Particular
diff --git a/‎.github/dependabot.yml‎
Lines changed: 5 additions & 5 deletions b/‎.github/dependabot.yml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 8 additions & 5 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 8 additions & 5 deletions
diff --git a/‎.github/workflows/code-analysis.yml‎
Lines changed: 12 additions & 0 deletions b/‎.github/workflows/code-analysis.yml‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎.github/workflows/nuget-audit.yml‎
Lines changed: 9 additions & 0 deletions b/‎.github/workflows/nuget-audit.yml‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎.github/workflows/push-container-images.yml‎
Lines changed: 15 additions & 15 deletions b/‎.github/workflows/push-container-images.yml‎
Lines changed: 15 additions & 15 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 51 additions & 30 deletions b/‎.github/workflows/release.yml‎
Lines changed: 51 additions & 30 deletions
diff --git a/‎ISSUE_TEMPLATE.md‎
Lines changed: 0 additions & 9 deletions b/‎ISSUE_TEMPLATE.md‎
Lines changed: 0 additions & 9 deletions
diff --git a/‎SECURITY.md‎
Lines changed: 7 additions & 0 deletions b/‎SECURITY.md‎
Lines changed: 7 additions & 0 deletions
@@ -1,7 +1,12 @@
 version: 2
+registries:
+  particular-packages:
+    type: nuget-feed
+    url: https://f.feedz.io/particular-software/packages/nuget/index.json
 updates:
 - package-ecosystem: nuget
   directory: "/src"
+  registries: "*"
   schedule:
     interval: daily
   open-pull-requests-limit: 1000
@@ -29,11 +34,6 @@ updates:
   schedule:
     interval: daily
   open-pull-requests-limit: 1000
-- package-ecosystem: "docker"
-  directory: "/src/ServicePulse"
-  schedule:
-    interval: daily
-  open-pull-requests-limit: 1000
 - package-ecosystem: "npm"
   directory: "/src/Frontend"
   schedule:
 
@@ -8,6 +8,9 @@ on:
   workflow_dispatch:
 env:
   DOTNET_NOLOGO: true
+defaults:
+  run:
+    shell: pwsh
 jobs:
   build:
     name: Windows
@@ -18,13 +21,13 @@ jobs:
         with:
           fetch-depth: 0
       - name: Setup .NET SDK
-        uses: actions/setup-dotnet@v4.1.0
+        uses: actions/setup-dotnet@v4.3.1
         with:
           dotnet-version: 7.0.x
       - name: Set up Node.js
-        uses: actions/setup-node@v4.1.0
+        uses: actions/setup-node@v4.3.0
         with:
-          node-version: 21.6.x
+          node-version: 22.13.x
       - name: Build Frontend
         run: .\build.ps1
         working-directory: src/ServicePulse.Host
@@ -41,13 +44,13 @@ jobs:
         uses: Particular/[email protected]
       # Upload assets and packages
       - name: Upload assets
-        uses: actions/upload-artifact@v4.4.3
+        uses: actions/upload-artifact@v4.6.1
         with:
           name: Assets
           path: src/ServicePulse.Host/bin/Release/
           retention-days: 7
       - name: Upload packages
-        uses: actions/upload-artifact@v4.4.3
+        uses: actions/upload-artifact@v4.6.1
         with:
           name: NuGet packages
           path: nugets/
 
@@ -0,0 +1,12 @@
+name: Code Analysis
+on:
+  push:
+    branches:
+      - main
+      - master
+      - release-*
+  pull_request:
+  workflow_dispatch:
+jobs:
+  code-analysis:
+    uses: particular/shared-workflows/.github/workflows/code-analysis.yml@main
@@ -0,0 +1,9 @@
+name: NuGet Audit
+on:
+  workflow_dispatch:
+env:
+  DOTNET_NOLOGO: true
+jobs:
+  call-shared-nuget-audit:
+    uses: particular/shared-workflows/.github/workflows/nuget-audit.yml@main
+    secrets: inherit
@@ -22,34 +22,34 @@ jobs:
         with:
           version: ${{ inputs.version }}
       - name: Log in to GitHub container registry
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+        uses: docker/[email protected]
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Login to Docker Hub
-        uses: docker/login-action@v3.3.0
+        uses: docker/login-action@v3.4.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Set up Docker Buildx
+        uses: docker/[email protected]
       - name: Publish to Docker Hub
         run: |
-          $containers = @('servicepulse')
           $tags = "${{ steps.validate.outputs.container-tags }}" -Split ','
           $sourceTag = "${{ inputs.version }}"
 
-          foreach ($tag in $tags)
-          {
-            foreach($name in $containers)
-            {
-              Write-Output "::group::Pushing $($name):$($tag)"
-              $cmd = "docker buildx imagetools create --tag particular/$($name):$($tag) ghcr.io/particular/$($name):$($sourceTag)"
-              Write-Output "Command: $cmd"
-              Invoke-Expression $cmd
-              Write-Output "::endgroup::"
-            }
-          }
+          $tagsCLI = $tags -replace "^", "--tag particular/servicepulse:"
+
+          $cmd = "docker buildx imagetools create $tagsCLI ghcr.io/particular/servicepulse:$sourceTag"
+          Write-Output "Command: $cmd"
+          Invoke-Expression $cmd
       - name: Update Docker Hub Description
         if: ${{ steps.validate.outputs.latest == 'true' }}
         uses: peter-evans/[email protected]
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
           repository: particular/servicepulse
-          readme-filepath: ./Container-README.md
+          readme-filepath: ./Container-README.md
+          short-description: Keep track of the health and performance of your system's endpoints.
@@ -11,6 +11,9 @@ on:
   workflow_dispatch:
 env:
   DOTNET_NOLOGO: true
+defaults:
+  run:
+    shell: pwsh
 jobs:
   windows-standalone:
     if: ${{ github.actor != 'dependabot[bot]' }}
@@ -19,18 +22,17 @@ jobs:
       - name: Check for secrets
         env:
           SECRETS_AVAILABLE: ${{ secrets.SECRETS_AVAILABLE }}
-        shell: pwsh
         run: exit $(If ($env:SECRETS_AVAILABLE -eq 'true') { 0 } Else { 1 })
       - name: Checkout
         uses: actions/[email protected]
         with:
           fetch-depth: 0
       - name: Setup .NET SDK
-        uses: actions/setup-dotnet@v4.1.0
+        uses: actions/setup-dotnet@v4.3.1
         with:
           dotnet-version: 7.0.x
       - name: Set up Node.js
-        uses: actions/setup-node@v4.1.0
+        uses: actions/setup-node@v4.3.0
         with:
           node-version: 21.6.x
       - name: Build Frontend
@@ -67,7 +69,7 @@ jobs:
         run: dotnet build src/Setup --configuration Release
       # Upload artifacts
       - name: Publish artifacts
-        uses: actions/upload-artifact@v4.4.3
+        uses: actions/upload-artifact@v4.6.1
         with:
           name: artifacts
           path: |
@@ -107,12 +109,11 @@ jobs:
     name: linux-container
     defaults:
       run:
-        shell: bash
+        shell: pwsh
     steps:
       - name: Check for secrets
         env:
           SECRETS_AVAILABLE: ${{ secrets.SECRETS_AVAILABLE }}
-        shell: pwsh
         run: exit $(If ($env:SECRETS_AVAILABLE -eq 'true') { 0 } Else { 1 })
       - name: Checkout
         uses: actions/[email protected]
@@ -121,7 +122,6 @@ jobs:
       - name: Install MinVer CLI
         run: dotnet tool install --global minver-cli
       - name: Determine version
-        shell: pwsh
         run: |
           # Read settings from Custom.Build.props
           [xml]$xml = Get-Content ./src/Custom.Build.props
@@ -131,7 +131,7 @@ jobs:
           if (-not ($minMajorMinor -and $autoIncrement)) {
             throw "Missing MinVer settings in Custom.Build.props"
           }
-          
+
           # Execute MinVer
           echo "MinVerVersion=$(minver --minimum-major-minor $minMajorMinor --auto-increment $autoIncrement)" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
       - name: Validate build version
@@ -140,26 +140,47 @@ jobs:
         with:
           version: ${{ env.MinVerVersion }}
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.7.1
+        uses: docker/setup-buildx-action@v3.10.0
       - name: Log in to GitHub container registry
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
-      - name: Build & inspect image
-        env:
-          TAG_NAME: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || env.MinVerVersion }}
-        run: |
-          docker buildx build --push --tag ghcr.io/particular/servicepulse:${{ env.TAG_NAME }} \
-            --file src/ServicePulse/Dockerfile \
-            --build-arg VERSION=${{ env.MinVerVersion }} \
-            --annotation "index:org.opencontainers.image.title=ServicePulse" \
-            --annotation "index:org.opencontainers.image.description=ServicePulse provides real-time production monitoring for distributed applications. It monitors the health of a system's endpoints, detects processing errors, sends failed messages for reprocessing, and ensures the specific environment's needs are met, all in one consolidated dashboard." \
-            --annotation "index:org.opencontainers.image.created=$(date '+%FT%TZ')" \
-            --annotation "index:org.opencontainers.image.revision=${{ github.sha }}" \
-            --annotation "index:org.opencontainers.image.authors=Particular Software" \
-            --annotation "index:org.opencontainers.image.vendor=Particular Software" \
-            --annotation "index:org.opencontainers.image.version=${{ env.MinVerVersion }}" \
-            --annotation "index:org.opencontainers.image.source=https://github.com/${{ github.repository }}/tree/${{ github.sha }}" \
-            --annotation "index:org.opencontainers.image.url=https://hub.docker.com/r/particular/servicepulse" \
-            --annotation "index:org.opencontainers.image.documentation=https://docs.particular.net/servicepulse/" \
-            --annotation "index:org.opencontainers.image.base.name=mcr.microsoft.com/dotnet/aspnet:8.0-noble-chiseled-composite" \
-            --platform linux/arm64,linux/amd64 .
-          docker buildx imagetools inspect ghcr.io/particular/servicepulse:${{ env.TAG_NAME }}
+        uses: docker/[email protected]
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Get current date
+        id: date
+        run: echo "date=$(date '+%FT%TZ')" >> $GITHUB_OUTPUT
+      - name: Build and push image to GitHub container registry
+        uses: docker/[email protected]
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          sbom: true
+          labels: |
+            org.opencontainers.image.source=https://github.com/Particular/ServicePulse/tree/${{ github.sha }}
+            org.opencontainers.image.authors="Particular Software"
+            org.opencontainers.image.vendor="Particular Software"
+            org.opencontainers.image.url=https://hub.docker.com/r/particular/servicepulse
+            org.opencontainers.image.documentation=https://docs.particular.net/servicepulse/
+            org.opencontainers.image.version=${{ env.MinVerVersion }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.created=${{ steps.date.outputs.date }}
+            org.opencontainers.image.title=ServicePulse
+            org.opencontainers.image.description=ServicePulse provides real-time production monitoring for distributed applications. It monitors the health of a system's endpoints, detects processing errors, sends failed messages for reprocessing, and ensures the specific environment's needs are met, all in one consolidated dashboard.
+            org.opencontainers.image.base.name=mcr.microsoft.com/dotnet/aspnet:8.0-noble-chiseled-composite
+          annotations: |
+            index:org.opencontainers.image.source=https://github.com/Particular/ServicePulse/tree/${{ github.sha }}
+            index:org.opencontainers.image.authors="Particular Software"
+            index:org.opencontainers.image.vendor="Particular Software"
+            index:org.opencontainers.image.url=https://hub.docker.com/r/particular/servicepulse
+            index:org.opencontainers.image.documentation=https://docs.particular.net/servicepulse/
+            index:org.opencontainers.image.version=${{ env.MinVerVersion }}
+            index:org.opencontainers.image.revision=${{ github.sha }}
+            index:org.opencontainers.image.created=${{ steps.date.outputs.date }}
+            index:org.opencontainers.image.title=ServicePulse
+            index:org.opencontainers.image.description=ServicePulse provides real-time production monitoring for distributed applications. It monitors the health of a system's endpoints, detects processing errors, sends failed messages for reprocessing, and ensures the specific environment's needs are met, all in one consolidated dashboard.
+            index:org.opencontainers.image.base.name=mcr.microsoft.com/dotnet/aspnet:8.0-noble-chiseled-composite
+          file: src/ServicePulse/Dockerfile
+          tags: ghcr.io/particular/servicepulse:${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || env.MinVerVersion }}
+
@@ -0,0 +1,7 @@
+# Security Policy
+
+Particular Software takes security issues very seriously. We appreciate your efforts to uncover bugs in our software. 
+
+## Reporting a Vulnerability
+
+Vulnerabilities can be reported by [submitting an issue](https://github.com/Particular/NServiceBus/security/advisories/new) through the security tab on our NServiceBus repository.