core/Services/OpenApiValidationService.cs index 0bdcfeb..bcce783 100644 --- a/OpenReferralApi.Core/Services/OpenApiValidationService.cs +++ b/OpenReferralApi.Core/Services/OpenApiValidationService.cs @@ -576,7 +576,7 @@ private async Task TestSingleEndpointAsync(string path, stri // Validate response if schema is defined if (testResult.IsSuccess && testResult.ResponseBody != null) { - await ValidateResponseAsync(testResult, operation, openApiDocument, documentUri, cancellationToken); + await ValidateResponseAsync(testResult, operation, openApiDocument, documentUri, options, cancellationToken); result.Status = testResult.ValidationResult != null && testResult.ValidationResult.IsValid ? "Success" : "Failed"; } @@ -685,7 +685,7 @@ private async Task TestPaginatedEndpointAsync( // Validate first page response schema if (firstPageResult.ResponseBody != null) { - await ValidateResponseAsync(firstPageResult, operation, openApiDocument, documentUri, cancellationToken); + await ValidateResponseAsync(firstPageResult, operation, openApiDocument, documentUri, options, cancellationToken); } // Try to determine total pages and check for empty feed @@ -722,7 +722,7 @@ private async Task TestPaginatedEndpointAsync( if (middlePageResult.IsSuccess && middlePageResult.ResponseBody != null) { - await ValidateResponseAsync(middlePageResult, operation, openApiDocument, documentUri, cancellationToken); + await ValidateResponseAsync(middlePageResult, operation, openApiDocument, documentUri, options, cancellationToken); } } @@ -734,7 +734,7 @@ private async Task TestPaginatedEndpointAsync( if (lastPageResult.IsSuccess && lastPageResult.ResponseBody != null) { - await ValidateResponseAsync(lastPageResult, operation, openApiDocument, documentUri, cancellationToken); + await ValidateResponseAsync(lastPageResult, operation, openApiDocument, documentUri, options, cancellationToken); } } else @@ -964,7 +964,7 @@ private async Task ExecuteHttpRequestAsync(string url, string me return testResult; } - private async Task ValidateResponseAsync(HttpTestResult testResult, JObject operation, JObject openApiDocument, string? documentUri, CancellationToken cancellationToken) + private async Task ValidateResponseAsync(HttpTestResult testResult, JObject operation, JObject openApiDocument, string? documentUri, OpenApiValidationOptions options, CancellationToken cancellationToken) { try { @@ -996,7 +996,11 @@ private async Task ValidateResponseAsync(HttpTestResult testResult, JObject oper var validationRequest = new ValidationRequest { JsonData = JsonConvert.DeserializeObject(testResult.ResponseBody ?? "{}"), - Schema = schema + Schema = schema, + Options = new ValidationOptions + { + ReportAdditionalFields = options?.ReportAdditionalFields ?? false + } }; var validationResult = await _jsonValidatorService.ValidateAsync(validationRequest, cancellationToken); testResult.ValidationResult = validationResult; diff --git a/OpenReferralApi.Core/Services/SchemaResolverService.cs b/OpenReferralApi.Core/Services/SchemaResolverService.cs index 7b78364..681712f 100644 --- a/OpenReferralApi.Core/Services/SchemaResolverService.cs +++ b/OpenReferralApi.Core/Services/SchemaResolverService.cs @@ -608,12 +608,92 @@ private bool HasSelfReference(JsonNode? schema, string refPointer) { result[kvp.Key] = await ResolveAllRefsAsync(kvp.Value, visitedRefs); } + + // Flatten resolved allOf properties to make composite fields discoverable. + MergeAllOfIntoObject(result); + return result; } return obj; } + private static void MergeAllOfIntoObject(JsonObject target) + { + if (!target.TryGetPropertyValue("allOf", out var allOfNode) || allOfNode is not JsonArray allOfArray) + { + return; + } + + JsonObject? targetProperties = null; + if (target.TryGetPropertyValue("properties", out var propsNode) && propsNode is JsonObject propsObject) + { + targetProperties = propsObject; + } + + JsonArray? targetRequired = null; + if (target.TryGetPropertyValue("required", out var requiredNode) && requiredNode is JsonArray requiredArray) + { + targetRequired = requiredArray; + } + + foreach (var item in allOfArray) + { + if (item is not JsonObject itemObject) + { + continue; + } + + if (itemObject.TryGetPropertyValue("properties", out var itemPropsNode) && itemPropsNode is JsonObject itemProps) + { + targetProperties ??= new JsonObject(); + + foreach (var kvp in itemProps) + { + if (!targetProperties.ContainsKey(kvp.Key)) + { + targetProperties[kvp.Key] = kvp.Value?.DeepClone(); + } + } + } + + if (itemObject.TryGetPropertyValue("required", out var itemRequiredNode) && itemRequiredNode is JsonArray itemRequired) + { + targetRequired ??= new JsonArray(); + + foreach (var requiredItem in itemRequired) + { + if (requiredItem is not JsonValue requiredValue) + { + continue; + } + + var requiredName = requiredValue.GetValue(); + if (!targetRequired.Any(existing => existing?.GetValue() == requiredName)) + { + targetRequired.Add(requiredName); + } + } + } + + if (!target.TryGetPropertyValue("type", out _) && + itemObject.TryGetPropertyValue("type", out var itemTypeNode)) + { + target["type"] = itemTypeNode?.DeepClone(); + } + } + + if (targetProperties != null) + { + target["properties"] = targetProperties; + } + + if (targetRequired != null) + { + target["required"] = targetRequired; + } + } + /// /// Creates a JSON schema from JSON string with proper reference resolution /// diff --git a/OpenReferralApi.Tests/Services/JsonValidatorServiceTests.cs b/OpenReferralApi.Tests/Services/JsonValidatorServiceTests.cs index c2e5770..357cb2d 100644 --- a/OpenReferralApi.Tests/Services/JsonValidatorServiceTests.cs +++ b/OpenReferralApi.Tests/Services/JsonValidatorServiceTests.cs @@ -280,6 +280,203 @@ public async Task ValidateSchemaAsync_WhenSchemaResolverThrows_ReturnsError() Assert.That(result.Errors, Has.Exactly(1).Matches(error => error.ErrorCode == "SCHEMA_VALIDATION_ERROR")); } + [Test] + public async Task ValidateAsync_WithReportAdditionalFields_ReportsFieldsNotInSchema() + { + // Arrange + var schema = new + { + type = "object", + properties = new + { + name = new { type = "string" }, + age = new { type = "number" } + }, + required = new[] { "name" }, + additionalProperties = true + }; + + var request = new ValidationRequest + { + JsonData = new + { + name = "Ada Lovelace", + age = 36, + email = "ada@example.com", // Not in schema + address = new // Not in schema + { + city = "London", + country = "UK" + } + }, + Schema = schema, + Options = new ValidationOptions + { + ReportAdditionalFields = true + } + }; + + // Act + var result = await _service.ValidateAsync(request); + + // Assert + Assert.That(result.IsValid, Is.True, "Data should be valid even with additional fields"); + Assert.That(result.Errors, Has.Some.Matches( + e => e.ErrorCode == "ADDITIONAL_FIELD" && e.Path == "email"), + "Should report 'email' as an additional field"); + Assert.That(result.Errors, Has.Some.Matches( + e => e.ErrorCode == "ADDITIONAL_FIELD" && e.Path == "address"), + "Should report 'address' as an additional field"); + Assert.That(result.Errors.Where(e => e.ErrorCode == "ADDITIONAL_FIELD").All(e => e.Severity == "Info"), + "Additional field warnings should have 'Info' severity"); + } + + [Test] + public async Task ValidateAsync_WithReportAdditionalFieldsFalse_DoesNotReportAdditionalFields() + { + // Arrange + var schema = new + { + type = "object", + properties = new + { + name = new { type = "string" } + }, + required = new[] { "name" }, + additionalProperties = true + }; + + var request = new ValidationRequest + { + JsonData = new + { + name = "Ada Lovelace", + email = "ada@example.com" // Not in schema + }, + Schema = schema, + Options = new ValidationOptions + { + ReportAdditionalFields = false // Explicitly disabled + } + }; + + // Act + var result = await _service.ValidateAsync(request); + + // Assert + Assert.That(result.IsValid, Is.True); + Assert.That(result.Errors, Has.None.Matches( + e => e.ErrorCode == "ADDITIONAL_FIELD"), + "Should not report additional fields when option is disabled"); + } + + [Test] + public async Task ValidateAsync_WithReportAdditionalFields_HandlesNestedObjects() + { + // Arrange + var schema = new + { + type = "object", + properties = new + { + name = new { type = "string" }, + address = new + { + type = "object", + properties = new + { + city = new { type = "string" } + }, + additionalProperties = true + } + }, + additionalProperties = true + }; + + var request = new ValidationRequest + { + JsonData = new + { + name = "Ada Lovelace", + address = new + { + city = "London", + postcode = "SW1A 1AA" // Not in schema + } + }, + Schema = schema, + Options = new ValidationOptions + { + ReportAdditionalFields = true + } + }; + + // Act + var result = await _service.ValidateAsync(request); + + // Assert + Assert.That(result.IsValid, Is.True); + Assert.That(result.Errors, Has.Some.Matches( + e => e.ErrorCode == "ADDITIONAL_FIELD" && e.Path == "address.postcode"), + "Should report nested additional fields"); + } + + [Test] + public async Task ValidateAsync_WithReportAdditionalFields_HandlesArrays() + { + // Arrange + var schema = new + { + type = "object", + properties = new + { + users = new + { + type = "array", + items = new + { + type = "object", + properties = new + { + name = new { type = "string" } + }, + additionalProperties = true + } + } + }, + additionalProperties = true + }; + + var request = new ValidationRequest + { + JsonData = new + { + users = new object[] + { + new { name = "Ada", age = 36 }, // 'age' not in schema + new { name = "Charles", role = "Professor" } // 'role' not in schema + } + }, + Schema = schema, + Options = new ValidationOptions + { + ReportAdditionalFields = true + } + }; + + // Act + var result = await _service.ValidateAsync(request); + + // Assert + Assert.That(result.IsValid, Is.True); + Assert.That(result.Errors, Has.Some.Matches( + e => e.ErrorCode == "ADDITIONAL_FIELD" && e.Path == "users[0].age"), + "Should report additional fields in array items"); + Assert.That(result.Errors, Has.Some.Matches( + e => e.ErrorCode == "ADDITIONAL_FIELD" && e.Path == "users[1].role"), + "Should report additional fields in array items"); + } + private void SetupHttpMock(string schemaJson, string dataJson) { var mockHandler = new MockHttpMessageHandler(schemaJson, dataJson); From 6015777c3c4bb8e2b41036e9caa2356a0bbd1fbf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Feb 2026 00:31:27 +0000 Subject: [PATCH 15/26] chore: Bump the testing-packages group with 1 update (#142) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: bump the github-actions-updates group with 2 updates (#141) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.3...v4.32.4) Updates `aquasecurity/trivy-action` from 0.34.0 to 0.34.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.34.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the microsoft-packages group with 1 update (#145) Bumps Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump JsonSchema.Net from 9.1.0 to 9.1.1 (#143) --- updated-dependencies: - dependency-name: JsonSchema.Net dependency-version: 9.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Swashbuckle.AspNetCore from 10.1.3 to 10.1.4 (#144) --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update Bumps NUnit from 4.4.0 to 4.5.0 --- updated-dependencies: - dependency-name: NUnit dependency-version: 4.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: testing-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 12 ++++++------ .github/workflows/codeql.yml | 4 ++-- .github/workflows/trivy.yml | 4 ++-- OpenReferralApi.Tests/OpenReferralApi.Tests.csproj | 4 ++-- OpenReferralApi/OpenReferralApi.csproj | 4 ++-- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 940e8f0..c9d7c6c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -90,7 +90,7 @@ jobs: dotnet-version: ${{ env.DOTNET_VERSION }} - name: Initialize CodeQL - uses: github/codeql-action/init@v4.32.3 + uses: github/codeql-action/init@v4.32.4 with: languages: ${{ matrix.language }} build-mode: manual @@ -101,7 +101,7 @@ jobs: dotnet build OpenReferralApi.sln --configuration Release --no-restore --verbosity normal - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4.32.3 + uses: github/codeql-action/analyze@v4.32.4 security-scan-fs: name: Trivy Filesystem Scan @@ -113,7 +113,7 @@ jobs: uses: actions/checkout@v6.0.2 - name: Run Trivy (filesystem) - uses: aquasecurity/trivy-action@0.34.0 + uses: aquasecurity/trivy-action@0.34.1 with: scan-type: 'fs' scan-ref: '.' @@ -122,7 +122,7 @@ jobs: severity: 'CRITICAL,HIGH,MEDIUM,UNKNOWN' - name: Upload Trivy FS SARIF - uses: github/codeql-action/upload-sarif@v4.32.3 + uses: github/codeql-action/upload-sarif@v4.32.4 if: always() with: sarif_file: trivy-fs-results.sarif @@ -199,7 +199,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Run Trivy on built image - uses: aquasecurity/trivy-action@0.34.0 + uses: aquasecurity/trivy-action@0.34.1 continue-on-error: true with: image-ref: ${{ needs.docker-build.outputs.image_ref }} @@ -246,7 +246,7 @@ jobs: fi - name: Upload Trivy Image SARIF - uses: github/codeql-action/upload-sarif@v4.32.3 + uses: github/codeql-action/upload-sarif@v4.32.4 if: steps.trivy_sarif.outputs.present == 'true' with: sarif_file: trivy-image-results.sarif diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c04e1de..c5e0009 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -27,7 +27,7 @@ jobs: # 2. Initialize CodeQL - name: Initialize CodeQL - uses: github/codeql-action/init@v4.32.3 + uses: github/codeql-action/init@v4.32.4 with: languages: csharp queries: security-and-quality @@ -41,4 +41,4 @@ jobs: # 4. Perform Analysis - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4.32.3 \ No newline at end of file + uses: github/codeql-action/analyze@v4.32.4 diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 01abf7d..bbf8df3 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -19,7 +19,7 @@ jobs: uses: actions/checkout@v6.0.2 - name: Run Trivy vulnerability scanner (Config & Dependency) - uses: aquasecurity/trivy-action@0.34.0 # Use the latest version + uses: aquasecurity/trivy-action@0.34.1 # Use the latest version with: scan-type: 'fs' # Scans the file system scan-ref: '.' @@ -29,7 +29,7 @@ jobs: # Trivy will ignore these checks if you have a .trivyignore file - name: Upload Trivy scan results to GitHub Security - uses: github/codeql-action/upload-sarif@v4.32.3 + uses: github/codeql-action/upload-sarif@v4.32.4 if: always() # Upload results even if vulnerabilities are found with: sarif_file: 'trivy-results.sarif' \ No newline at end of file diff --git a/OpenReferralApi.Tests/OpenReferralApi.Tests.csproj b/OpenReferralApi.Tests/OpenReferralApi.Tests.csproj index b8af000..17d9fc3 100644 --- a/OpenReferralApi.Tests/OpenReferralApi.Tests.csproj +++ b/OpenReferralApi.Tests/OpenReferralApi.Tests.csproj @@ -11,9 +11,9 @@ - + - + diff --git a/OpenReferralApi/OpenReferralApi.csproj b/OpenReferralApi/OpenReferralApi.csproj index 66e5e29..a8e1f31 100644 --- a/OpenReferralApi/OpenReferralApi.csproj +++ b/OpenReferralApi/OpenReferralApi.csproj @@ -18,7 +18,7 @@ - + @@ -31,7 +31,7 @@ - + From 95b545490fc724d3ed09823b25283e68c224294b Mon Sep 17 00:00:00 2001 From: jeffcumpsty-tpx Date: Thu, 26 Feb 2026 14:48:59 +0000 Subject: [PATCH 16/26] Merge branch 'main' of https://github.com/tpximpact/OpenReferralApi into staging --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c5e0009..5fc268b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,4 +41,4 @@ jobs: # 4. Perform Analysis - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4.32.4 + uses: github/codeql-action/analyze@v4.32.2 \ No newline at end of file From 765546844d36d87ed360192a6b4e0cff430e7ec3 Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Thu, 26 Feb 2026 14:57:05 +0000 Subject: [PATCH 17/26] Merge branch 'main' of https://github.com/tpximpact/OpenReferralApi into staging (#147) --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c5e0009..5fc268b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,4 +41,4 @@ jobs: # 4. Perform Analysis - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4.32.4 + uses: github/codeql-action/analyze@v4.32.2 \ No newline at end of file From 9c1e2c52be4a86bd2ac887105318fa8e65102275 Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Thu, 26 Feb 2026 15:08:20 +0000 Subject: [PATCH 18/26] Merge main into staging (#148) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: bump the github-actions-updates group with 2 updates (#141) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.3...v4.32.4) Updates `aquasecurity/trivy-action` from 0.34.0 to 0.34.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.34.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the microsoft-packages group with 1 update (#145) Bumps Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump JsonSchema.Net from 9.1.0 to 9.1.1 (#143) --- updated-dependencies: - dependency-name: JsonSchema.Net dependency-version: 9.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Swashbuckle.AspNetCore from 10.1.3 to 10.1.4 (#144) --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5fc268b..7298808 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,4 +41,4 @@ jobs: # 4. Perform Analysis - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4.32.2 \ No newline at end of file + uses: github/codeql-action/analyze@v4.32.4 \ No newline at end of file From 3137c3ef11a3c5b783e9ace3e4ded64e0b49bb90 Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Fri, 27 Feb 2026 02:29:03 +0000 Subject: [PATCH 19/26] Add steps to prepare lowercase Docker image names for CI/CD workflows (#151) --- .github/workflows/ci.yml | 12 ++++++++++-- .github/workflows/deploy.yml | 20 ++++++++++++++++++-- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c9d7c6c..fcc1384 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -149,11 +149,19 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Prepare lowercase image name + id: lowercase + run: | + repo_owner="${{ github.repository_owner }}" + repo_name="${{ github.event.repository.name }}" + echo "repo_owner=$(echo "$repo_owner" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" + echo "repo_name=$(echo "$repo_name" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" + - name: Extract Docker metadata & tags id: meta uses: docker/metadata-action@v5.10.0 with: - images: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }} + images: ghcr.io/${{ steps.lowercase.outputs.repo_owner }}/${{ steps.lowercase.outputs.repo_name }} tags: | type=sha,format=short type=ref,event=branch @@ -168,7 +176,7 @@ jobs: image_ref=$(echo "$tags_raw" | tr ',' '\n' | grep ':sha-' | head -n 1) if [ -z "$image_ref" ]; then - image_ref="ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:sha-${{ github.sha }}" + image_ref="ghcr.io/${{ steps.lowercase.outputs.repo_owner }}/${{ steps.lowercase.outputs.repo_name }}:sha-${{ github.sha }}" fi echo "image_ref=$image_ref" >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 7072636..260eb0e 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -42,10 +42,18 @@ jobs: HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} run: heroku stack:set container --app ${{ vars.HEROKU_STAGING_APP }} + - name: Prepare lowercase image name + id: lowercase + run: | + repo_owner="${{ github.repository_owner }}" + repo_name="${{ github.event.repository.name }}" + echo "repo_owner=$(echo "$repo_owner" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" + echo "repo_name=$(echo "$repo_name" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" + - name: Pull tested image from GHCR & deploy to Heroku Staging env: HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} - IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }} + IMAGE_NAME: ghcr.io/${{ steps.lowercase.outputs.repo_owner }}/${{ steps.lowercase.outputs.repo_name }} run: | SHORT_SHA=$(echo ${{ github.event.workflow_run.head_sha }} | cut -c1-7) echo "Deploying tested image: ${IMAGE_NAME}:sha-${SHORT_SHA} → ${{ vars.HEROKU_STAGING_APP }}" @@ -94,10 +102,18 @@ jobs: HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} run: heroku stack:set container --app ${{ vars.HEROKU_PROD_APP }} + - name: Prepare lowercase image name + id: lowercase + run: | + repo_owner="${{ github.repository_owner }}" + repo_name="${{ github.event.repository.name }}" + echo "repo_owner=$(echo "$repo_owner" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" + echo "repo_name=$(echo "$repo_name" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" + - name: Pull tested image from GHCR & deploy to Heroku Production env: HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} - IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }} + IMAGE_NAME: ghcr.io/${{ steps.lowercase.outputs.repo_owner }}/${{ steps.lowercase.outputs.repo_name }} run: | SHORT_SHA=$(echo ${{ github.event.workflow_run.head_sha }} | cut -c1-7) echo "Deploying tested image: ${IMAGE_NAME}:sha-${SHORT_SHA} → ${{ vars.HEROKU_PROD_APP }}" From 3a2da5963b6d5df6296f70576cb64ec137601443 Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Fri, 27 Feb 2026 16:08:41 +0000 Subject: [PATCH 20/26] Staging (#150) (#153) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- * Feature/report additional fields (#140) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- --------- * feat: add support for reporting additional fields in JSON validation * feat: add option to report additional fields in OpenAPI validation * feat: flatten resolved allOf properties to enhance composite field discovery --------- * chore: Bump the testing-packages group with 1 update (#142) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- --------- * ci: bump the github-actions-updates group with 2 updates (#141) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.3...v4.32.4) Updates `aquasecurity/trivy-action` from 0.34.0 to 0.34.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.34.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates ... * chore: Bump the microsoft-packages group with 1 update (#145) Bumps Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... * chore: Bump JsonSchema.Net from 9.1.0 to 9.1.1 (#143) --- updated-dependencies: - dependency-name: JsonSchema.Net dependency-version: 9.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... * chore: Bump Swashbuckle.AspNetCore from 10.1.3 to 10.1.4 (#144) --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... * chore: Bump the testing-packages group with 1 update Bumps NUnit from 4.4.0 to 4.5.0 --- updated-dependencies: - dependency-name: NUnit dependency-version: 4.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: testing-packages ... --------- * Merge branch 'main' of https://github.com/tpximpact/OpenReferralApi into staging * Merge branch 'main' of https://github.com/tpximpact/OpenReferralApi into staging (#147) * Merge main into staging (#148) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- --------- * ci: bump the github-actions-updates group with 2 updates (#141) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.3...v4.32.4) Updates `aquasecurity/trivy-action` from 0.34.0 to 0.34.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.34.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates ... * chore: Bump the microsoft-packages group with 1 update (#145) Bumps Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... * chore: Bump JsonSchema.Net from 9.1.0 to 9.1.1 (#143) --- updated-dependencies: - dependency-name: JsonSchema.Net dependency-version: 9.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... * chore: Bump Swashbuckle.AspNetCore from 10.1.3 to 10.1.4 (#144) --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... --------- --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> From 546469093905a3030873cf878a2b3c4dc6ecd31e Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Fri, 27 Feb 2026 17:10:57 +0000 Subject: [PATCH 21/26] Only deploy on push (#155) * Remove workflow_run triggers and simplify deployment conditions in CI/CD pipeline * Refactor CI/CD workflows: remove Heroku deployment from deploy.yml and create separate deploy-to-production.yml and deploy-to-staging.yml * Remove conditional checks for push and pull_request events in CI jobs --- .github/workflows/ci.yml | 11 +- .github/workflows/deploy-to-production.yml | 78 +++++++++++ .github/workflows/deploy-to-staging.yml | 69 ++++++++++ .github/workflows/deploy.yml | 145 --------------------- 4 files changed, 150 insertions(+), 153 deletions(-) create mode 100644 .github/workflows/deploy-to-production.yml create mode 100644 .github/workflows/deploy-to-staging.yml delete mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fcc1384..301a695 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,8 +3,6 @@ name: CI/CD Pipeline on: pull_request: branches: [staging, main] - push: - branches: [staging, main] concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -131,7 +129,6 @@ jobs: name: Build & Push Docker Image to GHCR runs-on: ubuntu-latest needs: [build-and-test, codeql-analysis, security-scan-fs] - if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.base_ref == 'main') outputs: image_ref: ${{ steps.image_ref.outputs.image_ref }} @@ -196,8 +193,7 @@ jobs: name: Trivy Image Vulnerability Scan runs-on: ubuntu-latest needs: docker-build - if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.base_ref == 'main') - + steps: - name: Login to GitHub Container Registry uses: docker/login-action@v3.7.0 @@ -262,9 +258,8 @@ jobs: zap-scan: name: OWASP ZAP Baseline Scan runs-on: ubuntu-latest - needs: [docker-build, security-scan-image] - if: github.event_name == 'pull_request' && github.base_ref == 'main' - + needs: [docker-build] + steps: - name: Checkout code uses: actions/checkout@v6.0.2 diff --git a/.github/workflows/deploy-to-production.yml b/.github/workflows/deploy-to-production.yml new file mode 100644 index 0000000..da11f6e --- /dev/null +++ b/.github/workflows/deploy-to-production.yml @@ -0,0 +1,78 @@ +name: Deploy to Heroku (production) + +on: + push: + branches: [main] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + packages: read # To pull from GHCR + contents: write # To create GitHub releases + +jobs: + + deploy-production: + name: Deploy to Production + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v6.0.2 + + - name: Install Heroku CLI + run: curl https://cli-assets.heroku.com/install.sh | sh + + - name: Login to Heroku Container Registry + env: + HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} + run: heroku container:login + + - name: Ensure container stack (production) + env: + HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} + run: heroku stack:set container --app ${{ vars.HEROKU_PROD_APP }} + + - name: Prepare lowercase image name + id: lowercase + run: | + repo_owner="${{ github.repository_owner }}" + repo_name="${{ github.event.repository.name }}" + echo "repo_owner=$(echo "$repo_owner" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" + echo "repo_name=$(echo "$repo_name" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" + + - name: Pull tested image from GHCR & deploy to Heroku Production + env: + HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} + IMAGE_NAME: ghcr.io/${{ steps.lowercase.outputs.repo_owner }}/${{ steps.lowercase.outputs.repo_name }} + run: | + SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7) + echo "Deploying tested image: ${IMAGE_NAME}:sha-${SHORT_SHA} → ${{ vars.HEROKU_PROD_APP }}" + + # Login to GHCR + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin + + docker pull ${IMAGE_NAME}:sha-${SHORT_SHA} + + echo "Pushing to Heroku..." + docker tag ${IMAGE_NAME}:sha-${SHORT_SHA} registry.heroku.com/${{ vars.HEROKU_PROD_APP }}/web:latest + + heroku container:push web --app ${{ vars.HEROKU_PROD_APP }} + + echo "Releasing..." + heroku container:release web --app ${{ vars.HEROKU_PROD_APP }} + + echo "Health check..." + sleep 12 + curl --fail "${{ vars.HEALTH_ENDPOINT }}" || echo "⚠️ Health check failed – check Heroku logs" + + - name: Create GitHub Release + uses: softprops/action-gh-release@v2.5.0 + with: + tag_name: v${{ github.run_number }} + name: Release v${{ github.run_number }} + draft: false + prerelease: false + token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/deploy-to-staging.yml b/.github/workflows/deploy-to-staging.yml new file mode 100644 index 0000000..8489924 --- /dev/null +++ b/.github/workflows/deploy-to-staging.yml @@ -0,0 +1,69 @@ +name: Deploy to Heroku (staging) + +on: + push: + branches: [staging] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + packages: read # To pull from GHCR + contents: write # To create GitHub releases + +jobs: + deploy-staging: + name: Deploy to Staging + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v6.0.2 + + - name: Install Heroku CLI + run: curl https://cli-assets.heroku.com/install.sh | sh + + - name: Login to Heroku Container Registry + env: + HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} + run: heroku container:login + + - name: Ensure container stack (staging) + env: + HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} + run: heroku stack:set container --app ${{ vars.HEROKU_STAGING_APP }} + + - name: Prepare lowercase image name + id: lowercase + run: | + repo_owner="${{ github.repository_owner }}" + repo_name="${{ github.event.repository.name }}" + echo "repo_owner=$(echo "$repo_owner" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" + echo "repo_name=$(echo "$repo_name" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" + + - name: Pull tested image from GHCR & deploy to Heroku Staging + env: + HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} + IMAGE_NAME: ghcr.io/${{ steps.lowercase.outputs.repo_owner }}/${{ steps.lowercase.outputs.repo_name }} + run: | + SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7) + echo "Deploying tested image: ${IMAGE_NAME}:sha-${SHORT_SHA} → ${{ vars.HEROKU_STAGING_APP }}" + + # Login to GHCR + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin + + docker pull ${IMAGE_NAME}:sha-${SHORT_SHA} + + # Tag the image for Heroku + docker tag ${IMAGE_NAME}:sha-${SHORT_SHA} registry.heroku.com/${{ vars.HEROKU_STAGING_APP }}/web:latest + + echo "Pushing to Heroku..." + heroku container:push web --app ${{ vars.HEROKU_STAGING_APP }} + + echo "Releasing..." + heroku container:release web --app ${{ vars.HEROKU_STAGING_APP }} + + echo "Health check..." + sleep 12 + curl --fail "${{ vars.STAGING_HEALTH_ENDPOINT }}" || echo "⚠️ Health check failed – check Heroku logs" \ No newline at end of file diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index 260eb0e..0000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,145 +0,0 @@ -name: Deploy to Heroku - -on: - workflow_run: - workflows: ["CI/CD Pipeline"] - types: - - completed - branches: [staging, main] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -permissions: - packages: read # To pull from GHCR - contents: write # To create GitHub releases - -jobs: - deploy-staging: - name: Deploy to Staging - runs-on: ubuntu-latest - if: > - github.event.workflow_run.conclusion == 'success' && - github.event.workflow_run.event == 'push' && - github.event.workflow_run.actor.login != 'dependabot[bot]' && - github.event.workflow_run.head_branch == 'staging' - - steps: - - name: Checkout code - uses: actions/checkout@v6.0.2 - - - name: Install Heroku CLI - run: curl https://cli-assets.heroku.com/install.sh | sh - - - name: Login to Heroku Container Registry - env: - HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} - run: heroku container:login - - - name: Ensure container stack (staging) - env: - HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} - run: heroku stack:set container --app ${{ vars.HEROKU_STAGING_APP }} - - - name: Prepare lowercase image name - id: lowercase - run: | - repo_owner="${{ github.repository_owner }}" - repo_name="${{ github.event.repository.name }}" - echo "repo_owner=$(echo "$repo_owner" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" - echo "repo_name=$(echo "$repo_name" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" - - - name: Pull tested image from GHCR & deploy to Heroku Staging - env: - HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} - IMAGE_NAME: ghcr.io/${{ steps.lowercase.outputs.repo_owner }}/${{ steps.lowercase.outputs.repo_name }} - run: | - SHORT_SHA=$(echo ${{ github.event.workflow_run.head_sha }} | cut -c1-7) - echo "Deploying tested image: ${IMAGE_NAME}:sha-${SHORT_SHA} → ${{ vars.HEROKU_STAGING_APP }}" - - # Login to GHCR - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - docker pull ${IMAGE_NAME}:sha-${SHORT_SHA} - - # Tag the image for Heroku - docker tag ${IMAGE_NAME}:sha-${SHORT_SHA} registry.heroku.com/${{ vars.HEROKU_STAGING_APP }}/web:latest - - echo "Pushing to Heroku..." - heroku container:push web --app ${{ vars.HEROKU_STAGING_APP }} - - echo "Releasing..." - heroku container:release web --app ${{ vars.HEROKU_STAGING_APP }} - - echo "Health check..." - sleep 12 - curl --fail "${{ vars.STAGING_HEALTH_ENDPOINT }}" || echo "⚠️ Health check failed – check Heroku logs" - - deploy-production: - name: Deploy to Production - runs-on: ubuntu-latest - if: > - github.event.workflow_run.conclusion == 'success' && - github.event.workflow_run.event == 'push' && - github.event.workflow_run.actor.login != 'dependabot[bot]' && - github.event.workflow_run.head_branch == 'main' - - steps: - - name: Checkout code - uses: actions/checkout@v6.0.2 - - - name: Install Heroku CLI - run: curl https://cli-assets.heroku.com/install.sh | sh - - - name: Login to Heroku Container Registry - env: - HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} - run: heroku container:login - - - name: Ensure container stack (production) - env: - HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} - run: heroku stack:set container --app ${{ vars.HEROKU_PROD_APP }} - - - name: Prepare lowercase image name - id: lowercase - run: | - repo_owner="${{ github.repository_owner }}" - repo_name="${{ github.event.repository.name }}" - echo "repo_owner=$(echo "$repo_owner" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" - echo "repo_name=$(echo "$repo_name" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" - - - name: Pull tested image from GHCR & deploy to Heroku Production - env: - HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} - IMAGE_NAME: ghcr.io/${{ steps.lowercase.outputs.repo_owner }}/${{ steps.lowercase.outputs.repo_name }} - run: | - SHORT_SHA=$(echo ${{ github.event.workflow_run.head_sha }} | cut -c1-7) - echo "Deploying tested image: ${IMAGE_NAME}:sha-${SHORT_SHA} → ${{ vars.HEROKU_PROD_APP }}" - - # Login to GHCR - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - docker pull ${IMAGE_NAME}:sha-${SHORT_SHA} - - echo "Pushing to Heroku..." - docker tag ${IMAGE_NAME}:sha-${SHORT_SHA} registry.heroku.com/${{ vars.HEROKU_PROD_APP }}/web:latest - - heroku container:push web --app ${{ vars.HEROKU_PROD_APP }} - - echo "Releasing..." - heroku container:release web --app ${{ vars.HEROKU_PROD_APP }} - - echo "Health check..." - sleep 12 - curl --fail "${{ vars.HEALTH_ENDPOINT }}" || echo "⚠️ Health check failed – check Heroku logs" - - - name: Create GitHub Release - uses: softprops/action-gh-release@v2.5.0 - with: - tag_name: v${{ github.event.workflow_run.run_number }} - name: Release v${{ github.event.workflow_run.run_number }} - draft: false - prerelease: false - token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From 4a50620f8cd26e5d074fc9d65797f6095ad59d73 Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Sat, 28 Feb 2026 14:11:04 +0000 Subject: [PATCH 22/26] =?UTF-8?q?Refactor=20CI/CD=20workflows:=20consolida?= =?UTF-8?q?te=20into=20unified=20pipeline,=20remove=20o=E2=80=A6=20(#157)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Staging into main (#154) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Feature/report additional fields (#140) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add support for reporting additional fields in JSON validation * feat: add option to report additional fields in OpenAPI validation * feat: flatten resolved allOf properties to enhance composite field discovery --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#142) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: bump the github-actions-updates group with 2 updates (#141) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.3...v4.32.4) Updates `aquasecurity/trivy-action` from 0.34.0 to 0.34.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.34.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the microsoft-packages group with 1 update (#145) Bumps Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump JsonSchema.Net from 9.1.0 to 9.1.1 (#143) --- updated-dependencies: - dependency-name: JsonSchema.Net dependency-version: 9.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Swashbuckle.AspNetCore from 10.1.3 to 10.1.4 (#144) --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update Bumps NUnit from 4.4.0 to 4.5.0 --- updated-dependencies: - dependency-name: NUnit dependency-version: 4.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: testing-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge branch 'main' of https://github.com/tpximpact/OpenReferralApi into staging * Merge branch 'main' of https://github.com/tpximpact/OpenReferralApi into staging (#147) * Merge main into staging (#148) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: bump the github-actions-updates group with 2 updates (#141) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.3...v4.32.4) Updates `aquasecurity/trivy-action` from 0.34.0 to 0.34.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.34.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the microsoft-packages group with 1 update (#145) Bumps Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump JsonSchema.Net from 9.1.0 to 9.1.1 (#143) --- updated-dependencies: - dependency-name: JsonSchema.Net dependency-version: 9.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Swashbuckle.AspNetCore from 10.1.3 to 10.1.4 (#144) --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add steps to prepare lowercase Docker image names for CI/CD workflows (#151) * Staging (#150) (#153) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- * Feature/report additional fields (#140) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- --------- * feat: add support for reporting additional fields in JSON validation * feat: add option to report additional fields in OpenAPI validation * feat: flatten resolved allOf properties to enhance composite field discovery --------- * chore: Bump the testing-packages group with 1 update (#142) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * … * Refactor CI/CD workflows: consolidate into unified pipeline, remove obsolete files, and enhance deployment steps * Enhance Trivy image scan step: explicitly set SHA prefix and ensure SARIF upload occurs regardless of previous steps * Update deployment job dependencies: include docker-build in staging and production workflows * Add checkout step and improve image pull logging in CI workflow * Enhance Docker build step: record image reference with digest, add verification step, and implement retry logic for image pull * Refactor CI workflow: change CodeQL build mode to autobuild and enhance ZAP scan step with dynamic report handling * Update CodeQL build mode to 'none' and add explicit build step for analysis * Add permission change for ZAP scan report directory --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 273 ++++++++++----------- .github/workflows/codeql.yml | 44 ---- .github/workflows/deploy-to-production.yml | 78 ------ .github/workflows/deploy-to-staging.yml | 69 ------ .github/workflows/dotnet.yml | 36 --- .github/workflows/trivy.yml | 35 --- Dockerfile | 14 +- 7 files changed, 136 insertions(+), 413 deletions(-) delete mode 100644 .github/workflows/codeql.yml delete mode 100644 .github/workflows/deploy-to-production.yml delete mode 100644 .github/workflows/deploy-to-staging.yml delete mode 100644 .github/workflows/dotnet.yml delete mode 100644 .github/workflows/trivy.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 301a695..6abb0db 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,8 +1,10 @@ -name: CI/CD Pipeline +name: Unified CI/CD & Deployment on: pull_request: branches: [staging, main] + push: + branches: [staging, main] concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -15,21 +17,21 @@ env: TRIVY_DOCKER_IMAGE: "aquasec/trivy:0.69.1" permissions: - contents: read - packages: write # for pushing to GHCR - security-events: write # for Trivy SARIF upload + contents: write + packages: write + security-events: write actions: read jobs: + # --- JOB 1: BUILD AND TEST --- build-and-test: name: Build and Test (.NET) runs-on: ubuntu-latest - steps: - name: Checkout code uses: actions/checkout@v6.0.2 - - name: Setup .NET ${{ env.DOTNET_VERSION }} + - name: Setup .NET uses: actions/setup-dotnet@v5.1.0 with: dotnet-version: ${{ env.DOTNET_VERSION }} @@ -41,13 +43,12 @@ jobs: key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/*.props', '**/*.targets') }} restore-keys: ${{ runner.os }}-nuget- - - name: Restore dependencies - run: dotnet restore - - - name: Build solution (Release) - run: dotnet build --configuration Release --no-restore + - name: Restore & Build + run: | + dotnet restore + dotnet build --configuration Release --no-restore - - name: Run unit / integration tests + - name: Run Tests run: dotnet test --configuration Release --no-build --verbosity normal --collect:"XPlat Code Coverage" --results-directory ./coverage - name: Upload coverage to Codecov @@ -64,53 +65,47 @@ jobs: path: ./coverage retention-days: 14 + # --- JOB 2: CODEQL --- codeql-analysis: name: CodeQL Security Analysis (C#) runs-on: ubuntu-latest needs: build-and-test permissions: security-events: write + actions: read contents: read - packages: read - strategy: fail-fast: false matrix: language: ['csharp'] - steps: - name: Checkout code uses: actions/checkout@v6.0.2 - - - name: Setup .NET ${{ env.DOTNET_VERSION }} + - name: Setup .NET uses: actions/setup-dotnet@v5.1.0 with: dotnet-version: ${{ env.DOTNET_VERSION }} - - name: Initialize CodeQL uses: github/codeql-action/init@v4.32.4 with: languages: ${{ matrix.language }} - build-mode: manual - - - name: Build solution for CodeQL + build-mode: none + - name: Build for CodeQL run: | dotnet restore OpenReferralApi.sln dotnet build OpenReferralApi.sln --configuration Release --no-restore --verbosity normal - - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4.32.4 + # --- JOB 3: TRIVY FS --- security-scan-fs: name: Trivy Filesystem Scan runs-on: ubuntu-latest needs: build-and-test - steps: - name: Checkout code uses: actions/checkout@v6.0.2 - - - name: Run Trivy (filesystem) + - name: Run Trivy (fs) uses: aquasecurity/trivy-action@0.34.1 with: scan-type: 'fs' @@ -118,67 +113,45 @@ jobs: format: 'sarif' output: 'trivy-fs-results.sarif' severity: 'CRITICAL,HIGH,MEDIUM,UNKNOWN' - - name: Upload Trivy FS SARIF uses: github/codeql-action/upload-sarif@v4.32.4 if: always() with: sarif_file: trivy-fs-results.sarif + # --- JOB 4: DOCKER BUILD & PUSH --- docker-build: name: Build & Push Docker Image to GHCR runs-on: ubuntu-latest - needs: [build-and-test, codeql-analysis, security-scan-fs] + needs: [codeql-analysis, security-scan-fs] outputs: image_ref: ${{ steps.image_ref.outputs.image_ref }} - steps: - name: Checkout code uses: actions/checkout@v6.0.2 - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3.12.0 - - - name: Login to GitHub Container Registry + - name: Login to GHCR uses: docker/login-action@v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Prepare lowercase image name id: lowercase run: | - repo_owner="${{ github.repository_owner }}" - repo_name="${{ github.event.repository.name }}" - echo "repo_owner=$(echo "$repo_owner" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" - echo "repo_name=$(echo "$repo_name" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" - + echo "repo_owner=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" + echo "repo_name=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" - name: Extract Docker metadata & tags id: meta uses: docker/metadata-action@v5.10.0 with: images: ghcr.io/${{ steps.lowercase.outputs.repo_owner }}/${{ steps.lowercase.outputs.repo_name }} tags: | - type=sha,format=short - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - - - name: Record image reference - id: image_ref - run: | - tags_raw="${{ steps.meta.outputs.tags }}" - image_ref=$(echo "$tags_raw" | tr ',' '\n' | grep ':sha-' | head -n 1) - - if [ -z "$image_ref" ]; then - image_ref="ghcr.io/${{ steps.lowercase.outputs.repo_owner }}/${{ steps.lowercase.outputs.repo_name }}:sha-${{ github.sha }}" - fi - - echo "image_ref=$image_ref" >> "$GITHUB_OUTPUT" - - - name: Build and push Docker image + # Explicitly use the same SHA as your manual Record step + type=sha,format=short,prefix=sha-,value=${{ github.event.pull_request.head.sha || github.sha }} + - name: Build and push + id: build uses: docker/build-push-action@v6.19.2 with: context: . @@ -188,21 +161,35 @@ jobs: labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max + - name: Record image reference with digest + id: image_ref + run: | + IMAGE_NAME="ghcr.io/${{ steps.lowercase.outputs.repo_owner }}/${{ steps.lowercase.outputs.repo_name }}" + DIGEST="${{ steps.build.outputs.digest }}" + echo "image_ref=${IMAGE_NAME}@${DIGEST}" >> "$GITHUB_OUTPUT" + echo "Image reference: ${IMAGE_NAME}@${DIGEST}" + - name: Verify image push + run: | + echo "Verifying image: ${{ steps.image_ref.outputs.image_ref }}" + docker pull ${{ steps.image_ref.outputs.image_ref }} + echo "✓ Image successfully pushed and pulled" + # --- JOB 5: TRIVY IMAGE SCAN --- security-scan-image: name: Trivy Image Vulnerability Scan runs-on: ubuntu-latest needs: docker-build - steps: - - name: Login to GitHub Container Registry + - name: Checkout code + uses: actions/checkout@v6.0.2 + - name: Login to GHCR uses: docker/login-action@v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - - name: Run Trivy on built image + - name: Run Trivy (image) + id: trivy_scan uses: aquasecurity/trivy-action@0.34.1 continue-on-error: true with: @@ -211,121 +198,119 @@ jobs: output: 'trivy-image-results.sarif' severity: 'CRITICAL,HIGH,MEDIUM,UNKNOWN' - - name: Diagnose missing Trivy SARIF - if: always() - run: | - if [ -f trivy-image-results.sarif ]; then - echo "Trivy SARIF present. No diagnostic scan needed." - exit 0 - fi - - echo "Trivy SARIF missing. Running diagnostic scan with debug output." - docker pull ${{ needs.docker-build.outputs.image_ref }} - - docker run --rm ${{ env.TRIVY_DOCKER_IMAGE }} \ - image \ - --debug \ - --exit-code 0 \ - --format sarif \ - --output trivy-image-results.sarif \ - --severity CRITICAL,HIGH,MEDIUM,UNKNOWN \ - ${{ needs.docker-build.outputs.image_ref }} || true - - docker run --rm ${{ env.TRIVY_DOCKER_IMAGE }} \ - image \ - --debug \ - --exit-code 0 \ - --format table \ - --severity CRITICAL,HIGH,MEDIUM,UNKNOWN \ - ${{ needs.docker-build.outputs.image_ref }} || true - - - name: Check Trivy SARIF exists - id: trivy_sarif - if: always() - run: | - if [ -f trivy-image-results.sarif ]; then - echo "present=true" >> "$GITHUB_OUTPUT" - else - echo "present=false" >> "$GITHUB_OUTPUT" - fi - - name: Upload Trivy Image SARIF uses: github/codeql-action/upload-sarif@v4.32.4 - if: steps.trivy_sarif.outputs.present == 'true' + if: always() && hashFiles('trivy-image-results.sarif') != '' with: sarif_file: trivy-image-results.sarif + # --- JOB 6: ZAP SCAN --- zap-scan: name: OWASP ZAP Baseline Scan runs-on: ubuntu-latest - needs: [docker-build] - + needs: docker-build steps: - name: Checkout code uses: actions/checkout@v6.0.2 - - - name: Log in to GitHub Container Registry & pull image + - name: Login to GHCR uses: docker/login-action@v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - - name: Pull Docker image - run: docker pull ${{ needs.docker-build.outputs.image_ref }} - - - name: Create Docker network - run: docker network create zap-test-network - - - name: Start application container + - name: Pull & Run Container + run: | + echo "Pulling image: ${{ needs.docker-build.outputs.image_ref }}" + # Retry logic for docker pull + for i in {1..3}; do + if docker pull ${{ needs.docker-build.outputs.image_ref }}; then + echo "✓ Image pulled successfully" + break + fi + if [ $i -eq 3 ]; then + echo "✗ Failed to pull image after 3 attempts" + echo "Checking if image exists in registry..." + docker manifest inspect ${{ needs.docker-build.outputs.image_ref }} || echo "Image not found in registry" + exit 1 + fi + echo "Retry $i/3 - waiting 5 seconds..." + sleep 5 + done + docker network create zap-network + docker run -d --name app --network zap-network -p 8080:80 ${{ needs.docker-build.outputs.image_ref }} + - name: Wait for Application Ready run: | - docker run -d --name test-app \ - --network zap-test-network \ - -p 8080:80 \ - ${{ needs.docker-build.outputs.image_ref }} - - # Wait for application to be ready - echo "Waiting for application to start..." for i in {1..30}; do if curl -f http://localhost:8080/health-check/live > /dev/null 2>&1; then - echo "✓ Application health check passed (/health-check/live)" + echo "✓ Application health check passed" break fi if [ $i -eq 30 ]; then - echo "✗ Application failed to become ready after 60 seconds" - echo "Final container logs:" - docker logs test-app + echo "✗ Application failed to start" + docker logs app exit 1 fi - echo "Waiting for application... ($i/30)" + echo "Waiting for app... ($i/30)" sleep 2 done - - - name: Run OWASP ZAP Baseline Scan + - name: Run ZAP Scan run: | - docker run --rm \ - --network zap-test-network \ - -v ${{ github.workspace }}/zap-reports:/zap/wrk/:rw \ - ghcr.io/zaproxy/zaproxy:stable \ - zap-baseline.py \ - -t http://test-app:80 \ - -J report_json.json \ - -w report_md.md \ - -r report_html.html \ - -I || echo "ZAP scan completed with findings" - continue-on-error: true - + mkdir -p ${{ github.workspace }}/zap-reports + chmod 777 ${{ github.workspace }}/zap-reports + docker run --rm --network zap-network -v ${{ github.workspace }}/zap-reports:/zap/wrk/:rw ghcr.io/zaproxy/zaproxy:stable zap-baseline.py -t http://app:80 -J report_json.json -I || true - name: Upload ZAP results - if: always() + if: always() && hashFiles('zap-reports/*') != '' uses: actions/upload-artifact@v6.0.0 with: name: zap-scan-results path: zap-reports/ - if-no-files-found: warn - - name: Stop application container - if: always() + # --- JOB 7: DEPLOY STAGING --- + deploy-staging: + name: Deploy to Staging + needs: [docker-build, security-scan-image, zap-scan] + if: github.event_name == 'push' && github.ref == 'refs/heads/staging' + runs-on: ubuntu-latest + steps: + - name: Deploy to Heroku + env: + HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} + IMAGE_TAG: ${{ needs.docker-build.outputs.image_ref }} run: | - docker stop test-app || true - docker rm test-app || true - docker network rm zap-test-network || true \ No newline at end of file + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin + docker pull $IMAGE_TAG + heroku container:login + docker tag $IMAGE_TAG registry.heroku.com/${{ vars.HEROKU_STAGING_APP }}/web:latest + heroku container:push web --app ${{ vars.HEROKU_STAGING_APP }} + heroku container:release web --app ${{ vars.HEROKU_STAGING_APP }} + sleep 12 + curl --fail "${{ vars.STAGING_HEALTH_ENDPOINT }}" || echo "⚠️ Staging health check failed" + + # --- JOB 8: DEPLOY PRODUCTION --- + deploy-production: + name: Deploy to Production + needs: [docker-build, security-scan-image, zap-scan] + if: github.event_name == 'push' && github.ref == 'refs/heads/main' + runs-on: ubuntu-latest + steps: + - name: Deploy to Heroku + env: + HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} + IMAGE_TAG: ${{ needs.docker-build.outputs.image_ref }} + run: | + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin + docker pull $IMAGE_TAG + heroku container:login + docker tag $IMAGE_TAG registry.heroku.com/${{ vars.HEROKU_PROD_APP }}/web:latest + heroku container:push web --app ${{ vars.HEROKU_PROD_APP }} + heroku container:release web --app ${{ vars.HEROKU_PROD_APP }} + sleep 12 + curl --fail "${{ vars.HEALTH_ENDPOINT }}" || echo "⚠️ Production health check failed" + - name: Create Release + uses: softprops/action-gh-release@v2.5.0 + with: + tag_name: v${{ github.run_number }} + name: Release v${{ github.run_number }} + draft: false + prerelease: false + token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 7298808..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: "CodeQL Analysis" - -on: - push: - branches: [ "main", "staging" ] - pull_request: - branches: [ "main", "staging" ] - -jobs: - analyze: - name: Analyze C# - runs-on: ubuntu-latest # Use windows-latest if you have specific .NET Framework (non-Core) needs - permissions: - actions: read - contents: read - security-events: write - - steps: - - name: Checkout repository - uses: actions/checkout@v6.0.2 - - # 1. Install the .NET SDK - - name: Setup .NET - uses: actions/setup-dotnet@v5.1.0 - with: - dotnet-version: '10.0.x' # Update to your specific version (e.g., 6.0, 9.0) - - # 2. Initialize CodeQL - - name: Initialize CodeQL - uses: github/codeql-action/init@v4.32.4 - with: - languages: csharp - queries: security-and-quality - - # 3. Manual Build (Recommended for C#) - # This is more reliable than Autobuild for complex solutions - - name: Restore and Build - run: | - dotnet restore - dotnet build --no-restore --configuration Release - - # 4. Perform Analysis - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4.32.4 \ No newline at end of file diff --git a/.github/workflows/deploy-to-production.yml b/.github/workflows/deploy-to-production.yml deleted file mode 100644 index da11f6e..0000000 --- a/.github/workflows/deploy-to-production.yml +++ /dev/null @@ -1,78 +0,0 @@ -name: Deploy to Heroku (production) - -on: - push: - branches: [main] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -permissions: - packages: read # To pull from GHCR - contents: write # To create GitHub releases - -jobs: - - deploy-production: - name: Deploy to Production - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v6.0.2 - - - name: Install Heroku CLI - run: curl https://cli-assets.heroku.com/install.sh | sh - - - name: Login to Heroku Container Registry - env: - HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} - run: heroku container:login - - - name: Ensure container stack (production) - env: - HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} - run: heroku stack:set container --app ${{ vars.HEROKU_PROD_APP }} - - - name: Prepare lowercase image name - id: lowercase - run: | - repo_owner="${{ github.repository_owner }}" - repo_name="${{ github.event.repository.name }}" - echo "repo_owner=$(echo "$repo_owner" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" - echo "repo_name=$(echo "$repo_name" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" - - - name: Pull tested image from GHCR & deploy to Heroku Production - env: - HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} - IMAGE_NAME: ghcr.io/${{ steps.lowercase.outputs.repo_owner }}/${{ steps.lowercase.outputs.repo_name }} - run: | - SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7) - echo "Deploying tested image: ${IMAGE_NAME}:sha-${SHORT_SHA} → ${{ vars.HEROKU_PROD_APP }}" - - # Login to GHCR - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - docker pull ${IMAGE_NAME}:sha-${SHORT_SHA} - - echo "Pushing to Heroku..." - docker tag ${IMAGE_NAME}:sha-${SHORT_SHA} registry.heroku.com/${{ vars.HEROKU_PROD_APP }}/web:latest - - heroku container:push web --app ${{ vars.HEROKU_PROD_APP }} - - echo "Releasing..." - heroku container:release web --app ${{ vars.HEROKU_PROD_APP }} - - echo "Health check..." - sleep 12 - curl --fail "${{ vars.HEALTH_ENDPOINT }}" || echo "⚠️ Health check failed – check Heroku logs" - - - name: Create GitHub Release - uses: softprops/action-gh-release@v2.5.0 - with: - tag_name: v${{ github.run_number }} - name: Release v${{ github.run_number }} - draft: false - prerelease: false - token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/deploy-to-staging.yml b/.github/workflows/deploy-to-staging.yml deleted file mode 100644 index 8489924..0000000 --- a/.github/workflows/deploy-to-staging.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: Deploy to Heroku (staging) - -on: - push: - branches: [staging] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -permissions: - packages: read # To pull from GHCR - contents: write # To create GitHub releases - -jobs: - deploy-staging: - name: Deploy to Staging - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v6.0.2 - - - name: Install Heroku CLI - run: curl https://cli-assets.heroku.com/install.sh | sh - - - name: Login to Heroku Container Registry - env: - HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} - run: heroku container:login - - - name: Ensure container stack (staging) - env: - HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} - run: heroku stack:set container --app ${{ vars.HEROKU_STAGING_APP }} - - - name: Prepare lowercase image name - id: lowercase - run: | - repo_owner="${{ github.repository_owner }}" - repo_name="${{ github.event.repository.name }}" - echo "repo_owner=$(echo "$repo_owner" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" - echo "repo_name=$(echo "$repo_name" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" - - - name: Pull tested image from GHCR & deploy to Heroku Staging - env: - HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} - IMAGE_NAME: ghcr.io/${{ steps.lowercase.outputs.repo_owner }}/${{ steps.lowercase.outputs.repo_name }} - run: | - SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7) - echo "Deploying tested image: ${IMAGE_NAME}:sha-${SHORT_SHA} → ${{ vars.HEROKU_STAGING_APP }}" - - # Login to GHCR - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - docker pull ${IMAGE_NAME}:sha-${SHORT_SHA} - - # Tag the image for Heroku - docker tag ${IMAGE_NAME}:sha-${SHORT_SHA} registry.heroku.com/${{ vars.HEROKU_STAGING_APP }}/web:latest - - echo "Pushing to Heroku..." - heroku container:push web --app ${{ vars.HEROKU_STAGING_APP }} - - echo "Releasing..." - heroku container:release web --app ${{ vars.HEROKU_STAGING_APP }} - - echo "Health check..." - sleep 12 - curl --fail "${{ vars.STAGING_HEALTH_ENDPOINT }}" || echo "⚠️ Health check failed – check Heroku logs" \ No newline at end of file diff --git a/.github/workflows/dotnet.yml b/.github/workflows/dotnet.yml deleted file mode 100644 index 25d560f..0000000 --- a/.github/workflows/dotnet.yml +++ /dev/null @@ -1,36 +0,0 @@ -# This workflow will build a .NET project -# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-net - -name: Build - -on: - push: - branches: ["main"] - pull_request: - branches: ["main"] - workflow_dispatch: - -env: - DOTNET_VERSION: "10.0.x" - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v6.0.2 - - - name: Setup .NET - uses: actions/setup-dotnet@v5.1.0 - with: - dotnet-version: ${{ env.DOTNET_VERSION }} - - - name: Restore dependencies - run: dotnet restore - - - name: Build solution - run: dotnet build --configuration Release --no-restore - - - name: Run tests - run: dotnet test --configuration Release --no-build --verbosity normal diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml deleted file mode 100644 index bbf8df3..0000000 --- a/.github/workflows/trivy.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: "Trivy Security Scan" - -on: - push: - branches: [ "main", "staging" ] - pull_request: - branches: [ "main", "staging" ] - -jobs: - scan: - name: Security Scan - runs-on: ubuntu-latest - permissions: - contents: read - security-events: write # Required to upload results to the Security tab - - steps: - - name: Checkout code - uses: actions/checkout@v6.0.2 - - - name: Run Trivy vulnerability scanner (Config & Dependency) - uses: aquasecurity/trivy-action@0.34.1 # Use the latest version - with: - scan-type: 'fs' # Scans the file system - scan-ref: '.' - format: 'sarif' - output: 'trivy-results.sarif' - severity: 'CRITICAL,HIGH' # Only fail on serious issues - # Trivy will ignore these checks if you have a .trivyignore file - - - name: Upload Trivy scan results to GitHub Security - uses: github/codeql-action/upload-sarif@v4.32.4 - if: always() # Upload results even if vulnerabilities are found - with: - sarif_file: 'trivy-results.sarif' \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index c3b16a2..b582f33 100644 --- a/Dockerfile +++ b/Dockerfile @@ -68,6 +68,10 @@ COPY --from=publish /app/publish . # Copy mocks (schemas are included in publish output if needed) COPY --from=publish /src/OpenReferralApi/Mocks ./Mocks +# Create startup script for proper signal handling with dynamic PORT +RUN echo '#!/bin/sh\nexport ASPNETCORE_URLS="http://*:${PORT:-80}"\nexec dotnet OpenReferralApi.dll "$@"' > /app/start.sh && \ + chmod +x /app/start.sh + # Set ownership to non-root user RUN chown -R appuser:appuser /app @@ -77,10 +81,6 @@ USER appuser # Health check HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 CMD curl -f http://localhost:${PORT:-80}/health-check/live || exit 1 -# Run the application -# Note: Using shell form (not JSON array) to allow runtime $PORT variable expansion for Heroku. -# This triggers a linter warning about signal handling, but is necessary for dynamic port binding. -CMD ASPNETCORE_URLS=http://*:$PORT dotnet OpenReferralApi.dll - -# For local development use ENTRYPOINT & comment out CMD line -# ENTRYPOINT ["dotnet", "OpenReferralApi.dll"] +# Use JSON exec form for proper signal handling +# The startup script ensures signals are propagated correctly and handles Heroku's dynamic $PORT +ENTRYPOINT ["/app/start.sh"] From e75900f3472803e875ae6fa64323736dd415c9d4 Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Sat, 28 Feb 2026 14:45:13 +0000 Subject: [PATCH 23/26] Unified ci cd workflow (#159) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Staging into main (#154) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Feature/report additional fields (#140) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add support for reporting additional fields in JSON validation * feat: add option to report additional fields in OpenAPI validation * feat: flatten resolved allOf properties to enhance composite field discovery --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#142) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: bump the github-actions-updates group with 2 updates (#141) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.3...v4.32.4) Updates `aquasecurity/trivy-action` from 0.34.0 to 0.34.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.34.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the microsoft-packages group with 1 update (#145) Bumps Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump JsonSchema.Net from 9.1.0 to 9.1.1 (#143) --- updated-dependencies: - dependency-name: JsonSchema.Net dependency-version: 9.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Swashbuckle.AspNetCore from 10.1.3 to 10.1.4 (#144) --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update Bumps NUnit from 4.4.0 to 4.5.0 --- updated-dependencies: - dependency-name: NUnit dependency-version: 4.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: testing-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge branch 'main' of https://github.com/tpximpact/OpenReferralApi into staging * Merge branch 'main' of https://github.com/tpximpact/OpenReferralApi into staging (#147) * Merge main into staging (#148) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: bump the github-actions-updates group with 2 updates (#141) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.3...v4.32.4) Updates `aquasecurity/trivy-action` from 0.34.0 to 0.34.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.34.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the microsoft-packages group with 1 update (#145) Bumps Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump JsonSchema.Net from 9.1.0 to 9.1.1 (#143) --- updated-dependencies: - dependency-name: JsonSchema.Net dependency-version: 9.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Swashbuckle.AspNetCore from 10.1.3 to 10.1.4 (#144) --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add steps to prepare lowercase Docker image names for CI/CD workflows (#151) * Staging (#150) (#153) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- * Feature/report additional fields (#140) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- --------- * feat: add support for reporting additional fields in JSON validation * feat: add option to report additional fields in OpenAPI validation * feat: flatten resolved allOf properties to enhance composite field discovery --------- * chore: Bump the testing-packages group with 1 update (#142) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * … * Refactor CI/CD workflows: consolidate into unified pipeline, remove obsolete files, and enhance deployment steps * Enhance Trivy image scan step: explicitly set SHA prefix and ensure SARIF upload occurs regardless of previous steps * Update deployment job dependencies: include docker-build in staging and production workflows * Add checkout step and improve image pull logging in CI workflow * Enhance Docker build step: record image reference with digest, add verification step, and implement retry logic for image pull * Refactor CI workflow: change CodeQL build mode to autobuild and enhance ZAP scan step with dynamic report handling * Update CodeQL build mode to 'none' and add explicit build step for analysis * Add permission change for ZAP scan report directory * Add Heroku CLI installation step and set stack for staging and production deployments --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6abb0db..545ba56 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -272,6 +272,8 @@ jobs: if: github.event_name == 'push' && github.ref == 'refs/heads/staging' runs-on: ubuntu-latest steps: + - name: Install Heroku CLI + run: curl https://cli-assets.heroku.com/install.sh | sh - name: Deploy to Heroku env: HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} @@ -280,6 +282,7 @@ jobs: echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin docker pull $IMAGE_TAG heroku container:login + heroku stack:set container --app ${{ vars.HEROKU_STAGING_APP }} docker tag $IMAGE_TAG registry.heroku.com/${{ vars.HEROKU_STAGING_APP }}/web:latest heroku container:push web --app ${{ vars.HEROKU_STAGING_APP }} heroku container:release web --app ${{ vars.HEROKU_STAGING_APP }} @@ -293,6 +296,8 @@ jobs: if: github.event_name == 'push' && github.ref == 'refs/heads/main' runs-on: ubuntu-latest steps: + - name: Install Heroku CLI + run: curl https://cli-assets.heroku.com/install.sh | sh - name: Deploy to Heroku env: HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} @@ -301,6 +306,7 @@ jobs: echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin docker pull $IMAGE_TAG heroku container:login + heroku stack:set container --app ${{ vars.HEROKU_PROD_APP }} docker tag $IMAGE_TAG registry.heroku.com/${{ vars.HEROKU_PROD_APP }}/web:latest heroku container:push web --app ${{ vars.HEROKU_PROD_APP }} heroku container:release web --app ${{ vars.HEROKU_PROD_APP }} From a7ce77f2d156c51a9d11360a1d74381f53a69157 Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Sat, 28 Feb 2026 16:30:30 +0000 Subject: [PATCH 24/26] Unified ci cd workflow (#160) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Staging into main (#154) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Feature/report additional fields (#140) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add support for reporting additional fields in JSON validation * feat: add option to report additional fields in OpenAPI validation * feat: flatten resolved allOf properties to enhance composite field discovery --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#142) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: bump the github-actions-updates group with 2 updates (#141) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.3...v4.32.4) Updates `aquasecurity/trivy-action` from 0.34.0 to 0.34.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.34.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the microsoft-packages group with 1 update (#145) Bumps Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump JsonSchema.Net from 9.1.0 to 9.1.1 (#143) --- updated-dependencies: - dependency-name: JsonSchema.Net dependency-version: 9.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Swashbuckle.AspNetCore from 10.1.3 to 10.1.4 (#144) --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update Bumps NUnit from 4.4.0 to 4.5.0 --- updated-dependencies: - dependency-name: NUnit dependency-version: 4.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: testing-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge branch 'main' of https://github.com/tpximpact/OpenReferralApi into staging * Merge branch 'main' of https://github.com/tpximpact/OpenReferralApi into staging (#147) * Merge main into staging (#148) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] Co-authored-by: Jeff Cumpsty Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: bump the github-actions-updates group with 2 updates (#141) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.3...v4.32.4) Updates `aquasecurity/trivy-action` from 0.34.0 to 0.34.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.34.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the microsoft-packages group with 1 update (#145) Bumps Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump JsonSchema.Net from 9.1.0 to 9.1.1 (#143) --- updated-dependencies: - dependency-name: JsonSchema.Net dependency-version: 9.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Swashbuckle.AspNetCore from 10.1.3 to 10.1.4 (#144) --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add steps to prepare lowercase Docker image names for CI/CD workflows (#151) * Staging (#150) (#153) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- * Feature/report additional fields (#140) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- --------- * feat: add support for reporting additional fields in JSON validation * feat: add option to report additional fields in OpenAPI validation * feat: flatten resolved allOf properties to enhance composite field discovery --------- * chore: Bump the testing-packages group with 1 update (#142) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * … * Refactor CI/CD workflows: consolidate into unified pipeline, remove obsolete files, and enhance deployment steps * Enhance Trivy image scan step: explicitly set SHA prefix and ensure SARIF upload occurs regardless of previous steps * Update deployment job dependencies: include docker-build in staging and production workflows * Add checkout step and improve image pull logging in CI workflow * Enhance Docker build step: record image reference with digest, add verification step, and implement retry logic for image pull * Refactor CI workflow: change CodeQL build mode to autobuild and enhance ZAP scan step with dynamic report handling * Update CodeQL build mode to 'none' and add explicit build step for analysis * Add permission change for ZAP scan report directory * Add Heroku CLI installation step and set stack for staging and production deployments --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 545ba56..4c3bf11 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -284,7 +284,7 @@ jobs: heroku container:login heroku stack:set container --app ${{ vars.HEROKU_STAGING_APP }} docker tag $IMAGE_TAG registry.heroku.com/${{ vars.HEROKU_STAGING_APP }}/web:latest - heroku container:push web --app ${{ vars.HEROKU_STAGING_APP }} + docker push registry.heroku.com/${{ vars.HEROKU_STAGING_APP }}/web:latest heroku container:release web --app ${{ vars.HEROKU_STAGING_APP }} sleep 12 curl --fail "${{ vars.STAGING_HEALTH_ENDPOINT }}" || echo "⚠️ Staging health check failed" @@ -308,7 +308,7 @@ jobs: heroku container:login heroku stack:set container --app ${{ vars.HEROKU_PROD_APP }} docker tag $IMAGE_TAG registry.heroku.com/${{ vars.HEROKU_PROD_APP }}/web:latest - heroku container:push web --app ${{ vars.HEROKU_PROD_APP }} + docker push registry.heroku.com/${{ vars.HEROKU_PROD_APP }}/web:latest heroku container:release web --app ${{ vars.HEROKU_PROD_APP }} sleep 12 curl --fail "${{ vars.HEALTH_ENDPOINT }}" || echo "⚠️ Production health check failed" From e95c81153deed4bdf587f4bde16103efdfb182ed Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Sat, 28 Feb 2026 17:17:56 +0000 Subject: [PATCH 25/26] Staging into main (#154) (#162) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- * Feature/report additional fields (#140) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- --------- * feat: add support for reporting additional fields in JSON validation * feat: add option to report additional fields in OpenAPI validation * feat: flatten resolved allOf properties to enhance composite field discovery --------- * chore: Bump the testing-packages group with 1 update (#142) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- --------- * ci: bump the github-actions-updates group with 2 updates (#141) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.3...v4.32.4) Updates `aquasecurity/trivy-action` from 0.34.0 to 0.34.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.34.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates ... * chore: Bump the microsoft-packages group with 1 update (#145) Bumps Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... * chore: Bump JsonSchema.Net from 9.1.0 to 9.1.1 (#143) --- updated-dependencies: - dependency-name: JsonSchema.Net dependency-version: 9.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... * chore: Bump Swashbuckle.AspNetCore from 10.1.3 to 10.1.4 (#144) --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... * chore: Bump the testing-packages group with 1 update Bumps NUnit from 4.4.0 to 4.5.0 --- updated-dependencies: - dependency-name: NUnit dependency-version: 4.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: testing-packages ... --------- * Merge branch 'main' of https://github.com/tpximpact/OpenReferralApi into staging * Merge branch 'main' of https://github.com/tpximpact/OpenReferralApi into staging (#147) * Merge main into staging (#148) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- --------- * ci: bump the github-actions-updates group with 2 updates (#141) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.3...v4.32.4) Updates `aquasecurity/trivy-action` from 0.34.0 to 0.34.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.34.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates ... * chore: Bump the microsoft-packages group with 1 update (#145) Bumps Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... * chore: Bump JsonSchema.Net from 9.1.0 to 9.1.1 (#143) --- updated-dependencies: - dependency-name: JsonSchema.Net dependency-version: 9.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... * chore: Bump Swashbuckle.AspNetCore from 10.1.3 to 10.1.4 (#144) --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... --------- * Add steps to prepare lowercase Docker image names for CI/CD workflows (#151) * Staging (#150) (#153) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- * Feature/report additional fields (#140) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- --------- * feat: add support for reporting additional fields in JSON validation * feat: add option to report additional fields in OpenAPI validation * feat: flatten resolved allOf properties to enhance composite field discovery --------- * chore: Bump the testing-packages group with 1 update (#142) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * … Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> From 74682ba8d6239d4246723ac149d98fe3f7c7593f Mon Sep 17 00:00:00 2001 From: Jeff Cumpsty Date: Sat, 28 Feb 2026 17:37:37 +0000 Subject: [PATCH 26/26] Staging into main (#154) (#164) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- * Feature/report additional fields (#140) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- --------- * feat: add support for reporting additional fields in JSON validation * feat: add option to report additional fields in OpenAPI validation * feat: flatten resolved allOf properties to enhance composite field discovery --------- * chore: Bump the testing-packages group with 1 update (#142) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- --------- * ci: bump the github-actions-updates group with 2 updates (#141) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.3...v4.32.4) Updates `aquasecurity/trivy-action` from 0.34.0 to 0.34.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.34.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates ... * chore: Bump the microsoft-packages group with 1 update (#145) Bumps Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... * chore: Bump JsonSchema.Net from 9.1.0 to 9.1.1 (#143) --- updated-dependencies: - dependency-name: JsonSchema.Net dependency-version: 9.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... * chore: Bump Swashbuckle.AspNetCore from 10.1.3 to 10.1.4 (#144) --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... * chore: Bump the testing-packages group with 1 update Bumps NUnit from 4.4.0 to 4.5.0 --- updated-dependencies: - dependency-name: NUnit dependency-version: 4.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: testing-packages ... --------- * Merge branch 'main' of https://github.com/tpximpact/OpenReferralApi into staging * Merge branch 'main' of https://github.com/tpximpact/OpenReferralApi into staging (#147) * Merge main into staging (#148) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- --------- * ci: bump the github-actions-updates group with 2 updates (#141) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.3...v4.32.4) Updates `aquasecurity/trivy-action` from 0.34.0 to 0.34.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.34.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates ... * chore: Bump the microsoft-packages group with 1 update (#145) Bumps Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... * chore: Bump JsonSchema.Net from 9.1.0 to 9.1.1 (#143) --- updated-dependencies: - dependency-name: JsonSchema.Net dependency-version: 9.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... * chore: Bump Swashbuckle.AspNetCore from 10.1.3 to 10.1.4 (#144) --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... --------- * Add steps to prepare lowercase Docker image names for CI/CD workflows (#151) * Staging (#150) (#153) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- * Feature/report additional fields (#140) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... --------- * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... --------- --------- * feat: add support for reporting additional fields in JSON validation * feat: add option to report additional fields in OpenAPI validation * feat: flatten resolved allOf properties to enhance composite field discovery --------- * chore: Bump the testing-packages group with 1 update (#142) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... --------- * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * … Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>